| |
| |
| |
|
Page: 1 2 3 4
<podzap> i find it amusing that the US govt thinks that americans are the only ones in the world who can do crypto math.
<podzap> and even more amusing, when i worked for SSH in Finland, I had the ipsec source tree on my laptop...
<podzap> i could take it into the US, but I could not leave with it.
<podzap> (according to the law)
<podzap> even though the source was 100% written in Finland
<podzap> gotta run now. later.
<Aaron> hahaha
<Aaron> nice
<Aaron> idjits :)
<Aaron> honestly crytpo developed in the us is all over despite any export rule
<hyc> US crypto laws are definitely a joke...
<hyc> sick joke
<Aaron> heeh
<hyc> and US IP laws and so on and so on...
<hyc> richm - re: FIPS certification, I see that OpenSSL is also pending 140-2. But as I understand it, only a very specific configuration an be certified. Even down to the build environment, toolchain. So in what way is NSS certified?
<richm> hyc: Hm - I thought there was something on the http://www.mozilla.org/projects/security/pki/nss/ page about FIPS.
<richm> hyc: http://www.mozilla.org/projects/security/pki/nss/fips/ and http://wiki.mozilla.org/FIPS_Validation
<hyc> thx
<yarihm> cu guys
<mh_le> when I start ldap I get this error: Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1
<mh_le> anyone?
<reiffert> How do you start it?
<mh_le> /etc/init.d/ldap start
<mh_le> hmm
<mh_le> I get this error.. http://pastebin.com/401539
<Aaron> mh_le, should be a log somewhere
<Aaron> I dont know exacly where
<mh_le> think I solved it..
<mh_le> what does a Ban DN error mean?
<mh_le> Ban = Bad
<apeiron> It means that your DN got coal for Christmas.
<mh_le> would you tanslate, please?
<apeiron> It was a bad geek joke. :)
<apeiron> What's the DN?
<mh_le> I don't know what a DN is..
<apeiron> Distinguished Name
<apeiron> What gave that error?
<mh_le> aadduser_ox, and you are prob not familiar with OpenXchange, but where does one set DN?
<apeiron> Usually either a command-line argument, a library call parameter, or a configuration file directive.
<mh_le> ok I seemed to have solved that problem.. now I get an error from ldap_bind: bad credentials..
<Aaron> *sigh*
<Aaron> what's the rootdn line from your conf file
<satsonic_> hello
<satsonic_> i want to fetch all user email addresses from ldap database, how do i from command line?
<apeiron> ldapsearch or slapcat.
<mh_le> Aaron: "cn=Manager,dc=eccentric,dc=dk"
<Aaron> k...
<Aaron> now how are you trying to log in
<satsonic_> apeiron, ok i have to use ldapsearch right?
<satsonic_> actually i wanted all email addresses in a text file
<mh_le> Aaron: I'm trying to create a user in OpenXchange adduser_ox
<Aaron> sounds like a question for their forums, if they have them
<mh_le> yeah.. I thought Bad credentials might ring a bell :)
<Aaron> well
<Aaron> it means that it's the wrong username and or p***word
<Aaron> but..
<Aaron> *shrug*
<Aaron> as far as why? I dont know how you're logging in
<mh_le> good point..
<Aaron> if openxchange asks you for a dn it's "cn=Manager,dc=eccentric,dc=dk"
<mh_le> I see
<satsonic_> i got email addresses from ldap by doing "slapcat > ldaplist" then to strip only lines with email i did "cat ldaplist | grep @ > ldaplistemails" now i want email addresses only from ldaplistemails
<Aaron> and the p***word is whatever you specified in the conf file
<mh_le> Aaron: I'm sure I got them right..
<Aaron> mh_le, try connecting via a standard ldap client
<Aaron> using those credentials
<Aaron> in this way you establish that yes, the credentials are right
<Aaron> or no, they are not working
<Aaron> mh_le, have you used ldapadd in the way described in the quickstart?
<mh_le> not that I recall, no
<Aaron> such as to add a 'real' object like what is specific as the suffix?
<Aaron> and one for the manager?
<Aaron> do that, then connect with a regular client
<Aaron> you will find a good one using the google search "ldap browser site:.gov"
<Aaron> java based, but it's still good
<mh_le> cool
<mh_le> Aaron: when I try to ldapadd the initial user, I get a bad credential even though I'm using the same p***word I set in the config file
<Aaron> did you encrypt the p***word in the config file?
<Aaron> and was the ldap server running while you changed the p***word
<mh_le> I didn't encrypt the p***word..
<Aaron> k
<Aaron> well
<Aaron> mh_le, care to pastebin your conf file?
<Aaron> I would not keep the p***word in there , but pastebin the rest
<mh_le> I restarted openldap and I get the following error.. I'll paste it in pastebin..
<mh_le> http://pastebin.com/401628
<Aaron> post your conf file
<mh_le> okay
<mh_le> http://pastebin.com/401629
<Aaron> and <secret> is obviously not the real p***word
<Aaron> mh_le, is this running on a world-accessible IP?
<mh_le> yeah
<Aaron> what's the address
<mh_le> eccentric.dk
<mh_le> the ldap port is not open to the world though
<Aaron> mm
<mh_le> ;)
<apeiron> Did you feed the output of slapp***wd to ldapp***wd? :)
<Aaron> well in that case, i dont have any way of trying myself
<mh_le> I can open it though
<Aaron> so all i can tell you is you've typed something wrong somewhere
<Aaron> one of these others may be able to tell you what's wrong without hands-on experience with it, but I cannot
<mh_le> Aaron: that config file is the only place to specify the p***word, right?
<Aaron> in an otherwise empty DB, yes
<mh_le> okay.. because I can't connect with the one I specified
<Aaron> later, you can add access rules to allow a certain object the same permissions as rootdn
<Aaron> but that's later.
<mh_le> is there a way to "reset" openldap?
<Aaron> dont know exactly what you mean by that
<Aaron> but for the moment..
<Aaron> go ahead and open said port
<mh_le> empty the db, start from scratch
<mh_le> it's open
<Aaron> connection refused
<mh_le> 389, right?
<Aaron> yah
<mh_le> for some reason my router refuses to open it..
<Aaron> well
<Aaron> the conf file is the only relevant part at this point
<Aaron> your actual database is empty already
<mh_le> okay try again
<Aaron> I can connect anonymously
<mh_le> do you get any data?
<Aaron> it's empty, but it ***erts that it's suffix is dc=eccentric,dc=dk
<Aaron> which is common
<Aaron> until actual objects exist
<mh_le> okay
<Aaron> if you like, you can /msg me the root p***word
<Aaron> and change it later
<mh_le> okay, just a sec..
<Aaron> if you're ***igning a temp p***word in the conf file, you will of course need to restart slapd
<Aaron> I can connect
<mh_le> Really?
<Aaron> yeah
<Aaron> you're typing something wrong
<Aaron> on the client
<Aaron> go back to the quickstart guide
<Aaron> create the ldif file as noted
<Aaron> dont copy and paste the example
<mh_le> I can't even connect with that p***word from the java ldap client...
<Aaron> just type it in using the example
<mh_le> http://pastebin.com/401629
<Aaron> then import it with ldapadd
<mh_le> whoops wrong paste
<mh_le> I get this when I use ldapadd.. http://pastebin.com/401637
<Aaron> ...
<Aaron> pastebin the ldif you're using
<mh_le> http://pastebin.com/401639
<Aaron> *chuckle*
Return to ldap
or
Go to some related
logs:
gsharp lilypond
reparera windows står bara C:\WINDOWS
how to view systemmailbox exchange
rock
|
|