I am new to this site. Please help me with a query on openldap search.
I dont want to provide info like "base dc=example, dc=com" in ldap.conf. I want to give only host and port info in ldap.conf
Can we make openldap client to search from root of the directory tree?
If I dont add any line for "base" in ldap.conf, and search for a valid user, the Active server gives search response as "no such object"
Is there some other way to acieve always search from root, without filling explicitly "base dc=xxx, dc=yyy" in ldap.conf on client side?
Bad luck, you have to provide the base.
I don't understand your objection to a one line entry in a configuration file.
Related
There is a (linux) directory like below:
/a/b/c/d
which is accessible from multiple machines (NFS)
Now, the owner of everything in that directory is dir_owner.
However, someone/ something who/ which can sudo as dir_owner is changing the permissions of directory d to 777 and then writing to that location as a different user. This different user is always the same user, say, unauthorised_user.
I was hoping to track what is causing this. Could someone please help me out on this? Let me know if any more information is required.
you can use the stat command, which is used for viewing file or file system status.
More information and parameters for stat on the following webpage.
https://ss64.com/bash/stat.html
Another command is auditd, which should be able to be configured writing audit records to the disk, more information at the following webpage,
https://man7.org/linux/man-pages/man8/auditd.8.html
temp:=#DbLookup("Notes":"NoCache";"ARRoW/SSS":"sss/sssProj.nsf";"(Lookup for Community)";"State of Maine";2);
temp1:=#DbLookup("Notes":"NoCache";"ARRoW/SSS":"sss/sssProj.nsf";"(Lookup for Community)";"State of Maine";3);
temp2:=#DbLookup("Notes":"NoCache";"ARRoW/SSS":"sss/sssProj.nsf";"(Lookup for Community POC)";"State of Maine";4);
#If(#IsError(temp)|#IsError(temp1)|#IsError(temp2);"Error";temp + " " + temp1 + " " + temp2)
Hi this works on Lotus Notes Client but doesn't work on web Any help is welcome thanks in advance!
There are typically three types of root causes for something like this.
One type of problem is server trust. This only applies if there are two servers involved. I.e., the web server is ServerX/SSS and the code is trying to access ARRoW/SSS. You need to review ARRoW/SSS's server document and check whether "ServerX/SSS" is listed in the field for "Trusted servers". (Also note that if this is a really, really old version of Domino - before version 6 if I recall correctly - then the trusted servers feature is not there and you cannot make cross-server calls to #DbLookup in web code.)
The second type of problem is that the server where the code is running can not resolve the name of the server where the database lives. The code is accessing server ARRoW/SSS, but you haven't said whether ARRoW/SSS is the actual web server, so let's look at both cases.
Assuming that it is all happening on one server, there can still be a name resolution problem because of the way the formula is coded. Try specifying "":"sss/sssProj.nsf" instead of "ARRoW/SSS":"sss/sssProj.nsf". If that fixes your problem, great! But it means that you still have a problem either in your server document or with the DNS configuration on your Domino server and you should address that. You should probably continue with the troubleshooting that I give in the next paragraph. Just bear in mind that everything I say there is true even if ServerX/SSS is really the same as Arrow/SSS.
If the code is running on web server ServerX/SSS, then you need to make sure that ServerX can connect to ARRoW/SSS. The easiest way to do this is to bring up the console for ServerX and enter the command 'trace ARRoW/SSS'. If it fails, check the server documents and/or connection documents for correct IP addresses or host names, and open a command window on the server and try a ping using the exact information in the server documents. If it fails, you have a networking issue. One of the underlying causes I've seen for a problem like this is that there is no connection document (because the servers are in the same named network, but neither the IP address nor the fully-qualified host name is entered in the networks table in the server document, so Domino just asks DNS to resolve the common name 'ARRow' - but the DNS configuration on the web server does not include a default search path so the name is not resolved. But you need to check everything until you can get a 'trace' command to succeed.
The third type of problem is Access Control. This is a broad category that comes down to the fact that the identity that the code is running under either does not have access to the server ARRoW/SSS, the database sss/sssProj.nsf, the view (Lookup for Community)" or the document(s) with the key "State of Maine". There are a lot of things to check. If the code is running in a field formula, the identity is that of the user, and if the same user does not get the error through the web client then you need to look at the database properties for sss/sssProj.nsf and check the maximum web access level. If the code is running as an agent, you need to check the agent properties to determine what identity the agent is running under, and then review everything: the security settings in the server document, the database ACL, restrictions on the view, and reader names fields in the documents.
Currently I'm working on a web project (Classic Asp) and I'm going to make an upload form.
Folklore says:
"Don't use the real name to save the uploaded files"
.
What are the problems, dangers, from the security point of view ?
Proper directory permissions should stop most of this stuff but I suppose for file names a potential danger is that they could name it something like "../Default.asp" or "../Malware.asp" or some other malicious path attempting to overwrite files and/or have an executable script on your server.
If I'm using a single upload folder, I always save my users uploads with a GUID file name just because users aren't very original and you get name conflicts very often otherwise.
I'm trying to get the current IIS application name in my ColdFusion scripts but I have no idea where to get this information. I want to use the app name to communicate with IIS using cfexecute by running appcmd.exe.
<cfexecute name="c:\windows\system32\inetsrv\APPCMD" arguments="add site /name:#arguments.sitename# /bindings:""http/*:80:#arguments.binding#"" /physicalPath:""#arguments.physicalPath#""" timeout="60"></cfexecute>
The problem is that I can't be sure what the app name is. I could save it somewhere in a db but i'd really like to get it dynamically so the script can run without configuring the appname. If I could be able to fetch it from somewhere (or maybe based on the current hostheader) I could dynamically fill
/name:#arguments.sitename#
I've tried to search how to do this by using PHP and JSP examples, but so far, i haven't been able to find any method on getting the app name.
Following on from #Miguel-F's link (http://www.iis.net/learn/get-started/planning-your-iis-architecture/iis-7-and-iis-8-configuration-reference) in the comments above, there's a file in %windir%\system32\inetsrv\config\ called applicationHost.config that you could read in - this file contains the collection of sites that's configured in IIS. Is that the sort of thing you're after?
I need to develop a site on Drupal 7. I have some content types with File fields in CCK. And access to nodes of these types should be granted only to specific Drupal user role. And at any moment site administrator should be able to make these Nodes 'public' or 'private'.
I can make nodes visible only to specific user roles, but this is not secure enough. If anonymous user knows the path to file ( www.mysite.org/hidden_files/file1 ), he can download it.
What is the most elegant way to solve this problem?
Thanks in advance.
Check out this documentation here: http://drupal.org/documentation/modules/file
Specifically, the section titled "Managing file locations and access" which talks about setting up a private data store (all supported by Drupal 7, it just needs to be configured).
To paraphrase, create a folder such as:
sites/default/files/private
Put a .htaccess file in that folder with the following to prevent direct access to the files via the web:
Deny from all
(the documentation claims that the following step does the above steps automatically, I haven't tested that unfortunately but you may be able to save some time if you skip the above two steps)
Log into Drupal's admin interface, go to /admin/config/media/file-system, configure the private URL and select Private Files Served by Drupal as the default download method.
In order to define the fine-grained access to nodes and fields, you can use Content Access: http://drupal.org/project/content_access
You will also need to edit your content types and set the file / image upload fields to save the uploaded files into Private Files instead of Public Files.
At this point, the node and field level permissions will determine whether or not users are allowed to access the files which will be served through menu hooks that verify credentials before serving the file.
Hope this helps.