LDAP Authenticaation for CUP
Hi Experts ,
I would like to know more about different User Authentication sources that could be in CUP.
Is it possible to skip the authentications like LDAP / UME / SAP provided by CUP & configure ESO authentication..
Regards,
Shailesh
Edited by: Shailesh Deshpande on Jan 13, 2009 1:32 PM
Edited by: Shailesh Deshpande on Jan 14, 2009 6:42 AM
Hi Shailesh,
What do you want to know about User Authentication sources? Can you be more specific?
The authentication shceme in CUP is only being used for End Users (Requesters). You can use SAP R/3, UME, HR, LDAP etc to authenticate users.
I am sorry but I don't know about ESO authentication. CUP supports only some of the authentication schemes out of the box but you can use other authentication schemes via UME.
Set up UME to talk to other authentication schemes (BASIS person should be able to do this) and set up UME as authentication scheme in CUP.
Regards,
Alpesh
Similar Messages
-
Error while doing the Ldap sync for UDFs
Hi All,
I am doing LDAP sync for UDFs,
Created users in OID.
assigned to orclIDXPerson object modified the ldapconfig.props and created the input file.
Now I am running the ldapsyncudf.sh then I getting the below error.
Exception in thread "main" java.lang.NullPointerException
at oracle.ods.virtualization.schema.AttributeTypeDefinition.getOID(AttributeTypeDefinition.java:117)
at oracle.ods.virtualization.jndi.OVDSchemaContext.convertAttrDefnToJNDIAttrs(OVDSchemaContext.java:655)
at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:137)
at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:109)
at oracle.iam.configservice.impl.LDAPUDFSyncImpl.isAttrExistsInLDAP(LDAPUDFSyncImpl.java:555)
at oracle.iam.configservice.impl.LDAPUDFSyncImpl.validateOVDSchema(LDAPUDFSyncImpl.java:519)
at oracle.iam.configservice.impl.LDAPUDFSyncImpl.addUDFwithLDAP(LDAPUDFSyncImpl.java:1082)
at oracle.iam.configservice.api.LDAPUDFSyncEJB.addUDFwithLDAPx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy631.addUDFwithLDAPx(Unknown Source)
can anyone please unblock me.
Thanks,
ValliHi,
Please see if these help (for 11gR2)
Export the LDAPUser.xml file from MDS using weblogicExportMetatdata.bat. This xml contains the attributes mapping between OIM and OID for LDAP synchronization.
Include the entry for OIM attribute (if entry does not exist for the attribute in the XML) under entity-attributes node. For e.g. use the following xml snippet to add the entry for ISD Code for Phone attribute
<entity-attributes><attribute name=”ISD Code for Phone”> <type>string</type> <required>false</required> <attribute-group>Extended </attribute-group> <searchable>true</searchable> </attribute> </entity-attributes>
Include the entry for OID attribute under target-fields node. For e.g. use the following xml snippet to add the entry for CountryCode
<target-fields><field name=”CountryCode”><type>String</type> <required>false</required> </target-fields>
Now map the OIM attribute with the OID attribute using the following xml snippet under attribute-maps node
<attribute-maps><attribute-map> <entity-attribute> ISD Code for Phone </entity-attribute> <target-field>CountryCode</target-field> </attribute-map></attribute-maps>
Save the changes and import the file back into MDS using WebLogic import utilities. -
Where can I find an LDAP Editory for Open LDAP
where can I find an LDAP Editory for Open LDAP... i was using LDAP Editor but it does seem to work any more... where can I find a free download for the LDAP editor for windows...
I put in the following info in the connection section for the
lDAPbrowser but am not able to connect to the server. I get error
saying Failed to connect to ldap://165.252.58.78:389/
Host: 165.252.58.78
Port: 389
Version: 3
Base DN: what do I put here
and do I select SSL
or Anoymous bind
User Info
User DN: what do I put here
and
I am connecting to ldap through my app with the following criteria:
url=ldap://165.252.58.78:389/
ldapHost=165.252.58.78
ldapPort=389
ldapVersion=LDAPConnection.LDAP_V3
ldaploginDN=cn=Manager,dc=accuserverx,dc=com
ldappassword=password -
LDAP realm for authentication and ACL in Database
We are thinking of using LDAP realm for authentication and we want to use ACL from a Database. But the documentation says: "WebLogic Server defers to the LDAP realm for authentication, but not for authorization. Authorization is accomplished with access control lists (ACLs), which are defined in the weblogic.properties file"
Can we use LDAP realm for authentication and manage our ACL from a Database? or do we have to use the weblogic.properties file? Do the weblogic security API help in the above scenario? Thanks RamUnfortunately, there is no easy way to do this in wls 6.0.
The only way to handle it is to write your own custom realm
that uses ldap for users and groups and a database for acls -
probably not a viable alternative.
-Tom
"kevin doherty" <[email protected]> wrote:
>
Jeffrey Hirsch <[email protected]> wrote:
You should be able to use the DelegatedRealm interface to utilize the authentication methods from LDAP and the authorization methods from RDBMSRealm...
I'm trying to do this too, but we are using WL6 and I see that the DelegatedRealm interface has been deprecated in this version. I'd greatly appreciate more information on doing this in WL6.
Thanks!
-kd -
LDAP Configuration for ECC 6.0 ( ABAP Stack only)
Hi,
Can any one guide me with the steps for the LDAP Configuration for ECC 6.0 ( Abap stack only).
Some of my observations are....
I can see the LDAP Support in the Installation master at the following path.
1. Additional Software Life cycle Tasks --> Application Server --> LDAP Support.
But the prerequisites for this task is given as "You must have extended the LDAP schema for the sap data types before.".
When i am goint thru service market place i came across the following note.
Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT.
Thanks,
TanujDear All,
We are trying to configure the LDAP using with active directory . In the
step of "Synchronization of SAP User Administration with LDAP
Directory"when executing the report"RSLDAPSYNC_USER" we are facing one
error.
Please find the trace file and error screenshot in the attachment.Please help us on
priority.
Please find the Trace log in the below:
RFC destination : LDAP_LDAPSE-01
Tracelevel : 8,704
F5: Shutdown F6: Clear list F7: Dump status F8: Refresh list
[Wed Jun 26 11:15:38 2013]
Slot 0 (WIPROTECH): >>> ldap_initU(host="abg-mumabc-dc1.abgplanet.abg.com", port=389)
[Wed Jun 26 11:15:39 2013]
Slot 0 (WIPROTECH): <<< ldap_initU() == <NOT NULL> := connected
Slot 0 (WIPROTECH): >>> ldap_set_option(version=3)
Slot 0 (WIPROTECH): <<< ldap_set_option() == 0
Slot 0 (WIPROTECH): >>> ldap_simple_bind_sU(dn="poornataad", password: not initial)
[Wed Jun 26 11:15:40 2013]
Slot 0 (WIPROTECH): <<< ldap_simple_bind_sU() == 0 := success
[Wed Jun 26 11:15:43 2013]
>>>>Required attributes table
Line 0: "CREATETIMESTAMP" (length 15)
Line 1: "MODIFYTIMESTAMP" (length 15)
Line 2: "SAPUSERNAME" (length 11)
<<<<Required attributes table
Slot 0 (WIPROTECH): >>> ldap_search_sU(base="CN=poornataad,CN=Users,DN=abgplanet,DC=abg,DC=com", filter="(&(OBJECTCLASS=user)(SAPUSERNAME=*))", scope=2)
Slot 0 (WIPROTECH): <<< ldap_search_sU() == 91
>>> ldap_msgfree()
<<< ldap_msgfree()
Slot 0 (WIPROTECH): >>> ldap_unbind_s()
Slot 0 (WIPROTECH): <<< ldap_unbind_s() == 0
Please find the error screenshot in the below.
Regards,
Dilip Sampath.CH
+91-9619735957. -
LDAP Connector in CUP . No LDAPS? Surely not?
Hi all,
I have the LDAP Connector in CUP sucessfully binding to an Active Directory over port 389. It's now time to switch to LDAPS/SSl over port 636..but I have read on this forum that CUP does not support LDAPS connections. Surely this cannot be true???? No company in their right mind would allow an unencrypted connection to their Production AD/LDAP.
And I can't use the UME to connect to AD over LDAPS as this is already configured as an ABAP dataSource so cannot be switched (according to SAP and the customer).
Regards
DanielFound the OSS note saying it is not supported. Hard to believe.
-
Using external LDAP server for WL JNDI lookups
I'm trying to find out if it is possible to re-direct JNDI calls to the WL
server to an external LDAP server. I know you can install an external LDAP
server for security purposes, but I would like to use an external LDAP
server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
Is this possible?You typically need to use our JNDI store. We strongly recommend this for
performance reasons..
You can use the JNDI To LDAP bridge which is available from the sun web
site.
Michael Girdley
BEA Systems Inc
"Jack Archer" <[email protected]> wrote in message
news:[email protected]..
I'm trying to find out if it is possible to re-direct JNDI calls to the WL
server to an external LDAP server. I know you can install an external LDAP
server for security purposes, but I would like to use an external LDAP
server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
Is this possible? -
Use of Lotus LDAP server for WLP 7 - LDAP experts ?
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
I connect my portal to the Domino LDAP, User and Groups are working
fine, but the membership of a user to a group is not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
"user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn="
Any help would be appreciate, because I just don't where to look for.
JP"JP" <[email protected]> wrote in message news:[email protected]..
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
I connect my portal to the Domino LDAP, User and Groups are working
fine, but the membership of a user to a group is not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
"user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn="
Any help would be appreciate, because I just don't where to look for.
Try setting the com.netscape.ldap.trace property.
\* When -D command line option is used, defining the property with
* no value will send the trace output to the standard error. If the
* value is defined, it is assumed to be the name of an output file.
* If the file name is prefixed with a '+' character, the file is
* opened in append mode.
This will create a ldap trace file of the requests that WLS is making on the
LDAP server. You can then see
where the filters are not returning the correct value for the group
membership. -
Use of Lotus LDAP server for WLP 7 - LDAP experts required
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
User and Groups are working fine, the membership of a user to a group is
not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn=
I know that this LDAP server supported, but id it could work at least
for some time, that would be great !
thanks for your help,
JP"JP" <[email protected]> wrote in message news:[email protected]..
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
I connect my portal to the Domino LDAP, User and Groups are working
fine, but the membership of a user to a group is not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
"user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn="
Any help would be appreciate, because I just don't where to look for.
Try setting the com.netscape.ldap.trace property.
\* When -D command line option is used, defining the property with
* no value will send the trace output to the standard error. If the
* value is defined, it is assumed to be the name of an output file.
* If the file name is prefixed with a '+' character, the file is
* opened in append mode.
This will create a ldap trace file of the requests that WLS is making on the
LDAP server. You can then see
where the filters are not returning the correct value for the group
membership. -
X.509 PKI LDAP Schema for OID
Hi,
my question is about availability X.509 PKI LDAP Schema for OID. Does anyone know if it is possible to import already predefined schema into OID?
Is it neccessary to folow RFC2587 and define the schema by hand?
Any response and advice appreciated.
Petr
P.S.
I am quite new in the area of OID so some my questions may seem incomrehensible.Hello Petr:
You most certainly can load your own custom schema items into OiD. A few things to keep in mind when you do this.
Make sure you load the attributes first.
Then your objectclasses.
Then your Catolog/indexes if you have any.
Then load your directory entries.
And last load any ACI's you may have.
If you give me a few of your schema definitions I would be happy to give you an example of how to do this.
There are many PKI venders out there and not all of them store certificates the same way. Some use standard schema attributes and others add their own custom attribute. -
LDAP client for solaris 9 with ds5.2 on other box
Hi
I have ds5.2 installed on Box1. I am trying to configure ldapclient on solaris 9 box. I want this to point to existing ldap server for authentication. Sun documentation is not clear about how to do that ? as some of the switches mentioned with ldapclient doesn't work. Most of the solutions I saw are on integrated solaris 9 ds server configuration. e.g idsconfig etc. I am not finding how to do basic authentication of solaris9 cient with any ldap server (ds5.2) installed on some other box.The syntax of ldapclient changed in Solaris 9 (at least by 9 12/03). You now specify it like this:
# ldapclient -v init -a profileName=cn=myProfile,ou=profile,dc=example,dc=comIf you're using Proxy Authentication add the following:
-a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com -a proxyPassword=ClearTextPWYou should have been able to create a profile (storing it in the DIT) when you ran idsconfig. If you took the default name of "default" (cn=default,ou=profile,dc=example,dc=com) you might not even have to specify the profile name to ldapclient.
To generate a new profile and store it in the DIT use:
$ ldapclient -vgenprofile -a profileName=cn=myProfile,ou=profile,dc=example,dc=com -a defaultSearchBase=dc=example,dc=com ...With your various attributes for your profile as specified in ldapclient(1M).
As for pam, you have to decide which you're going to use: pam_unix or pam_ldap. Note that the Solaris pam_ldap is very different from the PADL pam_ldap used under Linux and elsewhere (this makes it easy to find apparently conflicting advice). -
Using CUCM as LDAP Server for Jabber Phone
Hi All,
I have CUCM 9.1 and Jabber 9.1 for android, I want to configure the Directory search with CUCM as LDAP server, when all the End User automatically added to directory search on the Jabber because we don't have any ldap server, but until now I always got Directory status Disconnected or Error.
Thing that I"ve done :
1. Cofigure the LDAP server on phone configuration with CUCM ip address.
2. FIll the Username and Password with CUCM Username and Password. (don't work)
3. Create new Application User with AXL API Access that used to be the LDAP Username and password (don't work)
does anyone have done this?or the connection with another LDAP Server is mandatory for jabber application? becaus I know some 3rd party application that can done this.
please help me with this problem, any help or comment will be grateful
Regards,
YopieUDS does not work with Jabber for Android, you do need an LDAP
Requirements for Integration with Corporate Directory (Optional)
Use one of the following for Lightweight Directory Access Protocol (LDAP):
Microsoft Active Directory 2003
Microsoft Active Directory 2008
Open LDAP
http://www.cisco.com/en/US/partner/docs/voice_ip_comm/jabber/Android/9_1/JABA_BK_J0D6CD65_00_jabber-android-release-notes-9-1-1.html
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk -
LDAP failing for iPrint and iFolder after new CA created
Last week we replaced our Certificate Authority as it was due to expire yesterday (Monday). It was currently running on a fully patches Netware 6.5 server and we took the decision to move it to a SLES 11 SP 2 OES 11 server and re-create all the certificates - following Option 2 for TID 3618399.
We re-ran PKIDIAG on the Novell server and tckeygen, and restarted and everything seemed fine - Groupwise (8) webaccess and the PO using ldap auth were working. But this morning we've discovered that ldap is failing to do secure binds for iprint secure printers and iFolder. We see this error message in the log screen:
>11:45:44 11:45:44 ldap *MASTER[xxxx.our-domain.com] connection restored
>11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][-1] ldap_simple_bind : Can't contact LDAP server(81)
>11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][0] ldap_simple_bind : Can't contact LDAP server(81)
>11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][1] ldap_simple_bind : Can't contact LDAP server(81)
>11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][2] ldap_simple_bind : Can't contact LDAP server(81)
>11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][3] ldap_simple_bind : Can't contact LDAP server(81)
>11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][4] ldap_simple_bind : Can't contact LDAP server(81)
>11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][5] ldap_simple_bind : Can't contact LDAP server(81)
>11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][6] ldap_simple_bind : Can't contact LDAP server(81)
>11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][7] ldap_simple_bind : Can't contact LDAP server(81)
>11:45:44 11:45:44 ldap iFolder_ldap01[xxxx.our-domain.com] connection restored
>11:46:41 11:46:41 iFolder_ldap01[xxxx.our-domain.com][-1] ldap_simple_bind: Can't contact LDAP server(81)
>11:46:41 11:46:41 ldap iFolder_ldap01[xxxx.our-domain.com] down
>11:46:41 11:46:41 ldap *MASTER[xxxx.our-domain.com] down
and in the apache error log we see:
[Tue Aug 27 11:30:08 2013] [error] [client 10.0.0.43] no acceptable variant: SYS:/apache2/error/HTTP_UNAUTHORIZED.html.var
[Tue Aug 27 11:30:08 2013] [warn] [client 10.0.0.43] [10] auth_ldapdn authenticate: user bob authentication failed; URI /ipps/Ricoh [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
Nothing else was charged other than creating a new CA (on a new server), removing the old one from eDirectory and generating the new certificates. If we use a web browser to the server to check the certificate we see that the CA cannot be validated as it is internal and not a publicly trusted one, but IIRC the old CA did the same.
PKIDiag and SDIDiag report no issues. The only thing I can imagine that could be causing the issue is the fact the CA is no longer on the same server hosting iFolder and iPrint. Both server host eDirectory and are part of the same replica ring, they can communicate and also time is synchronised.
Any ideas?
Mark.Thanks for the quick response, I followed your trace settings above arnd here are the results:
LDAP: [2013/08/27 12:42:12.701] Monitor 0x1ba terminating
LDAP: [2013/08/27 12:42:12.798] Listener closing cleartext port 389
LDAP: [2013/08/27 12:42:12.798] Listener closing TLS port 636
LDAP: [2013/08/27 12:42:12.798] Listener closing connectionless port 389
LDAP: [2013/08/27 12:42:12.802] Removing TLS module dependencies
LDAP: [2013/08/27 12:42:12.802] Removing SASL module dependencies
LDAP: [2013/08/27 12:42:12.907] LDAP Agent for Novell eDirectory 8.8 SP5 (20506.06) stopped
LDAP: [2013/08/27 12:42:18.17] NDS attribute "staticMember" does not exist, mapping ignored
LDAP: [2013/08/27 12:42:18.21] Duplicate LDAP class name: "alias" (ignored)
LDAP: [2013/08/27 12:42:18.98] LDAP Agent for Novell eDirectory 8.8 SP5 (20506.06) started
LDAP: [2013/08/27 12:42:18.98] Updating server configuration
LDAP: [2013/08/27 12:42:18.98] Work info status: Total:2 Peak:2 Busy:0
LDAP: [2013/08/27 12:42:18.98] Thread pool status: Total:2 Peak:2 Busy:2
LDAP: [2013/08/27 12:42:18.218] Listener applying new configuration
LDAP: [2013/08/27 12:42:18.218] LDAPURL: ldap://:389
LDAP: [2013/08/27 12:42:18.218] Listener setting up cleartext port 389
LDAP: [2013/08/27 12:42:18.218] LDAPURL: ldaps://:636
LDAP: [2013/08/27 12:42:18.218] Listener setting up TLS port 636
LDAP: [2013/08/27 12:42:18.218] LDAPURL: cldap://:389
LDAP: [2013/08/27 12:42:18.218] Listener setting up connectionless port 389
LDAP: [2013/08/27 12:42:18.218] TLS EXPORT ciphers or higher required for TLS connections
LDAP: [2013/08/27 12:42:18.219] TLS initialization sucessfully completed
LDAP: [2013/08/27 12:42:18.315] TLS configured successfully
LDAP: [2013/08/27 12:42:18.327] Adding SASL module dependencies
LDAP: [2013/08/27 12:42:18.329] SASL initialized successfully
LDAP: [2013/08/27 12:42:18.329] SASL configured successfully
LDAP: [2013/08/27 12:42:22.286] Created new monitor 0x0
LDAP: [2013/08/27 12:42:22.286] Monitor 0x20b started
LDAP: [2013/08/27 12:42:22.287] TLS accept failure 1 on connection 0xa284e160, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
LDAP: [2013/08/27 12:42:22.287] TLS handshake failed on connection 0xa284e160, err = -5875
LDAP: [2013/08/27 12:42:22.287] BIO ctrl called with unknown cmd 7
LDAP: [2013/08/27 12:43:17.861] BIO ctrl called with unknown cmd 7
LDAP: [2013/08/27 12:43:17.861] DoBind on connection 0xa284e160
LDAP: [2013/08/27 12:43:17.861] Bind name:cn=admin,o=xxx, version:3, authentication:simple
LDAP: [2013/08/27 12:43:17.863] Sending operation result 0:"":"" to connection 0xa284e160
LDAP: [2013/08/27 12:43:18.921] DoUnbind on connection 0xa284e160
LDAP: [2013/08/27 12:43:18.921] Preempting operation 0x0:0x0 on connection 0xa284e160 before processing because connection is closing
LDAP: [2013/08/27 12:43:19.904] DoBind on connection 0xa284e160
LDAP: [2013/08/27 12:43:19.905] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
LDAP: [2013/08/27 12:43:19.905] Sending operation result 0:"":"" to connection 0xa284e160
LDAP: [2013/08/27 12:43:19.906] DoUnbind on connection 0xa284e160
LDAP: [2013/08/27 12:43:19.906] DoBind on connection 0xa284e160
LDAP: [2013/08/27 12:43:19.906] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
LDAP: [2013/08/27 12:43:19.907] Sending operation result 0:"":"" to connection 0xa284e160
LDAP: [2013/08/27 12:43:19.907] DoBind on connection 0xa284e2c0
LDAP: [2013/08/27 12:43:19.907] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
LDAP: [2013/08/27 12:43:19.908] Sending operation result 0:"":"" to connection 0xa284e2c0
LDAP: [2013/08/27 12:43:19.908] DoBind on connection 0xa284e420
LDAP: [2013/08/27 12:43:19.908] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
LDAP: [2013/08/27 12:43:19.909] Sending operation result 0:"":"" to connection 0xa284e420
LDAP: [2013/08/27 12:43:19.909] DoBind on connection 0xa284e580
LDAP: [2013/08/27 12:43:19.909] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
LDAP: [2013/08/27 12:43:19.910] Sending operation result 0:"":"" to connection 0xa284e580
LDAP: [2013/08/27 12:43:19.910] DoBind on connection 0xa284e6e0
LDAP: [2013/08/27 12:43:19.910] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
LDAP: [2013/08/27 12:43:19.910] Sending operation result 0:"":"" to connection 0xa284e6e0
LDAP: [2013/08/27 12:43:19.911] DoBind on connection 0xa284e840
LDAP: [2013/08/27 12:43:19.911] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
LDAP: [2013/08/27 12:43:19.911] Sending operation result 0:"":"" to connection 0xa284e840
LDAP: [2013/08/27 12:43:19.912] DoBind on connection 0xa284e9a0
LDAP: [2013/08/27 12:43:19.912] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
LDAP: [2013/08/27 12:43:19.912] Sending operation result 0:"":"" to connection 0xa284e9a0
LDAP: [2013/08/27 12:43:19.913] DoBind on connection 0xa284eb00
LDAP: [2013/08/27 12:43:19.913] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
LDAP: [2013/08/27 12:43:19.913] Sending operation result 0:"":"" to connection 0xa284eb00
LDAP: [2013/08/27 12:43:19.923] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
LDAP: [2013/08/27 12:43:19.923] TLS handshake failed on connection 0xa284ec60, err = -5875
LDAP: [2013/08/27 12:43:19.923] BIO ctrl called with unknown cmd 7
LDAP: [2013/08/27 12:43:19.925] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
LDAP: [2013/08/27 12:43:19.925] TLS handshake failed on connection 0xa284ec60, err = -5875
LDAP: [2013/08/27 12:43:19.925] BIO ctrl called with unknown cmd 7
LDAP: [2013/08/27 12:43:19.926] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
LDAP: [2013/08/27 12:43:19.926] TLS handshake failed on connection 0xa284ec60, err = -5875
LDAP: [2013/08/27 12:43:19.926] BIO ctrl called with unknown cmd 7
LDAP: [2013/08/27 12:43:19.927] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
LDAP: [2013/08/27 12:43:19.927] TLS handshake failed on connection 0xa284ec60, err = -5875
LDAP: [2013/08/27 12:43:19.927] BIO ctrl called with unknown cmd 7
LDAP: [2013/08/27 12:43:19.929] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
LDAP: [2013/08/27 12:43:19.929] TLS handshake failed on connection 0xa284ec60, err = -5875
LDAP: [2013/08/27 12:43:19.929] BIO ctrl called with unknown cmd 7
LDAP: [2013/08/27 12:43:19.930] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
LDAP: [2013/08/27 12:43:19.930] TLS handshake failed on connection 0xa284ec60, err = -5875
LDAP: [2013/08/27 12:43:19.930] BIO ctrl called with unknown cmd 7
LDAP: [2013/08/27 12:43:19.932] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
LDAP: [2013/08/27 12:43:19.932] TLS handshake failed on connection 0xa284ec60, err = -5875
LDAP: [2013/08/27 12:43:19.932] BIO ctrl called with unknown cmd 7
LDAP: [2013/08/27 12:43:19.933] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
LDAP: [2013/08/27 12:43:19.933] TLS handshake failed on connection 0xa284ec60, err = -5875
LDAP: [2013/08/27 12:43:19.933] BIO ctrl called with unknown cmd 7
LDAP: [2013/08/27 12:43:19.934] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
LDAP: [2013/08/27 12:43:19.934] TLS handshake failed on connection 0xa284ec60, err = -5875
LDAP: [2013/08/27 12:43:19.934] BIO ctrl called with unknown cmd 7
I'm now pretty sure that the cert is being invalidated because the new CA is not trusted by the old server. Strange that PKIDiag has no problems with it. So really looking for a way to authorise a CA for ldap secure I think.
I can connect to the server over ldaps (port 636) using Softerra Ldap browser from my PC, again I get the certificate not valid as we have the internal CA authorising it, but you can accept the certificate and authenticate fine and use LDAP.
BR,
Mark. -
Free (java-based) LDAP server for Windows
Hello,
I am experimenting with JNDI. Can anyone tell me if there is a free LDAP server for Windows that I could use to run JNDI examples.
Thanks in advance,
Balteo.Attached is may slapd.conf file I used while I was working through the JNDI tutorial. You can find any comments in the original config file - I deleted them in the attachment.
Do not forget to create the directory 'openldap-ldbm' manually in the apropriate place as defined in the config file.
cu, Adrian
slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#include %SYSCONFDIR%/schema/core.schema
include d:/OpenLDAP/schema/core.schema
include d:/OpenLDAP/schema/java.schema
include d:/OpenLDAP/schema/krb5-kdc.schema
pidfile d:/OpenLDAP/slapd.pid
argsfile d:/OpenLDAP/slapd.args
database ldbm
suffix "o=JNDITutorial"
rootdn "cn=Manager,o=JNDITutorial"
rootpw changeit
#directory %LOCALSTATEDIR%/openldap-ldbm
directory d:/OpenLDAP/openldap-ldbm
index objectClass eq -
Free LDAP server for Win32 to play?
Hi.. anybody know free LDAP server for Win32?
Thanks!I found this:
http://www.eudora.com/free/ldap.html
Looks like you'll have to compile it yourself, though.
Actually, can't you access the Windows 2000 Active Directory through LDAP as well?
.P.
Maybe you are looking for
-
Hello all - I want to buy an Ipad while back in the US. Can I still use it without any compatibility issues/wireless problems here in the UK? Does it affect anything in regards to ease of use, connectivity, etc?
-
Can't back up iPhone 5 to my computer
Can't back up my iPhone 5 to my computer using iTunes. The "back up now" or "Restore" bottons are grey
-
Default timeframe for SC timeframe need to be changed to 90 days from 7 day
Hi All, In check status of the shopping cart (T-CODE = BBPSC04) by default we get timeframe of 7 days but client requirement is change to 90 days .I checked the badi BADI : BBP_CHANGE_DEFAULT Method: IF_EX_BBP_CHANGE_DEFAULT~CHANGE
-
Old IPhone vs. New IPhone
So I'm hoping there would be some form of special rate for the loyal customers before the IPHONE 3G but it doesn't seem to be coming around. I understand that this one will be ALOT cheaper but I don't want to have to deal with paying for anything. Wh
-
I'm trying to update my iPhone 4 operating system
I have a PC with Windows 8. I'm trying to update my iPhone 4 to iOS 7 but I can't iTunes to connect with the phone. I'm using a USB port. I just updated itunes to 11.1. Any advice?