Search Results

Search found 1336 results on 54 pages for 'ou'.

Page 6/54 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • curl can't verify cert using capath, but can with cacert option

    - by phylae
    I am trying to use curl to connect to a site using HTTPS. But curl is failing to verify the SSL cert. $ curl --verbose --capath ./certs/ --head https://example.com/ * About to connect() to example.com port 443 (#0) * Trying 1.1.1.1... connected * Connected to example.com (1.1.1.1) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: ./certs/ * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. I know about the -k option. But I do actually want to verify the cert. The certs directory has been properly hashed with c_rehash . and it contains: A Verisign intermediate cert Two self-signed certs The above site should be verified with the Verisign intermediate cert. When I use the --cacert option instead (and point directly to the Verisign cert) curl is able to verify the SSL cert. $ curl --verbose --cacert ./certs/verisign-intermediate-ca.crt --head https://example.com/ * About to connect() to example.com port 443 (#0) * Trying 1.1.1.1... connected * Connected to example.com (1.1.1.1) port 443 (#0) * successfully set certificate verify locations: * CAfile: ./certs/verisign-intermediate-ca.crt CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: C=US; ST=State; L=City; O=Company; OU=ou1; CN=example.com * start date: 2011-04-17 00:00:00 GMT * expire date: 2012-04-15 23:59:59 GMT * common name: example.com (matched) * issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3 * SSL certificate verify ok. > HEAD / HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 > Host: example.com > Accept: */* > < HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found < Cache-Control: must-revalidate,no-cache,no-store Cache-Control: must-revalidate,no-cache,no-store < Content-Type: text/html;charset=ISO-8859-1 Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 1267 Content-Length: 1267 < Server: Jetty(7.2.2.v20101205) Server: Jetty(7.2.2.v20101205) < * Connection #0 to host example.com left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): In addition, if I try hitting one of the sites using a self signed cert and the --capath option, it also works. (Let me know if I should post an example of that.) This implies that curl is finding the cert directory, and it is properly hash. Finally, I am able to verify the SSL cert with openssl, using its -CApath option. $ openssl s_client -CApath ./certs/ -connect example.com:443 CONNECTED(00000003) depth=3 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify return:1 depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 verify return:1 depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 verify return:1 depth=0 /C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com verify return:1 --- Certificate chain 0 s:/C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- Server certificate -----BEGIN CERTIFICATE----- <cert removed> -----END CERTIFICATE----- subject=/C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- No client certificate CA names sent --- SSL handshake has read 1563 bytes and written 435 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: D65C4C6D52E183BF1E7543DA6D6A74EDD7D6E98EB7BD4D48450885188B127717 Session-ID-ctx: Master-Key: 253D4A3477FDED5FD1353D16C1F65CFCBFD78276B6DA1A078F19A51E9F79F7DAB4C7C98E5B8F308FC89C777519C887E2 Key-Arg : None Start Time: 1303258052 Timeout : 300 (sec) Verify return code: 0 (ok) --- QUIT DONE How can I get curl to verify this cert using the --capath option?

    Read the article

  • One email user keeps disconnecting from our exchange server

    - by Funky Si
    I have one user who keeps reporting that Outlook keeps disconnecting from our email server. All other users are fine. Our email server is running Exchange 2010 and the client is running Outlook 2003. The disconnection only lasts a moment. I have checked for logs on the client and Exchange server and can not see any reason for the disconnect, On the Client I get EventId 26 telling me Outlook has disconnected and reconnected but no reason why. Can anyone give me some suggestions of things to try and track down where the problem could be? --Update-- I have found the following log file C:\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access which suggests that it is a problem with RPC sessions. Excerpt is below 2013-01-31T15:21:24.015Z,6413,15,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,,0,00:00:00,"BS=Conn:24,HangingConn:0,AD:$null/$null/0%,CAS:$null/$null/2%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:$null/0,Policy:ClientThrottlingPolicy2,Norm[Resources:(Mdb)Mailbox Database 0765959540(Health:-1%,HistLoad:0),(Mdb)Public Folder Database 1945427388(Health:-1%,HistLoad:0),];GC:6/1/0;", 2013-01-31T15:21:24.015Z,6413,16,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,PublicLogoff,0,00:00:00,LogonId: 1, 2013-01-31T15:21:24.015Z,6413,16,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,,,00:00:00,"BS=Conn:24,HangingConn:0,AD:$null/$null/0%,CAS:$null/$null/2%,AB:$null/$null/0%,RPC:$null/$null/1%,FC:$null/0,Policy:ClientThrottlingPolicy2,Norm[Resources:(Mdb)Mailbox Database 0765959540(Health:-1%,HistLoad:0),(Mdb)Public Folder Database 1945427388(Health:-1%,HistLoad:0),];GC:6/1/0;", 2013-01-31T15:21:24.015Z,6417,5,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,OwnerLogoff,0,00:00:00,LogonId: 0, 2013-01-31T15:21:24.015Z,6417,5,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,,0x6BA (rpc::Exception),00:02:54.7668000,Budget Highs [AD = 0][CAS = 3][RPC = 1] Session Throttled Count = 0; SessionDropped,"RpcEndPoint: [ServerUnavailableException] Connection must be re-established - [SessionDeadException] Connection doesn't have any open logons, but has client activity. This may be masking synchronization stalls. Dropping a connection." 2013-01-31T15:21:24.015Z,6420,7,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,DelegateLogoff,0,00:00:00,LogonId: 0, 2013-01-31T15:21:24.031Z,6420,7,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,,,00:00:00.0156000,Budget Highs [AD = 0][CAS = 3][RPC = 1] Session Throttled Count = 0, 2013-01-31T15:21:24.031Z,6420,7,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,Disconnect,0,00:02:54.2364000,, 2013-01-31T15:21:24.031Z,6419,5,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,OwnerLogoff,0,00:00:00,LogonId: 0, 2013-01-31T15:21:24.031Z,6419,5,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,,,00:00:00,Budget Highs [AD = 0][CAS = 3][RPC = 1] Session Throttled Count = 0, 2013-01-31T15:21:24.031Z,6419,5,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,Disconnect,0,00:02:54.4392000,, 2013-01-31T15:21:24.031Z,6416,7,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,DelegateLogoff,0,00:00:00,LogonId: 0, 2013-01-31T15:21:24.031Z,6416,7,/o=EUROSAFEUK/ou=first administrative group/cn=Recipients/cn=andy,,OUTLOOK.EXE,11.0.8303.0,Classic,,,ncacn_ip_tcp,,,,00:00:00,Budget Highs [AD = 0][CAS = 3][RPC = 1] Session Throttled Count = 0, Can anyone help point me in the right direction for a solution?

    Read the article

  • Windows AD: Is loopback processing absolutely necessary in order to apply a user policy to users logging into computers in the OU?

    - by Brett
    I've had our AD setup running on server 2008r2 and now 2012, and I swear, a user policy applied to an OU containing only computers actually does apply to users logging into those computers, without loopback processing enabled. Everything I read seems to say that is not how it should work, but it does. Is this normal behavior? Just tested again - created a policy with a drive map (which is a user policy), applied it to an OU containing my terminal server, forced a gpupdate, logged out/in, and sure enough, the drive is mapped. I did NOT turn on loopback processing.

    Read the article

  • Finding a person in the forest

    - by PointsToShare
    © 2011 By: Dov Trietsch. All rights reserved finding a person in the forest or Limiting the AD result in SharePoint People Picker There are times when we need to limit the SharePoint audience of certain farms or servers or site collections to a particular audience. One of my experiences involved limiting access to US citizens, another to a particular location. Now, most of us – your humble servant included – are not Active Directory experts – but we must be able to handle the “audience restrictions” as required. So here is how it’s done in a nutshell. Important note. Not all could be done in PowerShell (at least not yet)! There are no Windows PowerShell commands to configure People Picker. The stsadm command is: stsadm -o setproperty -pn peoplepicker-searchadcustomquery -pv ADQuery –url http://somethingOrOther Note the long-hyphenated property name. Now to filling the ADQuery.   LDAP Query in a nutshell Syntax LDAP is no older than SQL and an LDAP query is actually a query against the LDAP Database. LDAP attributes are the equivalent of Database columns, so why do we have to learn a new query language? Beats me! But we must, so here it is. The syntax of an LDAP query string is made of individual statements with relational operators including: = Equal <= Lower than or equal >= Greater than or equal… and memberOf – a group membership. ! Not * Wildcard Equal and memberOf are the most commonly used. Checking for absence uses the ! – not and the * - wildcard Example: (SN=Grant) All whose last name – SurName – is Grant Example: (!(SN=Grant)) All except Grant Example: (!(SN=*)) all where there is no SurName i.e SurName is absent (probably Rappers). Example: (CN=MyGroup) Common Name is MyGroup.  Example: (GN=J*) all the Given Names that start with J (JJ, Jane, Jon, John, etc.) The cryptic SN, CN, GN, etc. are attributes and more about them later All the queries are enclosed in parentheses (Query). Complex queries are comprised of sets that are in AND or OR conditions. AND is denoted by the ampersand (&) and the OR is denoted by the vertical pipe (|). The general syntax is that of the Prefix polish notation where the operand precedes the variables. E.g +ab is the sum of a and b. In an LDAP query (&(A)(B)) will garner the objects for which both A and B are true. In an LDAP query (&(A)(B)(C)) will garner the objects for which A, B and C are true. There’s no limit to the number of conditions. In an LDAP query (|(A)(B)) will garner the objects for which either A or B are true. In an LDAP query (|(A)(B)(C)) will garner the objects for which at least one of A, B and C is true. There’s no limit to the number of conditions. More complex queries have both types of conditions and the parentheses determine the order of operations. Attributes Now let’s get into the SN, CN, GN, and other attributes of the query SN – is the SurName (last name) GN – is the Given Name (first name) CN – is the Common Name, usually GN followed by SN OU – is an Organization Unit such as division, department etc. DC – is a Domain Content in the AD forest l – lower case ‘L’ stands for location. Jerusalem anybody? Or Katmandu. UPN – User Principal Name, is usually the first part of an email address. By nature it is unique in the forest. Most systems set the UPN to be the first initial followed by the SN of the person involved. Some limit the total to 8 characters. If we have many ‘jsmith’ we have to somehow distinguish them from each other. DN – is the distinguished name – a name unique to AD forest in which it lives. Usually it’s a CN with some domain or group distinguishers. DN is important in conjunction with the memberOf relation. Groups have stricter requirement. Each group has to have a unique name - its CN and it has to be unique regardless of its place. See more below. All of the attributes are case insensitive. CN, cn, Cn, and cN are identical. objectCategory is an element that requires special consideration. AD contains many different object like computers, printers, and of course people and groups. In the queries below, we’re limiting our search to people (person). Putting it altogether Let’s get a list of all the Johns in the SPAdmin group of the Jerusalem that local domain. (&(objectCategory=person)(memberOf=cn=SPAdmin,ou=Jerusalem,dc=local)) The memberOf=cn=SPAdmin uses the cn (Common Name) of the SPAdmin group. This is how the memberOf relation is used. ‘SPAdmin’ is actually the DN of the group. Also the memberOf relation does not allow wild cards (*) in the group name. Also, you are limited to at most one ‘OU’ entry. Let’s add Marvin Minsky to the search above. |(&(objectCategory=person)(memberOf=cn=SPAdmin,ou=Jerusalem,dc=local))(CN=Marvin Minsky) Here I added the or pipeline at the beginning of the query and put the CN requirement for Minsky at the end. Note that if Marvin was already in the prior result, he’s not going to be listed twice. One last note: You may see a dryer but more complete list of attributes rules and examples in: http://www.tek-tips.com/faqs.cfm?fid=5667 And finally (thus negating the claim that my previous note was last), to the best of my knowledge there are 3 more ways to limit the audience. One is to use the peoplepicker-searchadcustomfilter property using the same ADQuery. This works only in SP1 and above. The second is to limit the search to users within this particular site collection – the property name is peoplepicker-onlysearchwithinsitecollection and the value is yes (-pv yes) And the third is –pn peoplepicker-serviceaccountdirectorypaths –pv “OU=ou1,DC=dc1…..” Again you are limited to at most one ‘OU’ phrase – no OU=ou1,OU=ou2… And now the real end. The main property discussed in this sprawling and seemingly endless monogram – peoplepicker-searchadcustomquery - is the most general way of getting the job done. Here are a few examples of command lines that worked and some that didn’t. Can you see why? C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (Title=David) Operation completed successfully. C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (!Title=David) Operation completed successfully. C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (OU=OURealName,OU=OUMid,OU=OUTop,DC=TopDC,DC=MidDC,DC=BottomDC) Command line error. Too many OUs C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (OU=OURealName) Operation completed successfully. C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (DC=TopDC,DC=MidDC,DC=BottomDC) Operation completed successfully. C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (OU=OURealName,DC=TopDC,DC=MidDC,DC=BottomDC) Operation completed successfully.   That’s all folks!

    Read the article

  • Problems with LDAP auth in Apache, works only for one group

    - by tore-
    Hi, I'm currently publishing some subversions repos within Apache: <Location /dev/> DAV svn SVNPath /opt/svn/repos/dev/ AuthType Basic AuthName "Subversion repo authentication" AuthBasicProvider ldap AuthzLDAPAuthoritative On AuthLDAPBindDN "CN=readonlyaccount,OU=Objects,DC=invalid,DC=now" AuthLDAPBindPassword readonlyaccountspassword AuthLDAPURL "ldap://invalid.domain:389/OU=Objects,DC=invalid,DC=domain?sAMAccountName?sub?(objectClass=*)" Require ldap-group cn=dev,ou=SVN,DC=invalid,DC=domain </Location> This setup works great, but now we want to give an LDAP group read only access to our repo, then my apache config looks like this: <Location /dev/> DAV svn SVNPath /opt/svn/repos/dev/ AuthType Basic AuthName "Subversion repo authentication" AuthBasicProvider ldap AuthzLDAPAuthoritative On AuthLDAPBindDN "CN=readonlyaccount,OU=Objects,DC=invalid,DC=now" AuthLDAPBindPassword readonlyaccountspassword AuthLDAPURL "ldap://invalid.domain:389/OU=Objects,DC=invalid,DC=domain?sAMAccountName?sub?(objectClass=*)" <Limit OPTIONS PROPFIND GET REPORT> Require ldap-group cn=dev-ro,ou=SVN,dc=invalid,dc=domain </Limit> <LimitExcept OPTIONS PROPFIND GET REPORT> Require ldap-group cn=dev-rw,ou=SVN,dc=invalid,dc=domain </LimitExcept> </Location> All of my user accounts is under: OU=Objects,DC=invalid,DC=domain All groups related to subversion is under: ou=SVN,dc=invalid,dc=domain The problem after modification, only users in the dev-ro LDAP group is able to authenticate. I know that authentication with LDAP works, since my apache logs show my usernames: 10.1.1.126 - tore [...] "GET /dev/ HTTP/1.1" 200 339 "-" "Mozilla/5.0 (...)" 10.1.1.126 - - [...] "GET /dev/ HTTP/1.1" 401 501 "-" "Mozilla/4.0 (...)" 10.1.1.126 - readonly [...] "GET /dev/ HTTP/1.1" 401 501 "-" "Mozilla/4.0 (...) line = user in group dev-rw, 2. line is unauthenticated user, 3. line is unauthenticated user, authenticated as a user in group dev-ro So I think I've messed up my apache config. Advise?

    Read the article

  • Interview de David Booth et Jevgeni Kabanov de la société ZeroTurnaround au sujet de JRebel, leur ou

    Bonjour, David et Jevgueni, de la société ZeroTurnaround, éditeur de l'outil de productivité JRebel pour le développement Java, ont accepté de répondre à nos questions sur leur société et leur produit phare. Retrouvez l'interview en ligne : http://java.developpez.com/interview...around/jrebel/ Y-a-t'il d'autres questions que vous auriez aimé soumettre à ZeroTurnaround ? Voir aussi : ZeroTurnaroun...

    Read the article

  • Pourquoi ne pas laisser les développeurs et le public choisir ? Le PDG d'Adobe répond à la lettre ou

    Mise à jour du 30/04/10 NB : Les commentaires sur cette mise à jour commencent ici dans le topic Pourquoi ne pas laisser les développeurs et le public choisir ? Le PDG d'Adobe répond à la lettre ouverte anti-flash de Steve Jobs C'est en substance la réponse de Shantanu Narayen : si notre technologie est si mauvaise et si « inadaptée à l'iPhone » (comme l'écrit noir sur blanc Steve Jobs - lire ci-avant), les développeurs ne l'utiliseront pas et les consommateurs s'en détourneront.

    Read the article

  • Les appareils sous Android seraient plus sujets aux pannes matérielles que ceux sous Windows Phone ou iOS selon WDS

    Les appareils sous Android seraient plus sujets aux pannes matérielles Que Windows Phone et iOS selon WDS Le résultat d'une étude menée par la société WDS montre que les dispositifs sous Android seraient plus victimes de pannes matérielles que les autres. L'enquête a été menée pendant un an en Europe, en Amérique du Nord, en Australie et en Afrique du Sud. Elle s'appuie sur environ 600 000 appels clients et révèle que le taux de pannes des smartphones sous Android s'élèverait à 14%. Selon WDS, les pannes matérielles les plus fréquentes sur les dispositifs Android, seraient dues à la fragmentation de la plate-forme mobile et à son adoption par des constructeurs divers. ...

    Read the article

  • Qt et Zeroconf, ou l'utilisation de services réseau sans configuration, un article de Trenton Schulz traduit par charlespf

    Bonjour est l'implémentation d'Apple concernant le réseau sans configuration (Zeroconf), grâce auquel plusieurs applications offrent leurs services à un réseau local. Utiliser Bonjour simplifie grandement la découverte et l'utilisation des services réseau. Dans cet article, on créera des objets Qt pour manipuler les différentes parties de Bonjour et ensuite on les utilisera dans des exemples d'applications réseau avec Qt.

    Read the article

  • Choix technologique : Spring 3.0 ou Java EE 6 pour vos projets Java en 2010 ?

    Fin 2009, ce sont deux solutions très attendues qui ont finalement été livrées : D'un coté Spring 3.0, framework déjà fort utilisé en entreprise, et qui arrive avec quelques nouveautés : Support de Rest, Expression Language, .. Principal atout : Il est déjà utilisable sur des serveurs omniprésents en production (Tomcat, Websphere 6.1,..) De l'autre coté, Java EE 6. Un nouvelle version du standard, beaucoup plus légère et souple que les anciennes versions. Il propose également un profil Web, qui propose des fonctionnalités fort similaire à ce qui est proposé par Spring (EJB Lite, Injection de dépendances, ..). Pour l'heure, la seule implémentation disponible est Glassfish. De votre coté, quelle solution utilise...

    Read the article

  • Élections américaines : le New-Jersey votera par mail suite à l'ouragan Sandy, très innovant ou très risqué ?

    Les chercheurs en sécurité ont quelques réserves vis à vis du système de vote par Email mis en place au New Jersey suite à l'ouragan Sandy. [IMG]http://resources1.news.com.au/images/2012/11/06/1226511/153101-new-jersey-email-vote.jpg[/IMG] La décision du New Jersey afin de permettre aux électeurs bloqués par la tempête de vote par E-mail lors de l'élection de mardi peut être une réponse innovante suite à une catastrophe naturelle. Mais les chercheurs en sécurité ont prévenu que cette décision sans précédent pourrait être le déclenchement d'une autre tempête mais cette fois ci d'ordre politique. Au cours du weekend, le gouverneur Kim Guadano a annoncé que les électeurs touchés par la tempête pourrait demander par E-mail un bulletin de vote, le re...

    Read the article

  • SophiaConf : 20 conférences gratuites ou peu onéreuses du 30 juin au 9 juillet en France à Sophia An

    Bonjour, Cela s'annonce comme l'un des évènements Gratuit phare de l'année en France, et il n'a pas lieu à Paris. [IMG]http://sophiaconf2010.fr/images/logo-top.png[/IMG] La SophiaConf se déroule sur une période de 10 jours et propose une série de conférences gratuites sur les sites de Polytech'Nice-Sophia, de l'INRIA et de l'Agora Einstein. Au programme :Gestion des identités et sécurisation des services web Intellectual Property Right Analysis

    Read the article

  • Team Foundation Service passe au Cloud, la plateforme de gestion du cycle de vie de Microsoft ne vise plus uniquement .NET ou Windows

    Microsoft lance Team Foundation Service la version Cloud de son outil de gestion du cycle de vie des applications Près d'une année après avoir dévoilé la beta de Team Foundation Service (TFS), Microsoft annonce le passage de la version hébergée de Team Foundation Server sur Windows Azure en version finale. Pour rappel, Team Foundation Server est une solution de travail collaboratif et de gestion du cycle de vie des applications (ALM) permettant : la gestion des sources, des builds, le suivi des éléments de travail, la planification et l'analyse des performances. La version hébergée de l'outil dispose des outils de gestion de projets agiles supportant SCRUM et Capability Ma...

    Read the article

  • Sortie de Debian 6.0.0, alias « Squeeze » : Kernel 2.6.32, Tomcat 6.0.28, Apache 2.2.16, MySQL 5.1.49 ou PHP 5.3.2 au menu

    Sortie de Debian 6.0.0 Squeeze Le Debian Project l'avait annoncé ce 31 janvier 2011, la sortie officielle de Debian 6.0, plus connue sous le nom de Squeeze l'extraterrestre à 3 yeux, était iminente. Et bien, c'est chose faite ! Le passage en version stable de Squeeze a eu lieu ce week-end et pour l'occasion, le site web du projet a subi un rajeunissement. Citation: Envoyé par [email protected] Release Manage...

    Read the article

  • Un sondage sur une page Web ou un blog pourrait bientôt coûter 75.000Euro, le Sénat adopte un projet de loi allant dans ce sens

    Le projet de loi sur les sondages adopté par le sénat Le texte a été adopté hier en première lecture, malgré l'opposition du gouvernement. D'un manière étonnante, ce texte proposé et voté par des sénateurs de la majorité pourrait bien ne jamais aller plus loin que ce premier votre vu l'opposition du gouvernement et le refus actuel de l'inscrire au programme de l'assemblée national. Est-ce une bonne chose ? Allez-vous conserver vos petits sondages sur vos sites ? Source : article sur le site RTL Un projet de loi prévoie de ...

    Read the article

  • Why is my RapidSSL Certificate chain is not trusted on ubuntu?

    - by olouv
    I have a website that works perfectly with Chrome & other browser but i get some errors with PHP in CLI mode so i'm investigating it, running this: openssl s_client -showcerts -verify 32 -connect dev.carlipa-online.com:443 Quite suprisingly my HTTPS appears untrusted with a Verify return code: 27 (certificate not trusted) Here is the raw output : verify depth is 32 CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=20:unable to get local issuer certificate verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=27:certificate not trusted verify return:1 depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA verify return:1 depth=0 serialNumber = khKDXfnS0WtB8DgV0CAdsmWrXl-Ia9wZ, C = FR, O = *.carlipa-online.com, OU = GT44535187, OU = See www.rapidssl.com/resources/cps (c)12, OU = Domain Control Validated - RapidSSL(R), CN = *.carlipa-online.com verify return:1 So GeoTrust Global CA appears to be not trusted on the system (Ubuntu 11.10). Added Equifax_Secure_CA to try to solve this... But i get in this case Verify return code: 19 (self signed certificate in certificate chain) ! Raw output : verify depth is 32 CONNECTED(00000003) depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify error:num=19:self signed certificate in certificate chain verify return:1 depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA verify return:1 depth=0 serialNumber = khKDXfnS0WtB8DgV0CAdsmWrXl-Ia9wZ, C = FR, O = *.carlipa-online.com, OU = GT44535187, OU = See www.rapidssl.com/resources/cps (c)12, OU = Domain Control Validated - RapidSSL(R), CN = *.carlipa-online.com verify return:1 Edit Looks like my server does not trust/provide the Equifax Root CA, however i do correctly have the file in /usr/share/ca-certificates/mozilla/Equifax...

    Read the article

  • Group Policy GPO not 'seen' at client

    - by fukawi2
    I have a new OU (natorg.local\NATO\Users) that I am trying to apply GP to. I have created a new user in this OU, and linked the 3 GPO's to this OU: DESKTOP - Folder Redirection (AppData) DESKTOP - Folder Redirection (Desktop) DESKTOP - Folder Redirection (Documents) Hopefully the names are sufficient to suggest what they do exactly. The settings are under User Settings so there is no Loopback processing required (if my understanding is correct). GP Modelling for the user and specific computer says that the GPOs will/should be applied, however on the client, gpresult doesn't even appear to see the GPOs under either "Applied" or "Not Applied": USER SETTINGS -------------- CN=Amir,OU=Users,OU=NATO,DC=natorg,DC=local Last time Group Policy was applied: 25/06/2012 at 11:07:13 AM Group Policy was applied from: svr-addc-01.natorg.local Group Policy slow link threshold: 500 kbps Applied Group Policy Objects ----------------------------- LAPTOPS - Power Settings WSUS - Set Server Address OUTLOOK - Auto Archive SECURITY - Lock Screen After Idle Default Domain Policy DESKTOP - Regional Settings NETWORK - Proxy Configuration NETWORK - IE General Config OFFICE - Trusted Locations OFFICE - Increase Privacy OUTLOOK - Disable Junk Filter DESKTOP - Disable Windows Error Reporting DESKTOP - Hide Language Bar NETWORK - Disable Skype DESKTOP - Disable Thumbs.db Creation WSUS - Set Server Address The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Local Group Policy Filtering: Not Applied (Empty) NETWORK - Google Chrome Configuration Filtering: Not Applied (Empty) SYSTEM - Event Log Configuration Filtering: Not Applied (Empty) SECURITY - Local Administrator Password Filtering: Not Applied (Empty) NETWORK - Disable Windows Messenger Filtering: Not Applied (Empty) SECURITY - Audit Policy Filtering: Not Applied (Empty) WSUS - Automatic Install Filtering: Not Applied (Empty) NETWORK - Firewall Configuration Filtering: Not Applied (Empty) DESKTOP - Enable Offline Files Filtering: Not Applied (Empty) I haven't altered permissions on the GPO's at all, no WMI filtering... As I said, GP Modelling says that they should be applied. GPResult on the client correctly identifies itself as being the correct OU (CN=Amir,OU=Users,OU=NATO,DC=natorg,DC=local) There are 2 x 2008R2 and a 2003 DC, domain is 2003 level, client is Windows XP SP3. Can anyone suggest why these GP Objects would be "invisible" to the client?

    Read the article

  • LDAP Authentication woes

    - by Marcelo de Moraes Serpa
    Hello list, I have a local OpenLDAP server with a couple of users. I'm using it for development purposes, here's the ldif: #Top level - the organization dn: dc=site, dc=com dc: site description: My Organization objectClass: dcObject objectClass: organization o: Organization #Top level - manager dn: cn=Manager, dc=site, dc=com objectClass: organizationalRole cn: Manager #Second level - organizational units dn: ou=people, dc=site, dc=com ou: people description: All people in the organization objectClass: organizationalunit dn: ou=groups, dc=site, dc=com ou: groups description: All groups in the organization objectClass: organizationalunit #Third level - people dn: uid=celoserpa, ou=people, dc=site, dc=com objectclass: pilotPerson objectclass: uidObject uid: celoserpa cn: Marcelo de Moraes Serpa sn: de Moraes Serpa userPassword: secret_12345 mail: [email protected] So far, so good. I can bind with "cn=Manager,dc=site,dc=com" and the 12345678 password (the local server password, setup on slapd.conf). However, I would like to bind with any user in under the people OU. In this case, I'd like to bind with: dn: uid=celoserpa, ou=people, dc=site, dc=com userPassword: secret_12345 But I'm getting a "(49) - Invalid Credentials" error everytime. I have tried through CLI tools (such as ldapadd, ldapwhoami, etc) and also ruby/ldap. The bind with these credentials fails with a invalid credentials error. I thought that it could be an ACL issue, however, the ACLs on slapd.conf seem to be right: access to attrs=userPassword by self write by dn.sub="ou=people,dc=site,dc=com" read by anonymous auth access to * by * read I was suspecting that maybe OpenLDAP doesn't compare against userPassword? Or maybe some ACL configuration I am missing that is somehow affecting the read access to userPassword for the specific DN. I'm really lost here, any suggestion appreciated! Cheers, Marcelo.

    Read the article

  • Apache httpd LDAP integration

    - by David W.
    I am configuring a CollabNet Subversion integration. I have the following collabnet_subversion.conf file: <Location /svn> DAV svn SVNParentPath /mnt/svn/new_repos SVNListParentPath on AuthName "VegiBanc Source Repository" AuthType basic AuthzLDAPAuthoritative off AuthBasicProvider ldap AuthLDAPURL ldap://ldap.vegibanc.com/dc=vegibanc,dc=com?sAMAccountName" NONE AuthLDAPBindDN "CN=SVN-Admin,OU=Service Accounts,OU=VegiBanc Users,OU=vegibanc,DC=vegibanc,DC=com" AuthLDAPBindPassword "swordfish" </Location> This works great. Any user in our Active Directory can access our Subversion repository. Now, I want to limit this to only people in the Active Directory group Development: <Location /svn> DAV svn SVNParentPath /mnt/svn/new_repos SVNListParentPath on AuthName "VegiBanc Source Repository" AuthType basic AuthzLDAPAuthoritative off AuthBasicProvider ldap AuthLDAPURL ldap://ldap.vegibanc.com/dc=vegibanc,dc=com?sAMAccountName" NONE AuthLDAPBindDN "CN=SVN-Admin,OU=Service Accounts,OU=VegiBanc Users,OU=VegiBanc,DC=vegibanc,DC=com" AuthLDAPBindPassword "swordfish" Require ldap-group CN=Development OU=Security Groups OU=VegiBanc, dc=vegibanc, dc=com </Location> I added Require ldap-group, but now no one can log in. I have LogLevel set to debug, but all I get is this in my error_log (Single line broken up for easier reading): [Thu Oct 11 13:09:28 2012] [info] [client 10.55.9.45] [6752] vauth_ldap authenticate: user dweintraub authentication failed; URI /svn/ [ldap_search_ext_s() for user failed][Bad search filter] And, I get this in my access_log: 10.55.9.45 - - [11/Oct/2012:13:09:27 -0500] "GET /svn/ HTTP/1.1" 401 401 10.55.9.45 - dweintraub [11/Oct/2012:13:09:28 -0500] "GET /svn/ HTTP/1.1" 500 535 Yes, I am in that group. (Or, at least how can I confirm that just to make sure that's not the issue. I have the SysinternalsSuite ADExplorer. It's where I'm getting all of my info.)

    Read the article

  • stdout, stderr, and what else? (going insane parsing slapadd output)

    - by user64204
    I am using slapadd to restore a backup. That backup contains 45k entries which takes a while to restore so I need to get some progress update from slapadd. Luckily for me there is the -v switch which gives an output similar to this one: added: "[email protected],ou=People,dc=example,dc=org" (00003d53) added: "[email protected],ou=People,dc=example,dc=org" (00003d54) added: "[email protected],ou=People,dc=example,dc=org" (00003d55) .######## 44.22% eta 05m05s elapsed 04m spd 29.2 k/s added: "[email protected],ou=People,dc=example,dc=org" (00003d56) added: "[email protected],ou=People,dc=example,dc=org" (00003d57) added: "[email protected],ou=People,dc=example,dc=org" (00003d58) added: "[email protected],ou=People,dc=example,dc=org" (00003d59) Every N entries added, slapadd writes a progress update output line (.######## 44.22% eta 05m05s elapsed ...) which I want to keep and an output line for every entry created which I want to hide because it exposes people's email address but still want to count them to know how many users were imported The way I thought about hiding emails and showing the progress update is this: $ slapadd -v ... 2>&1 | tee log.txt | grep '########' # => would give me real-time progress update $ grep "added" log.txt | wc -l # => once backup has been restored I would know how many users were added I tried different variations of the above, and whatever I try I can't grep the progress update output line. I traced slapadd as follows: sudo strace slapadd -v ... And here is what I get: write(2, "added: \"[email protected]"..., 78added: "[email protected],ou=People,dc=example,dc=org" (00000009) ) = 78 gettimeofday({1322645227, 253338}, NULL) = 0 _######## 44.22% eta 05m05s elapsed 04m spd 29.2 k/s ) = 80 write(2, "\n", 1 ) As you can see, the percentage line isn't sent to either stdout or stderr (FYI I have validated with known working and failing commands that 2 is stderr and 1 is stdout) Q1: Where is the progress update output line going? Q2: How can I grep on it while sending stderr to a file? Additional info: I'm running Openldap 2.4.21 on ubuntu server 10.04

    Read the article

  • Microsoft sur le point de se lancer dans les réseaux sociaux d'entreprises pour un milliard de dollars, d'après Bloomberg

    Microsoft pourrait débourser 1 milliard de dollars pour se lancer dans les réseaux sociaux professionnels D'entreprises, d'après Bloomberg Les réseaux sociaux, c'est un peu comme le Cloud ou les sites Webs. Il y en a de toutes sortes. L'appellation couvre presque tout et son contraire : des outils publics ou privés, pour le loisir ou pour les professionnels. Dans les réseaux, on connait Facebook, LinkedIn ou Viadeo, ou la deuxième tentative de Google de percer sur ce marché (Google+). Mais on connait moins les acteurs des « réseaux privés » comme Atlassian qui édite par exemple Confluence (sorte de Facebook à...

    Read the article

  • Pour ou contre la publication en open source du code source d'un système de sécurité ? Une juge estime que la sécurité nationale pourrait en pâtir

    Pour ou contre la publication en Open Source du code source d'un système de sécurité ? Une juge estime que cette pratique peut mettre en péril la sécurité nationale Battelle Energy Alliance, fournisseur opérationnel de Idaho National Laboratory (INL), a engagé des poursuites judiciaires contre un de ses anciens employés et sa compagnie Southfork Security. Tout a commencé en 2009 quand le département américain de l'énergie a mandaté un projet de développement dont l'objectif était la création...

    Read the article

  • Pour quelles raisons les entreprises devraient-elles opter pour des solutions libres ? coût, sécurité, ouverture, pérennité des formats ou autres ?

    Pour quelles raisons les entreprises devraient-elles opter pour des solutions libres ? Par mesure de sécurité, pour réduire les coûts ou autres ?Dernièrement, l'actualité IT a été submergée de sujets relatifs aux logiciels libres et propriétaires (actualités que vous pouvez retrouvez sur nos portails). En effet, la part de marché des logiciels propriétaires dans les administrations seraient en régression, aussi lente qu'elle puisse être. Les administrations publiques ne cessent de migrer vers des...

    Read the article

  • Changing LDAP schema casts Confluence AD integration unoperable

    - by Maxim V. Pavlov
    I have had our instance of Atlassian Confluence configured to be integrated with our Active Directory. In AD, all the users were being created under default Users folder in Active Directory Users and Computers. We have decided to introduce cleaner separation and have created an Organizational Units structure in AD. Under root we have created Managed OU, and under it - Users OU and all user accounts were moved under Users OU. Now I though that to let the Confluence AD integration engine "know" where to look for user accounts now, I only need to adjust the BaseDN and prepand it with ou=Managed so it is aware that it is looking for cn=Users but under ou=Managed. That didn't work. How should I adjust LDAP schema root in a client application for it to be able to look for users in OU that then in a default folder.

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >