LDAP and Security Communications

Similar Messages

• Secure Communication between SharePoint and SQL

  What are the options of securing the communication between the SharePoint Server and SQL Server?
  Is the Kerberos one of the options?  Any instructions on how to set it up?

  Kerberos isn't a way of securing communication. It is a way to authenticate.
  If you want to communicate securely then you need to use something like IPSec, see here for a guide:
  http://technet.microsoft.com/en-us/library/ms189067%28v=sql.105%29.aspx
  Have a look here for guidance on how to harden SQL for SharePoint:
  http://technet.microsoft.com/en-us/library/ff607733%28v=office.15%29.aspx

• Welcome to the Design and Architecture Community

  Welcome to the Network Infrastructure Design and Architecture Community.  We encourage everyone to share their knowledge and start conversations on design and overall network topology. All topics are welcome, including requirements and constraints of the network, tools and techniques, issues of hierarchy, leading practices, services, build strategies, architectures and solutions to solve business problems.
  Remember, just like in the workplace, be courteous to your fellow forum participants. Please refrain from using disparaging or obscene language or posting advertisements.
  Cheers,
  Dan BruhnCSC Community Manager

  been waiting to see a forum like this. This forum should amalgamate all the other areas like R&S, security, DC design, and provide more quality , proven solns and discuss problems/challenges as well. Will be following this forum regularly
  thanks dan for creating this community
  Regards Kishore

• How to Set up HTTPOnly and SECURE FLAG for session cookies

  Hi All,
  To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
  I have found the below solutions.
  For setting up the HTTPOnly for the session cookies.
  1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.httponly = true;
  For setting up the secure flag for the session cookies.
  2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.secure = "true"
  Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
  <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
  <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
    <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
    <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
  </cfif>
  But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
  Your timely help is well appreciated.
  Thanks in advance.

  BKBK wrote:
  Abdul L Koyappayil wrote:
  BKBK wrote:
  You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
  I couldnt understand this. I mean how are you relating this with my question.
  When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
       If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
  Name:
  JSESSIONID
  Content:
  782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
  Domain:
  xyz.abc.pqr.com
  Path:
  Send for:
  Any kind of connection
  Accessible to script:
  No (HttpOnly)
  Created:
  Wednesday, September 3, 2014 2:25:10 AM
  Expires:
  When the browsing session ends
  BKBK wrote:
  2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
  Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
       I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
  BKBK wrote:
  3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
  It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
       I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

• Can't get Google CAL to work with iCAL "Server with a secure communication unavailable"

  I can't add my google account to iCal...
  Error message:
  "Server with a secure communication unavailable"
  "Your calendar acct isn't on a server that can receive your calendar information securely.."
  I have had this work just fine in the past, had to remove my accounts a while back, decided to add them back, and this error keeps popping up...
  Can anyone help??
  Googled and Searched this forum with no success. Found some suggestions but nothing worked.
  Thanks,

  I have used the CalDAV option from the pop list and the server option is : https://www.google.com/calendar/dav/[email protected]/user    , replace with your email the underlined
  I've found this here .

• Group Policy won't apply, No mapping between account names and security IDs was done.

  I am using Group Policy Preferences to remove users from the local admin group and add a local admin account.  This GPO is working on 90% of the Win7 machines on the network, but three laptops are not accepting the GPO.  I get the following error:
  Log Name:      Application
  Source:        Group Policy Local Users and Groups
  Date:          6/24/2014 8:49:28 AM
  Event ID:      4098
  Task Category: (2)
  Level:         Warning
  Keywords:      Classic
  User:          SYSTEM
  Computer:      laptop1.internal.com
  Description:
  The user 'Administrators' preference item in the 'Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}' Group Policy object did not apply because it failed with error code '0x80070534 No mapping between account names and security
  IDs was done.' This error was suppressed.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Group Policy Local Users and Groups" />
      <EventID Qualifiers="34305">4098</EventID>
      <Level>3</Level>
      <Task>2</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-06-24T13:49:28.000000000Z" />
      <EventRecordID>68771</EventRecordID>
      <Channel>Application</Channel>
      <Computer>laptop1.internal.com</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data>user</Data>
      <Data>Administrators</Data>
      <Data>Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}</Data>
      <Data>0x80070534 No mapping between account names and security IDs was done.</Data>
    </EventData>
  </Event>
  I've searched high and low for an answer and nothing I find on-line seems to apply.  I also notice that the option to 'Run as Administrator' does not work.  If I right-click on cmd.exe and select 'run as administrator', the command box opens but
  I am not prompted for credentials and the command box does not have admin rights.  Not sure if this is related or not.
  Any help on this would be greatly appreciated.
  Thanks,
  Joe

  Hi,
  Delete your  remove action from the GPP and push it again, does this issue still occur?
  If it still exists, let’s collect the GPP log for analysis:
  Group policy Preference debug logging policy settings are located under:
  Computer Configuration\Administrative Templates\System\Group Policy
  Click Logging and tracing, select local users and group preference logging and trace.
  Meanwhile, just a similar issue, but it is worth trying:
  A user is added to the wrong group on a client computer that is running Windows 7 or Windows Server 2008 R2
  http://support.microsoft.com/kb/2280515
  If you have any feedback on our support, please click
  here
  Alex Zhao
  TechNet Community Support

• HT5312 I want to change my rescue email address. When I get to step 4 above no Password and Security to click. Is there an easy way to do this?

  I want to change my rescue email address.I've followed the instructioins to step 4. I have no 'Password and Security@ to click. Is there an easy way to change it?

  Welcome to the Apple Community.
  It should be here.

• I have been trying to reset my security questions. i have found others who said they changed them from the manage account and then password and security online, but i am asked to answer the security questions i don't know the answers to. help?

  for some reason apple thinks ill know the answers when im trying to change them haha :/ does anyone know how to bypass this or any other way to change the security questions for your account?

  Welcome to the Apple Community.
  Start here, and reset your password, you will receive an email with your new password, then go to manage your account > Password and Security and change your security questions.
  If that doesn't help you might try contacting Apple through iTunes Store Support

• Intel Management and Security Status Icon started appearing 3 days ago

  We didn't install anything new, and this "Intel Management and Security" icon (which you can't close) started appearing in the start menu on the bottom of the screen.  What made this start appearing, and how can we get rid of it?

  Hello aoppen,
  please also refer to this guide how to use AMT.
  Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
  Please insert your type, model (not S/N) number and used OS in your posts.
  I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
  TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
   English Community       Deutsche Community       Comunidad en Español

• How to export "Managed by" field of Distribution and Security groups and import with new values? (Exchange 2010, AD 2003)

  My Active Directory environment is 2003 functional level and we have Exchange 2010.
  I am trying to find out the best way to do a mass edit for the "Managed by" values of our security and distribution groups.
  I know we can export the "managed by" field by csvde but I am not sure this is the correct way to do it. Also in the case that there are multiple users assigned to be managing a distribution group it only shows one value. Also powershell from Exchange
  2010 can be used with "get-distribution" but as our AD environment is 2003 is this correct also?
  Finally once the data is exported to csv can it be edited to then reimport and udpate the existing group managed by fields with new values?
  Not really sure that the best way to go about this is.
  Summary - We have 2003 AD with Exchange 2010 and I am trying to export a list of all our Distribution/Security groups showing the group name and managedby values so we can edit and update the
  existing managedby values with new ones. In some cases we have multiple users as the owners.
  Appreciate any advice on how this can be best achieved. Thank you.

  Hi,
  We can use the following command in Exchange 2010 to export "Managed by" field of Distribution and Security groups:
  Get-DistributionGroup | Select-object Name,@{label="ManagedBy";expression={[string]::join(“;”,$_.managedby)}},Primarysmtpaddress | Export-Csv
  C:\export.csv
  After you changed the Managed by field in export.csv and saved it as a new file named import.csv, we can run the following command to set with new value:
  Import-Csv C:\import.csv | Foreach-Object{ Set-DistributionGroup –Identity $_.Name –ManagedBy $_.ManagedBy}
  Hope it works.
  Thanks,
  Winnie Liang
  TechNet Community Support

• No mapping between account names and security IDs was done. (Exception from HRESULT: 0x80070534)

  We are getting below error message in MOSS 2007 server, every few minutes.
  Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (9daf0827-7c85-41c7-82c5-89f93ecd652a).
  Reason: No mapping between account names and security IDs was done. (Exception from HRESULT: 0x80070534)
  Techinal Support Details:
  System.Runtime.InteropServices.COMException (0x80070534): No mapping between account names and security IDs was done. (Exception from HRESULT: 0x80070534)
  at Microsoft.Office.Server.Search.Administration.MSSITLB.IGatherApplication2.SetUsersPermittedToQuery(String[] psaAccountNames, Int32 fForce)
  at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
  at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

  Hi Baskaran,
  For this issue, I think the main reason may be the original account is removed or changed from AD.
  In the following there is an article about this to reset the service account, you can refer to it for more information:
  http://edinkapic.blogspot.com/2009/10/moss-shared-services-provider.html
  Additionally, as you already tried to reset the service accounts, you could try to clear SharePoint configuration caches in case the caches were not updated, to clear SharePoint configuration caches, you can see the below article:
  http://social.technet.microsoft.com/Forums/en-US/sharepointadmin/thread/b97c4721-b37e-4a4a-a8e2-4a98b4c7b89c
  More information:http://farhanfaiz.wordpress.com/2009/04/08/moss-2007-event-id-6482-6481/
  Thanks,
  Qiao
  Qiao Wei
  TechNet Community Support

• Server with secure communication unavailable?

  When I try to sync my iCal with my Gmail account, iCal gives me an error that says "Server with secure communication unavailable"
  My accounts were linked just fine before and this just started up one day.
  Any thoughts?

  I get the same error except when I try to add my MobileMe account.  I just upgraded my Air with Lion 10.7.2.  Anyone know how to pull my MobileMe calendars back onto Lion?

• Audio conferencing visibility and security question

  All
  Small company with CUCM and Unity Connections 8.6. Internally we utilize Meet-Me as the defacto conferencing solution. However, would like to add some security and visibility for the conference owners so they can specify who can connect to their conferences and also some way to see currently connected members of the conference.
  Can anyone point me in the direction of any such solution, that preferably won't break the bank
  Thanks
  Brandon

  Hi Brandon,
  Unfortunately, this request would require a deeper assessment of your needs and your environment which can hardly be made via this forum. The best way to get the most appropriate answer related to your needs would be to contact your Cisco Account Team. They should be able to get a Cisco Sales Engineer involved to gather your requirements, get to know your infrastructure and user community, and present you with the appropriate options.
  On this community, I can provide you with links to Cisco Unified MeetingPlace and Cisco WebEx Meetings Server documentation that you can review for more information about these solutions:
  1. Cisco Unified MeetingPlace
      http://www.cisco.com/c/en/us/products/conferencing/unified-meetingplace/index.html
      http://www.cisco.com/c/en/us/products/collateral/conferencing/unified-meetingplace/datasheet-c78-730364.html
      http://www.cisco.com/c/en/us/products/conferencing/unified-meetingplace-8-5/index.html
      http://www.cisco.com/c/dam/en/us/products/collateral/conferencing/unified-meetingplace-8-5/cisco_unified_meetingplace8_5_tech_overview.pptx
      http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/meetingplace/8_6/english/releasenotes/mp86rn.html
  2. Cisco WebEx Meetings Server (CWMS)
      http://www.cisco.com/c/en/us/products/conferencing/webex-meetings-server/index.html
      http://www.cisco.com/c/en/us/products/collateral/conferencing/webex-meetings-server/data_sheet_c78-717754.html
      http://www.cisco.com/en/US/docs/collaboration/CWMS/2_0/Release_Notes.html
  I hope this can be of help.
  -Dejan

• Iso5 download error, network timed out, how do i stop this, all of my firewalls and security on my pc are currently swiched off but this still didnt help

  iso5 download error, network timed out, how do i stop this, all of my firewalls and security on my pc are currently swiched off but this still didnt help>
  trid multiple times over the last few weeks, after waiting 45 minutes for the download to comlete the network times out whilst processing the download

  The router is in your house.
  In a nutshell, a modem communicates with the Internet and brings a single communications link to your house,  The router takes that single link and divides it up among many links, both wired and wireless, to support many devices in your house.  The router and the modem may be separate physical boxes or, more commonly, they're in the same enclosure.
  Unfortunately, if there is a firewall in the router, you will need help.  I don't think that it's a good idea to try to walk you through it via the forum.  You should contact the router supplier and have them walk you through the investigation.

• LDAP and everyone group

  I am using wls version 5.1 with service pack 7. I still need to add all
  users the the "everyone" group in order to be able to authenticate. I
  thought this issue was resolved in the latest service pack. But I still
  get an exception thrown if my user is not in "everyone" group. Does
  anyone know what the status of this bug is? Is it resolved or not?
  Here is the exception:
  java.rmi.RemoteException: Security violation: insufficient permission to
  access method
  at
  weblogic.ejb.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:431)
  at
  com.itginc.webtrade.ejb.LoginBeanEOImpl.loginUser(LoginBeanEOImpl.java:143)
  at
  com.itginc.webtrade.ejb.LoginBeanEOImpl_ServiceStub.loginUser(LoginBeanEOImpl_ServiceStub.java:112)
  at
  com.itginc.webtrade.servlets.LoginServlet.service(LoginServlet.java:190)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:106)
  at
  weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:907)
  at
  weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:851)
  at
  weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContextManager.java:252)
  at
  weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:364)
  at
  weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:252)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:129)

  Glen wrote:
  >
  I just encountered this error and deleted the 'everyone' group as a workaround.We authenticate with LDAP and WL always complained about not finding the group 'everyone'. The app worked fine but I thought I'd be a good guy and add the group to LDAP. Once I did, I got your error.Could the issue be that the 'everyone' group is OK but the permissions on the group deny access? I'm searching BEA to find out the expected permissions when I found your posting.I still need the expected permissions for the 'everyone' group.According to http://www.weblogic.com/docs51/admindocs/ldap.html#changes
  .. you don't need to define the everyone group in any version after WLS 5.0
  because of the introduction of the CachingRealm.