Search Results

Search found 3366 results on 135 pages for 'openvpn auth ldap'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 35/135 | < Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >

  • minLength data validation is not working with Auth component for CakePHP

    - by grokker
    Let's say I have a user registration and I'm using the Auth component (/user/register is allowed of course). The problem is if I need to set a minLength validation rule in the model, it doesn't work since the Auth component hashes the password therefore it's always more than my minlength password and it passes even if it's blank. How do I fix this issue? Thanks in advance!

    Read the article

  • from svn to git (+ LDAP + password-less updates + passworded access control)

    - by Jayen
    We have an SVN setup and there are some things we dislike about it and some things we like about it. We want to move to git, but we're not sure exactly what setup will work for us. We're currently using SVN (w/ Authz) + Apache (w/ WebDAV & LDAP). Hook to update the live site [like] Live site update requires no additional interaction [like] Live site update uses stored password [dislike] Commits require centralized-password authentication [like] Commit from live site changes stored credentials [dislike] Access control (per repository) for commits [like] Point 5 above is the one that keeps stuffing us up. Someone makes a commit from the live site and then the hook breaks. We're thinking to use gitosis/gitolite to get access control, but as they use ssh keys, we won't be requiring passwords. We're also thinking to use git-http-backend, and use Apache for authentication, but then do we lose access control? Can the live site be automatically updated from a hook if Apache requires authentication? Can we combine git-http-backend and gitosis/gitolite somehow? Can we store http credentials with git?

    Read the article

  • Ports do not open after rules appended in iptables

    - by user2699451
    I have a server that I am trying to setup for OpenVPN. I have followed all the steps, but I see that when I try to connect to it in Windows, it doesn't allow me, it just hangs on connecting, so I did a nmap scan and I see that port 1194 is not open so naturally I append the rule to open 1194 with: iptables -A INPUT -i eth0 -p tcp --dport 1194 -j ACCEPT followed by service iptables save and service iptables restart which all executed successfully. Then I try again, but it doesn't work and another nmap scan says that port 1194 is closed. Here is the iptables configuration: # Generated by iptables-save v1.4.7 on Thu Oct 31 09:47:38 2013 *nat :PREROUTING ACCEPT [27410:3091993] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [5042:376160] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -j SNAT --to-source 41.185.26.238 -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE COMMIT # Completed on Thu Oct 31 09:47:38 2013 # Generated by iptables-save v1.4.7 on Thu Oct 31 09:47:38 2013 *filter :INPUT ACCEPT [23571:2869068] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [27558:3656524] :vl - [0:0] -A INPUT -p tcp -m tcp --dport 5252 -m comment --comment "SSH Secure" -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -$ -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -m comment --comment "SSH" -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -m comment --comment "HTTP" -j ACCEPT -A INPUT -p tcp -m tcp --dport 8080 -m comment --comment "HTTPS" -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -m comment --comment "HTTP Encrypted" -j ACCEP$ -A INPUT -i eth0 -p tcp -m tcp --dport 1723 -j ACCEPT -A INPUT -i eth0 -p gre -j ACCEPT -A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A FORWARD -i ppp+ -o eth0 -j ACCEPT -A FORWARD -i eth0 -o ppp+ -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 10.8.0.0/24 -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j A$ COMMIT # Completed on Thu Oct 31 09:47:38 2013 and my nmap scan from: localhost: nmap localhost Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-31 09:53 SAST Nmap scan report for localhost (127.0.0.1) Host is up (0.000011s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 443/tcp open https 1723/tcp open pptp Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds remote pc: nmap [server ip] Starting Nmap 6.00 ( http://nmap.org ) at 2013-10-31 09:53 SAST Nmap scan report for rla04-nix1.wadns.net (41.185.26.238) Host is up (0.025s latency). Not shown: 858 filtered ports, 139 closed ports PORT STATE SERVICE 22/tcp open ssh 443/tcp open https 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 15.70 seconds So, I do not know what is causing this, any assistance will be appreciated! UPDATE AFTER FIRST ANSWER::: [root@RLA04-NIX1 ~]# iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT [root@RLA04-NIX1 ~]# iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT [root@RLA04-NIX1 ~]# iptables -A FORWARD -j REJECT [root@RLA04-NIX1 ~]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE [root@RLA04-NIX1 ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@RLA04-NIX1 ~]# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter nat [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] [root@RLA04-NIX1 ~]# lsof -i :1194 -bash: lsof: command not found iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5252 /* SSH Secure */ ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 state NEW,RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* SSH */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* HTTP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 /* HTTPS */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 /* HTTP Encrypted */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT all -- 10.8.0.0/24 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT all -- 10.8.0.0/24 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 state RELATED,ESTABLISHED Chain vl (0 references) target prot opt source destination [root@RLA04-NIX1 ~]# nmap localhostt Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-31 11:13 SAST remote pc nmap [server ip] Starting Nmap 6.00 ( http://nmap.org ) at 2013-10-31 11:11 SAST Nmap scan report for rla04-nix1.wadns.net (41.185.26.238) Host is up (0.020s latency). Not shown: 858 filtered ports, 139 closed ports PORT STATE SERVICE 22/tcp open ssh 443/tcp open https 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 4.18 seconds localhost nmap localhost Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-31 11:13 SAST Nmap scan report for localhost (127.0.0.1) Host is up (0.000011s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 443/tcp open https 1723/tcp open pptp Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds UPDATE AFTER SCANNING UDP PORTS Sorry, I am noob, I am still learning, but here is the output for: nmap -sU [server ip] Starting Nmap 6.00 ( http://nmap.org ) at 2013-10-31 11:33 SAST Nmap scan report for [server address] ([server ip]) Host is up (0.021s latency). Not shown: 997 open|filtered ports PORT STATE SERVICE 53/udp closed domain 123/udp closed ntp 33459/udp closed unknown Nmap done: 1 IP address (1 host up) scanned in 8.57 seconds btw, no changes have been made since post started (except for iptables changes)

    Read the article

  • Setup routing and iptables for new VPN connection to redirect **only** ports 80 and 443

    - by Steve
    I have a new VPN connection (using openvpn) to allow me to route around some ISP restrictions. Whilst it is working fine, it is taking all the traffic over the vpn. This is causing me issues for downloading (my internet connection is a lot faster than the vpn allows), and for remote access. I run an ssh server, and have a daemon running that allows me to schdule downloads via my phone. I have my existing ethernet connection on eth0, and the new VPN connection on tun0. I believe I need to setup the default route to use my existing eth0 connection on the 192.168.0.0/24 network, and set the default gateway to 192.168.0.1 (my knowledge is shaky as I haven't done this for a number of years). If that is correct, then I'm not exactly sure how to do it!. My current routing table is: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt 0.0.0.0 10.51.0.169 0.0.0.0 UG 0 0 0 tun0 0 0 0 10.51.0.1 10.51.0.169 255.255.255.255 UGH 0 0 0 tun0 0 0 0 10.51.0.169 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 0 0 0 85.25.147.49 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0 0 0 0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0 0 0 0 192.168.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 0 0 0 After fixing the routing, I believe I need to use iptables to configure prerouting or masquerading to force everything for destination port 80 or 443 over tun0. Again, I'm not exactly sure how to do this! Everything I've found on the internet is trying to do something far more complicated, and trying to sort the wood from the trees is proving difficult. Any help would be much appreciated. UPDATE So far, from the various sources, I've cobbled together the following: #!/bin/sh DEV1=eth0 IP1=`ifconfig|perl -nE'/dr:(\S+)/&&say$1'|grep 192.` GW1=192.168.0.1 TABLE1=internet TABLE2=vpn DEV2=tun0 IP2=`ifconfig|perl -nE'/dr:(\S+)/&&say$1'|grep 10.` GW2=`route -n | grep 'UG[ \t]' | awk '{print $2}'` ip route flush table $TABLE1 ip route flush table $TABLE2 ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table $TABLE1 $ROUTE ip route add table $TABLE2 $ROUTE done ip route add table $TABLE1 $GW1 dev $DEV1 src $IP1 ip route add table $TABLE2 $GW2 dev $DEV2 src $IP2 ip route add table $TABLE1 default via $GW1 ip route add table $TABLE2 default via $GW2 echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_dynaddr ip rule add from $IP1 lookup $TABLE1 ip rule add from $IP2 lookup $TABLE2 ip rule add fwmark 1 lookup $TABLE1 ip rule add fwmark 2 lookup $TABLE2 iptables -t nat -A POSTROUTING -o $DEV1 -j SNAT --to-source $IP1 iptables -t nat -A POSTROUTING -o $DEV2 -j SNAT --to-source $IP2 iptables -t nat -A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark iptables -t nat -A PREROUTING -i $DEV1 -m state --state NEW -j CONNMARK --set-mark 1 iptables -t nat -A PREROUTING -i $DEV2 -m state --state NEW -j CONNMARK --set-mark 2 iptables -t nat -A PREROUTING -m connmark --mark 1 -j MARK --set-mark 1 iptables -t nat -A PREROUTING -m connmark --mark 2 -j MARK --set-mark 2 iptables -t nat -A PREROUTING -m state --state NEW -m connmark ! --mark 0 -j CONNMARK --save-mark iptables -t mangle -A PREROUTING -i $DEV2 -m state --state NEW -p tcp --dport 80 -j CONNMARK --set-mark 2 iptables -t mangle -A PREROUTING -i $DEV2 -m state --state NEW -p tcp --dport 443 -j CONNMARK --set-mark 2 route del default route add default gw 192.168.0.1 eth0 Now this seems to be working. Except it isn't! Connections to the blocked websites are going through, connections not on ports 80 and 443 are using the non-VPN connection. However port 80 and 443 connections that aren't to the blocked websites are using the non-VPN connection too! As the general goal has been reached, I'm relatively happy, but it would be nice to know why it isn't working exactly right. Any ideas? For reference, I now have 3 routing tables, main, internet, and vpn. The listing of them is as follows... Main: default via 192.168.0.1 dev eth0 10.38.0.1 via 10.38.0.205 dev tun0 10.38.0.205 dev tun0 proto kernel scope link src 10.38.0.206 85.removed via 192.168.0.1 dev eth0 169.254.0.0/16 dev eth0 scope link metric 1000 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.73 metric 1 Internet: default via 192.168.0.1 dev eth0 10.38.0.1 via 10.38.0.205 dev tun0 10.38.0.205 dev tun0 proto kernel scope link src 10.38.0.206 85.removed via 192.168.0.1 dev eth0 169.254.0.0/16 dev eth0 scope link metric 1000 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.73 metric 1 192.168.0.1 dev eth0 scope link src 192.168.0.73 VPN: default via 10.38.0.205 dev tun0 10.38.0.1 via 10.38.0.205 dev tun0 10.38.0.205 dev tun0 proto kernel scope link src 10.38.0.206 85.removed via 192.168.0.1 dev eth0 169.254.0.0/16 dev eth0 scope link metric 1000 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.73 metric 1

    Read the article

  • Openfire and LDAP issues

    - by clsmith
    Thanks in advance for the help. Has anyone see this issue with openfire? Currently I use Openfire Fedora with Auth using windows 2003 and also use mysql for the database. When I bring up two clients and talk to each other the time is slow between messages. Sometimes it can take between 5-15 minutes for something sent to get to the person (this is with only two people on the openfire server). I ran a tcp dump using port 389 and see that the machine is running thousands of queries against ldap. When i plug it into wireshark I notice that it is transferring the entire contact list or checking on the status of the entire contact list ? When I run debug on openfire itself I am presented with only this small message in the log: 2010.06.08 07:01:17 LdapManager: Starting LDAP search... 2010.06.08 07:01:17 LdapManager: ... search finished 2010.06.08 07:01:17 LdapManager: Creating a DirContext in LdapManager.getContext()... 2010.06.08 07:01:17 LdapManager: Created hashtable with context values, attempting to create context... 2010.06.08 07:01:17 LdapManager: ... context created successfully, returning. 2010.06.08 07:01:17 LdapManager: Trying to find a groups's DN based on it's groupname. cn: Spark agents CLT, Base DN: OU="Hidden",DC="Hidden",DC="net"... 2010.06.08 07:01:17 LdapManager: Creating a DirContext in LdapManager.getContext()... 2010.06.08 07:01:17 LdapManager: Created hashtable with context values, attempting to create context... 2010.06.08 07:01:17 LdapManager: ... context created successfully, returning. 2010.06.08 07:01:17 LdapManager: Starting LDAP search... 2010.06.08 07:01:17 LdapManager: ... search finished 2010.06.08 07:01:17 LdapManager: Trying to find a groups's DN based on it's groupname. cn: Spark agents CLT, Base DN: OU="Hidden",DC="Hidden",DC="net"... 2010.06.08 07:01:17 LdapManager: Creating a DirContext in LdapManager.getContext()... 2010.06.08 07:01:17 LdapManager: Created hashtable with context values, attempting to create context... 2010.06.08 07:01:17 LdapManager: ... context created successfully, returning. 2010.06.08 07:01:17 LdapManager: Starting LDAP search... 2010.06.08 07:01:17 LdapManager: ... search finished I thought this was a configuration on my end and started to look into the cache settings on the openfire webpages. I tweaked the settings as recommend by the pages and still get the same issues. I doesnt seem to cache the contact list or this might be a feature never fixed or implemented. Has anyone gone through this before ? I have searched online and I see others have great experience with openfire with no issues like I have, or is it because noone checked the queries ? For the time being I created a new Domain Controller and moved openfire to that computer so it can run local queries. This seems to help reduce the speed alot, but when I run the server performance manager tool I see that with two people only using that openfire server I run 593.7 request per second. Thanks for your help, if I didnt provide enough data please let me know what you need and I can find it.

    Read the article

  • Ubuntu 12.04 - Pound Reverse Proxy and Adobe Flex/Flash Auth

    - by James
    First time posting, I have a completely fresh install of ubuntu 12.04 Client as a reverse proxy gateway to our internal network. Our setup is we have one external ip but three domains we would like to point to various webservers on our internal network. It's not so much a load balancing issue or cacheing etc. Merely routing some Client browsers to a port 80 webpage (to adhere to some stricter corporate policies regarding placing port numbers after domain names). I have gone with pound and everything seems to be working fine. Static pages load etc. Everything is good with the exception of a Flash/Flex based WebClient for a Digital Asset Management program. The actual static page loads fine, it is just at the moment of entering credentials, be they correct or incorrect, and hitting login, there is no response whatsoever. Either a rejection or confirmation etc. So the request back to the internal server can't be getting through. I have googled extensively and there might be a solution in a crossdomain.xml file? Documentation isn't very clear. And we are not the authors of the DAM app, and have no control over the code on the Flash/Flex side. Questions: Is there a particular config file/solution for pound that allows Flash/Flex auth information to be forwarded? Is there another reverse proxy program (nginx?)that allows this type of config? Am I looking at this the entire wrong way, should Flash/Flex fundamentally not be allowed to have this access?

    Read the article

  • EngineX ignores Auth Basic?

    - by Miko
    I have configured nginx to password protect a directory using auth_basic. The password prompt comes up and the login works fine. However... if I refuse to type in my credentials, and instead hit escape multiple times in a row, the page will eventually load w/o CSS and images. In other words, continuously telling the login prompt to go away will at some point allow the page to load anyway. Is this an issue with nginx, or my configuration? Here is my virtual host: 31 server { 32 server_name sub.domain.com; 33 root /www/sub.domain.com/; 34 35 location / { 36 index index.php index.html; 37 root /www/sub.domain.com; 38 auth_basic "Restricted"; 39 auth_basic_user_file /www/auth/sub.domain.com; 40 error_page 404 = /www/404.php; 41 } 42 43 location ~ \.php$ { 44 include /usr/local/nginx/conf/fastcgi_params; 45 } 46 } My server runs CentOS + nginx + php-fpm + xcache + mysql

    Read the article

  • Likewise DomainJoin hangs on Finishing krb5.conf configuration

    - by dreay
    Hello, I have a problem when joining a CentOS release 5.4 (Final) x64 machine to the domain after running domainjoin-cli --loglevel info --log . join domain.local password I obtain the following, which seems to hang on "20100428112821:INFO:Finishing krb5.conf configuration" 20100428112817:INFO:Domainjoin invoked with the join command (remaining arguments will be printed later): 20100428112817:INFO: [/opt/likewise/bin/domainjoin-cli] 20100428112817:INFO: [--loglevel] 20100428112817:INFO: [info] 20100428112817:INFO: [--log] 20100428112817:INFO: [/tmp/join_1.log] 20100428112817:INFO: [join] 20100428112817:INFO:Checking status of daemon [/etc/init.d/lwsmd] 20100428112817:INFO:Daemon [/etc/init.d/lwsmd]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/lwsmd] 20100428112817:INFO:Daemon [/etc/init.d/lwsmd]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/lwregd] 20100428112817:INFO:Daemon [/etc/init.d/lwregd]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/lwregd] 20100428112817:INFO:Daemon [/etc/init.d/lwregd]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/netlogond] 20100428112817:INFO:Daemon [/etc/init.d/netlogond]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/netlogond] 20100428112817:INFO:Daemon [/etc/init.d/netlogond]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/lwiod] 20100428112817:INFO:Daemon [/etc/init.d/lwiod]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/lwiod] 20100428112817:INFO:Daemon [/etc/init.d/lwiod]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/dcerpcd] 20100428112817:INFO:Daemon [/etc/init.d/dcerpcd]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/dcerpcd] 20100428112817:INFO:Daemon [/etc/init.d/dcerpcd]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/eventlogd] 20100428112817:INFO:Daemon [/etc/init.d/eventlogd]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/eventlogd] 20100428112817:INFO:Daemon [/etc/init.d/eventlogd]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/lsassd] 20100428112817:INFO:Daemon [/etc/init.d/lsassd]: status [0] 20100428112817:INFO:Checking status of daemon [/etc/init.d/lsassd] 20100428112817:INFO:Daemon [/etc/init.d/lsassd]: status [0] 20100428112817:INFO:Domainjoin invoked with 2 arg(s) to the join command: 20100428112817:INFO: [domain.local] 20100428112817:INFO: [default.user] 20100428112817:INFO:Adding ops (fqdn ops.domain.local) to /etc/hosts ip 192.168.246.5, removing ops, ops.domain.local, ops, ops.domain.local 20100428112817:INFO:Reading krb5 file /tmp/likewisetmpPkpAn5/etc/krb5.conf 20100428112817:INFO:Reading krb5 file /tmp/likewisetmpb6dkNX/etc/krb5.conf 20100428112817:INFO:Reading nsswitch file /etc/nsswitch.conf 20100428112817:INFO:Reading pam configuration 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/config-util.rpmnew 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/config-util 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/runuser-l 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/sshd 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/other 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/smtp.postfix 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/su-l 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/system-switch-mail-nox 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/kshell 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/authconfig 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/ekshell 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/run_init 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/screen 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/eject 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/system-auth.rpmnew 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/system-config-network-cmd 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/system-auth-ac 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/kbdrate 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/smtp.sendmail 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/chsh 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/setup 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/system-switch-mail 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/ksu 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/login 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/sudo-i 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/smtp 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/runuser 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/chfn 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/ppp 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/gssftp 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/remote 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/reboot 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/newrole 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/pm-powersave 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/system-auth 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/halt 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/other.rpmnew 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/atd 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/passwd 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/authconfig-tui 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/pm-hibernate 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/su 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/system-config-network 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/neat 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/pm-suspend-hybrid 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/crond 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/sudo 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/pm-suspend 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.d/poweroff 20100428112817:INFO:Reading pam file /tmp/likewisetmptrO2dQ/etc/pam.conf 20100428112817:INFO:File /tmp/likewisetmptrO2dQ/etc/pam.conf does not exist 20100428112817:INFO:Found config file /etc/ssh/sshd_config 20100428112817:INFO:Found binary /usr/sbin/sshd 20100428112817:INFO:Reading ssh file /etc/ssh/sshd_config 20100428112817:INFO:Found open sshd version 4.3.-1p2 20100428112817:INFO:Testing option ChallengeResponseAuthentication 20100428112817:INFO:Option ChallengeResponseAuthentication supported 20100428112817:INFO:Testing option UsePAM 20100428112817:INFO:Option UsePAM supported 20100428112817:INFO:Testing option PAMAuthenticationViaKBDInt 20100428112817:INFO:Option PAMAuthenticationViaKBDInt not supported 20100428112817:INFO:Testing option KbdInteractiveAuthentication 20100428112817:INFO:Option KbdInteractiveAuthentication supported 20100428112817:INFO:Testing option GSSAPIAuthentication 20100428112817:INFO:Option GSSAPIAuthentication supported 20100428112817:INFO:Testing option GSSAPICleanupCredentials 20100428112817:INFO:Option GSSAPICleanupCredentials supported 20100428112817:INFO:Found config file /etc/ssh/ssh_config 20100428112817:INFO:Found binary /usr/bin/ssh 20100428112817:INFO:Reading ssh file /etc/ssh/ssh_config 20100428112817:INFO:Testing option GSSAPIAuthentication 20100428112817:INFO:Option GSSAPIAuthentication supported 20100428112817:INFO:Testing option GSSAPIDelegateCredentials 20100428112817:INFO:Option GSSAPIDelegateCredentials supported 20100428112821:INFO:Running module join 20100428112821:INFO:Starting krb5.conf configuration (enabling) 20100428112821:INFO:Reading krb5 file /tmp/likewisetmpvgqQmT/etc/krb5.conf 20100428112821:WARNING:Short domain name not specified. Defaulting to 'betgenius' 20100428112821:INFO:Failed to run lwinet ads trusts. This is expected if not yet joined to the domain 20100428112821:INFO:Failed to run lwiinfo --details -m. This is expected if the auth daemon is not running 20100428112821:INFO:Writing krb5 file /tmp/likewisetmpvgqQmT/etc/krb5.conf 20100428112821:INFO:File /tmp/likewisetmpvgqQmT/etc/krb5.conf modified 20100428112821:INFO:Finishing krb5.conf configuration Has anyone seen this error before? and know of the fix?

    Read the article

  • posting nutch data into a BASIC auth secured Solr instance

    - by mlathe
    Hi. I've secured a solr instance using BASIC auth, kind of how it is shown here: http://blog.comtaste.com/2009/02/securing_your_solr_server_on_t.html Now i'm trying to update my batch processes to push data into the authenticated instance. The ones using "curl" are easy, but i also have a Nutch crawl that uses the "solrindex" command to push data into Solr. When i do that i get this error: 2010-02-22 12:09:28,226 INFO auth.AuthChallengeProcessor - basic authentication scheme selected 2010-02-22 12:09:28,229 INFO httpclient.HttpMethodDirector - No credentials available for BASIC 'Tomcat Manager Application'@ninja:5500 2010-02-22 12:09:28,236 WARN mapred.LocalJobRunner - job_local_0001 org.apache.solr.common.SolrException: Unauthorized Unauthorized request: http://ninja:5500/solr/foo/update?wt=javabin&version=2.2 at org.apache.solr.client.solrj.impl.CommonsHttpSolrServer.request(CommonsHttpSolrServer.java:343) at org.apache.solr.client.solrj.impl.CommonsHttpSolrServer.request(CommonsHttpSolrServer.java:183) at org.apache.solr.client.solrj.request.UpdateRequest.process(UpdateRequest.java:217) at org.apache.solr.client.solrj.SolrServer.add(SolrServer.java:48) at org.apache.nutch.indexer.solr.SolrWriter.close(SolrWriter.java:69) at org.apache.nutch.indexer.IndexerOutputFormat$1.close(IndexerOutputFormat.java:48) at org.apache.hadoop.mapred.ReduceTask.run(ReduceTask.java:447) at org.apache.hadoop.mapred.LocalJobRunner$Job.run(LocalJobRunner.java:170) 2010-02-22 12:09:29,134 FATAL solr.SolrIndexer - SolrIndexer: java.io.IOException: Job failed! at org.apache.hadoop.mapred.JobClient.runJob(JobClient.java:1232) at org.apache.nutch.indexer.solr.SolrIndexer.indexSolr(SolrIndexer.java:73) at org.apache.nutch.indexer.solr.SolrIndexer.run(SolrIndexer.java:95) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:65) at org.apache.nutch.indexer.solr.SolrIndexer.main(SolrIndexer.java:104) Apparently nutch uses SolrJ to push the content, and after going through the solrj code, it's clear that it uses commons-httpclient without providing a way to set the credentials. Here are my question(s) Is this possible to do? ie push from nutch into a BASIC auth secured Solr instance? Is it possible to tell commons-httpclient about a credential without explicitly doing an _httpclient.getState().setCredentials(...)? Anyother ideas? One idea i had was to use an IPfiltering Valve for just the "update" Solr webservices. That would mean you could only make an update call from certain nodes. Thanks

    Read the article

  • Omniauth/Devise/Facebook: Auth route is not recognized

    - by M. Cypher
    I've been working on this problem for 7 hours now, and I still have no idea. Maybe one of you can help me. I'm simply trying to integrate the OAuth feature of Devise 1.2rc, which uses Omniauth, into my Rails application. I've been using this tutorial by Devise: https://github.com/plataformatec/devise/wiki/OmniAuth%3A-Overview I have done everything they tell you to... Yes, I have added the following line to my devise.rb: config.omniauth :facebook, "APP ID", "APP SECRET" I have added :omniauthable to my user model, as well as the class function as described in the tutorial I have implemented the omniauth_callbacks controller, as well as the callback function, and I have specified the omniauth_callbacks controller in my routes.rb When I run "rake middleware" it does list the Omniauth middleware: use OmniAuth::Strategies::Facebook I have installed Devise directly from the Git repo, master branch, so it's up-to-date I have installed Omniauth 1.2.0.beta5, which is the latest version. In my Gemfile it says: gem 'oa-oauth', '0.2.0.beta5', :require = 'omniauth/oauth' I have restarted the server, obviously However, when I try to request this URL: http://localhost:3000/auth/facebook it simply says ActionController::RoutingError (No route matches "/auth/facebook"): /user/auth/facebook doesn't work either. Since I unfortunately don't have the time to take apart the entire Omniauth and Devise gems and understand every line of code in them, maybe one of you could tell me what the problem might be.

    Read the article

  • django-social-auth for Facebook is redirecting home and not logging in

    - by Scott Rogowski
    I have had django-social-auth working for Google for quite some time now but am having problems with Facebook. I am at the point where clicking on the /login/facebook/ link will take me to the Facebook authorization page. I then click "go to app" and it redirects me to my home page but does not log in or create a user but does put some strange "#=" onto the back of my URL. Reading up on that, here https://developers.facebook.com/blog/post/552/, and here https://github.com/omab/django-social-auth/issues/199, it seems that would be happening if the redirect uri was not defined. However, on my facebook app settings, I have the following (replacing my site with example.com): + App Namespace: "example" + Site URL: "http://example.com/complete/facebook/" + Site Domain: "example.com" + Sandbox Mode: "On" + Post-Authorize Redirect URL: "http://apps.facebook.com/example/" + Deauthorize URL: "http://www.example.com/" + Post-Authorize URL: "http://example.com/complete/facebook/" The request that django-social-auth is sending to facebook is (replacing my info again): "https://www.facebook.com/dialog/oauth?scope=email&state=*&redirect_uri=http%3A%2F%2Fexample.com%2Fcomplete%2Ffacebook%2F%3Fredirect_state%3D***&client_id=*" The /complete/facebook/ is what is in the documentation and google works as /complete/google/ What am I missing here?

    Read the article

  • Getting auth token for dropbox account from accountmanager in android

    - by user1490880
    I am trying to get auth token for a dropbox account configured in device from account manager. I am using accountManager.getAuthToken(account, "DROPBOX",null,Hello.this, new GetAuthTokenCallback(), null);//account" is dropbox account I am seeing a Allow/Deny page. I click on Allow, but the callback is not getting invoked at all and i dont get the auth token. I got the authtoken for a google account with this(with a different authtokentype). What i am missing. I am not sure about the authTokenType parameter for dropbox. Also are there any other parameter specific for dropbox like the bundle parameter that i am missing. Is this way possible for dropbox? Check below for the function parameters public AccountManagerFuture<Bundle> getAuthToken (Account account, String authTokenType, Bundle options, Activity activity, AccountManagerCallback<Bundle> callback, Handler handler) Link: http://developer.android.com/reference/android/accounts/AccountManager.html UPDATE I assume since we are able to create a dropbox account in android Accounts and Sync(Settings), there must be a dropbox authenticator that has all the functions in AbstractAccountAuthenticator implemented including getAuthToken(). So dropbox should support giving auth token i think. Also dropbox uses oauth1, whereas account manager uses outh 2.0. So is this an issue.Can anyone comment on this?

    Read the article

  • Kohana Auth Library Deployment

    - by Steve
    My Kohana app runs perfectly on my local machine. When I deployed my app to a server (and adjust the config files appropriately), I can no longer log into the app. I've traced through the app login routine on both my local version and the server version and they both agree with each other all the way through until you get to the auth.php controller logged_in() routine where suddenly, at line 140 - the is_object($this-user) test - the $user object no longer exists!?!?!? The login() function call that calls the logged_in() function successfully passes the following test, which causes a redirect to the logged_in() function. if(Auth::instance()->login($user, $post['password'])) Yes, the password and hash, etc all work perfectly. Here is the offending code: public function logged_in() { if ( ! is_object($this->user)) { // No user is currently logged in url::redirect('auth/login'); } etc... } As the code is the same between my local installation and the server, I reckon it must be some server setting that is messing with me. FYI: All the rest of the code works because I have a temporary backdoor available that allows me to use the application (view pages of tables, etc) without being logged in. Any ideas?

    Read the article

  • Can ZFS ACL's be used over NFSv3 on host without /etc/group?

    - by Sandra
    Question at the bottom. Background My server setup is shown below, where I have an LDAP host which have a group called group1 that contains user1, user2. The NAS is FreeBSD 8.3 with ZFS with one zpool and a volume. serv1 gets /etc/passwd and /etc/group from the LDAP host. serv2 gets /etc/passwd from the LDAP host and /etc/group is local and read only. Hence it doesn't not know anything about which groups the LDAP have. Both servers connect to the NAS with NFS 3. What I would like to achieve I would like to be able to create/modify groups in LDAP to allow/deny users read/write access to NFS 3 shared directories on the NAS. Example: group1 should have read/write to /zfs/vol1/project1 and nothing more. Question The problem is that serv2 doesn't have a LDAP controlled /etc/group file. So the only way I can think of to solve this is to use ZFS permissions with inheritance, but I can't figure out how and what the permissions I shall set. Does someone know if this can be solved at all, and if so, any suggestions? +----------------------+ | LDAP | | group1: user1, user2 | +----------------------+ | | | |ldap |ldap |ldap | v | | +-----------+ | | | NAS | | | | /zfs/vol1 | | | +-----------+ | | ^ ^ | | |nfs3 |nfs3| v | | v +-----------------------+ +----------------------------+ | serv1 | | serv2 | | /etc/passwd from LDAP | | /etc/passwd from LDAP | | /etc/group from LDAP | | /etc/group local/read only | +-----------------------+ +----------------------------+

    Read the article

  • Extend LDAP Membership to append a prefix/sufix to the username

    - by Romias
    Our web applications are using LDAP Membership Provider to authenticate and register users in Active Directory. In order to allow users to provide usernames that exist in other applications, we need to add a prefix in its username and it should be as transparent and painless as possible. What I need is a way to extend the LDAP Membership Provider to be able to add (concatenate) a prefix to the username just before Membership authenticate or register it. For example, if user input is "JohnS" in application 1... I want to authenticate: "App1_JohnS". How could I extend the membership to accomplish this? Any idea what is triggered just before authenticate and register (create user)? Update: Each web app has an "OU" in AD where create users to and authenticate from. But as it is just ONE Active Directory Controller the usernames must be unique. We need to solve this issue using Membership providers and not adding more ADs.

    Read the article

  • [LDAP] The distinguished name contains invalid syntax ERROR!!

    - by handle0088
    I'm trying using LDAP to authenticate user, but I have a problem with LDAP. This is my code string hostOrDomainName = "MrHand-PC"; string targetOu = "cn=Huy Pham,ou=people,dc=example,dc=com"; // create a search filter to find all objects string ldapSearchFilter = "uid=pdhuy"; // establish a connection to the directory LdapConnection connection = new LdapConnection(hostOrDomainName); Console.WriteLine("\r\nPerforming a simple search ..."); SearchRequest searchRequest = new SearchRequest(targetOu, ldapSearchFilter, System.DirectoryServices.Protocols.SearchScope.OneLevel, null); // cast the returned directory response as a SearchResponse object SearchResponse searchResponse = (SearchResponse)connection.SendRequest(searchRequest); << **Throw exception: The distinguished name contains invalid syntax.** Can anyone help my solve this problem. Thank you so much.

    Read the article

  • javax.naming.InvalidNameException using Oracle BPM and weblogic when accessing directory

    - by alfredozn
    We are getting this exception when we start our cluster (2 managed servers, 1 admin), we have deployed only the ears corresponding to the OBPM 10.3.1 SP1 in a weblogic 10.3. When the server cluster starts, one of the managed servers (the first to start) get overloaded and ran out of connections to the directory DB because of this repeatedly error. It looks like the engine is trying to get the info from the LDAP server but I don't know why it is building a wrong query. fuego.directory.DirectoryRuntimeException: Exception [javax.naming.InvalidNameException: CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8349, best match of: 'CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp,dc=televisa,dc=com,dc=mx' ^@]; remaining name 'CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp']. at fuego.directory.DirectoryRuntimeException.wrapException(DirectoryRuntimeException.java:85) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectById(JNDIQueryExecutor.java:163) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectById(JNDIQueryExecutor.java:110) at fuego.directory.hybrid.ldap.Repository.selectById(Repository.java:38) at fuego.directory.hybrid.msad.MSADGroupValueProvider.getAssignedParticipantsInternal(MSADGroupValueProvider.java:124) at fuego.directory.hybrid.msad.MSADGroupValueProvider.getAssignedParticipants(MSADGroupValueProvider.java:70) at fuego.directory.hybrid.ldap.Group$7.getValue(Group.java:149) at fuego.directory.hybrid.ldap.Group$7.getValue(Group.java:152) at fuego.directory.hybrid.ldap.LDAPResult.getValue(LDAPResult.java:76) at fuego.directory.hybrid.ldap.LDAPOrganizationGroupAccessor.setInfo(LDAPOrganizationGroupAccessor.java:352) at fuego.directory.hybrid.ldap.LDAPOrganizationGroupAccessor.build(LDAPOrganizationGroupAccessor.java:121) at fuego.directory.hybrid.ldap.LDAPOrganizationGroupAccessor.build(LDAPOrganizationGroupAccessor.java:114) at fuego.directory.hybrid.ldap.LDAPOrganizationGroupAccessor.fetchGroup(LDAPOrganizationGroupAccessor.java:94) at fuego.directory.hybrid.HybridGroupAccessor.fetchGroup(HybridGroupAccessor.java:146) at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at fuego.directory.provider.DirectorySessionImpl$AccessorProxy.invoke(DirectorySessionImpl.java:756) at $Proxy66.fetchGroup(Unknown Source) at fuego.directory.DirOrganizationalGroup.fetch(DirOrganizationalGroup.java:275) at fuego.metadata.GroupManager.loadGroup(GroupManager.java:225) at fuego.metadata.GroupManager.find(GroupManager.java:57) at fuego.metadata.ParticipantManager.addNestedGroups(ParticipantManager.java:621) at fuego.metadata.ParticipantManager.buildCompleteRoleAssignments(ParticipantManager.java:527) at fuego.metadata.Participant$RoleTransitiveClousure.build(Participant.java:760) at fuego.metadata.Participant$RoleTransitiveClousure.access$100(Participant.java:692) at fuego.metadata.Participant.buildRoles(Participant.java:401) at fuego.metadata.Participant.updateMembers(Participant.java:372) at fuego.metadata.Participant.<init>(Participant.java:64) at fuego.metadata.Participant.createUncacheParticipant(Participant.java:84) at fuego.server.persistence.jdbc.JdbcProcessInstancePersMgr.loadItems(JdbcProcessInstancePersMgr.java:1706) at fuego.server.persistence.Persistence.loadInstanceItems(Persistence.java:838) at fuego.server.AbstractInstanceService.readInstance(AbstractInstanceService.java:791) at fuego.ejbengine.EJBInstanceService.getLockedROImpl(EJBInstanceService.java:218) at fuego.server.AbstractInstanceService.getLockedROImpl(AbstractInstanceService.java:892) at fuego.server.AbstractInstanceService.getLockedImpl(AbstractInstanceService.java:743) at fuego.server.AbstractInstanceService.getLockedImpl(AbstractInstanceService.java:730) at fuego.server.AbstractInstanceService.getLocked(AbstractInstanceService.java:144) at fuego.server.AbstractInstanceService.getLocked(AbstractInstanceService.java:162) at fuego.server.AbstractInstanceService.unselectAllItems(AbstractInstanceService.java:454) at fuego.server.execution.ToDoItemUnselect.execute(ToDoItemUnselect.java:105) at fuego.server.execution.DefaultEngineExecution$AtomicExecutionTA.runTransaction(DefaultEngineExecution.java:304) at fuego.transaction.TransactionAction.startNestedTransaction(TransactionAction.java:527) at fuego.transaction.TransactionAction.startTransaction(TransactionAction.java:548) at fuego.transaction.TransactionAction.start(TransactionAction.java:212) at fuego.server.execution.DefaultEngineExecution.executeImmediate(DefaultEngineExecution.java:123) at fuego.server.execution.DefaultEngineExecution.executeAutomaticWork(DefaultEngineExecution.java:62) at fuego.server.execution.EngineExecution.executeAutomaticWork(EngineExecution.java:42) at fuego.server.execution.ToDoItem.executeAutomaticWork(ToDoItem.java:261) at fuego.ejbengine.ItemExecutionBean$1.execute(ItemExecutionBean.java:223) at fuego.server.execution.DefaultEngineExecution$AtomicExecutionTA.runTransaction(DefaultEngineExecution.java:304) at fuego.transaction.TransactionAction.startBaseTransaction(TransactionAction.java:470) at fuego.transaction.TransactionAction.startTransaction(TransactionAction.java:551) at fuego.transaction.TransactionAction.start(TransactionAction.java:212) at fuego.server.execution.DefaultEngineExecution.executeImmediate(DefaultEngineExecution.java:123) at fuego.server.execution.EngineExecution.executeImmediate(EngineExecution.java:66) at fuego.ejbengine.ItemExecutionBean.processMessage(ItemExecutionBean.java:209) at fuego.ejbengine.ItemExecutionBean.onMessage(ItemExecutionBean.java:120) at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466) at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371) at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327) at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4547) at weblogic.jms.client.JMSSession.execute(JMSSession.java:4233) at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3709) at weblogic.jms.client.JMSSession.access$000(JMSSession.java:114) at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5058) at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: javax.naming.InvalidNameException: CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8349, best match of: 'CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp,dc=televisa,dc=com,dc=mx' ^@]; remaining name 'CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at fuego.jndi.FaultTolerantLdapContext.search(FaultTolerantLdapContext.java:612) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectById(JNDIQueryExecutor.java:136) ... 67 more

    Read the article

  • How to scope access to a service to set of users, using OpenLDAP, and only OUs

    - by JDS
    Okay, here goes. Solving this will solve several problems for me (as I can reapply this knowledge to several extant, similar problems), but luckily I have a very specific, concise problem to describe. Enough preamble. Our hosting partner is setting up VPN access for us and is connecting it to our LDAP server. They are using Cisco VPN, the docs on setting this up are here: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml#maintask1 Specifically, note the screenshot in (5), under "ASDM" Now, I do NOT want to provide access to all of our users. I only want to provide access to our IT group. But I do not see a configuration option for LDAP groups on that web reference for the Cisco VPN. We are using: OpenLDAP 2.4 Static groups (i.e. "Group has the following members...") Single user OU, "ou=users,dc=mycompany,dc=com" Is it possible to provide an alias of some kind in OpenLDAP that creates another OU, "itusers", say, and lets me alias the members of that OU somehow? Something like: "cn=Jeff Silverman,ou=itusers,dc=mycompany,dc=com" is an alias for "cn=Jeff Silverman,ou=users,dc=mycompany,dc=com" And is NOT a separate, unique user account. Alternatively, should I just create a separate OU and manage it separately? It is a pain, but only 12-15 users will have to be managed that way, with two separate user accounts. But I hate this option - messy, unmanageable, unscalable. You know what I mean. I am open to any options. I've searched and read all over but I can't quite find an directly analagous example. I can't possibly be the only one who's had this problem! Thanks!

    Read the article

  • getent passwd fails, getent group works?

    - by slugman
    I've almost got my AD integration working completely on my OpenSUSE 12.1 server. I have a OpenSUSE 11.4 system successfully integrated into our AD environment. (Meaning, we use ldap to authenticate to AD directory via kerberos, so we can login to our *nix systems via AD users, using name service caching daemon to cache our passwords and groups). Also, important to note these systems are in our lan, ssl authentication is disabled. I am almost all the way there. Nss_ldap is finally authenticating with ldap server (as /var/log/messages shows), but right now, I have another problem: getent passwd & getent shadow fails (shows local accounts only), but getent group works! Getent group shows all my ad groups! I copied over the relavent configuration files from my working OpenSUSE 11.4 box: /etc/krb5.conf /etc/nsswitch.conf /etc/nscd.conf /etc/samba/smb.conf /etc/sssd/sssd.conf /etc/pam.d/common-session-pc /etc/pam.d/common-account-pc /etc/pam.d/common-auth-pc /etc/pam.d/common-password-pc I didn't modify anything between the two. I really don't think I need to modify anything, because getent passwd, getent shadow, and getent group all works fine on the OpenSUSE11.4 box. Attempting to restart nscd service unfortunately didn't do much, and niether did running /usr/sbin/nscd -i passwd. Do any of you admin-gurus have any suggestions? Honestly, I'm happy I made it this far. I'm almost there guys!

    Read the article

  • TLS_REQCERT and PHP with LDAPS

    - by John
    Problem: Secure LDAP queries via command-line and PHP to an AD domain controller with a self-signed certificate. Background: I am working on a project where I need to enable LDAP look-ups from a PHP web application to a MS AD domain controller that is using a self-signed certificate. This self-signed certificate is also using a domain name that is not a FQDN - think of something like people.campus as the domain name. The web application would take the user's credentials and pass them on to the AD domain controller to verify if the credntials are a match or not. This seems simple, but I am having problems trying to get PHP and the self-signed certificate to work. Some people have suggested that I changed the TLS_REQCERT variable from "request" to "never" within the OpenLDAP configuration. I am concerned that this might have larger implications such as a man-in-the-middle attack and I am not comfortable changing this setting to never. I have also read some places online where one can take a certificate and place it as a trusted source within the openldap configuration file. I am curious if that is something that I could do for the situation that I have? Can I, from the command line, obtain the self-signed certificate that the AD domain controller is using, save it to a file, and then have openldap use that file for the trust that it needs so that I do not need to adjust the variable from request to never? I do not have access to the AD domain controller and as a result cannot export the certificate. If there is a way to obtain the certificate from the command line, what commands do I need to use? Is there an alternate method of handling this issue that would be better in the long run? I have some CentOS servers and some Ubuntu servers that I am working with to try and get this going on. Thanks in advance for your help and ideas.

    Read the article

  • What is my BaseDN supposed to be with the following configuration of OpenLDAP?

    - by fuzzy lollipop
    I have the following in my OpenLDAP configuration. Using the latest version OpenLDAP on Centos 5.3. Installed using yum. From my /etc/openldap/slapd.conf database bdb suffix "dc=company,dc=com" rootdn "cn=Manager,dc=company,dc=com" From my /etc/openldap/ldap.conf BASE dc=company,dc=com I have successfully added an entry with ldapadd and retrieved it with ldapsearch from a local bash shell on the box. Now I am trying to get a Graphical Editor to connect to this server remotely so I can enter people from my laptop. But I am having no luck. I tried JXplorer, and it connects with Anonymous bind without me having to specify a BaseDN but I can't edit anything that way. If I try and give it a user name and password, using Manager and my rootpw I have in clear text just for testing, every GUI Client on my remote laptop complains about my BaseDN not being the correct format when I enter dc=company,dc=com and I tried cn=Manager,dc=company,dc=com. Error opening connection: [LDAP: error code 34 - invalid DN] I have tried multiple clients and all of them connect as anonymous, none let me connect authenticated where I can actually create or edit anything. I am using Manager as my username and the password from rootpw, is that correct?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >