[systemsettings] [Bug 470470] Usage of setxkbmap on Wayland resets Keyboard-Layout to US (even if it is not configured)

2024-04-16 Thread zeus 
https://bugs.kde.org/show_bug.cgi?id=470470

--- Comment #2 from zeus  ---
(In reply to Wismill from comment #1)
> setxkbmap and xmodmap are X11-only tools and will not work with Wayland. So
> e.g. `setxkbmap -query` will most probably not gives you any meaningful
> information. In a Wayland session, the only way to check reliably your
> keymap in X11 is to use `xkbcomp $DISPLAY -` .

Yes, I know this. My point was, that this can be a very common configuration
for anyone migrating from X11 to Wayland, and in this case, very unpredictable
things do happen.

-- 
You are receiving this mail because:
You are watching all bug changes.

[kwin] [Bug 461501] Glitchy flickering artifacts while rendering tooltips on system tray and certain applications when using Morphing Popups effect

2024-03-07 Thread Zeus 
https://bugs.kde.org/show_bug.cgi?id=461501

Zeus  changed:

   What|Removed |Added

 CC||epluribusunum1776@hotmail.c
   ||om

-- 
You are receiving this mail because:
You are watching all bug changes.

[kwin] [Bug 462282] Task switcher under Wayland: icons/previews are not clickable

2024-02-24 Thread Zeus 
https://bugs.kde.org/show_bug.cgi?id=462282

Zeus  changed:

   What|Removed |Added

 CC||epluribusunum1776@hotmail.c
   ||om

--- Comment #16 from Zeus  ---
(In reply to Nate Graham from comment #11)
> I think that falls under the category of "well then don't do that." :)
> Meta+dragging is a power user feature; it's up to you to use it responsibly.
> 
> Also this is a new thing from what was originally reported; since the
> originally reported issue is no longer reproducible, let's close it.

i *think* i can shed some light on this: i use meta+tab/cmd+tab for task
switcher, and i can only drag the task switcher, not click on any of the
thumbnails. i'm using thumbnail grid, but this is the case for every
visualisation (including cover switch, which is jarring)

this did not cause issues in x11, so i would count this as a regression (meta
didn't drag the task switcher, and clicking worked as expected)

i presume the original reporter used alt for window dragging, and so was
experiencing the same thing

it works fine if i change the drag modifier key in Window Management -> Window
Behaviour -> Window Actions to alt, but that causes other problems

(forgive me, i don't know what the correct thing to do is - comment on a closed
issue, or clone it and make a new one that is likely the same. i didn't want to
summarily mark it as reopened for this reason)

-- 
You are receiving this mail because:
You are watching all bug changes.

[frameworks-kholidays] [Bug 470492] German Holiday "Fronleichnam" missing for all regional german calender-variants

2023-05-31 Thread zeus 
https://bugs.kde.org/show_bug.cgi?id=470492

--- Comment #2 from zeus  ---
Nevermind, regional holidays do actually work. The problem is just, that
changing the calender does not have any effect on the running kalender. So if
you restart your Plasma-Session the Calendar is actually correct. However, the
bug is then, that a change of the holiday-calender does not trigger a reload of
calender-entries. Any other modification (like for example enabling
astronimical events) triggers them to show up without the applet or plama
having to be restarted, like expected.

-- 
You are receiving this mail because:
You are watching all bug changes.

[frameworks-kholidays] [Bug 470492] German Holiday "Fronleichnam" missing for all regional german calender-variants

2023-05-31 Thread zeus 
https://bugs.kde.org/show_bug.cgi?id=470492

--- Comment #2 from zeus  ---
Nevermind, regional holidays do actually work. The problem is just, that
changing the calender does not have any effect on the running kalender. So if
you restart your Plasma-Session the Calendar is actually correct. However, the
bug is then, that a change of the holiday-calender does not trigger a reload of
calender-entries. Any other modification (like for example enabling
astronimical events) triggers them to show up without the applet or plama
having to be restarted, like expected.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[frameworks-kholidays] [Bug 470492] German Holiday "Fronleichnam" missing for all regional german calender-variants

2023-05-31 Thread zeus 
https://bugs.kde.org/show_bug.cgi?id=470492

--- Comment #1 from zeus  ---
Edit: The second of the two holidays specific to northrhine-westfalia
("Allerheiligen", always on 1st November) also does not show up in my calendar.
Please note, that "Allerheiligen" is valid for a different subset of germanys
regions than "Fronleichnam". So  I guess all regional holidays are like not
working?

-- 
You are receiving this mail because:
You are watching all bug changes.

[frameworks-kholidays] [Bug 470492] German Holiday "Fronleichnam" missing for all regional german calender-variants

2023-05-31 Thread zeus 
https://bugs.kde.org/show_bug.cgi?id=470492

--- Comment #1 from zeus  ---
Edit: The second of the two holidays specific to northrhine-westfalia
("Allerheiligen", always on 1st November) also does not show up in my calendar.
Please note, that "Allerheiligen" is valid for a different subset of germanys
regions than "Fronleichnam". So  I guess all regional holidays are like not
working?

-- 
You are receiving this mail because:
You are the assignee for the bug.

[frameworks-kholidays] [Bug 470492] German Holiday "Fronleichnam" missing for all regional german calender-variants

2023-05-31 Thread zeus 
https://bugs.kde.org/show_bug.cgi?id=470492

zeus  changed:

   What|Removed |Added

Summary|German Holiday  |German Holiday
   |"Fronleichnam" missing for  |"Fronleichnam" missing for
   |all regional|all regional german
   |calender-variants   |calender-variants

-- 
You are receiving this mail because:
You are watching all bug changes.

[frameworks-kholidays] [Bug 470492] German Holiday "Fronleichnam" missing for all regional german calender-variants

2023-05-31 Thread zeus 
https://bugs.kde.org/show_bug.cgi?id=470492

zeus  changed:

   What|Removed |Added

Summary|German Holiday  |German Holiday
   |"Fronleichnam" missing for  |"Fronleichnam" missing for
   |all regional|all regional german
   |calender-variants   |calender-variants

-- 
You are receiving this mail because:
You are the assignee for the bug.

[frameworks-kholidays] [Bug 470492] New: German Holiday "Fronleichnam" missing for all regional calender-variants

2023-05-31 Thread zeus 
https://bugs.kde.org/show_bug.cgi?id=470492

Bug ID: 470492
   Summary: German Holiday "Fronleichnam" missing for all regional
calender-variants
Classification: Frameworks and Libraries
   Product: frameworks-kholidays
   Version: unspecified
  Platform: Other
OS: Linux
Status: REPORTED
  Severity: normal
  Priority: NOR
 Component: general
  Assignee: kdepim-bugs@kde.org
  Reporter: k...@kostianix.de
  Target Milestone: ---

SUMMARY
***
The German Holiday "Fronleichnam" is a religious christian holiday in June. It
is only applicable in around a third of the German federal states, and the
definition-files (e.g.
https://invent.kde.org/frameworks/kholidays/-/blob/master/holidays/plan2/holiday_de-nw_de)
list them, but they don't actually show up in my calendar (i have explicitly
choosen de-nw_de as holiday-calendar for the "Northrhine-Westphalia" Region in
Germany, but this also applies on other regions, where this is a valid holiday
like bavaria). This year, in 2023, the holiday would be on june 8th.

As far as I can tell, for at least the last year it also hasn't been in my
calendar applet.
Tested on Ubuntu 22.04 and Archlinux.

***

OBSERVED RESULT
German Holiday "Fronleichnam" missing

EXPECTED RESULT
Holiday available in the respective calendars.

ADDITIONAL INFORMATION
This Holiday is a legit holiday in the following german regions:
BW (Baden-Würtemberg)
BY (Bayern)
HE (Hessen)
NW (Nordrhein-Westfalen)
RP (Rheinland-Pfalz)
SL (Saarland)

-- 
You are receiving this mail because:
You are the assignee for the bug.

[frameworks-kholidays] [Bug 470492] New: German Holiday "Fronleichnam" missing for all regional calender-variants

2023-05-31 Thread zeus 
https://bugs.kde.org/show_bug.cgi?id=470492

Bug ID: 470492
   Summary: German Holiday "Fronleichnam" missing for all regional
calender-variants
Classification: Frameworks and Libraries
   Product: frameworks-kholidays
   Version: unspecified
  Platform: Other
OS: Linux
Status: REPORTED
  Severity: normal
  Priority: NOR
 Component: general
  Assignee: kdepim-b...@kde.org
  Reporter: k...@kostianix.de
  Target Milestone: ---

SUMMARY
***
The German Holiday "Fronleichnam" is a religious christian holiday in June. It
is only applicable in around a third of the German federal states, and the
definition-files (e.g.
https://invent.kde.org/frameworks/kholidays/-/blob/master/holidays/plan2/holiday_de-nw_de)
list them, but they don't actually show up in my calendar (i have explicitly
choosen de-nw_de as holiday-calendar for the "Northrhine-Westphalia" Region in
Germany, but this also applies on other regions, where this is a valid holiday
like bavaria). This year, in 2023, the holiday would be on june 8th.

As far as I can tell, for at least the last year it also hasn't been in my
calendar applet.
Tested on Ubuntu 22.04 and Archlinux.

***

OBSERVED RESULT
German Holiday "Fronleichnam" missing

EXPECTED RESULT
Holiday available in the respective calendars.

ADDITIONAL INFORMATION
This Holiday is a legit holiday in the following german regions:
BW (Baden-Würtemberg)
BY (Bayern)
HE (Hessen)
NW (Nordrhein-Westfalen)
RP (Rheinland-Pfalz)
SL (Saarland)

-- 
You are receiving this mail because:
You are watching all bug changes.

[systemsettings] [Bug 341314] Plasma 5 somehow falls back to US keyboard after startup

2023-05-30 Thread zeus 
https://bugs.kde.org/show_bug.cgi?id=341314

zeus  changed:

   What|Removed |Added

 CC||k...@kostianix.de

--- Comment #8 from zeus  ---
sorry, did not see this issue beforehand, but it might be related to what i
just filed: https://bugs.kde.org/show_bug.cgi?id=470470

-- 
You are receiving this mail because:
You are watching all bug changes.

[systemsettings] [Bug 470470] New: Usage of setxkbmap on Wayland resets Keyboard-Layout to US (even if it is not configured)

2023-05-30 Thread zeus 
https://bugs.kde.org/show_bug.cgi?id=470470

Bug ID: 470470
   Summary: Usage of setxkbmap on Wayland resets Keyboard-Layout
to US (even if it is not configured)
Classification: Applications
   Product: systemsettings
   Version: 5.27.5
  Platform: Archlinux
OS: Linux
Status: REPORTED
  Severity: normal
  Priority: NOR
 Component: kcm_keyboard
  Assignee: plasma-b...@kde.org
  Reporter: k...@kostianix.de
CC: butir...@gmail.com
  Target Milestone: ---

SUMMARY
***
While the title suggests, that a lot of random things need to happen at the
same time, i don't think this situation is as uncommon as it first seems. I've
had the following in my .bashrc: 
`setxkbmap -option ctrl:nocaps 2>/dev/null`. 
While I totally agree, that x-keyboard-options should be set via config file
rather than invoking them by the bashrc, it is however a totally legit way to
archieve the desired behaviour (remap capslock in this case). However, if you
have only one keyboard layout configured (just `de` in my case, no modified
layouts), any use of xkbmap seems to break the layout, and - at least for some
apps - reverts it to the `us`-layout (even it is not in my list of configured
layouts). Even more strange is, that this only seem to affect some
applications. For me the effect was most noticeable in firefox and thunderbird. 

I think it is not that uncommon for people switching from xorg to wayland to
have some kind of options like this in some scripts. Especially annoying here
is, that this will never be reproducible on new installs with a fresh homedir.
Even though this clearly qualifies as "user-error", the keyboard should never
ever fall back to an unconfigured layout, and behaviour like this is not very
obvious to track down, because if you stare at it, you won't be able to observe
the error until you start a new shell. 

As already assumed, calling xmodmap without redirecting the output, says that
it is running against Xwayland, which might explain different behaviours in
different windows. However, while having an xorg-compatibility layer is
awesome, having multiple keyboard layouts active at the same time depending on
the window is certainly not. 

any "apply" action in the "settingsmenu/input/keyboard" subsection reverts this
behaviour to the expected state. I'd assume, there are alot of universal apps
(flatpak..) that will be affected by this, too.

***


STEPS TO REPRODUCE
1. put some `xmodmap` command in your .bashrc and start a terminal under
wayland. Alternatively execute manually.

OBSERVED RESULT
- some applications like firefox and thunderbird end up with a default, but
unconfigured and unlisted (in terms of the plasma settingsmenu) keyboard-layout
(us).

EXPECTED RESULT
- keyboard-settings should be applied uniformly between apps regardless of
wayland, Xwayland, flatpak, fullscreen-games, etc..

SOFTWARE/OS VERSIONS
- Linux/KDE Plasma: Linux/6.3.4-arch1-1
- KDE Plasma Version: 5.27.5
- KDE Frameworks Version: 5.106.0
- Qt Version: 5.15.9

All-AMD-System (Ryzen7xxx/Navi31), Single Monitor Setup.
Initially i thought this might be related to
https://bugs.kde.org/show_bug.cgi?id=433576, but it turns out unrelated, as my
behaviour perists with more than one layout as well. However, they seem
somewhat similar anyways.

-- 
You are receiving this mail because:
You are watching all bug changes.

no accesslog record on "delete" sync state control

2022-09-12 Thread Zeus Panchenko 
hi

I face a weird situation with my LDAP syncrepl consumer [1],

please advise ...

on "delete" sync state control receiving, I'm trying to search for
accesslog object with the just deleted object to use it in further
processing, but it is not available yet

though if I set delay (sleep) for 1 sec just before the search, then I
successfully receive the object

so, is it intended behavior?

here is this search:
https://github.com/z-eos/regather/blob/master/lib/App/Regather.pm#L439

[1] https://github.com/z-eos/regather

-- 
Zeus V. Panchenko   . jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC..:  GMT+2 (EET)

Re: FreeBSD Port: emulators/linux_base-c7

2022-08-29 Thread Zeus Odin 
I have a multi-boot system with Arch Linux, FreeBSD, OS X, and Windoze. 
Arch Linux kernel version is up to 5.19.2. Should that affect our decision?


[zeus@olympus ~]$ uname -a
Linux olympus.gods.org 5.19.2-arch1-1 #1 SMP PREEMPT_DYNAMIC Wed, 17 Aug 
2022 13:48:51 + x86_64 GNU/Linux

[zeus@olympus ~]$ uname -srm
Linux 5.19.2-arch1-1 x86_64

Will look at sysctl compat.linux.osrelease. Could someone give any 
direction in rebuilding my base-c7 or perhaps I can create base-c8. Thanks.



On 8/29/22 09:29, Patrick M. Hausen wrote:

Hi all,


Am 29.08.2022 um 15:19 schrieb Zeus Odin :
FATAL: kernel too old

Any idea what I can do to resolve this? Is it possible that I can build a newer
compat kernel from source? Other?

Probably the software is checking the Linux kernel version and decides
that the fake version FreeBSD presents is "too old".

You can toy with

sysctl compat.linux.osrelease

although I don't know what precisely you should put in there instead of the 
default.

HTH,
Patrick

FreeBSD Port: emulators/linux_base-c7

2022-08-29 Thread Zeus Odin 
Just upgrade FreeBSD from 13.0 RELEASE to 13.1. I downloaded the latestlinux 
version of Citrix (linuxx64-22.7.0.20.tar.gz). The FreeBSD port ishopelessly 
out of date (linuxx86-13.10.0.20). I did a manual conversionof linuxx64 to 
install on FreeBSD 13.1. I received no installation errors. I still have to 
integrate the x86 patches into the x64 installation. Nonethless, I am getting 
the following error:
FATAL: kernel too old
Any idea what I can do to resolve this? Is it possible that I can build a 
newercompat kernel from source? Other?
Thanks,Zeus

Re: Vulnerability Report [Misconfigured DMARC Record Flag]

2022-06-21 Thread Cyber Zeus 
Hi team
kindly update me with the bug that I've reported.
-Zeus

On Fri, May 20, 2022 at 11:34 PM Cyber Zeus  wrote:

> Hi Team,
> I am an independent security researcher and I have found a bug in your
> website
> The details of it are as follows:-
>
> Description: This report is about a misconfigured Dmarc record flag, which
> can be used for malicious purposes as it allows for fake mailing on behalf
> of respected organizations.
>
> About the Issue:
> As i have seen the DMARC record for
>
> *druid.apache.org*
>
> which is:
> DMARC Policy Not Enabled
> DMARC Not Found
>
> As u can see that your DMARC record, a valid record should be like:-
>
> DMARC Policy Enabled
> What's the issue:
> A DMARC record is a type of Domain Name Service (DNS) record that
> identifies which mail servers are permitted to send an email on behalf of
> your domain. The purpose of a DMARC record is to prevent spammers from
> sending messages on the behalf of your organization.
>
> Attack Scenario: An attacker will send phishing mail or anything malicious
> mail to the victim via mail:
>
> commits-h...@druid.apache.org
>
>
> even if the victim is aware of a phishing attack, he will check the origin
> email which came from your genuine mail id
> commits-h...@druid.apache.org
>
>
> so he will think that it is genuine mail and get trapped by the attacker.
> The attack can be done using any PHP mailer tool like this:-
>
>  $to = "vic...@example.com";
> $subject = "Password Change";
> $txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
> $headers = "From:
>
> commits-h...@druid.apache.org
>
>
> ";mail($to,$subject,$txt,$headers);
> ?>
>
> U can also check your Dmarc/ SPF record form: MXTOOLBOX
>
> Reference:
> https://support.google.com/a/answer/2466580?hl=en
> have a look at the GOOGLE article for a better understanding![image:
> image.png]
> [image: image.png]
>

[grpc-io] Send message from server to client

2022-01-05 Thread Kratos Zeus 
Hello Everyone,

I have implemented a proto file by checking the internet with one unary rpc 
service and stream service. I done the coding part for the unary rpc 
service with c++ for both client and the server. But the second service 
(stream) i cannot able to build the logic on how to send a message from 
server to client while the client will be listening to the server. The 
proto file i am pasting down here. Clarify me if this implementation is 
wrong or how to implement the server to send a message to client in c++?

```
syntax = "proto3";


package Chat;

import "google/protobuf/empty.proto";

service HelloService {
rpc Hello (HelloRequest) returns (HelloResponse) {}
}

service Messenger {
rpc ServerTx (Payload) returns (google.protobuf.Empty) {} /* 
serverSide */
rpc ClientRx (google.protobuf.Empty) returns (stream Payload) {} // 
ClientSide
}


message Payload {

int32 size = 1;
string data = 2;

}

message HelloRequest {
string hello = 1;
}

message HelloResponse {
string reply = 1;
}
```
Any help would be appreciated. Thanks in advance

-- 
You received this message because you are subscribed to the Google Groups 
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to grpc-io+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/grpc-io/38558994-8d5b-4e45-972c-9e53f1334aa3n%40googlegroups.com.

unbound becomes stale after transport interface flap

2021-04-05 Thread Zeus Panchenko via Unbound-users 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi

I experience pretty same behavior of unbound: often it becomes stale after
transport interface flap

In my VPN I have DNS server which serves local zones.

For clients I configure unbound to forward requests for those zones to
that DNS server, and when VPN interface flaps of re-keying occures,
unbound misbehaves and nothing valuable appears in log files


so, please advise, where to look at?


- ---[ unbound.conf quotation start ]---
domain-insecure: "abc."
...

private-domain: "abc."
...

local-zone: "abc." transparent
...

include: /var/unbound/conf.d/*.conf
- ---[ unbound.conf quotation end   ]---

- ---[ conf.d/stub-zones.core.conf quotation start ]
stub-zone:
name: "abc."
stub-addr: 1.2.3.4
stub-prime: yes

stub-zone:
...
- ---[ conf.d/stub-zones.core.conf quotation end   ]

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCYGr+gAAKCRCveOk+D/ej
KumZAKCT7+uaGIG09Lj0i6NvAEJApWNJZACg7vBh+uve4tCWu6sbfCq4tGAP3PI=
=Lb31
-END PGP SIGNATURE-

[Openvpn-users] [Q] can I find iroute values in envs on server?

2021-04-01 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi

can I pick up iroute data of client, from environmental variables on server
side?

as far as I can see, `Environmental Variables' section of manual doesn't
mention that.

I need that to manage kernel routes *not* via static records `route ...'
in config file but via some-up/down event/s

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCYGXn1QAKCRCveOk+D/ej
KlqzAJ4xMTwT6UdOZmtLmo5s5KPHmgnl0gCdEVxInjAVyYjaUgl9XeSeZ3HhmlY=
=dHzy
-END PGP SIGNATURE-


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: `UID SEARCH UNSEEN` returns no result

2020-11-04 Thread Zeus Panchenko 
Sergey Poznyakoff  wrote:

> Please try the attached patch.

confirm, it fixes the issue

thanks

<#secure method=pgp mode=sign sender=0FF7A32A>

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)

`UID SEARCH UNSEEN` returns no result

2020-11-04 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


I was reported that search by unseen messages doesn't work

after some investigation I confirm, `UID SEARCH UNSEEN` returns no result

though, search by other parameters works

here is transcript to reproduce that

- ---[ imap4d v.3.10 session quotation start 
]---
* OK IMAP4rev1
A0005 LOGIN u...@foo.bar "secretpass"
A0005 OK LOGIN Completed

A0006 STATUS INBOX (MESSAGES UNSEEN)
* STATUS INBOX (MESSAGES 53 UNSEEN 38)
A0006 OK STATUS Completed

A0007 SELECT INBOX
* 53 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1604351724] UID valididy status
* OK [UIDNEXT 54] Predicted next uid
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft)] Permanent flags
A0007 OK [READ-WRITE] SELECT Completed

A0008 UID SEARCH UNSEEN
* SEARCH
A0008 OK UID SEARCH Completed

A0009 UID SEARCH UNANSWERED
* SEARCH 1 2 3 4 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
A0009 OK UID SEARCH Completed

A0010 UID SEARCH FLAGGED
* SEARCH
A0010 OK UID SEARCH Completed

A0011 UID SEARCH NOT HEADER X-PRIORITY 1 NOT HEADER X-PRIORITY 2 NOT HEADER 
X-PRIORITY 4 NOT HEADER X-PRIORITY 5
* SEARCH 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
A0011 OK UID SEARCH Completed

A0012 UID SEARCH OR OR OR HEADER Content-Type application/ HEADER Content-Type 
multipart/m HEADER Content-Type multipart/signed HEADER Content-Type 
multipart/report
* SEARCH 1 2 3 4 5 6 7 8 9 24
A0012 OK UID SEARCH Completed

A0013 LOGOUT
* BYE Session terminating.
A0013 OK LOGOUT Completed
- ---[ imap4d v.3.10 session quotation end   
]---

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCX6KQOAAKCRCveOk+D/ej
KuowAJ9sjW+GBlhLP9uNprk29LOJuaYgHACgoPsi+WXP0LgxzgMCc/mDjdtDnKM=
=EXnB
-END PGP SIGNATURE-

Looking for old ultrapower versions

2020-02-26 Thread AudioGames . net Forum — General Game Discussion : zeus via Audiogames-reflector 


  


Looking for old ultrapower versions

Hello.I would just like to ask, if anyone still has one of these. I'm mainly looking for 5.x, but really anything older than the one that got leaked would be great.Regards,Tobias.

URL: https://forum.audiogames.net/post/504330/#p504330




-- 
Audiogames-reflector mailing list
Audiogames-reflector@sabahattin-gucukoglu.com
https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector

[Q] ModRDN object via Net::LDAP::Control::SyncRequest

2019-09-16 Thread Zeus Panchenko 
hi,

how can I catch ModRDN event in Net::LDAP::Control::SyncRequest ?

on ldapmodrdn I can successfully catch LDAP_SYNC_MODIFY event with
Net::LDAP::Entry object, DN of which contains new rdn ... but how to know
the old one?

accesslog DB  doesn't contain reqDN for new rdn yet ...

I'm using the example code from Net::LDAP::Control::SyncRequest
-- 
Zeus Panchenko

[Q] ModRDN object via Net::LDAP::Control::SyncRequest

2019-09-12 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi,

please advise, how can I catch ModRDN object in syncrepl cosumer?

I use perl Net::LDAP

on ldapmodrdn I successfully catch LDAP_SYNC_MODIFY event with
Net::LDAP::Entry object, DN of which contains *new* rdn ...

but how to know/get the old one?

accesslog DB doesn't contain reqDN for new rdn yet ...

I'm using the example code from Net::LDAP::Control::SyncRequest

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCXXqZHwAKCRCveOk+D/ej
KsoLAKCiqf/sGKpYLy0xUybyLCXtkTTVkQCcCfTAoMcwhC+JWHcxvHzeLrppc5w=
=cVqP
-END PGP SIGNATURE-

[Q] is there way to configure stub-zone "recursively"?

2019-08-11 Thread Zeus Panchenko via Unbound-users 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


greetings,

please, advise

can stub-zone, somehow be configured to query "recursively" all subzones
for the one single zone configured?

I was successful to configure my VPN client unbound, to use nameserver
on the central office, but it was necessary to configure each subzone
separately ...

Current, working, configuration is bellow, but can I shorten
configuration to not to configure each sub zone?

===[ unbound/unbound.conf quotation start 
]===
domain-insecure: "10.in-addr.arpa."
domain-insecure: "lan."

private-domain: "10.in-addr.arpa."
private-domain: "lan."

local-zone: "10.in-addr.arpa." transparent
local-zone: "lan." transparent
===[ unbound/unbound.conf quotation end   
]===


===[ unbound/conf.d/stub-zones.conf quotation start 
]=
# net: 10.123.0.0/24
stub-zone:
 name: "lan."
 stub-addr: 10.0.0.111
 stub-prime: yes

# net: 10.123.1.0/24
stub-zone:
 name: "office1.lan."
 stub-addr: 10.0.0.111
 stub-prime: yes

# net: 10.123.2.0/24
stub-zone:
 name: "office2.lan."
 stub-addr: 10.0.0.111
 stub-prime: yes
 
stub-zone:
 name: "0.123.10.in-addr.arpa."
 stub-addr: 10.0.0.111
 stub-prime: yes
 
stub-zone:
 name: "1.123.10.in-addr.arpa."
 stub-addr: 10.0.0.111
 stub-prime: yes
 
stub-zone:
 name: "2.123.10.in-addr.arpa."
 stub-addr: 10.0.0.111
 stub-prime: yes
===[ unbound/conf.d/stub-zones.conf quotation end   
]=

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCXVD8zQAKCRCveOk+D/ej
KtntAJ4rEIotzfGV9aIE7KDvz4uzoToILQCggUGBiZ/Wc7eK2XXZ9UXQCpmJM18=
=ULgg
-END PGP SIGNATURE-

Re: [nsd-users] [Q] is there way to configure stub-zone "recursively"?

2019-08-11 Thread Zeus Panchenko 
sorry, posted to the wrong list

<#secure method=pgp mode=sign sender=0FF7A32A>

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
___
nsd-users mailing list
nsd-users@NLnetLabs.nl
https://open.nlnetlabs.nl/mailman/listinfo/nsd-users

[nsd-users] [Q] is there way to configure stub-zone "recursively"?

2019-08-11 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

greetings,

please, advise

can stub-zone, somehow be configured to query "recursively" all subzones
for the one single zone configured?

I was successful to configure my VPN client unbound, to use nameserver
on the central office, but it was necessary to configure each subzone
separately ...

Current, working, configuration is bellow, but can I shorten
configuration to not to configure each sub zone?

===[ unbound/unbound.conf quotation start 
]===
domain-insecure: "10.in-addr.arpa."
domain-insecure: "lan."

private-domain: "10.in-addr.arpa."
private-domain: "lan."

local-zone: "10.in-addr.arpa." transparent
local-zone: "lan." transparent
===[ unbound/unbound.conf quotation end   
]===


===[ unbound/conf.d/stub-zones.conf quotation start 
]=
# net: 10.123.0.0/24
stub-zone:
 name: "lan."
 stub-addr: 10.0.0.111
 stub-prime: yes

# net: 10.123.1.0/24
stub-zone:
 name: "office1.lan."
 stub-addr: 10.0.0.111
 stub-prime: yes

# net: 10.123.2.0/24
stub-zone:
 name: "office2.lan."
 stub-addr: 10.0.0.111
 stub-prime: yes
 
stub-zone:
 name: "0.123.10.in-addr.arpa."
 stub-addr: 10.0.0.111
 stub-prime: yes
 
stub-zone:
 name: "1.123.10.in-addr.arpa."
 stub-addr: 10.0.0.111
 stub-prime: yes
 
stub-zone:
 name: "2.123.10.in-addr.arpa."
 stub-addr: 10.0.0.111
 stub-prime: yes
===[ unbound/conf.d/stub-zones.conf quotation end   
]=

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCXVBYZQAKCRCveOk+D/ej
KoiKAJ9W4JXCVl5zB1v56OaC22dopJN6rgCeJMkOno7qCQ2cuGPcnVEDJYaB6bs=
=fCxB
-END PGP SIGNATURE-
___
nsd-users mailing list
nsd-users@NLnetLabs.nl
https://open.nlnetlabs.nl/mailman/listinfo/nsd-users

[QGIS-Developer] WMS Request "GetPrint" to QGIS - Server fails with _PK

2019-07-23 Thread GONZALEZ FERNANDEZ ZEUS 
Hi devs!

I'm a junior developer and I'm working on a project trying to refresh an old 
GISWEB, to do so i chose QWC2+QGISServer.

Actual setup is:

Debian 10, Apache2, QGIS-Server 3.8, using .shp as layers... the QWC2 works 
fine, WMS works fine, i can print some templates, print png, etc...

The issue is that I'm trying to use the _PK (implemented in QGIS Server 
3.6<https://github.com/qgis/QGIS/commit/21e3adfbcac4ffa339b28a4fb5fefc3a704bd2fb>
 and I'm getting an annoying "Internal Server Error". When I use "_PK=1" 
or "_PK=1, 2, 3", log says:

"CRITICAL Server: An error occurred during the Atlas print
WARNING: finish() called twice"


As I read in the code 
here<https://github.com/qgis/QGIS/blob/master/src/server/services/wms/qgswmsrenderer.cpp>
 it could be caused by 2 things :

"if ( pkIndexes.size() < 1 )
{
  throw QgsException( QStringLiteral( "An error occurred during the Atlas 
print" ) );
}"


or:

"QString errorString;
atlas->setFilterExpression( filterString, errorString );
if ( !errorString.isEmpty() )
{
  throw QgsException( QStringLiteral( "An error occurred during the Atlas 
print" ) );
}"


I can't determine which one is causing it. (My shapes have FID field, so 
pkIndexes shouldn't be null)

If I try to use "_PK=*" it seems to work but I get "timed out" because I 
have like 4k features to print (I already changed the feature limit in QGIS 
Server conf). I'm going to try with a layer with less features as soon as I can 
and post updates.

GetProjectSettings WMS request returns that I have 2 templates both with atlas 
enabled.

There's not much 
documentation<https://docs.qgis.org/testing/en/docs/user_manual/working_with_ogc/server/services.html>
 to read about, as it's a new feature...

The issue has nothing to do with QWC2, it's just the QGIS-Server.

ISSUE URL: https://github.com/qgis/QGIS/issues/30817

Regards,

Zeus.
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

[Q] RFC2307bis2 "An Approach for Using LDAP as a Network Information Service"

2019-02-07 Thread Zeus Panchenko 
greetings,

We've found RFC2307bis2:
"An Approach for Using LDAP as a Network Information Service"

and now wondering, what've happened to it finally?  Is it just expired
and forgotten?

Recently we've began to deploy netgroup usage in our network and found
it impossible to do search by nisNetgroupTriple attribute due to it's
SYNTAX and SUBSTR definition ...

We've done "amendments" to nis.schema to fix that and they occured to be
the same as the ones offered in RFC2307bis2 :)

So, is there any further plans/ideas to do something with RFC2307bis2,
please?

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


signature.asc
Description: PGP signature

[Q] is there way to use bgp-spamd.net?

2019-01-13 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi,

is there way to use BGP to block traffic, like it is described on
https://www.bgp-spamd.net/index.html

or even BGP feeds from spamhaus
https://www.spamhaus.org/news/article/683/spamhaus-releases-bgp-feed-bgpf-and-botnet-cc-list-bgpcc

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCXDwgjQAKCRCveOk+D/ej
KjLDAJ0a+9Q82cUVufYDn9c3Saq8Q0ARtgCggnadaidgIm4lBFQMUmOFEFl8b4I=
=4djw
-END PGP SIGNATURE-
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

Re: [darktable-user] Batch renaming software?

2018-11-09 Thread Zeus Panchenko 
August Schwerdfeger  wrote:
> Can anybody recommend any good batch-renaming packages? I am
> specifically looking to replace a homebrew Python script that uses
> exposure-compensation metadata to identify sets of photos taken using
> autobracketing (preferably with something I can invoke from within
> Darktable).

the best such tool I know is exiftool: 
https://www.sno.phy.queensu.ca/~phil/exiftool/

scroll down to `Renaming and/or Moving Files' section to have an idea of
how it can work for you.

P.S.
when I faced same need (now exiftool has much more option) I with my
friend had written renrot (wrapper for exiftool): 
https://puszcza.gnu.org.ua/projects/renrot/

still works o_O

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


signature.asc
Description: PGP signature

Bitcoin in D

2018-08-24 Thread zeus via Digitalmars-d-announce 
I write code in D to serialize and deserialize bitcoin block 
headers for educations puropseses as i just start with D, i add 
some more function and i upload it to github 
https://github.com/cvsae/bitcoind

Re: string to char conv

2018-08-13 Thread zeus via Digitalmars-d-learn 
On Tuesday, 14 August 2018 at 00:24:53 UTC, Jonathan M Davis 
wrote:
On Monday, August 13, 2018 6:06:22 PM MDT zeus via 
Digitalmars-d-learn wrote:

[...]


Why are you casting the string to a char*? That's just going to 
make writeln print out the pointer value. If you want to print 
out the value of the string, then just pass the string to 
writeln.


- Jonathan M Davis


Needed char* for while (isspace(*testi)) --testi; etc

string to char conv

2018-08-13 Thread zeus via Digitalmars-d-learn 
i have the following code in d and i get as result 4D77EB, also i 
have the following code in c++ wich give me as results 
0xABCDEF123abcdef12345678909832190 how i can get in d 
0xABCDEF123abcdef12345678909832190 instead of 4D77EB



// D

void test(string test){
char* testi = cast(char*)(test);
writeln(testi);

}


void main()
{
test("0xABCDEF123abcdef12345678909832190");
}


// C++

void test(string str){
const char* testi = str.c_str();
printf("%s\n", testi);

}

int main(int argc, char const *argv[]){

test("0xABCDEF123abcdef12345678909832190");
}

Re: how to run script on event (modify/delete/add)?

2018-07-31 Thread Zeus Panchenko 
thanks to everybody for soon reply

Michael Ströder  wrote:
> On 07/30/2018 02:32 PM, Zeus Panchenko wrote:
> Basically you have two options:
> 1. run something within slapd (back-perl or back-sock)

I'm still missing something ... what is/are the condition/s to see a
candidate object to sync?

I'm trying a sample from doc to Net::LDAP::Control::SyncRequest as well
as sample from SATOH Fumiyasu code

I modify some attribute and after that run the code:

---[ quotation start ]---
...
my $req = $ldap_crud->control_sync_req; # which is wrapper for 
Net::LDAP::Control::SyncRequest->new( mode => LDAP_SYNC_REFRESH_AND_PERSIST, );
log_debug { np( $req ) };
my $mesg = $ldap_crud->search({ base  => 
$ldap_crud->{cfg}->{base}->{acc_root},
filter=> "(objectClass=*)",
control   => [ $req ],
callback  => sub { # log_debug {np(@_)};
  my $msg  = shift;;
  my $obj  = shift;
  my @controls = $msg->control;
  if ( defined $obj && 
$obj->isa('Net::LDAP::Entry') ) {
log_debug { $obj->dn . ' ; ' . 
np(@controls)};
my $syncstate = undef;
for my $control (@controls) {
  if ( 
$control->isa('Net::LDAP::Control::SyncState') ) {
$syncstate = $control;
log_debug {np($syncstate)};
last;
  }
}
  }
},
sizelimit => 0,
attrs => [ '*' ] });
...
---[ quotation end   ]---


but Net::LDAP::Message object returned by search, contains method
`controls' set to undef


---[ quotation start ]---
2018.07.31 13:38:38 [DEBUG]: L00830 @ UMI::Controller::Root::test: 
Controller/Root.pm: Net::LDAP::Search  {
Parents   Net::LDAP::Message
public methods (12) : all_entries, as_struct, count, decode, entries, 
entry, first_entry, next_entry, pop_entry, references, shift_entry, sorted
private methods (0)
internals: {
callback   sub { ... },
controls   undef,
ctrl_hash  undef,
entries[
[0]   Net::LDAP::Entry,
...
[388] Net::LDAP::Entry
],
errorMessage   "",
matchedDN  "",
mesgid 70,
parent Net::LDAP,
rawundef,
resultCode 0
}
}
---[ quotation end   ]---


while Net::LDAP::Control::SyncRequest->new() returns valid object


---[ quotation start ]---
2018.07.31 14:01:16 [DEBUG]: L00807 @ UMI::Controller::Root::test: 
Controller/Root.pm: Net::LDAP::Control::SyncRequest  {
Parents   Net::LDAP::Control
public methods (5) : cookie, init, mode, reloadHint, value
private methods (0)
internals: {
asn{
cookie   undef,
mode 3,
reloadHint   0
},
mode   3,
type   "1.3.6.1.4.1.4203.1.9.1.1"
}
}
---[ quotation end   ]---


though after been fed to search, control "disappears" ...

where am I wrong?

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


signature.asc
Description: PGP signature

how to run script on event (modify/delete/add)?

2018-07-30 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

greetings,

please advise

how can I run external script on event (LDAP operation)?

for example: I am generating config files for users from LDAP data with perl 
script

I want to re-generate config files each time LDAP operation (modify, add, 
delete) performed

how to do that and what is the best way to do that?

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCW18FeQAKCRCveOk+D/ej
KtXaAJ949HG/9hwOP9z5RgvSUfjRR27nQQCgljD0MPOTdZevhdBt2u87Oeq1Frk=
=NBxz
-END PGP SIGNATURE-

Re: what is the best practice to modrdn for branch of objects?

2018-06-18 Thread Zeus Panchenko 
Chris Ridd  wrote:
> I would note that storing entries subordinate to user entries is rather 
> unusual.

yes, it is, the idea was to hold all related to user branches in one
single root

here there is the diagram of DB topology:
https://raw.githubusercontent.com/z-eos/umi/master/doc/umi-db-diagram-plane.png

> So there are two cases to consider:
> * user B already exists

yes, it is
the idea is to reassign some existing subordinate branch to
another existent user

> In the first case, you can iterate through all of user A's immediate
> children and modifydn each of them.

it is just what I do, but it involves a lot of „hand“ work (the URL I
provided in my initial post)

> Do you delete user A at the end?

no, the idea is to delegate some service of user A to user B

> Alternative in the first case, you could delete user B first and then
> just use modifydn once to move user A to user B.

no, it is not what is needed since user B has his own, assigned to him
services

> You may need to refine your question a bit more.

was I successful in that?

> Net::LDAP's moddn method does not take a „recursively“ option.

may it sound sane to add it to the method?

> The LDAP modifydn operation is already defined to move all the entry's
> children.

I believe, it'd be great to have something like that in Net::LDAP too ...

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


signature.asc
Description: PGP signature

what is the best practice to modrdn for branch of objects?

2018-06-18 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi

what is the best practice to moddn() for branch of objects?

lets say we have two objects:

- ---[ user A start ]---
dn: uid=naf.nafus,ou=People,dc=umidb
dn: authorizedService=w...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb
dn: 
uid=q...@borg.startrek.in,authorizedService=w...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb
dn: authorizedService=o...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb
dn: 
cn=dev-ap-notebook,authorizedService=o...@borg.startrek.in,uid=naf.nafus,ou=People,dc=umidb
dn: 
authorizedService=m...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb
dn: 
uid=naf.na...@starfleet.startrek.in,authorizedService=m...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb
dn: 
authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb
dn: 
uid=naf.naf...@starfleet.startrek.in,authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb
- ---[ user A end   ]---

and

- ---[ user B start ]---
dn: uid=taf.taffij,ou=People,dc=umidb
- ---[ user B end   ]---


now, I want to „reassign“ user A branch (and all of it's leaves) to user B
- ---[ user A branch to reassign start 
]---
dn: 
authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb
dn: 
uid=naf.naf...@starfleet.startrek.in,authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb
- ---[ user A branch to reassign end   
]---


so, user B becomes
- ---[ „new“ user B start ]---
dn: uid=taf.taffij,ou=People,dc=umidb
dn: 
authorizedService=x...@starfleet.startrek.in,uid=taf.taffij,ou=People,dc=umidb
dn: 
uid=naf.naf...@starfleet.startrek.in,authorizedService=x...@starfleet.startrek.in,uid=taf.taffij,ou=People,dc=umidb
- ---[ „new“ user B end   ]---

to do that, I take target branch subtree and „re-write“ DN of each object to be 
reassigned ...
(https://github.com/z-eos/umi/blob/master/lib/LDAP_CRUD.pm#L992)


what I think of is something like this:

- ---[ quotation start ]---
$dn = 
'authorizedService=x...@starfleet.startrek.in,uid=naf.nafus,ou=People,dc=umidb';
$mesg = $ldap->moddn( $dn,
  newsuperior => 'uid=taf.taffij,ou=People,dc=umidb',
  recursively => 1 );
- ---[ quotation end   ]---


- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCWyeYpwAKCRCveOk+D/ej
KrMyAJ9pkQ5HzEX1iIGBI8WNJDKpKEMiOgCg1UtQBvbNIwuPEZAMIyutWi5E690=
=S2qO
-END PGP SIGNATURE-

Re: 8021x on wired Ethernet

2018-05-16 Thread Zeus Panchenko 
Bengt Ahlgren <bengt.ahlg...@ri.se> wrote:
> Is there a standard "rc.conf" way to configure 8021x authentication on
> wired ethernet?

looks like it's to be something like: ifconfig_em0="WPA"

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: lagg0 with ue0 and iwm0 is not operate on 11.2-BETA1

2018-05-13 Thread Zeus Panchenko 
Masachika ISHIZUKA <i...@amail.plala.or.jp> wrote:
>   I think bug 213207 is not the same.
>   As I set mac address of ethernet adapter(ue0) or ethernet card(re0),
> I don't change mac address of wlan devices(iwm0/ath0).

solution whci solved my situation is described namely here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213207#c13

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


signature.asc
Description: PGP signature

Re: lagg0 with ue0 and iwm0 is not operate on 11.2-BETA1

2018-05-13 Thread Zeus Panchenko 

isn't it the same lasting bug/feature?

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213207

Masachika ISHIZUKA <i...@amail.plala.or.jp> wrote:

> Hi.
> 
> I'm using lagg0 with ue0(if_axge.ko) and iwm0(if_iwm.ko) as follows.
> 
> % cat /etc/rc.conf
> ifconfig_ue0="ether xx:xx:xx:xx:xx:xx up"
> wlans_iwm0="wlan0"
> create_args_wlan0="country JP"
> ifconfig_wlan0="wpa"
> cloned_interfaces="lagg0"
> ifconfig_lagg0="laggproto failover laggport ue0 laggport wlan0 192.168.x.x 
> netmask x.x.x.x"
> 
> It is good working on 12-current, but 11.2-BETA1 is not working.
> 
> It can work ue0 or wlan0 alone on 11.2-BETA1, i.e.
> ifconfig_lagg0="laggproto failover laggport ue0 192.168.x.x netmask x.x.x.x"
> or
> ifconfig_lagg0="laggproto failover laggport wlan0 192.168.x.x netmask x.x.x.x"
> is working.
> 
> ===
> 
> I have another machine and that is operate lagg0 with re0 and ath0
> on 11.2-BETA1, but it has trouble. It is bood working with re0 and
> good working with failovered ath0, but not working when I switched
> back re0. It can be recovered by 'ifconfig re0 down' and 'ifconfig re0 up'.
> It is the same as on 12-current.
> 
> -- 
> Masachika ISHIZUKA
> ___
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


signature.asc
Description: PGP signature

Re: ether <-> wlan failover still is broken

2018-03-22 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Eugene Grosbein <eu...@grosbein.net> wrote:
> 
> You should try forcing lagg to use MAC of wireless card instead of fabricated 
> one:
> ifconfig lagg0 ether $(ifconfig wlan0 | awk '/hwaddr/ {print $2}')
> 

as I wrote in previous message, it works *only* when interface is in
promiscious mode ... alas

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCWrPONQAKCRCveOk+D/ej
KlaJAJ98/YNjbI1XZwsn3RGHKP0Of/mfhACg7CgYCHpSR6e7NjG4CGLxMl2pV5Y=
=+aRw
-END PGP SIGNATURE-
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

ether wlan lagg works only with hint.ath.0.macaddr set (was: ether <-> wlan failover still is broken)

2018-03-22 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Andrey V. Elsukov <bu7c...@yandex.ru> wrote:
> 
> It will work, if you will change ethernet's MAC address to one, what
> wlan interface have.
> 

yes, for me it works *only* if the interface is in promiscious mode,
just have checked

BUT! what finally helped me is this:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213207#c13

/boot/loader.conf

hint.ath.0.macaddr="MAC:ADDRESS:OF:THE:ETHERNET:INTERFACE"

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCWrPN0AAKCRCveOk+D/ej
KqWqAKCd7GWqyXLMZtLWtOuWfR+eOVD6OQCg11ZcsR5SIsb5phXu3resUgTRnO0=
=y2sk
-END PGP SIGNATURE-
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: ether <-> wlan failover still is broken

2018-03-22 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andrey V. Elsukov <bu7c...@yandex.ru> wrote:
> 
> It will work, if you will change ethernet's MAC address to one, what
> wlan interface have.
> 

in my previous attempts it was working this way *only* when interface
was in promiscious mode

but I'll try it again, thanks

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCWrPDfQAKCRCveOk+D/ej
KmpfAJ4p2DAn9hAVJjc2KqS1UdS+eN8hNgCfXrzZzefzSrBa6XquJhDru+hBBjU=
=1maj
-END PGP SIGNATURE-
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

ether <-> wlan failover still is broken (was: is lagg (re+wlan) working on 11.0-RELEASE?)

2018-03-22 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi,

while having no any problem with separate (lagg less) mode, when I use
ether or wlan without aggregating, I am still experiencing severe problem
with ether <-> wlan failover

after upgrade to 11.1 I decided to give another try to the handbook Example 
30.3.
https://www.freebsd.org/doc/handbook/network-aggregation.html#networking-lagg-wired-and-wireless

it still does *not* work for me

after wlan MAC address change (to the one of the ethernet as it's described in
the handbook), wpa_supplicant becomes unable to associate with AP

> uname -a
FreeBSD 11.1-RELEASE-p8 #0

> pciconf -lv
ath0@pci0:3:0:0:class=0x028000 card=0x1785103c chip=0x0032168c rev=0x01 
hdr=0x00
vendor = 'Qualcomm Atheros'
device = 'AR9485 Wireless Network Adapter'
class  = network
re0@pci0:7:0:0: class=0x02 card=0x3387103c chip=0x816810ec rev=0x06 hdr=0x00
vendor = 'Realtek Semiconductor Co., Ltd.'
device = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller'
class  = network
subclass   = ethernet


does anybody else face same trouble, please?

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCWrO2QQAKCRCveOk+D/ej
KrUjAJoCx6H9QgcJH97lMklyQZfOy0PrnQCggDki8cJvqdQl+mgWCLkNGePC1Fc=
=vSkJ
-END PGP SIGNATURE-
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Q] what is the right way to log what script does?

2018-01-19 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi,

I need to know what script did ... 

what is the best way to log script all LDAP related activity?

is it something like?

sub each_ldap_related_anything {
  ...
  use Storable;
  store \%all_things_to_log, 'file';
  ...
}

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iEYEARECAAYFAlpiABQACgkQr3jpPg/3oyoVAACghr0xx0ny13u3CNz9SqduHded
qFkAoOQ3wM05SYltaR88x6taHAwyM70Z
=uHoO
-END PGP SIGNATURE-

[Q] how to add country attribute to organizationalUnit objectclass?

2018-01-19 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi,

I'm using organizationalUnit to hold organization related data

and I'm wondering, how can I add country attribute to the object?

I find it stumbling, all other address attributes are available but country ... 

I'd like to be able to do something like this:

- ---[ fake object quotation start ]---
dn: ou=starfleet,ou=Organizations,dc=umidb
associatedDomain: starfleet.startrek.in
businessCategory: deep-space exploratory
businessCategory: peacekeeping
businessCategory: military service
l: Fort Baker
c: us
objectClass: country
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
ou: starfleet
physicalDeliveryOfficeName: Starfleet LLC
postalAddress: here the address to be added
postalCode: 12345
postOfficeBox: 1a
registeredAddress: here the address to be added too
st: California
street: Space St.
telephoneNumber: 922
- ---[ fake object quotation end   ]---

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iEYEARECAAYFAlphvyQACgkQr3jpPg/3oyr49QCfW+SAQZeq9orhQasTuqtb2A2E
KZAAoLnO8DlP7z6bkNDe2JUKw9+JbnlI
=9epg
-END PGP SIGNATURE-

Re: Net::LDAP::Extension::Refresh doesn't understand responce from server

2017-12-28 Thread Zeus Panchenko 
Peter Marschall <pe...@adpm.de> wrote:
> Have you tried patching usr/local/lib/perl5/site_perl/Convert/ASN1/_decode.pm?
> Here's what I'd try as a first idea:

not yet, will check it 

> > after setting dds-max-ttl to some big enough value, same code works well
> Do I get it right, that only the error case (i.e. setting the ttl to a higher 
> value than allowed) fails, while the correct case (setting the ttl to a value 
> within the bounds allowed) works?

yes, you do

> In any case, can you provde a minimal test case that allows reporducing the
> success and failure cases?!

bellow are details

I was trying to refresh from now (2017.12.27 14:44) to 2018.07.07 07:00

as the result, the object was created (indeed) with dds-default-ttl ttl but
get_ttl() issued just after the refresh() didn't recognize that

---[ slapd.conf quotation start ]---
...
overlay dds
dds-max-ttl 3d
dds-min-ttl 30m
dds-default-ttl 1h
dds-interval120s
dds-tolerance   5s
...
---[ slapd.conf quotation end   ]---


---[ code quotation start ]---
...
use Data::Printer;
...
sub refresh {
  my ($self, $entryName, $requestTtl) = @_;
  p $entryName; p $requestTtl;
  my $callername = (caller(1))[3];
  $callername = 'main' if ! defined $callername;
  my ($return, $msg);
  
  $msg = $self->ldap->refresh ( entryName => $entryName, requestTtl => 
$requestTtl );
  p my $ttl = "refresh TTL: " . $msg->get_ttl();
  p $ttl .= $msg->error() if $msg->code();
  if ($msg->code) {
$return = $self->err( $msg );
$return->{caller} = 'call to LDAP_CRUD->refresh from ' . $callername . ': ';
  } else {
$return->{success} = $msg->get_ttl();
  }
  return $return;
}
...
---[ code quotation end   ]---


---[ debug quotation start ]---
Printing in line 895 of 
/storage/work-stuff/Catalyst/UMI/script/../lib/LDAP_CRUD.pm:
"authorizedService=w...@borg.startrek.in,uid=naf.nafus3,ou=People,dc=umidb"
Printing in line 895 of 
/storage/work-stuff/Catalyst/UMI/script/../lib/LDAP_CRUD.pm:
16481774
Use of uninitialized value $end in numeric ge (>=) at 
/usr/local/lib/perl5/site_perl/Convert/ASN1/_decode.pm line 626,  line 
1063.
Use of uninitialized value $end in numeric eq (==) at 
/usr/local/lib/perl5/site_perl/Convert/ASN1/_decode.pm line 63,  line 
1063.
Use of uninitialized value in concatenation (.) or string at 
/storage/work-stuff/Catalyst/UMI/script/../lib/LDAP_CRUD.pm line 901,  
line 1063.
Printing in line 901 of 
/storage/work-stuff/Catalyst/UMI/script/../lib/LDAP_CRUD.pm:
"refresh TTL: "
Printing in line 902 of 
/storage/work-stuff/Catalyst/UMI/script/../lib/LDAP_CRUD.pm:
"refresh TTL: time-to-live for dynamicObject exceeds limit"
Printing in line 895 of 
/storage/work-stuff/Catalyst/UMI/script/../lib/LDAP_CRUD.pm:
"uid=naf.naf...@borg.startrek.in,authorizedService=w...@borg.startrek.in,uid=naf.nafus3,ou=People,dc=umidb"
Printing in line 895 of 
/storage/work-stuff/Catalyst/UMI/script/../lib/LDAP_CRUD.pm:
16481774
Use of uninitialized value $end in numeric ge (>=) at 
/usr/local/lib/perl5/site_perl/Convert/ASN1/_decode.pm line 626,  line 
1133.
Use of uninitialized value $end in numeric eq (==) at 
/usr/local/lib/perl5/site_perl/Convert/ASN1/_decode.pm line 63,  line 
1133.
Use of uninitialized value in concatenation (.) or string at 
/storage/work-stuff/Catalyst/UMI/script/../lib/LDAP_CRUD.pm line 901,  
line 1133.
Printing in line 901 of 
/storage/work-stuff/Catalyst/UMI/script/../lib/LDAP_CRUD.pm:
"refresh TTL: "
Printing in line 902 of 
/storage/work-stuff/Catalyst/UMI/script/../lib/LDAP_CRUD.pm:
"refresh TTL: time-to-live for dynamicObject exceeds limit"
---[ debug quotation end   ]---



-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)

Net::LDAP::Extension::Refresh doesn't understand responce from server

2017-12-26 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi,

while playing with refresh()/get_ttl() I found that
Net::LDAP::Extension::Refresh doesn't understand OpenLDAP server reply
in case when option dds-max-ttl is less than ttl I want to set with
refresh()

if in slapd.conf I set `dds-max-ttl 1d' and try to refresh ttl ->
5754911 with:

ldapexop ... "refresh" "uid=..." 5754911

I receive:

ldap_parse_result: Size limit exceeded (4)
   additional info: time-to-live for dynamicObject exceeds limit


but code with Net::LDAP::Extension::Refresh spawns this:

Use of uninitialized value $end in numeric ge (>=) at 
/usr/local/lib/perl5/site_perl/Convert/ASN1/_decode.pm line 626.
Use of uninitialized value $end in numeric eq (==) at 
/usr/local/lib/perl5/site_perl/Convert/ASN1/_decode.pm line 63.

after setting dds-max-ttl to some big enough value, same code works well
- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iEYEARECAAYFAlpCU1YACgkQr3jpPg/3oyrENgCgi6dkpLt3uX/vX2Vtn3XMHbg2
eMUAoPx+8ZNCRxs9TKRIY+3nvN0ph8M4
=fBjQ
-END PGP SIGNATURE-

Re: [Q] what is the best practice or right way to change schemas order for cn=config case?

2017-12-21 Thread Zeus Panchenko 
Christian Kratzer <ck-li...@cksoft.de> wrote:
> > 1. to move file?
> > 2. to ldapmodify?
> >
> > for the one used to slapd.conf both of ways look weird ... :(
> 
> for those cases that ldapmodify that does not work you can use slapcat
> to dump all of the cn=config database edit it and reimport using slapadd.
> 
> Adding -n0 to slapadd and slapcat makes it use the cn=config database.

it is one of the causes making me to delay the switch to cn=config
topology ... :(

all scenarios described looks too artificial ... since the very
elementary and simple operation (editing config file) becames a pain ...

especially when I need to reorder schema files on many hosts ...

I was sure I'm missing something in how to handle such a tasks ...

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


signature.asc
Description: PGP signature

[Q] what is the best practice or right way to change schemas order for cn=config case?

2017-12-20 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi,

what is the best practice or right way to change schemas order for cn=config 
case?

1. to move file?
2. to ldapmodify?

for the one used to slapd.conf both of ways look weird ... :(

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iEYEARECAAYFAlo6mMsACgkQr3jpPg/3oypRzwCdHNMNgUewiolW91I7DB7cK5dE
BqoAn0tXLDIMIBg0W9uG39pwN7LPRPth
=jKuI
-END PGP SIGNATURE-

[bug-mailutils] broken attachments names (if long and encoded)

2017-11-17 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


here, developer of RoundCube explains the issue

https://github.com/roundcube/roundcubemail/issues/6048#issuecomment-345240778

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iEYEARECAAYFAloO7K4ACgkQr3jpPg/3oyrz7wCcCqIO9rxQKq66Frmhtx06+7c8
9nYAoMo2MB1xBI3rV2MX5f4/1u0Jc11O
=P00k
-END PGP SIGNATURE-

___
Bug-mailutils mailing list
Bug-mailutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-mailutils

Can't list the managed customers

2017-11-03 Thread Zeus Pérez 
Hi,

I'm having some troubles listing the customers in the API. In the web 
console, I can see accounts connected but when I can't list them in the API 
(no error, just no elements returned). I am using the 
ManagedCustomerService to retrieve this list. Any idea why I am getting an 
empty response?

Many thanks,

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and Google+:
https://googleadsdeveloper.blogspot.com/
https://plus.google.com/+GoogleAdsDevelopers/posts
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
Visit this group at https://groups.google.com/group/adwords-api.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/3c858f6e-f2f2-4fd3-8987-d294790722bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Can't list the managed customers

2017-11-03 Thread Zeus Pérez 
Hi,

I'm having some troubles trying to get the list of managed customers. I can 
see accounts in the AdWords web console but when I try to list them in the 
API the list is empty (no error received, just no elements in the list). I 
am using the "ManagedCustomerService" to retrieve the list. Any ideas why 
the list is empty?

Thanks,

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and Google+:
https://googleadsdeveloper.blogspot.com/
https://plus.google.com/+GoogleAdsDevelopers/posts
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
Visit this group at https://groups.google.com/group/adwords-api.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/8b9065f8-1e98-4f99-9410-b89f8fc76627%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [greasemonkey-users] Help with the new api

2017-10-21 Thread Zeus 81 
Le mercredi 18 octobre 2017 17:04:55 UTC+2, Anthony Lieuallen a écrit :

> - the @require field is not working ?
>>
>
> Works fine for me.  Please provide detail.
>
>
This is the script : 
https://greasyfork.org/fr/scripts/18056-dailymotion-raw-html5-player/code
I use // @require https://cdn.jsdelivr.net/npm/hls.js@0.8.4
which should create an Hls class in the global scope but doesn't.
Alternatively I've tried to include the script in the document and it 
worked but then I can't access the class because of the sandbox.

-- 
You received this message because you are subscribed to the Google Groups 
"greasemonkey-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to greasemonkey-users+unsubscr...@googlegroups.com.
To post to this group, send email to greasemonkey-users@googlegroups.com.
Visit this group at https://groups.google.com/group/greasemonkey-users.
For more options, visit https://groups.google.com/d/optout.

Re: Antw: Re: [Q] amendments to schemes existent

2017-10-21 Thread Zeus Panchenko 
Andrew Findlay  wrote:
> You could try using the extended search filter syntax:
> 
>   (dhcpOption:caseIgnoreSubstringsMatch:=boot*)
> 
> See RFC4515 for more details. In practice you will probably want to create a

I tried and failed ... where did I mistake? :(

for original ldapns.schema

1. search works with filter: (authorizedService=mail@hh001.umidb)
   (and without index it returns empty result)

   # base

Re: Antw: Re: [Q] amendments to schemes existent

2017-10-21 Thread Zeus Panchenko 
Andrew Findlay  wrote:
> Try this:
>  (authorizedService:caseIgnoreSubstringsMatch:=m...@hh001.umi)

now there is no error message, though the result is still empty

alas ...

# base

Re: Antw: Re: [Q] amendments to schemes existent

2017-10-21 Thread Zeus Panchenko 
Ulrich Windl <ulrich.wi...@rz.uni-regensburg.de> wrote:
> But you are basically changing the semantics of attribute authorizedService:
> Before "*" was literal, after it is magic (substring match).
> 
> The discussion on which variant is more useful is a different issue ;-)

for *my* flow, the variant of original schema is unusable since I have
pleny of values and to hardcode all of them for all available searches
is not good idea, to my mind ...


if to return to the starting question:

is there other way to get originally SUBSTR-less attributes to be
matchable by substring, except hacking the scheme?

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


signature.asc
Description: PGP signature

Re: [Q] amendments to schemes existent

2017-10-19 Thread Zeus Panchenko 

thank you for reply

Andrew Findlay <andrew.find...@skills-1st.co.uk> wrote:
> You should not change the definitions of standard attributes or
> objectclasses.

I remember that, though I wasn't able to get that working without patching ...

> That does not stop you from setting up an index for the
> attribute though, and most LDAP servers will then allow you to search
> for it even if the published schema does not allow for the possibility.

here is my story, what I tryed and what worked:


1. INDEX SUB

index   authorizedService sub,eq

in line 180 of slapd.conf and original ldapns.schema, slapd doesn't
start and complains with:

/usr/local/etc/openldap/slapd.conf: line 180: substr index of attribute 
"authorizedService" disallowed






2. ORIGINAL ldapns.schema - no substring search result


---[ slapd.conf ]---
index   default eq,sub
index   authorizedService eq
---[ slapd.conf ]---



---[ slapd.log with original ldapns.schema 
]
Oct 19 08:00:52 host slapd[1245]: conn=1008 op=1 SRCH base="ou=People,dc=foo" 
scope=2 deref=0 filter="(?authorizedService=web@*)"
Oct 19 08:00:52 host slapd[1245]: conn=1008 op=1 SRCH attr=* createTimestamp 
creatorsName modifiersName modifyTimestamp
Oct 19 08:00:52 host slapd[1245]: conn=1008 op=1 SEARCH RESULT tag=101 err=0 
nentries=0 text=
---[ slapd.log with original ldapns.schema 
]






3. PATCHED ldapns.schema - successful substring search


---[ ldapns.schema.patch ]---
--- ldapns.schema.orig  2014-09-15 23:47:56.135989000 +0300
+++ ldapns.schema   2015-02-15 23:50:53.714906292 +0200
@@ -1,6 +1,7 @@
 attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
  DESC 'IANA GSS-API authorized service name'
  EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

 objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
---[ ldapns.schema.patch ]---
 


---[ slapd.conf ]---
index   default eq,sub
index   authorizedService sub,eq
---[ slapd.conf ]---



---[ slapd.log with patched ldapns.schema 
]---
Oct 19 08:04:40 host slapd[1367]: conn=1041 op=1 SRCH base="ou=People,dc=foo" 
scope=2 deref=0 filter="(authorizedService=web@*)"
Oct 19 08:04:40 host slapd[1367]: conn=1041 op=1 SRCH attr=* createTimestamp 
creatorsName modifiersName modifyTimestamp
Oct 19 08:04:40 host slapd[1367]: conn=1041 op=1 SEARCH RESULT tag=101 err=0 
nentries=8 text=
---[ slapd.log with patched ldapns.schema 
]---

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


signature.asc
Description: PGP signature

[greasemonkey-users] Help with the new api

2017-10-15 Thread Zeus 81 
Hello I'm trying to convert my scripts and I have some issues :
- the finalUrl in xhr is not set ?
- the @require field is not working ?
- I injected scripts to the document instead but can't get the data back, 
no unsafeWindow ?
- the script doesn't run under some iframes
I know it's just on alpha stage, no worries, but since it's not documented 
yet maybe I'm missing some stuff.

-- 
You received this message because you are subscribed to the Google Groups 
"greasemonkey-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to greasemonkey-users+unsubscr...@googlegroups.com.
To post to this group, send email to greasemonkey-users@googlegroups.com.
Visit this group at https://groups.google.com/group/greasemonkey-users.
For more options, visit https://groups.google.com/d/optout.

[Q] amendments to schemes existent

2017-10-04 Thread Zeus Panchenko 

greetings,

I'm wondering of search possibility lack for some attributes

my question is: is it correct/good/sane/e.t.c. to patch them this way? 
is there other way to get those attributes searchable?


for example I have to patch some schemes like this:

---[ PATCH SAMPLES START 
]---

--- dhcp.schema.orig2017-08-25 13:14:26.69157 +0300
+++ dhcp.schema 2017-08-25 13:15:56.55898 +0300
@@ -14,6 +14,7 @@ attributetype ( 2.16.840.1.113719.1.203.
NAME 'dhcpStatements'
EQUALITY caseIgnoreIA5Match
DESC 'Flexible storage for specific data depending on what 
object this exists in. Like conditional statements, server parameters, 
etc. This allows the standard to evolve without needing to adjust the 
schema.'

+   SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

 attributetype ( 2.16.840.1.113719.1.203.4.4
@@ -38,6 +39,7 @@ attributetype ( 2.16.840.1.113719.1.203.
NAME 'dhcpOption'
EQUALITY caseIgnoreIA5Match
DESC 'Encoded option values to be sent to clients.  Each value 
represents a single option and contains (OptionTag, Length, OptionValue) 
encoded in the format used by DHCP.'

+   SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

 attributetype ( 2.16.840.1.113719.1.203.4.8
@@ -199,6 +201,7 @@ attributetype ( 2.16.840.1.113719.1.203.
 attributetype ( 2.16.840.1.113719.1.203.4.34
NAME 'dhcpHWAddress'
EQUALITY caseIgnoreIA5Match
+   SUBSTR caseIgnoreIA5SubstringsMatch
DESC 'The clients hardware address that requested this IP 
address.'

SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

--- ldapns.schema.orig  2014-09-15 23:47:56.135989000 +0300
+++ ldapns.schema   2015-02-15 23:50:53.714906292 +0200
@@ -1,6 +1,7 @@
 attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
  DESC 'IANA GSS-API authorized service name'
  EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

 objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'

--- nis.schema.orig 2017-02-11 21:38:48.984906000 +0200
+++ nis.schema  2017-10-02 13:20:52.140691000 +0300
@@ -55,6 +55,7 @@ attributetype ( 1.3.6.1.1.1.1.2 NAME 'ge
 attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
DESC 'The absolute path to the home directory'
EQUALITY caseExactIA5Match
+   SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

 attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
---[ PATCH SAMPLES STOP  
]---


--
IT dpt., I.B.S. LLC

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-04 Thread Zeus Kronion 
On Tue, Oct 3, 2017 at 11:39 AM, Nico Williams 
wrote:

> On Tue, Oct 03, 2017 at 12:33:00AM -0400, Tom Lane wrote:
> > So to default to verification would be to default to failing to
> > connect at all until user has created a ~/.postgresql/root.crt file with
> > valid, relevant entries.  That seems like a nonstarter.
> >
> > It's possible that we could adopt some policy like "if the root.crt file
> > exists then default to verify" ... but that seems messy and unreliable,
> > so I'm not sure it would really add any security.
>
> Still, it would be safer to refuse to connect until the lack of trust
> anchors is rectified than to connect without warning about the inability
> to verify a server.  By forcing the user (admins) to take action to
> remediate the problem, the problem then gets fixed, whereas plowing on
> creates an invisible (for many users) security problem.


I agree with Nico. If the server certificate can't be validated, the client
should fail to connect unless specifically opting out of MITM protection.
Why not change DefaultSSLMode from "prefer," even if it isn't backwards
compatible? Is there a policy for deprecating default settings?

[HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-02 Thread Zeus Kronion 
I previously made one minuscule contribution to the project two years ago.
I'm interested in doing some more, and I'm trying to figure out what to
focus on. Two SSL-related projects caught my attention:
1) Allow automatic selection of SSL client certificates from a certificate
store (https://www.postgresql.org/message-id/8766.1241799...@sss.pgh.pa.us).
It seems relatively straightforward to support an additional file format
for key-value pairs in postgresql.crt/.key, and I think this is something I
could take on if it's still desired.
2) I was surprised to learn the following from the docs:

> By default, PostgreSQL will not perform any verification of the server
certificate. This means that it is possible to spoof the server identity
(for example by modifying a DNS record or by taking over the server IP
address) without the client knowing. In order to prevent spoofing, SSL
certificate
verification must be used.

Is there a technical reason to perform no verification by default? Wouldn't
a safer default be desirable?

[Q] how to refresh Dynamic Directory Services object ttl?

2017-10-02 Thread Zeus Panchenko 

greetings,

how can I refresh ttl of Dynamic Directory Services object with 
Net::LDAP?


for OpenLDAP there is overlay dds (described in 12.5 section of 
http://www.openldap.org/doc/admin24/overlays.html)


so, how can I do something like this:

ldapexop -x -H ldap://ldaphost "refresh" 
"uid=naf.nafnaf@talax.startrek.in,authorizedService=m...@talax.startrek.in,uid=naf.naf,ou=People,dc=umidb" 
"10d" -D "uid=admin,ou=People,dc=umidb" -W


is it, just modifying attr `entryTtl'?

--
IT dpt., I.B.S. LLC

Re: ctl.conf includes

2017-07-28 Thread Zeus Panchenko 

+1

Eugene M. Zheganin <e...@norma.perm.ru> wrote:
> one-for-a-target config files complicates lot of things. I understand
> clearly that this is only my problem, bit I'm writing this in case of
> someone's needs this too, so may be I'm not alone asking for ctl.conf
> includes. I am aware that ctladm allows many thing, including creating
> and deleting targets on the fly, but the problem is in saving this
> configuration in the consistent state.

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

consumer state is newer than provider (was "can I replicate several branches to the same slave from one master?")

2017-07-27 Thread Zeus Panchenko 
greetings,

alas, but I still face the issue ... :-\

---[ replica log quotation start ]---
...
Jul 27 12:29:46 ABC slapd[15466]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT 
(53) Server is unwilling to perform
Jul 27 12:29:46 ABC slapd[15466]: do_syncrep2: rid=000 (53) Server is unwilling 
to perform
Jul 27 12:29:46 ABC slapd[15466]: do_syncrepl: rid=000 rc -2 retrying
...
---[ replica log quotation end   ]---

---[ master log quotation start ]---
...
Jul 27 12:29:46 master slapd[45467]: conn=2610 op=1 BIND 
dn="uid=replABC,ou=repl,ou=system,dc=example" method=128
Jul 27 12:29:46 master slapd[45467]: conn=2610 op=1 BIND 
dn="uid=replABC,ou=repl,ou=system,dc=example" mech=SIMPLE ssf=0
Jul 27 12:29:46 master slapd[45467]: conn=2610 op=1 RESULT tag=97 err=0 text=
Jul 27 12:29:46 master slapd[45467]: conn=2611 op=0 EXT 
oid=1.3.6.1.4.1.1466.20037
Jul 27 12:29:46 master slapd[45467]: conn=2611 op=0 STARTTLS
Jul 27 12:29:46 master slapd[45467]: conn=2611 op=0 RESULT oid= err=0 text=
Jul 27 12:29:46 master slapd[45467]: conn=2610 op=2 SRCH 
base="cn=example-accesslog" scope=2 deref=0 
filter="(&(objectClass=auditWriteObject)(reqResult=0))"
Jul 27 12:29:46 master slapd[45467]: conn=2610 op=2 SRCH attr=reqDN reqType 
reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN
Jul 27 12:29:46 master slapd[45467]: conn=2610 op=2 SEARCH RESULT tag=101 
err=53 nentries=0 text=consumer state is newer than provider!
Jul 27 12:29:46 master slapd[45467]: conn=2610 op=3 UNBIND
...
---[ master log quotation end   ]---



please advise



Quanah Gibson-Mount <qua...@symas.com> wrote:
> > slapd[38004]: conn=30116 op=3 SEARCH RESULT tag=101 err=53 nentries=0
> > text=consumer state is newer than provider!
> 
> It sounds like your replica was not configured correctly initially and
> self-generated its own CSN that is newer than the one on the provider.

what in replica configuration can lead to that?

I configured replica just as it is described in the documentation
"18.3.2.1. Delta-syncrepl Provider configuration"

> It would be interesting to make a modification on the provider so that
> its CSN is updated (and thus has one newer than on the consumer).

doesn't help ...

helps only deleting consumer DB (in some cases for a several times)
DB replicates but after some time it looses sync again ...

can master configuration cause that as well?

here is (just to remind) how master/replica are configured ...

---[ replica slapd.conf quotation start 
]---
...
syncrepl rid=0
 provider=ldap://master.example:389
 starttls=critical
 searchbase="dc=example"
 bindmethod=simple
 binddn="uid=replABC,ou=repl,dc=example"
 credentials="***"
 tls_cacert=/usr/local/etc/openldap/ssl/ca.crt
 tls_cert=/usr/local/etc/openldap/ssl/ABC.crt
 tls_key=/usr/local/etc/openldap/ssl/ABC.key
 tls_reqcert=try
 type=refreshAndPersist
 retry="60 +"
 logbase="cn=example-accesslog"
 logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
 syncdata=accesslog
...
---[ replica slapd.conf quotation end   
]---

---[ master configuration quotation start 
]---
...
access to dn.subtree="cn=example-accesslog"
   by dn.onelevel="ou=repl,ou=system,dc=example" read
   by * break

###--- ABC
access to 
dn.regex="^uid=(.*)@foo.bar,authorizedService=(mail|xmpp)@foo.bar,uid=(.*),ou=People,dc=example$"
   attrs=entry,entryCSN,entryUUID,objectClass,cn,...
   by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read
   by * break

access to dn.regex="ou=ABC,ou=Sendmail,dc=example|ou=ABC,ou=DHCP,dc=example"
   by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read
   by * stop
...
---[ master configuration quotation end   
]---

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)

Re: [Q] "selective" ACL

2017-07-26 Thread Zeus Panchenko 
-r-inventory,ou=group,ou=system,dc=foo]/memberUid & 
user/uid" read
by users read
by * none

access to dn.subtree="ou=group,dc=foo"
by dn.one="ou=repl,ou=system,dc=foo" search
by set="[cn=acl-w-group,ou=group,ou=system,dc=foo]/memberUid & 
user/uid" write
by set="[cn=acl-r-group,ou=group,ou=system,dc=foo]/memberUid & 
user/uid" read
by users read
by * none

# for `users' we set `search' because `read' allows to read all, but
# we tried to narrow what replica can get, otherwise removing it makes
# it impossible to get anything (perhaps it blocks some objects needed)
access to *
by dn.exact="uid=SPECIAL-USER,ou=People,dc=foo" manage
by set="[cn=admin,ou=group,ou=system,dc=foo]/memberUid & user/uid" 
manage
by peername.ip=127.0.0.1 read
by dn.one="ou=repl,ou=system,dc=foo" search
by set="[cn=bind,ou=group,ou=system,dc=foo]/memberUid & user/uid" read
by self read
by users read
by * none
... 

---[ slapd.conf quotation end   ]---



> In the simple case where 'by * none' would have the same effect, you could
> just put another ACI ahead of the one above so it comes out like this:
> ... 
> The problem is to write the ''.

is there way to know whether DN is a child of the admin's one,
except to look at the end of it, whether it ends with
"uid=ADMIN-USER-TO-PROCESS,ou=People,dc=foo" ?



> That would probably be easier if you were not defining admin users by their
> UID in a Posix group. Ideally there would be an attribute visible in each
> entry that defines admin status, as then you could just key on that.

it implies to use the attribute for each child object of the admin object

like:

---[ LDIF 2 quotation start ]---
dn: uid=adminuser,ou=People,dc=foo
belongsToAdmin: yes
...
objectClass: person

## branch for email service of talax.startrek.in domain object
dn: authorizedService=m...@talax.startrek.in,uid=adminuser,ou=People,dc=foo
belongsToAdmin: yes
...
objectClass: person

## email service of talax.startrek.in domain object
dn: 
uid=nee...@talax.startrek.in,authorizedService=m...@talax.startrek.in,uid=adminuser,ou=People,dc=foo
belongsToAdmin: yes
...
objectClass: person

## branch for email service of rinax.startrek.in domain object
dn: authorizedService=m...@rinax.startrek.in,uid=adminuser,ou=People,dc=foo
belongsToAdmin: yes
...
objectClass: person

## email service of rinax.startrek.in domain object
dn: 
uid=ali...@rinax.startrek.in,authorizedService=m...@rinax.startrek.in,uid=adminuser,ou=People,dc=foo
belongsToAdmin: yes
...
objectClass: person
---[ LDIF 2 quotation end   ]---

correct?



> If your admin group is defined as a standard DN-based groupOfNames then
> you could use the memberof overlay to reflect membership into an attribute
> of the user entry.

it implies to provide all admin's children dn-s as member for such a group

like

---[ LDIF 3 quotation start ]---
dn: cn=admin,ou=group,ou=system,dc=foo
cn: admin
member: uid=adminuser,ou=People,dc=foo
member: authorizedService=m...@talax.startrek.in,uid=adminuser,ou=People,dc=foo
member: 
uid=nee...@talax.startrek.in,authorizedService=m...@talax.startrek.in,uid=adminuser,ou=People,dc=foo
member: authorizedService=m...@rinax.startrek.in,uid=adminuser,ou=People,dc=foo
member: 
uid=ali...@rinax.startrek.in,authorizedService=m...@rinax.startrek.in,uid=adminuser,ou=People,dc=foo
objectClass: groupOfNames
---[ LDIF 3 quotation end   ]---

correct?

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


signature.asc
Description: PGP signature

Re: [Q] can I replicate several branches to the same slave from one master?

2017-07-03 Thread Zeus Panchenko 
Quanah Gibson-Mount <qua...@symas.com> wrote:
> > emm ... I was sure I can not do that on the master side ... just I try
> > do that, I receive full data ...
> 
> Then likely your ACLs were incorrect?
 
yes, they were

at last I was able to fix that and get it working the way (I believe) I want:

---[ slave configuration quotation start 
]---
...
syncrepl rid=0
 ...
 searchbase="dc=example"
 ...
...
---[ slave configuration quotation end   
]---


---[ master configuration quotation start 
]---
...
access to dn.children="cn=example-accesslog"
   by dn.one="ou=repl,ou=system,dc=example" read
   by * break

access to 
dn.regex="^uid=(.*)@(.*),authorizedService=(mail|xmpp)@(.*),uid=(.*),ou=People,dc=example$"
   
attrs=entry,entryCSN,entryUUID,objectClass,cn,o,uid,uidNumber,gidNumber,gecos,homeDirectory,loginShell,userPassword,creatorsName,createTimestamp,modifiersName,modifyTimestamp,mail,rfc822MailMember,sn,telephoneNumber,authorizedService,mu-mailBox
   by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read
   by * break

access to dn.regex="ou=ABC,ou=Sendmail,dc=example|ou=ABC,ou=DHCP,dc=example"
   by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read
   by * stop
...
# the final ACL
access to *
by set="[cn=admin,ou=group,dc=example]/memberUid & user/uid" write
by peername.ip=127.0.0.1 read
by self read
by users search
by * break
...
---[ master configuration quotation end   
]---


thank you all, for help!

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)

Re: [Q] can I replicate several branches to the same slave from one master?

2017-06-29 Thread Zeus Panchenko 
Quanah Gibson-Mount <qua...@symas.com> wrote:
> 
> Wouldn't it be simpler to define ACLs on the master that limit what
> the replication identity has access to that matches your filters?
> 

emm ... I was sure I can not do that on the master side ... just I try
do that, I receive full data ...

looks like some more permittive acl works for the replica ... can I
somehow know which acl matched the replica? But I was trying to place
replABC ACLs to the end of the list and still was not able to limit data
according the filter


> I would also note that your stanza limiting what attrs are replicated
> is missing the operational attributes that are necessary for sync
> replication to function, so I would fully expect errors.

do you mean entryCSN and entryUUID ?

> unique, as documented in the man page.  Given that OpenLDAP functions
> off of CSN values, partial replication is tricky, as the master can
> then have a contextCSN that does not correspond to anything in a
> partially replicated database, depending on how you slice it.
> 

I was sure I understood the documentation ...


-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)

Re: [Q] can I replicate several branches to the same slave from one master?

2017-06-29 Thread Zeus Panchenko 
Quanah Gibson-Mount <qua...@symas.com> wrote:

> --On Friday, June 30, 2017 12:48 AM +0300 Zeus Panchenko
> <z...@ibs.dn.ua> wrote:
> ...
> > 22:45:30 ABC slapd[12593]: do_syncrep2: rid=000 (53) Server is unwilling
> > to perform Jun 29 22:45:30 ABC slapd[12593]: do_syncrepl: rid=000 rc -2
> > retrying ---[ slave slapd.log quotation end
> > ]
> 
> And what does the master say?
> 

same thing:

slapd[38004]: conn=30116 op=3 SEARCH RESULT tag=101 err=53 nentries=0 
text=consumer state is newer than provider!


-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)

Re: [Q] can I replicate several branches to the same slave from one master?

2017-06-29 Thread Zeus Panchenko 
Andrew Findlay <andrew.find...@skills-1st.co.uk> wrote:
> 
> Try fixing the RIDs - use small numbers, all different. The exact values are 
> not important.
> Also try commenting out the second syncrepl clause until you have the others 
> working properly.
> You should be able to merge the first and second clauses as they share a 
> search-base.

I did both of them, now slave configuration looks this way:

---[ slave configuration quotation start ]
syncrepl rid=0
provider=ldap://master.example:389
starttls=critical
searchbase="ou=ABC,ou=Sendmail,dc=example"
bindmethod=simple
binddn="uid=replABC,ou=repl,dc=example"
credentials="***"
tls_cacert=/usr/local/etc/openldap/ssl/ca.crt
tls_cert=/usr/local/etc/openldap/ssl/ABC.crt
tls_key=/usr/local/etc/openldap/ssl/ABC.key
tls_reqcert=try
type=refreshAndPersist
retry="60 +"
logbase="cn=example-accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
syncdata=accesslog

syncrepl rid=1
provider=ldap://master.example:389
starttls=critical
searchbase="ou=People,dc=example"
bindmethod=simple
binddn="uid=replABC,ou=repl,dc=example"
credentials="***"
filter="(&(objectClass=authorizedServiceObject)(|(authorizedService=m...@foo.bar)(authorizedService=x...@foo.bar)))"
attrs="cn,entry,entryCSN,entryUUID,o,uid,uidNumber,gidNumber,gecos,homeDirectory,loginShell,userPassword,creatorsName,createTimestamp,modifiersName,modifyTimestamp,mail,rfc822MailMember,sn,authorizedService,mu-mailBox"
tls_cacert=/usr/local/etc/openldap/ssl/ca.crt
tls_cert=/usr/local/etc/openldap/ssl/ABC.crt
tls_key=/usr/local/etc/openldap/ssl/ABC.key
tls_reqcert=try
type=refreshAndPersist
retry="60 +"
logbase="cn=example-accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
syncdata=accesslog
---[ slave configuration quotation end   ]


I separated rid-s and even searchbases, but I still can see complains in
slapd.log file, though now it is only rid=0 which is complained on, not
both of them ...

---[ slave slapd.log quotation start ]
Jun 29 22:45:30 ABC slapd[12593]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT 
(53) Server is unwilling to perform
Jun 29 22:45:30 ABC slapd[12593]: do_syncrep2: rid=000 (53) Server is unwilling 
to perform
Jun 29 22:45:30 ABC slapd[12593]: do_syncrepl: rid=000 rc -2 retrying
---[ slave slapd.log quotation end   ]




> 
> You may also need to put ACLs on the accesslog database.
> 

is it something like this?

access to dn.children="cn=example-accesslog"
   by dn.children="ou=repl,dc=example" read
   by * break

but is not the fact that one replica working confirms, that replication is 
allowed
and I can see the changes for the objects of rid=1


-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)

[Q] can I replicate several branches to the same slave from one master?

2017-06-27 Thread Zeus Panchenko 
(53) Server is unwilling 
to perform
Jun 26 21:41:45 ABC slapd[67187]: do_syncrepl: rid=123 rc -2 retrying
Jun 26 21:41:45 ABC slapd[67187]: do_syncrep2: rid=123 LDAP_RES_SEARCH_RESULT 
(53) Server is unwilling to perform
Jun 26 21:41:45 ABC slapd[67187]: do_syncrep2: rid=123 (53) Server is unwilling 
to perform
Jun 26 21:41:45 ABC slapd[67187]: do_syncrepl: rid=123 rc -2 retrying
Jun 26 21:42:43 ABC slapd[67187]: conn=1003 fd=9 ACCEPT from IP=127.0.0.1:37489 
(IP=127.0.0.1:389)
Jun 26 21:42:43 ABC slapd[67187]: conn=1003 op=0 BIND dn="" method=128
- ---[ slave slapd.log quotation end   ]

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCWVGE9gAKCRCveOk+D/ej
Kp1JAJ9tFikqgeCHlzUXfQrcTQuHlAqNKwCdEMnIM6uOFRCNBN6oHmh4AyQ6j1U=
=Xn/Y
-END PGP SIGNATURE-

[Q] what is the correct way to filter by remote pf?

2017-06-27 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

greetings

please, advise

WHAT I HAVE:

routerB <-> netX/16
   ^
   |
   V
clients <-> routerA <-> netX/24


WHAT I NEED:
to provide `clients <-> netX/24' traffic on the base of routerB pf rules
so, the very decission to pass or to block have to be done on routerB



HOW I THINK TO DO THAT:

=
VARIANT I
- 
-

- ---[ routerA pf.conf quotation start 
]---
...
pass in log (to pflog1) on $if_clients-to-routerA from  to  
tag TO_AUTH
pass in log (to pflog1) route-to ($if_routerA-to-routerB $routerB_ip) tagged 
TO_AUTH
...
- ---[ routerA pf.conf quotation end   
]---

- ---[ routerB pf.conf quotation start 
]---
...
pass in log (to pflog1) on $if_routerB-to-routerA from  to 
 tag AUTHED
pass in log (to pflog1) route-to ($if_routerB-to-routerA $routerA_ip) tagged 
AUTHED
block  to 
...
- ---[ routerB pf.conf quotation end   
]---


RESULTS: I see packets redirected to routerB, but there the packets are looping
 untill the time to live exceeded



=
VARIANT II
- 
-

- ---[ routerA pf.conf quotation start 
]---
...
pass in log (to pflog1) on $if_clients-to-routerA from  to  
tag TO_AUTH
pass in log (to pflog1) route-to ($if_routerA-to-routerB $routerB_ip) tagged 
TO_AUTH
...
- ---[ routerA pf.conf quotation end   
]---


- ---[ routerB configuration quotation start 
]-

rc.conf
static_routes="netX24"
route_netX24="-net A.B.C.0/24 $routerA_ip"


pf.conf
pass in log (to pflog1) on $if_routerB-to-routerA from  to 
 tag AUTHED
block  to 

- ---[ routerB configuration quotation end   
]-


RESULTS: are same as for VARIANT I



=
VARIANT III
- 
-

something else ...
may it relate to pfsync somehow?


- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCWVJGygAKCRCveOk+D/ej
KhQoAKCHB+55dzTYOqD6S5mSC2TtCDjV8gCgzXQfBd3U30nXJMyj5Q4Ggfq1sRA=
=ZCm0
-END PGP SIGNATURE-
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

[Nix-commits] [NixOS/nixpkgs] 1b8aec: stellarium: 0.14.3 -> 0.15.0

2016-12-21 Thread ft@zeus 
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 1b8aec421b4d4423ed82f3734068531f3e7bcddd
  
https://github.com/NixOS/nixpkgs/commit/1b8aec421b4d4423ed82f3734068531f3e7bcddd
  Author: ft@zeus <ft@zeus>
  Date:   2016-12-21 (Wed, 21 Dec 2016)

  Changed paths:
M pkgs/applications/science/astronomy/stellarium/default.nix

  Log Message:
  ---
  stellarium: 0.14.3 -> 0.15.0

close #21271


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

ACL advice needed ...

2016-12-05 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

greetings,

I'm trying to configure ACL, I belive it is possible to ... but after
some attempts I doubt it is ...

please, help me to understand where I'm making the mistake/s ...

I need to manage possibility for "coadmins" group members to manage all
except the objects of "admins" group members

forgive me please my long explanation ...

so I have:

Important: the starting point in my case is auth accounts structure:

users do auth with (lets call it) "root" objects (most upper level):
uid=,ou=People,dc=abc

- ---[ accounts and groups start ]---
dn: uid=admin1,ou=People,dc=abc
dn: uid=admin7,ou=People,dc=abc
dn: uid=bil,authorizedService=serviceD,uid=admin7,ou=People,dc=abc

dn: uid=coadmin5,ou=People,dc=abc
dn: uid=johndoe,authorizedService=serviceA,uid=coadmin5,ou=People,dc=abc

dn: uid=coadmin6,ou=People,dc=abc

dn: cn=admins,dc=abc
memberUid: admin1
- ---[ accounts and groups end   ]---

group objects memberUid attribute value contains uid of the "root"
objects

- ---[ group structure start ]---
dn: cn=coadmins,ou=group,dc=abc
memberUid: coadmin5
memberUid: coadmin6
- ---[ group structure end   ]---


here is the ACL I managed to work as I want:

- ---[ quotation start ]---
access to dn.subtree="dc=abc" attrs=userPassword
by set="[cn=admin,ou=group,dc=abc]/memberUid & user/uid" manage
by set.exact="this/-2 & user" write
by self write
by anonymous auth
by * break
- ---[ quotation end   ]---

this allows admins to manage passwords of anybody and for all other
users manage passwords of self "root" account and service accounts (look
structure of account objects above)


and now, I had a hope to do the same to get possibility for coadmins to manage
passwords of anybody except admins, and here what I thought about:

- ---[ quotation start ]---
access to dn.subtree="dc=abc" attrs=userPassword
by set="[cn=admin,ou=group,dc=abc]/memberUid & user/uid" manage
by set="(([cn=admin,ou=group,dc=abc]/memberUid & this/uid) | 
([cn=admin,ou=group,dc=abc]/memberUid & [this/-2]/uid)) & 
([cn=coadmin,ou=group,dc=abc]/memberUid & user/uid)" disclose
by set="[cn=coadmin,ou=group,dc=abc]/memberUid & user/uid" manage
by set.exact="this/-2 & user" write
by self write
by anonymous auth
by * break
- ---[ quotation end   ]---

and it doesn't work


the initial idea of the second `by set=' row is:
for coadmins to disallow all access to userPassword if account belongs to admin 

am I right to expect:

1.1. "[cn=admin,ou=group,dc=abc]/memberUid & this/uid" 
 is true if uid of current record is member of the group `admin'

 when `this' is the very "root" account (uid=admin7,ou=People,dc=abc)

1.2. "[cn=admin,ou=group,dc=abc]/memberUid & [this/-2]/uid"
 uid of the "root" account (uid=admin7,ou=People,dc=abc) is admin group 
member

 when `this' is service account like:
 uid=bil,authorizedService=serviceD,uid=admin7,ou=People,dc=abc
 `this/-2' trimms it to `uid=admin7,ou=People,dc=abc' and `/uid' have to 
provide uid value

1.3. "[cn=coadmin,ou=group,dc=abc]/memberUid & user/uid"
 true if currently loggedin user uid is coadmin group member


so ... was I successfull to explain what I want? :)

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlhFk1kACgkQr3jpPg/3oyp7XgCggcp9Y909JRQOknE7GkgjmZpw
/sYAoIyimb3gcy38qZAjlyHfbF+rH63a
=aqts
-END PGP SIGNATURE-

[Gambas-user] FRAME

2016-11-25 Thread zeus Jesus 
 GREETINGS.
  IS THERE ANY OPTION TO ADD A SCROLL TO A FRAME?
  I HAVE AN APPLICATION WITH ALL THE ELEMENTS CONTAINED IN A FRAME BUT WHEN
THE RESOLUTION OF THE SCREEN WHERE THE APPLICATION IS INSTALLED IS LOW THE
SYSTEM IS NOT SHOWN PROPERLY, LOSING PART OF THE ELEMENTS CONTAINED IN THE
FRAME.
--
___
Gambas-user mailing list
Gambas-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/gambas-user

Re: is lagg (re+wlan) working on 11.0-RELEASE?

2016-11-16 Thread Zeus Panchenko 
thanks for quick reply

J.R. Oldroyd <f...@opal.com> wrote:
> There is a work-around.  Configure the re interface with the MAC
> address of the wlan instead of the other way around.

I done it and here is what happens:

1. I boot notebook with wire *not* plugged in,
   wlan is up, associated and authed, network is OK

2. I plug wire and network becomes stale

3. I run `tcpdump -ni lagg0' to see what's going on and oh wonder,
   network comes back lo life!


so ... either to not to use lagg or run tcpdump constantly ... it is
rather weird :(

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


pgpQC1881A51t.pgp
Description: PGP signature

[igraph] help: R bomb when calculating assortativity with NA values

2016-11-15 Thread Veronika Zeus 
Hello,

I am working in R Studio 0.99.903 and want to calculate the
assortativity for two variables.
1. Do individuals cluster if they are of the same sex? Male (m) or
Female (f)
2. Do individuals cluster if they have the same reproductive status?
Reproductive active (y), non-active (n), NA <- so here I have quite some
NA values

the association data is in file "network_2013"
the info on sex and reproductive status of the individuals is in file
my_supp_2013


#conversion of network data into igraph graph
net_graph_2013 <-
graph.adjacency(network_2013,mode="undirected",weighted=TRUE,diag=FALSE)

# Sex
assortativity_nominal(net_graph_2013, my_supp_2013$Sex, directed=F)

# Repr Status
assortativity_nominal(net_graph_2013, my_supp_2013$Repro, directed=F)


I do not know why it works for the Sex but not for Reproductive Status.
I assume it has to do with the NA values?

Please help.


Veronika
"","X0566","X0696","X08AD","X0942","X0A19","X0EDF","X17B5","X199B","X1C19","X1F19","X1F85","X2253","X2389","X260B","X2877","X287B","X297D","X2C47","X2D08","X2D53","X2DB2","X2E96","X30DA","X32AD","X32BC","X3437","X3449","X35A6","X3931","X3946","X3B21","X3BE1","X3D2A","X3D93","X4E85","X58D2","X593D","X6886","X73AA","X7807","X7899","X879B","X89BC","X8ACD","X9027","X97F6","X9CDF","XB2B6","XBF50"
"X0566",0,0.219512195121951,0.225,0.168539325842697,0.037037037037037,0.2625,0.160714285714286,0.204081632653061,0.322,0.0897435897435897,0.206896551724138,0.174418604651163,0.309090909090909,0.228915662650602,0.253012048192771,0.311,0.369230769230769,0.0843373493975904,0.261538461538462,0.243243243243243,0.342465753424658,0.240384615384615,0.270588235294118,0.36986301369863,0.0175438596491228,0.28735632183908,0.228260869565217,0.345679012345679,0.046875,0.181818181818182,0.0886075949367089,0.194,0.268817204301075,0.188235294117647,0.0930232558139535,0.313432835820896,0.0556,0.372881355932203,0.0930232558139535,0.0192307692307692,0.0185185185185185,0.0886075949367089,0.0588235294117647,0.103448275862069,0.19,0.262295081967213,0.32258064516129,0.103896103896104,0.0851063829787234
"X0696",0.219512195121951,0,0.373626373626374,0.288659793814433,0.0987654320987654,0.292134831460674,0.0476190476190476,0.330097087378641,0.473684210526316,0.233,0.372340425531915,0.326530612244898,0.144578313253012,0.397849462365591,0.347826086956522,0.4270833,0.148936170212766,0.308510638297872,0.174418604651163,0.303370786516854,0.247311827956989,0.4,0.26530612244898,0.378,0.0875,0.43298969072165,0.343434343434343,0.365591397849462,0.192771084337349,0.234567901234568,0.213483146067416,0.295454545454545,0.383838383838384,0.284210526315789,0.2,0.270588235294118,0.126582278481013,0.2,0.2708333,0.1125,0.0625,0.225806451612903,0.0625,0.284210526315789,0.411764705882353,0.129411764705882,0.188235294117647,0.303370786516854,0.287128712871287
"X08AD",0.225,0.373626373626374,0,0.34375,0.0526315789473684,0.423529411764706,0.051948051948052,0.39,0.393617021276596,0.244186046511628,0.387096774193548,0.333,0.128205128205128,0.523255813953488,0.563218390804598,0.489130434782609,0.25,0.280898876404494,0.27710843373494,0.397590361445783,0.258426966292135,0.514563106796116,0.301075268817204,0.364705882352941,0.0945945945945946,0.446808510638298,0.442105263157895,0.351648351648352,0.144578313253012,0.294871794871795,0.232558139534884,0.40506329113924,0.419354838709677,0.417582417582418,0.197802197802198,0.238095238095238,0.0921052631578947,0.154761904761905,0.252631578947368,0.0267,0.051948051948052,0.333,0.08,0.304347826086957,0.42,0.111,0.25609756097561,0.227272727272727,0.3020833
"X0942",0.168539325842697,0.288659793814433,0.34375,0,0.125,0.313131313131313,0.0556,0.365384615384615,0.310679611650485,0.379310344827586,0.431578947368421,0.326732673267327,0.10989010989011,0.277227722772277,0.333,0.343137254901961,0.123711340206186,0.365591397849462,0.202127659574468,0.221052631578947,0.244897959183673,0.373831775700935,0.23469387755102,0.275510204081633,0.0987654320987654,0.362745098039216,0.349514563106796,0.252525252525253,0.261904761904762,0.267,0.411764705882353,0.285714285714286,0.35,0.3854167,0.282828282828283,0.204081632653061,0.121951219512195,0.172043010752688,0.343434343434343,0.0740740740740741,0.0853658536585366,0.454545454545455,0.0864197530864197,0.43010752688172,0.380952380952381,0.0978260869565217,0.168421052631579,0.380434782608696,0.422680412371134

Re: is lagg (re+wlan) working on 11.0-RELEASE?

2016-10-18 Thread Zeus Panchenko 
thanks for quick reply

J.R. Oldroyd <f...@opal.com> wrote:
> There is a work-around.  Configure the re interface with the MAC
> address of the wlan instead of the other way around.

I done it and here is what happens:

1. I boot notebook with wire *not* plugged in
   wlan is up, associated and authed, network is OK

2. I plug wire and network becomes stale

3. I run `tcpdump -ni lagg0' to see what's going on and oh, wonder,
   network comes back lo life!


so ... either to not to use lagg or run tcpdump constantly ... it is
rather weird :(

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


pgpi3chBzMziI.pgp
Description: PGP signature

Re: pfsync for sshguard table sync on several hosts

2016-10-12 Thread Zeus Panchenko 
mxb <m...@alumni.chalmers.se> wrote:

> Use BGP to distribute list of IP addresses.
> Like it is done at http://bgp-spamd.net/

what about pfsync indeed? I need black list of addresses I do can
control on my own and to install BGP infrastructure for local needs
looks excessive

isn't psync aimed for the tasks like this one?

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)


pgpXSyCIWQRD7.pgp
Description: PGP signature

can I freebsd-updtae from 11-CURRENT to 11.0-RELEASE?

2016-10-11 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi,

can I freebsd-updtae from 11-CURRENT to 11.0-RELEASE, please?

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlf9Qp0ACgkQr3jpPg/3oypC5ACg61LDsnl6QKFen8+SlgJWEhH7
EgsAnjzP+QqVMERujIPBkuVLy/e/EIzp
=WV/K
-END PGP SIGNATURE-
___
freebsd-amd64@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-amd64
To unsubscribe, send any mail to "freebsd-amd64-unsubscr...@freebsd.org"

psync for sshguard table sync on several hosts

2016-10-11 Thread Zeus Panchenko 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi,

please advise

I think of pfsync-ing sshguard table content among several hosts to get
one big table on each host, since IP blocked on one host I want to be
blocked on all others automatically (all hosts are terminated in one
VPN) ...

am I correct to consider psync as right way to get that?

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlf9KHEACgkQr3jpPg/3oyojOwCgpZbc04rwL41LIIDaVDPgR7Vi
G8QAoOP5wj87qh4JpT7NePGvnZBbplp2
=NSkz
-END PGP SIGNATURE-
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

[Q] "selective" ACL

2016-09-09 Thread Zeus Panchenko 
hi,

I'm trying to configure a not complex (as I believe) ACL ... but have some
difficulties

I have two posixGroup groups 

cn=admins,ou=group,dc=foo
cn=coadmins,ou=group,dc=foo

my users resides in ou=People,dc=foo

so, in subtree ou=People,dc=foo I need to allow anything to admins (and
it is not difficult of course)

for example this works for me:

access to dn.subtree="ou=People,dc=foo"
by set="[cn=admin,ou=group,dc=foo]/memberUid & user/uid" manage
by self write
by users read
by * break

but in addition I need to allow my coadmins to do the same things except
manipulations upon the objects which belong to admins (
...anyobject,uid=adminuser,ou=People,dc=foo )

so, the question is: how? (if it is possible at all) :(

please, advise

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)

Re: wan1 as default, wan2 dedicated to a service

2016-08-10 Thread Zeus Panchenko 
Max <maxi...@als.nnov.ru> wrote:

> Probably you should use
> pass out log on $if_dvr reply-to ($if_wan2 $gw_wan2) to 

thank you, Max, this helped

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

Re: default to wan1, definite subnet replies to wan2

2016-08-04 Thread Zeus Panchenko 
sorry for noise, please ignore this incomplete message

Zeus Panchenko <z...@ibs.dn.ua> wrote:

> greetings,
> 
> I have two wan intefaces, wan1 and wan2
> 
> wan1 is for default
> 
> I have subnet in my LAN all replies from which I need to direct through
> wan2
> 
> I hoped to do that with this pf configuration:
> 
> if_service = "vlan1234" # service network
> table  const { 10.0.0.0/24 }
> # requests for the service 
> rdr pass on $if_wan2 proto { tcp, udp } to ($if_wan2) port 1234 -> 10.0.0.1 
> port 5678
> nat log on $if_wan2 from  to any -> ($if_wan2)
> ...
> pass in log on $if_video route-to ($if_wan3 $gw_wan3) from  to ! 
>  keep state
> 

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

wan1 as default, wan2 dedicated to a service

2016-08-04 Thread Zeus Panchenko 
hi,
I need trivial thing but wondering where am I wrong ... :(
help please

I have two WAN interfaces: wan1 and wan2
wan1 is default route interface, wan2 is dedicated for DVR (video)

I'm trying to direct all output from DVR to wan2 (here I do not care of
where a request to DVR came from, I want all replies to go out trough wan2)

so, I hoped to do that with this pf.config

---[ start ]
if_wan1 = "em0"
if_wan2 = "igb0" # ip address A.B.C.D
gw_wan2 = "E.F.G.H"
if_dvr="vlan123"
table  const { 10.0.0.0/24 }
# redirect all requests on wan2 to DVR host1
rdr pass on $if_wan2 proto { tcp, udp } to ($if_wan2) port 1234 -> 10.0.0.1 
port 5678
nat log on $if_wan2 from  to any -> ($if_wan2)
...
pass in log on $if_dvr route-to ($if_wan2 $gw_wan2) from  to any keep state
---[ stop  ]

as results, 
I see requests from world on $if_wan2
I see redirects of the requests, out packets on $if_dvr
I see replies to the requests, in packets on $if_dvr
but I see ($if_wan2) sourced replies, and I see them on *$if_wan1*

so, as I understand ... route-to works, otherwise replies wouldn't be
from ($if_wan2)

but nated replies appears on $if_wan1 what is default route ... so
... how can I have replies go out through $if_wan2? is it question of
the second routing table?

please, advise
-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

[PATCH]Translation to ja(LICENSE & README)

2016-03-23 Thread ZEUS-mgtGM KUJIRAI, Takahiro 
Hi, Dounin


Thank you for your response.
I understand it.

>There are various other languages, see here:
>
>http://hg.nginx.org/nginx.org/file/tip/xml
>
>Though all except English and Russian are stale and was deactivated.
>
>--
>Maxim Dounin
>http://nginx.org/>

Best Regards,
Takahiro Kujirai



___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[PATCH]Translation to ja(LICENSE & README)

2016-03-22 Thread ZEUS-mgtGM KUJIRAI, Takahiro 
Hi, Dounin


Thank you for your response.
I understood about LICENSE & README.


>I think it's not going to work.  We maintain Russian version of
>CHANGES only because many of the developers are Russians
>(including me) and can more or less easily write them while
>releasing a new version.
>
>We've already tried to maintain translations of the nginx.org site
>to various languages.  The problem is that translations are
>[almost] not refreshed after an initial translation is done and
>quickly become stale, resulting in negative net effect.

I saw nginx.org, I found English site & Russian site.
---
http://nginx.org/en/
http://nginx.org/ru/

What other language site is it?

And if there is a Japanese site, I want to translate.


Best Regards,
Takahiro Kujirai


___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[PATCH]Translation to ja(LICENSE & README)

2016-03-21 Thread ZEUS-mgtGM KUJIRAI, Takahiro 
Hi, Dounin



Thank you for your response.

I think needing translations to various languages.
Because it is easy to understand licenses.

By the way, is README too?


And I think CHANGES needs to translate to various languages, not only Russian.
What do you think?


Best Regards,
Takahiro Kujirai




Hello!

On Thu, Mar 17, 2016 at 03:01:45PM +0900, ZEUS-mgtGM KUJIRAI, Takahiro
wrote:

> # HG changeset patch
> # User Takahiro Kujirai 
> # Date 1458193783 -32400
> #  Thu Mar 17 14:49:43 2016 +0900
> # Node ID c08b49903ee70fb2fa4d9e133eadbd9ab8e4a12d
> # Parent  81329f6a4254df3701b626d18cf8b9245e6d8aa1
> Translate to ja(LICENSE & README)

Sorry, but we have no resources to maintain such translations to
multiple languages.

Additionally, license translations needs a lawyer - and this is
not something we want to spend our time on.  If you really need
appropriate translation of the license, Wikipedia has
translations to various languages:

https://en.wikipedia.org/wiki/BSD_licenses#2-clause

-- 
Maxim Dounin
http://nginx.org/



___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[no subject]

2016-03-19 Thread ZEUS-mgtGM KUJIRAI, Takahiro 
# HG changeset patch
# User Takahiro Kujirai 
# Date 1458193783 -32400
#  Thu Mar 17 14:49:43 2016 +0900
# Node ID c08b49903ee70fb2fa4d9e133eadbd9ab8e4a12d
# Parent  81329f6a4254df3701b626d18cf8b9245e6d8aa1
Translate to ja(LICENSE & README)

diff -r 81329f6a4254 -r c08b49903ee7 docs/text/LICENSE.ja
--- /dev/null   Thu Jan 01 00:00:00 1970 +
+++ b/docs/text/LICENSE.ja  Thu Mar 17 14:49:43 2016 +0900
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2002-2016 Igor Sysoev
+ * Copyright (C) 2011-2016 Nginx, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 以下の条件を満たすならば、変更の有無に関わらずソースコード形式とバイナリー
形式の
+ * 再配布や使用が許可されます。
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ *ソースコードの再配布は、上記の著作権表示、条件と以下の免責事項のリスト
を保持しなければならない。
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *バイナリー形式の再配布は、上記の著作権表示、ドキュメントや他の配布され
た製品の
+ *条件と以下の免責事項のリストを保持しなければならない。
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
diff -r 81329f6a4254 -r c08b49903ee7 docs/text/README.ja
--- /dev/null   Thu Jan 01 00:00:00 1970 +
+++ b/docs/text/README.ja   Thu Mar 17 14:49:43 2016 +0900
@@ -0,0 +1,4 @@
+
+Documentation is available at http://nginx.org
+ドキュメントは、http://nginx.orgで入手可能です。
+

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[PATCH]Translation to ja(LICENSE & README)

2016-03-19 Thread ZEUS-mgtGM KUJIRAI, Takahiro 
# HG changeset patch
# User Takahiro Kujirai 
# Date 1458193783 -32400
#  Thu Mar 17 14:49:43 2016 +0900
# Node ID c08b49903ee70fb2fa4d9e133eadbd9ab8e4a12d
# Parent  81329f6a4254df3701b626d18cf8b9245e6d8aa1
Translate to ja(LICENSE & README)

diff -r 81329f6a4254 -r c08b49903ee7 docs/text/LICENSE.ja
--- /dev/nullThu Jan 01 00:00:00 1970 +
+++ b/docs/text/LICENSE.jaThu Mar 17 14:49:43 2016 +0900
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2002-2016 Igor Sysoev
+ * Copyright (C) 2011-2016 Nginx, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 以下の条件を満たすならば、変更の有無に関わらずソースコード形式とバイナリー
形式の
+ * 再配布や使用が許可されます。
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ *ソースコードの再配布は、上記の著作権表示、条件と以下の免責事項のリスト
を保持しなければならない。
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *バイナリー形式の再配布は、上記の著作権表示、ドキュメントや他の配布され
た製品の
+ *条件と以下の免責事項のリストを保持しなければならない。
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
diff -r 81329f6a4254 -r c08b49903ee7 docs/text/README.ja
--- /dev/nullThu Jan 01 00:00:00 1970 +
+++ b/docs/text/README.jaThu Mar 17 14:49:43 2016 +0900
@@ -0,0 +1,4 @@
+
+Documentation is available at http://nginx.org
+ドキュメントは、http://nginx.orgで入手可能です。
+


___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

"nginx -v" outputs is in stderr.

2016-02-17 Thread ZEUS-mgtGM KUJIRAI, Takahiro 
Hello, Dounin!


>Yes, this is by design.
>See https://trac.nginx.org/nginx/ticket/592 for more details.

I understood.
And, I like stdout, I'll change source codes and use nginx.


Thanks.
Takahiro Kujirai
@Zeus-Enterprise.Co.Ltd

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

how to disable spam checks for authenticated users?

2016-01-14 Thread Filippo Zeus 

Hi all,
I'm new to postfix 2.11.3 under debian 8 and I have recently configured 
postfix+amavis+spamassassin+clamav+dovecot with virtual users (mysql).


all seems to work ok but I'd like to disable amavis (and 
spamassassin/clam) checks for authenticated users mainly, and eventually 
for locally generated mails.


can anyone help me ?

I've already declared at the beginnig of my *restrictions* 
"permit_ssl_authenticated, permit_mynetworks, permit" in main.cf but 
without success.



Here is my configuration ---> http://paste.debian.net/365929/



Hope someone can help me

Thanks in advence

[Bug 1187039] Re: some features of Nautilus do not function any more (Raring)

2015-11-11 Thread Zeus 
Please I only have Dolphin file Manager installed just for this, but it
crashes a lot.

The status bar is really useful.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187039

Title:
  some features of Nautilus do not function any more (Raring)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1187039/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Desktop-packages] [Bug 1187039] Re: some features of Nautilus do not function any more (Raring)

2015-11-11 Thread Zeus 
Please I only have Dolphin file Manager installed just for this, but it
crashes a lot.

The status bar is really useful.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1187039

Title:
  some features of Nautilus do not function any more (Raring)

Status in nautilus package in Ubuntu:
  Confirmed

Bug description:
  1. the status line at the bottom of the Nautilus window (showing free
  disk space, amount of selected files etc.) disappeared after upgrading
  from Quantal to Raring.

  2. the small arrows within the files list also disappeared which
  allowed to quickly open folders (those were VERY useful on my slow
  Atom netbook, need them back! opening a folder the normal way always
  takes 2-3 seconds, going back to the previous folder again needs 2-3
  seconds, this sucks big time)

  3. minor problem: all my Nautilus bookmarks disappeared after
  upgrading from Quantal to Raring.

  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: nautilus 1:3.6.3-0ubuntu16
  ProcVersionSignature: Ubuntu 3.8.0-23.34-generic 3.8.11
  Uname: Linux 3.8.0-23-generic i686
  ApportVersion: 2.9.2-0ubuntu8
  Architecture: i386
  Date: Mon Jun  3 17:12:58 2013
  EcryptfsInUse: Yes
  GsettingsChanges:
   b'org.gnome.nautilus.window-state' b'geometry' b"'800x540+0+31'"
   b'org.gnome.nautilus.window-state' b'maximized' b'true'
  InstallationDate: Installed on 2012-12-20 (165 days ago)
  InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release i386 (20121017.2)
  MarkForUpload: True
  SourcePackage: nautilus
  UpgradeStatus: Upgraded to raring on 2013-05-22 (12 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1187039/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Bug 1187039] Re: some features of Nautilus do not function any more (Raring)

2015-11-11 Thread Zeus 
Please I only have Dolphin file Manager installed just for this, but it
crashes a lot.

The status bar is really useful.

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1187039

Title:
  some features of Nautilus do not function any more (Raring)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1187039/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

Re: [HACKERS] WIP: Fix parallel workers connection bug in pg_dump (Bug #13727)

2015-11-05 Thread Zeus Kronion 
On Nov 1, 2015 5:04 PM, "Marko Tiikkaja" <ma...@joh.to> wrote:
>
> On 10/25/15 10:55 PM, Zeus Kronion wrote:
>>
>> Parallel workers were failing to connect to the database when running
>> pg_dump with a connection string. The first of the following two commands
>> runs without errors, while the second one fails:
>> pg_dump "postgres://my-user:my-passw...@my.hostname.com:5432/my-db" -Fd
-f
>> my-dump
>> pg_dump "postgres://my-user:my-passw...@my.hostname.com:5432/my-db" -Fd
>> --jobs=9 -f my-dump
>>
>> The error message:
>> pg_dump: [parallel archiver] connection to database "my-db" failed:
>> fe_sendauth: no password supplied
>>
>> The password is not being stored correctly in the PGconn object when
>> connecting with a connection string.
>
>
> Yeah, the current code is definitely broken for this case.  However, I
don't feel like this patch is quite there yet, either.  _connectDB has
similar logic in it which might be hit in case e.g. a a user's HBA is
changed from a non-password-requiring method to a password-requiring one
after the one or more connections has been initiated.  That one needs
changing as well.

I wasn't aware of that case. Should be an easy fix to make this weekend.

> However, I don't quite like the way the password cache is kept up to date
in the old *or* the new code.  It seems to me that it should instead look
like:
>
>if (PQconnectionUsedPassword(AH->connection))
>AH->savedPassword = PQpass(AH->connection);
>
> What do you think?

I don't understand why this logic is preferable. Is your concern that
AH->savedPassword may contain a password even when none is needed? Or is
the change simply meant to give the reader a better sense of what is
actually going on?

-CS

Re: [HACKERS] WIP: Fix parallel workers connection bug in pg_dump (Bug #13727)

2015-10-30 Thread Zeus Kronion 
I'm still unclear on how to write regression tests for a connectivity bug.
Are they necessary in this case?

On Sun, Oct 25, 2015 at 5:55 PM, Zeus Kronion <zkron...@gmail.com> wrote:

> Parallel workers were failing to connect to the database when running
> pg_dump with a connection string. The first of the following two commands
> runs without errors, while the second one fails:
> pg_dump "postgres://my-user:my-passw...@my.hostname.com:5432/my-db" -Fd
> -f my-dump
> pg_dump "postgres://my-user:my-passw...@my.hostname.com:5432/my-db" -Fd
> --jobs=9 -f my-dump
>
> The error message:
> pg_dump: [parallel archiver] connection to database "my-db" failed:
> fe_sendauth: no password supplied
>
> The password is not being stored correctly in the PGconn object when
> connecting with a connection string.
>
> This is my first time contributing to Postgres, so I tried to stick to the
> instructions from the "Submitting a Patch" wiki. This submission is for
> discussion because I haven't figured out how to write regression tests for
> this patch yet (and I would appreciate guidance).
>
> Target branch: master
> Compiles and tests successfully: true
> Platform-specific items: none
> Regression tests: still needed
> Documentation: N/A
> Performance implications: none
>

[HACKERS] WIP: Fix parallel workers connection bug in pg_dump (Bug #13727)

2015-10-26 Thread Zeus Kronion 
Parallel workers were failing to connect to the database when running
pg_dump with a connection string. The first of the following two commands
runs without errors, while the second one fails:
pg_dump "postgres://my-user:my-passw...@my.hostname.com:5432/my-db" -Fd -f
my-dump
pg_dump "postgres://my-user:my-passw...@my.hostname.com:5432/my-db" -Fd
--jobs=9 -f my-dump

The error message:
pg_dump: [parallel archiver] connection to database "my-db" failed:
fe_sendauth: no password supplied

The password is not being stored correctly in the PGconn object when
connecting with a connection string.

This is my first time contributing to Postgres, so I tried to stick to the
instructions from the "Submitting a Patch" wiki. This submission is for
discussion because I haven't figured out how to write regression tests for
this patch yet (and I would appreciate guidance).

Target branch: master
Compiles and tests successfully: true
Platform-specific items: none
Regression tests: still needed
Documentation: N/A
Performance implications: none


pworker-connection-fix-v1.patch
Description: Binary data

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

  1   2   3   4   5   6   7   8   9   >