search for: ldap_connect

...) dovecot: Apr 12 18:22:42 Error: child 43147 (auth) killed with signal 6 -- ] I've noticed the following changes in the source code, and my understanding (which may be wrong) of my problem goes as follows : - In test62, the 'attr_names' attribute array was defined outside the 'ldap_connection' struct, thus allowing 'passdb_ldap_conn' and 'userdb_ldap_conn' structs to have different array of such type. - At the opposite, in test67, the 'attr_names' array is inside the 'ldap_connection'. As 'passdb_ldap_conn' and 'userdb_ldap_conn...

Am 27.02.20 um 11:32 schrieb L.P.H. van Belle via samba: > But your missing the important part. > > How ? > > Kerberos ? NTLM ? LDAP ? > > ;-) Ah ok Actually I want to use secure LDAP from a PHP docker container. So far no Kerberos involved as far as I see. (I have to dockerize a php app which is badly written ... and I want to clean up a bit, and let it bind

...o extract keytab from AD and import to linux clients) works with samba4? In my environment, the command: /usr/sbin/msktutil --create --service host/drudgesk.example.org --computer-name drudgesk --service HTTP --verbose fails without a error, after a successful connection to the AD ldap: [...] -- ldap_connect: Connecting to LDAP server: pdc.ad.example.org try_tls=YES -- ldap_connect: Connecting to LDAP server: pdc.ad.example.org try_tls=NO SASL/GSSAPI authentication started SASL username: francesco at AD.EXAMPLE.ORG SASL SSF: 56 SASL data security layer installed. -- ldap_connect: LDAP_OPT_X_SASL_SSF=...

...87 -- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-gjU224 -- reload: Reloading Kerberos Context -- finalize_exec: SAM Account Name is: FIREWALL-K$ -- try_user_creds: Checking if default ticket cache has tickets... -- finalize_exec: Authenticated using method 4 -- ldap_connect: Connecting to LDAP server: dc.example.com try_tls=YES -- ldap_connect: Connecting to LDAP server: dc.example.com try_tls=NO SASL/GSSAPI authentication started SASL username: admin at example.com SASL SSF: 56 SASL data security layer installed. -- ldap_connect: LDAP_OPT_X_SASL_SSF=56 -- ldap_ge...

...Apologies.? This is the correct screen grab. > > The extra errors in the OP were because I had been experimenting, to > try to fix the issue. > > [root at testsvr ~]# ./ldapAuth.php gary.stainburn fake-password > PHP Fatal error:? Uncaught Error: Call to undefined function > ldap_connect() in /root/ldapAuth.php:12 > > I suspect that the extension is not being loaded, and one post > suggested having to add an > > extension= > > line to php.ini, but I cannot find the library it's supposed to load. > > > > On 20/03/2023 12:52, Gary Stainburn wrote...

...should not read the tls_* settings. This small patch solved it for me --- dovecot-2.2.9/src/auth/db-ldap.c 2013-11-24 14:37:39.000000000 +0100 +++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465 +0200 @@ -1043,7 +1043,7 @@ static void db_ldap_set_tls_options(struct ldap_connection *conn) { - if (!conn->set.tls) + if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0)) return; #ifdef OPENLDAP_TLS_OPTIONS It would be great, if somebody can confirm this and if this or some equivalent patch could make it upstream....

..._filter) "(&(objectClass=posixAccount)(uid=%u))", MEMBER(default_pass_scheme) "crypt", MEMBER(user_global_uid) "", - MEMBER(user_global_gid) "" + MEMBER(user_global_gid) "", + MEMBER(user_global_mail) NULL }; static struct ldap_connection *ldap_connections = NULL; --- dovecot-1.0.rc17/src/auth/userdb-ldap.~c 2007-01-15 03:23:09.000000000 +0200 +++ dovecot-1.0.rc17/src/auth/userdb-ldap.c 2006-12-21 18:06:28.000000000 +0200 @@ -72,7 +72,7 @@ const char *name; char *attr, **vals; unsigned int i; - bool seen...

...quot;; $samba4_server = 'ldap://s4_server_ip'; $samba4_user = 'Administrator at REALM'; $samba4_pass = 'very_secret'; $samba4_port = 389; $samba4_dn = 'CN=users,DC=smb,DC=domain'; $samba4_realm = 'SMB.DOMAIN'; // samba 3 init, accessed anonymously $samba3 = ldap_connect($samba3_server, $samba3_port) or die('Cannot Connect to $samba3_server'); ldap_set_option($samba3, LDAP_OPT_PROTOCOL_VERSION, 3); $samba3Bind = ldap_bind($samba3); if (!$samba3Bind) {die('Cannot Bind to samba3 ldap');} // samba 4 init, bind with a password, non-ssl $samba4 =...

Hi Andrew, Thanks for the response. I'm running 4.7.6, there are 3 DC's, but in my tests, I'm directly pointed at only 1. And the actual CPU/ memory load is minimal - ~4%/6GB free. >From the client side, I'm pretty sure my tests are PHP calling ldap_connect() <https://github.com/pfsense/pfsense/blob/157aff9e256aa235ba68ccc2168c61fc61e90072/src/etc/inc/auth.inc#L960> . It's not the end of the world, and so far, it's the only appliance or application that's affected. Other tests with other web appliances don't exhibit the same is...

This is wierd. I''m trying to get Ruby/LDAP up and working, and at least the basics work fine under irb: irb(main):001:0> require ''ldap'' => true irb(main):002:0> LDAP::Conn.new() => #<LDAP::Conn:0x1b87ac> irb(main):003:0> So far, so good. All LDAP::Conn.new does is call ldap_init with host and port parameters, which in turn just allocates the

Hi, I'm trying to convert my LDAP server into a LDAPS server to secure the users logins, but I don't know what's the procedure to do it. Someone knows any guide to do it? For now: - I've created a CA cert on the server - I've created the cert and key for the domain pdc - I've signed that cert with CA cert. - I've followed the post in samba wiki about

...s. > This small patch solved it for me > > --- dovecot-2.2.9/src/auth/db-ldap.c 2013-11-24 14:37:39.000000000 +0100 > +++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465 +0200 > @@ -1043,7 +1043,7 @@ > > static void db_ldap_set_tls_options(struct ldap_connection *conn) > { > - if (!conn->set.tls) > + if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0)) > return; That's a bit ugly. I think also the URIs support multiple ones, so some ldap and some ldaps URLs could even be mixed,...

I have a network where the domain controllers do not connect on port 139 Is there a way to have smbpasswd change the password without this? I am able to change the password using an ldap method in php ldap_connect ldap_bind ldap_modify_batch full source code here http://forums.fedoraforum.org/showthread.php?t=313554 however this does not allow the password to be set if it has expired. smbpasswd works on 2 of my 3 networks. I was hoping there might be some way to get it working without port 139 (echo -e &...

...0x0) at auth-cache.c:39 str = (string_t *) 0x806a100 key_seen = '\0' <repeats 255 times> key = 0 '\0' #1 0x08055456 in passdb_ldap_preinit (args=0x8075100 "/usr/local/dovecot/etc/dovecot-ldap.conf") at passdb-ldap.c:237 conn = (struct ldap_connection *) 0x8078010 #2 0x08054b8d in passdb_preinit () at passdb.c:152 p = (struct passdb_module **) 0x8068914 name = 0x806b078 "ldap" args = 0x806891c "?P\006\b\bT\005\bdT\005\bxT\005\b?R\005\b\204S\005\b?Q\006\b" #3 0x0805108b in main (argc=1, argv=0x806a...

Hi all, I''m writing an LDAP based app for my office. I''m wondering how to design it however. I''ve got a basic version running, but I''m not convinced that I''m going about it the right way. I have my ldap connection code in lib/ldap_connection.rb. This is what my form targets call when binding. The @con connection object is then stored in a global session hash (sess[session.session_id]=@con). The reason I''m not confident in my approach is that all my methods at the moment, need to be in this single file. I''m playing...

...18:26:55.983349000 +0000 +++ dovecot-1.0.3/src/auth/db-ldap.c.new 2007-10-15 18:28:03.124136000 +0000 @@ -446,7 +446,10 @@ msgid = ldap_bind(conn->ld, conn->set.dn, conn->set.dnpass, LDAP_AUTH_SIMPLE); if (msgid == -1) { - db_ldap_connect_finish(conn, ldap_get_errno(conn)); + if (db_ldap_connect_finish(conn, ldap_get_errno(conn)) < 0) { + /* lost connection, close it */ + ldap_conn_close(conn, TRUE); + } i_free(ldap_request); return -1; }

...userdb_ldap_conn = db_ldap_init(args); (gdb) p passdb_ldap_conn->attr_names[1] $1 = 0x8079990 "userPassword" (gdb) cont Continuing. Breakpoint 2, userdb_ldap_init (args=0x80796d0 "/usr/local/dovecot/etc/dovecot-ldap.conf") at userdb-ldap.c:208 208 (void)db_ldap_connect(userdb_ldap_conn); (gdb) p passdb_ldap_conn->attr_names[1] $2 = 0x80799e0 "homeDirectory" (gdb) cont Continuing. Breakpoint 3, ldap_lookup_pass (auth_request=0x5, ldap_request=0x14) at passdb-ldap.c:157 157 struct ldap_connection *conn = passdb_ldap_conn; (gdb) p passdb_ld...

...log, but i can't use the TLS connection in applications like for example Horde. RSAT LDP works fine without TLS too, but with TLS give me an error trying to connect: ld = ldap_sslinit("pdc.nd.red", 636, 1); Error 81 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3); Error 81 = ldap_connect(hLdap, NULL); Server error: <empty> Error <0x51>: Fail to connect to pdc.nd.red. and the openSSL test command of the wiki works too from another server: openssl s_client -showcerts -connect pdc.nd.red:636 CONNECTED(00000003) depth=0 C = ES, ST = Madrid, L = Madrid, O = SOME, OU = ATIC...

Hi guys, I had a look in the sources about this problem. the problem seems to be the ldap_escape function that is called from ldap_verify_plain_auth_bind_userdn(..) I dont really know if this escaping is needed at this point, but with this change it works for me. No other problems discovered so far. could somebody, who is deeper in the sources give me a hint if this will make some troubles?

...lloc_len = 8 sep_len = 1 len = 9 pos = 39 needed_space = 0 str = 0x806e488 "uid,homeDirectory,,,uidNumber,gidNumber" #1 0x080578a1 in ldap_lookup_pass (auth_request=0x8077a10, ldap_request=0x8077ab0) at passdb-ldap.c:181 conn = (struct ldap_connection *) 0x807a810 vars = (const struct var_expand_table *) 0x807a9a0 attr_names = (const char **) 0x807aa08 filter = 0x806e268 "(&(objectClass=posixAccount)(uid=dovetest))" base = 0x806e468 "ou=personnes, dc=pasteur, dc=fr" str = (string...