Just a quick post on filtering outbound OSPF advertisements. I had some struggle with this config today.
config router prefix-list
set prefix 10.10.0.0 255.255.0.0
set prefix 10.20.0.0 255.255.0.0
set action deny
set prefix any
config router ospf
set router-id 22.214.171.124
set list “filter-outbound”
set direction out
Like a said: a quick-and-dirty note
I just received the following interesting question:
What happens if our eSafe license expires?……Because it expires this weekend!!!!!!!!
Interesting question, because I never encountered such a situation. Normally the license is renewed in a timely fashion or a trial is stopped before the license expires. I searched the Knowledge Base from eSafe and found an article. This article tells the following:
Evaluation license: when an evaluation license expires, eSafe allows all traffic to pass through without any scanning at all.
Registered license: when a registered license expires, eSafe scans and blocks traffic, but stops receiving updates. Important note: if there are any licensed add-on’s installed (URL filter, Advanced Anti-Spam), they will stop functioning after the registered license expires.
While configuring a LDAP mapping for a RSA Authentication Manager 6.1 with an Active Directory Domain Controller, I received the following error while running the Synchronisation task
c:\RSA\prog\sdldapsync.exe -j 102
“[LDAP search] Search failed (check Base DN)”
At first I thought about a typo while configuring the Synchronisation task. To test the LDAP connection with the domain controller I installed Softerra’s LDAP Browser. With this tool the LDAP connection is working perfectly when using the same credentials, BaseDN and LDAP Query Filter.
After searching the internet I found the MaxPageSize issue in Windows. I reported the same issue in a blog about eSafe and LDAP. When running the sdaceldap command you can see that the MaxPageSize is reached by the LDAP query.
Correct usage: sdaceldap <-h hostname> <-p port> [-b basedn] [-s scope] [-d import|compare] [-o output file] [-m schema map file] <-D binddn -w passwd> <-Z -P path> filter
C:\RSA\utils\toolkit>sdaceldap.exe -h 10.1.1.100 -p 389 -b ou=Users,dc=booches,=nl -s sub -d import -o AD_Users.csv -m active.map -D SA_LDAP@booches.nl -w LDAP_passwd “objectclass=user”
Distinguished Name: ou=Users,dc=booches,dc=nl
Output Filename: AD_Users.csv
ldap_search_s Sizelimit exceeded
The output shows that the Sizelimit is exceeded. I find a tool on the internet which can be used to retrieve the MaxPageSize from a Windows machine. This tool is called AdFind.
Executing this tool on the Domain Controller tells me the MaxPageSize is set to 2000.
c:>adfind -e -config -f “&(objectcategory=querypolicy)(name=default quer
y policy)” ldapadminlimits
AdFind V01.37.00cpp Joe Richards (email@example.com) June 2007
Using server: dc01.booches.nl:389
Directory: Windows Server 2003
Base DN: CN=Configuration,DC=booches,DC=nl
dn:CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,
1 Objects returned
To minimize the number of objects that are returned in a single search I configured a LDAP Query Filter, which is shown below:
or the equivalent
This query has the following properties. The object should have the objectClasses user AND person AND the account should NOT be disabled AND should not contain the objectClass computer. This already excludes some objects, like workstations and servers.