w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Cannot authenticate against Windows domain using ColdFusion 10, IIS 7.5, LDAP
After much ado, I found the answer here: What are the proper permissions for ColdFusion 9 on IIS 7.5 with Windows Authentication I needed to give the domain users (which is just a very large A/D group) read-only access to the config folder under the CF10 install location. From then on, it worked great!

Categories : Authentication

external ldap client for wso2 Identity Server to authenticate external ldap users
You can check the IS documentation on how to connect to external LDAP server . If you have successfully connected to external store, then authentication will happen against that usertore.. What is the issue you faced when you authenticate with the external LDAP user store? You can file a bug report..

Categories : Wso2

Trying to open ports via Windows Firewall, but only when process is running (Error: "Syntaxerror")
start "Origin" /DE:Origin Origin.exe Guess only: The help for start indicates that there should be a SPACE between the D and the E.

Categories : Windows

LDAP can't bind to server after turn on LDAP Server Signing Requirements
try This Code I am using that code for my Local LDAP SERVER <?php $ldapconfig['host'] = 'localhost'; $ldapconfig['port'] = NULL; $ldapconfig['basedn'] = 'dc=test,dc=example,dc=com'; $ldapconfig['authrealm'] = 'Nisarg'; function ldap_authenticate() { global $ldapconfig; global $PHP_AUTH_USER; global $PHP_AUTH_PW; //$PHP_AUTH_USER = "john"; //$PHP_AUTH_PW = "esparkinfo"; $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER']; $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW']; if ($PHP_AUTH_USER != "" && $PHP_AUTH_PW != "") { $ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']); $r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' . $PHP_AUTH_USER); if ($r) { $result = @ldap_get_entries( $ds, $r); if ($result[

Categories : PHP

how to authenticate a user in Ldap using password
The password should be stored as a cryptographic digest called a "hash", often in the userPassword or authPassword attribute. The LDAP client authenticates by changing the authorization state of the session using a BIND request. A SimpleBindRequest has the distinguished name (primary key) of the account which is to be used as the authorization state of the session and the password in clear-text. The SimpleBindRequest should be transmitted to the server via a secure connection (either SSL or a non-secure connection promoted using the StartTLS extended request). Other methods (such as DIGEST-MD5 or CRAM-MD5 are unsafe or less secure because the server must be able to decrypt a password, therefore the password must be stored in a reversible encryption. Other safe methods include GSSAPI or th

Categories : Spring

Using SSL to Authenticate LDAP/Active Directory Login
Here is the picture I get from you question web browser --(1)--> your-domian.com --(2)--> your client's AD server So you have purchased an SSL certificate for your-domain.com, so connection (1) is over SSL and all data is encrypted. However this speaks nothing about the connection to the AD server. Connection (2) may be over SSL, TLS or be plain connection. In other words you need to check what your login.php is doing behind the scenes to authenticate in AD. If the connection it uses is SSL or TLS your data is encrypted on that stage, otherwise it is not. So you are correct only in half. The data between the browser and your domain is encrypted, but the data between your domain and the AD server may or may not be.

Categories : PHP

Authenticate via Active Directory using LDAP, Java Play Framework
The issue is the SECURITY_PRINCIPAL value you're trying to use is not a valid value that you can bind on. It's only possible to bind with a username, not the attributes associated with a user. Active directory allows you to bind on either username@domain or the user accounts full Distinguishing Name. The DN value is often something like... cn=username,cn=Users,dc=abc,dc=mycompany,dc=com but the actual value depends on your AD configuration. If you want to find a user by their email address, you'll need to bind using an administrator ID (or some ID that has the ability to search), search for the user with that specific email address, then rebind with their username to authenticate. Also, not that it changes anything, but in the bind name ("mail="+email+""") you have a closing " but no

Categories : Java

Authenticate via spring LDAP with additional security check in database
You have to change your way of having the user Prancipal : You will keep you ldapProvider : <beans:bean id="ldapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> .... <beans:bean id="customUserDetailsMapper" class="xxxxx.CustomUserDetailsMapper"> <beans:constructor-arg ref="customUserDetailService" /> </beans:bean> <beans:bean id="customUserDetailService" class="xxxxxx.CustomUserDetailService"> </beans:bean> define a custom UserDatailsMapper : public class CustomUserDetailsMapper extends LdapUserDetailsMapper { private UserDetailsService userDetailService; public CustomUserDetailsMapper (UserDetailsService userDetailService) { this.userDetailService = userDetailService; } @Override p

Categories : Spring

Ldap filter to search for users in a given domain (using powershell)
I think the following filter should work: (&(objectCategory=person)(objectClass=user)(dc:dn:=mytestlab)(dc:dn:=com)) The filter above is called an extensible match search because it specifies an attribute name: dc and the DN’s attributes should be considered as part of the entry.

Categories : Powershell

Change Apache2 ports.conf in order to localhost interface to listen to port 80
Have you symlinked the /etc/apache2/sites-available/foo.com to /etc/apache2/sites-enabled/000-foo.com. The default apache configuration only reads virtual hosts from the sites-enabled directory and not sites available. I am guessing that if you go to /etc/apache2/sites-enabled and type ls -la you will only see a configuration for default site and not your new site. If this is the case then symlink your foo.com into the sites enabled directory as follows ln -s ../sites-available/foo.com 001-foo.com

Categories : Apache

Can I use SQL Server-2012 Express edition over a network when the FIREWALL is on
You still need to make sure you're connecting through a known port, and open that port on your firewall. In the configuration manager, open the TCP/IP settings. Under IPAll, ensure Dynamic Ports is blank and TCP Port is 1433. Then, make sure 1433 is allowed inbound on your firewall. If you have a network level firewall, check with it's administrators to make sure that port is open. Yes, network sharing will work with the professional edition with a firewall - just need to make sure the correct ports are open.

Categories : Sql Server

How to use UnboundID SDK to connect to an LDAP server with the SSL server certificate?
If there is a specific certificate or set of certificates that you want trusted, then you could just create your own custom javax.net.ssl.X509TrustManager implementations that examines the presented certificate chain and determines whether it represents one of the expected certificates. You could hard-code information about those certificates into your code (or better yet, put it in a config file so you could change it without altering any code) and do something like comparing certificate fingerprints to get an appropriate degree of assurance that it is actually the legitimate certificate. If you don't know what the individual certificates will be but know that they all have a common issuer, and you trust that issuer to only issue good certificates, then you could include trust informati

Categories : Ssl

How to free stuck server ports?
https://github.com/joyent/node/blob/3d4c663ee68326990e0732a4aa76445688e1064e/lib/net.js#L1159 You are passing invalid arguments to server.listen. It is interpreting your string as a unix domain socket filesystem path. This program works fine and can be killed and restarted immediately. net = require "net" server = net.createServer -> console.log "connection" server.listen 1337, "127.0.0.1" Pass correct arguments to server.listen and all is well.

Categories : Node Js

Linux TCP Server - listen on multiple ports in C++
Roughly here are the steps: You can have multiple TCP servers (aka server sockets) listen for each port. Next, you can use a select() and pass file descriptors for each of these server sockets. If you get a connection on any of these, then select would return a read event and mark the fd of the server socket that has the connection. YOu would need to call accept() on that server fd. YOu cannot make a single TCP socket listen on multiple ports.

Categories : C++

Microsoft SQL Server (MSSQL) 'order by' to keep values together, but without specifying order (partial order by)
I don't think there's anything like you describe, a clustered index on the field will usually return rows in order of the indexed value without an order by, but it can't be guaranteed. However, if you had that index then the cost of the ORDER BY a would be trivial. And of course if you wanted to randomize the order you could do that, but it seemed like you were hoping for a better performing option, and any method to do that would not perform better.

Categories : SQL

Does TCP client need open ports to connect to external server?
As long as your GSM operator allows outbound traffic, you need no ports open to connect to a remote server. When you try to establish a connection, the provider's NAT or NAT-like equipment will open a port temporarily for that one socket. It allows for outbound without letting inbound packets open connections. If your GSM provider disallows all traffic, you're out of luck.

Categories : Java

Get file contents of a domain in another domain in the same server
Glob needs file-access. But since it is on another domain. It doesn't get file-access (and it shouldn't). Even if they are on the same server, they shouldn't be able to access each others files for so many reasons. What you can do is write a small API on domain1.com that returns a list of images for a certain user. You then access that information using for isntance curl on domain1.com where the pictures are stored: <?php //get the user id from the request $user_id = $_GET['user_id']; $pathToImageFolder = 'path_to_pictures' . $user_id ; $images = glob($pathToImageFolder.'/*.{jpg,jpeg,png,gif}', GLOB_BRACE); //return a JSON array of images print json_encode($images,true); #the true forces it to be an array on domain2.com: <?php //retrieve the pictures $picturesJSON = file_get_

Categories : PHP

add product from one domain, to the cart of different domain(both are on same server)
The requirement is that both domains have to store the sessions at the same place. Then you have to make the client use the same session id on both domains, to do that, pass the session id in all links and redirects that go from one domain to another. <a href="http://xyz.com/cart.php?<?php echo SID ?>">cart</a>

Categories : PHP

Multiple Applications, single domain how many SSL endpoints required?
Since both applications share the same domain, you can use one SSL endpoint. Add the SSL endpoint to one app. Add cname's for each application domain that point to the Heroku SSL endpoint Add the domains for each app with heroku domains:add DOMAIN Heroku will handle the routing to each application via the SSL endpoint.

Categories : Ssl

MacOSX: creating a CFStream/NSStream with specific client and server ports
I must admit it's a bit (year ...) old, and never was a really high-priority issue for me, and my code hasn't seen any real-world usage yet. This is what I ended up with NSInputStream *nsReadServer = NULL; NSOutputStream *nsWriteServer = NULL; void commsInit(const char *ipAddress) { InitCommClient( &sServer, ipAddress, ServerPortNr, ClientPortNr, 50 ); if( sServer != NULLSOCKET ){ CFStreamCreatePairWithSocket( NULL, sServer, (CFReadStreamRef*) &nsReadServer, (CFWriteStreamRef*) &nsWriteServer ); [nsReadServer retain]; [nsWriteServer retain]; [nsReadServer setDelegate:[[OurStreamDelegate alloc] init] ]; [nsReadServer scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode]; [nsReadServer open]; [nsWriteServer op

Categories : Osx

CAS server authentication using LDAP
Take a look at the write up on building a CAS server I did awhile back. It should make it easy to understand. http://blog.mosheldon.com/2011/04/cas-sso-347-with-ldapad-attributes.html

Categories : Authentication

What is the URL for embedded LDAP server
The ldap-server element creates a ContextSource so you don't need to define one. It supports an id attribute, which you can use to create a reference to the bean. <security:ldap-server id="embeddedServer" ... /> <bean id="authenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator"> <constructor-arg ref="embeddedServer"/> ... </bean> So normally you don't need the URL. It also has a port element (default 33389), which you can set. The URL would be ldap://localhost:33389/dc=example,dc=com unless you set a different port.

Categories : Spring

LDAP server which is my base dn
The base dn is dc=example,dc=com. I don't know about openca, but I will try this answer since you got very little traffic so far. A base dn is the point from where a server will search for users. So I would try to simply use admin as a login name. If openca behaves like most ldap aware applications, this is what is going to happen : An ldap search for the user admin will be done by the server starting at the base dn (dc=example,dc=com). When the user is found, the full dn (cn=admin,dc=example,dc=com) will be used to bind with the supplied password. The ldap server will hash the password and compare with the stored has value. It if matches, you're in. Getting step 1 right is the hardest part, but mostly because we don't get to do it often. Things you have to look out for in your co

Categories : Authentication

nginx reverse proxy to access a backend webcam server that requires 2 ports for the URL
You can use this configuration file Proxy pass server for your first port server { listen 80; server_name localhost; #ssl configuration begin ssl on; ssl_certificate /usr/local/nginx/conf/cert.pem; ssl_certificate_key /usr/local/nginx/conf/cert.key; keepalive_timeout 70; #ssl configuration end #proxy pass proxy_pass http://192.168.1.7:70/url$request_uri;//70 is your first port proxy_set_header X-Real-IP $remote_addr; proxy_set_header Request_Uri_X $request_uri; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; } Proxy pass server for your second port server { listen 81; server_name localhost; #ssl configuration begin ssl on; ssl_certificate

Categories : Nginx

authenticate using sql server logins
IMO, there is no problem until you give appropriate permissions to the user in the database server. For ex: application uses Northwind database but user is not given access or appropriate permissions to access the Northwind database, user will see exception. For this to work, we need to set impersonation to true. To enhance it further create a AD group and give this group appropriate permissions on databases. Now, add users to this group to minimize errors while setting up each new user.

Categories : C#

How to disable LDAP server in WSO2 ESB 4.0.3
LDAP is used for usermanagement. You can disable LDAP usermanagement configuration in the user-mgt.xml, and use JDBC user store. Enable following section in your user-mgt.xml. <!--UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> <Property name="ReadOnly">false</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="IsEmailUserName">false</Property> <Property name="DomainCalculation">default</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="UserNameUniqueAcrossTenants">false</Property> <Property name="Pass

Categories : Wso2

How can I find the LDAP server in the DNS with Indy?
Easy : program SO18309621; {$APPTYPE CONSOLE} uses IdDNSResolver, SysUtils; var Dns : TIdDNSResolver; Rec : TResultRecord; Srv : TSRVRecord; Index : Integer; begin try Dns := TIdDNSResolver.Create; try Dns.Host := 'mydnsserver.mydomain'; Dns.QueryType := [qtService]; Dns.Resolve('_ldap._tcp.mydomain'); for Index := 0 to Dns.QueryResult.Count - 1 do begin Rec := Dns.QueryResult[Index]; if Rec is TSRVRecord then begin Srv := TSRVRecord(Rec); Writeln('Target=', Srv.Target, ', Port=', Srv.Port, ', Priority=', Srv.Priority, ', Weight=', Srv.Weight); end; end; finally Dns.Free; end; except on E: Exception do Writeln(E.ClassName, ': ', E.Message); end; end.

Categories : Delphi

to use mysql server as a client of ldap
AFAIK, PAM auth plugin is available in the Enterprise/Commercial version of Oracle Mysql. You might try the Percona provided plugin

Categories : Mysql

Running an LDAP Server on Cloudbees
Unfortunately, running LDAP in a CloudBees app container/stack won't work because in-bound routing to your application port must be over HTTP/HTTPS. Alternative 1: host the LDAP server outside of CloudBees (like on your own EC2 server) Alternative 2: [for the highly motivated] you might be able to get a WebSocket gateway of some kind to work, but you'd special code on the client and server side to negotiate the socket stream hand-off outside of the LDAP server and client. [Client -> WS-Client --> CloudBees --> WS-Server --> LDAP Server] gripe: why can't all protocols support virtual hosting like HTTP? -- that would make them much more Cloud-friendly :(

Categories : Grails

How to authenticate the GKLocalPlayer on my 'third party server'?
Here is how you can authenticate using objective c. If you need it in another language should be trivial to translate. -(void)authenticate { __weak GKLocalPlayer *localPlayer = [GKLocalPlayer localPlayer]; localPlayer.authenticateHandler = ^(UIViewController *viewController, NSError *error) { if(viewController) { [[[UIApplication sharedApplication] keyWindow].rootViewController presentViewController:viewController animated:YES completion:nil]; } else if(localPlayer.isAuthenticated == YES) { [localPlayer generateIdentityVerificationSignatureWithCompletionHandler:^(NSURL *publicKeyUrl, NSData *signature, NSData *salt, uint64_t timestamp, NSError *error) { if(error != nil) {

Categories : IOS

Python-ldap ldap.initialize rejects a URL that ldapurl considers valid
You can programatically encode the last part of the URL: from urllib import quote # works in Python 2.x from urllib.parse import quote # works in Python 3.x url = 'ldap://192.168.2.151/dc=directory,dc=paralint,dc=com' idx = url.rindex('/') + 1 url[:idx] + quote(url[idx:], '=') => 'ldap://192.168.2.151/dc=directory%2Cdc=paralint%2Cdc=com'

Categories : Python

Rewrite domain.com/sub/ to sub.domain.com on other server
On domain.com enable mod_rewrite and .htaccess through httpd.conf and then put this code in your .htaccess under DOCUMENT_ROOT directory: Options +FollowSymLinks -MultiViews # Turn mod_rewrite on RewriteEngine On RewriteCond %{HTTP_HOST} ^(www.)?domain.com$ [NC] RewriteRule ^sub(/.*|)$ http://sub.domain.com$1 [L,R=301,NC] UPDATE As per the comments if you don't want original URL to change: This will require you to enable mod_proxy on domain.com: RewriteCond %{HTTP_HOST} ^(www.)?domain.com$ [NC] RewriteRule ^sub(/.*|)$ http://sub.domain.com$1 [L,P,NC]

Categories : Apache

Failure connecting to ldap server from clearcase dir
ClearCase in itself shouldn't be concerned with LDAP, not directly at least, considering its level of integration with LDAP: When LDAP authentication is enabled, users enter names and passwords through standard ClearCase dialogs (for example CCRC or CCWeb), and ClearCase will use the LDAP protocol to deliver the appropriate authentication. This is not to say that ClearCase is integrated with LDAP, it merely runs on top of the operating system already configured to use the LDAP protocol. In other words, ClearCase authenticates with the operating system, and will support LDAP transparently if the OS is configured correctly to support LDAP. Note that may have changed with ClearTeam Explorer and CC 8.x So if you weren't using LDAP before the migration for authentication, check if t

Categories : Dotnet

Obtaining properties from LDAP server (Distinguished Name, etc)
LDAP does not use properties, it has attributes. To fetch attributes from a server, an LDAP client must connect to the server, authenticate the connection using the BIND request, and then transmit a search request to the server and interpret the server's response. A search request consists of the following at a minimum: base object search scope search filter list of attributes to retrieve Properly coded LDAP clients will include a size limit and time limit in addition to the above required elements. The search result from the server will contain an integer result code, and a list of objects that matched the search request parameters (filtered by the search filter). A search can be successful but return no entries. If the base object is not known, transmit a search request for the nam

Categories : C#

Java spring LDAP - Waring LDAP password expire
Credentials expiration date and time Getting the date and time at which the password was last changed: private final static long DIFF_NET_JAVA_FOR_DATE_AND_TIMES = 11644473600000L; long adDateTime = Long.parseLong(pwdLastSet); long milliseconds = (adDateTime / 10000) - DIFF_NET_JAVA_FOR_DATE_AND_TIMES; Date pwdLastSetDate = new Date(milliseconds); Getting the number of max days that could have the password: private final static int ONE_HUNDRED_NANOSECOND = 10000000; private final static long SECONDS_IN_DAY = 86400; long maxPwdAge = Math.abs(Long.parseLong(maxPwdAgeStr)); long maxPwdAgeSecs = maxPwdAge / ONE_HUNDRED_NANOSECOND; int maxPwdAgeDays = (int) (maxPwdAgeSecs / SECONDS_IN_DAY); Getting the the date and time at which the password will expire Calendar cal = Calendar.getInstan

Categories : Java

Authenticate WCF by matching client and server certificate together
You don't have to write code to perform certificate authentication - this can be handled by configuration. From this article: http://msdn.microsoft.com/en-us/library/ff648360.aspx There are a number of ways to specify the location of the certificate. This example is using the certificate store for the service: <behaviors> <serviceBehaviors> <behavior name="ServiceBehavior"> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> <serviceCredentials> <serviceCertificate findValue="CN=tempCertServer" /> </serviceCredentials> </behavior> </serviceBehaviors> And this one is using a certificate that is encoded directly in the config fi

Categories : C#

How to proper authenticate an AngularJS client to the server
Thanks to the tip of lossleader I solved the problem. I removed the login() method, because I want the Java EE-Server to take care of authentication. To access secured areas the AngularJS webapp has to set the HTTP-Header correctly. In my case $http.defaults.headers.common['Authorization'] = 'Basic '; where username:password has to be Base64 encoded. After I set the headers correctly, no Password Prompt is shown and the AngularJS webapp can access the REST API.

Categories : Java

Using dropboxjs to authenticate the client with oauth 2. What about the server?
At the end of the authentication process, you have an access token, which is what's used to make calls to the API. If both the client and the server need to make calls to the API, then both will need to have the access token. If you're doing the authentication client-side today, you could pull the access token out somehow (not sure if/how it's exposed from the library, but it's in there somewhere and also storaged in local storage) and pass it to the server. The server can then use it to call /account/info and get the Dropbox user ID of the authenticated user. An alternative is to do it the other way around. Authenticate the user with the "code flow" (rather than "token flow") and get the access token on the server in the first place. Then you could pass it down to the client and pass it

Categories : Node Js

How do I find all the roles a user has in LDAP using the UnboundID LDAP SDK?
Use the following function. Assumption that you works with SUN LDAP (you use uid): Edited private boolean isGroupContainUser(LDAPConnection ldapConnection, String groupDn, String userDn) throws LDAPException { boolean ret = false; Entry groupEntry = ldapConnection.getEntry(groupDn); String[] memberValues = groupEntry.getAttributeValues("uniquemember"); if (memberValues != null) { DN ldapUserDn = new DN(userDn); for (String memberEntryDnString : memberValues) { DN memberEntryDn = new DN(memberEntryDnString); if (memberEntryDn.equals(ldapUserDn)) { ret = true; break; } } } return ret; }

Categories : Java

Ruby verify the certificate of secure ldap server
I am posting my solution here for the sake of completeness. net-ldap gem override to support certificate validation https://gist.github.com/mintuhouse/9931865 Ideal Solution: Maintain list of trusted root CAs on your server (If you are lazy like me, have a cron job which will download (weekly maintained by curl) copy from http://curl.haxx.se/ca/cacert.pem) Override Net::HTTP to always use this trusted certificate list

Categories : Ruby On Rails



© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.