Chuyen Vo vdchuyen

Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers

By default Microsoft active directory servers will offer LDAP connections over unencrypted connections (boo!).

The steps below will create a new self signed certificate appropriate for use with and thus enabling LDAPS for an AD server. Of course the "self-signed" portion of this guide can be swapped out with a real vendor purchased certificate if required.

Steps have been tested successfully with Windows Server 2012R2, but should work with Windows Server 2008 without modification. Will require both a system with OpenSSL (ideally Linux/OSX) and (obviously) a Windows Active Directory server.

Create root certificate
Import root certificate into trusted store of domain controller
Create client certificate

Keybase proof

I hereby claim:

I am vdchuyen on github.
I am vdchuyen (https://keybase.io/vdchuyen) on keybase.
I have a public key whose fingerprint is 5B3A 3124 3D76 875C 16F8 0BE8 525F EB92 9652 9E0E

To claim this, I am signing this object:

Một hôm có chàng trai buồn bã đến gặp vị thiền sư, nói:

Thưa thầy, không biết vì sao dạo này tâm con bất định, suy nghĩ mông lung, không dứt khoát được chuyện gì?

Thiền sư bèn đưa tay giật lấy chiếc điện thoại trong tay chàng trai, chưa kịp nói gì thì chàng trai đã nhanh nhẩu thốt lên, như thể ngộ ra:

Thưa thầy con hiểu rồi. Ý thầy nói con nên dùng Google để tìm hết mọi chân lý cuộc đời chứ gì!

Thiền sư lắc đầu đáp:

Không, con. Ta chỉ muốn bảo con về tháo gỡ ứng dụng Facebook đi mới mong tìm được sự thanh thản và minh triết.

If you have so much money, what will you do ?

Then spend it to live forever, that's seem to be a good idea !

Or jump out from a wall like this

Random thoughts after reading this translation

This incident on Gentoo wiki can happen to anywhere, any systems. This prove one thing: >"Human being is the weakest point in the chain"

Both schools' deans and admission officers told me that being able to speak Chinese is part of their interview process, which is understandable because patients in Hong Kong are mostly Chinese.

link

	#!/usr/bin/python


	import csv
	import requests
	import re
	import time

	URL = 'http://api.hackertarget.com/whois/?q='

	#!/bin/bash

	# As the "bufferbloat" folks have recently re-discovered and/or more widely
	# publicized, congestion avoidance algorithms (such as those found in TCP) do
	# a great job of allowing network endpoints to negotiate transfer rates that
	# maximize a link's bandwidth usage without unduly penalizing any particular
	# stream. This allows bulk transfer streams to use the maximum available
	# bandwidth without affecting the latency of non-bulk (e.g. interactive)
	# streams.

	Firmware Change Log
	[New] Enhanced Auto-TX (MR16/MR66/MR12/MR62/MR11/MR14)
	[New] EoGRE tunneling from AP per SSID
	[New] Enhanced rate adaptation for mesh (MR26/MR34/MR32/MR72)
	[New] CoA support for WPA2 Enterprise and MAC based authentication
	[New] Extract DNS server from both offer and ack for AP management connection
	[New] Distributed Layer 3 roaming will now bind the client broadcast domain session with the client’s DHCP lease time. It will also renew the timer after a later DHCP request/ack.
	[New] Enhanced the BitTorrent UDP detection mechanism
	[Security Fixes] SNMP v1/v2c became enabled with SNMPv3 even if v1/v2c were disabled on dashboard
	[Bug Fixes] LLDP power negotiation occasionally failed (MR42)

	frontend www-https
	bind 0.0.0.0:443
	mode tcp
	tcp-request inspect-delay 5s
	default_backend ssl_default



	backend ssl_default
	mode http