How to enable "Starttls" on sun directory server?

I setup directory server 5.2 on windows XP SP2. using InitialLdapContext of JNDI to connect, the program throws a exception in "StartTlsResponse tls =(StartTlsResponse)ctx.extendedOperation(tldsReq);"
the exception message:
javax.naming.CommunicationException: [LDAP: error code 2 - unsupported extended operation]; remaining name ''
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
     at com.sun.jndi.ldap.LdapCtx.extendedOperation(Unknown Source)
     at javax.naming.ldap.InitialLdapContext.extendedOperation(Unknown Source)
     at LDAPtlsDemo.main(LDAPtlsDemo.java:28)
so i think that the "Starttls" of server is unabled. I have enabled "SSL", and connected ok by using nitialLdapContext of JNDI.
But I can't find the way to enable "Starttls" via the GUI. Please make some help.

To enable the TLS Encryption Cipher
1. Check out the ssl-supported-ciphers property of the server.
$ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
$ dsconf get-server-prop -h host -p port ssl-supported-ciphers
  ssl-supported-ciphers :     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  ssl-supported-ciphers :     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  ssl-supported-ciphers :     TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  ssl-supported-ciphers :     TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  ...Hope this helps,
-Shankar

Similar Messages

  • How to enable FIPS on sunone directory server 6.3?

    Hi all,
    My product needs FIPS certification.
    As part of that we will be connecting to sunone directory server and use it as user store.
    For that i need the steps to enable FIPS on sunone directory server 6.3.
    Has any one done this before?
    Please help me in this.
    Thanks in advance.
    Usha.

    To enable the TLS Encryption Cipher
    1. Check out the ssl-supported-ciphers property of the server.
    $ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
    $ dsconf get-server-prop -h host -p port ssl-supported-ciphers
      ssl-supported-ciphers :     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
      ssl-supported-ciphers :     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
      ssl-supported-ciphers :     TLS_DHE_RSA_WITH_AES_256_CBC_SHA
      ssl-supported-ciphers :     TLS_DHE_DSS_WITH_AES_256_CBC_SHA
      ...Hope this helps,
    -Shankar

  • Installation/Config Problem with Sun Directory Server Control Center (6.0)

    Hi All,
    I have recently attempted an installation of Sun Directory Server EE 6.0 on a x86 Solaris 10 machine.
    I have selected to install Core Directory Server and Sun Directory Server Control Center with my installation.
    After installation, if I check the status of the SUNDSCC, I receive the following message:
    bash-3.00# ./dsccsetup status
    DSCC Application is not installed
    DSCC Agent is registered in Cacao
    DSCC Registry has been created
    Path of DSCC registry is /var/opt/SUNWdsee/dscc6/dcc/ads
    Port of DSCC registry is 3998
    I have also tried to re-start the Sun Java Web Console using the /usr/sbin/smcwebserver start command but that does not do anything.
    If i try to initialize the SUNDSCC usin the ./dsccsetup initialize command, the registry got created, but it still displays as "application not installed".
    I do not understand. I have already installed this application using the JES installer.
    please help!
    Regards,
    Saahil Goel

    I had a similar issue. Here is how I fixed it.
    Run dsccsetup status with the -v option. it will show you where it is trying to find the DSCC Application. Then do a find on your system to see where it is actually installed. Then simply copy it over to where dsccsetup is looking for it. Then do dsccsetup initialize. Below is what it looked like on my system when I did it:
    # ./dsccsetup status -v
    ## /usr/sbin/smreg is present
    ## /usr/sbin/smcwebserver is present
    ## /opt/server/sun/dscc6/dccapp is MISSING
    DSCC Application is not installed
    ## /opt/sun/cacao/bin/cacaoadm is present
    ## /opt/server/sun/dscc6/lib/jar/nquickmodule.jar is present
    ## Running /opt/sun/cacao/bin/cacaoadm list-modules -r
    DSCC Agent is registered in Cacao
    ## Running /opt/sun/cacao/bin/cacaoadm status
    ## Running /opt/sun/cacao/bin/cacaoadm list-modules
    ## Running /opt/sun/cacao/bin/cacaoadm get-param network-bind-address
    ## Running /opt/sun/cacao/bin/cacaoadm get-param jmxmp-connector-port
    ## /opt/server/sun/ds6/bin/dsadm is present
    DSCC Registry has been created
    Path of DSCC registry is /var/opt/sun/dscc6/dcc/ads
    Port of DSCC registry is 3998
    # find / -name dccapp
    /opt/server/dscc6/dccapp
    # cp -R /opt/server/dscc6 /opt/server/sun
    # ./dsccsetup dismantle
    DSCC Application is not registered in Sun Java(TM) Web Console
    Unregistering DSCC Agent from Cacao...
    Deleting DSCC Registry...
    All server registrations will be definitively erased.
    Existing server instances will not be modified.
    Do you really want to delete the DSCC Registry ? [y/n]y
    Server stopped
    DSCC Registry has been deleted successfully
    # ./dsccsetup initialize
    Registering DSCC Application in Sun Java(TM) Web Console
    This operation is going to stop Sun Java(TM) Web Console.
    Do you want to continue ? [y,n] y
    Stopping Sun Java(TM) Web Console...
    Registration is on-going. Please wait...
    DSCC is registered in Sun Java(TM) Web Console
    Restarting Sun Java(TM) Web Console
    Please wait : this may take several seconds...
    Sun Java(TM) Web Console restarted successfully
    Registering DSCC Agent in Cacao...
    Checking Cacao status...
    Deploying DSCC agent in Cacao...
    DSCC agent has been successfully registered in Cacao.
    Choose password for Directory Service Manager:
    Confirm password for Directory Service Manager:
    Creating DSCC registry...
    DSCC Registry has been created successfully
    Hope this helps.

  • Log file size in Sun Directory Server

    Does anyone have an idea about the how the Sun Directory Server's log file size will increase in size with respective to the actions performed?
    Can someone give a data regarding this? If someone has a better scenario and the supportive data w.r.t log file size it will be helpful.
    Thanks,

    AFAIK No its based on time "At a certain time, or after a specified interval, the server rotates your access logs. "
    More info in Archiving Log Files in [http://docs.sun.com/app/docs/doc/820-7985/gczxv?l=en&a=vie]
    It should be easy to write such a script to be run as a daemon in logs directory. Here is the pseudo code :
    while [1]
    do
    get size of the access/error log file
    If size of file > max_size
    <ws-install-dir>/https-<instance>/bin/rotate
    sleep for sometime
    done

  • Sun Directory Server and OID Synchronization

    I'm having a problem with synchronizing OID with our existing Sun Directory Server. This is a one way synchronization, using Sun DS as the source, and OID as the destination. I've successfully installed OID with SSL enabled (this is part of an Oracle Portal installation), and followed what docs I could find. I created an integration profile based off the iPlanet Import profile, and imported a custom mapping profile based off a differing DIT naming convention (o=company.com vs dc=company,dc=com). I have applied an ACI that should allow the synchronization profile user to update entries on the OID side, and a user in Sun DS that has access to the appropriate areas on that side. I was able to successfully bootstrap and import all of our users, and it was also able modify the last changelog number.
    Having said all of that, incremental changes aren't propagating to OID. I'm not sure where to look or what steps to take to troubleshoot this, as I'm brand new to OID. There's an agent execution command that is blank in the integration profile, but according to what I've found that's the default and is acceptable.
    Am I missing a step here? According to the docs, all I need to do is enable the profile, and away it goes.
    One last thing I had to do to overcome an issue with the changelog number not updating was adding our internal root ca's certificate to the local JVM's cacerts file. I accomplished this with the keytool command, and it seemed to work fine. I'm unsure if it's the SSL config that is hosed and is causing this, or if it's a configuration parameter I'm missing.. but I don't have anywhere to start as far as troubleshooting is concerned.

    On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
    You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
    - Brian

  • Sun Directory Server Password Policy Problems

    Hi,
    I am using Sun Directory Server and Sun AM (2005Q1).
    We are using SUN DS to configure the password policy to expire user passwords after 30 days.
    Also, the warning has been set to "one day before expiry". However, when the warning IS displayed to the user and the user changes his/her password on display of the warning, even though the user's password expiration timestamp attribute contains a new timestamp (which is 30 days hence the date of change), on next login user is AGAIN thrown the warning that his/her password will expire in "HH hours: MM mins".
    I do not understand what needs to be done to fix this. Any help would be appreciated.

    How is the user authenticated ? Through Access Manager or directly to the Directory Server ?
    Access Manager can be configured to handle Password expiration, and so can Directory Server. I would advise you to check which system is actually throwing the warning.
    Regards,
    Ludovic

  • Problem with Sun Directory Server 6.0 Console

    Hi,
    I posted same onto wrong forum earlier hope I am in correct place :).
    I have installed Sun Directory server on my Sparc box and now I am unable to start the management console. I followed some instruction on net and it say we have to refister the product using folowing command from dscc6/bin folder for installation
    System SnapShot_
    # ./dsccsetup initialize
    DSCC Application is already registered
    DSCC Agent is already registered
    Choose password for Directory Service Manager:
    Confirm password for Directory Service Manager:
    Creating DSCC registry...
    DSCC Registry has been created successfully
    *and it suppose to be started on https://Ip_address:6789 but its not. Can any one please tell me how to start the admn console to manage my directory server effectively.
    Note: I have already started the instance I have created during the installation using slapd-start script and its running successfully.
    Thanks,
    Sheeraz

    NOOOOO :( ..... Now i can see the login page.,.. Thanks mate.... Now when I am trying to log in using the UserName and Password I have supplied during the installation process (Sun Directory Server) it says Authentication failed.????
    This looks like a general webconsole... do I need to provide an specific URL for diretory server page ?????

  • Add a posixaccount user in posixgroup in sun directory server using java

    Hi
    Anybody now how to add posixaccount user in posixgroup in sun directory server using java code.
    I am able to add normal directory server user in ldap group in java.
    But i am getting any luck to add posixaccount user in posixgroup.
    I know we can set uid value in memberuid attribute but how to add through java program.
    Anybody can paste code for that.
    Thanks.

    To CRabel,
    My company have restriction on using the open sources product/code, but i will take a look on netscape ldap sdk as a reference~
    To raghu1978 ,
    i find a product call Directory Editor 1 2005Q1, I hope it is useful.
    thz all~

  • Sun Directory Server Installation

    Hi all,
    I am a student in a Computer Science degree and as my project i am designing a web application that allows users to exchange ideas through a "messaging" system.
    After discussion with my tutors we have come up with a design idea that we would use an LDAP server to authenticate users as well as keep message details such as Topic, message header, etc. The actual body of the msg should be kept in a separate database.
    To the point....
    It has been suggested that i use the Sun Java System Directory Server 5.2 for this project and i was also given a compressed installation package. I have tried to install this and received error msgs similar to the ones i have found others have had in this forum.
    For example topics:
    1. Forums - Directory Server configuration issues in Windows
    2. Forums - Install failed on Windows XP
    I am using windows XP and from what i have read although it is not supported some people have managed to get this to work. Also i read that maybe Studio enterprise might solve this issue or provide some support?
    Is this true and if so can someone give me some guidance on how to achieve this?
    Also i would appreciate your opinion on wether this design approach( LDAP for authentication and database for store) is feasible or technicaly "correct" and maybe suggestions to a different approach....

    I think that its never a bad idea to get acquainted with something like the Sun Directory Server although I'm not sure that means that one HAS to use it in a project.
    The DS can be a pain to get up but for the most part if you get the latest DS5.2 Q4 or something...most installations go smoothly. If it was me I would just chuck every thing about the convo into the directory but I'm sure that there's a reason that you want to use the DS in conjuction with other storage DBs.
    I don't think you need to get Studio enterprise. I was able to get it up and running all by itself on windows. After I installed it I jsut made sure to remember the two random ports it picks up for Admin and DS ldap usage. Also I changed the password expiry time of the account that is used by the Admin console.
    GLuck with this.
    Cheers,
    - Pulkit

  • Sun Directory Server role support?

    I would like to set up roles in the sun directory and use the identity manager in the future. Does identity manager support the role mechanism used by Sun directory server 5.2 and above? Are there any inconsistencies that I should be aware of?
    Also, AFIAK Active Directory does not support multi-valued DN's as attribute values. If I use identity manager to sync Sun DS with AD will user entries with multiple Sun DS roles become a problem?

    We are in intial stages of design. Yes that was the goal to take the roles from Sun DS and use them in AD by way of identity manager. I am new to identity manager, so there may be a mapping instead of a direct push.
    The Sun DS roles are operational attributes and I am not sure how identity manager sees them or supports them. I guess if it can see tham then it can map them to anything.

  • Error while migrating to Sun Directory Server 6.0

    Hi All,
    I am trying to migrate the Sun One Directory Server 5.2 to Sun Directory Server 6.0. I am getting the following error
    bash-3.2# ./dsmig migrate-config /var/Sun/mps/slapd-circb2bld3/ /var/SunDirectoryServer6.0/dsInst/
    Launching Configuration Migration of server instance /var/Sun/mps/slapd-circb2bld3 .....
    Enter the certificate database password:
    Starting server instance /var/SunDirectoryServer6.0/dsInst ..... Instance /var/SunDirectoryServer6.0/dsInst is already running (ns-slapd pid is 3868)
    Enter "cn=Directory Manager" password:
    Connecting to server localhost:389 .....
    Could not bind securely on "localhost:389".
    Remote host closed connection during handshake
    Details: SSL peer shut down incorrectly
    Could not create context for configuration migration.
    Operation "migrate-config" failed.
    Please help me.

    Please stop
    The migration guide has step by step instructions, including command line examples, are you using that as your reference?
    Your upgrade should be to (at a minimum) DSEE 6.3.1.1.1. Upgrading to 6.0 is upgrading to a release level that has no patches or fixes to the product. There are significant fixes to the migration command line tools. There is a good chance you will run into issues.
    You should install and review migration to ODSEE 11.1.1.7.0 (which would effectively be the 7.2 release of the DS).
    There is a specific guide for migration and upgrade, which includes migration from DS 5.2 to 11.x
    The full documentation collection for 11.1.1.7.0 is here
    http://docs.oracle.com/cd/E29127_01/index.htm
    The specific migration guide is here
    http://docs.oracle.com/cd/E29127_01/doc.111170/e28971/toc.htm
    See: Part II Migrating from ODSEE 5.2 to ODSEE 11g Release 1 (11.1.1.7.0)
    ODSEE 11.1.1.7.0 can be downloaded from here.
    http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html

  • Provisioning Sun directory Server to a User in OIM

    I am learning a OIM tool since 2 months, I could not able to do provisioning sun directory server to a user in OIM, the error is I am not getting the value for Organization DN. I am using ODSEE 11.1.1.5.0 and OIM 11.1.1.5.0. I have followed below steps
    1. Copy Connector and External Code Files.
    2. Configure Oracle Identity Manager Server.
    3. Import an Oracle Identity Manager Connector.
    4. Define an IT Resource.
    5. Create a User.
    6. Assign the Connector to a User.
    Please anyone suggest me solution for this problem.

    Hi,
    You need to run organization lookup reconciliation first then select value in the process form.
    If you are getting particular error, paste error messages from console?
    Regards,
    Raghav.

  • Migration from iplanet webserver to Sun Directory Server

    Hi,
    I have Oracle Iplanet WebServer Enterprise edition V6.0 SP2 in my dev environment. I would want to migrate the system to Sun Java System Directory Server V6.0. I have looked up the migration guide for Sun DS V6.0. But i could not find any reference to Iplanet WebServers.
    Can anybody please let me know the migration procedure for migrating from Iplanet Server to Sun Directory server.
    Any help would be appreicated
    Thank you
    Nowfal

    Please ignore this question since we have dropped the plan to migrate, instead set a new DS instance from the beginning

  • Error while starting Sun Directory Server 6.0

    Hello,
    I recently migrated from Sun Directory Server 5.2 to Sun Directory Server 6.0. I am trying to start the server. I get the following error
    bash-3.2# ./start-slapd
    Enter PIN for Internal (Software) Token:
    Enter PIN for Internal (Software) Token:
    [29/Mar/2013:11:39:47 -0400] - ERROR<4780> - SSL - conn=-1 op=-1 msgId=-1 - Security Initialization: Unable to authenticate to slot for cipher family cn=RSA,cn=encryption,cn=config ( error -8177 - The security password entered is incorrect. )
    Server not running!! Failed to start ns-slapd process.
    Please help me here. I dont know the PIN for Internal (Software) Token. Please help.

    Hi,
    it seems you're trying to start an instance which is configured for SSL, so at startup time, it's asking the default keystore password to access the internal security certificate/device.
    You should know that password.
    Thanks,
    Marco

  • Sun Directory Server on Windows Vista

    Hi All,
    Has anyone successfully installed Sun Directory Server 6.x on Windows Vista?
    Cheers
    Sunny
    Edited by: sunnyajmera on May 30, 2009 8:59 AM

    Hi,
    I tried installing Directory server 5.2 on Vista but it didn't work. Don't know about Directory Server 6.x

Maybe you are looking for

  • Creation of a procedure

    hi all, I have a text file called abc.txt which consits of the following data 001~ joshi (i.e account number and name - tilda seperated list). I have a table called abc which consits of two cols. acc_no and acc_name. My table consists of some data. N

  • Exporting BO XI WebI Reports - How to

    Hello, I'm quite green when it comes to BO & Reporting, I would appreciate as many details as you can muster.  My goal is to send a Web Intelligence report using the scheduling system to a Web server (SharePoint).  I assume exporting the WebI report

  • Servlet applet  : ClassNotFoundException

    i m using jrun for testing servlet i have created a servlet and it prints the following out.println("<html>"); out.println("<body>"); out.println("<applet code=\"MyApplet\" width=\"200\" height=\"200\"></applet>"); out.println("</body>"); out.println

  • How do i set up an ethernet printer

    how do i set up an ethernet printer

  • Glassfish 3.1 Container managed security - custom authentication

    I have used custom authentication with tomcat and it works great. I am moving to glassfish 3.1 and want to set it up there now. I haven't found any specifics for glassfish 3.1. Anybody got it working in GF 3.1? Thanks, John