Search Results

Search found 11421 results on 457 pages for 'forms authentication'.

Page 75/457 | < Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82  | Next Page >

• Allowing users in from an IP address without certificate client authentication

  - by John

  I need to allow access to my site without SSL certificates from my office network and with SSL certificates outside. Here is my configuration: <Directory /srv/www> AllowOverride All Order deny,allow Deny from all # office network static IP Allow from xxx.xxx.xxx.xxx SSLVerifyClient require SSLOptions +FakeBasicAuth AuthName "My secure area" AuthType Basic AuthUserFile /etc/httpd/ssl/index Require valid-user Satisfy Any </Directory> When I'm inside network and have certificate - I can access. When I'm inside network and haven't certificate - I can't access, it requires certificate. When I'm outside network and have certificate - I can't access, it shows me basic login screen When I'm outside network and haven't certificate - I can't access, it shows me basic login screen and following configuration works perfectly <Directory /srv/www> AllowOverride All Order deny,allow Deny from all Allow from xxx.xxx.xxx.xxx AuthUserFile /srv/www/htpasswd AuthName "Restricted Access" AuthType Basic Require valid-user Satisfy Any </Directory>

  Read the article

• LDAP authentication: Windows Server2k3 vs. 2k8

  - by wolfgangsz

  We have around 70% linux users, all of which are configured to authenticate against Active Directory through LDAP. In order for this to work, we used the "Windows Services for Unix" under Windows Server 2003, and it all works fine. We are now at a point where the server running this contraption is getting a bit tired and will be replaced with a newer machine, running Windows Server 2008 (where the relevant services such as user name mapping and password changes, etc., are integrated with the OS). And here's the rub: If a new user is configured through the Win2k3 server, then it all works fine. If the same thing is done through the Win2k8 server, then : The ADS plugin on the 2k3 server does not recognize it and behaves as if the UNIX attributes were never set. The user cannot authenticate against ADS using LDAP. Has anybody encountered this problem? If so, how did you overcome this? If you need any additional information to provide further help, just ask and I shall provide it.

  Read the article

• PAM module for authentication by IP or other password-disabling module

  - by Robin Rosenberg

  I'm looking for a Linux pam module that accepts any password for connections from a specific IP. I don't want to disable passwords completely. I need it for migration from one imap server to another (cyrus to zimbra) without knowing every password. I used such a module some six years ago. That was for imap migration too. Unfortunately I cannot recall the name of the module and can't find it by other means either. Any pointers?

  Read the article

• squid authentication with win2008

  - by manoj

  sir,i intalled asquid server in linux redhat5..i need to authenitcate the users from my acivre directory in windos 2008.but its repaetedly prompting for username and password and finally tels accec denied.i configuredthrough ntlm auth in squid..pls helpme anyone

  Read the article

• Vnc viewer authentication failure

  - by Twosingleton

  I recently backed up my data and I had moved the vnc viewer executable from my PC to my portable hard disk. Realizing that I no longer had vnc, I got the latest one, but all of a sudden I could not connect to my server anymore and got authentification failure. So I moved the VNC exectuable back from my portable HD to my local HD. And I am still getting Authentification failure errors. I had a certain setup and I don't want to re-create it, do you know how I can recover or what happened to get auth failures all of a sudden ? I checked and the vncserver process is running fine. Old VNC viewer: vnc-4_1_3-x86_win32_viewer.exe New one:

  Read the article

• SVN Active Directory authentication with ProxyPass redirect in the mix

  - by Jason B. Standing

  We have a BitNami SVN stack running on a Windows machine which holds our SVN repository. It's set up to authenticate against our AD server and uses authz to control rights. Everything works perfectly if Tortoise points at http://[machine name]/svn However - we need to be able to access it from http://[domain]/svn. The domain name points to a linux environment that we're decommissioning, but until we do, other systems on that box prevent us from just re-pointing the domain record. Currently, we've got a ProxyPass record on the linux machine to forward requests through to http://[machine name]/svn - it seems to work fine, and the endpoint machine asks for credentials, then authenticates: but when that happens, the access attempt is logged as coming from the linux box, rather than from the user who has authenticated. It's almost like some element of the credentials aren't being passed through to the endpoint machine. Has anyone done this before, or is there other info I can give to try to make sense of this problem, and figure out a way to solve it? Thankyou!

  Read the article

• Key based authentication (SFTP) failed

  - by rahularyansharma

  I created a pair or RSA keys using Putty key generator, The Public key is attached set on the server side. The private key at windows client machine and being used with pageant and FileZila and working fine. Now Problem is that when I want to connect same sftp through PSFTP commandline tool, it failes. if possible please provide steps to setup ssh key on windows client to access sftp using psftp or direct through batch file.

  Read the article

• IIS7.5 Domain Account Application Pool Identity for SQL Server Authentication

  - by user38652

  In Windows Server 2003/IIS6 land we typically create an app pool that runs as the identity of an AD account created with minimal privileges simply for that purpose. This same domain user would also be granted access to SQL Server so that any ASP.NET application in that app pool would be able to connect to SQL Server with Integrated Security=SSPI. We are making a brave move to the world of Windows Server 2008 R2/IIS7.5 and are looking to replicate this model, but I am struggling with how to make the application pool in IIS7.5 run as the identity of an AD account? I know this sounds simple and hopefully it is, but my attempts so far have been fruitless. Should the application pool identity be a 'Custom account' for a domain account? Does the domain account need to be added to any groups?

  Read the article

• Sudo asks for password twice with LDAP authentication

  - by Gnudiff

  I have Ubuntu 8.04 LTS machine and Windows 2003 AD domain. I have succesfully set up that I can log in with domain username and password, using domain prefix, like "domain+username". Upon login to machine it all works first try, however, for some reason when I try to sudo my logged in user, it asks for the password twice every time when I try sudo. It accepts the password after 2nd time, but not the first time. Once or twice I might think I just keep entering wrong pass the first time, but this is what happens always, any ideas of what's wrong? pam.conf is empty pam.d/sudo only includes common-auth & common-account, and common-auth is: auth sufficient pam_unix.so nullok_secure auth sufficient pam_winbind.so auth requisite pam_deny.so auth required pam_permit.so

  Read the article

• Windows, Apache and MSSQL Authentication

  - by user1114330

  I have a create database script written in perl. I remember it working just fine another machine. A couple years later using a Vista machine I am trying to use it again and it keeps failing. The main difference is that now I am using Apache instead of IIS. In the script the IUSR account is granted permissions as it needs to write to the database as a part of another program. IIS has been uninstalled on this machine but the IUSR account still exists. The NT AUTHORITY\IUSR is also seen in the logins drop down in MSSQL(2012). The machine is running Vista Home Edition. However when running the script I get errors that say that NT AUTHORITY\IUSR cannot be found. I tried also with COMPUTERNAME\IUSR just for the heck of it and of course it was not found. I also tried with IUSR alone and for some reason the user isn't being "found"? Any ideas?

  Read the article

• Nginx proxy with SSL Authentication

  - by Dustin Oprea

  I need to proxy an SSL-authenticated connection to another server that requires an SSL authenticated connection. I realize that the incoming and outgoing connections of the proxy may have different certificates, but is it possible to call proxy_pass and tell it to use a certificate/private key for connection to the proxied system? Based on the documentation, it doesn't seem possible. Maybe with another module?

  Read the article

• GIT server with username and password authentication

  - by Giorgio

  I would like to set a GIT server and let my developers to login using username and password in order to commit and make changes to the projects. I need also to manage developer access to projects (I think I should use gitolite for this). How can I do that? I am used to SVN which is easy because you can set username and password for each developer, which can easily access the repository without having the generate an ssh key and put it on the server. Thanks

  Read the article

• Authentication through mod_auth_kerb should provide website with no user if no TGT provided

  - by loomi

  Users are authenticated by mod_auth_kerb which works great. Therefore I need to set Require valid-user If there is no valid user Apache fails with an 401 Authorization Required. I would like Apache to deliver the website anyway but not providing a remote_user to the underlying script. This is related to How to tell mod_auth_kerb to do its job despite no "require valid-user". But with the important difference that on a whole subdirectory on every url a kerberos negotation should be initiated, and if it fails it should deliver the content anyway.

  Read the article

• Django Form for date range

  - by gramware

  I am trying to come up with a form that lets the user select a date range to generate a web query in Django. I am having errors getting the date to filter with in my view, I am unable to strip the date. Here is my forms.py class ReportFiltersForm(forms.Form): start_date = forms.DateField(input_formats='%Y,%m,%d',widget=SelectDateWidget()) end_date = forms.DateField(input_formats='%Y,%m,%d',widget=SelectDateWidget()) And my view if request.method == 'POST': form = ReportFiltersForm(request.POST) sdy = request.POST['start_date_year'] sdm = request.POST['start_date_month'] sdd = request.POST['start_date_day'] edy = request.POST['end_date_year'] edm = request.POST['end_date_month'] edd = request.POST['end_date_day'] start_date= datetime.date(sdy, sdm, sdd) end_date= datetime.date(edy, edm,edd) Traceback Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/django/core/servers/basehttp.py", line 651, in __call__ return self.application(environ, start_response) File "/usr/lib/python2.6/site-packages/django/core/handlers/wsgi.py", line 241, in __call__ response = self.get_response(request) File "/usr/lib/python2.6/site-packages/django/core/handlers/base.py", line 134, in get_response return self.handle_uncaught_exception(request, resolver, exc_info) File "/usr/lib/python2.6/site-packages/django/core/handlers/base.py", line 154, in handle_uncaught_exception return debug.technical_500_response(request, *exc_info) File "/usr/lib/python2.6/site-packages/django/core/handlers/base.py", line 92, in get_response response = callback(request, *callback_args, **callback_kwargs) File "/home/projects/acms/cms/views.py", line 470, in eventreports start_date= datetime.date(sdy, sdm, sdd) TypeError: an integer is required

  Read the article

• Django: how to cleanup form fields and avoid code duplication

  - by Alexander Konstantinov

  Quite often I need to filter some form data before using it (saving to database etc.) Let's say I want to strip whitespaces and replace repeating whitespaces with a single one in most of the text fields, in many forms. It's not difficult to do this using clean_<fieldname> methods: # Simplified model with two text fields class MyModel(models.Model): title = models.CharField() description = models.CharField() # Model-based form class MyForm(forms.ModelForm): class Meta: model = MyModel def clean_title(self): title = self.cleaned_data['title'] return re.sub(r'\s{2,}', ' ', title.strip()) def clean_description(self): description = self.cleaned_data['description'] return re.sub(r'\s{2,}', ' ', description.strip()) It does exactly what I need, and has a nice side effect which I like: if user enters only whitespaces, the field will be considered empty and therefore invalid (if it is required) and I don't even have to throw a ValidationError. The obvious problem here is code duplication. Even if I'll create some function for that, say my_text_filter, I'll have to call it for every text field in all my forms: from myproject.filters import my_text_filter class MyForm(forms.ModelForm): class Meta: model = MyModel def clean_title(self): return my_text_filter(self.cleaned_data['title']) def clean_description(self): return my_text_filter(self.cleaned_data['description']) The question: is there any standard and simple way in Django (I use version 1.2 if that matters) to do this (like, for example, by adding property validators = {'title': my_text_filter, 'description': my_text_filter} to MyModel), or at least some more or less standard workaround? I've read about form validation and validators in the documentation, but couldn't find what I need there.

  Read the article

• Django Model Formset Pre-Filled Value Problem

  - by user552377

  Hi, i'm trying to use model formsets with Django. When i load forms template, i see that it's filled-up with previous values. Is there a caching mechanism that i should stop, or what? Thanks for your help, here is my code: models.py class FooModel( models.Model ): a_field = models.FloatField() b_field = models.FloatField() def __unicode__( self ): return self.a_field forms.py from django.forms.models import modelformset_factory FooFormSet = modelformset_factory(FooModel) views.py def foo_func(request): if request.method == 'POST': formset = FooFormSet(request.POST, request.FILES, prefix='foo_prefix' ) if formset.is_valid(): formset.save() return HttpResponseRedirect( '/true/' ) else: return HttpResponseRedirect( '/false/' ) else: formset = FooFormSet(prefix='foo_prefix') variables = RequestContext( request , { 'formset':formset , } ) return render_to_response('footemplate.html' , variables ) template: <form method="post" action="."> {% csrf_token %} <input type="submit" value="Submit" /> <table id="FormsetTable" border="0" cellpadding="0" cellspacing="0"> <tbody> {% for form in formset.forms %} <tr> <td>{{ form.a_field }}</td> <td>{{ form.b_field }}</td> </tr> {% endfor %} </tbody> </table> {{ formset.management_form }} </form>

  Read the article

• Should we develop a custom membership provider in this case?

  - by Allen

  I'll be adding a bounty to this, probably 200, more if you guys think its appropriate. I wont accept an answer until I can add a bounty so feel free to go ahead and answer now Summary Long story short, we've been tasked with gutting the authentication and authorization parts of a fairly old and bloated asp.net application that previously had all of these components written from scratch. Since our application isn't a typical one, and none of us have experience in asp.net's built in membership provider stuff, we're not sure if we should roll our own authentication and authorization again or if we should try to work within the asp.net membership provider mindset and develop our own membership provider. Our Application We have a fairly old asp.net application that gets installed at customer locations to service clients on a LAN. Admins create users (users do not sign up) and depending on the install, we may have the software integrated with LDAP. Currently, the LDAP integration bulk-imports the users to our database and when they login, it authenticates against LDAP so we dont have to manage their passwords. Nothing amazing there. Admins can assign users to 1 group and they can change the authorization of that group to manage access to various parts of the software. Groups are maintained by Admins (web based UI) and as said earlier, granted / denied permissions to certain functionality within the application. All this was completely written from the ground up without using any of the built in .net authorization or authentication. We literally have IsLoggedIn() methods that check for login and redirect to our login page if they aren't. Our Rewrite We've been tasked to integrate more tightly with LDAP, they want us to tie groups in our application to groups (or whatever types of containers that LDAP uses) in LDAP so that when a customer opt's to use our LDAP integration, they dont have to manage their users in LDAP AND in our application. The new way, they will simply create users in LDAP, add them to Groups in LDAP and our application will see that they belong to the appropriate LDAP group and authenticate and authorize them. In addition, we've been granted the go ahead to completely rip out the User authentication and authorization code and completely re-do it. Our Problem The problem is that none of us have any experience with asp.net membership provider functionality. The little bit of exposure I have to it makes me worry that it was not intended to be used for an application such as ours. Though, developing our own ASP.NET Membership Provider and Role Manager sounds like it would be a great experience and most likely the appropriate thing to do. Basically, I'm looking for advice, should we be using the ASP.NET Membership provider & Role Management API or should we continue to roll our own? I know this decision will be influenced by our requirements so I'm going over them below Our Requirements Just a quick n dirty list Maintain the ability to have a db of users and authenticate them and give admins (only, not users) the ability to CRUD users Allow the site to integrate with LDAP, when this is chosen, they don't want any users stored in the DB, only the relationship between Groups as they exist in our app / db and the Groups/Containers as they exist in LDAP. .net 3.5 is being used (mix of asp.net webforms and asp.net mvc) Has to work in ASP.NET and ASP.NET MVC (shouldn't be a problem I'm guessing) This can't be user centric, administrators need to be the only ones that CRUD (or import via ldap) users and groups We have to be able to Auth via LDAP when its configured to do so I always try to monitor my questions closely so feel free to ask for more info. Also, as a general summary of what I'm looking for in an answer is just. "You should/shouldn't use xyz, here's why". Links regarding asp.net membership provider and role management stuff are very welcome, most of the stuff I'm finding is 5+ years old. Edit: Added some stuff to "Our Rewrite"

  Read the article

• Authenticating Windows 7 against MIT Kerberos 5

  - by tommed

  Hi There, I've been wracking my brains trying to get Windows 7 authenticating against a MIT Kerberos 5 Realm (which is running on an Arch Linux server). I've done the following on the server (aka dc1): Installed and configured a NTP time server Installed and configured DHCP and DNS (setup for the domain tnet.loc) Installed Kerberos from source Setup the database Configured the keytab Setup the ACL file with: *@TNET.LOC * Added a policy for my user and my machine: addpol users addpol admin addpol hosts ank -policy users [email protected] ank -policy admin tom/[email protected] ank -policy hosts host/wdesk3.tnet.loc -pw MYPASSWORDHERE I then did the following to the windows 7 client (aka wdesk3): Made sure the ip address was supplied by my DHCP server and dc1.tnet.loc pings ok Set the internet time server to my linux server (aka dc1.tnet.loc) Used ksetup to configure the realm: ksetup /SetRealm TNET.LOC ksetup /AddKdc dc1.tnet.loc ksetip /SetComputerPassword MYPASSWORDHERE ksetip /MapUser * * After some googl-ing I found that DES encryption was disabled by Windows 7 by default and I turned the policy on to support DES encryption over Kerberos Then I rebooted the windows client However after doing all that I still cannot login from my Windows client. :( Looking at the logs on the server; the request looks fine and everything works great, I think the issue is that the response from the KDC is not recognized by the Windows Client and a generic login error appears: "Login Failure: User name or password is invalid". The log file for the server looks like this (I tail'ed this so I know it's happening when the Windows machine attempts the login): Screen-shot: http://dl.dropbox.com/u/577250/email/login_attempt.png If I supply an invalid realm in the login window I get a completely different error message, so I don't think it's a connection problem from the client to the server? But I can't find any error logs on the Windows machine? (anyone know where these are?) If I try: runas /netonly /user:[email protected] cmd.exe everything works (although I don't get anything appear in the server logs, so I'm wondering if it's not touching the server for this??), but if I run: runas /user:[email protected] cmd.exe I get the same authentication error. Any Kerberos Gurus out there who can give me some ideas as to what to try next? pretty please?

  Read the article

• IIS 7.5 Basic authorization issue

  - by Alsin

  When I log on using correct user name\password (I always copy-paste them) I get 401.1 error. User name and password are correct (user is created on server locally, not a domain one). I can run program as this user (runas /noprofile /user:tmp notepad.exe). Basic authorization's default domain is a server name, realm is empty. I've saved FailedReqLogFile. AUTH_BASIC_LOGON_FAILED shows ErrorCode="Logon failure: unknown user name or bad password. (0x8007052e)" and MODULE_SET_RESPONSE_ERROR_STATUS shows ModuleName="BasicAuthenticationModule", Notification="AUTHENTICATE_REQUEST", HttpStatus="401", HttpReason="Unauthorized", HttpSubStatus="1", ErrorCode="Logon failure: unknown user name or bad password. (0x8007052e)", ConfigExceptionInfo="" And one more thing - if I use my domain login\password it woks! Basic Authentications is only enabled authentication in application... Could you please suggest me how I can troubleshoot and fix this issue? Maybe somebody hit it before... Best regards, Alex UPDATE: I get 401.1 when I trying to access site from local host. I can actually access files from remote host.

  Read the article

• ASP.NET Website Administration Tool: Unable to connect to SQL Server database

  - by MedicineMan

  I am trying to get authentication and authorization working with my ASP MVC project. I've run the aspnet_regsql.exe tool without any problem and see the aspnetdb database on my server (using the Management Studio tool). my connection string in my web.config is: <connectionStrings> <add name="ApplicationServices" connectionString="data source=MYSERVERNAME;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> The error I get is: There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store. The following message may help in diagnosing the problem: Unable to connect to SQL Server database. In the past, I have had trouble connecting to my database because I've needed to add users. Do I have to do something similar here?

  Read the article

• When I log on to my company desktop, I log on to a domain. How is this domain name installed?

  - by learnerforever

  Hi, When I have to work on my machine in company, I have noticed that I log on to a domain (named on the basis of company name) and not really on that computer. From, what I understand, this has a few advantages, the primary being that I just need one password for the domain and can work through any of the machines in company. My questions are : What software on desktop/network have to be installed so that the desktop recognizes and gives me option of logging into a domain. I would guess that a software can be installed on desktop, and there we can configure the IP address of domain server of company and port number, which handles authentication. Is this correct? This takes me to another question that how are softwares installed on end machines in a company. Going to each machine physically and installing looks very unweildy from administrator point of view. An obvious solution would be to install softwares (and updates) over network. My question on this are: What protocols,keywords come into picture when administrator installs OS,softwares,updates from his administrator machine to end machine through network. Thanks,

  Read the article

• Apache, Tomcat 5 and problem with HTTP basic auth

  - by Juha Syrjälä

  I have setup a Tomcat with a webapp that uses http basic auth in some of its URLs. There is a Apache server in front of the Tomcat. I have setup Apache as a proxy like this (all traffic should go directly to tomcat): /etc/httpd/conf.d/proxy_ajp.conf: LoadModule proxy_ajp_module modules/mod_proxy_ajp.so ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ There is a webapp installed to root of Tomcat (ROOT.war), so I should be able to use http://localhost/ to access my webapp. But it is not working with http basic auth. The problem is that everything works until I try to access URL that are protected by the HTTP basic auth. URLs without authentication work just fine. When accessing this url via apache I am getting an error message from Apache. If I access the same URL directly from tomcat, everything works just fine. I am getting this to Apache error log: [Wed Sep 01 21:34:01 2010] [error] proxy: dialog to [::1]:8009 (localhost) failed access log looks like this: ::1 - - [01/Sep/2010:21:34:01 +0300] "GET /protected_path/ HTTP/1.0" 503 360 "-" "w3m/0.5.2" I am using: Fedora release 13 (Goddard) httpd-2.2.16-1.fc13.x86_64 tomcat5-5.5.27-7.4.fc12.noarch The basic auth is implemented in the webapp (not in Apache or Tomcat). The webapp is actually implemented in Scala/Lift, but that shouldn't matter. The auth works if I access the tomcat directly. Error message that I am getting from Apache. It is curious that the title is Unauthorized and not Internal error: Unauthorized The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Apache/2.2.16 (Fedora) Server at my.server.name.com Port 80 It could be that Apache is seeing a some thing else than 200 OK response and thinks that it is an error when it actually should pass the received 401 Unauthorized response directly to browser. If this is the problem, how to fix it?

  Read the article

• Identifying mail account used in CRAM-MD5 transaction

  - by ManiacZX

  I suppose this is one of those where the tool for identifying the problem is also the tool used for taking advantage of it. I have a mail server that I am seeing emails that spam is being sent through it. It is not an open relay, the messages in question are being sent by someone authenticating to the smtp with CRAM-MD5. However, the logs only capture the actual data passed, which has been hashed so I cannot see what user account is being used. My suspicion is a simple username/password combo or a user account's password has otherwise been compromised, but I cannot do much about it without knowing what user it is. Of course I can block the IP that is doing it, but that doesn't fix the real problem. I have both the CRAM-MD5 Base64 challenge string and the hashed client auth string containing the username, password and challenge string. I am looking for a way to either reverse this (which I haven't been able to find any information on) or otherwise I suppose I need a dictionary attack tool designed for CRAM-MD5 to run through two lists, one for username and one for password and the constant of the challenge string until it finds a matching result of the authentication string I have logged. Any information on reversing using the data I have logged, a tool to identify it or any alternative methods you have used for this situation would be greatly appreciated.

  Read the article

• Authenticate users with Zimbra LDAP Server from other CentOS clients

  - by efesaid

  I'am wondering that how can integrate my database,web,backup etc.. centos servers with Zimbra LDAP Server. Does it require more advanced configuration than standart ldap authentication ? My zimbra server version is [zimbra@zimbra ~]$ zmcontrol -v Release 8.0.5_GA_5839.RHEL6_64_20130910123908 RHEL6_64 FOSS edition. My LDAP Server status is [zimbra@ldap ~]$ zmcontrol status Host ldap.domain.com ldap Running snmp Running stats Running zmconfigd Running I already installed nss-pam-ldapd packages to my servers. [root@www]# rpm -qa | grep ldap nss-pam-ldapd-0.7.5-18.2.el6_4.x86_64 apr-util-ldap-1.3.9-3.el6_0.1.x86_64 pam_ldap-185-11.el6.x86_64 openldap-2.4.23-32.el6_4.1.x86_64 My /etc/nslcd.conf is [root@www]# tail -n 7 /etc/nslcd.conf uid nslcd gid ldap # This comment prevents repeated auto-migration of settings. uri ldap://ldap.domain.com base dc=domain,dc=com binddn uid=zimbra,cn=admins,cn=zimbra bindpw **pass** ssl no tls_cacertdir /etc/openldap/cacerts When i run [root@www ~]# id username id: username: No such user But i am sure that username user exist on ldap server. EDIT : When i run ldapsearch command i got all result with credentials and dn. [root@www ~]# ldapsearch -H ldap://ldap.domain.com:389 -w **pass** -D uid=zimbra,cn=admins,cn=zimbra -x 'objectclass=*' # extended LDIF # # LDAPv3 # base <dc=domain,dc=com> (default) with scope subtree # filter: objectclass=* # requesting: ALL # # domain.com dn: dc=domain,dc=com zimbraDomainType: local zimbraDomainStatus: active . . .

  Read the article

• can't figure out why apache LDAP auth fails

  - by SethG

  Suddenly, yesterday, one of my apache servers became unable to connect to my LDAP (AD) server. I have two sites running on that server, both of which use LDAP to auth against my AD server when a user logs in to either site. It had been working fine two days ago. For reasons unknown, as of yesterday, it stopped working. The error log only says this: auth_ldap authenticate: user foo authentication failed; URI /FrontPage [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server], referer: http://mysite.com/ I thought perhaps my self-signed SSL cert had expired, so I created a new one for mysite.com, but not for the server hostname itself, and the problem persisted. I enabled debug-level logging. It shows the full SSL transaction with the LDAP server, and it appears to complete without errors until the very end when I get the "Can't contact LDAP server" message. I can run ldapsearch from the commandline on this server, and I can login to it, which also uses LDAP, so I know that the server can connect to and query the LDAP/AD server. It is only apache that cannot connect. Googling for an answer has turned up nothing, so I'm asking here. Can anybody provide insight to this problem? Here's the LDAP section from the apache config: <Directory "/web/wiki/"> Order allow,deny Allow from all AuthType Basic AuthName "Login" AuthBasicProvider ldap AuthzLDAPAuthoritative off #AuthBasicAuthoritative off AuthLDAPUrl ldaps://domain.server.ip/dc=full,dc=context,dc=server,dc=name?sAMAccountName?sub AuthLDAPBindDN cn=ldapbinduser,cn=Users,dc=full,dc=context,dc=server,dc=name AuthLDAPBindPassword password require valid-user </Directory>

  Read the article

< Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82  | Next Page >