Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
Below is my OpenLDAP structure :
+--> dc=test,dc=com (3)
---> cn=admin
+--> ou=groups (3) | ---> cn=admin | ---> cn=irc | ---> cn=users | ---> Create new entry here
+--> ou=users (4) | ---> cn=user1 | ---> cn=user2 | ---> cn=user3 | ---> cn=user4
The setttings in Openfire :
Step 1 :
Port : 389
Base DN : ou=users,dc=test,dc=com
Administrator DN: cn=admin,dc=test,dc=com
Step 2 :User Mapping :
Username Field:uid
Step 3: Group Mapping
Group Field:cn
Member Field:uniqueMember
Description Field: description
For the next window when I am clicking on Save and Continue, I get following exception :
HTTP ERROR 500
Problem accessing /setup/setup-admin-settings.jsp. Reason:
Server Error
Caused by:
java.lang.NullPointerException
at org.jivesoftware.openfire.admin.setup.setup_002dadmin_002dsettings_jsp._jspService(setup_002dadmin_002dsettings_jsp.java:99)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:547)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1359)
at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1330)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:74)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1330)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:50)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1330)
at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:78)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1330)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:164)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1330)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:478)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:520)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:941)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:409)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:875)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
at org.eclipse.jetty.server.Server.handle(Server.java:349)
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441)
at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:919)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:582)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:218)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533)
at java.lang.Thread.run(Thread.java:701)
Also I did some changes and I was able to see the Add Administrator screen but I was not able to add any of my existing LDAP users here. It was throws following error :
"No username was provided or the specified username was not found."
I restarted the server and since then NullPointerException started coming back again.- (well that deserves another discussion, once I get through this)
Where am I going wrong?
FYI, both the servers, openfire and OpenLdap, are running on same virtual machines.
Thanks in adv.
I could proceed to the next screen by changing advanced settings in user mapping section. My changes are : Posix Mode: No Group Filter : (objectClass=Group)
Surprisingly, once I reached to the Add Administrator screen, after coming back I reset these fields and it was still working fine. I wonder if after restarting the server it will work or not.
Also in the Step 1, make sure in the hostname you provide the ip address of your machine. With localhost it dint work for me.
Thanks,
Hope it helps anyways!
For the other query I had, I could add administrators by modifying my Base DN to "Base DN : dc=test,dc=com"
With specifying ou, it seems I was restricting the users. :)
If you have that problem even all the test were successfull (by clicking the "Test" buttons you have next to the "Save and continue" button), it is because it took you too long to finalize the setup and the session somehow expired.
Restart the openfire service, reload the web page and go through the setup process again, in one go.
Related
I installed Mautic in-house instance. I tried to integrate it with Amazon SES service. After all was set as needed (please find the attached screenshot below), I clicked "Test connection" button and got the following error:
Connection could not be established with host
email-smtp.eu-west-1.amazonaws.com [An attempt was made to access a
socket in a way forbidden by its access permissions. #10013] Log data:
++ Starting Mautic\EmailBundle\Swiftmailer\Transport\AmazonTransport !! Connection could not be established with host
email-smtp.eu-west-1.amazonaws.com [An attempt was made to access a
socket in a way forbidden by its access permissions. #10013] (code: 0)
++ Starting Mautic\EmailBundle\Swiftmailer\Transport\AmazonTransport
Can someone give a hand on this? What am I doing wrong?
Screenshot Mautic_Amazon-SES_Integration Settings
I had the same problem and fixed it by leaving the field "Port" empty (Mautic --> email settings --> Port). Apparently my server wasn't able to use port 25, and leaving this field empty made Mautic find the best port.
I'm trying to retrieve data from an open data api. I have downloaded the certificate from the site and imported it into STRUST (SSL Client Anonymous).
Then I created a HTTP connection to external server in SM59. In the beginning it worked fine, until last week when the api changed its URL and so its DNS.
Of course it could no longer be reached by the current host. So I did above steps again for the new URL (changed everything accordingly like hostname etc. in SM59), but this time I receive following error:
SSL handshake with 'hostname:port' failed: SSSLERR_CONN_CLOSED (-10)#Remote
Peer has closed the network connection##SapSSLSessionStartNB()==SSSLERR_CONN_CLOSED##
Anyone has an idea on how to solve this?
On another forum someone helped me solve the problem. He pointed me out that the problem lies with SNI see: https://security.stackexchange.com/questions/101965/ssl3-error-when-requesting-connection-using-tls-1-2/102018#102018
https://en.wikipedia.org/wiki/Server_Name_Indication
To solve this problem you need to add following parameter: icm/HTTPS/client_sni_enabled and set it to TRUE on the DEFAULT profile. Afterwards you need to restart the application server in order to activate the effects of the parameter.
Link to the full question on SCN: https://answers.sap.com/questions/473015/sap-ssl-handshake-failed.html
EDIT:
I came across this error again later on, but this time it seemed that the error was caused because we used a certificate with TLS 1.2 which was not supported by our system. You can check this link: https://launchpad.support.sap.com/#/notes/510007 we implemented number 7 to fix this.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 5 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
not able to login into server through ssh. so logged in with rsh and when trying to ssh host itself getting error :
no common kex alg: client 'diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1', server 'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g=='
I found this log in /var/svc/log/network-ssh:default.log
[ May 14 21:23:13 Rereading configuration. ]
[ May 14 21:23:13 Executing refresh method ("/lib/svc/method/sshd restart") ]
[ May 14 21:23:13 Method "refresh" exited with status 0 ]
[ May 14 21:30:25 Stopping because service disabled. ]
[ May 14 21:30:25 Executing stop method (:kill) ]
[ May 14 21:33:08 Enabled. ]
[ May 14 21:33:08 Executing start method ("/lib/svc/method/sshd start") ]
Could not load host key: /.ssh/id_dsa
Could not load host key: /.ssh/identity
Disabling protocol version 1. Could not load host key
[ May 14 21:33:08 Method "start" exited with status 0 ]
thanks in advance.
Looks like the server and client don’t find a common authentication method.
I just got that with a sun cluster here: It only supports diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1, but my Gentoo GNU/Linux ssh server seems to have dropped the group1 algo.
Fixed by changing /etc/ssh/sshd_config on the ssh server to include
KexAlgorithms curve25519-sha256#libssh.org,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
I fear, though, that there was a reason for removing the group1 algorithm from the default. I would not do this on a publicly accessible box.
For reference also see https://security.stackexchange.com/questions/25662/openssh-default-preferred-ciphers-hash-etc-for-ssh2
Turn on verbose ssh which will hopefully show where the issue is.
E.g.
ssh -v host
If that doesn't give enough info, you can try
ssh -vv host
or even
ssh -vvv host
Look for the first error in the output which will hopefully give you clues as to where the issue lies.
I would like to enable the export of the users from Liferay into my OpenLDAP server.
So I enabled the ceckbox on the configuration page and I set the parameters in the LDAP export.
Now, when I try to create a user in Liferay I get:
Login is temporarily unavailable.
any suggestions?
this is the bt in java console:
Caused by: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - object
class: value #1 invalid per syntax]; remaining name 'cn=myname,dc=myTest,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3054)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:397)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:354)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_bind(ComponentContext.java:596)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(PartialCompositeContext.java:1
83)
at javax.naming.InitialContext.bind(InitialContext.java:404)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.addUser(PortalLDAPExporterIm
pl.java:360)
at com.liferay.portal.security.ldap.PortalLDAPExporterImpl.exportToLDAP(PortalLDAPExpor
terImpl.java:252)
at com.liferay.portal.security.ldap.PortalLDAPExporterUtil.exportToLDAP(PortalLDAPExpor
terUtil.java:62)
at com.liferay.portal.model.UserListener.exportToLDAP(UserListener.java:96)
at com.liferay.portal.model.UserListener.onAfterUpdate(UserListener.java:72)
... 91 more
Either you have wrong configuration, or you're stuck on a Liferay - LDAP bug.
Here's the list of unresolved issues.
Please provide us an English error message next time, because all I see in your screenshot is... an error message.
If you're using Liferay 6.1 Community there are a few unresolved LDAP related bugs in that version. I faced a number of problems and ultimately it worked by
Disbaling LDAP export in the LDAP wizard.
Creating a custom hook which is triggered at user login, creation or any other change to the user object. The hook problematically through Java JNDI look up library exports users into the external AD through LDAP. You can find the hook related code here: http://abhirampal.com/2014/12/20/liferay-ldap-export-to-active-directory-disabled-user-bug/
Feel free to ask if anyone's got any questions.
I'm trying to get WCF to use SSL with ANYTHING for FIVE DAYS now. I've gone through countless walkthroughs, generated more certificates than a mail order diploma company, even tried hot fixes. After working with MS dev tools since VB1, I am now considering flipping burgers as a career option. WCF, as far as I can see, is a complete lemon.
Anyway, to get to my actual question: If I run through this walkthrough:
http://msdn.microsoft.com/en-us/library/ff648840.aspx
I get to step 11 (adding the service reference) and get "There was an error downloading metadata from the address. Please verify that you have entered a valid address".
Details of the error gives: There was an error downloading 'https://localhost/SSL6/Service.svc'.
Unable to connect to the remote server
No connection could be made because the target machine actively refused it 127.0.0.1:443
I'm using VS2008 on Windows 7 with IIS7. I followed the walkthrough exactly (apart from step 5 which was different on IIS7- I went into "SSL Settings" for the VD), so it shows my config (yes I've used httpsGetEnabled and mexHttpsBinding).
Anyone care to save my sanity and job?
EDIT: If I go into IIS, select the VD in content view, right-click on the svc file and browse, I get "Internet Explorer cannot display the webpage". Chrome gives "Google Chrome could not connect to localhost".
IE troubleshooting gives "the remote device or resource won't accept the connection".
If I browse using the IP address rather than using localhost via http, it says that it's secured with https ok. If I browse using the IP and https, I get HTTP error 503. The service is unavailable.
So it looks to me like a DNS issue combined with... something.
When I try to just run the service site project, I get "Unable to start debugging on the web server. Unable to connect to the web server. Verify that the web server is running and that incoming HTTP requests are not blocked by a firewall". I've checked the firewall and it's ok.
Finally cracked it. There were at least three issues at play.
1) A DNS issue of some kind with localhost. It's still unresolved on my machine, but I can work around it by using the IP addy.
2) Another issue may have been that apparently, WCF doesn't work with IIS 7 OOTB. So you need to run command prompt as administrator, and run the following command -
"%windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe" -r -y
3) After I got through the certificate stuff I was still getting HTTP error 503, "Service unavailable". That ended up being leftovers from my previous attempts, still listening to ports:
http://blogs.msdn.com/webtopics/archive/2010/02/17/a-not-so-common-root-cause-for-503-service-unavailable.aspx
So to get a hello world level service happening with WCF and SSL took me a whole week, and in my travels I discovered many pilgrims who had taken about the same amount of time. Microsoft: You have failed.
Are you using IIS or self hosting? If you're using IIS, it sounds like it's incorrectly configured, because it seems it's not accepting connections on port 443; I guess you're probably missing a protocol binding (https to port 443). There's a detailed discussion of setting up SSL on IIS7 here that might be useful.
Of course, you could easily verify this using the browser, you should be able to connect to the site using SSL from it.
When I have had this error occur, I have found it very useful to run the service from Visual Studio to get additional information. Right-click on the service, and then select Debug -> Start New Instance from the pop-up menu. VS will launch the service using the WcfTestClient.exe.
WcfTestClient will display all the services and endpoints in your service project. A healthy launch will list your services in the a panel on the left, and provide a Start Page tab in a panel on the right. What will happen in your case, however, is that you'll get a list of services in a panel on the top and an "Additional Information" box along the bottom. Your problem service(s) will have a Status of Error.
Click on a problem service in the upper panel, and the Additional Information box will fill with an error message and stack trace. The message will tell you exactly what that problem mex (metadata exchange) address is. That may be enough of a hint for you to solve the problem. If not, post the Additional Information here and I'll be happy to take a look at it.