Tag Archives: URI
Andrea Veri: Setting up your SSL certificates on OpenLDAP by using a Mozilla NSS database
I’ve recently spent some time setting up TLS/SSL encryption (SSSD won’t send a password in clear text when an user will try to authenticate against your LDAP server) on an OpenLDAP istance and as you may know the only way for doing that on a RHEL / CentOS environment is dealing with a Mozilla NSS database (which is, in fact, a SQLite database). I’ve been reading all the man pages of the relevant tools available to manipulate Mozilla NSS databases and I thought I would have shared the whole procedure and commands I used to achieve my goal. Even if you aren’t running an RPM based system you can opt to use a Mozilla NSS database to store your certificates as your preferred setup.
On the LDAP (SLAPD) server
Re-create *.db files
mkdir /etc/openldap/certs
modutil -create -dbdir /etc/openldap/certs
Setup a CA Certificate
certutil -d /etc/openldap/certs -A -n “My CA Certificate” -t TCu,Cu,Tuw -a -i /etc/openldap/cacerts/ca.pem
where ca.pem should be your CA’s certificate file.
Remove the password from the Database
modutil -dbdir /etc/openldap/certs -changepw ‘NSS Certificate DB’
Creates the .p12 file and imports it on the Database
openssl pkcs12 -inkey domain.org.key -in domain.org.crt -export -out domain.org.p12 -nodes -name ‘LDAP-Certificate’
pk12util -i domain.org.p12 -d /etc/openldap/certs
where domain.org.key and domain.org.crt are the names of the certificates you previously created at your CA’s website.
List all the certificates on the database and make sure all the informations are correct
certutil -d /etc/openldap/certs -L
Configure /etc/openldap/slapd.conf and make sure the TLSCACertificatePath points to your Mozilla NSS database
TLSCACertificateFile /etc/openldap/cacerts/ca.pem
TLSCACertificatePath /etc/openldap/certs/
TLSCertificateFile LDAP-Certificate
Additional commands
Modify the trust flags if necessary
certutil -d /etc/openldap/certs -M -n “My CA Certificate” -t “TCu,Cu,Tuw”
Delete a certificate from the database
certutil -d /etc/openldap/certs -D -n “My LDAP Certificate”
On the clients (nslcd uses ldap.conf while sssd uses /etc/sssd/sssd.conf)
On /etc/openldap/ldap.conf
BASE dc=domain,dc=org
URI ldaps://ldap.domain.orgTLS_CACERTDIR /etc/openldap/certs
TLS_REQCERT allow
On /etc/sssd/sssd.conf
ldap_tls_reqcert = allow
ldap_uri = ldaps://ldap.domain.org
How to test the whole setup
ldapsearch -x -b 'dc=domain,dc=org' -D "cn=Manager,dc=domain,dc=org" '(objectclass=*)' -H ldaps://ldap.domain.org -W -v
Troubleshooting
If anything goes wrong you can run SLAPD with the following args for its debug mode:
/usr/sbin/slapd -d 256 -f /etc/openldap/slapd.conf -h “ldaps:/// ldap:///”
Ubuntu Ohio – Burning Circle: Burning Circle Episode 108
This week’s episode mentions new agreements entered into by Canonical, notes that we are roughly one month away from the release of the Raring Ringtail, and poses a new question for Vox Pop. The question posed for the week of March 25th is: “Are you ready for Raring Ringtail‘s release in about a month?” To call in, you can use a normal telephone within our great Buckeye State and call 1-206-299-2120 and then enter extension 1580. If you feel brave enough to use a SIP client, you can also use this magic URI: sip:1580@sip.sdf.org. Examples of what calling sounds like using Twinkle are also provided in this episode.
Download here (MP3) (ogg) (FLAC), or subscribe to the podcast (MP3) to have episodes delivered to your media player. We suggest subscribing by way of a service like gpodder.net.
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/.
EA's Origin has an Exploit, Leaving Gamers Vulnerable to Hackers
The ability to infiltrate a remote computer via uniform resource identifiers (URI) exploits is nothing new, per se. A hacker gets someone to click on a link, which actually opens up the victim’s system to the infiltration of malware. But as reported by Ars Technica, research group ReVuln has found a potentially dangerous URI exploit within EA’s Origin client which could leave as many as 40 million gamers vulnerable.
The ReVuln team gave a presentation last week at the Black Hat security conference in Amsterdam. Apparently, getting someone to click on an “origin://” prefixed link is all it takes, as the Origin client then downloads a dynamic link library file to the victim’s computer. The ReVuln team has also released a paper, detailing the exploit, which mentions a similar vulnerability discovered in Valve’s Steam platform last year.
Ubuntu Ohio – Burning Circle: Burning Circle Episode 107
As to Burning Circle 106, we believe it was trapped in another dimension due to problems with an Oscillation Overthruster captured by Yoyodyne Propulsion Systems. We apologize for any disruption this causes. Check with some guy named Lord John Whorfin
This week’s episode brings the result of our first Vox Pop call-in question. That question was: “Which flavor of Ubuntu do you favor and why?” Our question for the week ahead is: “Which do you rely on more? A long-term support release or the releases that come out every six months?”
To call in, you can use a normal telephone within our great Buckeye State and call 1-206-299-2120 and then enter extension 1580. If you feel brave enough to use a SIP client, you can also use this magic URI: sip:1580@sip.sdf.org. A selection of answers will be aired next week.
Download here (MP3) (ogg) (FLAC), or subscribe to the podcast (MP3) to have episodes delivered to your media player. We suggest subscribing by way of a service like gpodder.net.
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/.
Uranium Resources Provides Full Year 2012 Review and Outlines Near-Term Initiatives
By Business Wirevia The Motley Fool
Filed under: Investing
Uranium Resources Provides Full Year 2012 Review and Outlines Near-Term Initiatives
LEWISVILLE, Texas–(BUSINESS WIRE)– Uranium Resources, Inc. (NAS: URRE) (“URI” or the “Company”) today provided an update on the Company’s activities and financials through December 31, 2012, as well as its strategy and outlook.
Key 2012 and Recent Accomplishments
- Acquired Neutron Energy, Inc. (“Neutron”) in August 2012, adding over 50 million pounds of mineralized uranium material.
- Substantiated financial and environmental viability of the Churchrock Section 8 Project.
- Achieved an agreement with the Navajo Nation for temporary access to Section 8. First step taken in addressing legacy issues surrounding uranium mining in New Mexico.
- Expanded and extended its South Texas exploration agreement with a subsidiary of Cameco Corporation (NYS: CCJ) .
- Recapitalized through a $5 million bridge loan facility with Resource Capital Fund V L.P. (“RCF”), a shareholder rights offering (“Rights Offering“) and the pending release of $4.5 million back to URI after securing new surety bonds.
- Regained compliance with NASDAQ listing standards.
- Named Christopher M. Jones as President and CEO effective April 1, 2013.
“We continue to forge ahead and have made sustained progress so far in 2013,” stated Terence J. Cryan, Interim President and CEO of URI. “In 2012, we expanded our asset base through the acquisition of Neutron which represented a significant consolidation of uranium properties in New Mexico and positioned URI as one of the largest U.S.-based uranium development companies. A number of key steps relating to our Churchrock Section 8 project were also taken. We reached an agreement with the Navajo Nation regarding temporary access, a significant first step in an effort to reach a comprehensive agreement and as important, indicated the willingness of both parties to reach a mutually beneficial, long-term solution. There were two Section 8 property studies completed, the feasibility study and the groundwater study, which substantiated the technical and economic viability of the project, as well as the environmental safety of in-situ recovery (ISR) mining at Section 8. These are measurable steps forward as we work to realize our goal of producing uranium in …read more
Source: FULL ARTICLE at DailyFinance
Uranium Resources Appoints Christopher M. Jones as President and CEO
By Business Wirevia The Motley Fool
Filed under: Investing
Uranium Resources Appoints Christopher M. Jones as President and CEO
Mr. Jones has more than 30 years experience in leading various mining and production operations, as well as exploration and development projects
LEWISVILLE, Texas–(BUSINESS WIRE)– Uranium Resources, Inc. (NAS: URRE) (URI), today announced that its Board of Directors has appointed Christopher M. Jones, P.E., as President and CEO effective April 1, 2013.
Paul K. Willmott, Chairman of the Board of URI, stated, “Chris has a solid history of success leading various mining and production operations, as well as exploration and development projects. We believe his extensive experience and leadership skills will be well applied in our efforts to bring Churchrock Section 8 to production, position our South Texas operations for a return to production and prudently manage our capital while he moves URI forward.”
Mr. Jones has more than 30 years experience in the mining industry and was most recently President and CEO of Wildcat Silver Corporation, where he and his team effectively doubled the size of the resource twice using older, proven metallurgical technologies. Prior to that, he was the Chief Operating Officer and the Mining General Manger at Albian Sands Energy. Mr. Jones also held management positions at RAG Coal West Inc., Phelps Dodge Sierrita Corp. and Cyprus Amax Coal Company. He is a member of the American Institute of Mining, Metallurgical, and Petroleum Engineers and is a Professional Engineer registered in Utah and Alberta. Mr. Jones received a Bachelor of Science in Mining Engineering at the South Dakota School of Mines and an MBA from Colorado State University.
Terence J. Cryan, Interim President and CEO, noted, “We were very deliberate in our search process to find a candidate with the experience and know-how to streamline and focus our efforts in order to meet significant milestones in 2013. These include reducing our cash burn rate, resolving the access issues at Churchrock Section 8, addressing the royalty issue on the same property, negotiating an improved supply contract for our Texas production, readying our Kingsville Dome processing facility for production by completing the pond project, and supporting our exploration joint venture with Cameco. We were fortunate to find Chris to fill this role.”
About Uranium Resources, Inc.
Uranium Resources Inc. explores for, develops …read more
Source: FULL ARTICLE at DailyFinance
Ahmed Kamal: Bash script self-updates from github
Recently the systems engineering team @ Cloud9ers ($dayjob) has been busy building the infrastructure for a very ambitious and large scale project for one of our customers. The project involves tons of distributed programming besides lots of systems work as well. I’d like to share with the community a small tidbit of information. It’s often some small things the one sometimes gives a moment to admire, and hereby share!
The problem
- We are building a private cloud. Ubuntu server instances running on that are cloned from a master template
- While most clouds provide what I call “Instance Identity” information through some pre-known web service URI, in our case we utilize VMware’s “Invoke-VMScript” API to run scripts inside the cloned template, thus customizing it and giving it its identity, then puppet takes it from there. Note that we’re using a simple vCenter+ESXi (no vCloud stuff here) no shared storage even!
Ok the real problem
- Editing the template, and publishing it across the cloud (a topic for another post) takes considerable time! I wanted a way to be able to quickly update my identity scripts without having to re-build and re-publish images
Solution
- A script with a trivially simple (thus mostly fixed) “bootstrap” section, which auto-updates itself from github and relaunches its-new-self!
Code
Nothing ground breaking, but still a cool trick eh! Yeah I could have added a broken this into multiple scripts and maybe run-parts them. Of-course this script is quite basic, but it’s meant to remain that way since the heavy lifting is puppet’s responsibility!
Note: To run this successfully the user this is run under, should have passwordless sudo rights to run “ip” and to run “itself” 🙂 Got cool ideas, thoughts or comments? Leave me a message
Note: To run this successfully the user this is run under, should have passwordless sudo rights to run “ip” and to run “itself” 🙂 Got cool ideas, thoughts or comments? Leave me a message
Washington Trust Promotes DiSanto to EVP, Human Resources
By Business Wirevia The Motley Fool
Filed under: Investing
Washington Trust Promotes
DiSanto to EVP, Human Resources
WESTERLY, R.I.–(BUSINESS WIRE)– Washington Trust has announced that Kristen L. DiSanto, of South Kingstown, has been appointed Executive Vice President of Human Resources. DiSanto is responsible for leading all human resources functions, including staffing, training, organizational development and employee relations. In addition, she assists the board with executive compensation matters and SEC disclosures.
Kristen DiSanto, a URI alum, has worked for Washington Trust since 1994. She previously served Senior Vice President of Human Resources. (Photo: Business Wire)
DiSanto joined Washington Trust in 1994, and most recently served as Senior Vice President. A graduate of the University of Rhode Island, DiSanto has a Bachelor of Arts in speech communication. She is also a member of the Society for Human Resource Management and a graduate of Leadership Rhode Island. DiSanto serves on the legislative committee of the Rhode Island Business Group on Health, on the finance committee of Saint Elizabeth Community and as the Personnel Committee of the Ocean Community YMCA.
Founded in 1800, Washington Trust is the largest independent bank headquartered in Rhode Island and the oldest community Bank in the nation. Washington Trust provides commercial banking, small business banking, personal banking, mortgage banking, and wealth management and trust services to individuals and institutions throughout the Northeast. Our Commercial Banking Group offers a full line of commercial and industrial lending, commercial real estate, and cash management services to borrowers throughout the Northeast. Washington Trust is an SBA preferred lender. Our team of experienced professionals are dedicated to providing customized, comprehensive financing and personalized services. The Washington Trust Company is a subsidiary of Washington Trust Bancorp, Inc., (NASDAQ Global Select, symbol: WASH).
Photos/Multimedia Gallery Available: http://www.businesswire.com/multimedia/home/20130306006452/en/
Washington Trust
Elizabeth B. Eckel, 401-348-1309
SVP Marketing
ebeckel@washtrust.com
KEYWORDS: United States North America Rhode Island
INDUSTRY KEYWORDS:
The article Washington Trust Promotes DiSanto to EVP, Human Resources originally appeared on Fool.com.
Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights …read more
Source: FULL ARTICLE at DailyFinance