myvd-user Mailing List for MyVD Virtual Directory
Status: Beta
Brought to you by:
bigman921
You can subscribe to this list here.
2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(8) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2008 |
Jan
(23) |
Feb
(9) |
Mar
(3) |
Apr
(1) |
May
(8) |
Jun
(7) |
Jul
(7) |
Aug
(1) |
Sep
(35) |
Oct
|
Nov
(8) |
Dec
(1) |
2009 |
Jan
(9) |
Feb
|
Mar
|
Apr
(3) |
May
(5) |
Jun
|
Jul
|
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(2) |
Dec
|
2010 |
Jan
(4) |
Feb
(1) |
Mar
|
Apr
(7) |
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
2011 |
Jan
|
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(22) |
Nov
|
Dec
(2) |
2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
|
2014 |
Jan
(8) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(5) |
Aug
|
Sep
|
Oct
(21) |
Nov
(11) |
Dec
(1) |
2015 |
Jan
|
Feb
|
Mar
(15) |
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
|
2016 |
Jan
|
Feb
(7) |
Mar
(7) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(3) |
Nov
(2) |
Dec
|
From: Marc B. <mar...@tr...> - 2016-11-25 02:13:21
|
All possible. MyVD has moved to GitHub https://github.com/tremolosecurity/myvirtualdirectory so please open an issue there and we'll be happy to help you out. Marc Boorshtein CTO Tremolo Security mar...@tr... (703) 828-4902 Twitter - @mlbiam / @tremolosecurity On Thu, Nov 24, 2016 at 8:16 PM, Patrick Pogscheba <pat...@hs...> wrote: > Hello, > > i want to build a virtual directory with following basics: > > - readonly enterprise server (AD) -> dir.ad > > - LDAP for groups(ofNames) and users. -> dir.ldap > > - users from dir.ad can be added to groups in dir.ldap > > - working memberof-Attribute > > - like translucent proxy in openldap, memberof for dir.ad is saved in > local (or additional direcotry/DB). When a member is added to a group, the > memberof attribute is added to the user (but in seperate directory)... Is > this possible with joins ? > > > What do i need to build this, is it possible (i.e. the memberof-attribute) ? > > I've tested several things (joins, mappings, etc), but i couldn't get the > memberof working... > > i don't think i did understood everything around joins ;) > > > If someone can take me to the right direction i would be very happy ... > > > Thank you > > > Patrick > > > -- > > Dipl.-Ing.(FH) Patrick Pogscheba, MSc. > > Hochschule Düsseldorf > University of Applied Sciences > > Fachbereich Medien - Faculty of Media > Mixed Reality and Visualization (MIREVI) > Web Technologies, Mobile Computing & Ambient Assisted Living (AAL) > > phone (office): (+49) 211 4351 3452 > email: pat...@hs... > > Münsterstraße 156 > Raum 04.2.008 > 40476 Düsseldorf > Deutschland / Germany > > ------------------------------------------------------------------------------ > > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > |
From: Patrick P. <pat...@hs...> - 2016-11-25 01:29:01
|
Hello, i want to build a virtual directory with following basics: - readonly enterprise server (AD) -> dir.ad - LDAP for groups(ofNames) and users. -> dir.ldap - users from dir.ad can be added to groups in dir.ldap - working memberof-Attribute - like translucent proxy in openldap, memberof for dir.ad is saved in local (or additional direcotry/DB). When a member is added to a group, the memberof attribute is added to the user (but in seperate directory)... Is this possible with joins ? What do i need to build this, is it possible (i.e. the memberof-attribute) ? I've tested several things (joins, mappings, etc), but i couldn't get the memberof working... i don't think i did understood everything around joins ;) If someone can take me to the right direction i would be very happy ... Thank you Patrick -- Dipl.-Ing.(FH) *Patrick Pogscheba*, MSc. *Hochschule Düsseldorf* University of Applied Sciences *Fachbereich Medien - Faculty of Media <http://www.medien.hs-duesseldorf.de/>* Mixed Reality and Visualization (MIREVI) Web Technologies, Mobile Computing & Ambient Assisted Living (AAL) phone (office): (+49) 211 4351 3452 email: pat...@hs... <mailto:pat...@hs...> Münsterstraße 156 Raum 04.2.008 40476 Düsseldorf Deutschland / Germany |
From: Marc B. <mar...@tr...> - 2016-10-11 02:09:50
|
Should work on Windows. We have moved over to github at https://github.com/TremoloSecurity/MyVirtualDirectory If it would t start with the vbs file open a ticket and we'll take a look. Marc Boorshtein CTO, Tremolo Security, Inc On Oct 10, 2016 9:43 PM, "Das, Renjith" <Ren...@di...> wrote: > Hello All > > > > Is MyVD supported on Windows 2008 R2? What are the prerequisites to get > it running? I installed the windows binary and executed myvd.vbs, all it > does is open up a command prompt with these : > > > > > > C:\temp\myVD\myvd-server-0.9.4.12\bin>java -classpath > "c:\temp\myvd\myvd-server-0.9.4.12\lib\antlr-2.7.7.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\apacheds-service-2.0.0- > m15.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\backport- > util-concurrent-2.2.jar;c:\temp\myvd\myvd-server-0.9.4. > 12\lib\bcprov-ext-jdk15on-1.50.jar;c:\temp\myvd\myvd- > server-0.9.4.12\lib\bcprov-jdk15on-1.50.jar;c:\temp\myvd\ > myvd-server-0.9.4.12\lib\commons-cli-1.2.jar;c:\temp\ > myvd\myvd-server-0.9.4.12\lib\commons-codec-1.2.jar;c:\temp\ > myvd\myvd-server-0.9.4.12\lib\commons-collections-3.2.1.jar; > c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-daemon-1.0. > 15.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons- > dbcp-1.2.1.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\ > commons-httpclient-3.1.jar;c:\temp\myvd\myvd-server-0.9.4. > 12\lib\commons-io-2.4.jar;c:\temp\myvd\myvd-server-0.9.4. > 12\lib\commons-lang-2.6.jar;c:\temp\myvd\myvd-server-0.9.4. > 12\lib\commons-logging-1.0.4.jar;c:\temp\myvd\myvd-server- > 0.9.4.12\lib\commons-logging-api-1.0.4.jar;c:\temp\myvd\ > myvd-server-0.9.4.12\lib\commons-net-3.3.jar;c:\temp\ > myvd\myvd-server-0.9.4.12\lib\commons-pool-1.6.jar;c:\temp\ > myvd\myvd-server-0.9.4.12\lib\ehcache-core-2.4.4.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\jcifs-1.2.6.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\jdbcldap-1.0.0.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\jldap-1.0.0.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\log4j-1.2.17.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\myvd-server-0.99.jar;c: > \temp\myvd\myvd-server-0.9.4.12\lib\slf4j-api-1.7.5.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\slf4j-log4j12-1.7.5. > jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\xercesimpl-2.0.2. > jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\xml-apis-1.0.b2. > jar;C:\temp\myVD\myvd-server-0.9.4.12\jar\myvd.jar" > -Djavax.net.ssl.trustStore="C:\temp\myVD\myvd-server-0.9.4.12\conf\myvd-server.ks" > -Dderby.system.home="C:\temp\myVD\myvd-server-0.9.4.12\derbyHome" > net.sourceforge.myvd.server.Server "C:\temp\myVD\myvd-server-0.9. > 4.12\conf\myvd.conf" > > > > > > Is there a diff procedure to install the MyVD on Windows? I am looking for > a Virtual directory so that few of my application which do not support > multiple LDAP server can be extended to additional AD Forests. > > > > > > Regards > > Renjith > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > > |
From: Marc B. <mar...@tr...> - 2016-10-11 02:00:29
|
Should work on Windows. We have moved over to github at https://github.com/ <https://github.com/TremoloSecurity/MyVirtualDirectory>TremoloSecurity <https://github.com/TremoloSecurity/MyVirtualDirectory>/ <https://github.com/TremoloSecurity/MyVirtualDirectory>MyVirtualDirectory <https://github.com/TremoloSecurity/MyVirtualDirectory> If it would t start with the vbs file open a ticket and we'll take a look. Marc Boorshtein CTO, Tremolo Security, Inc. On Oct 10, 2016 9:43 PM, "Das, Renjith" <Ren...@di...> wrote: > Hello All > > > > Is MyVD supported on Windows 2008 R2? What are the prerequisites to get > it running? I installed the windows binary and executed myvd.vbs, all it > does is open up a command prompt with these : > > > > > > C:\temp\myVD\myvd-server-0.9.4.12\bin>java -classpath > "c:\temp\myvd\myvd-server-0.9.4.12\lib\antlr-2.7.7.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\apacheds-service-2.0.0- > m15.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\backport- > util-concurrent-2.2.jar;c:\temp\myvd\myvd-server-0.9.4. > 12\lib\bcprov-ext-jdk15on-1.50.jar;c:\temp\myvd\myvd- > server-0.9.4.12\lib\bcprov-jdk15on-1.50.jar;c:\temp\myvd\ > myvd-server-0.9.4.12\lib\commons-cli-1.2.jar;c:\temp\ > myvd\myvd-server-0.9.4.12\lib\commons-codec-1.2.jar;c:\temp\ > myvd\myvd-server-0.9.4.12\lib\commons-collections-3.2.1.jar; > c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-daemon-1.0. > 15.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons- > dbcp-1.2.1.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\ > commons-httpclient-3.1.jar;c:\temp\myvd\myvd-server-0.9.4. > 12\lib\commons-io-2.4.jar;c:\temp\myvd\myvd-server-0.9.4. > 12\lib\commons-lang-2.6.jar;c:\temp\myvd\myvd-server-0.9.4. > 12\lib\commons-logging-1.0.4.jar;c:\temp\myvd\myvd-server- > 0.9.4.12\lib\commons-logging-api-1.0.4.jar;c:\temp\myvd\ > myvd-server-0.9.4.12\lib\commons-net-3.3.jar;c:\temp\ > myvd\myvd-server-0.9.4.12\lib\commons-pool-1.6.jar;c:\temp\ > myvd\myvd-server-0.9.4.12\lib\ehcache-core-2.4.4.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\jcifs-1.2.6.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\jdbcldap-1.0.0.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\jldap-1.0.0.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\log4j-1.2.17.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\myvd-server-0.99.jar;c: > \temp\myvd\myvd-server-0.9.4.12\lib\slf4j-api-1.7.5.jar;c:\ > temp\myvd\myvd-server-0.9.4.12\lib\slf4j-log4j12-1.7.5. > jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\xercesimpl-2.0.2. > jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\xml-apis-1.0.b2. > jar;C:\temp\myVD\myvd-server-0.9.4.12\jar\myvd.jar" > -Djavax.net.ssl.trustStore="C:\temp\myVD\myvd-server-0.9.4.12\conf\myvd-server.ks" > -Dderby.system.home="C:\temp\myVD\myvd-server-0.9.4.12\derbyHome" > net.sourceforge.myvd.server.Server "C:\temp\myVD\myvd-server-0.9. > 4.12\conf\myvd.conf" > > > > > > Is there a diff procedure to install the MyVD on Windows? I am looking for > a Virtual directory so that few of my application which do not support > multiple LDAP server can be extended to additional AD Forests. > > > > > > Regards > > Renjith > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > > |
From: Das, R. <Ren...@di...> - 2016-10-10 09:51:49
|
Hello All Is MyVD supported on Windows 2008 R2? What are the prerequisites to get it running? I installed the windows binary and executed myvd.vbs, all it does is open up a command prompt with these : C:\temp\myVD\myvd-server-0.9.4.12\bin>java -classpath "c:\temp\myvd\myvd-server-0.9.4.12\lib\antlr-2.7.7.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\apacheds-service-2.0.0-m15.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\backport-util-concurrent-2.2.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\bcprov-ext-jdk15on-1.50.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\bcprov-jdk15on-1.50.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-cli-1.2.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-codec-1.2.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-collections-3.2.1.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-daemon-1.0.15.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-dbcp-1.2.1.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-httpclient-3.1.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-io-2.4.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-lang-2.6.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-logging-1.0.4.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-logging-api-1.0.4.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-net-3.3.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\commons-pool-1.6.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\ehcache-core-2.4.4.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\jcifs-1.2.6.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\jdbcldap-1.0.0.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\jldap-1.0.0.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\log4j-1.2.17.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\myvd-server-0.99.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\slf4j-api-1.7.5.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\slf4j-log4j12-1.7.5.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\xercesimpl-2.0.2.jar;c:\temp\myvd\myvd-server-0.9.4.12\lib\xml-apis-1.0.b2.jar;C:\temp\myVD\myvd-server-0.9.4.12\jar\myvd.jar" -Djavax.net.ssl.trustStore="C:\temp\myVD\myvd-server-0.9.4.12\conf\myvd-server.ks" -Dderby.system.home="C:\temp\myVD\myvd-server-0.9.4.12\derbyHome" net.sourceforge.myvd.server.Server "C:\temp\myVD\myvd-server-0.9.4.12\conf\myvd.conf" Is there a diff procedure to install the MyVD on Windows? I am looking for a Virtual directory so that few of my application which do not support multiple LDAP server can be extended to additional AD Forests. Regards Renjith |
From: Marc B. <mar...@tr...> - 2016-03-10 14:03:15
|
Sorry about that. What's your myvd listener config look like? Marc Boorshtein CTO Tremolo Security mar...@tr... (703) 828-4902 On Wed, Mar 9, 2016 at 1:08 PM, Ritesh Gupta <rit...@ha...> wrote: > Hi Marc, > > Did you get a chance to look into this? > > Regards, > Ritesh > > > From: Ritesh Gupta > Date: Friday, 4 March 2016 8:23 pm > > To: "myv...@li..." > Subject: Re: [Myvd-user] MyVD SSL support > > It does with the following output > > CONNECTED(00000003) > > depth=0 /C=IN/ST=ka/L=bangalore/O=mycompany/OU=pes/CN=localhost > > verify error:num=18:self signed certificate > > verify return:1 > > depth=0 /C=IN/ST=ka/L=bangalore/O=mycompany/OU=pes/CN=localhost > > verify return:1 > > > > > From: Marc Boorshtein > Reply-To: "myv...@li..." > Date: Friday, 4 March 2016 7:46 pm > To: "myv...@li..." > Subject: Re: [Myvd-user] MyVD SSL support > > Sorry, I didn't look closely enough at the error. It looks like MyVD > is presenting a request for a certificate to the client? What happens > when you run '$ openssl s_client -connect 'host:port'' against myvd? > Does a list of "Allowed Names" come back? > Marc Boorshtein > CTO Tremolo Security > mar...@tr... > (703) 828-4902 > > > On Thu, Mar 3, 2016 at 11:48 PM, Ritesh Gupta > <rit...@ha...> wrote: > > Hi Marc, > > I got it. As you said, I configured both myvd.sh and myvd.conf with the > keystore. Like this: > > myvd.sh > > server.secure.listener.port=10636 > mserver.secure.keystore=/myvd/key/keystore.jks > server.secure.keypass=xxxxxx > > > myvd.conf > > export MYVD_CMD="$JAVA_CMD -Djavax.net.ssl.trustStore=/myvd/key/keystore.jks > -server net.sourceforge.myvd.server.Server $MYVD_HOME/conf/myvd.conf" > > However, I still see the error. > > [2016-03-04 10:06:03,196][pool-15-thread-3] WARN MyVDInterceptor - Could > not get TLS information > > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > > at > sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:482) > > at > net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:192) > > at > net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:178) > > at > net.sourceforge.myvd.server.apacheds.MyVDInterceptor.search(MyVDInterceptor.java:762) > > at > org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1345) > > at > org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1094) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:815) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1154) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:206) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:92) > > at > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207) > > at > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) > > at > org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) > > at > org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) > > at > org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) > > at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) > > at > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474) > > at > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428) > > at java.lang.Thread.run(Thread.java:745) > > > Am I doing anything wrong? > > > Regards, > Ritesh > > > From: Marc Boorshtein > Reply-To: "myv...@li..." > Date: Wednesday, 2 March 2016 1:35 am > To: "myv...@li..." > Subject: Re: [Myvd-user] MyVD SSL support > > Ritesh, > > Sorry for the confusion. The keystore configuration is used to tell MyVD > where to find the private key/certificate pair to use when listening on > LDAPS. It doesn't tell java what remote certificates to trust (usually > referred to as a trust store). The two ways you can do this are to either > import the certificate into the cacerts keystore in JRE_HOME/lib/security > (not generally a good idea as this changes when a new JRE is installed) or > change bin/myvd.sh (line 40) to go from: > > -Djavax.net.ssl.trustStore=$MYVD_HOME/conf/myvd-server.ks > > to > > -Djavax.net.ssl.trustStore=/path/to/my/keystore.jks > > Thanks > > > Marc Boorshtein > CTO Tremolo Security > mar...@tr... > (703) 828-4902 > > On Mon, Feb 29, 2016 at 7:13 PM, Ritesh Gupta > <rit...@ha...> wrote: > > > Sorry, I didn't quite understand. > > On Feb 29, 2016 11:14 PM, Marc Boorshtein > <mar...@tr...> wrote: > > > No, I have provided my keystore in myvd.conf as following: > > server.secure.keystore=/myvd/key/keystore.jks > server.secure.keypass=xxxxxx > > I commented the javax.net.ssl.truststore in myvd.sh startup script. > > > I would add it in, I don't think we're over taking the trust store. The > keystore is for telling MyVD what certificate/keypair to use for the TLS > listener, not as a trust store. > ________________________________ > Happiest Minds Disclaimer > > This message is for the sole use of the intended recipient(s) and may > contain confidential, proprietary or legally privileged information. Any > unauthorized review, use, disclosure or distribution is prohibited. If you > are not the original intended recipient of the message, please contact the > sender by reply email and destroy all copies of the original message. > > Happiest Minds Technologies > > ________________________________ > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > > > ________________________________ > Happiest Minds Disclaimer > > This message is for the sole use of the intended recipient(s) and may > contain confidential, proprietary or legally privileged information. Any > unauthorized review, use, disclosure or distribution is prohibited. If you > are not the original intended recipient of the message, please contact the > sender by reply email and destroy all copies of the original message. > > Happiest Minds Technologies > > ________________________________ > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > > ________________________________ > Happiest Minds Disclaimer > > This message is for the sole use of the intended recipient(s) and may > contain confidential, proprietary or legally privileged information. Any > unauthorized review, use, disclosure or distribution is prohibited. If you > are not the original intended recipient of the message, please contact the > sender by reply email and destroy all copies of the original message. > > Happiest Minds Technologies > > ________________________________ > > ------------------------------------------------------------------------------ > Transform Data into Opportunity. > Accelerate data analysis in your applications with > Intel Data Analytics Acceleration Library. > Click to learn more. > http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140 > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > |
From: Ritesh G. <rit...@ha...> - 2016-03-09 18:08:33
|
Hi Marc, Did you get a chance to look into this? Regards, Ritesh From: Ritesh Gupta Date: Friday, 4 March 2016 8:23 pm To: "myv...@li...<mailto:myv...@li...>" Subject: Re: [Myvd-user] MyVD SSL support It does with the following output CONNECTED(00000003) depth=0 /C=IN/ST=ka/L=bangalore/O=mycompany/OU=pes/CN=localhost verify error:num=18:self signed certificate verify return:1 depth=0 /C=IN/ST=ka/L=bangalore/O=mycompany/OU=pes/CN=localhost verify return:1 From: Marc Boorshtein Reply-To: "myv...@li...<mailto:myv...@li...>" Date: Friday, 4 March 2016 7:46 pm To: "myv...@li...<mailto:myv...@li...>" Subject: Re: [Myvd-user] MyVD SSL support Sorry, I didn't look closely enough at the error. It looks like MyVD is presenting a request for a certificate to the client? What happens when you run '$ openssl s_client -connect 'host:port'' against myvd? Does a list of "Allowed Names" come back? Marc Boorshtein CTO Tremolo Security mar...@tr...<mailto:mar...@tr...> (703) 828-4902 On Thu, Mar 3, 2016 at 11:48 PM, Ritesh Gupta <rit...@ha...<mailto:rit...@ha...>> wrote: Hi Marc, I got it. As you said, I configured both myvd.sh and myvd.conf with the keystore. Like this: myvd.sh server.secure.listener.port=10636 mserver.secure.keystore=/myvd/key/keystore.jks server.secure.keypass=xxxxxx myvd.conf export MYVD_CMD="$JAVA_CMD -Djavax.net.ssl.trustStore=/myvd/key/keystore.jks -server net.sourceforge.myvd.server.Server $MYVD_HOME/conf/myvd.conf" However, I still see the error. [2016-03-04 10:06:03,196][pool-15-thread-3] WARN MyVDInterceptor - Could not get TLS information javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:482) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:192) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:178) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.search(MyVDInterceptor.java:762) at org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1345) at org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1094) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:815) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1154) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:206) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:92) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428) at java.lang.Thread.run(Thread.java:745) Am I doing anything wrong? Regards, Ritesh From: Marc Boorshtein Reply-To: "myv...@li...<mailto:myv...@li...>" Date: Wednesday, 2 March 2016 1:35 am To: "myv...@li...<mailto:myv...@li...>" Subject: Re: [Myvd-user] MyVD SSL support Ritesh, Sorry for the confusion. The keystore configuration is used to tell MyVD where to find the private key/certificate pair to use when listening on LDAPS. It doesn't tell java what remote certificates to trust (usually referred to as a trust store). The two ways you can do this are to either import the certificate into the cacerts keystore in JRE_HOME/lib/security (not generally a good idea as this changes when a new JRE is installed) or change bin/myvd.sh (line 40) to go from: -Djavax.net.ssl.trustStore=$MYVD_HOME/conf/myvd-server.ks to -Djavax.net.ssl.trustStore=/path/to/my/keystore.jks Thanks Marc Boorshtein CTO Tremolo Security mar...@tr...<mailto:mar...@tr...> (703) 828-4902 On Mon, Feb 29, 2016 at 7:13 PM, Ritesh Gupta <rit...@ha...<mailto:rit...@ha...>> wrote: Sorry, I didn't quite understand. On Feb 29, 2016 11:14 PM, Marc Boorshtein <mar...@tr...<mailto:mar...@tr...>> wrote: No, I have provided my keystore in myvd.conf as following: server.secure.keystore=/myvd/key/keystore.jks server.secure.keypass=xxxxxx I commented the javax.net.ssl.truststore in myvd.sh startup script. I would add it in, I don't think we're over taking the trust store. The keystore is for telling MyVD what certificate/keypair to use for the TLS listener, not as a trust store. ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies ________________________________ ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Myvd-user mailing list Myv...@li...<mailto:Myv...@li...> https://lists.sourceforge.net/lists/listinfo/myvd-user ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies ________________________________ ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Myvd-user mailing list Myv...@li...<mailto:Myv...@li...> https://lists.sourceforge.net/lists/listinfo/myvd-user ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Myvd-user mailing list Myv...@li...<mailto:Myv...@li...> https://lists.sourceforge.net/lists/listinfo/myvd-user ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies <http://www.happiestminds.com> ________________________________ |
From: Ritesh G. <rit...@ha...> - 2016-03-04 15:09:20
|
It does with the following output CONNECTED(00000003) depth=0 /C=IN/ST=ka/L=bangalore/O=mycompany/OU=pes/CN=localhost verify error:num=18:self signed certificate verify return:1 depth=0 /C=IN/ST=ka/L=bangalore/O=mycompany/OU=pes/CN=localhost verify return:1 From: Marc Boorshtein Reply-To: "myv...@li...<mailto:myv...@li...>" Date: Friday, 4 March 2016 7:46 pm To: "myv...@li...<mailto:myv...@li...>" Subject: Re: [Myvd-user] MyVD SSL support Sorry, I didn't look closely enough at the error. It looks like MyVD is presenting a request for a certificate to the client? What happens when you run '$ openssl s_client -connect 'host:port'' against myvd? Does a list of "Allowed Names" come back? Marc Boorshtein CTO Tremolo Security mar...@tr...<mailto:mar...@tr...> (703) 828-4902 On Thu, Mar 3, 2016 at 11:48 PM, Ritesh Gupta <rit...@ha...<mailto:rit...@ha...>> wrote: Hi Marc, I got it. As you said, I configured both myvd.sh and myvd.conf with the keystore. Like this: myvd.sh server.secure.listener.port=10636 mserver.secure.keystore=/myvd/key/keystore.jks server.secure.keypass=xxxxxx myvd.conf export MYVD_CMD="$JAVA_CMD -Djavax.net.ssl.trustStore=/myvd/key/keystore.jks -server net.sourceforge.myvd.server.Server $MYVD_HOME/conf/myvd.conf" However, I still see the error. [2016-03-04 10:06:03,196][pool-15-thread-3] WARN MyVDInterceptor - Could not get TLS information javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:482) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:192) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:178) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.search(MyVDInterceptor.java:762) at org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1345) at org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1094) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:815) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1154) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:206) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:92) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428) at java.lang.Thread.run(Thread.java:745) Am I doing anything wrong? Regards, Ritesh From: Marc Boorshtein Reply-To: "myv...@li...<mailto:myv...@li...>" Date: Wednesday, 2 March 2016 1:35 am To: "myv...@li...<mailto:myv...@li...>" Subject: Re: [Myvd-user] MyVD SSL support Ritesh, Sorry for the confusion. The keystore configuration is used to tell MyVD where to find the private key/certificate pair to use when listening on LDAPS. It doesn't tell java what remote certificates to trust (usually referred to as a trust store). The two ways you can do this are to either import the certificate into the cacerts keystore in JRE_HOME/lib/security (not generally a good idea as this changes when a new JRE is installed) or change bin/myvd.sh (line 40) to go from: -Djavax.net.ssl.trustStore=$MYVD_HOME/conf/myvd-server.ks to -Djavax.net.ssl.trustStore=/path/to/my/keystore.jks Thanks Marc Boorshtein CTO Tremolo Security mar...@tr...<mailto:mar...@tr...> (703) 828-4902 On Mon, Feb 29, 2016 at 7:13 PM, Ritesh Gupta <rit...@ha...<mailto:rit...@ha...>> wrote: Sorry, I didn't quite understand. On Feb 29, 2016 11:14 PM, Marc Boorshtein <mar...@tr...<mailto:mar...@tr...>> wrote: No, I have provided my keystore in myvd.conf as following: server.secure.keystore=/myvd/key/keystore.jks server.secure.keypass=xxxxxx I commented the javax.net.ssl.truststore in myvd.sh startup script. I would add it in, I don't think we're over taking the trust store. The keystore is for telling MyVD what certificate/keypair to use for the TLS listener, not as a trust store. ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies ________________________________ ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Myvd-user mailing list Myv...@li...<mailto:Myv...@li...> https://lists.sourceforge.net/lists/listinfo/myvd-user ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies ________________________________ ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Myvd-user mailing list Myv...@li...<mailto:Myv...@li...> https://lists.sourceforge.net/lists/listinfo/myvd-user ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Myvd-user mailing list Myv...@li...<mailto:Myv...@li...> https://lists.sourceforge.net/lists/listinfo/myvd-user ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies <http://www.happiestminds.com> ________________________________ |
From: Marc B. <mar...@tr...> - 2016-03-04 14:16:20
|
Sorry, I didn't look closely enough at the error. It looks like MyVD is presenting a request for a certificate to the client? What happens when you run '$ openssl s_client -connect 'host:port'' against myvd? Does a list of "Allowed Names" come back? Marc Boorshtein CTO Tremolo Security mar...@tr... (703) 828-4902 On Thu, Mar 3, 2016 at 11:48 PM, Ritesh Gupta <rit...@ha...> wrote: > Hi Marc, > > I got it. As you said, I configured both myvd.sh and myvd.conf with the > keystore. Like this: > > myvd.sh > > server.secure.listener.port=10636 > mserver.secure.keystore=/myvd/key/keystore.jks > server.secure.keypass=xxxxxx > > > myvd.conf > > export MYVD_CMD="$JAVA_CMD -Djavax.net.ssl.trustStore=/myvd/key/keystore.jks > -server net.sourceforge.myvd.server.Server $MYVD_HOME/conf/myvd.conf" > > However, I still see the error. > > [2016-03-04 10:06:03,196][pool-15-thread-3] WARN MyVDInterceptor - Could > not get TLS information > > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > > at > sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:482) > > at > net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:192) > > at > net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:178) > > at > net.sourceforge.myvd.server.apacheds.MyVDInterceptor.search(MyVDInterceptor.java:762) > > at > org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1345) > > at > org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1094) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:815) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1154) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:206) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:92) > > at > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207) > > at > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) > > at > org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) > > at > org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) > > at > org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) > > at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) > > at > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474) > > at > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428) > > at java.lang.Thread.run(Thread.java:745) > > > Am I doing anything wrong? > > > Regards, > Ritesh > > > From: Marc Boorshtein > Reply-To: "myv...@li..." > Date: Wednesday, 2 March 2016 1:35 am > To: "myv...@li..." > Subject: Re: [Myvd-user] MyVD SSL support > > Ritesh, > > Sorry for the confusion. The keystore configuration is used to tell MyVD > where to find the private key/certificate pair to use when listening on > LDAPS. It doesn't tell java what remote certificates to trust (usually > referred to as a trust store). The two ways you can do this are to either > import the certificate into the cacerts keystore in JRE_HOME/lib/security > (not generally a good idea as this changes when a new JRE is installed) or > change bin/myvd.sh (line 40) to go from: > > -Djavax.net.ssl.trustStore=$MYVD_HOME/conf/myvd-server.ks > > to > > -Djavax.net.ssl.trustStore=/path/to/my/keystore.jks > > Thanks > > > Marc Boorshtein > CTO Tremolo Security > mar...@tr... > (703) 828-4902 > > On Mon, Feb 29, 2016 at 7:13 PM, Ritesh Gupta > <rit...@ha...> wrote: >> >> Sorry, I didn't quite understand. >> >> On Feb 29, 2016 11:14 PM, Marc Boorshtein >> <mar...@tr...> wrote: >>> >>> No, I have provided my keystore in myvd.conf as following: >>> >>> server.secure.keystore=/myvd/key/keystore.jks >>> server.secure.keypass=xxxxxx >>> >>> I commented the javax.net.ssl.truststore in myvd.sh startup script. >>> >> >> I would add it in, I don't think we're over taking the trust store. The >> keystore is for telling MyVD what certificate/keypair to use for the TLS >> listener, not as a trust store. >> ________________________________ >> Happiest Minds Disclaimer >> >> This message is for the sole use of the intended recipient(s) and may >> contain confidential, proprietary or legally privileged information. Any >> unauthorized review, use, disclosure or distribution is prohibited. If you >> are not the original intended recipient of the message, please contact the >> sender by reply email and destroy all copies of the original message. >> >> Happiest Minds Technologies >> >> ________________________________ >> >> >> ------------------------------------------------------------------------------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 >> _______________________________________________ >> Myvd-user mailing list >> Myv...@li... >> https://lists.sourceforge.net/lists/listinfo/myvd-user >> > > ________________________________ > Happiest Minds Disclaimer > > This message is for the sole use of the intended recipient(s) and may > contain confidential, proprietary or legally privileged information. Any > unauthorized review, use, disclosure or distribution is prohibited. If you > are not the original intended recipient of the message, please contact the > sender by reply email and destroy all copies of the original message. > > Happiest Minds Technologies > > ________________________________ > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > |
From: Ritesh G. <rit...@ha...> - 2016-03-04 05:03:51
|
Hi Marc, I got it. As you said, I configured both myvd.sh and myvd.conf with the keystore. Like this: myvd.sh server.secure.listener.port=10636 mserver.secure.keystore=/myvd/key/keystore.jks server.secure.keypass=xxxxxx myvd.conf export MYVD_CMD="$JAVA_CMD -Djavax.net.ssl.trustStore=/myvd/key/keystore.jks -server net.sourceforge.myvd.server.Server $MYVD_HOME/conf/myvd.conf" However, I still see the error. [2016-03-04 10:06:03,196][pool-15-thread-3] WARN MyVDInterceptor - Could not get TLS information javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:482) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:192) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:178) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.search(MyVDInterceptor.java:762) at org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1345) at org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1094) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:815) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1154) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:206) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:92) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428) at java.lang.Thread.run(Thread.java:745) Am I doing anything wrong? Regards, Ritesh From: Marc Boorshtein Reply-To: "myv...@li...<mailto:myv...@li...>" Date: Wednesday, 2 March 2016 1:35 am To: "myv...@li...<mailto:myv...@li...>" Subject: Re: [Myvd-user] MyVD SSL support Ritesh, Sorry for the confusion. The keystore configuration is used to tell MyVD where to find the private key/certificate pair to use when listening on LDAPS. It doesn't tell java what remote certificates to trust (usually referred to as a trust store). The two ways you can do this are to either import the certificate into the cacerts keystore in JRE_HOME/lib/security (not generally a good idea as this changes when a new JRE is installed) or change bin/myvd.sh (line 40) to go from: -Djavax.net.ssl.trustStore=$MYVD_HOME/conf/myvd-server.ks to -Djavax.net.ssl.trustStore=/path/to/my/keystore.jks Thanks Marc Boorshtein CTO Tremolo Security mar...@tr...<mailto:mar...@tr...> <mailto:mar...@tr...>(<https://www.google.com/voice?utm_source=en-ha-na-us-bk&utm_medium=ha&utm_term=google+voice&utm_campaign=en&pli=1#phones>703) 828-4902 On Mon, Feb 29, 2016 at 7:13 PM, Ritesh Gupta <rit...@ha...<mailto:rit...@ha...>> wrote: Sorry, I didn't quite understand. On Feb 29, 2016 11:14 PM, Marc Boorshtein <mar...@tr...<mailto:mar...@tr...>> wrote: No, I have provided my keystore in myvd.conf as following: server.secure.keystore=/myvd/key/keystore.jks server.secure.keypass=xxxxxx I commented the javax.net.ssl.truststore in myvd.sh startup script. I would add it in, I don't think we're over taking the trust store. The keystore is for telling MyVD what certificate/keypair to use for the TLS listener, not as a trust store. ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies <http://www.happiestminds.com> ________________________________ ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Myvd-user mailing list Myv...@li...<mailto:Myv...@li...> https://lists.sourceforge.net/lists/listinfo/myvd-user ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies <http://www.happiestminds.com> ________________________________ |
From: Marc B. <mar...@tr...> - 2016-03-01 20:05:33
|
Ritesh, Sorry for the confusion. The keystore configuration is used to tell MyVD where to find the private key/certificate pair to use when listening on LDAPS. It doesn't tell java what remote certificates to trust (usually referred to as a trust store). The two ways you can do this are to either import the certificate into the cacerts keystore in JRE_HOME/lib/security (not generally a good idea as this changes when a new JRE is installed) or change bin/myvd.sh (line 40) to go from: -Djavax.net.ssl.trustStore=$MYVD_HOME/conf/myvd-server.ks to -Djavax.net.ssl.trustStore=/path/to/my/keystore.jks Thanks Marc Boorshtein CTO Tremolo Security mar...@tr... <mar...@tr...>( <https://www.google.com/voice?utm_source=en-ha-na-us-bk&utm_medium=ha&utm_term=google+voice&utm_campaign=en&pli=1#phones>703) 828-4902 On Mon, Feb 29, 2016 at 7:13 PM, Ritesh Gupta < rit...@ha...> wrote: > Sorry, I didn't quite understand. > On Feb 29, 2016 11:14 PM, Marc Boorshtein < > mar...@tr...> wrote: > >> No, I have provided my keystore in myvd.conf as following: >> >> server.secure.keystore=/myvd/key/keystore.jks >> server.secure.keypass=xxxxxx >> >> I commented the javax.net.ssl.truststore in myvd.sh startup script. >> >> > I would add it in, I don't think we're over taking the trust store. The > keystore is for telling MyVD what certificate/keypair to use for the TLS > listener, not as a trust store. > ------------------------------ > Happiest Minds Disclaimer > > This message is for the sole use of the intended recipient(s) and may > contain confidential, proprietary or legally privileged information. Any > unauthorized review, use, disclosure or distribution is prohibited. If you > are not the original intended recipient of the message, please contact the > sender by reply email and destroy all copies of the original message. > Happiest Minds Technologies <http://www.happiestminds.com> > > ------------------------------ > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > > |
From: Ritesh G. <rit...@ha...> - 2016-03-01 00:13:26
|
Sorry, I didn't quite understand. On Feb 29, 2016 11:14 PM, Marc Boorshtein <mar...@tr...> wrote: No, I have provided my keystore in myvd.conf as following: server.secure.keystore=/myvd/key/keystore.jks server.secure.keypass=xxxxxx I commented the javax.net.ssl.truststore in myvd.sh startup script. I would add it in, I don't think we're over taking the trust store. The keystore is for telling MyVD what certificate/keypair to use for the TLS listener, not as a trust store. ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies <http://www.happiestminds.com> ________________________________ |
From: Marc B. <mar...@tr...> - 2016-02-29 17:44:09
|
> > No, I have provided my keystore in myvd.conf as following: > > server.secure.keystore=/myvd/key/keystore.jks > server.secure.keypass=xxxxxx > > I commented the javax.net.ssl.truststore in myvd.sh startup script. > > I would add it in, I don't think we're over taking the trust store. The keystore is for telling MyVD what certificate/keypair to use for the TLS listener, not as a trust store. |
From: Ritesh G. <rit...@ha...> - 2016-02-29 17:30:07
|
Hi Marc, >> Is the keystore marked as the trust store using the javax.net.ssl.trustStore property? If so, have you tried adding your self signed cert to cacerts? No, I have provided my keystore in myvd.conf as following: server.secure.keystore=/myvd/key/keystore.jks server.secure.keypass=xxxxxx I commented the javax.net.ssl.truststore in myvd.sh startup script. Regards, Ritesh From: Marc Boorshtein Reply-To: "myv...@li...<mailto:myv...@li...>" Date: Monday, 29 February 2016 10:27 pm To: "myv...@li...<mailto:myv...@li...>" Subject: Re: [Myvd-user] MyVD SSL support Ritesh, Question: Why was the initialisation of KeyManagerFactory is commented? Thanks for pointing this out, its a bug, i'll make sure its corrected. Next observation was, on call of search, we see “Peer not authenticated” error multiple times showing up. [2016-02-28 21:00:22,632][pool-14-thread-1] WARN MyVDInterceptor - Could not get TLS information javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:482) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:192) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:178) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.search(MyVDInterceptor.java:762) at org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1345) at org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1094) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:815) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1154) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:206) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:92) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428) at java.lang.Thread.run(Thread.java:745) There could be various reasons for this. Could it be related that my JKS file contains self signed certificate? If not, then what would be possible solution for this? Is the keystore marked as the trust store using the javax.net.ssl.trustStore property? If so, have you tried adding your self signed cert to cacerts? Thanks Regards, Ritesh ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies <http://www.happiestminds.com> ________________________________ ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Myvd-user mailing list Myv...@li...<mailto:Myv...@li...> https://lists.sourceforge.net/lists/listinfo/myvd-user Marc Boorshtein CTO Tremolo Security mar...@tr...<mailto:mar...@tr...> <mailto:mar...@tr...> ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies <http://www.happiestminds.com> ________________________________ |
From: Marc B. <mar...@tr...> - 2016-02-29 16:58:06
|
Ritesh, Question: Why was the initialisation of KeyManagerFactory is commented? > > Thanks for pointing this out, its a bug, i'll make sure its corrected. > Next observation was, on call of search, we see “Peer not authenticated” > error multiple times showing up. > > [2016-02-28 21:00:22,632][pool-14-thread-1] WARN MyVDInterceptor - Could > not get TLS information > > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > > at > sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:482) > > at > net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:192) > > at > net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:178) > > at > net.sourceforge.myvd.server.apacheds.MyVDInterceptor.search(MyVDInterceptor.java:762) > > at > org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1345) > > at > org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1094) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:815) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1154) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:206) > > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:92) > > at > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207) > > at > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) > > at > org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) > > at > org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) > > at > org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) > > at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) > > at > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474) > > at > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428) > > at java.lang.Thread.run(Thread.java:745) > > > There could be various reasons for this. Could it be related that my JKS > file contains self signed certificate? If not, then what would be possible > solution for this? > > > Is the keystore marked as the trust store using the javax.net.ssl.trustStore property? If so, have you tried adding your self signed cert to cacerts? Thanks > Regards, > > Ritesh > > > ------------------------------ > Happiest Minds Disclaimer > > This message is for the sole use of the intended recipient(s) and may > contain confidential, proprietary or legally privileged information. Any > unauthorized review, use, disclosure or distribution is prohibited. If you > are not the original intended recipient of the message, please contact the > sender by reply email and destroy all copies of the original message. > Happiest Minds Technologies <http://www.happiestminds.com> > > ------------------------------ > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > > Marc Boorshtein CTO Tremolo Security mar...@tr... <mar...@tr...> |
From: Ritesh G. <rit...@ha...> - 2016-02-28 15:54:46
|
Hi, We want to support MyVD over SSL which means all LDAP browsers/clients needs to connect to our server over SSL. When we configured the secured port with the keystore and keypass in myvd.conf, we always encountered a NullPointException. On investigation, we noticed that in LdapServer.java, KeyManagerFactory is never initialised and hence throws obviously NPE. We uncommented the initialisation in loadKeyStore method (line 425) and it started working. Client could connect to our MyVD server over SSL. Question: Why was the initialisation of KeyManagerFactory is commented? Next observation was, on call of search, we see “Peer not authenticated” error multiple times showing up. [2016-02-28 21:00:22,632][pool-14-thread-1] WARN MyVDInterceptor - Could not get TLS information javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:482) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:192) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.setTLSSessionParams(MyVDInterceptor.java:178) at net.sourceforge.myvd.server.apacheds.MyVDInterceptor.search(MyVDInterceptor.java:762) at org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1345) at org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1094) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:815) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1154) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:206) at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:92) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428) at java.lang.Thread.run(Thread.java:745) There could be various reasons for this. Could it be related that my JKS file contains self signed certificate? If not, then what would be possible solution for this? Regards, Ritesh ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies <http://www.happiestminds.com> ________________________________ |
From: Ritesh G. <rit...@ha...> - 2016-02-10 12:06:00
|
Thanks a ton Marc. This has helped me a lot. My comment for the first point inline I shall work with this reference implementation and in case I get stuck, shall write back. Thanks, Ritesh From: Marc Boorshtein Reply-To: "myv...@li...<mailto:myv...@li...>" Date: Wednesday, 10 February 2016 2:05 am To: "myv...@li...<mailto:myv...@li...>" Subject: Re: [Myvd-user] MyVD-0.99 - No schema information returned by server Ritesh. See my answers inline. Marc Boorshtein CTO Tremolo Security mar...@tr...<mailto:mar...@tr...> We were developing using myvd-0.8.2 and today I upgraded to 0.99. Now, when I try to connect, I always get this error – "No schema information available by server, using default schema”. After showing the error message on Apache Directory Studio, I could see the base loaded and moreover, I do not see any error in the log. MyVD does not manage an internal schema. Few applications use schema, but for applications that do you can proxy another directory's schema. The message you are seeing is to be expected. The main difference between 0.8.2 and .99 is that we upgraded the version of apacheds we were using as the LDAP front end. [Ritesh] This error was not seen when I was using 0.8.2. I changed the client from Apache Directory Studio to Jxplorer and now I do not see the issue. I shall proceed with this client and later would test with other LDAP browsers. I am very new to LDAP and need help. Another questions that I have is: * how do I load the DIT using REST based backed service? Should I be using search method to implement directory loading? OK, so if I understand you want to be able to access your REST service using LDAP? If so the general steps are: 1. Create an insert 2. In the search command, generate your search and response and add them to an entry set 3. Add the entry set to the results take a look at the AWS Amazon SimpleDB integration in OpenUnison as an example: https://github.com/TremoloSecurity/OpenUnison/blob/master/unison/unison-services-aws/src/main/java/com/tremolosecurity/proxy/myvd/inserts/amazon/AmazonSimpleDB.java * I see RootDSE showing supportedLDAPVersion as 2 and 3. I would want to support only version 3 and accordingly mentioned this myvd.conf but it does not reflect LDAPv3 and v2 are identical except for some minor additions (UTF-8 and SASL). This isn't something I'd worry about. My conf looks like this: server.listener.port=10983 #Configure global chains server.globalChain= server.nameSpaces=Root,MyInsert #Define RootDSE server.Root.chain=RootDSE server.Root.nameSpace= server.Root.weight=0 server.Root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE server.Root.RootDSE.config.namingContexts=dc=ritesh,dc=com server.Root.RootDSE.config.supportedControls=2.16.840.1.113730.3.4.18,2.16.840.1.113730.3.4.2,1.3.6.1.4.1.4203.1.10.1,1.2.840.113556.1.4.319,1.2.826.0.1.334810.2.3,1.2.826.0.1.3344810.2.3,1.3.6.1.1.13.2,1.3.6.1.1.13.1,1.3.6.1.1.12 server.Root.RootDSE.config.supportedSaslMechanisms=NONE server.Root.RootDSE.config.supportedLDAPVersion=3 server.Root.RootDSE.config.supportedFeatures=search,compare,bind server.MyInsert.chain=myinsert server.MyInsert.nameSpace=dc=ritesh,dc=com server.MyInsert.weight=0 server.MyInsert..className=com.ritesh.myinsert Looks like you are off to a good start! ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies <http://www.happiestminds.com> ________________________________ |
From: Marc B. <mar...@tr...> - 2016-02-09 21:00:08
|
Ritesh. See my answers inline. Marc Boorshtein CTO Tremolo Security mar...@tr... > > We were developing using myvd-0.8.2 and today I upgraded to 0.99. Now, > when I try to connect, I always get this error – "*No schema information > available by server, using default schema*”. After showing the error > message on Apache Directory Studio, I could see the base loaded and > moreover, I do not see any error in the log. > > MyVD does not manage an internal schema. Few applications use schema, but for applications that do you can proxy another directory's schema. The message you are seeing is to be expected. The main difference between 0.8.2 and .99 is that we upgraded the version of apacheds we were using as the LDAP front end. > I am very new to LDAP and need help. Another questions that I have is: > > - how do I load the DIT using REST based backed service? Should I be > using search method to implement directory loading? > > OK, so if I understand you want to be able to access your REST service using LDAP? If so the general steps are: 1. Create an insert 2. In the search command, generate your search and response and add them to an entry set 3. Add the entry set to the results take a look at the AWS Amazon SimpleDB integration in OpenUnison as an example: https://github.com/TremoloSecurity/OpenUnison/blob/master/unison/unison-services-aws/src/main/java/com/tremolosecurity/proxy/myvd/inserts/amazon/AmazonSimpleDB.java > > - I see RootDSE showing supportedLDAPVersion as 2 and 3. I would want > to support only version 3 and accordingly mentioned this myvd.conf but it > does not reflect > > > LDAPv3 and v2 are identical except for some minor additions (UTF-8 and SASL). This isn't something I'd worry about. > My conf looks like this: > > server.listener.port=10983 > > #Configure global chains > server.globalChain= > > > server.nameSpaces=Root,MyInsert > > #Define RootDSE > server.Root.chain=RootDSE > server.Root.nameSpace= > server.Root.weight=0 > server.Root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE > server.Root.RootDSE.config.namingContexts=dc=ritesh,dc=com > > server.Root.RootDSE.config.supportedControls=2.16.840.1.113730.3.4.18,2.16.840.1.113730.3.4.2,1.3.6.1.4.1.4203.1.10.1,1.2.840.113556.1.4.319,1.2.826.0.1.334810.2.3,1.2.826.0.1.3344810.2.3,1.3.6.1.1.13.2,1.3.6.1.1.13.1,1.3.6.1.1.12 > server.Root.RootDSE.config.supportedSaslMechanisms=NONE > server.Root.RootDSE.config.supportedLDAPVersion=3 > server.Root.RootDSE.config.supportedFeatures=search,compare,bind > > server.MyInsert.chain=myinsert > server.MyInsert.nameSpace=dc=ritesh,dc=com > server.MyInsert.weight=0 > server.MyInsert..className=com.ritesh.myinsert > > > Looks like you are off to a good start! |
From: Ritesh G. <rit...@ha...> - 2016-02-09 05:19:44
|
Hi, We are using myvd for our LDAP proxy requirement. In our scenario, the data is available via REST based API. We were developing using myvd-0.8.2 and today I upgraded to 0.99. Now, when I try to connect, I always get this error – "No schema information available by server, using default schema”. After showing the error message on Apache Directory Studio, I could see the base loaded and moreover, I do not see any error in the log. I am very new to LDAP and need help. Another questions that I have is: * how do I load the DIT using REST based backed service? Should I be using search method to implement directory loading? * I see RootDSE showing supportedLDAPVersion as 2 and 3. I would want to support only version 3 and accordingly mentioned this myvd.conf but it does not reflect My conf looks like this: server.listener.port=10983 #Configure global chains server.globalChain= server.nameSpaces=Root,MyInsert #Define RootDSE server.Root.chain=RootDSE server.Root.nameSpace= server.Root.weight=0 server.Root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE server.Root.RootDSE.config.namingContexts=dc=ritesh,dc=com server.Root.RootDSE.config.supportedControls=2.16.840.1.113730.3.4.18,2.16.840.1.113730.3.4.2,1.3.6.1.4.1.4203.1.10.1,1.2.840.113556.1.4.319,1.2.826.0.1.334810.2.3,1.2.826.0.1.3344810.2.3,1.3.6.1.1.13.2,1.3.6.1.1.13.1,1.3.6.1.1.12 server.Root.RootDSE.config.supportedSaslMechanisms=NONE server.Root.RootDSE.config.supportedLDAPVersion=3 server.Root.RootDSE.config.supportedFeatures=search,compare,bind server.MyInsert.chain=myinsert server.MyInsert.nameSpace=dc=ritesh,dc=com server.MyInsert.weight=0 server.MyInsert..className=com.ritesh.myinsert Any help in this regards will be of great help. Regards, Ritesh ________________________________ Happiest Minds Disclaimer This message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the original intended recipient of the message, please contact the sender by reply email and destroy all copies of the original message. Happiest Minds Technologies <http://www.happiestminds.com> ________________________________ |
From: Marc B. <mar...@tr...> - 2015-10-02 22:36:12
|
Ok. I can certainly look at updating apacheds but it probably won't be for a week or so. It's not a binary drop in. There are some source files I need to customize and the interfaces on apacheds have a tendency to change quite often. Marc Boorshtein CTO, Tremolo Security, Inc. (703)828-4902 On Oct 2, 2015 5:49 PM, "Sam Orlando" <sam...@gm...> wrote: > I am using current trunk. > > --- > Sent from Boxer | http://getboxer.com <http://bxr.io/PBID1> > > On October 2, 2015 at 17:14:15 EDT, Marc Boorshtein < > mar...@tr...> wrote: > > Thanks Sam. What version of myvd are you using? > > Marc Boorshtein > CTO, Tremolo Security, Inc. > (703)828-4902 > On Oct 2, 2015 5:02 PM, "Orlando, Sam" <S.O...@ko...> wrote: > > Hello All, > > > Great project but I have a small issue that is a show stopper for me… > > > > When I try to add MyVD to a Cisco Unified Communications System for LDAP > Authentication handling, I get the following error: > > ** This is a check the system does when you add the LDAP auth server > > > > Error while Connecting to ldap:// > 10.100.12.48:3389/dc=vd,dc=burgerking,dc=int, > javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for > MessageType : SEARCH_REQUEST Message ID : 2 SearchRequest baseDn : > 'dc=vd,dc=burgerking,dc=int' filter : > '(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl-false-EXTENSIBLE-1.2.840.113556.1.4.803-'0x32 > ')))' scope : base object typesOnly : false Size Limit : no limit Time > Limit : no limit Deref Aliases : deref Always attributes : > org.apache.directory.api.ldap.model.message.SearchRequestImpl@b7221220 > OpaqueControl Control Type OID : '2.16.840.1.113730.3.4.2' Criticality : > 'false' ' : null]; remaining name 'dc=vd,dc=burgerking,dc=int' > > > > It would seem that the ApacheDS system does not like the search filter > sent to it. > > > > Is this something I can solve with MyVD or is this an ApacheDS issue? Can > we get a newer version of ApacheDS into the system? The current version is > a bit out dated and maybe this is a bug solved already by ApacheDS team? I > can not find such a bug though in the release information; though this does > not mean it was not addressed. > > > > I have tried to hack my way around to getting a new apacheds into myvd, > but have failed horribly as I am not a java coder. > > > > The system works fine with other applications, just having issues with > this one search field and I can not proceed to save the configuration in > cisco if this search does not work. > > > > > > ---- CONFIG --- > > server.listener.port=3389 > > > > ### Global Chain Declare > > server.globalChain=LogAllTransactions,accesslog,ACL > > > > ## Global ACL Defines > > > server.globalChain.ACL.className=net.sourceforge.myvd.inserts.accessControl.AccessMgmt > > server.globalChain.ACL.config.numACIs=6 > > > server.globalChain.ACL.config.aci.0=dc=burgerking,dc=int#subtree#grant:a,d,v#[entry]#subtree:dc=burgerking,dc=int > > > server.globalChain.ACL.config.aci.1=dc=burgerking,dc=int#subtree#grant:r,s,c,p#[all]#subtree:dc=burgerking,dc=int > > > server.globalChain.ACL.config.aci.2=cn=schema#subtree#grant:r,s,c,p#[all]#subtree:dc=burgerking,dc=int > > > server.globalChain.ACL.config.aci.3=cn=schema#subtree#grant:a,d,v#[entry]#subtree:dc=burgerking,dc=int > > > server.globalChain.ACL.config.aci.4=cn=ROOTDSE#entry#grant:v#[entry]#public: > > > server.globalChain.ACL.config.aci.5=cn=ROOTDSE#entry#grant:r,w,s,c,p#[all]#public: > > > > ### Global Trans Logging > > > server.globalChain.LogAllTransactions.className=net.sourceforge.myvd.inserts.DumpTransaction > > server.globalChain.LogAllTransactions.config.logLevel=debug > > server.globalChain.LogAllTransactions.config.label=Global > > > > ### Global Access Log > > > server.globalChain.accesslog.className=net.sourceforge.myvd.inserts.AccessLog > > server.globalChain.accesslog.config.fileName=/opt/myvd/logs/myvd-access.log > > server.globalChain.accesslog.config.type=rolling > > server.globalChain.accesslog.config.backupIndex=10 > > > > ### NameSpace Declare > > server.nameSpaces=Schema,root,base,us,mx > > > > ### RootDSE > > server.root.chain=RootDSE > > server.root.nameSpace= > > server.root.weight=0 > > server.root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE > > > server.root.RootDSE.config.namingContexts=dc=vd,dc=burgerking,dc=int|cn=schema > > > server.root.RootDSE.config.supportedControls=2.16.840.1.113730.3.4.18,2.16.840.1.113730.3.4.2,1.3.6.1.4.1.4203.1.10.1,1.2.840.113556.1.4.319,1.2.826.0.1.334810.2.3,1.2.826.0.1.3344810.2.3,1.3.6.1.1.13.2,1.3.6.1.1.13.1,1.3.6.1.1.12 > > server.Root.RootDSE.config.supportedSaslMechanisms=NONE > > > > ### Schema Declare > > server.Schema.chain=schema > > server.Schema.nameSpace=cn=schema > > server.Schema.weight=50 > > server.Schema.schema.className=net.sourceforge.myvd.inserts.SchemaInsert > > server.Schema.schema.config.schemaLDIF=/opt/myvd/conf/openldap_schema.ldif > > > > ### LOCAL OPEN LDAP - BASE SERVER > > server.base.chain=clean,ldap > > server.base.nameSpace=ou=users,dc=vd,dc=burgerking,dc=int > > server.base.weight=100 > > > server.base.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner > > > server.base.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor > > server.base.ldap.config.host=127.0.0.1 > > server.base.ldap.config.port=389 > > server.base.ldap.config.remoteBase=dc=nodomain > > server.base.ldap.config.proxyDN=cn=admin,dc=nodomain > > server.base.ldap.config.proxyPass=eatme > > server.base.ldap.config.passBindOnly=true > > server.base.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction > > server.base.adtrans.config.logLevel=debug > > server.base.adtrans.config.label=ADBASE > > > > ### US > > server.us.chain=clean,ldap,adtrans > > server.us.nameSpace=ou=us,dc=vd,dc=burgerking,dc=int > > server.us.weight=100 > > > server.us.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner > > server.us.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor > > server.us.ldap.config.host=10.100.69.69 > > server.us.ldap.config.port=389 > > server.us.ldap.config.remoteBase=ou=usr,dc=us,dc=burgerking,dc=int > > > server.us.ldap.config.proxyDN=cn=administrator,cn=users,dc=us,dc=burgerking,dc=int > > server.us.ldap.config.proxyPass=eatme > > server.us.ldap.config.passBindOnly=true > > server.us.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction > > server.us.adtrans.config.logLevel=debug > > server.us.adtrans.config.label=USAD > > > > ### MX > > server.mx.chain=clean,ldap,adtrans > > server.mx.nameSpace=ou=mx,dc=vd,dc=burgerking,dc=int > > server.mx.weight=100 > > > server.mx.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner > > server.mx.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor > > server.mx.ldap.config.host=10.220.69.69 > > server.mx.ldap.config.port=389 > > server.mx.ldap.config.remoteBase=ou=usr,dc=mx,dc=burgerking,dc=int > > > server.mx.ldap.config.proxyDN=cn=administrator,cn=users,dc=mx,dc=burgerking,dc=int > > server.mx.ldap.config.proxyPass=eatme > > server.mx.ldap.config.passBindOnly=true > > server.mx.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction > > server.mx.adtrans.config.logLevel=debug > > server.mx.adtrans.config.label=MXAD > > > > --- > > > > Thanks, > > Sam > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > > ------------------------------------------------------------------------------ > > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > > |
From: Sam O. <sam...@gm...> - 2015-10-02 21:49:31
|
I am using current trunk. ---Sent from Boxer | http://getboxer.com On October 2, 2015 at 17:14:15 EDT, Marc Boorshtein <mar...@tr...> wrote:Thanks Sam. What version of myvd are you using? Marc Boorshtein CTO, Tremolo Security, Inc. (703)828-4902 On Oct 2, 2015 5:02 PM, "Orlando, Sam" <S.O...@ko...> wrote: Hello All, Great project but I have a small issue that is a show stopper for me… When I try to add MyVD to a Cisco Unified Communications System for LDAP Authentication handling, I get the following error: ** This is a check the system does when you add the LDAP auth server Error while Connecting to ldap://10.100.12.48:3389/dc=vd,dc=burgerking,dc=int, javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for MessageType : SEARCH_REQUEST Message ID : 2 SearchRequest baseDn : 'dc=vd,dc=burgerking,dc=int' filter : '(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl-false-EXTENSIBLE-1.2.840.113556.1.4.803-'0x32 ')))' scope : base object typesOnly : false Size Limit : no limit Time Limit : no limit Deref Aliases : deref Always attributes : org.apache.directory.api.ldap.model.message.SearchRequestImpl@b7221220 OpaqueControl Control Type OID : '2.16.840.1.113730.3.4.2' Criticality : 'false' ' : null]; remaining name 'dc=vd,dc=burgerking,dc=int' It would seem that the ApacheDS system does not like the search filter sent to it. Is this something I can solve with MyVD or is this an ApacheDS issue? Can we get a newer version of ApacheDS into the system? The current version is a bit out dated and maybe this is a bug solved already by ApacheDS team? I can not find such a bug though in the release information; though this does not mean it was not addressed. I have tried to hack my way around to getting a new apacheds into myvd, but have failed horribly as I am not a java coder. The system works fine with other applications, just having issues with this one search field and I can not proceed to save the configuration in cisco if this search does not work. ---- CONFIG --- server.listener.port=3389 ### Global Chain Declare server.globalChain=LogAllTransactions,accesslog,ACL ## Global ACL Defines server.globalChain.ACL.className=net.sourceforge.myvd.inserts.accessControl.AccessMgmt server.globalChain.ACL.config.numACIs=6 server.globalChain.ACL.config.aci.0=dc=burgerking,dc=int#subtree#grant:a,d,v#[entry]#subtree:dc=burgerking,dc=int server.globalChain.ACL.config.aci.1=dc=burgerking,dc=int#subtree#grant:r,s,c,p#[all]#subtree:dc=burgerking,dc=int server.globalChain.ACL.config.aci.2=cn=schema#subtree#grant:r,s,c,p#[all]#subtree:dc=burgerking,dc=int server.globalChain.ACL.config.aci.3=cn=schema#subtree#grant:a,d,v#[entry]#subtree:dc=burgerking,dc=int server.globalChain.ACL.config.aci.4=cn=ROOTDSE#entry#grant:v#[entry]#public: server.globalChain.ACL.config.aci.5=cn=ROOTDSE#entry#grant:r,w,s,c,p#[all]#public: ### Global Trans Logging server.globalChain.LogAllTransactions.className=net.sourceforge.myvd.inserts.DumpTransaction server.globalChain.LogAllTransactions.config.logLevel=debug server.globalChain.LogAllTransactions.config.label=Global ### Global Access Log server.globalChain.accesslog.className=net.sourceforge.myvd.inserts.AccessLog server.globalChain.accesslog.config.fileName=/opt/myvd/logs/myvd-access.log server.globalChain.accesslog.config.type=rolling server.globalChain.accesslog.config.backupIndex=10 ### NameSpace Declare server.nameSpaces=Schema,root,base,us,mx ### RootDSE server.root.chain=RootDSE server.root.nameSpace= server.root.weight=0 server.root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE server.root.RootDSE.config.namingContexts=dc=vd,dc=burgerking,dc=int|cn=schema server.root.RootDSE.config.supportedControls=2.16.840.1.113730.3.4.18,2.16.840.1.113730.3.4.2,1.3.6.1.4.1.4203.1.10.1,1.2.840.113556.1.4.319,1.2.826.0.1.334810.2.3,1.2.826.0.1.3344810.2.3,1.3.6.1.1.13.2,1.3.6.1.1.13.1,1.3.6.1.1.12 server.Root.RootDSE.config.supportedSaslMechanisms=NONE ### Schema Declare server.Schema.chain=schema server.Schema.nameSpace=cn=schema server.Schema.weight=50 server.Schema.schema.className=net.sourceforge.myvd.inserts.SchemaInsert server.Schema.schema.config.schemaLDIF=/opt/myvd/conf/openldap_schema.ldif ### LOCAL OPEN LDAP - BASE SERVER server.base.chain=clean,ldap server.base.nameSpace=ou=users,dc=vd,dc=burgerking,dc=int server.base.weight=100 server.base.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner server.base.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor server.base.ldap.config.host=127.0.0.1 server.base.ldap.config.port=389 server.base.ldap.config.remoteBase=dc=nodomain server.base.ldap.config.proxyDN=cn=admin,dc=nodomain server.base.ldap.config.proxyPass=eatme server.base.ldap.config.passBindOnly=true server.base.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction server.base.adtrans.config.logLevel=debug server.base.adtrans.config.label=ADBASE ### US server.us.chain=clean,ldap,adtrans server.us.nameSpace=ou=us,dc=vd,dc=burgerking,dc=int server.us.weight=100 server.us.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner server.us.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor server.us.ldap.config.host=10.100.69.69 server.us.ldap.config.port=389 server.us.ldap.config.remoteBase=ou=usr,dc=us,dc=burgerking,dc=int server.us.ldap.config.proxyDN=cn=administrator,cn=users,dc=us,dc=burgerking,dc=int server.us.ldap.config.proxyPass=eatme server.us.ldap.config.passBindOnly=true server.us.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction server.us.adtrans.config.logLevel=debug server.us.adtrans.config.label=USAD ### MX server.mx.chain=clean,ldap,adtrans server.mx.nameSpace=ou=mx,dc=vd,dc=burgerking,dc=int server.mx.weight=100 server.mx.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner server.mx.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor server.mx.ldap.config.host=10.220.69.69 server.mx.ldap.config.port=389 server.mx.ldap.config.remoteBase=ou=usr,dc=mx,dc=burgerking,dc=int server.mx.ldap.config.proxyDN=cn=administrator,cn=users,dc=mx,dc=burgerking,dc=int server.mx.ldap.config.proxyPass=eatme server.mx.ldap.config.passBindOnly=true server.mx.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction server.mx.adtrans.config.logLevel=debug server.mx.adtrans.config.label=MXAD --- Thanks, Sam ------------------------------------------------------------------------------ _______________________________________________ Myvd-user mailing list Myv...@li... https://lists.sourceforge.net/lists/listinfo/myvd-user ------------------------------------------------------------------------------ _______________________________________________ Myvd-user mailing list Myv...@li... https://lists.sourceforge.net/lists/listinfo/myvd-user |
From: Marc B. <mar...@tr...> - 2015-10-02 21:45:30
|
Thanks Sam. What version of myvd are you using? Marc Boorshtein CTO, Tremolo Security, Inc. (703)828-4902 On Oct 2, 2015 5:02 PM, "Orlando, Sam" <S.O...@ko...> wrote: > Hello All, > > > Great project but I have a small issue that is a show stopper for me… > > > > When I try to add MyVD to a Cisco Unified Communications System for LDAP > Authentication handling, I get the following error: > > ** This is a check the system does when you add the LDAP auth server > > > > Error while Connecting to ldap:// > 10.100.12.48:3389/dc=vd,dc=burgerking,dc=int, > javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for > MessageType : SEARCH_REQUEST Message ID : 2 SearchRequest baseDn : > 'dc=vd,dc=burgerking,dc=int' filter : > '(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl-false-EXTENSIBLE-1.2.840.113556.1.4.803-'0x32 > ')))' scope : base object typesOnly : false Size Limit : no limit Time > Limit : no limit Deref Aliases : deref Always attributes : > org.apache.directory.api.ldap.model.message.SearchRequestImpl@b7221220 > OpaqueControl Control Type OID : '2.16.840.1.113730.3.4.2' Criticality : > 'false' ' : null]; remaining name 'dc=vd,dc=burgerking,dc=int' > > > > It would seem that the ApacheDS system does not like the search filter > sent to it. > > > > Is this something I can solve with MyVD or is this an ApacheDS issue? Can > we get a newer version of ApacheDS into the system? The current version is > a bit out dated and maybe this is a bug solved already by ApacheDS team? I > can not find such a bug though in the release information; though this does > not mean it was not addressed. > > > > I have tried to hack my way around to getting a new apacheds into myvd, > but have failed horribly as I am not a java coder. > > > > The system works fine with other applications, just having issues with > this one search field and I can not proceed to save the configuration in > cisco if this search does not work. > > > > > > ---- CONFIG --- > > server.listener.port=3389 > > > > ### Global Chain Declare > > server.globalChain=LogAllTransactions,accesslog,ACL > > > > ## Global ACL Defines > > > server.globalChain.ACL.className=net.sourceforge.myvd.inserts.accessControl.AccessMgmt > > server.globalChain.ACL.config.numACIs=6 > > > server.globalChain.ACL.config.aci.0=dc=burgerking,dc=int#subtree#grant:a,d,v#[entry]#subtree:dc=burgerking,dc=int > > > server.globalChain.ACL.config.aci.1=dc=burgerking,dc=int#subtree#grant:r,s,c,p#[all]#subtree:dc=burgerking,dc=int > > > server.globalChain.ACL.config.aci.2=cn=schema#subtree#grant:r,s,c,p#[all]#subtree:dc=burgerking,dc=int > > > server.globalChain.ACL.config.aci.3=cn=schema#subtree#grant:a,d,v#[entry]#subtree:dc=burgerking,dc=int > > > server.globalChain.ACL.config.aci.4=cn=ROOTDSE#entry#grant:v#[entry]#public: > > > server.globalChain.ACL.config.aci.5=cn=ROOTDSE#entry#grant:r,w,s,c,p#[all]#public: > > > > ### Global Trans Logging > > > server.globalChain.LogAllTransactions.className=net.sourceforge.myvd.inserts.DumpTransaction > > server.globalChain.LogAllTransactions.config.logLevel=debug > > server.globalChain.LogAllTransactions.config.label=Global > > > > ### Global Access Log > > > server.globalChain.accesslog.className=net.sourceforge.myvd.inserts.AccessLog > > server.globalChain.accesslog.config.fileName=/opt/myvd/logs/myvd-access.log > > server.globalChain.accesslog.config.type=rolling > > server.globalChain.accesslog.config.backupIndex=10 > > > > ### NameSpace Declare > > server.nameSpaces=Schema,root,base,us,mx > > > > ### RootDSE > > server.root.chain=RootDSE > > server.root.nameSpace= > > server.root.weight=0 > > server.root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE > > > server.root.RootDSE.config.namingContexts=dc=vd,dc=burgerking,dc=int|cn=schema > > > server.root.RootDSE.config.supportedControls=2.16.840.1.113730.3.4.18,2.16.840.1.113730.3.4.2,1.3.6.1.4.1.4203.1.10.1,1.2.840.113556.1.4.319,1.2.826.0.1.334810.2.3,1.2.826.0.1.3344810.2.3,1.3.6.1.1.13.2,1.3.6.1.1.13.1,1.3.6.1.1.12 > > server.Root.RootDSE.config.supportedSaslMechanisms=NONE > > > > ### Schema Declare > > server.Schema.chain=schema > > server.Schema.nameSpace=cn=schema > > server.Schema.weight=50 > > server.Schema.schema.className=net.sourceforge.myvd.inserts.SchemaInsert > > server.Schema.schema.config.schemaLDIF=/opt/myvd/conf/openldap_schema.ldif > > > > ### LOCAL OPEN LDAP - BASE SERVER > > server.base.chain=clean,ldap > > server.base.nameSpace=ou=users,dc=vd,dc=burgerking,dc=int > > server.base.weight=100 > > > server.base.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner > > > server.base.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor > > server.base.ldap.config.host=127.0.0.1 > > server.base.ldap.config.port=389 > > server.base.ldap.config.remoteBase=dc=nodomain > > server.base.ldap.config.proxyDN=cn=admin,dc=nodomain > > server.base.ldap.config.proxyPass=eatme > > server.base.ldap.config.passBindOnly=true > > server.base.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction > > server.base.adtrans.config.logLevel=debug > > server.base.adtrans.config.label=ADBASE > > > > ### US > > server.us.chain=clean,ldap,adtrans > > server.us.nameSpace=ou=us,dc=vd,dc=burgerking,dc=int > > server.us.weight=100 > > > server.us.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner > > server.us.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor > > server.us.ldap.config.host=10.100.69.69 > > server.us.ldap.config.port=389 > > server.us.ldap.config.remoteBase=ou=usr,dc=us,dc=burgerking,dc=int > > > server.us.ldap.config.proxyDN=cn=administrator,cn=users,dc=us,dc=burgerking,dc=int > > server.us.ldap.config.proxyPass=eatme > > server.us.ldap.config.passBindOnly=true > > server.us.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction > > server.us.adtrans.config.logLevel=debug > > server.us.adtrans.config.label=USAD > > > > ### MX > > server.mx.chain=clean,ldap,adtrans > > server.mx.nameSpace=ou=mx,dc=vd,dc=burgerking,dc=int > > server.mx.weight=100 > > > server.mx.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner > > server.mx.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor > > server.mx.ldap.config.host=10.220.69.69 > > server.mx.ldap.config.port=389 > > server.mx.ldap.config.remoteBase=ou=usr,dc=mx,dc=burgerking,dc=int > > > server.mx.ldap.config.proxyDN=cn=administrator,cn=users,dc=mx,dc=burgerking,dc=int > > server.mx.ldap.config.proxyPass=eatme > > server.mx.ldap.config.passBindOnly=true > > server.mx.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction > > server.mx.adtrans.config.logLevel=debug > > server.mx.adtrans.config.label=MXAD > > > > --- > > > > Thanks, > > Sam > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Myvd-user mailing list > Myv...@li... > https://lists.sourceforge.net/lists/listinfo/myvd-user > > |
From: Orlando, S. <S.Orlando@KOSTAL.COM> - 2015-10-02 21:02:24
|
Hello All, Great project but I have a small issue that is a show stopper for me... When I try to add MyVD to a Cisco Unified Communications System for LDAP Authentication handling, I get the following error: ** This is a check the system does when you add the LDAP auth server Error while Connecting to ldap://10.100.12.48:3389/dc=vd,dc=burgerking,dc=int, javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for MessageType : SEARCH_REQUEST Message ID : 2 SearchRequest baseDn : 'dc=vd,dc=burgerking,dc=int' filter : '(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl-false-EXTENSIBLE-1.2.840.113556.1.4.803-'0x32 ')))' scope : base object typesOnly : false Size Limit : no limit Time Limit : no limit Deref Aliases : deref Always attributes : org.apache.directory.api.ldap.model.message.SearchRequestImpl@b7221220 OpaqueControl Control Type OID : '2.16.840.1.113730.3.4.2' Criticality : 'false' ' : null]; remaining name 'dc=vd,dc=burgerking,dc=int' It would seem that the ApacheDS system does not like the search filter sent to it. Is this something I can solve with MyVD or is this an ApacheDS issue? Can we get a newer version of ApacheDS into the system? The current version is a bit out dated and maybe this is a bug solved already by ApacheDS team? I can not find such a bug though in the release information; though this does not mean it was not addressed. I have tried to hack my way around to getting a new apacheds into myvd, but have failed horribly as I am not a java coder. The system works fine with other applications, just having issues with this one search field and I can not proceed to save the configuration in cisco if this search does not work. ---- CONFIG --- server.listener.port=3389 ### Global Chain Declare server.globalChain=LogAllTransactions,accesslog,ACL ## Global ACL Defines server.globalChain.ACL.className=net.sourceforge.myvd.inserts.accessControl.AccessMgmt server.globalChain.ACL.config.numACIs=6 server.globalChain.ACL.config.aci.0=dc=burgerking,dc=int#subtree#grant:a,d,v#[entry]#subtree:dc=burgerking,dc=int server.globalChain.ACL.config.aci.1=dc=burgerking,dc=int#subtree#grant:r,s,c,p#[all]#subtree:dc=burgerking,dc=int server.globalChain.ACL.config.aci.2=cn=schema#subtree#grant:r,s,c,p#[all]#subtree:dc=burgerking,dc=int server.globalChain.ACL.config.aci.3=cn=schema#subtree#grant:a,d,v#[entry]#subtree:dc=burgerking,dc=int server.globalChain.ACL.config.aci.4=cn=ROOTDSE#entry#grant:v#[entry]#public: server.globalChain.ACL.config.aci.5=cn=ROOTDSE#entry#grant:r,w,s,c,p#[all]#public: ### Global Trans Logging server.globalChain.LogAllTransactions.className=net.sourceforge.myvd.inserts.DumpTransaction server.globalChain.LogAllTransactions.config.logLevel=debug server.globalChain.LogAllTransactions.config.label=Global ### Global Access Log server.globalChain.accesslog.className=net.sourceforge.myvd.inserts.AccessLog server.globalChain.accesslog.config.fileName=/opt/myvd/logs/myvd-access.log server.globalChain.accesslog.config.type=rolling server.globalChain.accesslog.config.backupIndex=10 ### NameSpace Declare server.nameSpaces=Schema,root,base,us,mx ### RootDSE server.root.chain=RootDSE server.root.nameSpace= server.root.weight=0 server.root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE server.root.RootDSE.config.namingContexts=dc=vd,dc=burgerking,dc=int|cn=schema server.root.RootDSE.config.supportedControls=2.16.840.1.113730.3.4.18,2.16.840.1.113730.3.4.2,1.3.6.1.4.1.4203.1.10.1,1.2.840.113556.1.4.319,1.2.826.0.1.334810.2.3,1.2.826.0.1.3344810.2.3,1.3.6.1.1.13.2,1.3.6.1.1.13.1,1.3.6.1.1.12 server.Root.RootDSE.config.supportedSaslMechanisms=NONE ### Schema Declare server.Schema.chain=schema server.Schema.nameSpace=cn=schema server.Schema.weight=50 server.Schema.schema.className=net.sourceforge.myvd.inserts.SchemaInsert server.Schema.schema.config.schemaLDIF=/opt/myvd/conf/openldap_schema.ldif ### LOCAL OPEN LDAP - BASE SERVER server.base.chain=clean,ldap server.base.nameSpace=ou=users,dc=vd,dc=burgerking,dc=int server.base.weight=100 server.base.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner server.base.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor server.base.ldap.config.host=127.0.0.1 server.base.ldap.config.port=389 server.base.ldap.config.remoteBase=dc=nodomain server.base.ldap.config.proxyDN=cn=admin,dc=nodomain server.base.ldap.config.proxyPass=eatme server.base.ldap.config.passBindOnly=true server.base.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction server.base.adtrans.config.logLevel=debug server.base.adtrans.config.label=ADBASE ### US server.us.chain=clean,ldap,adtrans server.us.nameSpace=ou=us,dc=vd,dc=burgerking,dc=int server.us.weight=100 server.us.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner server.us.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor server.us.ldap.config.host=10.100.69.69 server.us.ldap.config.port=389 server.us.ldap.config.remoteBase=ou=usr,dc=us,dc=burgerking,dc=int server.us.ldap.config.proxyDN=cn=administrator,cn=users,dc=us,dc=burgerking,dc=int server.us.ldap.config.proxyPass=eatme server.us.ldap.config.passBindOnly=true server.us.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction server.us.adtrans.config.logLevel=debug server.us.adtrans.config.label=USAD ### MX server.mx.chain=clean,ldap,adtrans server.mx.nameSpace=ou=mx,dc=vd,dc=burgerking,dc=int server.mx.weight=100 server.mx.clean.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner server.mx.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor server.mx.ldap.config.host=10.220.69.69 server.mx.ldap.config.port=389 server.mx.ldap.config.remoteBase=ou=usr,dc=mx,dc=burgerking,dc=int server.mx.ldap.config.proxyDN=cn=administrator,cn=users,dc=mx,dc=burgerking,dc=int server.mx.ldap.config.proxyPass=eatme server.mx.ldap.config.passBindOnly=true server.mx.adtrans.className=net.sourceforge.myvd.inserts.DumpTransaction server.mx.adtrans.config.logLevel=debug server.mx.adtrans.config.label=MXAD --- Thanks, Sam |
From: Marc B. <mar...@tr...> - 2015-06-04 14:51:44
|
Pawan, See my responses inline > But I am stuck after here as I dunno how to proceed now. > > > > I want to do this Guides -> Integrating Directories > > and I can see that in the configuration file we have to set LDAP configs for > Apache DS and MS AD. > I would also suggest looking at the unit tests, there are several different configuration examples: http://sourceforge.net/p/myvd/code/HEAD/tree/trunk/MyVD/test/TestServer/ > > > I am access myVD using JXplorer but all I get is the pre-configured > "Company-US" tree > > > > **************** > > > > #Listen on port 389 > > server.listener.port=11389 > > > > #Listen on 636 using SSL > > #server.secure.listener.port=636 > > #server.secure.keystore=/var/keystores/myvd.ks > > #server.secure.keypass=secret > > > > #Configure global chains > > server.globalChain=LogAllTransactions > > server.globalChain.LogAllTransactions.className=net.sourceforge.myvd.inserts.DumpTransaction > > server.globalChain.LogAllTransactions.config.logLevel=info > > server.globalChain.LogAllTransactions.config.label=Global > > > > > > #Configure namespaces > > server.nameSpaces=Root > > > > #Define RootDSE > > server.Root.chain=RootDSE > > server.Root.nameSpace=CUSTOM > > server.Root.weight=0 > > server.Root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE > > server.Root.RootDSE.config.namingContexts=o=CUSTOM,c=com|cn=schema > > > > ************** > The above config is incorrect and I'm surprised it loads at all. each "namespace" defines a chain of "inserts" where namespace refers to a name in the directory. For instance, if you wanted "ou=apacheds,o=mycompany,c=us" you would define a namespace for that name and add at least an LDAP insert. so something like: ******************************************** #Listen on port 389 server.listener.port=11389 #Listen on 636 using SSL #server.secure.listener.port=636 #server.secure.keystore=/var/keystores/myvd.ks #server.secure.keypass=secret #Configure global chains server.globalChain=LogAllTransactions server.globalChain.LogAllTransactions.className=net.sourceforge.myvd.inserts.DumpTransaction server.globalChain.LogAllTransactions.config.logLevel=info server.globalChain.LogAllTransactions.config.label=Global #Configure namespaces server.nameSpaces=Root,ApacheDS #Define RootDSE server.Root.chain=RootDSE server.Root.nameSpace= server.Root.weight=0 server.Root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE server.Root.RootDSE.config.namingContexts=dc=CUSTOM,dc=com server.ApacheDS.chain=ldap server.ApacheDS.nameSpace=dc=CUSTOM,dc=com server.ApacheDS.weight=10 server.ApacheDS.ldap.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor server.ApacheDS.ldap.config.type=LDAP server.ApacheDS.ldap.config.host=apacheds.host.domain server.ApacheDS.ldap.config.port=389 server.ApacheDS.ldap.config.remoteBase=dc=apachedsbase,dc=com server.ApacheDS.ldap.config.proxyDN=cn=serviceaccount,dc=apachedsbase,dc=com server.ApacheDS.ldap.config.proxyPass=manager ****************************************** The above config defines two namespaces and a global chain. The global chain executes before any of the namespaces are resolved. In this case, the dump transactions insert will log all transactions. Then we define two namespaces. The first is a root namespace (which has no explicit DN) to host the namingContext attribute. This is what lets your application or browser know which names are available in the directory. The second namespace attached to a remote ApacheDS instance using LDAP. what someone does a search on dc=CUSTOM,dc=com, MyVD will: 1. Match the ApacheDS namespace to the search 2. map the search base from dc=CUSTOM,dc=com to dc=apachedsbase,dc=com. For instance if you're doing a subtree search from ou=people,dc=CUSTOM,dc=com MyVD will map that search to ou=people,dc=apachedsbase,dc=com 3. Open a connection to apaches with the credentials cn=serviceaccount,dc=apachedsbase,dc=com 4. perform the search 5. On any results that come back, map the entry name from ApacheDS to MyVD. For instance if an entry uid=user1,ou=people,dc=apachedsbase,dc=com is returned by ApacheDS MyVD will map it to uid=user1,ou=people,dc=CUSTOM,dc=com 6. Return the results back to your LDAP client NOTE - these are only examples and need to be updated based on your ApacheDS configuration and implementation. Hope this helps |
From: Pawan T. <pa...@kn...> - 2015-06-04 06:32:49
|
Hello, I am trying to do same as what mentioned above by Siva. I have my setup as Apache DS -> Application but I want Microsoft AD Integrated as well. So it will be like Apache DS < -- MyVD < -- Application MS AD < -- Reading through Documentation provided I was able to instal and deploy My VD on my Linux Server. But I am stuck after here as I dunno how to proceed now. I want to do this Guides -> Integrating Directories and I can see that in the configuration file we have to set LDAP configs for Apache DS and MS AD. I am access myVD using JXplorer but all I get is the pre-configured "Company-US" tree **************** #Listen on port 389 server.listener.port=11389 #Listen on 636 using SSL #server.secure.listener.port=636 #server.secure.keystore=/var/keystores/myvd.ks #server.secure.keypass=secret #Configure global chains server.globalChain=LogAllTransactions server.globalChain.LogAllTransactions.className=net.sourceforge.myvd.inserts.DumpTransaction server.globalChain.LogAllTransactions.config.logLevel=info server.globalChain.LogAllTransactions.config.label=Global #Configure namespaces server.nameSpaces=Root #Define RootDSE server.Root.chain=RootDSE server.Root.nameSpace=CUSTOM server.Root.weight=0 server.Root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE server.Root.RootDSE.config.namingContexts=o=CUSTOM,c=com|cn=schema ************** Here is what my config looks like. As first step I just want to use my custom names. Then I will integrate Apache DS here and the MS-AD. Would really be helpful if anyone can provide a sample for Apache DS config into this and how to change O & U values and reason behind the read errors while using jXplorer. Thanks, Pawan |