Spring has been getting rather unseasonably hot for Apache users as far as security flaws go. First there was news of how the FREAK (Factoring Attack on RSA-EXPORT Keys) vulnerability could impact Apache. For more on FREAK see this [excellent analysis](http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html) by Matthew Green, a cryptographer and research professor at Johns Hopkins University. Green points out that "Apache mod_ssl by default will generate a single export-grade RSA key when the server starts up, and will simply re-use that key for the lifetime of that server. What this means is that you can obtain that RSA key once, factor it, and …

Member Avatar
+1 forum 0

I am trying to make authenticate and authorization through windows 2008 active directory . i am able to authenticate and retrive users under direct member but unable to list or link users through member of member. suppose user joe is direct member of Dl-Engineering NS group and user sam is under Dl-Engineering AC group . but Dl-Engineering NS & Dl-Engineering AC are member of Dl-Engineering group so logically user sam & joe belongs to Dl-Engineering group via NS & AC group. But my code unable to find that. <?php // Initialize session session_start(); function authenticate($user, $password) { // Active Directory …

Member Avatar
+0 forum 0

Hello everyone, I am writing a Java program to reset LDAP account password. I know the password should be quoted passwrod and then encoded in UTF-16. I have a question, if someone can confirm please. I am getting encoded password as follow: String oldPassword = "Password1234"; String newPassword = "Password9999"; String oldQuotedPassword = "\"" + oldPassword + "\""; byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE"); String newQuotedPassword = "\"" + newPassword + "\""; byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE"); System.out.println("Old Password: " + new String(oldUnicodePassword)); System.out.println("New Password: " + oldUnicodePassword); System.out.println("Old unicode Password: " + new String(newUnicodePassword)); System.out.println("Old unicode Password: " + newUnicodePassword); ============================================== Output: …

Member Avatar
Member Avatar
+0 forum 6

On the Ad there is 2 security groups 1. SG-warehouse1 users : test1 2. SG-warehouse2 users : test2 These 2 Security groups belogs to one distubution list : DL-warehouse what i am trying to do instead of searching 2 secuirty gorups i like to check if the user links to DL-warehouse then redirect the user . But when i vardump its does'nt show distrubution list : DL-warehouse <?php // using ldap bind $ldaprdn = 'test-AU\test1'; // ldap rdn or dn $ldappass = 'Test01'; // associated password $ldaptree = ("OU=Users,OU=citrix,DC=testdc,DC=com,DC=au "); // connect to ldap server $ldapconn = ldap_connect("10.x.x.x") or die("Could …

Member Avatar
+0 forum 0

Hi all, I have a J2EE web application that I am integrating with LDAP to implment Password Reset functionality to allow AD users to change their own password. My code works at times, and sometimes it stops working throwing [code]LDAP error code 52, initializing SSL/TLS error.[/code] I don't know why this intermittent error is being thrown? Here's the line of code that gives error. StartTlsResponse tls = (StartTlsResponse) myLdapContext.extendedOperation(new StartTlsRequest()); Any idea, please? thanks.

Member Avatar
Member Avatar
+0 forum 4

I'm trying to change user ldap passwords heres the code $ds = ldap_connect(LDAP_HOST, LDAP_PORT); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); $bind = ldap_bind($ds, 'uid={admin},'.LDAP_BASEDN, '{admin password}'); $userpassword = "{SHA}" . base64_encode(sha1( '{password}', TRUE )); $userdata = array("userPassword" => $userpassword); $result = ldap_mod_replace($ds, 'uid={user},'.LDAP_BASEDN, $userdata); ldap_close($ds); `$result` returns true i can even see the userpassword field change when i view the entry but when i try to bind again using the new password it doesn't work, and the old password still works running mac server 10.4

Member Avatar
Member Avatar
+0 forum 2

I have been plagued by an issue for the past couple of days and I am yet to find a solution. I have an service installed at several customer sites. This service grabs data from a database, packages it up and then submits it to a web service hosted on a different server. This is done using SOAP and everything works absolutely fine when I am running the submission service under .NET 2. However, after a recent upgrade to .NET 4, I have been receiving a SoapException when my submission service attempts to logon to the web service. The error …

Member Avatar
Member Avatar
+0 forum 1

I've been working on an ASP.NET project. I've successfully implemented LDAP authentication for login and have tested it with multiple users with no issues. LDAP is only controlling my login credential. Everything else is stored in a SQL db. In that database I have a users table that has a bunch of information about the user. I need to do two items with this table as soon as my LDAP authentication completes. * I need to verify the user actually has an account in my users table and if not redirect them to a page with information to contact a …

Member Avatar
Member Avatar
+0 forum 1

Hi all,\ I have small issue. I wrote the code which check logon times of user on every domain controller, after that, it return the latest one. The problem is that if any of domain controller is off/faulty - I get an error "server is not operational" and the function stops. How to make it continue? for example: one of the DCs is not operational, so the function skips it and continue checking the logon times on other ones. Please assist. String Lastlogon(string username, string domainname) { try { { DirectoryContext context = new DirectoryContext(DirectoryContextType.Domain,domainname); DateTime latestLogon = DateTime.MinValue; string …

Member Avatar
Member Avatar
+0 forum 2

Hey there everyone! So, I am trying to implement a home network and would like it to run on either a Debian or Ubuntu server possibly virtualized with both on a XenServer. Anyways, my question is, would there be a way to create a domain like AD without having to use any Microsoft Products? I assume LDAP would be implemented somehow, but from what I've read it doesn't acutally do permissions as much as a way for AD and Unix machines to communicate (please correct me if I'm wrong.) My home network has my box (Ubuntu) as well as another …

Member Avatar
Member Avatar
+0 forum 3

I'm brand new to php with ldap. I have this problem weeks ago. The company I'm working in assigned me to test their resource management system, they want me to use the dummy users on the database, but whenever I try to use them, I can't access the system, but when I tried it on my computer account (LDAP) it's giving me access. Can you teach me how to use those dummy users to gain access to the system? How can I disable LDAP for the moment so I can test other functionality of the said system? Replies are much …

Member Avatar
Member Avatar
+0 forum 1

I've been working on getting a basic VB ASP.NET application put together that uses LDAP to login and I have it working. The login page has a form on it for login but the actual code for the login is inside my web.config file. When the user clicks login it runs a login validation on ldap from within my web.config. What I also need to happen is have the users id number returned to a session variable for use throughout the site. I'm trying to reduce the number of times I have to call to the database for small things …

Member Avatar
Member Avatar
+0 forum 1

I doubt this is the right place to post this question, but I didn't know where else I can put this. It does kinda involve PHP, but I've asked this question on Stack Overflow and didn't get much help. If this is the wrong place to put this, please do let me know. I'm creating a LDAP directory search using PHP and we're using Novell as our LDAP server. I'm able to successfully search and return results; this is the current filter I'm running, `(&(FERPA=N)(|(uid=*searchphrase*)(sn=*searchphrase*)(fullName=*searchphrase*)(telephoneNumber=*searchphrase*)))`. I want to be able to sort by last name, or the LDAP variable `sn`. …

Member Avatar
Member Avatar
+0 forum 3

[B]Hello DaniWeb[/B], [I]C#/ASP.Net[/I] I have a user and a server. The server has an intranet page/site I need the user(off-site) to be able to see if they are a part of a user group(domain\CN) on the server. Using ASP.Net, and Active Directory search classes(Directory Services, etc) is there a way for the user to navigate to the server/intranet site ... Have info about themselves available so that when they hit the IP/intranet site, the site will have a small gateway that will check for the user name on the machine, compare to what is in ActiveDir(common name) and then pass …

Member Avatar
Member Avatar
+0 forum 1

I'm trying to startup my Ubuntu Apache install and there's a problem loading LDAP modules that I can't seem to resolve: [QUOTE]httpd: Syntax error on line 65 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2.2/modules/mod_authnz_ldap.so into server: /usr/local/apache2.2/modules/mod_authnz_ldap.so: undefined symbol: apr_ldap_url_parse [/QUOTE] Any help would be appreciated, thanks.

Member Avatar
Member Avatar
+0 forum 8

Hi there, I am trying to get ldap_modify to change an attribute in my Active Directory. [CODE] $activeUser="Test Guy"; $floorname = "First Floor"; $entry[physicaldeliveryofficename] = $floorname $results = ldap_modify($ds,"CN=$activeUser,OU=Test,DC=LDAPSERVER,DC=COM", $entry); if (TRUE === $result) { echo "The entry was successfully modified."; } else { echo "The entry could not be modified."; } [/CODE] Am I doing something wrong? Thanks in advance, ML

Member Avatar
+0 forum 0

Hello All, I am not sure, if this is the right place to post this query. If not, please redirect me. Here is the brief explanation of I have a web application (GWT application) project in Eclipse. I have a server side code which interacts with LDAP directory for some operations. I have a ant script that compiles the project, copies the war folder to the webapps folder of TOMCAT installation and and starts the apache tomcat server. If I execute the ant script, tomcat server starts with in eclipse, and if I run the webapplication ( invoking the LDAP …

Member Avatar
Member Avatar
+0 forum 1

[CODE]$uploaddir = $_SERVER['DOCUMENT_ROOT'].'/bla/bla/uploads/'; $file = $uploaddir . basename($_FILES['uploadfile']['name']); $data = file_get_contents($uploaddir . $_FILES["uploadfile"]["name"]); $data=split("[;\r]",$data); include_once("processes.php"); $ldapconn=connectToDB(); $info["cn"] = $data[$c]; echo "|onoma-->"; echo $info["cn"] ; $c++; $info["sn"] = $data[$c]; echo "|epwnimo-->"; echo $info["sn"] ; $info["objectclass"][0] = "top"; $info["objectclass"][1] = "organizationalPerson"; $r = ldap_add($ldapconn, "cn=".$info['cn'].",cn=............,ou=.......,ou=......,ou=.....,dc=...,dc=gr", $info); [/CODE] so i get the attributes i want from the file correctly (i have also counted them and tried anything that proves i get the string from the attribute)... but i get the warning below |onoma-->Γιά|epwnimo-->Κωνσ Warning: ldap_add() [function.ldap-add]: Add: Invalid DN syntax when i insert the attributes like: [CODE]$info["cn"] = "�����"; $info["sn"] = "��������";[/CODE] they …

Member Avatar
Member Avatar
+0 forum 2

Hi, I'm trying to make a script in Linux which should send release note to a certain distribution list. Both the release note and distribution list are kept in a separate file. I already have initial distribution list, but it is taken from Outlook so I'm pretty sure the Linux "mail" program cannot understand it straight away - We are using Exchange and LDAP, so could someone point me to right direction on how to get the email address for a certain display name from Linux? The name which appears as a sender of each email in Outlook is something …

Member Avatar
+0 forum 0

hallo there everyone.. i got an array from my database [CODE]$save=split("[|;]",$listOfItems);[/CODE] and what i want i s after making some changes to the attributes on the array above to export them on an csv or excel format but directly as a message to the browser .. i dont want it to be saved on the server ... what i cant understand from the examples i found on the net and some on this particular forum .. is how to handle the files and which are created cause i just have the array in a php file nothing more... another thing …

Member Avatar
Member Avatar
+0 forum 3

hallo there again i would like to modify some entries on my ldap server via php actually i want to move some students from one dn to another i use ldap rename but nothing happens ... [CODE] $newparent='cn='.$save[$i].',cn=****,ou=******,ou=****.,ou=******,dc=****,dc=*** $dn= $save[$i+1]; $dn2=split("[,]",$dn);//that is the name of the student(which is on the 1st possition of the array as you see below) $modify=ldap_rename($ldapconn,$dn2[0],NULL,$newparent,true); [/CODE] on my mind also is to use ldapmodify...but not sure that works for my case on the ldap administrative side i can see that i also have to delete after moving an entry... any ideas... thanks

Member Avatar
+0 forum 0

On the php manual i realised there was a bug that got fixed ..but still cant make it work... my attributes are used like shown below.. [CODE] $r=ldap_sasl_bind ( $ds, bind dn..., 'MYCODE', 'GSSAPI', NULL<--?(realm of the heimdal), 'jimmy'<--?, 'dn:MY STUFF...?');[/CODE] there was another opinion that i schould recompile Apache and Php to use the same version..(hope this one is not offtopic) thank you

Member Avatar
Member Avatar
+0 forum 1

Hallo there i wan to make my ldap connect with the client pc's over ssl (like this one) [URL="http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.0"]http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.0[/URL] or this one [URL="http://www.madboa.com/geek/openssl/#cert-self"]http://www.madboa.com/geek/openssl/#cert-self[/URL] i have already made a self signed key and all the steps i found through the internet... but when i try to do one of the last steps and i have an error "error 18 at 0 depth lookup:self signed certificate." has anyone any idea.... P.S.: sorry for the title...connection :)

Member Avatar
Member Avatar
+0 forum 4

Hey there, I'm writing a PHP application that will use an LDAP server to authenticate. The LDAP server requires me to use a privileged DN/bindDN before I can authenticate my user. I can do the first bind, using the privileged user settings provided, but then how do I authenticate my user? I see an ldap_compare function in PHP that I could use to compare the username and password provided by the user? Or do something different altogether. Thanks David

Member Avatar
Member Avatar
+0 forum 1

Hey there, I'm setting up a test LDAP server using openLDAP 2.4.19 on Archlinux. Once up, I'll be building some PHP apps that will authenticate against the LDAP server. I've configured applications to use LDAP many times, but never configured an LDAP server. When setting up apps in the past, I always set a privileged user DN or BindDN and password for connecting to the LDAP server. When setting up my own LDAP server, I can't figure out how to set it up to require a Privileged user/binddn. I'm able to create users and other nodes, but can't seem to …

Member Avatar
+0 forum 0

Do you need to connect your Linux Desktops or Servers to Microsoft's Active Directory (AD)? If you do, now you can learn how to do it straight from the source at Microsoft's TechNet site in the article: [URL="http://technet.microsoft.com/en-us/magazine/dd228986.aspx"]Authenticate Linux Clients with Active Directory[/URL]. Do you wonder why you'd want to do this? It may not be intuitively obvious but there are IT shops out there (maybe even yours) that use Windows exclusively because of Active Directory authentication. Linux is, or was, often excluded because of its inability to integrate successfully with AD. There are a few products like [URL="http://www.likewisesoftware.com"]LikeWise Software's[/URL] …

Member Avatar
Member Avatar
+0 forum 1

The End.