Re: [SLUG] Graphics library
Erik de Castro Lopo wrote: but would imagemagick ( http://www.imagemagick.org/script/index.php) do what you want? Oh, cool. I wasn't aware that imagemagick also did text. Installing libmagick6-dev now. Thanks. Ok, I've looked at image magick, spent a bunch of time getting something working and all I can say is yuck. Hmm, I wonder what Keith Packard et al's libcairo is like. I really doubt it could be half as bad. Erik -- +---+ Erik de Castro Lopo +---+ Hundreds of thousands of people couldn't care less about Kylix and what it runs on. It's there for the dying breed of die-hard Pascal fanatics who missed their 20 year window to migrate to C and C++. -- Kaz Kylheku in comp.os.linux.development.apps -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Graphics library
This one time, at band camp, Erik de Castro Lopo wrote: Erik de Castro Lopo wrote: but would imagemagick ( http://www.imagemagick.org/script/index.php) do what you want? Oh, cool. I wasn't aware that imagemagick also did text. Installing libmagick6-dev now. Thanks. Ok, I've looked at image magick, spent a bunch of time getting something working and all I can say is yuck. Hmm, I wonder what Keith Packard et al's libcairo is like. I really doubt it could be half as bad. The API to cairo is really really nice, especially if you're coming from a PDF/PostScript generation background. I suspect it may be a little involved to do what you want with it, but it's certainly possible. I didn't mention it earlier because I thought ImageMagick would have been a more appropriate tool. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Graphics library
Jamie Wilkinson wrote: The API to cairo is really really nice, And it has gasp documentation /gasp. I suspect it may be a little involved to do what you want with it, but it's certainly possible. I didn't mention it earlier because I thought ImageMagick would have been a more appropriate tool. The use of image magick as a library has willfully slaughtered way too many of my brain cells for me to ever forgive you for that :-). Erik -- +---+ Erik de Castro Lopo +---+ We can build a better product than Linux -- Microsoft Corp.'s Windows operating-system chief, Jim Allchin. One has to wonder why, with their huge resources, they haven't. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Graphics library
Erik de Castro Lopo wrote: Hmm, I wonder what Keith Packard et al's libcairo is like. I really doubt it could be half as bad. Bloody hell! Cairo is as good as libimagemagick is bad. After just reading a bit of the documentation and without looking at any example code, it took me about 30 minutes to do what it took me over 5 hours of googling, and poring over very ugly Image Magick internals to do with libimagemagic. Anyone who wants to learn about good C library API design and documentation should look to Cario as glowing beacon of brilliance. Erik -- +---+ Erik de Castro Lopo +---+ Everyone seems to assume that the current system in America is capitalism. I beg to differ. True capitalism does not involve false advertising, distribution cartels, or political lobbying for special advantages in the market. How can you call Microsoft or the RIAA capitalist, when their main business is interfering with a free market? Some of us would like to see a *return* to capitalism in this country. - Jim Flynn on Linuxtoday.com -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] Graphics library
If you are going to look at libraries that are used for display rendering you might also want to check out Rasterman's Imlib2 http://www.enlightenment.org/Libraries/Imlib2/ (he may also be working on a successor there as well, one of the e-somethings but I can't work out which one) I guess Gdk from the Gnome suite might also be able to be used) Martin Visser Technology Consultant Consulting Integration Technology Solutions Group - HP Services 410 Concord Road Rhodes NSW 2138 Australia Mobile: +61-411-254-513 Fax: +61-2-9022-1800 E-mail: martin.visserAThp.com This email (including any attachments) is intended only for the use of the individual or entity named above and may contain information that is confidential, proprietary or privileged. If you are not the intended recipient, please notify HP immediately by return email and then delete the email, destroy any printed copy and do not disclose or use the information in it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik de Castro Lopo Sent: Wednesday, 19 April 2006 4:23 PM To: slug@slug.org.au Subject: Re: [SLUG] Graphics library Jamie Wilkinson wrote: The API to cairo is really really nice, And it has gasp documentation /gasp. I suspect it may be a little involved to do what you want with it, but it's certainly possible. I didn't mention it earlier because I thought ImageMagick would have been a more appropriate tool. The use of image magick as a library has willfully slaughtered way too many of my brain cells for me to ever forgive you for that :-). Erik -- +---+ Erik de Castro Lopo +---+ We can build a better product than Linux -- Microsoft Corp.'s Windows operating-system chief, Jim Allchin. One has to wonder why, with their huge resources, they haven't. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: [SLUG-ANNOUNCE] debsig tonight
On Wed, 2006-04-19 at 12:44 +1000, Robert Collins wrote: Debsig is on again tonight, at the Cohi Bar: Meh, April 19th. Tonight. Now! Rob When: Wednesday, April 12, 6.30pm - 10.30pm Where: Cohi Bar, 359 Harbourside, Darling Harbour This is the second debsig this month - our first one was a week earlier than usual, and its time to return to our regular schedule. This weeks entertainment includes 'Stuff', 'more stuff' and perhaps some variety - 'Other stuff'. In other words theres no specific programme, but I'm sure we can find something to talk about ! Rob -- SLUG - Sydney Linux User Group Announcements List - http://slug.org.au More info: http://lists.slug.org.au/listinfo/announce -- GPG key available at: http://www.robertcollins.net/keys.txt. signature.asc Description: This is a digitally signed message part -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Ubuntu 5.10 query
Just noticed something odd and maybe someone on list might know the quick reply.. google is not prooving helpfull, so rather then waste more time (straight to the experts). It appears if I go into the settings for the logon manager thing, I notice if I select autologin options and then use the pulldown to select a user, I am only seeing one user (and its not the user I want). I have 2 users on my system, and it appears the pull down only allows one of them to be seen. Anyone got a clue stick on whats going on. Further more, if someone can tell me the file I have to manually edit that will suit me also. Just got my mythtvfrontend to work through tv out and it looks great, so much so I think I will make a user autologon at boot and make it so the mythfrontend loads at logon and uses the tv out as primary display, so I can get around to watching a heap of recordings on a tv and using the remote. Thanks -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: Ubuntu 5.10 query
On 4/19/06, Michael Fox [EMAIL PROTECTED] wrote: one of them to be seen. Anyone got a clue stick on whats going on. Further more, if someone can tell me the file I have to manually edit that will suit me also. Just as a follow up and for the archives... the file that gets edited is; /etc/X11/gdm/gdm.conf You'll see the sections dealing with autologin, and be sure to restart gdm via; /etc/init.d/gdm stop /etc/init.d/gdm start Thanks -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: hoxuw one
Dea t r Home Ow m ne l r , Your c m re r dit doesn't matter to us ! If you O t WN real e e st m at r e and want IMM n ED l IAT n E cas o h to sp v en y d ANY way you like, or simply wish to L z OWER your monthly p l aym c ents by a third or more, here are the d m eals we have T v OD b AY : $ 48 j 8 , 000 - 3 , i 67% fi w xed - rat i e $ 37 e 2 , 000 - 3 i , 90% va u ri l able - rat j e $ 4 n 92 , 000 - 3 c , 21% in t teres f t - only $ 24 c 8 , 000 - 3 f , 36% f a ixed - rat h e $ 1 p 98 , 000 - 3 , g 55% vari h able - ra d te Hurr t y, when these d q ea u ls are gone, they are gone ! Don't worry about a e ppr l ova w l, your c a redi l t will not d e isqu n alif z y you ! complet a e e i asy w d eb fo m rm Sincerely, Szczesny Rostad A z ppr e ov f al Manager-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] sudo command over ssh - pasword echo
I am wanting to do a command with sudo via ssh that requires a password but the problem is that when I enter the password it is echoed to the screen. ie ssh [EMAIL PROTECTED] sudo apt-get dist-upgrade password: PASSWORD-HERE Is there a way to stop this being echoed or a better way to do this? TIA -- Simon Wong [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Ldap error
Hi I am having to trouble to use ldapadd command , it always asks me ldap_bind: invalid credentials [49]. Any clear solution. I have googled so much but no solution yet. Regards selim Regards Muhammad Selim Jahangir Computer Systems Officer (Unix/Linux Administrator) Faculty of Built Environment Engineering Queensland University of Technology 2 George Street [GP Campus = S Block S913] BRISBANE QLD 4000 [EMAIL PROTECTED] Telephone: +61 7 3864 5018 Facsimile: +61 7 3864 9022 QUT Institution Code: CRICOS No. 00213J -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] sudo command over ssh - pasword echo
On Thu, 20 Apr 2006 10:02 am, Simon Wong wrote: I am wanting to do a command with sudo via ssh that requires a password but the problem is that when I enter the password it is echoed to the screen. ie ssh [EMAIL PROTECTED] sudo apt-get dist-upgrade password: PASSWORD-HERE Is there a way to stop this being echoed or a better way to do this? Add user to the sudo group on host and you wont be prompted for the user's password anymore (at least that's how it works on Ubuntu and RHEL). Alternatively, login and run the commands interactively (but given you're running commands directly from ssh, I'm assuming this is actually a script?). If you go with the sudo group idea, you may want to setup a special user (updater or something) that can only run specific commands like apt-get with sudo and even then, restrict the options that can be passed as well. HTH, James -- A fool and his money are soon popular. pgplLkJWMxnWt.pgp Description: PGP signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] sudo command over ssh - pasword echo
On Thu Apr 20, 2006 at 10:46:02 +1000, James Gray wrote: On Thu, 20 Apr 2006 10:02 am, Simon Wong wrote: I am wanting to do a command with sudo via ssh that requires a password but the problem is that when I enter the password it is echoed to the screen. ie ssh [EMAIL PROTECTED] sudo apt-get dist-upgrade password: PASSWORD-HERE Is there a way to stop this being echoed or a better way to do this? Add user to the sudo group on host and you wont be prompted for the user's password anymore (at least that's how it works on Ubuntu and RHEL). Alternatively, login and run the commands interactively (but given you're running commands directly from ssh, I'm assuming this is actually a script?). If you go with the sudo group idea, you may want to setup a special user (updater or something) that can only run specific commands like apt-get with sudo and even then, restrict the options that can be passed as well. Mmm, I missed the original, but what you want is: ssh [EMAIL PROTECTED] -t sudo .. The -t says allocate a TTY, which is what sudo needs to correctly read your password. (Of course if what you want is to not have to type a password at all, then James' suggestions are all good.) Cheers, Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Invalid credentials error code 49
Hi Does any one know wthat is the solution for the following error messages Ldap_bind: Invalid credentials [49]. Please give very specific solution. It is not just of password or dc is worng. Regards Muhammad Selim Jahangir Computer Systems Officer (Unix/Linux Administrator) Faculty of Built Environment Engineering Queensland University of Technology 2 George Street [GP Campus = S Block S913] BRISBANE QLD 4000 [EMAIL PROTECTED] Telephone: +61 7 3864 5018 Facsimile: +61 7 3864 9022 QUT Institution Code: CRICOS No. 00213J -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Ldap error
On Thu, 2006-04-20 at 10:15 +1000, Selim Jahangir wrote: Hi I am having to trouble to use ldapadd command , it always asks me “ldap_bind: invalid credentials [49]”. Any clear solution. I have googled so much but no solution yet. I'm having similar problems. I've installed slapd on Ubuntu but get this: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) slapd is definitely running. David. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] sudo command over ssh - pasword echo
On Thu, 2006-04-20 at 10:46 +1000, James Gray wrote: Add user to the sudo group on host and you wont be prompted for the user's password anymore (at least that's how it works on Ubuntu and RHEL). yeah, I was scared of doing that for the reason of giving blanket root sudo powers. Alternatively, login and run the commands interactively (but given you're running commands directly from ssh, I'm assuming this is actually a script?). yep, trying to script it :-) If you go with the sudo group idea, you may want to setup a special user (updater or something) that can only run specific commands like apt-get with sudo and even then, restrict the options that can be passed as well. Good idea, that sounds like the way to go but I expect that means setting up an SSH key with the specific command so that the updater user can login via SSH and do only that one thing. I want SSH logins restricted to a specified list via AllowUsers after a recent experience. Thanks. -- Simon Wong [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: Ldap error
On Thu, Apr 20, 2006 at 10:15:32AM +1000, Selim Jahangir wrote: Hi I am having to trouble to use ldapadd command , it always asks me ldap_bind: invalid credentials [49]. Add -x to the command line. You're not running SASL, and ldapadd assumes it by default. - Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Ldap error
This one time, at band camp, Selim Jahangir wrote: Hi I am having to trouble to use ldapadd command , it always asks me ldap_bind: invalid credentials [49]. So how are you calling ldapadd? It sounds like you have invalid credentials. Specifically, you need to set your bind DN correctly, and password if appropriate. Typically you might be using the rootdn and rootpw settings in /etc/openldap/slapd.conf. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] sudo command over ssh - pasword echo
On Thu, 2006-04-20 at 10:52 +1000, Benno wrote: ssh [EMAIL PROTECTED] -t sudo .. The -t says allocate a TTY, which is what sudo needs to correctly read your password. Thanks, I should have tried it before replying before. I see that stops the echoing, tah. -- Simon Wong [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Ldap error
This one time, at band camp, david wrote: I'm having similar problems. I've installed slapd on Ubuntu but get this: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) slapd is definitely running. Are you supposed to be using SASL to bind to the server, or do you want plain old boring binds (in which case you will want to add -x to your command line). -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] Ldap error
Hi david Have you used the switch -x , try with -x and see. Regards selim -Original Message- From: david [mailto:[EMAIL PROTECTED] Sent: Thursday, 20 April 2006 11:03 AM To: Selim Jahangir Cc: slug@slug.org.au Subject: Re: [SLUG] Ldap error On Thu, 2006-04-20 at 10:15 +1000, Selim Jahangir wrote: Hi I am having to trouble to use ldapadd command , it always asks me ldap_bind: invalid credentials [49]. Any clear solution. I have googled so much but no solution yet. I'm having similar problems. I've installed slapd on Ubuntu but get this: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) slapd is definitely running. David. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
This one time, at band camp, Selim Jahangir wrote: Hi Does any one know wthat is the solution for the following error messages Ldap_bind: Invalid credentials [49]. Please give very specific solution. It is not just of password or dc is worng. Waiting 45 minutes before asking your question again is pretty rude. If ldap_bind is telling you that you have invalid credentials, then your password or bind DN is wrong. Please throw us a bone if you'd like a more specific answer than that. Start with your complete ldapadd commandline and perhaps the full slapd.conf. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] sudo command over ssh - pasword echo
On Thu, 20 Apr 2006 11:17 am, Simon Wong wrote: On Thu, 2006-04-20 at 10:46 +1000, James Gray wrote: Add user to the sudo group on host and you wont be prompted for the user's password anymore (at least that's how it works on Ubuntu and RHEL). yeah, I was scared of doing that for the reason of giving blanket root sudo powers. Just because a user can sudo doesn't mean they can sudo anything. You *can* restrict users to only being able to sudo a very specific set of commands and then even restrict further to options passed to those commands. The updater user should probably only be able to apt-get update and apt-get -y upgrade. If you want to do a full dist-upgrade or remove/purge packages, that's probably best done manually so don't allow updater to run apt-get with remove. man sudo and man 5 sudoers are your friends here. Alternatively, login and run the commands interactively (but given you're running commands directly from ssh, I'm assuming this is actually a script?). yep, trying to script it :-) Bummer - not really an option then. If you go with the sudo group idea, you may want to setup a special user (updater or something) that can only run specific commands like apt-get with sudo and even then, restrict the options that can be passed as well. Good idea, that sounds like the way to go but I expect that means setting up an SSH key with the specific command so that the updater user can login via SSH and do only that one thing. I want SSH logins restricted to a specified list via AllowUsers after a recent experience. So use key-based login for the updater user. That way, even if someone knows the existence of the updater user it wont be of any use to them without the private key from the machine(s) YOU are using. I don't allow any password-based login for my publicly accessible SSH machines. That way I can not only restrict what users can log in but also WHERE they login from (ie, the machine that has the private key) without resorting to high-maintenance IP address lists, iptables etc. Double up the security: restrict allowed users AND use key-based auth. :) HTH, James -- Age and treachery will always overcome youth and skill. pgpe9qDEgoBKM.pgp Description: PGP signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] Invalid credentials error code 49
Hi Guys Here is my config details 1. /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database bdb suffix dc=example,dc=com rootdn cn=Manager,dc=example,dc=com # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. #rootpw secret rootpw {SSHA}airnU5gtmX+okEfQzseQsdXEx1QWpJ7/ directory /var/lib/ldap/example.com index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres 2. /etc/openldap/example.com.ldif dn: dc=example,dc=com dc: example description: ROOT LDAP Entry objectClass: dcObject objectClass: organizationalUnit ou: rootobject dn: ou=People, dc=example, dc=com ou=People description: All people on organisation objectClass: organizationalUnit I have used the following command [EMAIL PROTECTED] openldap]# ldapadd -x -D cn=Manager,dc=example,dc=com -W -f /etc/openldap/example.com.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) [EMAIL PROTECTED] openldap]# The password and dn both are correct. Wish a solution please. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jamie Wilkinson Sent: Thursday, 20 April 2006 11:38 AM To: slug@slug.org.au Subject: Re: [SLUG] Invalid credentials error code 49 This one time, at band camp, Selim Jahangir wrote: Hi Does any one know wthat is the solution for the following error messages Ldap_bind: Invalid credentials [49]. Please give very specific solution. It is not just of password or dc is worng. Waiting 45 minutes before asking your question again is pretty rude. If ldap_bind is telling you that you have invalid credentials, then your password or bind DN is wrong. Please throw us a bone if you'd like a more specific answer than that. Start with your complete ldapadd commandline and perhaps the full slapd.conf. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] sudo command over ssh - pasword echo
This one time, at band camp, James Gray wrote: So use key-based login for the updater user. That way, even if someone knows the existence of the updater user it wont be of any use to them without the private key from the machine(s) YOU are using. I don't allow any password-based login for my publicly accessible SSH machines. That way I can not only restrict what users can log in but also WHERE they login from (ie, the machine that has the private key) without resorting to high-maintenance IP address lists, iptables etc. Double up the security: restrict allowed users AND use key-based auth. :) Further to that, you can do some pretty neat (or unmaintainable :-) things with the authorized_keys file, e.g: from=*.example.org,environment=SNUH=bar,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command=/usr/sbin/sudo apt-get update ssh-dss = some comment about this key and then you can load a different key using ssh -i (IIRC) to change the behaviour of the machine at the other end when you log in :-) -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
This one time, at band camp, Selim Jahangir wrote: #rootpwsecret rootpw {SSHA}airnU5gtmX+okEfQzseQsdXEx1QWpJ7/ Did you restart slapd after changing the password? [EMAIL PROTECTED] openldap]# ldapadd -x -D cn=Manager,dc=example,dc=com -W -f /etc/openldap/example.com.ldif What's /etc/openldap/ldap.conf say that your default host is? (It's probably ldap:// but sometimes may be ldapi://) Enter LDAP Password: ldap_bind: Invalid credentials (49) Try adding loglevel 448 (which will turn on connection logging, access control list processing messages, and config file processing messages) and see what /var/log/ldap.log says happens when you try connecting. Oh, you'll probably want to add local4.* -/var/log/ldap.log to /etc/syslog.conf and restart that too, in order to get the logs. Alternatively you could restart slapd from the command line with debugging enabled like so: slapd -d 448 and then not have to worry about syslog. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] sudo command over ssh - pasword echo
On Thu, 2006-04-20 at 11:36 +1000, James Gray wrote: Just because a user can sudo doesn't mean they can sudo anything. You *can* restrict users to only being able to sudo a very specific set of commands and then even restrict further to options passed to those commands. Yeah I know, it's one of those mornings where a growing list of problems was making me avoid having to do more :-( yep, trying to script it :-) Bummer - not really an option then. well, I don't have a big problem doing some of this manually as long as I can streamline it a bit. I'd like to keep good control over what's happening with package updates especially. Double up the security: restrict allowed users AND use key-based auth. :) Agreed, I've learnt a bit about that the hard way recently :-( -- Simon Wong [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] sudo command over ssh - pasword echo
On Thu, 2006-04-20 at 11:48 +1000, Jamie Wilkinson wrote: Further to that, you can do some pretty neat (or unmaintainable :-) things with the authorized_keys file, e.g: from=*.example.org,environment=SNUH=bar,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command=/usr/sbin/sudo apt-get update ssh-dss = some comment about this key and then you can load a different key using ssh -i (IIRC) to change the behaviour of the machine at the other end when you log in :-) I like the idea of different keys for different commands, that could be very useful...thanks! -- Simon Wong [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: Ldap error
On 20/04/06 10:15 +1000, Selim Jahangir wrote: Hi I am having to trouble to use ldapadd command , it always asks me “ldap_bind: invalid credentials [49]”. Any clear solution. I have googled so much but no solution yet. I need more info before I can help. Show your command line. As many said, you need the -x option for simple binds. Have you used the -D option to specify the DN of the user who has authority to add entries? What about your existing entries? What is your configuration? What works and what doesn't? I can only make wild guesses about what you are doing, so if you let us know, we can help. My powers of ESP are very week. -- Nick Urbanik RHCE http://nicku.org[EMAIL PROTECTED] GPG: 7FFA CDC7+5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24 pgpy59L0ZiymB.pgp Description: PGP signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] Invalid credentials error code 49
Yeah I did restart after every change in slapd.conf. selim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jamie Wilkinson Sent: Thursday, 20 April 2006 11:56 AM To: slug@slug.org.au Subject: Re: [SLUG] Invalid credentials error code 49 This one time, at band camp, Selim Jahangir wrote: #rootpwsecret rootpw {SSHA}airnU5gtmX+okEfQzseQsdXEx1QWpJ7/ Did you restart slapd after changing the password? [EMAIL PROTECTED] openldap]# ldapadd -x -D cn=Manager,dc=example,dc=com -W -f /etc/openldap/example.com.ldif What's /etc/openldap/ldap.conf say that your default host is? (It's probably ldap:// but sometimes may be ldapi://) Enter LDAP Password: ldap_bind: Invalid credentials (49) Try adding loglevel 448 (which will turn on connection logging, access control list processing messages, and config file processing messages) and see what /var/log/ldap.log says happens when you try connecting. Oh, you'll probably want to add local4.* -/var/log/ldap.log to /etc/syslog.conf and restart that too, in order to get the logs. Alternatively you could restart slapd from the command line with debugging enabled like so: slapd -d 448 and then not have to worry about syslog. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Invalid credentials error code 49
I have found the following in the log file after typing the command, ldapadd -x -D cn=Manager, dc=example, dc=com -W -f /etc/openldap/example.com.ldif -selim Apr 20 12:10:42 s913lap slapd[12000]: conn=0 fd=12 ACCEPT from IP=131.181.33.28:58594 (IP=0.0.0.0:389) Apr 20 12:10:42 s913lap slapd[12000]: conn=0 op=0 BIND dn=cn=Manager,dc=example,dc=com method=128 Apr 20 12:10:42 s913lap slapd[12000]: conn=0 op=0 RESULT tag=97 err=49 text= Apr 20 12:10:42 s913lap slapd[12000]: conn=0 fd=12 closed (connection lost) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Selim Jahangir Sent: Thursday, 20 April 2006 12:07 PM To: Jamie Wilkinson; slug@slug.org.au Subject: RE: [SLUG] Invalid credentials error code 49 Yeah I did restart after every change in slapd.conf. selim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jamie Wilkinson Sent: Thursday, 20 April 2006 11:56 AM To: slug@slug.org.au Subject: Re: [SLUG] Invalid credentials error code 49 This one time, at band camp, Selim Jahangir wrote: #rootpwsecret rootpw {SSHA}airnU5gtmX+okEfQzseQsdXEx1QWpJ7/ Did you restart slapd after changing the password? [EMAIL PROTECTED] openldap]# ldapadd -x -D cn=Manager,dc=example,dc=com -W -f /etc/openldap/example.com.ldif What's /etc/openldap/ldap.conf say that your default host is? (It's probably ldap:// but sometimes may be ldapi://) Enter LDAP Password: ldap_bind: Invalid credentials (49) Try adding loglevel 448 (which will turn on connection logging, access control list processing messages, and config file processing messages) and see what /var/log/ldap.log says happens when you try connecting. Oh, you'll probably want to add local4.* -/var/log/ldap.log to /etc/syslog.conf and restart that too, in order to get the logs. Alternatively you could restart slapd from the command line with debugging enabled like so: slapd -d 448 and then not have to worry about syslog. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
Selim Jahangir wrote: Hi Guys Here is my config details 1. /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile/var/run/openldap/slapd.args databasebdb suffix dc=example,dc=com Are your LDAP Server and Client connected to the Internet ? If these are, then this is a problem. This is a problem because 'example.com' is a valid Intenet domain and your query goes out to the Internet and not to your LDAP server. If you do 'ping www.example.com' it is returning valid responses. Try changing your domain to say 'example.com.qld' instead of 'example.com'. Of course you may have to modify your Local DNS. Let us know how you go. Hope this helps. O Plameras -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] Invalid credentials error code 49
I got the following messages after typing slapd -d 255, What does it mean cn=config, I have cn=Manager in slapd.conf file backend_startup_one: starting cn=config backend_startup_one: starting dc=example,dc=com bdb_db_open: dc=example,dc=com bdb_db_open: dbenv_open(/var/lib/ldap/example.com) slapd starting daemon: added 4r daemon: added 7r daemon: added 8r daemon: select: listen=7 active_threads=0 tvp=NULL daemon: select: listen=8 active_threads=0 tvp=NULL -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Selim Jahangir Sent: Thursday, 20 April 2006 12:07 PM To: Jamie Wilkinson; slug@slug.org.au Subject: RE: [SLUG] Invalid credentials error code 49 Yeah I did restart after every change in slapd.conf. selim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jamie Wilkinson Sent: Thursday, 20 April 2006 11:56 AM To: slug@slug.org.au Subject: Re: [SLUG] Invalid credentials error code 49 This one time, at band camp, Selim Jahangir wrote: #rootpwsecret rootpw {SSHA}airnU5gtmX+okEfQzseQsdXEx1QWpJ7/ Did you restart slapd after changing the password? [EMAIL PROTECTED] openldap]# ldapadd -x -D cn=Manager,dc=example,dc=com -W -f /etc/openldap/example.com.ldif What's /etc/openldap/ldap.conf say that your default host is? (It's probably ldap:// but sometimes may be ldapi://) Enter LDAP Password: ldap_bind: Invalid credentials (49) Try adding loglevel 448 (which will turn on connection logging, access control list processing messages, and config file processing messages) and see what /var/log/ldap.log says happens when you try connecting. Oh, you'll probably want to add local4.* -/var/log/ldap.log to /etc/syslog.conf and restart that too, in order to get the logs. Alternatively you could restart slapd from the command line with debugging enabled like so: slapd -d 448 and then not have to worry about syslog. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
This one time, at band camp, Selim Jahangir wrote: I have found the following in the log file after typing the command, ldapadd -x -D cn=Manager, dc=example, dc=com -W -f /etc/openldap/example.com.ldif Wait, this isn't the same DN as you specified earlier, you've now got spaces in there. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
This one time, at band camp, O Plameras wrote: Are your LDAP Server and Client connected to the Internet ? If these are, then this is a problem. This is a problem because 'example.com' is a valid Intenet domain and your query goes out to the Internet and not to your LDAP server. If you do 'ping www.example.com' it is returning valid responses. Try changing your domain to say 'example.com.qld' instead of 'example.com'. Of course you may have to modify your Local DNS. This is so incredibly not the problem, Oscar. The bind DN and base DN have no relation to DNS except for namespacing. It is perfectly fine to use dc=example,dc=org as a DN during testing. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
Jamie Wilkinson wrote: This one time, at band camp, O Plameras wrote: Are your LDAP Server and Client connected to the Internet ? If these are, then this is a problem. This is a problem because 'example.com' is a valid Intenet domain and your query goes out to the Internet and not to your LDAP server. If you do 'ping www.example.com' it is returning valid responses. Try changing your domain to say 'example.com.qld' instead of 'example.com'. Of course you may have to modify your Local DNS. This is so incredibly not the problem, Oscar. The bind DN and base DN have no relation to DNS except for namespacing. It is perfectly fine to use dc=example,dc=org as a DN during testing. Let's wait for the outcome from the OP poster before you make any judgement. O Plameras P.S. I just reset my test network and I definitely got exactly the same error as the OP. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
This one time, at band camp, Selim Jahangir wrote: 1. /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile/var/run/openldap/slapd.args databasebdb suffix dc=example,dc=com rootdn cn=Manager,dc=example,dc=com # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. #rootpwsecret rootpw {SSHA}airnU5gtmX+okEfQzseQsdXEx1QWpJ7/ directory /var/lib/ldap/example.com index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShelleq,pres You don't actually have any ACLs defined to grant access. You might want to add something like this: # allow read access of root DSE access to dn= by * read # deny all other access access to * by * none # Allow users to authenticate/update their password. access to attrs=userPassword by anonymous auth by self write I'm just clutching at straws because you left some of the questions in my other mail unanswered. Finally, there's one other thing you could try: use the plain text rootpw setting and see if you can bind with the password 'secret'. Yes, it says to not use that in production but that doesn't yet appear to be a constraint on your configuration :-) -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] Invalid credentials error code 49
Yes My computer is connected with internet. But this is niot the case I guess because I had the same problem before in fc4 and I resolved it by commenting a line TLS_CACERT in /etc/openldap/ldap.conf file and it worked perfect. Ok I will change it to my.com and see how it goes. Regards selim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jamie Wilkinson Sent: Thursday, 20 April 2006 12:40 PM To: slug@slug.org.au Subject: Re: [SLUG] Invalid credentials error code 49 This one time, at band camp, O Plameras wrote: Are your LDAP Server and Client connected to the Internet ? If these are, then this is a problem. This is a problem because 'example.com' is a valid Intenet domain and your query goes out to the Internet and not to your LDAP server. If you do 'ping www.example.com' it is returning valid responses. Try changing your domain to say 'example.com.qld' instead of 'example.com'. Of course you may have to modify your Local DNS. This is so incredibly not the problem, Oscar. The bind DN and base DN have no relation to DNS except for namespacing. It is perfectly fine to use dc=example,dc=org as a DN during testing. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] Invalid credentials error code 49
Hi I have tried both , with space and without space selim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jamie Wilkinson Sent: Thursday, 20 April 2006 12:38 PM To: slug@slug.org.au Subject: Re: [SLUG] Invalid credentials error code 49 This one time, at band camp, Selim Jahangir wrote: I have found the following in the log file after typing the command, ldapadd -x -D cn=Manager, dc=example, dc=com -W -f /etc/openldap/example.com.ldif Wait, this isn't the same DN as you specified earlier, you've now got spaces in there. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
This one time, at band camp, O Plameras wrote: This is so incredibly not the problem, Oscar. The bind DN and base DN have no relation to DNS except for namespacing. It is perfectly fine to use dc=example,dc=org as a DN during testing. Let's wait for the outcome from the OP poster before you make any judgement. I made my judgement based on the facts presented by Selim. The appearance of dc=example,dc=org in the DN has no bearing on DNS or network. It is merely an identifier within the LDAP directory itself. I will not wait for outcome when I can see that your misdirections will only lead them to waste their time. O Plameras P.S. I just reset my test network and I definitely got exactly the same error as the OP. You *reset* your test network? Can you possibly be any more vague? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
Jamie Wilkinson wrote: This one time, at band camp, O Plameras wrote: This is so incredibly not the problem, Oscar. The bind DN and base DN have no relation to DNS except for namespacing. It is perfectly fine to use dc=example,dc=org as a DN during testing. Let's wait for the outcome from the OP poster before you make any judgement. I made my judgement based on the facts presented by Selim. The appearance of dc=example,dc=org in the DN has no bearing on DNS or network. It is merely an identifier within the LDAP directory itself. I will not wait for outcome when I can see that your misdirections will only lead them to waste their time. O Plameras P.S. I just reset my test network and I definitely got exactly the same error as the OP. You *reset* your test network? Can you possibly be any more vague? By reset my network, I did, 1. Change my domain to example.com 2. Change my to 'dc=example, dc=com' in LDAP Server and LDAP client. 3. Re-start my named by, # service named restart 4. Re-start my ldap by, #service ldap restart 4. Finally, do # ldapsearch -x etc. Hope this helps. O Plameras -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
On 4/20/06, O Plameras [EMAIL PROTECTED] wrote: Jamie Wilkinson wrote: I made my judgement based on the facts presented by Selim. The appearance of dc=example,dc=org in the DN has no bearing on DNS or network. It is merely an identifier within the LDAP directory itself. I will not wait for outcome when I can see that your misdirections will only lead them to waste their time. Jamie is right, the fact that Selim is using dc=example,dc=org is not the cause of the problem. As you can imagine, if there was any relation between the base DN and a real internet domain name, then the slapd.conf wouldn't include dc=example,dc=org as the default, they would make it dc=CHANGEME,dc=NOW and a big warning around it, don't you think? Selim: just for kicks, try generating a new password like: slappasswd -s foo and, obviously, paste it in the rootpw line, restart slapd and try to bind again. Any luck? Cheers, Gonzalo. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
Gonzalo Servat wrote: On 4/20/06, O Plameras [EMAIL PROTECTED] wrote: Jamie Wilkinson wrote: I made my judgement based on the facts presented by Selim. The appearance of dc=example,dc=org in the DN has no bearing on DNS or network. It is merely an identifier within the LDAP directory itself. I will not wait for outcome when I can see that your misdirections will only lead them to waste their time. Jamie is right, the fact that Selim is using dc=example,dc=org is not the cause of the problem. As you can imagine, if there was any relation between the base DN and a real internet domain name, then the slapd.conf wouldn't include dc=example,dc=org as the default, they would make it dc=CHANGEME,dc=NOW and a big warning around it, don't you think? So, how will you explain the fact that the setup which I have just illustrated generates exactly the same error as the OP ? O Plameras -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
Gonzalo Servat wrote: On 4/20/06, O Plameras [EMAIL PROTECTED] wrote: Jamie Wilkinson wrote: I made my judgement based on the facts presented by Selim. The appearance of dc=example,dc=org in the DN has no bearing on DNS or network. It is merely an identifier within the LDAP directory itself. I will not wait for outcome when I can see that your misdirections will only lead them to waste their time. Jamie is right, the fact that Selim is using dc=example,dc=org is not the cause of the problem. As you can imagine, if there was any relation between the base DN and a real internet domain name, then the slapd.conf wouldn't include dc=example,dc=org as the default, they would make it dc=CHANGEME,dc=NOW and a big warning around it, don't you think? In fact, OpenLDAP has NOW changed the default to to 'dc=my-domain, dc=com'. Selim: just for kicks, try generating a new password like: slappasswd -s foo and, obviously, paste it in the rootpw line, restart slapd and try to bind again. Any luck? Cheers, Gonzalo. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] Invalid credentials error code 49
Hey I have changed the password by typing following, still having invalid credentials 49. slappasswd -s foo rootpass [EMAIL PROTECTED] ~]# vi rootpass [EMAIL PROTECTED] ~]# cat rootpass/etc/openldap/slapd.conf [EMAIL PROTECTED] ~]# -selim -Original Message- From: O Plameras [mailto:[EMAIL PROTECTED] Sent: Thursday, 20 April 2006 12:28 PM To: Selim Jahangir Cc: slug@slug.org.au Subject: Re: [SLUG] Invalid credentials error code 49 Selim Jahangir wrote: Hi Guys Here is my config details 1. /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database bdb suffix dc=example,dc=com Are your LDAP Server and Client connected to the Internet ? If these are, then this is a problem. This is a problem because 'example.com' is a valid Intenet domain and your query goes out to the Internet and not to your LDAP server. If you do 'ping www.example.com' it is returning valid responses. Try changing your domain to say 'example.com.qld' instead of 'example.com'. Of course you may have to modify your Local DNS. Let us know how you go. Hope this helps. O Plameras -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
On 4/20/06, O Plameras [EMAIL PROTECTED] wrote: So, how will you explain the fact that the setup which I have just illustrated generates exactly the same error as the OP ? I can't explain something that you've done. What I *can* show you, to prove my point (and Jamies', while we're at it) is that the base dn has no relation to DNS whatsoever. See for yourself: (relevant parts from slapd.conf): suffix dc=slug,dc=org,dc=au rootdn cn=Manager,dc=slug,dc=org,dc=au # ldapsearch -x -W -D 'cn=Manager,dc=slug,dc=org,dc=au' Enter LDAP Password: # extended LDIF # # LDAPv3 etc ... To further prove my point, a tcpdump on port 53 revealed no activity when doing an ldapsearch or restarting LDAP, so I'm not sure at which point you seem to think some part of LDAP executes a DNS query to check the existance of the domain defined as the base DN. Cheers, Gonzalo. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
On 4/20/06, Selim Jahangir [EMAIL PROTECTED] wrote: Hey I have changed the password by typing following, still having invalid credentials 49. [..snip..] slappasswd -s foo rootpass [EMAIL PROTECTED] ~]# vi rootpass [EMAIL PROTECTED] ~]# cat rootpass/etc/openldap/slapd.conf [EMAIL PROTECTED] ~]# Selim, That's not right. You put the root password on it's own line in slapd.conf. Edit slapd.conf, remove the line which contains the password on it's own, edit the rootpw line and paste the password generated by slappasswd. Alternatively, if you really want to do it from command line, remove the rootpw line altogether then save slapd.conf, and type something like the following in: # echo -e 'rootpw\t\t' `slappasswd -s foo` /etc/openldap/slapd.conf service ldap restart Cheers, Gonzalo. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Warning impending flamewar (was: Re: [SLUG] Invalid credentials error code 49)
On Thu Apr 20, 2006 at 00:59:57 -0300, Gonzalo Servat wrote: On 4/20/06, O Plameras [EMAIL PROTECTED] wrote: So, how will you explain the fact that the setup which I have just illustrated generates exactly the same error as the OP ? I can't explain something that you've done. What I *can* show you, to prove my point (and Jamies', while we're at it) is that the base dn has no relation to DNS whatsoever. See for yourself: (relevant parts from slapd.conf): suffix dc=slug,dc=org,dc=au rootdn cn=Manager,dc=slug,dc=org,dc=au # ldapsearch -x -W -D 'cn=Manager,dc=slug,dc=org,dc=au' Enter LDAP Password: # extended LDIF # # LDAPv3 etc ... To further prove my point, a tcpdump on port 53 revealed no activity when doing an ldapsearch or restarting LDAP, so I'm not sure at which point you seem to think some part of LDAP executes a DNS query to check the existance of the domain defined as the base DN. I'd like to interrupt this currently scheduled thread to alert the list that this thread is about to become a *flamewar*. In the interests of not boring the entire list to death and scaring off a whole bunch of newbies, I implore those involved to please take any followups of list, or if you must just take it to slug-chat@ (and taking it to slug-chat@, doesn't mean CC-ing slug@ at the same time!). Thank you all for your time and understand, Cheers, Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: Warning impending flamewar (was: Re: [SLUG] Invalid credentials error code 49)
On 4/20/06, Asbestos Benno [EMAIL PROTECTED] wrote: I'd like to interrupt this currently scheduled thread to alert the list that this thread is about to become a *flamewar*. In the interests of not boring the entire list to death and scaring off a whole bunch of newbies, I implore those involved to please take any followups of list, or if you must just take it to slug-chat@ (and taking it to slug-chat@, doesn't mean CC-ing slug@ at the same time!). Thank you all for your time and understand, No worries Benno. I wasn't intending on replying any further as it will turn into a I prove this, and I prove that type discussion which can sometimes lead to interesting stuff, but I don't think it will be in this case. So end of thread. Cheers, Gonzalo. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
Gonzalo Servat wrote: On 4/20/06, O Plameras [EMAIL PROTECTED] wrote: So, how will you explain the fact that the setup which I have just illustrated generates exactly the same error as the OP ? I can't explain something that you've done. What I *can* show you, to prove my point (and Jamies', while we're at it) is that the base dn has no relation to DNS whatsoever. See for yourself: (relevant parts from slapd.conf): suffix dc=slug,dc=org,dc=au rootdn cn=Manager,dc=slug,dc=org,dc=au # ldapsearch -x -W -D 'cn=Manager,dc=slug,dc=org,dc=au' Enter LDAP Password: # extended LDIF # # LDAPv3 etc ... To further prove my point, a tcpdump on port 53 revealed no activity when doing an ldapsearch or restarting LDAP, so I'm not sure at which point you seem to think some part of LDAP executes a DNS query to check the existance of the domain defined as the base DN. When you do an 'LDAP QUERY' DNS is queried will be or will not be depending on how you configure your LDAP client. In the case of the original thread I am assuming the LDAP Server is coded as hostname in the Client. 1. Regardless as to how the client is configured it has to find the LDAP Server. There are two ways to do this, a. If the IP Address is hardcoded at the client side, and in this case there is no DNS query or b. If HOSTNAME(Not IP Address) is configured at the client side, and in this case DNS query must take place to find the LDAP Host. If you are not getting any DNS query then your LDAP client has IP Address hardcoded for your LDAP Server. O Plameras -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: Warning impending flamewar (was: Re: [SLUG] Invalid credentials error code 49)
On 4/20/06, Asbestos Benno [EMAIL PROTECTED] wrote: I'd like to interrupt this currently scheduled thread to alert the list that this thread is about to become a *flamewar*. In the interests of not boring the entire list to death and scaring off a whole bunch of newbies, I implore those involved to please take any followups of list, or if you must just take it to slug-chat@ (and taking it to slug-chat@, doesn't mean CC-ing slug@ at the same time!). Thank you all for your time and understand, What would be most useful is if the protagonists would append ***FLAMEWAR*** to the subject (or the listmaster otherwise does it) so that we can then use mail filtering rules to consign the conflagration to the bitbucket where it belongs. Thanking you in anticipation, David Ext 22707 NOTICE This e-mail and any attachments are intended for the addressee(s) only and may be confidential. They may contain legally privileged or copyright material. You should not read, copy, use or disclose them without authorisation. If you are not the intended recipient please contact the sender as soon as possible by return e-mail and then please delete both messages. This notice should not be removed. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] Invalid credentials error code 49
Hi I have actually added the password just beside Rootpw keyword. In my email the writing may be incorrect. -selim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gonzalo Servat Sent: Thursday, 20 April 2006 2:05 PM To: slug@slug.org.au Subject: Re: [SLUG] Invalid credentials error code 49 On 4/20/06, Selim Jahangir [EMAIL PROTECTED] wrote: Hey I have changed the password by typing following, still having invalid credentials 49. [..snip..] slappasswd -s foo rootpass [EMAIL PROTECTED] ~]# vi rootpass [EMAIL PROTECTED] ~]# cat rootpass/etc/openldap/slapd.conf [EMAIL PROTECTED] ~]# Selim, That's not right. You put the root password on it's own line in slapd.conf. Edit slapd.conf, remove the line which contains the password on it's own, edit the rootpw line and paste the password generated by slappasswd. Alternatively, if you really want to do it from command line, remove the rootpw line altogether then save slapd.conf, and type something like the following in: # echo -e 'rootpw\t\t' `slappasswd -s foo` /etc/openldap/slapd.conf service ldap restart Cheers, Gonzalo. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] Invalid credentials error code 49
Dear Gonzalo Thank you so much. You have done the great work. Actually your command # echo -e 'rootpw\t\t' `slappasswd -s foo` /etc/openldap/slapd.conf Solved the problem. I have understood that the password I generated using slappasswd -s foo /etc/rootpass and then cat it to /etc/openldap/slapd.conf did not work because it adds some extra character , I realized now. Thanks again Wish you all the best Cheers selim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gonzalo Servat Sent: Thursday, 20 April 2006 2:05 PM To: slug@slug.org.au Subject: Re: [SLUG] Invalid credentials error code 49 On 4/20/06, Selim Jahangir [EMAIL PROTECTED] wrote: Hey I have changed the password by typing following, still having invalid credentials 49. [..snip..] slappasswd -s foo rootpass [EMAIL PROTECTED] ~]# vi rootpass [EMAIL PROTECTED] ~]# cat rootpass/etc/openldap/slapd.conf [EMAIL PROTECTED] ~]# Selim, That's not right. You put the root password on it's own line in slapd.conf. Edit slapd.conf, remove the line which contains the password on it's own, edit the rootpw line and paste the password generated by slappasswd. Alternatively, if you really want to do it from command line, remove the rootpw line altogether then save slapd.conf, and type something like the following in: # echo -e 'rootpw\t\t' `slappasswd -s foo` /etc/openldap/slapd.conf service ldap restart Cheers, Gonzalo. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Moving multiple files....
On 17 Apr 2006, Benno [EMAIL PROTECTED] wrote: If you are using zsh, it has a neat feature where you can glob down multiple directories. E.g: mv /photos/**/*.jpg /newphotos Will match all .jpg files under photos. But you will end up with all those jpgs in the one directory which is probably not what you want. Another problem is that you can only have so many arguments on the command line, and if your photo collection is large that won't work. A related neat zsh trick is for i in *.JPG; do mv -v $i ${i:l}; done to squash everything to lowercase, which can be nice when they're coming from a flash card onto Unix. -- Martin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Invalid credentials error code 49
On 4/20/06, Selim Jahangir [EMAIL PROTECTED] wrote: Dear Gonzalo Thank you so much. You have done the great work. Actually your command # echo -e 'rootpw\t\t' `slappasswd -s foo` /etc/openldap/slapd.conf Solved the problem. I have understood that the password I generated using slappasswd -s foo /etc/rootpass and then cat it to /etc/openldap/slapd.conf did not work because it adds some extra character , I realized now. You're welcome. Glad to hear it works now. Cheers, Gonzalo. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html