Hi,
I am migrating user account entries from an old openldap AD to
openldap BDB. Both LDAP client authentications are implemented in
Linux, the former in CentOS 5, and the latter in CentOS 6.
But the major problem is that the old openldap AD uses encrypted
password in unixUserPassword: while the
If I'm understanding your question, you need to base64 encode {crypt}
followed by the old, encrypted value.
You can avoid the base64 by using just one colon in your LDIF add.
On Oct 11, 2013, at 3:51, jupiter jupiter@gmail.com wrote:
Hi,
I am migrating user account entries from an
A paper and presentation making the rounds, claiming to show how webapps using
LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
http://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf
Can't
Our LDAP infrastructure is currently running 2.4.35, and consists of two
read/write masters configured in mirror mode behind the load balancer, with
three additional read-only slaves using syncrepl. We recently decided to add
the memberof overlay to our configuration, due to an application that
Based on the documentation, my understanding was that the memberof overlay
maintained the memberOf attribute locally, and this attribute was not
replicated? While I was recently working on implementing the memberof
overlay, I noticed that after I had enabled it on one server, before
enabling it on
While I was trying to recover my directory from an aborted attempt to
implement the memberof overlay, I ended up dumping the database with slapcat
and then reloading it with slapadd after removing the now invalid MEMBEROF
attributes that lingered after the overlay was disabled.
Strangely, on some
--On Friday, October 11, 2013 1:04 PM -0700 Paul B. Henson
hen...@acm.org wrote:
This was expected, as the memberOf attribute did not exist in our current
directory. However, what was unexpected was that the slapd processes
started to mysteriously die while I was trying to repopulate the
Hi all,
I'm banging my head against a wall trying to get one particular ACL
setup. We want our users, with the exception of those that have a
restricted shell, to be able to change their own shell values. A
typical user looks like:
dn: uid=user,ou=people,dc=cs,dc=brown,dc=edu
objectClass: top
Could you please try to reproduce this with OpenLDAP from git repo?
It contains a fix for ITS#7710:
http://www.openldap.org/its/index.cgi?findid=7710
RE snapshot link in case you don't want to use command-line git:
Howard Chu wrote:
A paper and presentation making the rounds, claiming to show how webapps using
LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
--On Friday, October 11, 2013 1:10 PM -0700 Paul B. Henson
hen...@acm.org wrote:
Any thoughts?
Did you correctly load the memberof overlay onto all servers?
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra Software, LLC
Zimbra :: the leader in open source
Mark Dieterich wrote:
by ssf=128 self write
I don't think this works. Probably should be just
by self write
Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
by ssf=128 self write
I don't think this works. Probably should be just
It works just fine with the ssf=128 in there if I drop the val.type
statement.
by self write
Regardless, I dropped it and still ended up with the same insufficient
access error.
Thanks,
Mark
On Fri, Oct 11, 2013 at 8:33 PM, Howard Chu h...@symas.com wrote:
A paper and presentation making the rounds, claiming to show how webapps
using LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
Thanks Chad for your response. Let me clarify the question:
I have old LDAP AD password encryted in unixUserPassword:
unixUserPassword: CNRP!efgh12345$67899
How can I use the encrypted password in unixUserPassword format to userPassword?
If I tried to add the unixUserPassword to an ldif file:
That doesn't really look like a crypted password. Do you know what format
it is in? slapd supports numerous encryption schemes.
On Fri, Oct 11, 2013 at 4:19 PM, jupiter jupiter@gmail.com wrote:
Thanks Chad for your response. Let me clarify the question:
I have old LDAP AD password
Hi Chad,
On 10/12/13, Chad Scott csc...@appdynamics.com wrote:
That doesn't really look like a crypted password. Do you know what format
it is in? slapd supports numerous encryption schemes.
I don't know what encryption type for unixUserPassword and I could not
find from searching Internet
From: Quanah Gibson-Mount [mailto:qua...@zimbra.com]
Sent: Friday, October 11, 2013 1:25 PM
Enable core files:
http://wiki.zimbra.com/wiki/Enabling_Core_Files
Thanks for the link, I will do so when I get the test environment up.
I'd also note
From: Michael Ströder [mailto:mich...@stroeder.com]
Sent: Friday, October 11, 2013 1:47 PM
Could you please try to reproduce this with OpenLDAP from git repo?
It contains a fix for ITS#7710:
http://www.openldap.org/its/index.cgi?findid=7710
Once I make sure I can reliably reproduce it
From: Quanah Gibson-Mount [mailto:qua...@zimbra.com]
Sent: Friday, October 11, 2013 1:49 PM
This seems contrary to the documentation and I found it confusing. Am I
missing something?
The memberof overlay should be loaded on all servers. Also see the ITS I
just referenced to you...
In
From: Quanah Gibson-Mount [mailto:qua...@zimbra.com]
Sent: Friday, October 11, 2013 2:22 PM
Did you correctly load the memberof overlay onto all servers?
Evidently not. While the overlay was eventually configured on all of the
servers, in order to avoid a service outage it was not done at
21 matches
Mail list logo
