Ubuntu :: Retrieve User Dn Value In Openldap?
Aug 24, 2010
We are in the process of integrating openldap into our application and existing AD used is MSAD. We would like to access the users created in openldap in our application(Java code) and then autheticate them against the details in AD(openldap). We are using Spring LDAP connection for fetching openldap connections. We have the following code with MSAD:
Code:
userAttributes.get("distinguishedName").toString()
this works because MSAD user objectclass has an attribute 'distinguishedName' to get the user DN. There is no such provision in openldap or is there anyother way to retrieve the DN in openldap ?
View 1 Replies
ADVERTISEMENT
Apr 5, 2011
I'm using openldap(slapd) to store user account..But how can i ensure that each UserID can be only login on one machine at any one time?
I'm using ubuntu for both client and server..
View 1 Replies
View Related
Mar 8, 2011
I have no ACLs in place yet but want to use a user called ldap-auth-user to bind to the ldap servers directory from the client servers. However I keep on getting ldap_bind: Invalid credentials (49). Error. I know the UserPassword is correct because I can log into a server using that id and password through the LDAP directory. I am guessing it has something to do with the way I created the account.
This Works:
ldapsearch -D 'cn=Manager,dc=test,dc=com' -x 'uid=testuser' -W
This Doesn't:
ldapsearch -D 'cn=ldap-auth-user,dc=test,dc=com' -x 'uid=testuser' -W
Here is the ldap-auth-users entry in the directory
[root@ldap-build-01 ~]# ldapsearch -D 'cn=Manager,dc=test,dc=com' -x 'uid=ldap-auth-user' -W
Enter LDAP Password:
# extended LDIF
[code]....
View 6 Replies
View Related
Feb 17, 2010
I have an OpenSuSe 11.0 running openldap (managed by yast) for user authentication on some services.Is there an easy way that I can provide for users to change their own passwords (Preferably a web interface)?
View 1 Replies
View Related
Jun 1, 2015
I have a server using ldap. I installed Debian with an Apache webserver with PHP and MySQL support.This server will be used for intranet so I want to know what the REMOTE_USER variables is.Looking at the phpinfo does not give any reference to the REMOTE_USER. REMOTE_ADDR is no problem but does not give me the user using the computer.I've installed libapache2-authenntlm-perl with apt-get and adjusted my /etc/apache2/sites-enabled/000-default file with the following:
Code: Select all<Directory "/var/www/intranet">
PerlAuthenHandler Apache2::AuthenNTLM
AuthType ntlm,basic
AuthName mycompany
require valid-user
PerlAddVar ntdomain "server.domain.be server"
PerlSetVar defaultdomain server.domain.be
PerlSetVar splitdomainprefix 1
</Directory>
where server is my servername and domain is my domainname.The problem after reloading apache2 is that I get the following message: This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.When I delete the AuthType, AuthName and require line it loads the webpage but without the REMOTE_USER variable.
It is not ment to ask for a password or username, just to get the username used to log in in the Windowsenviroment that visits the webpage on this Debian.
View 3 Replies
View Related
Jun 8, 2010
Code:
$ su -c 'yum install wine'
this forum won't let me put all the text in Transaction Check Error: package openldap-2.4.21-6.fc13.x86_64 (which is newer than openldap-2.4.21-4.fc13.i686) is already installed package nss-softokn-freebl-3.12.4-19.fc13.x86_64 (which is newer than nss-softokn-freebl-3.12.4-17.fc13.i686) is already installed
View 4 Replies
View Related
Jan 20, 2010
We're running a sendmail server on a fedora core 9 which we've configured recently. The problem is, the server is working fine but there are some e-mails that enter our server but doesn't get forwarded to the user.
Quote:
Quote:
Here it says "stat=Sent" but nothing from the above mail address has been received on the client's inbox. We've experienced this with Microsoft Outlook, Outlook Express and Thunderbird alike so far with Two(2) of our user accounts.
View 1 Replies
View Related
Aug 7, 2011
I have OpenLDAP and Dovecot installed based on the following documents. DovecotLDAP OpenLDAPServer (using RTC) When Dovecot is set up to log in with out using LDAP connections work fine. However as soon as I change the dovecot.conf to use ldap I get the following error when trying to log in:
[Code]....
View 1 Replies
View Related
Aug 5, 2010
I'm having much problems trying to configure openldap on Ubuntu 10.0.4 LTS
I have tried many tutorials, many configuration but still without results, I made the following script (for not repeating the same work, again & again)
Code:
#!/bin/sh
passwd=xxxxxx
dc1=host
dc2=com
[Code]....
View 14 Replies
View Related
Jan 25, 2011
I configured my openldap but now I want to implement SSL-TLS
This is my basic slapd.conf configuration
Code:
And I created this script (simple I know) to create this TLS/SSL Config but it won't work users cannot login
path when I am moving certs /etc/openldap/cacerts
Code:
As you see I create the key and certificate, assign permissions, add stuff to slapd.conf and finally copy thecer to a client PC
On client side I use authconfig-tui
My enviroment is Centos 5.5
what is wrong on my config?
View 5 Replies
View Related
Apr 22, 2011
I'm tried to config TLS with Openldap follow this site [URL]. when attempted to sign the cert request by my CA. I have a fault:
root@ldap:/usr/local/openssl/bin# ./CA.sh -sign
Using configuration from /usr/lib/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
[code]....
View 2 Replies
View Related
May 24, 2010
I want to create a new LDAP database.
Part of the new configuration is
Code:
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
[Code].....
View 2 Replies
View Related
Jun 8, 2010
I have this group "cn=admins,ou=groups,dc=home,dc=com" And I've configured slapd in the new way so I'm not using slapd.conf (I think). First I thought about just modifying the files at /etc/ldap/cn=config/....... but that didn't work. How do I make that group into an admin-group with all the rights ?
View 3 Replies
View Related
Nov 15, 2010
There are several parts of problems in my question.
1. Install openLDAP and authenticate clients
2. Simple way to authenticate Ubuntu clients (just like Windows simple domain model, but Linux)
Part 1 What I have done: I have been working on openLDAP for the past 4 weeks. There is a lot of information on LDAP and I have read a lot of it There are several guides out there for openLDAP installation on Ubuntu, and I have tried many of them, and reinstalled the server between tests.
[Code]...
Part 2 Simple way to authenticate Ubuntu clients (just like Windows simple domain model, but Linux)
I have tried to find something similar to Windows client login, but haven't found anything that works. I just need to be pointed to somewhere to read about the authentication model in Linux. I can work out my from there. It must be something very simple I am missing, because when I read som echapters in The Ubunutu Bible, I can't find anything on it.
View 9 Replies
View Related
Feb 21, 2011
I've just setup OpenLDAP on Ubuntu Server 10.04.2 following this guide:
[URL]
It's mostly working well, but I do have one issue. I thought that after configuring TLS that it would be best to disable access via other means to keep connections to the LDAP server more secure, before doing so I wanted to check that I could actually connect to OpenLDAP on the localhost using the following command:
ldapmodify -Y EXTERNAL -H ldaps:///
But got the following output:
TLS: can't connect: (unknown error code).
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: (unknown error code)
This looks like some simple misconfiguration on my part, but I can't see where it's wrong, nor could I find any answers by googling.
I should point out that I'm able to connect to the LDAP server from a different host on the network using ldaps:/// (via Apache Directory Studio), so I'm quite surprised that I can connect from another system, but not via the loopback.
At this stage this is really a learning exercise for me, I just want to get to grips with LDAP and I find that when starting out the best thing to do is play with the actual configs to get to know my way around, but this has me stumped.
I imagine this is either a very simple config issue or I'm trying to do something that isn't necessary. I'd really like to understand what I'm doing wrong or alternatively why trying to do this is unnecessary/irrelevant.
[Edit] In summary my main goal is to only allow secured access to the LDAP server, not transmit data in plaintext across the network.
View 1 Replies
View Related
Aug 19, 2010
I can't seem to get my ldap.log file to rotate on Ubuntu 9.10. I've added to the logrotate.conf file the following..
/var/log/ldap.log {
missingok
monthly
create 0660 root utmp
rotate 1 }
I have also tried putting the path to the file /etc/logrotate.d/rsyslog. Restarted services and still no logrotation for the ldap.log..
View 5 Replies
View Related
Mar 27, 2010
I need quick configuration guide to configure openldap 2.4 on Fedora 12 or Ubuntu 9.04.
View 1 Replies
View Related
Jul 6, 2010
Every time I try to setup TLS in openldap using the yast applet. The database blows up and dies. I cannot restart the ldap service unless I create a new database. Basically I get LDAP up and working perfectly. Then I use yast to go and enable TLS and SSL support. I put in the paths of the certs. Then hit okay and that is when it blows up. I cannot restart the service. I follow the directions exactly in the link below.
OpenLDAP Faq-O-Matic: How do I use TLS/SSL?
Where is says "using certificates".
Here is what it says in the /var/log/messages
Code:
Jul 6 16:45:31 leia slapd[23996]: @(#) $OpenLDAP: slapd 2.4.17 (Oct 24 2009 04:51:18) $#012#011abuild@build32:/usr/src/packages/BUILD/openldap-2.4.17/servers/slapd
Jul 6 16:45:31 leia slapd[23996]: config error processing cn=schema,cn=config:
Jul 6 16:45:31 leia slapd[23996]: slapd stopped.
Jul 6 16:45:31 leia slapd[23996]: connections_destroy: nothing to destroy.
Jul 6 16:45:31 leia startproc: startproc: exit status of parent of /usr/lib/openldap/slapd: 1
How can I enable TLS/SSL on openldap in opensuse 11.2 without the database dying?
View 2 Replies
View Related
May 27, 2011
I was trying to find documentation on how to add an a new object into openldap, however I can not seam to find a good walk through.
Just so everyone knows what I'm trying to do, I need to add a new object called bannerid, this bannerid is a unique id that will help me find student accounts in my openldap directly much quicker.
View 2 Replies
View Related
Jan 28, 2009
Openldap 2.4.11 uses cn=config as the main configuration instead of slapd.conf .
How to add a new schema to openldap 2.4.11 that uses cn=config.
View 12 Replies
View Related
Aug 24, 2010
I was thinking of merging my openldap and samba bdc servers. Is it ok for a server to authenticate against itself? (ie ldap.conf points to localhost)
View 1 Replies
View Related
Jul 13, 2011
I have a RHEL 5.4 server installed in a server farm. The server is administered under a central AD, which means that administrators are registered in the AD.
However, I have to deploy an application on the linux server, that will use it's own OpenLDAP server. This means that this application will be the client to the LDAP server installed on the same RHEL server.
I tried installing OpenLDAP using yum and it resulted in a very fatal issue. Somehow the configuration files used for finding the Linux server from the AD was overwritten and the Linux server was not reachable anymore.
After some investigations, and possibly, rebuild, the server has been handed over to me.
The problem is how should I install OpenLDAP so that the existing connection to AD is not lost.
On the Linux server I see a /etc/openldap directory but only contains ldap.conf and cacerts directory.
View 3 Replies
View Related
Jul 27, 2011
I am having some trouble with Cyrus SASL and OpenLDAP. I tried to configure OpenLDAP using SASL for all conection but I cannot map the SASL-DN to OpenLDAP's DN. Below is my configuration file, slapd.conf
[code]...
After I finished the configuration, I try to use ldapsearch tool to verify, but I cannot:
[code]...
View 10 Replies
View Related
May 18, 2010
I'm trying to set up an OpenLDAP server on a clean install of 10.04 server (AMD64). Following the server guide [URL] I get down to the "Setting up ACL" step:
$ ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W oldDatabase=hdb oldAccess
This command fails with "ldap_bind: Invalid credentials (49)"
When I replace the dn with what it seems like it should be:
$ ldapsearch -xLLL -b cn=config -D cn=admin,dc=example,dc=com -W oldDatabase=hdb oldAccess
I get "No such object (32)"
I have a feeling this is because 10.04 no longer asks you for the admin username and password during the initial debconf (nor does dpkg-reconfigure).
I can continue through the guide using this form of the commands (which were used earlier in the Guide):
$ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcDatabase=hdb olcAccess
But I'm a little concerned that I'm not able to properly use the admin user to make LDAP changes to the configuration. It also seems like the Server Guide ought to use the 'sudo ... -Y EXTERNAL' form of the commands throughout if cn=admin,cn=config isn't going to work.
View 5 Replies
View Related
May 24, 2010
I have slapd-server running but it seems to refuse connections in a very odd way. Wireshark shows that everytime JavaEE-client tries to connect, only 2 packages are sent. As I understand, in tcp/ip protocol, the first is just "hello, who's there". The last is just a message consisting of ACK and RST. I think RST means "we're done". At this point I don't think any credentials are checked so I don't know what could be wrong
View 1 Replies
View Related
Jun 30, 2010
I'm trying to follow the OpenLDAP docs that are part of the Ubuntu 10.04 Server Guide, listed here:
I get about halfway through, to this command:
sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif
When it asks me to "Enter LDAP Password:" and nothing I have tried works. I thought it might have been "olcRootPW: secret" set in the backend file in the step before, but that isn't working.
View 3 Replies
View Related
Apr 12, 2011
I recently followed a tutorial on how to get OpenLDAP running with Samba on Lucid. It worked pretty well.Here's my very frustrating problem with it. For the first 5 - 10 minutes after rebooting, password handling (possibly PAM?) is hosed, including for users in LDAP authenticating via Samba.In fact, I think the only reason I can SSH into the machine during that window is because I happen to have certificate authentication enabled and my client uses that.When I try to do a sudo command after logging in, though, and have to enter the password, it hangs. I've searched logs and haven't come up with much.I *think* it's related to this bug, but I'm not sure.And here's what's killing me ... it's not easy for me to figure out how to ensure that slapd starts before smbd and rsyslog (I read somewhere else that it needs to start before that for some reason) b/c most of the jobs are upstart jobs, but slapd is not.By default it runs at S19 in rc2.d, and I've tried manually lowering that as far as S05 or S07, but I'm still having trouble.
View 1 Replies
View Related
Apr 17, 2011
I work for a college with many departments. I'd like to just deploy one LDAP/krb5 server (plus slave replicas) to authenticate all users in all departmentsIs it possible to do this?The proposed DNs for the departments matches what is done for NIS now.If anyone has any pointers or URLs that describe how to properly do this.
View 1 Replies
View Related
Apr 28, 2011
I have set up an OpenLDAP server to use as an common address book for my users.
I have all the addresses in a spreadsheet.
Is there a easy way to get this data into LDAP?
View 2 Replies
View Related
Jul 16, 2010
Small office... 20-30 computers all windows based. xp/vista/windows 7. 3 Servers running ubuntu 10.04... 1 domain controller, and two file servers with samba. We want to be able to login once in the morning, and then not have to worry about users/passwords at all throughout the day. So I was thinking that I could setup a PDC and then make the two filservers both BDC's and use ldap to authenticate everything. Would this even work out? and is there a better way to do it?
View 9 Replies
View Related
