LDAP – Not able to create a new person with country

I am trying to create a new Person entry in LDAP (Apache Directory Server). I am able to create a person without a country objectClass like below.

            dn[n]: uid=dduck,ou=people,dc=example,dc=com
            objectClass: top
            objectClass: person
            objectClass: organizationalPerson
            objectClass: inetOrgPerson
            uid: dduck
            sn: Duck
            cn: Donal Duck

But I also want to add a Country to this person. So I added country objectClass as below.

            dn[n]: uid=dduck,ou=people,dc=example,dc=com
            objectClass: country
            objectClass: top
            objectClass: person
            objectClass: organizationalPerson
            objectClass: inetOrgPerson
            uid: dduck
            sn: Duck
            c: FR
            cn: Donal Duck

But it fails with below error, any idea please ?

ERROR Message

            Error while creating entry
             - [LDAP: error code 65 - OBJECT_CLASS_VIOLATION: failed for MessageType : ADD_REQUES
              java.lang.Exception: [LDAP: error code 65 - OBJECT_CLASS_VIOLATION: failed for MessageType : ADD_REQUEST
            Message ID : 26
                Add Request :
            Entry
                dn[n]: uid=dduck,ou=people,dc=example,dc=com
                objectClass: country
                objectClass: top
                objectClass: person
                objectClass: organizationalPerson
                objectClass: inetOrgPerson
                uid: dduck
                sn: Duck
                c: FR
                cn: Donal Duck
            : ERR_61 Entry uid=dduck,ou=people,dc=example,dc=com contains more than one STRUCTURAL ObjectClass: [OBJECT_CLASS ( 2.16.840.1.113730.3.2.2
             NAME 'inetOrgPerson'
             DESC RFC2798: Internet Organizational Person
             SUP 'organizationalPerson'
             STRUCTURAL
             MAY ( 'audio' $ 'businessCategory' $ 'carLicense' $ 'departmentNumber' $ 'displayName' $ 'employeeNumber' $ 'employeeType' $ 'givenName' $ 'homePhone' $ 'homePostalAddress' $ 'initials' $ 'jpegPhoto' $ 'labeledURI' $ 'mail' $ 'manager' $ 'mobile' $ 'o' $ 'pager' $ 'photo' $ 'roomNumber' $ 'secretary' $ 'uid' $ 'userCertificate' $ 'x500UniqueIdentifier' $ 'preferredLanguage' $ 'userSMIMECertificate' $ 'userPKCS12' )
             )
            , OBJECT_CLASS ( 2.5.6.2
             NAME 'country'
             DESC RFC2256: a country
             SUP 'top'
             STRUCTURAL
             MUST 'c'
             MAY ( 'searchGuide' $ 'description' )
             )
            ]]
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1280)
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109)
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$6.run(DirectoryApiConnectionWrapper.java:928)
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkConnectionAndRunAndMonitor(DirectoryApiConnectionWrapper.java:1109)
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.createEntry(DirectoryApiConnectionWrapper.java:950)
                at org.apache.directory.studio.ldapbrowser.core.jobs.CreateEntryRunnable.createEntry(CreateEntryRunnable.java:224)
                at org.apache.directory.studio.ldapbrowser.core.jobs.CreateEntryRunnable.run(CreateEntryRunnable.java:124)
                at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:112)
                at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)

              [LDAP: error code 65 - OBJECT_CLASS_VIOLATION: failed for MessageType : ADD_REQUEST
            Message ID : 26
                Add Request :
            Entry
                dn[n]: uid=dduck,ou=people,dc=example,dc=com
                objectClass: country
                objectClass: top
                objectClass: person
                objectClass: organizationalPerson
                objectClass: inetOrgPerson
                uid: dduck
                sn: Duck
                c: FR
                cn: Donal Duck
            : ERR_61 Entry uid=dduck,ou=people,dc=example,dc=com contains more than one STRUCTURAL ObjectClass: [OBJECT_CLASS ( 2.16.840.1.113730.3.2.2
             NAME 'inetOrgPerson'
             DESC RFC2798: Internet Organizational Person
             SUP 'organizationalPerson'
             STRUCTURAL
             MAY ( 'audio' $ 'businessCategory' $ 'carLicense' $ 'departmentNumber' $ 'displayName' $ 'employeeNumber' $ 'employeeType' $ 'givenName' $ 'homePhone' $ 'homePostalAddress' $ 'initials' $ 'jpegPhoto' $ 'labeledURI' $ 'mail' $ 'manager' $ 'mobile' $ 'o' $ 'pager' $ 'photo' $ 'roomNumber' $ 'secretary' $ 'uid' $ 'userCertificate' $ 'x500UniqueIdentifier' $ 'preferredLanguage' $ 'userSMIMECertificate' $ 'userPKCS12' )
             )
            , OBJECT_CLASS ( 2.5.6.2
             NAME 'country'
             DESC RFC2256: a country
             SUP 'top'
             STRUCTURAL
             MUST 'c'
             MAY ( 'searchGuide' $ 'description' )
             )
            ]]

Browser sends NTLM ticket instead of Kerberos ticket

I'm having a problem that's driving me nuts. I'm trying to achive single sign-on on a combination of windows server 2012 as active directory server, ubuntu 12.04 with apache as webserver and a windows 7 laptop as client (all 3 on the same local network). I think I've set up everything correct:

  • I've made a keytab file on the AD-server and when using this from the kinit command on the webserver I get no errors and I can confirm that the kerberos ticket is received using the klist afterwards.

  • I've setup the AD-realm in the krb5.conf file on the webserver and since kinit works I asume that this is done correctly.

  • The protected directory I'm testing on is setup in apache2.conf as follows:
    AuthType Kerberos
    KrbMethodNegotiate On
    KrbMethodK5Passwd On
    KrbAuthRealms ADREALM.LOCAL
    Krb5KeyTab /etc/apache2/test.keytab
    KrbServiceName NameOfSPNInKeyTabFile
    Require valid-user

  • The laptop has been added to the AD-server and after logging on to it there are 3 KerbTickets listed when executing klist.

  • I've added the ip-address of the webserver to the list of trusted sites in IE 11 (both http and https).

Still, when I try to access the protected site on the webserver I keep getting a box asking for login and password. When I type these in I get authenticated and get access to the site.

Using WireShark I can se that the client first sends an NTLM ticket when asked for authentication. Since the webserver expects a kerberos-ticket this fails and the browser fall-back to simple authentication asking for login and password. When these are received, the webserver contacts the AD-server and verifies the credentials. So the authentication works - it's just single sign-on that fails.

So the big question is: Why is the browser sending an NTLM-ticket in this situation? I've tested this with both ie, firefox and chrome and they all return an NTLM-ticket. I've tried different combinations of SPN-names, but all with the same result. Are there some naming conventions I've missed or what else could be wrong?

URL RewriteRule in .htaccess for index.php query parameters

Example URL's:-

  • www.domain.com/index.php?bob
  • www.domain.com/index.php?jane
  • www.domain.com/index.php?fred

Need rewriting like:-

  • www.domain.com/bob
  • www.domain.com/jane
  • www.domain.com/fred

Have tried with many variations now but the closest I can get to is:-

  • www.domain.com/?bob
  • www.domain.com/?jane
  • www.domain.com/?fred

The below in .htaccess achieves this...

RewriteRule ^(.*)$ index.php?$1 [L,QSA]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s(.*)/index\.php [NC]
RewriteRule ^ %1 [R=301,L]

Please could someone point out what I need to modify to bin the ? (question mark) in the URL?

Edit

Just noticed that since applying the answer given by anubhava below that robots.txt for example doesn't resolve to the .txt file but just displays the homepage.

.htaccess below:-

RewriteEngine On

RewriteBase /
RewriteCond %{THE_REQUEST} \s/+index\.php\?([^\s&]+) [NC]
RewriteRule ^ %1? [R=301,L]

RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteRule ^download/(.*) /index.php?route=error/not_found [L]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

#pos1
RewriteRule ^([^/]+)/?$ index.php?$1 [L,QSA] <--

RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]

#pos2

If I add the <-- line in pos1, the robots.txt URL returns a 404 page not found error.

If I add the <-- line in pos2, the robots.txt URL just displays the homepage.

Edit2

In the meantime, I have excluded robots.txt from rewrites by adding the following under Rewrite Base /:-

RewriteRule ^robots.txt - [L]

configure hhvm and apache for archlinux

First, i installed apache24 from AUR and hhvm from AUR (HipHop VM 2.4.0 (rel)). apache24 has mod_proxy_fcgi enabled. Running the php file from terminal with hhvm seems to work fine, but i cannot configure it to work with apache.
in httpd.conf i have:

ProxyPass / fcgi://127.0.0.1:9000/srv/http/

, then i run the hhvm server from doc_root with:

sudo hhvm --mode server -vServer.Type=fastcgi -vServer.Port=9000

, but when access the http link from browser i get:

"HipHop Notice: File could not be loaded: proxy:fcgi://127.0.0.1:9000/srv/http/index.php"

any suggestions?

Why can’t I get a self signed certificate (ssl) to work with Wamp 2.4.4?

I am new to SSL, so please bear with me.

I created a web application on a WAMP 2.4.4 installation. Everything worked flawlessly until I tried to activate SSL and create a self-signed certificate. I had trouble finding instructions for installing a self-signed certificate on the current version of WAMP (2.4.4) so I had to make do with what I could find.

At first I was unable to generate a self signed certificate, but when I followed the instructions in this post, it worked: http://stackoverflow.com/a/17718557/801483

I followed the instructions in the links below to create a self signed certificate and as far as I can tell, it worked. However, Apache did not restart once I added everything to the .conf files.

  1. http://www.expertcore.org/viewtopic.php?t=1809
  2. http://forum.wampserver.com/read.php?2,116588,116636
  3. http://www.learnfromit.co/2013/02/steps-for-making-wamp-server-work-with.html

The WAMP server is set up as localhost in the default WAMP www directory (C:\wamp\www), however I have a separate URL for the subfolder the web application is installed in (C:\wamp\www\webapp_directory). I can't see how this would affect the ssl installation, but I figured I should mention it just in case.

I also noticed that the instructions say to find SSLMutex in the httpd-ssl.conf file, but this does not exist in the original httpd-ssl.conf file. I tried putting in the recommended lines "SSLMutex default" and "Mutex default ssl-cache" but neither one made a difference.

Below is my httpd-ssl.conf file after activating SSL with the self signed certificate. I replaced sensitive information with descriptive text inside of brackets [example].

I would appreciate any help with this!

Listen [server IP]:443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:c:/wamp/bin/apache/Apache2.4.4/ssl/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
<VirtualHost _default_:443>
    DocumentRoot "c:/wamp/www/[webapp directory]"
    ServerName localhost:443
    ServerAdmin [email protected]
    ErrorLog "c:/wamp/bin/apache/Apache2.4.4/ssl/logs/ssl_error.log"
    TransferLog "c:/wamp/bin/apache/Apache2.4.4/ssl/logs/ssl_access.log"
    SSLEngine on
    SSLCertificateFile "c:/wamp/bin/apache/Apache2.4.4/ssl/[cert name].crt"
    SSLCertificateKeyFile "c:/wamp/bin/apache/Apache2.4.4/ssl/[key name].key"
    Mutex default ssl-cache
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "c:/wamp/www/[webapp directory]">
        SSLOptions +StdEnvVars
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
    BrowserMatch "MSIE [2-5]" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
    CustomLog "c:/wamp/logs/ssl_request.log" \
    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

WampServer orange icon

I am having problems with Wamp Server, the icon will never turn green. It is constantly stuck at orange.

I have tried many ways, editing HOSTS file, .config files, disabling IIS, changing SKYPE's port, quitting SKYPE, disabling World Wide Web publishing services etc... And under wamp server icon > Apache > Test port 80, it states that Apache is using that port.

I am running Windows 8 64 bit and Wamp Server 2.4. Any help would be appreciated.

passenger-install-apache2-module fails

My server has this SO: Centos Linux 2.6.32-042stab084.1 x86_64

I've done:

yum -y install ruby rubygems

yum -y install zlib-devel curl-devel openssl-devel httpd-devel apr-devel apr-util-devel mysql-devel gcc ruby-devel

yum -y install gcc-c++ make postgresql-devel ImageMagick-devel sqlite-devel perl-LDAP mod_perl perl-Digest-SHA

gem install passenger

Then I do:

passenger-install-apache2-module

But I get this trace:

Sanity checking Apache installation... All good!

--------------------------------------------
Compiling and installing Apache 2 module...
cd /usr/local/rvm/gems/ruby-1.9.3-head/gems/passenger-4.0.37
# /usr/local/rvm/gems/ruby-1.9.3-head/wrappers/rake RELEASE=yes apache2:clean apache2
rm -rf buildout/cache
rm -rf buildout/common/libboost_oxt.a buildout/common/libboost_oxt
rm -f buildout/common/libpassenger_common/Logging.o buildout/common/libpassenger_common/Exceptions.o buildout/common/libpassenger_common/Utils/SystemTime.o buildout/common/libpassenger_common/Utils/StrIntUtils.o buildout/common/libpassenger_common/Utils/IOUtils.o buildout/common/libpassenger_common/Utils.o
rm -f buildout/common/libpassenger_common/Utils/Base64.o buildout/common/libpassenger_common/Utils/CachedFileStat.o buildout/common/libpassenger_common/Utils/LargeFiles.o buildout/common/libpassenger_common/ApplicationPool2/Implementation.o buildout/common/libpassenger_common/ApplicationPool2/AppTypes.o buildout/common/libpassenger_common/AgentsStarter.o buildout/common/libpassenger_common/AgentsBase.o buildout/common/libpassenger_common/Utils/MD5.o buildout/common/libpassenger_common/Utils/fib.o buildout/common/libpassenger_common/Utils/jsoncpp.o
rm -f buildout/common/libpassenger_common/agents/LoggingAgent/FilterSupport.o
rm -rf buildout/common/libpassenger_common
rm -rf buildout/agents/
rm -rf buildout/apache2/module_libboost_oxt.a buildout/apache2/module_libboost_oxt
rm -f buildout/apache2/module_libpassenger_common/Logging.o buildout/apache2/module_libpassenger_common/Exceptions.o buildout/apache2/module_libpassenger_common/Utils/SystemTime.o buildout/apache2/module_libpassenger_common/Utils/StrIntUtils.o buildout/apache2/module_libpassenger_common/Utils/IOUtils.o buildout/apache2/module_libpassenger_common/Utils.o
rm -f buildout/apache2/module_libpassenger_common/Utils/Base64.o buildout/apache2/module_libpassenger_common/Utils/CachedFileStat.o buildout/apache2/module_libpassenger_common/Utils/LargeFiles.o buildout/apache2/module_libpassenger_common/ApplicationPool2/Implementation.o buildout/apache2/module_libpassenger_common/ApplicationPool2/AppTypes.o buildout/apache2/module_libpassenger_common/AgentsStarter.o buildout/apache2/module_libpassenger_common/AgentsBase.o buildout/apache2/module_libpassenger_common/Utils/MD5.o buildout/apache2/module_libpassenger_common/Utils/fib.o buildout/apache2/module_libpassenger_common/Utils/jsoncpp.o
rm -f buildout/apache2/module_libpassenger_common/agents/LoggingAgent/FilterSupport.o
rm -rf buildout/apache2/module_libpassenger_common
rm -rf buildout/apache2/Configuration.o buildout/apache2/Bucket.o buildout/apache2/Hooks.o buildout/apache2/mod_passenger.o buildout/apache2/mod_passenger.so
mkdir -p buildout/apache2/module_libpassenger_common
c++ -Iext -Iext/common -Iext/libev -fPIC -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/apr-1 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wformat-security -fno-strict-aliasing -I/usr/include/httpd -D_REENTRANT -I/usr/local/include -Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wpointer-arith -Wwrite-strings -Wno-long-long -Wno-missing-field-initializers -fcommon -feliminate-unused-debug-symbols -feliminate-unused-debug-types -fvisibility=hidden -DVISIBILITY_ATTRIBUTE_SUPPORTED -g -DHAS_ALLOCA_H -DHAVE_ACCEPT4 -DHAS_SFENCE -DHAS_LFENCE -DPASSENGER_DEBUG -DBOOST_DISABLE_ASSERTS -DHASH_NAMESPACE="__gnu_cxx" -DHASH_MAP_HEADER="<hash_map>" -DHASH_MAP_CLASS="hash_map" -DHASH_FUN_H="<hash_fun.h>" -o buildout/apache2/module_libpassenger_common/Logging.o -c ext/common/Logging.cpp
c++: Error interno: `Terminado (killed)' (programa cc1plus)
Por favor envíe un reporte completo de bichos.
Vea <http://bugzilla.redhat.com/bugzilla> para más instrucciones.
rake aborted!
Command failed with status (1): [c++ -Iext -Iext/common -Iext/libev -fPIC -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1 -I/usr/include/apr-1 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wformat-security -fno-strict-aliasing -I/usr/include/httpd -D_REENTRANT -I/usr/local/include -Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wpointer-arith -Wwrite-strings -Wno-long-long -Wno-missing-field-initializers -fcommon -feliminate-unused-debug-symbols -feliminate-unused-debug-types -fvisibility=hidden -DVISIBILITY_ATTRIBUTE_SUPPORTED -g -DHAS_ALLOCA_H -DHAVE_ACCEPT4 -DHAS_SFENCE -DHAS_LFENCE -DPASSENGER_DEBUG -DBOOST_DISABLE_ASSERTS -DHASH_NAMESPACE="__gnu_cxx" -DHASH_MAP_HEADER="<hash_map>" -DHASH_MAP_CLASS="hash_map" -DHASH_FUN_H="<hash_fun.h>" -o buildout/apache2/module_libpassenger_common/Logging.o -c ext/common/Logging.cpp]
/usr/local/rvm/gems/ruby-1.9.3-head/gems/passenger-4.0.37/build/cplusplus_support.rb:51:in `run_compiler'
/usr/local/rvm/gems/ruby-1.9.3-head/gems/passenger-4.0.37/build/cplusplus_support.rb:61:in `compile_cxx'
/usr/local/rvm/gems/ruby-1.9.3-head/gems/passenger-4.0.37/lib/phusion_passenger/common_library.rb:133:in `block (2 levels) in define_category_tasks'
/usr/local/rvm/gems/ruby-1.9.3-head/bin/ruby_executable_hooks:15:in `eval'
/usr/local/rvm/gems/ruby-1.9.3-head/bin/ruby_executable_hooks:15:in `<main>'
Tasks: TOP => apache2 => buildout/apache2/mod_passenger.so => buildout/apache2/module_libpassenger_common/Logging.o

What is my problem??? Thanks

Apache fails to start on Vagrant

In my Vagrant environment I have a guest Ubuntu Virtualbox with a LAMP with default settings.

I have my source code on the host machine in the same folder as my Vagrantfile. So on the guest Ubuntu I can access the files in the mounted /vagrant dir like this

/vagrant
  /mysite
    /index.php
  /Vagrantfile

Now in my Apache config I add a line

Alias /mysite /vagrant/mysite

After reloading config and restarting apache I can go to localhost:8558/mysite/index.php and it works.

The problem is that when I reload Virtualbox with vagrant reload it starts Apache service before mounting the /vagrant folder. So Apache can't find the aliased dir and fails to start. i have to start it manually then

My question is - is there a way to delay Apache start so that it starts after the mounting?

Update: As a workaround I added script to the crontab that starts apache 30 seconds after the boot as described here. But I wonder if there is a better solution.