I've several servers (windows+linux) that authenticate to an LDAP server. There is one machine that I would like to allow only certain groups from LDAP server to have access and I am not sure where to start.
If that cannot be done, is it possible to disable LDAP root user to access these machines?
I've installed Directory Server (LDAP). The setup has been done according to the tutorials online. Able to access the interface as well. So far so good. The issue I have is with permissions. I can assign file permissions to a user created in the Directory Server ( user not created on the local server). But the same can't be done for a group - alteast the way I currently see it. How could i assign file system rights to a group created in the directory server.
View 5 Replies View RelatedI am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
I have openldap server and i am authenticating with Redhat Directory Services(RHDS).I have confgured the RHDS for the user login giving /bin/bash as the login shell and joined the client machine using system-config-authentication.The user is able to login in connand line but below it gives the error :
"cannot find name for group id <id number>"
I'm trying to create a group called Domain Users, that will include several other groups that are populated with users inside of the LDAP database. In the LDAPdatabase, for a group entry, there are memberUid entries that can be filled. When I try to use another "Group" name, it just lists that name and not the people in that group. So if group "A" has Jim, John, Sue, and I include group "A" in the memberUid of the Domain Users group, I want that to reference the people in that group, not the group name. Testing access right, having the group name listed in "Domain Users" group, does not grant user access under the group rights on a directory. Should be simple, but I don't know the syntax to use for this reference.
View 2 Replies View RelatedIf I ssh from my laptop (running F10) to the server (centos 5.2) it asks for the password, but everytime I enter the correct password it says incorrect password. when I do the same from the server to my laptop I can get in just fine. I think my passwords are stored as ssha in the LDAP (I tried clear passwords and that dosen't work either).
View 1 Replies View RelatedWe are using Nagios Server for different sites say India,US,Germany. All of them are in their respective groups. Now how do i create web access to 3 of them, so that they can monitor only their server? Say, India shouls be able to see and monitor only India group, US guys should able to monitor only US servers. And they not be anle to access other group.
View 1 Replies View RelatedIs there a way of allowing only certain domain to send e-mails to certain specific e-mail address. I am using Sendmail, and I have an alias which translate to certain members of staff within my organization. I don't expect e-mails from outside our domain to be sent to this alias e-mail address.
View 1 Replies View RelatedJust installed openldap server on a VM CentOS called 'ldapsrv', it works fine, ldapsearch returns all ldap information.
Installed openldap client on another VM CentOS called 'ldapclient1', configured it with most basic configuration, no ssl/tls etc. but ldapsearch returns error:
ldapsrv is pingable:
Some outputs:
PHP Code:
PHP Code:
In researching current ldap issue (not being able to do anything but log in) it seems that there are no concepts of privileges, roles, etc. that could be assigned to a user in LDAP.
I've only seen fields that deal with name, organization, etc., not with application-specific access control.
I have to assign certain access privileges to users authenticated via LDAP server based on the privilege level mentoned in the LDAP server. How to attain this.
I have Fedora Directory Server with SSL running on my Linux Machine. I can see th output:
Code...
This shows that 636 port is open.But When I am attempting to this Linux Server from one of Windows Desktop it says "LDAP is Down".
I selected LDAPv3 and LDAPv3, hostname and SSL/TLS tried fetching base DN but it dint work.
I want to restrict the type of files that can be accessed on my web server.For example only flash movies (SWF files) and one specific PHP file.I can think of a number of ways of doing this:1. Linux file permissions, but since the SWF files need to access various PHP files and those PHP files need access to other files themselves that may not work.2. Using mod_rewrite if that is possible, I don't know as I have never used it.
View 1 Replies View Relatedwe have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week.
Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
i have been studying linux for 3 month ,so i have solved some problems related with server part.The problem i have is the squid access.Can I allow some IP's to download files on squid.I mean i already give access to download by reply_body tag,andwant to give permission only one specific IP for unlimit access to download.Is there any solution
View 3 Replies View RelatedI have configured squid server and it is working fine. I want that only specific ip addresses in my LAN should be able to access internet and for that I have given these entries in access control lists in squid.conf file:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin ?
acl apache rep_header Server ^Apache
acl our_networks src 192.168.0.181/255.255.255.0 192.168.0.182/255.255.255.0
And in http access I have given this:
http_access allow our_networks
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
In this I want that only 192.168.0.181 and .182 should be able to access internet but Now the problem is that all the IPs in the LAN like 192.168.0.20 are also able to access internet. What changes I need to do to allow access to specific IP addresses. I am not using any firewall or iptables entries and i am manually changing in the firefox at client side to access internet.
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
I've been trying to set up a Linux-only network and currently have a working DHCP, DNS, LDAP and NFS server, with a client that can authenticate with the LDAP server and a central /home folder.However, if I wanted to share folders on the NFS server, how would I make the share available to, for example, a particular group of users in the directory?I've never used NIS(+) on a network, but believe you can add a 'group' of users in the /etc/exports file--simples!Does anyone know of the best way to do it (even better anyone who is doing this in a production environment)?
View 5 Replies View Relatedoperating system: CentOS 5.5 git version:1.7.3.4 ldap server:OpenLdap Http server:Apache 2.2 the software above have been installed. How to config /etc/httpd/conf.d/gitweb.conf file to let git authed by ldap?
View 2 Replies View RelatedI did useradd -g users ldaptest and tried logging in remotely but the client always says no such user. what do I have to do to update the users that LDAP sees?
View 2 Replies View RelatedI would like to setup LDAP (openldap) with Samba. I would like to know what should I setup first? Should I setup LDAP before Samba or Samba before LDAP?
View 1 Replies View Relatedusing centos 5.2
unbale to start ldap server.
see below info
[root@system ~]# yum install openldap
Loading "fastestmirror" plugin
Loading mirror speeds from cached hostfile
* base:
[Code]....
I am having problems creating ssl certificates for use with openLDAP. Does anyone know a good centos tutorial as I am having problems finding ones by searching through google and the forums.
To clarify further I have a small network im trying to setup to use ldap for auth due to the size I figured using kerberos for auth would be a bit overkill.....
I have the server up and running fine however at the moment all auth is done by using clear text (which is fine as the network has no connection to the internet at current) however in the future it will so I am trying to use ssl however I am having confusing as which certificates I point to where in the slapd.conf file
is there any GUI Ldap browser tool for centos? There is one very good tool for windows called softera ldap administrator.
View 2 Replies View RelatedWe use Cent OS 5.4 as a application server. We would like users to login the server via LDAP authentiction. We want ot use Lotus domino server as a LDAP server. What we should do? how can we configure ldap.conf file? Does anyone cofigured this method before ? when we configured OpenLdap on another CentoOs Server, we can successfully login to Application server. We would like to learn correct configuration on ldap.conf for authenticate via Lotus Domino Ldap server ASAP.
View 1 Replies View RelatedI've been testing a PDC with samba and LDAP these days with the following unsolved issue. 1. I can add the client PC (Windows XP SP3) with the Domain Admin user (Manager) from the client PC, but when i try to add a user I get this message "The trust relationship between this workstation and primary domain failed", so as it can be added later I ignored this message and choose 'close' and reboot the PC. 2. Since the login screen is showed, the message 'Duplicate name exists on the network' appears. So I try to log on with a valid domain username and password after pressing ctrl+alt+del and get the error message: "System cannot log you on because domain rmprb is not available"
[Code]...
I am currently involved in setting up an openldap server on a CentOS platform. I am having some issues with getting it set up to the point that I can remotely manage the server via phpldapadmin in a web browser. I am running into an issue when starting the slapd daemon.
See the output below to better understand:
How to setup Ldap Service in RHEL5/CentOS5?
View 2 Replies View RelatedI've tried to followed exactly the steps in:
[URL]
on how to setup Samba PDC w/ LDAP backend. I've reach far up to page two of the tutorial. However I'm stucked in the middle of the part of page two:
[URL]
in the part of the Start the LDAP Samba installation up and I should type the :
#useradd user1
#smbldap-useradd -a -G 'Domain Users' -m -s /bin/bash -d /home/user2 -F "" -P user1
I get this error:
Error looking for next uid in sambaDomainName=sambaDomain,dc=DOMAINNAME:No such object at /usr/lob/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 1194.why does this appear, Is there any configurations missing?
Regarding domain names for LDAP root, you should use something like dc = domain, dc = country eg ar, cl, is br. or better use some other domain?That is, suppose the root domain is dominio.es Is it advisable to do so? I ask because I have seen many implementations (especially Microsoft AD), which states rather dominio.local or dominio.int.
View 1 Replies View Relatedi have openldap server with phpldapadmin as a gui, i'm gonna use the ldap server just for address book.you can see in the picture how i built my ldap db.
View 6 Replies View Related