I can not login WebADM
2,674 views
Skip to first unread message
cwn...@gmail.com
Feb 4, 2013, 3:49:01 AM2/4/13
to rcdevs-t...@googlegroups.com
Hello,
I've setup WebADM along with OpenLDAP and now I'm trying to login WebADM portal.
But I've got the following errors and can't log in:
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Invalid credentials for LDAP proxy user 'cn=webadm,dc=example,dc=com'
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM Domains
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM Trusts
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM MountPoints
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM OptionSets
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM Clients
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM WebApps
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM WebSrvs
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM Domains
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM Trusts
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM MountPoints
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM OptionSets
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM Clients
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM WebApps
[Mon Feb 04 17:32:23 2013] [218.145.52.88] [Admin] Could not get WebADM WebSrvs
This is my WebADM.conf file:
#
# WebADM Server configuration
#
# WebADM Server configuration
#
# WebADM login mode
# - PKI: Requires client certificate and login password.
# - UID: Requires domain name, login name and password.
# - DN: Requires login DN and password.
# Using certificates is the most secure login method. To use certificate login,
# you must login WebADM and create a login certificate for your administrators.
# The UID mode requires a WebADM domain to exist and have its User Search Base
# set to the subtree where are located the administrator users. When using UID
# and if there is no domain existing in WebADM, the login mode is automatically
# forced to DN. You will also need to login with the the full user DN and setup
# a WebADM domain to be able to use the UID login mode.
auth_mode DN
# Show the registered domain list when auth_mode is set to UID.
list_domains Yes
# - PKI: Requires client certificate and login password.
# - UID: Requires domain name, login name and password.
# - DN: Requires login DN and password.
# Using certificates is the most secure login method. To use certificate login,
# you must login WebADM and create a login certificate for your administrators.
# The UID mode requires a WebADM domain to exist and have its User Search Base
# set to the subtree where are located the administrator users. When using UID
# and if there is no domain existing in WebADM, the login mode is automatically
# forced to DN. You will also need to login with the the full user DN and setup
# a WebADM domain to be able to use the UID login mode.
auth_mode DN
# Show the registered domain list when auth_mode is set to UID.
list_domains Yes
# The proxy user is used by WebADM for accessing LDAP objects over which the
# admin user does not have read permissions or out of an admin session.
# The proxy user should have read permissions on the whole LDAP tree,
# and write permissions on the users / groups used by the WebApps and WebSrvs.
# The use of a proxy user is required for WebApps and WebSrvs.
# With ActiveDirectory, you can use any Domain Administrator DN as proxy user,
# which should look like cn=Administrator,cn=Users,dc=mydomain,dc=com.
proxy_user "cn=webadm,dc=example,dc=com"
proxy_password "Password1234"
# admin user does not have read permissions or out of an admin session.
# The proxy user should have read permissions on the whole LDAP tree,
# and write permissions on the users / groups used by the WebApps and WebSrvs.
# The use of a proxy user is required for WebApps and WebSrvs.
# With ActiveDirectory, you can use any Domain Administrator DN as proxy user,
# which should look like cn=Administrator,cn=Users,dc=mydomain,dc=com.
proxy_user "cn=webadm,dc=example,dc=com"
proxy_password "Password1234"
# Super administrators have extended WebADM privileges such as setup permissions,
# additional operations and unlimited access to any LDAP encrypted data. Access
# restriction configured in the WebADM OptionSets do not apply to super admins.
# You can set a list of individual LDAP users or LDAP groups here.
# With ActiveDirectory, your administrator account should be is something like
# cn=Administrator,cn=Users,dc=mydomain,dc=com. And you can replace the sample
# super_admins group on the second line with an existing security group.
super_admins "cn=admin,dc=example,dc=com"
# additional operations and unlimited access to any LDAP encrypted data. Access
# restriction configured in the WebADM OptionSets do not apply to super admins.
# You can set a list of individual LDAP users or LDAP groups here.
# With ActiveDirectory, your administrator account should be is something like
# cn=Administrator,cn=Users,dc=mydomain,dc=com. And you can replace the sample
# super_admins group on the second line with an existing security group.
super_admins "cn=admin,dc=example,dc=com"
# Any other WebADM administrator must be defined in the other_admins to be able
# to login. You can set access restrictions for other admins in WebADM OptionSets.
# You can set a list of individual LDAP users or LDAP groups.
# You can comment the setting not to use other administrators.
# With ActiveDirectory, you can use another existing security group here.
other_admins "cn=other_admins,dc=WebADM"
# to login. You can set access restrictions for other admins in WebADM OptionSets.
# You can set a list of individual LDAP users or LDAP groups.
# You can comment the setting not to use other administrators.
# With ActiveDirectory, you can use another existing security group here.
other_admins "cn=other_admins,dc=WebADM"
# LDAP objectclasses
container_oclasses "container", "organizationalUnit", "organization", "domain", "locality", "country", "openldaprootdse"
# user_oclasses is used to build the LDAP search filter with 'Domain' auth_mode.
# If your super admin user user does not have one of the following objectclasses,
# add one of its objectclasses to the list.
user_oclasses "user", "account", "person", "inetOrgPerson", "posixAccount"
group_oclasses "group", "groupOfNames", "groupOfUniqueNames", "dynamicGroup", "posixGroup"
# With ActiveDirectory 2003 only, you need to add the 'user' objectclass to the
# webadm_account_oclasses and the 'group' objectclass to the webadm_group_oclasses.
webadm_account_oclasses "webadmAccount"
webadm_group_oclasses "webadmGroup"
webadm_config_oclasses "webadmConfig"
container_oclasses "container", "organizationalUnit", "organization", "domain", "locality", "country", "openldaprootdse"
# user_oclasses is used to build the LDAP search filter with 'Domain' auth_mode.
# If your super admin user user does not have one of the following objectclasses,
# add one of its objectclasses to the list.
user_oclasses "user", "account", "person", "inetOrgPerson", "posixAccount"
group_oclasses "group", "groupOfNames", "groupOfUniqueNames", "dynamicGroup", "posixGroup"
# With ActiveDirectory 2003 only, you need to add the 'user' objectclass to the
# webadm_account_oclasses and the 'group' objectclass to the webadm_group_oclasses.
webadm_account_oclasses "webadmAccount"
webadm_group_oclasses "webadmGroup"
webadm_config_oclasses "webadmConfig"
# LDAP attributes
certificate_attrs "userCertificate"
password_attrs "userPassword", "unicodePwd"
uid_attrs "uid", "samAccountName"
member_attrs "member"
memberof_attrs "memberOf", "groupMembership"
memberuid_attrs "memberUid"
language_attrs "preferredLanguage"
mobile_attrs "mobile"
mail_attrs "mail"
webadm_data_attrs "webadmData"
webadm_settings_attrs "webadmSettings"
webadm_type_attrs "webadmType"
certificate_attrs "userCertificate"
password_attrs "userPassword", "unicodePwd"
uid_attrs "uid", "samAccountName"
member_attrs "member"
memberof_attrs "memberOf", "groupMembership"
memberuid_attrs "memberUid"
language_attrs "preferredLanguage"
mobile_attrs "mobile"
mail_attrs "mail"
webadm_data_attrs "webadmData"
webadm_settings_attrs "webadmSettings"
webadm_type_attrs "webadmType"
# ignore some AD attributes
ignored_attrs "ntsecuritydescriptor", "objectcategory", "objectsid", "badpasswordtime", \
"badpwdcount", "lastlogoff", "lastlogon", "logoncount", "lastlogontimestamp", \
"pwdlastset", "primarygroupid", "samaccounttype"
ignored_attrs "ntsecuritydescriptor", "objectcategory", "objectsid", "badpasswordtime", \
"badpwdcount", "lastlogoff", "lastlogon", "logoncount", "lastlogontimestamp", \
"pwdlastset", "primarygroupid", "samaccounttype"
# Find below the LDAP containers required by WebADM.
# Change the container's DN to fit your ldap tree base.
# WebADM Optionsets container
optionsets_container "dc=OptionSets,dc=example,dc=com"
# WebApp configurations container
webapps_container "dc=WebApps,dc=example,dc=com"
# WebSrv configurations container
websrvs_container "dc=WebSrvs,dc=example,dc=com"
# Mount points container
mountpoints_container "dc=MountPoints,dc=example,dc=com"
# Domain and Trusts container
domains_container "dc=Domains,dc=example,dc=com"
# Clients container
clients_container "dc=Clients,dc=example,dc=com"
# Change the container's DN to fit your ldap tree base.
# WebADM Optionsets container
optionsets_container "dc=OptionSets,dc=example,dc=com"
# WebApp configurations container
webapps_container "dc=WebApps,dc=example,dc=com"
# WebSrv configurations container
websrvs_container "dc=WebSrvs,dc=example,dc=com"
# Mount points container
mountpoints_container "dc=MountPoints,dc=example,dc=com"
# Domain and Trusts container
domains_container "dc=Domains,dc=example,dc=com"
# Clients container
clients_container "dc=Clients,dc=example,dc=com"
# With MS Active Directory use the following settings instead of the previous ones
# Note: Replace dc=mydomain,dc=com with your AD domain DN
#optionsets_container "cn=OptionSets,cn=WebADM,dc=mydomain,dc=com"
#webapps_container "cn=WebApps,cn=WebADM,dc=mydomain,dc=com"
#websrvs_container "cn=WebSrvs,cn=WebADM,dc=mydomain,dc=com"
#mountpoints_container "cn=Mountpoints,cn=WebADM,dc=mydomain,dc=com"
#domains_container "cn=Domains,cn=WebADM,dc=mydomain,dc=com"
#clients_container "cn=Clients,cn=WebADM,dc=mydomain,dc=com"
# Note: Replace dc=mydomain,dc=com with your AD domain DN
#optionsets_container "cn=OptionSets,cn=WebADM,dc=mydomain,dc=com"
#webapps_container "cn=WebApps,cn=WebADM,dc=mydomain,dc=com"
#websrvs_container "cn=WebSrvs,cn=WebADM,dc=mydomain,dc=com"
#mountpoints_container "cn=Mountpoints,cn=WebADM,dc=mydomain,dc=com"
#domains_container "cn=Domains,cn=WebADM,dc=mydomain,dc=com"
#clients_container "cn=Clients,cn=WebADM,dc=mydomain,dc=com"
# Temporary WebADM work directory where temporary work files should be created.
tmp_dir "/tmp"
tmp_dir "/tmp"
# You can set here the timeout (in seconds) of a WebADM session.
# Web sessions will be closed after this period of inactivity.
session_timeout 900
# Web sessions will be closed after this period of inactivity.
session_timeout 900
# You can set here the WebADM internal cache timeout. A normal value is one hour.
cache_timeout 3600
cache_timeout 3600
# Time zone
# Look at the docs/timezones.txt for the list of time zones.
time_zone "Europe/Paris"
# Look at the docs/timezones.txt for the list of time zones.
time_zone "Europe/Paris"
# Application languages
languages "EN","FR","DE","ES","IT","FI"
languages "EN","FR","DE","ES","IT","FI"
# WebADM can encrypt LDAP sensitive data such as password, keys
# and session manager sessions with the AES-256 algorithm.
# The encryption key must be a 256bit base64-encoded random binary data.
# Use the command 'openssl rand -base64 32' to generate a key.
# IMPORTANT: If you change the encryption key, any encrypted data will become invalid!
encrypt_data Yes
encrypt_key "cq19TEHgHLQuO09DXzjOw30rrQDLsPkT3NiL6l3BH2w="
# and session manager sessions with the AES-256 algorithm.
# The encryption key must be a 256bit base64-encoded random binary data.
# Use the command 'openssl rand -base64 32' to generate a key.
# IMPORTANT: If you change the encryption key, any encrypted data will become invalid!
encrypt_data Yes
encrypt_key "cq19TEHgHLQuO09DXzjOw30rrQDLsPkT3NiL6l3BH2w="
# The group mode defines how WebADM will handle LDAP groups.
# - Direct mode: WebADM finds user groups using the memberof_attrs defined above.
# In this case, the group membership is defined in the LDAP user objects.
# - Indirect mode: WebADM finds user groups by searching group objects which contain
# the user DN as part of the member_attrs.
# - Auto: Both direct and indirect groups and used.
# - Disabled: All LDAP group features are disabled in WebADM.
# By default (when group_mode is not specified) WebADM handles both group modes.
group_mode Auto
# - Direct mode: WebADM finds user groups using the memberof_attrs defined above.
# In this case, the group membership is defined in the LDAP user objects.
# - Indirect mode: WebADM finds user groups by searching group objects which contain
# the user DN as part of the member_attrs.
# - Auto: Both direct and indirect groups and used.
# - Disabled: All LDAP group features are disabled in WebADM.
# By default (when group_mode is not specified) WebADM handles both group modes.
group_mode Auto
# You can optionally disable some features if you run multiple WebADM server with
# different purposes. For example, if you dont want to provide admin portal on an
# Internet-exposed WebApps and WebSrvs server.
# By default, all the functionalities are enabled.
enable_admin Yes
enable_manager Yes
enable_webapps Yes
enable_websrvs Yes
# different purposes. For example, if you dont want to provide admin portal on an
# Internet-exposed WebApps and WebSrvs server.
# By default, all the functionalities are enabled.
enable_admin Yes
enable_manager Yes
enable_webapps Yes
enable_websrvs Yes
# Enable extended logging to the httpd.log and soapd.log files (enabled by default).
# Records all WebApps and Web Service events to the httpd.log and soapd.log files.
log_webapps Yes
log_websrvs Yes
# Records all WebApps and Web Service events to the httpd.log and soapd.log files.
log_webapps Yes
log_websrvs Yes
# Enable syslog reporting (disabled by default). When enable, system logs are sent
# to both the WebADM log files and syslog.
log_syslog No
# to both the WebADM log files and syslog.
log_syslog No
# Alerts are always recorded to the SQL Alert log. Additionally, when alert_email
# is defined, the alerts are also sent by email to the configured recipient(s).
# is defined, the alerts are also sent by email to the configured recipient(s).
# Check for new versions on RCDevs' website (requires HTTP connectivity).
check_versions Yes
check_versions Yes
# WebApps theme
# Comment the following line to disable the default theme.
webapps_theme "default"
# Comment the following line to disable the default theme.
webapps_theme "default"
# Misc options
#treeview_width 300
#default_portal Admin
#treeview_width 300
#default_portal Admin
Please help me out..
Chuck.
Administrators
Feb 4, 2013, 7:47:09 AM2/4/13
to RCDevs Security Solutions - Technical
What directory is it?
I suppose it's your own OpenLDAP.
Please use the LDAP admin DN for your webadm proxy_user.
Or create this user and set some ACL (rights) for it in the LDAP.
See our default ldap configuration below:
# RCDevs Directory Server configuration
# Objectclasses and attributes definitions to be added to the
# OpenLDAP server schema.
include /opt/slapd/conf/schema/core.schema
include /opt/slapd/conf/schema/cosine.schema
include /opt/slapd/conf/schema/dyngroup.schema
include /opt/slapd/conf/schema/inetorgperson.schema
include /opt/slapd/conf/schema/nis.schema
include /opt/slapd/conf/schema/misc.schema
include /opt/slapd/conf/schema/ppolicy.schema
include /opt/slapd/conf/schema/webadm.schema
# Do not enable referrals until after you have a working directory
# service and an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /opt/slapd/logs/slapd.pid
argsfile /opt/slapd/logs/slapd.args
logfile /opt/slapd/logs/slapd.log
sizelimit unlimited
# Load dynamic backend modules.
modulepath /opt/slapd/lib/modules
moduleload dynlist.la
moduleload ppolicy.la
moduleload refint.la
moduleload syncprov.la
# The next three lines allow use of TLS for encrypting connections.
TLSCertificateFile /opt/slapd/conf/slapd.crt
TLSCertificateKeyFile /opt/slapd/conf/slapd.key
TLSCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
TLSVerifyClient never
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow WebADM proxy user write access
# Allow administrators write access
# Allow self write access
# Allow anonymous users to authenticate
# If no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn (e.g., "access to * by * read").
# Rootdn can always read and write EVERYTHING!
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to *
by dn="cn=webadm,dc=WebADM" write
by group="cn=super_admins,dc=WebADM" write
by group="cn=other_admins,dc=WebADM" write
by self write
by anonymous auth
by * none
# LDAP database
database bdb
monitoring off
suffix ""
rootdn "cn=admin,o=Root"
# You uncomment the following line to force a rootdn password.
# When uncommented, both your LDAP password the rootpw are usable
# for the rootdn. You can also use the rootpw as a recovery option
# in case the rootdn password get lost.
#rootpw "password"
# The database directory must exist prior to running slapd and
# should only be accessible by the slapd and slap tools.
directory /opt/slapd/data
# Dynamic group objects
overlay dynlist
dynlist-attrset groupOfURLs memberURL member
# Referential integrity attributes
overlay refint
refint_attributes member
# Password policy object
overlay ppolicy
ppolicy_default "cn=ppolicy,o=Root"
ppolicy_hash_cleartext
password-hash {SSHA}
# LDAP replication
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# Indices to maintain
index objectClass eq,pres
index cn,uid,mail,mobile eq,pres,sub
index o,ou,dc,preferredLanguage eq,pres
index member,memberUid eq,pres
index uidNumber,gidNumber eq,pres
# The rest of the configuration is for LDAP clustering (mirror
replication).
# Uncomment all the following lines to setup your LDAP server in
mirror mode
# replication with remote server ldap2.example.com.
# For more details see http://www.openldap.org/doc/admin23/syncrepl.html.
#
# The serverID must be set to '2' on the other LDAP server.
#serverID 1
#syncrepl rid=001
# provider=ldap://ldap2.example.com
# bindmethod=simple
# binddn="cn=admin,o=Root"
# credentials="password"
# starttls=yes
# tls_reqcert=never
# searchbase=""
# schemachecking=on
# type=refreshAndPersist
# retry="10 5 60 +"
#mirrormode on
Note: Do not put your encrypt_key and passwords on the forum :-)
Same note for all people posting config files here.
I suppose it's your own OpenLDAP.
Please use the LDAP admin DN for your webadm proxy_user.
Or create this user and set some ACL (rights) for it in the LDAP.
See our default ldap configuration below:
# RCDevs Directory Server configuration
# Objectclasses and attributes definitions to be added to the
# OpenLDAP server schema.
include /opt/slapd/conf/schema/core.schema
include /opt/slapd/conf/schema/cosine.schema
include /opt/slapd/conf/schema/dyngroup.schema
include /opt/slapd/conf/schema/inetorgperson.schema
include /opt/slapd/conf/schema/nis.schema
include /opt/slapd/conf/schema/misc.schema
include /opt/slapd/conf/schema/ppolicy.schema
include /opt/slapd/conf/schema/webadm.schema
# Do not enable referrals until after you have a working directory
# service and an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /opt/slapd/logs/slapd.pid
argsfile /opt/slapd/logs/slapd.args
logfile /opt/slapd/logs/slapd.log
sizelimit unlimited
# Load dynamic backend modules.
modulepath /opt/slapd/lib/modules
moduleload dynlist.la
moduleload ppolicy.la
moduleload refint.la
moduleload syncprov.la
# The next three lines allow use of TLS for encrypting connections.
TLSCertificateFile /opt/slapd/conf/slapd.crt
TLSCertificateKeyFile /opt/slapd/conf/slapd.key
TLSCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
TLSVerifyClient never
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow WebADM proxy user write access
# Allow administrators write access
# Allow self write access
# Allow anonymous users to authenticate
# If no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn (e.g., "access to * by * read").
# Rootdn can always read and write EVERYTHING!
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to *
by dn="cn=webadm,dc=WebADM" write
by group="cn=super_admins,dc=WebADM" write
by group="cn=other_admins,dc=WebADM" write
by self write
by anonymous auth
by * none
# LDAP database
database bdb
monitoring off
suffix ""
rootdn "cn=admin,o=Root"
# You uncomment the following line to force a rootdn password.
# When uncommented, both your LDAP password the rootpw are usable
# for the rootdn. You can also use the rootpw as a recovery option
# in case the rootdn password get lost.
#rootpw "password"
# The database directory must exist prior to running slapd and
# should only be accessible by the slapd and slap tools.
directory /opt/slapd/data
# Dynamic group objects
overlay dynlist
dynlist-attrset groupOfURLs memberURL member
# Referential integrity attributes
overlay refint
refint_attributes member
# Password policy object
overlay ppolicy
ppolicy_default "cn=ppolicy,o=Root"
ppolicy_hash_cleartext
password-hash {SSHA}
# LDAP replication
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# Indices to maintain
index objectClass eq,pres
index cn,uid,mail,mobile eq,pres,sub
index o,ou,dc,preferredLanguage eq,pres
index member,memberUid eq,pres
index uidNumber,gidNumber eq,pres
# The rest of the configuration is for LDAP clustering (mirror
replication).
# Uncomment all the following lines to setup your LDAP server in
mirror mode
# replication with remote server ldap2.example.com.
# For more details see http://www.openldap.org/doc/admin23/syncrepl.html.
#
# The serverID must be set to '2' on the other LDAP server.
#serverID 1
#syncrepl rid=001
# provider=ldap://ldap2.example.com
# bindmethod=simple
# binddn="cn=admin,o=Root"
# credentials="password"
# starttls=yes
# tls_reqcert=never
# searchbase=""
# schemachecking=on
# type=refreshAndPersist
# retry="10 5 60 +"
#mirrormode on
Note: Do not put your encrypt_key and passwords on the forum :-)
Same note for all people posting config files here.
Chuck
Feb 4, 2013, 10:50:28 AM2/4/13
to rcdevs-t...@googlegroups.com
We are using our own openldap directory.
As I know I have to login webADM using super_admins DN.
Is it right?
If so, do I have to make super_admins DN on my openLDAP?
2013. 2. 4. 오후 9:47 Administrators <adm...@rcdevs.com> 작성:
> --
> You received this message because you are subscribed to the Google Groups "RCDevs Security Solutions - Technical" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rcdevs-technic...@googlegroups.com.
> To post to this group, send email to rcdevs-t...@googlegroups.com.
> Visit this group at http://groups.google.com/group/rcdevs-technical?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
As I know I have to login webADM using super_admins DN.
Is it right?
If so, do I have to make super_admins DN on my openLDAP?
2013. 2. 4. 오후 9:47 Administrators <adm...@rcdevs.com> 작성:
> You received this message because you are subscribed to the Google Groups "RCDevs Security Solutions - Technical" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rcdevs-technic...@googlegroups.com.
> To post to this group, send email to rcdevs-t...@googlegroups.com.
> Visit this group at http://groups.google.com/group/rcdevs-technical?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Administrators
Feb 4, 2013, 11:50:02 AM2/4/13
to RCDevs Security Solutions - Technical
Yes the user must exist and have explicit permissions to the LDAP.
Look at the "access to.." in the example.
To simplify your problem, use the default LDAP admin account of your
LDAP (ie. the one you use with other tools).
> > # For more details seehttp://www.openldap.org/doc/admin23/syncrepl.html.
> ...
>
> read more >>
Look at the "access to.." in the example.
To simplify your problem, use the default LDAP admin account of your
LDAP (ie. the one you use with other tools).
>
> read more >>
Reply all
Reply to author
Forward
0 new messages