Search Results

Search found 5144 results on 206 pages for 'mod auth ldap'.

Page 6/206 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • LDAP Authentication for multiple AD Domains

    - by TrevJen
    I have 3 full trust domains (2 child and one root). I need to use LDAP to allow authntication for domain users. The trick is that I need the application to use an AD server for the child domain BUT proxy the LDAP query and authentication for the root domain. I see that it maty be possible with AD LDS and some trusts and synching, but it looks pretty hairy and overly complicated. The short of it is: 3 domains (Parent, ChildA, ChildB) My 3rd party app will need to use ChildA domain servers to authenticate either: a. a user in the parent domain or b. a user in the ChildB domain I already have full trusts between all domains, and regular NTLM authentication works fine (unless you are trying to authenticate with LDAP)

    Read the article

  • How to add admin users in 389 LDAP, fedora directory server

    - by chandank
    I want to create couple of Admin users who have access to create/delete users on a particular group/Organization Unit. For example, User: uid=testadmin, ou=people, dc=my,dc=net Should have access to create new users/delete users under ou=People,dc=my,dc=net I tried with below ACI but did not work (target = "ldap:///ou=People,dc=my,dc=net")(targetattr = "*") (version 3.0;acl "testadmin Permissions";allow (proxy)(userdn = "ldap:///uid=testadmin,ou=people,dc=my,dc=net");) I am able to add administrative users from the Directory Server console, but this user data is not stored in ldif files and only stored in binary database at /var/lib/dirsrv/slap-ldap/db/. Only problem is these users have full power and I am not sure how to restrict their access.

    Read the article

  • Replicate portion of an LDAP directory to external server

    - by colemanm
    We're in the process of setting up a Jabber server on Amazon EC2 right now, and we'd like to have our internal users authenticate via LDAP so we don't have to create/manage a separate set of user accounts than the master directory in the office. My question is: is there a way to copy, unidirectionally, a segment of our internal LDAP directory (the user accounts OU) to an external LDAP server and authenticate Jabber against that? We're trying to work around having our externally hosted machines out in the cloud accessing our internal network directly... If we can replicate in one direction only a subset of the user accounts, then if that gets compromised we don't necessarily have a critical security breach into our internal network.

    Read the article

  • Java login through LDAP

    - by Salda
    I am starting to write an application for our office and the first step is authentication through LDAP where all users already exist. Everything I need is a code in Java to check if the pair <nick,password> is right. Google found me many links, but I think that I will find here the most sofisticate, short and up to date solution (I don't want to read all articles like 2 whole days to do something so simple). I have written many dkBs of code in C++, but in Java I am total noob and I haven't coded anything with LDAP yet so try to be simple if speaking in Java and LDAP terms if possible.

    Read the article

  • Private Git repo using Smart HTTP with LDAP authentification

    - by ALOToverflow
    I've been crawling the interwebz and getting my hands dirty for the last few days, but I can't seem to make it all work together. I managed to get a HTTP repo working with Ubuntu 10.04 over Smart HTTP (pull and push over HTTP) for a single repo. This means that I do the initial setup over SSH to the server (git init --bare) and after that the clients can pull and push to it (git clone http://servername/allgitrepos/repo.git). Unfortunately it's impossible to add a new repo without SSHing to the server and adding it manually) i.e. git push http://servername/allgitrepos/repo2.git (allgitrepos is available for everyone to read-write and execute) would fail talking about git update-server-info (which seems to be a general error message). So far the repository is anonymous, so I would like to authenticate using LDAP and also use the LDAP creds to make the git commit. So, how can I push new repos to the server and how can I use the LDAP creds to make the git commit. Thanks

    Read the article

  • Invalid user names when creating a LDAP account

    - by h1d
    I'm trying to set up a system where a visitor can enter any user name in a form to create a new user and in the end it gets built on LDAP directory and I'm planning that to be mapped as a UNIX account as well (on Ubuntu Linux) by making the system look up for system accounts on the LDAP. Doing so is fine, but I feel that many user names should be avoided, one of the obvious being 'root' and all the other user names taken for daemons etc. How do you tackle at this problem? Do you make up a list of disallowed user names by checking /etc/passwd? I was thinking that if, internally, the user names could be prepended as 'ldap_' or something, it will avoid any naming conflicts but that seems hard when the LDAP entry name is 'joe' but the system account will look like 'ldap_joe'. Not even sure how that can be achieved.

    Read the article

  • Small, simple LDAP server as an alternative to OpenLDAP

    - by jstarek
    I have taken a look at the installation and configuration instructions for the newer OpenLDAP releases and decided that it's too much work to set up for my small userbase. Basically, I only use LDAP to synchronize user accounts on a small number of machines (ok, this does not really require a directory server) and to give those users access to some web-based tools, avoiding the need to create user accounts in several places. Can you recommend a small, simple LDAP server for use on *nix systems? My only requirements are the ability to serve up PosixAccount and Group objects via LDAP.

    Read the article

  • LDAP loginShell on platforms with different paths

    - by neoice
    I'm using LDAP to deal with users and authentication across my network. I'm now adding FreeBSD hosts and have hit a problem with login shells. on Linux, shells tend to be in /bin/$shellname, so setting my login shell in LDAP to /bin/zsh works perfectly. on FreeBSD, /bin/zsh doesnt exist, I need to use /usr/local/bin/zsh. is there a solution to this? I imagine I might be able to make some sort of login-shell.sh script that LDAP passes out as the "shell" and then use the script to determine the actual shell for the user, but I'm not a fan of that idea. I'm using Debian and FreeBSD, both with a standard OpenLDAP/PAM/nss setup. edit: it looks like using /bin/sh and adding an exec $shell to .profile would "work", but that doesnt scale very well.

    Read the article

  • Windows server 2003SP2 as LDAP replica master for Mac OSX 10.6

    - by FrancoR
    Hello there, we have a single domain controller with Windows 2003 with few child. All the users are in the main DC. We have already created a connection from AD to Mac Xserve 10.6 and can read all the users, but: 1. If the DC goes down (or the net), Mac lose all the users, so no file access, no emails, no nothing. 2. the users are in read only. Mac admin cannot reset password, change attribute and so on. What we need is a stable environment where both AD admins and LDAP admins can manage the users; if one server goes offline the users of the other server should work (email, shared folders) just fine. Thanks in advance P.S. we already tried to connect the MacOSX to Windows LDAP, instead of AD, but we're unable to do it: MacOSX requires DNS IP (gotcha), user admin and password (ok) and a root LDAP password we're unable to find any reference of it in Windows 2003.

    Read the article

  • Using LDAP/Active Directory with PIN based authentication

    - by nishantjr
    We'd like to integrate our service with LDAP, but because of hardware constraints, we're only allow 4 digit user ids and passwords. What would be the best practice for performing such an authetication? We've considered adding User ID and PIN attributes to the LDAP user schema, but we're not sure how happy people would be with modifying their schema to interact with our service. The PIN attribute would have to have the same support that native user passwords have. (hashing and salting etc.) UPDATE Another consideration is how ldap_bind works with this scenario. How do we get it to use an alternate authentication method? Can this even be done without affecting other services that use the same LDAP server?

    Read the article

  • Postfix + LDAP + Recipient Delimiter

    - by Coops
    I'm trying to get my Postfix and LDAP-backend to accept recipent delimiters (aka address extensions). The rest of the mail system is working fine, but when an email is received with an extension (e.g. [email protected]), it tries to look up "coops+test" against the LDAP service and fails. Obviously this is wrong, and it should strip out the "+test" part. In my postfix config the string being passed to the LDAP service is "%s", per an example line below: accounts_query_filter = (&(objectClass=MailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE)) Is there a postfix variable which represents the email account minus the extension? I've found a similar post here, but no actual solution.

    Read the article

  • Can a Silverlight application authenticate versus a local LDAP/ActiveDirectory Server

    - by caryden
    If I have an externally hosted application (www.outside.com) outside the firewall but users within a company wanted to be able to enable LDAP authentication against their local (behind the firewall) AD server (acting as LDAP) or other LDAP server (call it ldap.inside.com), how would this be done. It seems technically possible in that when a user tried to login to outside.com through a client-side silverlight interface, that the SL app could connect to the outside.com login service and be told to authenticate that user against ldap.inside.com. The SL app would make the calls to ldap.inside.com to authenticate the user. Of course, there is the issue of how the server is notified securely that the client authenticated itself...Has anyone done this?

    Read the article

  • Client authentication with RubyLDAP ldap

    - by Marcelo de Moraes Serpa
    Hello all, I'm trying to implement a feature that uses LDAP over SSL (SSL, not TLS), it needs to connect to a SSL-enabled LDAP server (i.e OpenLDAP), bind and then do any additional queries. It also needs to support client-authentication, and this is where things get tricky: The client is a web application written in Ruby, and we are using RubyLDAP (so far we have used it for non-SSL ldap stuff with great success). My question is: Is there a way to load a client certificate and send its data over the wire to the LDAP server when doing a LDAP::SSLConn? I haven't found anything obvious on the API docs (http://ruby-ldap.sourceforge.net/rdoc/) nor while googling around. I know I that I can prevent the server from asking for a certificate by putting the following on slapd.conf (OpenLDAP): TLSVerifyClient never However, this is not an option here. Thanks, Marcelo.

    Read the article

  • Recommend a local LDAP store for development

    - by Paul Stovell
    Our project uses an LDAP repository for storing users. In production this will be Active Directory. For development, we seem to have a couple of options: Install an AD LDS instance that everyone uses Install an AD LDS instance on every developer machine We're trying to keep the 'F5' experience as lightweight as possible, so installing things or relying on a central AD store aren't my favorite ideas. There are other LDAP servers, like Open LDAP. I was hoping there might be an LDAP server that simply talks to an XML file. This would allow us to store the XML file in source control and have something that is fast and works. Our nightly builds would still use AD to pick up any differences, but the hope is since we're using LDAP it should Just Work. Can you recommend an LDAP implementation that works well for zero-config shared-nothing development?

    Read the article

  • PHPMyAdmin HTTP auth works, but not cookie auth

    - by ssmy
    I'm running PHPMyAdmin version 3.3.2 on Ubuntu 10.04, fully updated. Recently, the authentication for PHPMyAdmin stopped working. It would return the error 1045. However, login on the command line still worked. I switched to HTTP authentication instead of cookie auth, and now it works fine. Any ideas why this could be, or what I could do to make cookie auth work again? (Partly just to know, and partly since it's a bit nicer).

    Read the article

  • Troubleshooting sudoers via ldap

    - by dafydd
    The good news is that I got sudoers via ldap working on Red Hat Directory Server. The package is sudo-1.7.2p1. I have some LDAP/Kerberos users in an LDAP group called wheel, and I have this entry in LDAP: # %wheel, SUDOers, example.com dn: cn=%wheel,ou=SUDOers,dc=example,dc=com cn: %wheel description: Members of group wheel have access to all privileges. objectClass: sudoRole objectClass: top sudoCommand: ALL sudoHost: ALL sudoUser: %wheel So, members of group wheel have administrative privileges via sudo. This has been tested and works fine. Now, I have this other sudo privilege set up to allow members of a group called Administrators to perform two commands as the non-root owner of those commands. # %Administrators, SUDOers, example.com dn: cn=%Administrators,ou=SUDOers,dc=example,dc=com sudoRunAsGroup: appGroup sudoRunAsUser: appOwner cn: %Administrators description: Allow members of the group Administrators to run various commands . objectClass: sudoRole objectClass: top sudoCommand: appStop sudoCommand: appStart sudoCommand: /path/to/appStop sudoCommand: /path/to/appStart sudoUser: %Administrators Unfortunately, members of Administrators are still refused permission to run appStart or appStop: -bash-3.2$ sudo /path/to/appStop [sudo] password for Aaron: Sorry, user Aaron is not allowed to execute '/path/to/appStop' as root on host.example.com. -bash-3.2$ sudo -u appOwner /path/to/appStop [sudo] password for Aaron: Sorry, user Aaron is not allowed to execute '/path/to/appStop' as appOwner on host.example.com. /var/log/secure shows me these two sets of messages for the two attempts: Oct 31 15:02:36 host sudo: pam_unix(sudo:auth): authentication failure; logname=Aaron uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=Aaron Oct 31 15:02:37 host sudo: pam_krb5[1508]: TGT verified using key for 'host/[email protected]' Oct 31 15:02:37 host sudo: pam_krb5[1508]: authentication succeeds for 'Aaron' ([email protected]) Oct 31 15:02:37 host sudo: Aaron : command not allowed ; TTY=pts/3 ; PWD=/auto/home/Aaron ; USER=root ; COMMAND=/path/to/appStop Oct 31 15:02:52 host sudo: pam_unix(sudo:auth): authentication failure; logname=Aaron uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=Aaron Oct 31 15:02:52 host sudo: pam_krb5[1547]: TGT verified using key for 'host/[email protected]' Oct 31 15:02:52 host sudo: pam_krb5[1547]: authentication succeeds for 'Aaron' ([email protected]) Oct 31 15:02:52 host sudo: Aaron : command not allowed ; TTY=pts/3 ; PWD=/auto/home/Aaron ; USER=appOwner; COMMAND=/path/to/appStop The questions: Does sudo have some sort of verbose or debug mode where I can actually watch it capture the sudoers privilege list and determine whether or not Aaron should have the privilege to run this command? (This question is probably independent of where the sudoers database is kept.) Does sudo work with some background mechanism that might have a log level I could turn up? Right now, I can't fix a problem I can't identify. Is this an LDAP search failure? Is this a group member matching failure? Identifying why the command fails will help me identify the fix... Next step: Recreate the privilege in /etc/sudoers, and see if it works locally... Cheers!

    Read the article

  • Immediate logout after login with PAM, Kerberos, and LDAP

    - by Dylan Klomparens
    I've set up remote login on a computer using Kerberos and LDAP. I've also configured NFS to mount onto /home so that the user's home directory is the same wherever they login. Kerberos authentication seems to work fine. I can get a ticket using kinit user1 (assuming user1 is a remote user) and see the ticket with klist. I'm pretty sure LDAP is working because I see the proper output from getent passwd, which lists all the remote users. The contents of /home are present when I list the files. The problem is: when I try to login as a remote user the session is immediately ended. Why is it not letting me stay logged in? Here is the output from /var/log/messages after a login attempt: # /var/log/messages: Oct 9 10:57:53 tophat login[6472]: pam_krb5[6472]: authentication succeeds for 'user1' ([email protected]) Oct 9 10:57:53 tophat login[6472]: pam_krb5[6472]: pam_setcred (establish credential) called Oct 9 10:57:53 tophat login[6472]: pam_krb5[6472]: pam_setcred (delete credential) called EDIT: The distro is openSUSE. Here are the common-* files in /etc/pam.d:   # /etc/pam.d/common-account account required pam_unix.so   # /etc/pam.d/common-auth auth sufficient pam_krb5.so minimum_uid=1000 auth required pam_unix.so nullok_secure try_first_pass   # /etc/pam.d/common-session session optional pam_umask.so umask=002 session sufficient pam_krb5.so minimum_uid=1000 session required pam_unix.so There doesn't appear to be a /var/log/auth.log file nor a /var/log/secure file.

    Read the article

  • Alternatives to native LDAP

    - by Matt
    We've implemented an LDAP to NIS solution and have begun transitioning some systems to native LDAP binding for authentication and automount maps. Unfortunately we have a very mixed environment with more than 20 *nix environments. The setup for each variant is of course unique and has required various workarounds to get full functionality. We're now at the point where we're willing to revisit the solution and possibly migrate toward something like Likewise (http://www.likewise.org), but would like to know what others are using to solve this problem.

    Read the article

  • LDAP NTLM interop

    - by pihentagy
    Hi! Our company uses NTLM to authenticate users. But there are a bunch of softwares with LDAP authentication support. So, is there a way to setup an LDAP server (preferably under WinNT), which can authenticate users via NTLM?

    Read the article

  • LDAP NTLM interop [closed]

    - by pihentagy
    Hi! Our company uses NTLM to authenticate users. But there are a bunch of softwares with LDAP authentication support. So, is there a way to setup an LDAP server (preferably under WinNT), which can authenticate users via NTLM?

    Read the article

  • LDAP RBAC model

    - by typo
    Hi does anybody can tell me about best practice to model RBAC on LDAP ? I'm very confused, not sure if I should think about LDAP groups as role, or just user in some custom OU. Any real-life examples with tasks-operations\roles\user scheme (one user, multiple roles per user, multiple operations-tasks per role) ? BTW:Target systems are .net, java and iSeries

    Read the article

  • PAM / LDAP authentication with Ubuntu 10.04

    - by t6d
    I can't wrap my brain around the new pam.d configuration syntax used in Ubuntu 10.04. How do I setup PAM so that it allows users stored in my LDAP database to login. I already configured nscd, so id <user> or getent passwd are already listing my LDAP users, but PAM doesn't work, whether the normal shell login nor su.

    Read the article

  • How do I make a LDAP query-based dynamic distribution group in Exchange 2010

    - by blsub6
    I see that there were ways in Exchange 2003 and Exchange 2007 to just put in an LDAP query and it would populate the group for you. Is there any way to do that in Exchange 2010? I know there's dynamic distribution groups but I don't want to create the group based on one of their pre-set queries and I don't want to mess around with "custom attributes". I just want to put an LDAP query in there and make it run it to populate the distribution group.

    Read the article

  • LDAP + NFS + automount home directories permissions issue

    - by noobishguy
    When an LDAP user logs into the system they have incorrect permissions to their home directory. LDAP and NFS services exist on the same server. The directory shows the correct ownership / permissions: drwx------. 4 ldaptest ldaptest 4096 Jun 9 2014 ldaptest however the UID / GID do not match those on the server client: bash-4.1$ id uid=10001(ldaptest) gid=10001(ldaptest) groups=10001(ldaptest) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 server: [root@ldap1 log]# id ldaptest uid=502(ldaptest) gid=502(ldaptest) groups=502(ldaptest) How do I resolve this?

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >