Search Results

Search found 1328 results on 54 pages for 'dbms ldap'.

Page 5/54 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Clients not recognizing secondary LDAP groups?

    - by Nick
    I'm having an issue where users who are members of secondary groups in LDAP are not being recognized as members of that group by the client. In this case, user jdoe is not being recognized as a member of the projects group. On the client, getent group shows: projects:*:20001:1001,1002,1003,1004,1005,1006 and getent passwd shows: jdoe:x:1003:10003:John Doe:/home/jdoe:/bin/bash But if I log in to the client as jdoe, and run id, I get: uid=1003(jdoe) gid=10003(jdoe) groups=24(cdrom),25(floppy),29(audio),44(video),46(plugdev),10003(jdoe) It recognizes jdoe's primary group, and the secondary groups that are appended by the client to all LDAP users, but the LDAP secondary groups are not in the list. We can see that jdoe's id is in the projects group, so why is the projects group not showing when jdoe runs the id command? The group objects are basic posixGroup entries, with a memberUid attribute for each of its members. We are using OpenLDAP on Ubuntu 10.04 server and clients.

    Read the article

  • Modeling RBAC actors using LDAP (Core X.5xx)

    - by Tetsujin no Oni
    Mirrored from stackoverflow... When implementing an RBAC model using an LDAP store (I'm using Apache Directory 1.0.2 as a testbed), some of the actors are obviously mappable to specific objectClasses: Resources - I don't see a clear mapping for this one. applictionEntity seems only tangentially intended for this purpose Permissions - a Permission can be viewed as a single-purpose Role; obviously I'm not thinking of an LDAP permission, as they govern access to LDAP objects and attributes rather than an RBAC permission to a Resource Roles - maps fairly directly to groupOfNames or groupOfUniqueNames, right? Users - person In the past I've seen models where a Resource isn't dealt with in the directory in any fashion, and Permissions and Roles were mapped to Active Directory Groups. Is there a better way to represent these actors? How about a document discussing good mappings and intents of the schema?

    Read the article

  • LDAP Authentication for multiple AD Domains

    - by TrevJen
    I have 3 full trust domains (2 child and one root). I need to use LDAP to allow authntication for domain users. The trick is that I need the application to use an AD server for the child domain BUT proxy the LDAP query and authentication for the root domain. I see that it maty be possible with AD LDS and some trusts and synching, but it looks pretty hairy and overly complicated. The short of it is: 3 domains (Parent, ChildA, ChildB) My 3rd party app will need to use ChildA domain servers to authenticate either: a. a user in the parent domain or b. a user in the ChildB domain I already have full trusts between all domains, and regular NTLM authentication works fine (unless you are trying to authenticate with LDAP)

    Read the article

  • How to add admin users in 389 LDAP, fedora directory server

    - by chandank
    I want to create couple of Admin users who have access to create/delete users on a particular group/Organization Unit. For example, User: uid=testadmin, ou=people, dc=my,dc=net Should have access to create new users/delete users under ou=People,dc=my,dc=net I tried with below ACI but did not work (target = "ldap:///ou=People,dc=my,dc=net")(targetattr = "*") (version 3.0;acl "testadmin Permissions";allow (proxy)(userdn = "ldap:///uid=testadmin,ou=people,dc=my,dc=net");) I am able to add administrative users from the Directory Server console, but this user data is not stored in ldif files and only stored in binary database at /var/lib/dirsrv/slap-ldap/db/. Only problem is these users have full power and I am not sure how to restrict their access.

    Read the article

  • Replicate portion of an LDAP directory to external server

    - by colemanm
    We're in the process of setting up a Jabber server on Amazon EC2 right now, and we'd like to have our internal users authenticate via LDAP so we don't have to create/manage a separate set of user accounts than the master directory in the office. My question is: is there a way to copy, unidirectionally, a segment of our internal LDAP directory (the user accounts OU) to an external LDAP server and authenticate Jabber against that? We're trying to work around having our externally hosted machines out in the cloud accessing our internal network directly... If we can replicate in one direction only a subset of the user accounts, then if that gets compromised we don't necessarily have a critical security breach into our internal network.

    Read the article

  • Private Git repo using Smart HTTP with LDAP authentification

    - by ALOToverflow
    I've been crawling the interwebz and getting my hands dirty for the last few days, but I can't seem to make it all work together. I managed to get a HTTP repo working with Ubuntu 10.04 over Smart HTTP (pull and push over HTTP) for a single repo. This means that I do the initial setup over SSH to the server (git init --bare) and after that the clients can pull and push to it (git clone http://servername/allgitrepos/repo.git). Unfortunately it's impossible to add a new repo without SSHing to the server and adding it manually) i.e. git push http://servername/allgitrepos/repo2.git (allgitrepos is available for everyone to read-write and execute) would fail talking about git update-server-info (which seems to be a general error message). So far the repository is anonymous, so I would like to authenticate using LDAP and also use the LDAP creds to make the git commit. So, how can I push new repos to the server and how can I use the LDAP creds to make the git commit. Thanks

    Read the article

  • Java login through LDAP

    - by Salda
    I am starting to write an application for our office and the first step is authentication through LDAP where all users already exist. Everything I need is a code in Java to check if the pair <nick,password> is right. Google found me many links, but I think that I will find here the most sofisticate, short and up to date solution (I don't want to read all articles like 2 whole days to do something so simple). I have written many dkBs of code in C++, but in Java I am total noob and I haven't coded anything with LDAP yet so try to be simple if speaking in Java and LDAP terms if possible.

    Read the article

  • Invalid user names when creating a LDAP account

    - by h1d
    I'm trying to set up a system where a visitor can enter any user name in a form to create a new user and in the end it gets built on LDAP directory and I'm planning that to be mapped as a UNIX account as well (on Ubuntu Linux) by making the system look up for system accounts on the LDAP. Doing so is fine, but I feel that many user names should be avoided, one of the obvious being 'root' and all the other user names taken for daemons etc. How do you tackle at this problem? Do you make up a list of disallowed user names by checking /etc/passwd? I was thinking that if, internally, the user names could be prepended as 'ldap_' or something, it will avoid any naming conflicts but that seems hard when the LDAP entry name is 'joe' but the system account will look like 'ldap_joe'. Not even sure how that can be achieved.

    Read the article

  • Small, simple LDAP server as an alternative to OpenLDAP

    - by jstarek
    I have taken a look at the installation and configuration instructions for the newer OpenLDAP releases and decided that it's too much work to set up for my small userbase. Basically, I only use LDAP to synchronize user accounts on a small number of machines (ok, this does not really require a directory server) and to give those users access to some web-based tools, avoiding the need to create user accounts in several places. Can you recommend a small, simple LDAP server for use on *nix systems? My only requirements are the ability to serve up PosixAccount and Group objects via LDAP.

    Read the article

  • LDAP loginShell on platforms with different paths

    - by neoice
    I'm using LDAP to deal with users and authentication across my network. I'm now adding FreeBSD hosts and have hit a problem with login shells. on Linux, shells tend to be in /bin/$shellname, so setting my login shell in LDAP to /bin/zsh works perfectly. on FreeBSD, /bin/zsh doesnt exist, I need to use /usr/local/bin/zsh. is there a solution to this? I imagine I might be able to make some sort of login-shell.sh script that LDAP passes out as the "shell" and then use the script to determine the actual shell for the user, but I'm not a fan of that idea. I'm using Debian and FreeBSD, both with a standard OpenLDAP/PAM/nss setup. edit: it looks like using /bin/sh and adding an exec $shell to .profile would "work", but that doesnt scale very well.

    Read the article

  • Windows server 2003SP2 as LDAP replica master for Mac OSX 10.6

    - by FrancoR
    Hello there, we have a single domain controller with Windows 2003 with few child. All the users are in the main DC. We have already created a connection from AD to Mac Xserve 10.6 and can read all the users, but: 1. If the DC goes down (or the net), Mac lose all the users, so no file access, no emails, no nothing. 2. the users are in read only. Mac admin cannot reset password, change attribute and so on. What we need is a stable environment where both AD admins and LDAP admins can manage the users; if one server goes offline the users of the other server should work (email, shared folders) just fine. Thanks in advance P.S. we already tried to connect the MacOSX to Windows LDAP, instead of AD, but we're unable to do it: MacOSX requires DNS IP (gotcha), user admin and password (ok) and a root LDAP password we're unable to find any reference of it in Windows 2003.

    Read the article

  • Using LDAP/Active Directory with PIN based authentication

    - by nishantjr
    We'd like to integrate our service with LDAP, but because of hardware constraints, we're only allow 4 digit user ids and passwords. What would be the best practice for performing such an authetication? We've considered adding User ID and PIN attributes to the LDAP user schema, but we're not sure how happy people would be with modifying their schema to interact with our service. The PIN attribute would have to have the same support that native user passwords have. (hashing and salting etc.) UPDATE Another consideration is how ldap_bind works with this scenario. How do we get it to use an alternate authentication method? Can this even be done without affecting other services that use the same LDAP server?

    Read the article

  • Postfix + LDAP + Recipient Delimiter

    - by Coops
    I'm trying to get my Postfix and LDAP-backend to accept recipent delimiters (aka address extensions). The rest of the mail system is working fine, but when an email is received with an extension (e.g. [email protected]), it tries to look up "coops+test" against the LDAP service and fails. Obviously this is wrong, and it should strip out the "+test" part. In my postfix config the string being passed to the LDAP service is "%s", per an example line below: accounts_query_filter = (&(objectClass=MailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE)) Is there a postfix variable which represents the email account minus the extension? I've found a similar post here, but no actual solution.

    Read the article

  • Can a Silverlight application authenticate versus a local LDAP/ActiveDirectory Server

    - by caryden
    If I have an externally hosted application (www.outside.com) outside the firewall but users within a company wanted to be able to enable LDAP authentication against their local (behind the firewall) AD server (acting as LDAP) or other LDAP server (call it ldap.inside.com), how would this be done. It seems technically possible in that when a user tried to login to outside.com through a client-side silverlight interface, that the SL app could connect to the outside.com login service and be told to authenticate that user against ldap.inside.com. The SL app would make the calls to ldap.inside.com to authenticate the user. Of course, there is the issue of how the server is notified securely that the client authenticated itself...Has anyone done this?

    Read the article

  • Microsoft DBMS on-the-fly aggregation

    - by ILya
    Some time ago i was reading an article about new MS DBMS technology. It's some kind of OLAP but on the fly. This technology can bind to data flows and then provide a real time aggregation. So the question is "what is it's name?". I need such a technology now but can't remember it's name... Or maybe there are some similar technologies?

    Read the article

  • learn dbms online

    - by siva
    Hi I want to learn DBMS including the concepts of complex SQL writing and normalisation and other stuff. Can anyone please help me to find some useful online resources.....

    Read the article

  • Client authentication with RubyLDAP ldap

    - by Marcelo de Moraes Serpa
    Hello all, I'm trying to implement a feature that uses LDAP over SSL (SSL, not TLS), it needs to connect to a SSL-enabled LDAP server (i.e OpenLDAP), bind and then do any additional queries. It also needs to support client-authentication, and this is where things get tricky: The client is a web application written in Ruby, and we are using RubyLDAP (so far we have used it for non-SSL ldap stuff with great success). My question is: Is there a way to load a client certificate and send its data over the wire to the LDAP server when doing a LDAP::SSLConn? I haven't found anything obvious on the API docs (http://ruby-ldap.sourceforge.net/rdoc/) nor while googling around. I know I that I can prevent the server from asking for a certificate by putting the following on slapd.conf (OpenLDAP): TLSVerifyClient never However, this is not an option here. Thanks, Marcelo.

    Read the article

  • Writing a DBMS in Python

    - by Matt Luongo
    Hey guys, I'm working on a basic DBMS as a pet project and planning to prototype in Python. I figure there's a reason there are only a few Python databases, and my gut agrees that my favorite language will be too slow to act as an honest performing database, but I'm looking forward to using it to learn what I need quickly. Would someone please contradict me? Is Python as ill-suited right now for this sort of thing as I think?

    Read the article

  • Recommend a local LDAP store for development

    - by Paul Stovell
    Our project uses an LDAP repository for storing users. In production this will be Active Directory. For development, we seem to have a couple of options: Install an AD LDS instance that everyone uses Install an AD LDS instance on every developer machine We're trying to keep the 'F5' experience as lightweight as possible, so installing things or relying on a central AD store aren't my favorite ideas. There are other LDAP servers, like Open LDAP. I was hoping there might be an LDAP server that simply talks to an XML file. This would allow us to store the XML file in source control and have something that is fast and works. Our nightly builds would still use AD to pick up any differences, but the hope is since we're using LDAP it should Just Work. Can you recommend an LDAP implementation that works well for zero-config shared-nothing development?

    Read the article

  • Troubleshooting sudoers via ldap

    - by dafydd
    The good news is that I got sudoers via ldap working on Red Hat Directory Server. The package is sudo-1.7.2p1. I have some LDAP/Kerberos users in an LDAP group called wheel, and I have this entry in LDAP: # %wheel, SUDOers, example.com dn: cn=%wheel,ou=SUDOers,dc=example,dc=com cn: %wheel description: Members of group wheel have access to all privileges. objectClass: sudoRole objectClass: top sudoCommand: ALL sudoHost: ALL sudoUser: %wheel So, members of group wheel have administrative privileges via sudo. This has been tested and works fine. Now, I have this other sudo privilege set up to allow members of a group called Administrators to perform two commands as the non-root owner of those commands. # %Administrators, SUDOers, example.com dn: cn=%Administrators,ou=SUDOers,dc=example,dc=com sudoRunAsGroup: appGroup sudoRunAsUser: appOwner cn: %Administrators description: Allow members of the group Administrators to run various commands . objectClass: sudoRole objectClass: top sudoCommand: appStop sudoCommand: appStart sudoCommand: /path/to/appStop sudoCommand: /path/to/appStart sudoUser: %Administrators Unfortunately, members of Administrators are still refused permission to run appStart or appStop: -bash-3.2$ sudo /path/to/appStop [sudo] password for Aaron: Sorry, user Aaron is not allowed to execute '/path/to/appStop' as root on host.example.com. -bash-3.2$ sudo -u appOwner /path/to/appStop [sudo] password for Aaron: Sorry, user Aaron is not allowed to execute '/path/to/appStop' as appOwner on host.example.com. /var/log/secure shows me these two sets of messages for the two attempts: Oct 31 15:02:36 host sudo: pam_unix(sudo:auth): authentication failure; logname=Aaron uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=Aaron Oct 31 15:02:37 host sudo: pam_krb5[1508]: TGT verified using key for 'host/[email protected]' Oct 31 15:02:37 host sudo: pam_krb5[1508]: authentication succeeds for 'Aaron' ([email protected]) Oct 31 15:02:37 host sudo: Aaron : command not allowed ; TTY=pts/3 ; PWD=/auto/home/Aaron ; USER=root ; COMMAND=/path/to/appStop Oct 31 15:02:52 host sudo: pam_unix(sudo:auth): authentication failure; logname=Aaron uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=Aaron Oct 31 15:02:52 host sudo: pam_krb5[1547]: TGT verified using key for 'host/[email protected]' Oct 31 15:02:52 host sudo: pam_krb5[1547]: authentication succeeds for 'Aaron' ([email protected]) Oct 31 15:02:52 host sudo: Aaron : command not allowed ; TTY=pts/3 ; PWD=/auto/home/Aaron ; USER=appOwner; COMMAND=/path/to/appStop The questions: Does sudo have some sort of verbose or debug mode where I can actually watch it capture the sudoers privilege list and determine whether or not Aaron should have the privilege to run this command? (This question is probably independent of where the sudoers database is kept.) Does sudo work with some background mechanism that might have a log level I could turn up? Right now, I can't fix a problem I can't identify. Is this an LDAP search failure? Is this a group member matching failure? Identifying why the command fails will help me identify the fix... Next step: Recreate the privilege in /etc/sudoers, and see if it works locally... Cheers!

    Read the article

  • Alternatives to native LDAP

    - by Matt
    We've implemented an LDAP to NIS solution and have begun transitioning some systems to native LDAP binding for authentication and automount maps. Unfortunately we have a very mixed environment with more than 20 *nix environments. The setup for each variant is of course unique and has required various workarounds to get full functionality. We're now at the point where we're willing to revisit the solution and possibly migrate toward something like Likewise (http://www.likewise.org), but would like to know what others are using to solve this problem.

    Read the article

  • LDAP NTLM interop

    - by pihentagy
    Hi! Our company uses NTLM to authenticate users. But there are a bunch of softwares with LDAP authentication support. So, is there a way to setup an LDAP server (preferably under WinNT), which can authenticate users via NTLM?

    Read the article

  • LDAP NTLM interop [closed]

    - by pihentagy
    Hi! Our company uses NTLM to authenticate users. But there are a bunch of softwares with LDAP authentication support. So, is there a way to setup an LDAP server (preferably under WinNT), which can authenticate users via NTLM?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >