search for: ldap_connection

...) dovecot: Apr 12 18:22:42 Error: child 43147 (auth) killed with signal 6 -- ] I've noticed the following changes in the source code, and my understanding (which may be wrong) of my problem goes as follows : - In test62, the 'attr_names' attribute array was defined outside the 'ldap_connection' struct, thus allowing 'passdb_ldap_conn' and 'userdb_ldap_conn' structs to have different array of such type. - At the opposite, in test67, the 'attr_names' array is inside the 'ldap_connection'. As 'passdb_ldap_conn' and 'userdb_ldap_conn'...

Am 27.02.20 um 11:32 schrieb L.P.H. van Belle via samba: > But your missing the important part. > > How ? > > Kerberos ? NTLM ? LDAP ? > > ;-) Ah ok Actually I want to use secure LDAP from a PHP docker container. So far no Kerberos involved as far as I see. (I have to dockerize a php app which is badly written ... and I want to clean up a bit, and let it bind

Hi all, can anybody confirm the tool msktutil (used to extract keytab from AD and import to linux clients) works with samba4? In my environment, the command: /usr/sbin/msktutil --create --service host/drudgesk.example.org --computer-name drudgesk --service HTTP --verbose fails without a error, after a successful connection to the AD ldap: [...] -- ldap_connect: Connecting to LDAP server:

When using mskutil in order to setup a keytab fail for Squid Kerberos authentication, it stops with an error: Error: Unable to set machine password for FIREWALL-K$: (2) Server error This is the output of the mskutil command: ########################################################## # msktutil -f -b "CN=COMPUTERS" -s HTTP/firewall.example.com -k /etc/squid/squid.keytab --computer-name

I've also tried adding the pgsql and mysql RPM's and they're not available either. On 20/03/2023 12:58, Gary Stainburn wrote: > Apologies.? This is the correct screen grab. > > The extra errors in the OP were because I had been experimenting, to > try to fix the issue. > > [root at testsvr ~]# ./ldapAuth.php gary.stainburn fake-password > PHP Fatal error:?

...should not read the tls_* settings. This small patch solved it for me --- dovecot-2.2.9/src/auth/db-ldap.c 2013-11-24 14:37:39.000000000 +0100 +++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465 +0200 @@ -1043,7 +1043,7 @@ static void db_ldap_set_tls_options(struct ldap_connection *conn) { - if (!conn->set.tls) + if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0)) return; #ifdef OPENLDAP_TLS_OPTIONS It would be great, if somebody can confirm this and if this or some equivalent patch could make it upstream....

..._filter) "(&(objectClass=posixAccount)(uid=%u))", MEMBER(default_pass_scheme) "crypt", MEMBER(user_global_uid) "", - MEMBER(user_global_gid) "" + MEMBER(user_global_gid) "", + MEMBER(user_global_mail) NULL }; static struct ldap_connection *ldap_connections = NULL; --- dovecot-1.0.rc17/src/auth/userdb-ldap.~c 2007-01-15 03:23:09.000000000 +0200 +++ dovecot-1.0.rc17/src/auth/userdb-ldap.c 2006-12-21 18:06:28.000000000 +0200 @@ -72,7 +72,7 @@ const char *name; char *attr, **vals; unsigned int i; - bool seen_ui...

Hi, I have written a php script to upgrade a fresh s4 AD with more details from a (s3) ldap server. I am no programmer AT ALL, so I guess this is very dirty and un-elegant, but it does the trick. We had multiple "mail" attributes in openldap, and since AD only allows 1 mail attribute, additional mail addresses are migrated to "otherMailbox" AD attributes. Perhaps someone

Hi Andrew, Thanks for the response. I'm running 4.7.6, there are 3 DC's, but in my tests, I'm directly pointed at only 1. And the actual CPU/ memory load is minimal - ~4%/6GB free. >From the client side, I'm pretty sure my tests are PHP calling ldap_connect() <https://github.com/pfsense/pfsense/blob/157aff9e256aa235ba68ccc2168c61fc61e90072/src/etc/inc/auth.inc#L960> .

This is wierd. I''m trying to get Ruby/LDAP up and working, and at least the basics work fine under irb: irb(main):001:0> require ''ldap'' => true irb(main):002:0> LDAP::Conn.new() => #<LDAP::Conn:0x1b87ac> irb(main):003:0> So far, so good. All LDAP::Conn.new does is call ldap_init with host and port parameters, which in turn just allocates the

Hi, I'm trying to convert my LDAP server into a LDAPS server to secure the users logins, but I don't know what's the procedure to do it. Someone knows any guide to do it? For now: - I've created a CA cert on the server - I've created the cert and key for the domain pdc - I've signed that cert with CA cert. - I've followed the post in samba wiki about

...s. > This small patch solved it for me > > --- dovecot-2.2.9/src/auth/db-ldap.c 2013-11-24 14:37:39.000000000 +0100 > +++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465 +0200 > @@ -1043,7 +1043,7 @@ > > static void db_ldap_set_tls_options(struct ldap_connection *conn) > { > - if (!conn->set.tls) > + if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0)) > return; That's a bit ugly. I think also the URIs support multiple ones, so some ldap and some ldaps URLs could even be mixed, wh...

I have a network where the domain controllers do not connect on port 139 Is there a way to have smbpasswd change the password without this? I am able to change the password using an ldap method in php ldap_connect ldap_bind ldap_modify_batch full source code here http://forums.fedoraforum.org/showthread.php?t=313554 however this does not allow the password to be set if it has expired.

...0x0) at auth-cache.c:39 str = (string_t *) 0x806a100 key_seen = '\0' <repeats 255 times> key = 0 '\0' #1 0x08055456 in passdb_ldap_preinit (args=0x8075100 "/usr/local/dovecot/etc/dovecot-ldap.conf") at passdb-ldap.c:237 conn = (struct ldap_connection *) 0x8078010 #2 0x08054b8d in passdb_preinit () at passdb.c:152 p = (struct passdb_module **) 0x8068914 name = 0x806b078 "ldap" args = 0x806891c "?P\006\b\bT\005\bdT\005\bxT\005\b?R\005\b\204S\005\b?Q\006\b" #3 0x0805108b in main (argc=1, argv=0x806a100...

Hi all, I''m writing an LDAP based app for my office. I''m wondering how to design it however. I''ve got a basic version running, but I''m not convinced that I''m going about it the right way. I have my ldap connection code in lib/ldap_connection.rb. This is what my form targets call when binding. The @con connection object is then stored in a global session hash (sess[session.session_id]=@con). The reason I''m not confident in my approach is that all my methods at the moment, need to be in this single file. I''m playing ar...

timo, i think i found a small problem with the ldap implementation: when using auth_bind (this might be in all conditions, not just that one - i haven't tested further), if the server lost connection to the ldap server (ie, the ldap server died) dovecot-auth would never reconnect to the ldap server and all subsequent auth attempts would fail. after a little more digging, i discovered that

...at userdb-ldap.c:208 208 (void)db_ldap_connect(userdb_ldap_conn); (gdb) p passdb_ldap_conn->attr_names[1] $2 = 0x80799e0 "homeDirectory" (gdb) cont Continuing. Breakpoint 3, ldap_lookup_pass (auth_request=0x5, ldap_request=0x14) at passdb-ldap.c:157 157 struct ldap_connection *conn = passdb_ldap_conn; (gdb) p passdb_ldap_conn->attr_names[1] $3 = 0x80799e0 "homeDirectory" (gdb) cont Continuing. -- Could it explain why I get - in the error log : -- dovecot: Apr 08 18:08:15 Error: auth(default): ldap(dovetest,127.0.0.1): No password in reply dovecot: Apr...

2015-05-02 12:06 GMT+02:00 Daniel Carrasco Mar?n <danielmadrid19 at gmail.com>: > Hi, > > I'm trying to convert my LDAP server into a LDAPS server to secure the > users logins, but I don't know what's the procedure to do it. Someone knows > any guide to do it? > > For now: > > - I've created a CA cert on the server > - I've created the

Hi guys, I had a look in the sources about this problem. the problem seems to be the ldap_escape function that is called from ldap_verify_plain_auth_bind_userdn(..) I dont really know if this escaping is needed at this point, but with this change it works for me. No other problems discovered so far. could somebody, who is deeper in the sources give me a hint if this will make some troubles?

...lloc_len = 8 sep_len = 1 len = 9 pos = 39 needed_space = 0 str = 0x806e488 "uid,homeDirectory,,,uidNumber,gidNumber" #1 0x080578a1 in ldap_lookup_pass (auth_request=0x8077a10, ldap_request=0x8077ab0) at passdb-ldap.c:181 conn = (struct ldap_connection *) 0x807a810 vars = (const struct var_expand_table *) 0x807a9a0 attr_names = (const char **) 0x807aa08 filter = 0x806e268 "(&(objectClass=posixAccount)(uid=dovetest))" base = 0x806e468 "ou=personnes, dc=pasteur, dc=fr" str = (string_t...