I configured ldaps by refering http://linuxtechres.blogspot.com/2010/04/how-to-configure-ldaps-or-starttls.html.
after that when I try to ldapsearch, it wont display any resulsts.
entries are there in ldap, as I will get error if I try to ldapadd them .
If I remove TLS related info from ldap.conf and slapd.conf , ldapsearch works nicely and display all entries.
Can someone help please?
Do you have some minimum level of confidentiality required in your config file? Also the way the ACLs work is that they stop processing after the first hit (in general) so if you have an ACL on a specific user type that is extremely limiting that may be what causes your situation. The admin account can always see everything in case you do mess things up.
Probably late for this, but... Have you tried the ldapsearch/ldapadd option "-ZZ"?
What you want to do is look at the slapd.log file and see what error the OpenLDAP server is returning when you try to connect. Then you will have a hint of where to go next.
Related
I'm using Spring application and stack is like: Java 11, Spring Boot 2.2.1.RELEASE.
(technology versions may vary here)
When I try to connect to the database via Data Source using Intellij IDEA, I get always the issue like:
The specified database user/password combination is rejected:
[28P01] FATAL: password authentication failded for user 'postgres'
How can I fix it?
To be noticed: this answer is similar, but not related to:
Unable to connect from Intellij to mySql running in docker container - "specified database user/password combination is rejected"
To fix it:
you need to check your application.properties file and change the value of user password on line:
spring.datasource.password=your_password
The cause of issue is:
your value of the property spring.datasource.password in application.properties
does not match the user password what was selected by default during installing your database system.
E.g. more specifically on the step "Enter the password for the database superuser (postgres)":
To clarify: provided example is for PostgreSQL, but it can be another database system.
Edit: this assumes you run Linux
if the other answer provided by invzbl3 doesn't work, check out this solution, it worked for me. Make sure to restart afterwards.
https://docs.fedoraproject.org/en-US/quick-docs/postgresql/#_initial_configuration
If you’re getting ident errors from your app you’ll probably need to perform the accepted solution described at https://serverfault.com/questions/406606/postgres-error-message-fatal-ident-authentication-failed-for-user?newreg=a4fdc3e21349449985cc65b82399c5b4
(if you don't have nano, just use any other text editor)
sudo nano /var/lib/pgsql/data/pg_hba.conf
and edit host all all 127.0.0.1/32 ident to host all all 127.0.0.1/32 md5.
This should allow most applications to connect with username/password.
I setup a peer-to-peer replication topology on 2 IBM LDAP servers (Version 6.4). It works, both ways, with simple attribute modifications like changing description or displayName attributes. But it blocks when I add a new entry on either server. I checked the logs and see an error 50 (insufficient access) for the change. The audit logs show an "extra" operational attribute, ibm-entryuuid, are added to the other server, which maybe causes the error.
It also blocks when I try to login on an account with an invalid password. I get an error 65 (object class violation). This is maybe because the password policy mechanism modifies/adds/deletes certain operational attributes(e.g. PWDFAILURETIME)
The schema files are the same for both servers. And both servers are cryptographically synched.
I use JXplorer to test. I use admin credentials.
What should I do to allow these operations to replicate? Thanks in advance for any help.
Update:
I have checked the supplier credentials and when I tried to change the ibm-slapdmasterdn and ibm-slapdmasterpw, I get an Already Exists error. What do I do?
I found the problem. I didn't quite understand what the credentials attributes meant until I re-read the IBM tutorial. I was trying to modify the replica DN to the admin DN, that's why I got the error.
It replicates smoothly now.
Exhausted available authentication methods. Please contact your web hosting service provider for assistance.
I continue to receive this error on Cyberduck. I was able to log into the account when I first downloaded Cyberduck. When I was finished with my work I saved/ closed everything, and it was so far so good. I hadn't logged out of the account. But since I have been trying to log back in I have been receiving this error.
Please help.
If you are using Mac, try removing the application password from Keychain. There's a possibility that the old password is corrupted.
For me, my password was set to "$this->request()". So no matter what I type when connecting, Cyberduck used this "old" password.
You use Cyberduck to connect to an FTP server right?
If it's at all possible that anyone else has access to this account and failed to login a magical number of times (usually 3) then the server may have locked your account and needs to be restarted.
Or something is wrong with the server itself.
I hate to say it but contacting whoever is in charge of the server, as it said, is probably best. Without more information there's no way to know what went wrong.
I tried to remove the application password but it kept failing to connect.
The solution was simply to remove and re-install the app.
In my case i was passing the username wrong.
I typed ununtu instead of ubuntu.
Check you server details you entered.
I have uncommented the LDAP and UserMapper connectors in application.xml
I know my LDAP credentials (binddn, hostname, etc) are all working, because I use LDAP authentication and authorization for other apps on my server.
All I've done, is make the changes to application.xml and security.properties. Is there something else I'm supposed to do?
When I try to login with a user from LDAP, it is unsuccessful. Is there a log file I can check to see what's going wrong? I find the archiva documentation to be sparse and laconic.
Here is my security.properties file - some values have been altered, maybe someone can verify the structure is in-tact:
# LDAP
user.manager.impl=ldap
ldap.bind.authenticator.enabled=true
redback.default.admin=admin
security.policy.password.expiration.enabled=false
ldap.config.hostname=localhost
ldap.config.port=389
ldap.config.base.dn=domainName=mydomain.com,o=domains,dc=mydomain,dc=com
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap.config.bind.dn=cn=Manager,dc=mydomain,dc=com
ldap.config.password=mypass
ldap.config.mapper.attribute.email=mail
ldap.config.mapper.attribute.fullname=displayName
ldap.config.mapper.attribute.password=userPassword
ldap.config.mapper.attribute.user.id=mail
ldap.config.mapper.attribute.user.base.dn=ou=Users
ldap.config.mapper.attribute.user.object.class=inetOrgPerson
ldap.config.mapper.attribute.user.filter=(objectclass=inetOrgPerson)
Also, the config.mapper.attribute.user.base.dn confuses me. The basedn of my users is here:
ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com
So does that mean for base DN I put: domainName=scoresecret.com,o=domains,dc=scoresecret,dc=com
and for config.mapper.attribute.user.base.dn: ou=Users
Let me know if I'm doing something wrong, if I'm forgetting to do something to "switch LDAP on", and if I can find some logs to point me in the right direction. Thanks a ton
Make sure you have configured an admin user that exists in LDAP - at the moment there's no way to use an internal user for that.
redback.default.admin=admin
Replace admin with a role account in your LDAP server that can be used for this.
Here is a configuration template I use which should show the values you'd need to populate:
https://github.com/maestrodev/puppet-archiva/blob/master/templates/security.properties.erb
It seems the main difference could be the user filter being empty?
(See also thread on users#archiva.apache.org: http://s.apache.org/KDj)
I've been developing a winforms app tied to sql server. I haven't rebooted in a while. Today i rebooted and now I can't log into sql. I used every account I know and their passwords including one that was working just before i rebooted and i get a 'Login failed' . I did take the database I use offline just before starting and I do have backups before then.
thoughts on what happened? Is there a way to bring the database back online OR somehow find out what passwords are? I even tried using windows authenication with me as an admin on the box AND sa (Yes, bad) and still no dice.
:-/ That's a rough place to be ... I wish you luck. Check out this blog post, not sure if you're using sql 2k5 or not, but if so, it may be helpful:
http://blogs.msdn.com/raulga/archive/2007/07/12/disaster-recovery-what-to-do-when-the-sa-account-password-is-lost-in-sql-server-2005.aspx
Have you checked to make sure that the service is actually running? Also are you trying to connect using IPC, TCPIP or named pipes? Whichever way make sure it's enabled in the configuration tools.
Since admin's on the box are SQL admins the only thing I can think of is that the service is not running.