LDAP Authenticaation for CUP

Hi Experts ,
I would like to know more about different User Authentication sources that could be  in CUP.
Is it possible to skip the authentications like LDAP / UME / SAP provided by CUP & configure ESO authentication..
Regards,
Shailesh
Edited by: Shailesh Deshpande on Jan 13, 2009 1:32 PM
Edited by: Shailesh Deshpande on Jan 14, 2009 6:42 AM

Hi Shailesh,
   What do you want to know about User Authentication sources? Can you be more specific?
The authentication shceme in CUP is only being used for End Users (Requesters). You can use SAP R/3, UME, HR, LDAP etc to authenticate users.
I am sorry but I don't know about ESO authentication. CUP supports only some of the authentication schemes out of the box but you can use other authentication schemes via UME.
Set up UME to talk to other authentication schemes (BASIS person should be able to do this) and set up UME as authentication scheme in CUP.
Regards,
Alpesh

Similar Messages

  • Error while doing the Ldap sync for UDFs

    Hi All,
    I am doing LDAP sync for UDFs,
    Created users in OID.
    assigned to orclIDXPerson object modified the ldapconfig.props and created the input file.
    Now I am running the ldapsyncudf.sh then I getting the below error.
    Exception in thread "main" java.lang.NullPointerException
    at oracle.ods.virtualization.schema.AttributeTypeDefinition.getOID(AttributeTypeDefinition.java:117)
    at oracle.ods.virtualization.jndi.OVDSchemaContext.convertAttrDefnToJNDIAttrs(OVDSchemaContext.java:655)
    at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:137)
    at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:109)
    at oracle.iam.configservice.impl.LDAPUDFSyncImpl.isAttrExistsInLDAP(LDAPUDFSyncImpl.java:555)
    at oracle.iam.configservice.impl.LDAPUDFSyncImpl.validateOVDSchema(LDAPUDFSyncImpl.java:519)
    at oracle.iam.configservice.impl.LDAPUDFSyncImpl.addUDFwithLDAP(LDAPUDFSyncImpl.java:1082)
    at oracle.iam.configservice.api.LDAPUDFSyncEJB.addUDFwithLDAPx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
    at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
    at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy631.addUDFwithLDAPx(Unknown Source)
    can anyone please unblock me.
    Thanks,
    Valli

    Hi,
    Please see if these help (for 11gR2)
    Export the LDAPUser.xml file from MDS using weblogicExportMetatdata.bat. This xml contains the attributes mapping between OIM and OID for LDAP synchronization.
    Include the entry for OIM attribute (if entry does not exist for the attribute in the XML) under entity-attributes node. For e.g. use the following xml snippet to add the entry for ISD Code for Phone attribute
    <entity-attributes><attribute name=”ISD Code for Phone”> <type>string</type> <required>false</required> <attribute-group>Extended </attribute-group> <searchable>true</searchable> </attribute> </entity-attributes>
    Include the entry for OID attribute under target-fields node. For e.g. use the following xml snippet to add the entry for CountryCode
    <target-fields><field name=”CountryCode”><type>String</type> <required>false</required> </target-fields>
    Now map the OIM attribute with the OID attribute using the following xml snippet under attribute-maps node
    <attribute-maps><attribute-map> <entity-attribute> ISD Code for Phone </entity-attribute> <target-field>CountryCode</target-field> </attribute-map></attribute-maps>
    Save the changes and import the file back into MDS using WebLogic import utilities.

  • Where can I find an LDAP Editory for Open LDAP

    where can I find an LDAP Editory for Open LDAP... i was using LDAP Editor but it does seem to work any more... where can I find a free download for the LDAP editor for windows...

    I put in the following info in the connection section for the
    lDAPbrowser but am not able to connect to the server. I get error
    saying Failed to connect to ldap://165.252.58.78:389/
    Host: 165.252.58.78
    Port: 389
    Version: 3
    Base DN: what do I put here
    and do I select SSL
    or Anoymous bind
    User Info
    User DN: what do I put here
    and
    I am connecting to ldap through my app with the following criteria:
    url=ldap://165.252.58.78:389/
    ldapHost=165.252.58.78
    ldapPort=389
    ldapVersion=LDAPConnection.LDAP_V3
    ldaploginDN=cn=Manager,dc=accuserverx,dc=com
    ldappassword=password

  • LDAP realm for authentication and ACL in Database

    We are thinking of using LDAP realm for authentication and we want to use ACL from a Database. But the documentation says: "WebLogic Server defers to the LDAP realm for authentication, but not for authorization. Authorization is accomplished with access control lists (ACLs), which are defined in the weblogic.properties file"
    Can we use LDAP realm for authentication and manage our ACL from a Database? or do we have to use the weblogic.properties file? Do the weblogic security API help in the above scenario? Thanks Ram

    Unfortunately, there is no easy way to do this in wls 6.0.
    The only way to handle it is to write your own custom realm
    that uses ldap for users and groups and a database for acls -
    probably not a viable alternative.
    -Tom
    "kevin doherty" <[email protected]> wrote:
    >
    Jeffrey Hirsch <[email protected]> wrote:
    You should be able to use the DelegatedRealm interface to utilize the authentication methods from LDAP and the authorization methods from RDBMSRealm...
    I'm trying to do this too, but we are using WL6 and I see that the DelegatedRealm interface has been deprecated in this version. I'd greatly appreciate more information on doing this in WL6.
    Thanks!
    -kd

  • LDAP Configuration for ECC 6.0 ( ABAP Stack only)

    Hi,
    Can any one guide me with the steps for the LDAP Configuration for ECC 6.0 ( Abap stack only).
    Some of my observations are....
    I can see the LDAP Support in the Installation master at the following path.
    1. Additional Software Life cycle Tasks --> Application Server --> LDAP Support.
    But the prerequisites for this task is given as "You must have extended the LDAP schema for the sap data types before.".
    When i am goint thru service market place i came across the following note.
    Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT.
    Thanks,
    Tanuj

    Dear All,
    We are trying to configure the LDAP using with active directory .  In the
    step of "Synchronization of SAP User Administration with LDAP
    Directory"when executing the report"RSLDAPSYNC_USER" we are facing one
    error.
    Please find the trace file and error screenshot in the attachment.Please help us on
    priority.
    Please find the Trace log in the below:
    RFC destination : LDAP_LDAPSE-01
    Tracelevel      :      8,704
    F5: Shutdown F6: Clear list F7: Dump status F8: Refresh list
    [Wed Jun 26 11:15:38 2013]
    Slot 0 (WIPROTECH): >>> ldap_initU(host="abg-mumabc-dc1.abgplanet.abg.com", port=389)
    [Wed Jun 26 11:15:39 2013]
    Slot 0 (WIPROTECH): <<< ldap_initU() == <NOT NULL> := connected
    Slot 0 (WIPROTECH): >>> ldap_set_option(version=3)
    Slot 0 (WIPROTECH): <<< ldap_set_option() == 0
    Slot 0 (WIPROTECH): >>> ldap_simple_bind_sU(dn="poornataad", password: not initial)
    [Wed Jun 26 11:15:40 2013]
    Slot 0 (WIPROTECH): <<< ldap_simple_bind_sU() == 0 := success
    [Wed Jun 26 11:15:43 2013]
    >>>>Required attributes table
    Line    0: "CREATETIMESTAMP" (length 15)
    Line    1: "MODIFYTIMESTAMP" (length 15)
    Line    2: "SAPUSERNAME" (length 11)
    <<<<Required attributes table
    Slot 0 (WIPROTECH): >>> ldap_search_sU(base="CN=poornataad,CN=Users,DN=abgplanet,DC=abg,DC=com", filter="(&(OBJECTCLASS=user)(SAPUSERNAME=*))", scope=2)
    Slot 0 (WIPROTECH): <<< ldap_search_sU() == 91
    >>> ldap_msgfree()
    <<< ldap_msgfree()
    Slot 0 (WIPROTECH): >>> ldap_unbind_s()
    Slot 0 (WIPROTECH): <<< ldap_unbind_s() == 0
    Please find the error screenshot in the below.
    Regards,
    Dilip Sampath.CH
    +91-9619735957.

  • LDAP Connector in CUP . No LDAPS? Surely not?

    Hi all,
    I have the LDAP Connector in CUP sucessfully binding to an Active Directory over port 389. It's now time to switch to LDAPS/SSl over port 636..but I have read on this forum that CUP does not support LDAPS connections. Surely this cannot be true???? No company in their right mind would allow an unencrypted connection to their Production AD/LDAP.
    And I can't use the UME to connect to AD over LDAPS as this is already configured as an ABAP dataSource so cannot be switched (according to SAP and the customer).
    Regards
    Daniel

    Found the OSS note saying it is not supported. Hard to believe.

  • Using external LDAP server for  WL JNDI lookups

    I'm trying to find out if it is possible to re-direct JNDI calls to the WL
    server to an external LDAP server. I know you can install an external LDAP
    server for security purposes, but I would like to use an external LDAP
    server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
    Is this possible?

    You typically need to use our JNDI store. We strongly recommend this for
    performance reasons..
    You can use the JNDI To LDAP bridge which is available from the sun web
    site.
    Michael Girdley
    BEA Systems Inc
    "Jack Archer" <[email protected]> wrote in message
    news:[email protected]..
    I'm trying to find out if it is possible to re-direct JNDI calls to the WL
    server to an external LDAP server. I know you can install an external LDAP
    server for security purposes, but I would like to use an external LDAP
    server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
    Is this possible?

  • Use of Lotus LDAP server for WLP 7 - LDAP experts ?

    Hi,
    I'm looking for someone who has used the Lotus LDAP server for WLP7
    authentication.
    I connect my portal to the Domino LDAP, User and Groups are working
    fine, but the membership of a user to a group is not.
    I assume that it's related to the parameters I use (especially the
    membership.filter ?):
    "user.filter=(&(uid=%u)(objectclass=person));
    user.dn=O=Apac;
    membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
    group.filter=(&(cn=%g)(objectclass=groupOfNames));
    server.host=jpgal01.apac.bea.com;
    group.dn="
    Any help would be appreciate, because I just don't where to look for.
    JP

    "JP" <[email protected]> wrote in message news:[email protected]..
    Hi,
    I'm looking for someone who has used the Lotus LDAP server for WLP7
    authentication.
    I connect my portal to the Domino LDAP, User and Groups are working
    fine, but the membership of a user to a group is not.
    I assume that it's related to the parameters I use (especially the
    membership.filter ?):
    "user.filter=(&(uid=%u)(objectclass=person));
    user.dn=O=Apac;
    membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
    group.filter=(&(cn=%g)(objectclass=groupOfNames));
    server.host=jpgal01.apac.bea.com;
    group.dn="
    Any help would be appreciate, because I just don't where to look for.
    Try setting the com.netscape.ldap.trace property.
    \* When -D command line option is used, defining the property with
    * no value will send the trace output to the standard error. If the
    * value is defined, it is assumed to be the name of an output file.
    * If the file name is prefixed with a '+' character, the file is
    * opened in append mode.
    This will create a ldap trace file of the requests that WLS is making on the
    LDAP server. You can then see
    where the filters are not returning the correct value for the group
    membership.

  • Use of Lotus LDAP server for WLP 7 - LDAP experts required

    Hi,
    I'm looking for someone who has used the Lotus LDAP server for WLP7
    authentication.
    User and Groups are working fine, the membership of a user to a group is
    not.
    I assume that it's related to the parameters I use (especially the
    membership.filter ?):
    user.filter=(&(uid=%u)(objectclass=person));
    user.dn=O=Apac;
    membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
    group.filter=(&(cn=%g)(objectclass=groupOfNames));
    server.host=jpgal01.apac.bea.com;
    group.dn=
    I know that this LDAP server supported, but id it could work at least
    for some time, that would be great !
    thanks for your help,
    JP

    "JP" <[email protected]> wrote in message news:[email protected]..
    Hi,
    I'm looking for someone who has used the Lotus LDAP server for WLP7
    authentication.
    I connect my portal to the Domino LDAP, User and Groups are working
    fine, but the membership of a user to a group is not.
    I assume that it's related to the parameters I use (especially the
    membership.filter ?):
    "user.filter=(&(uid=%u)(objectclass=person));
    user.dn=O=Apac;
    membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
    group.filter=(&(cn=%g)(objectclass=groupOfNames));
    server.host=jpgal01.apac.bea.com;
    group.dn="
    Any help would be appreciate, because I just don't where to look for.
    Try setting the com.netscape.ldap.trace property.
    \* When -D command line option is used, defining the property with
    * no value will send the trace output to the standard error. If the
    * value is defined, it is assumed to be the name of an output file.
    * If the file name is prefixed with a '+' character, the file is
    * opened in append mode.
    This will create a ldap trace file of the requests that WLS is making on the
    LDAP server. You can then see
    where the filters are not returning the correct value for the group
    membership.

  • X.509 PKI LDAP Schema for OID

    Hi,
    my question is about availability X.509 PKI LDAP Schema for OID. Does anyone know if it is possible to import already predefined schema into OID?
    Is it neccessary to folow RFC2587 and define the schema by hand?
    Any response and advice appreciated.
    Petr
    P.S.
    I am quite new in the area of OID so some my questions may seem incomrehensible.

    Hello Petr:
    You most certainly can load your own custom schema items into OiD. A few things to keep in mind when you do this.
    Make sure you load the attributes first.
    Then your objectclasses.
    Then your Catolog/indexes if you have any.
    Then load your directory entries.
    And last load any ACI's you may have.
    If you give me a few of your schema definitions I would be happy to give you an example of how to do this.
    There are many PKI venders out there and not all of them store certificates the same way. Some use standard schema attributes and others add their own custom attribute.

  • LDAP client for solaris 9 with ds5.2 on other box

    Hi
    I have ds5.2 installed on Box1. I am trying to configure ldapclient on solaris 9 box. I want this to point to existing ldap server for authentication. Sun documentation is not clear about how to do that ? as some of the switches mentioned with ldapclient doesn't work. Most of the solutions I saw are on integrated solaris 9 ds server configuration. e.g idsconfig etc. I am not finding how to do basic authentication of solaris9 cient with any ldap server (ds5.2) installed on some other box.

    The syntax of ldapclient changed in Solaris 9 (at least by 9 12/03). You now specify it like this:
    # ldapclient -v init -a profileName=cn=myProfile,ou=profile,dc=example,dc=comIf you're using Proxy Authentication add the following:
    -a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com -a proxyPassword=ClearTextPWYou should have been able to create a profile (storing it in the DIT) when you ran idsconfig. If you took the default name of "default" (cn=default,ou=profile,dc=example,dc=com) you might not even have to specify the profile name to ldapclient.
    To generate a new profile and store it in the DIT use:
    $ ldapclient -vgenprofile -a profileName=cn=myProfile,ou=profile,dc=example,dc=com -a defaultSearchBase=dc=example,dc=com ...With your various attributes for your profile as specified in ldapclient(1M).
    As for pam, you have to decide which you're going to use: pam_unix or pam_ldap. Note that the Solaris pam_ldap is very different from the PADL pam_ldap used under Linux and elsewhere (this makes it easy to find apparently conflicting advice).

  • Using CUCM as LDAP Server for Jabber Phone

    Hi All,
    I have CUCM 9.1 and Jabber 9.1 for android, I want to configure the Directory search with CUCM as LDAP server, when all the End User automatically added to directory search on the Jabber because we don't have any ldap server, but until now I always got Directory status Disconnected or Error.
    Thing that I"ve done :
         1. Cofigure the LDAP server on phone configuration with CUCM ip address.
         2. FIll the Username and Password with CUCM Username and Password. (don't work)
         3. Create new Application User with AXL API Access that used to be the LDAP Username and password (don't work)
    does anyone have done this?or the connection with another LDAP Server is mandatory for jabber application? becaus I know some 3rd party application that can done this.
    please help me with this problem, any help or comment will be grateful
    Regards,
    Yopie

    UDS does not work with Jabber for Android, you do need an LDAP
    Requirements for Integration with Corporate Directory (Optional)
    Use one of the following for Lightweight Directory Access Protocol (LDAP):
    Microsoft Active Directory 2003
    Microsoft Active Directory 2008
    Open LDAP
    http://www.cisco.com/en/US/partner/docs/voice_ip_comm/jabber/Android/9_1/JABA_BK_J0D6CD65_00_jabber-android-release-notes-9-1-1.html
    HTH
    java
    if this helps, please rate
    www.cisco.com/go/pdihelpdesk

  • LDAP failing for iPrint and iFolder after new CA created

    Last week we replaced our Certificate Authority as it was due to expire yesterday (Monday). It was currently running on a fully patches Netware 6.5 server and we took the decision to move it to a SLES 11 SP 2 OES 11 server and re-create all the certificates - following Option 2 for TID 3618399.
    We re-ran PKIDIAG on the Novell server and tckeygen, and restarted and everything seemed fine - Groupwise (8) webaccess and the PO using ldap auth were working. But this morning we've discovered that ldap is failing to do secure binds for iprint secure printers and iFolder. We see this error message in the log screen:
    >11:45:44 11:45:44 ldap *MASTER[xxxx.our-domain.com] connection restored
    >11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][-1] ldap_simple_bind : Can't contact LDAP server(81)
    >11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][0] ldap_simple_bind : Can't contact LDAP server(81)
    >11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][1] ldap_simple_bind : Can't contact LDAP server(81)
    >11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][2] ldap_simple_bind : Can't contact LDAP server(81)
    >11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][3] ldap_simple_bind : Can't contact LDAP server(81)
    >11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][4] ldap_simple_bind : Can't contact LDAP server(81)
    >11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][5] ldap_simple_bind : Can't contact LDAP server(81)
    >11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][6] ldap_simple_bind : Can't contact LDAP server(81)
    >11:45:44 11:45:44 iFolder_ldap01[xxxx.our-domain.com][7] ldap_simple_bind : Can't contact LDAP server(81)
    >11:45:44 11:45:44 ldap iFolder_ldap01[xxxx.our-domain.com] connection restored
    >11:46:41 11:46:41 iFolder_ldap01[xxxx.our-domain.com][-1] ldap_simple_bind: Can't contact LDAP server(81)
    >11:46:41 11:46:41 ldap iFolder_ldap01[xxxx.our-domain.com] down
    >11:46:41 11:46:41 ldap *MASTER[xxxx.our-domain.com] down
    and in the apache error log we see:
    [Tue Aug 27 11:30:08 2013] [error] [client 10.0.0.43] no acceptable variant: SYS:/apache2/error/HTTP_UNAUTHORIZED.html.var
    [Tue Aug 27 11:30:08 2013] [warn] [client 10.0.0.43] [10] auth_ldapdn authenticate: user bob authentication failed; URI /ipps/Ricoh [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
    Nothing else was charged other than creating a new CA (on a new server), removing the old one from eDirectory and generating the new certificates. If we use a web browser to the server to check the certificate we see that the CA cannot be validated as it is internal and not a publicly trusted one, but IIRC the old CA did the same.
    PKIDiag and SDIDiag report no issues. The only thing I can imagine that could be causing the issue is the fact the CA is no longer on the same server hosting iFolder and iPrint. Both server host eDirectory and are part of the same replica ring, they can communicate and also time is synchronised.
    Any ideas?
    Mark.

    Thanks for the quick response, I followed your trace settings above arnd here are the results:
    LDAP: [2013/08/27 12:42:12.701] Monitor 0x1ba terminating
    LDAP: [2013/08/27 12:42:12.798] Listener closing cleartext port 389
    LDAP: [2013/08/27 12:42:12.798] Listener closing TLS port 636
    LDAP: [2013/08/27 12:42:12.798] Listener closing connectionless port 389
    LDAP: [2013/08/27 12:42:12.802] Removing TLS module dependencies
    LDAP: [2013/08/27 12:42:12.802] Removing SASL module dependencies
    LDAP: [2013/08/27 12:42:12.907] LDAP Agent for Novell eDirectory 8.8 SP5 (20506.06) stopped
    LDAP: [2013/08/27 12:42:18.17] NDS attribute "staticMember" does not exist, mapping ignored
    LDAP: [2013/08/27 12:42:18.21] Duplicate LDAP class name: "alias" (ignored)
    LDAP: [2013/08/27 12:42:18.98] LDAP Agent for Novell eDirectory 8.8 SP5 (20506.06) started
    LDAP: [2013/08/27 12:42:18.98] Updating server configuration
    LDAP: [2013/08/27 12:42:18.98] Work info status: Total:2 Peak:2 Busy:0
    LDAP: [2013/08/27 12:42:18.98] Thread pool status: Total:2 Peak:2 Busy:2
    LDAP: [2013/08/27 12:42:18.218] Listener applying new configuration
    LDAP: [2013/08/27 12:42:18.218] LDAPURL: ldap://:389
    LDAP: [2013/08/27 12:42:18.218] Listener setting up cleartext port 389
    LDAP: [2013/08/27 12:42:18.218] LDAPURL: ldaps://:636
    LDAP: [2013/08/27 12:42:18.218] Listener setting up TLS port 636
    LDAP: [2013/08/27 12:42:18.218] LDAPURL: cldap://:389
    LDAP: [2013/08/27 12:42:18.218] Listener setting up connectionless port 389
    LDAP: [2013/08/27 12:42:18.218] TLS EXPORT ciphers or higher required for TLS connections
    LDAP: [2013/08/27 12:42:18.219] TLS initialization sucessfully completed
    LDAP: [2013/08/27 12:42:18.315] TLS configured successfully
    LDAP: [2013/08/27 12:42:18.327] Adding SASL module dependencies
    LDAP: [2013/08/27 12:42:18.329] SASL initialized successfully
    LDAP: [2013/08/27 12:42:18.329] SASL configured successfully
    LDAP: [2013/08/27 12:42:22.286] Created new monitor 0x0
    LDAP: [2013/08/27 12:42:22.286] Monitor 0x20b started
    LDAP: [2013/08/27 12:42:22.287] TLS accept failure 1 on connection 0xa284e160, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
    LDAP: [2013/08/27 12:42:22.287] TLS handshake failed on connection 0xa284e160, err = -5875
    LDAP: [2013/08/27 12:42:22.287] BIO ctrl called with unknown cmd 7
    LDAP: [2013/08/27 12:43:17.861] BIO ctrl called with unknown cmd 7
    LDAP: [2013/08/27 12:43:17.861] DoBind on connection 0xa284e160
    LDAP: [2013/08/27 12:43:17.861] Bind name:cn=admin,o=xxx, version:3, authentication:simple
    LDAP: [2013/08/27 12:43:17.863] Sending operation result 0:"":"" to connection 0xa284e160
    LDAP: [2013/08/27 12:43:18.921] DoUnbind on connection 0xa284e160
    LDAP: [2013/08/27 12:43:18.921] Preempting operation 0x0:0x0 on connection 0xa284e160 before processing because connection is closing
    LDAP: [2013/08/27 12:43:19.904] DoBind on connection 0xa284e160
    LDAP: [2013/08/27 12:43:19.905] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
    LDAP: [2013/08/27 12:43:19.905] Sending operation result 0:"":"" to connection 0xa284e160
    LDAP: [2013/08/27 12:43:19.906] DoUnbind on connection 0xa284e160
    LDAP: [2013/08/27 12:43:19.906] DoBind on connection 0xa284e160
    LDAP: [2013/08/27 12:43:19.906] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
    LDAP: [2013/08/27 12:43:19.907] Sending operation result 0:"":"" to connection 0xa284e160
    LDAP: [2013/08/27 12:43:19.907] DoBind on connection 0xa284e2c0
    LDAP: [2013/08/27 12:43:19.907] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
    LDAP: [2013/08/27 12:43:19.908] Sending operation result 0:"":"" to connection 0xa284e2c0
    LDAP: [2013/08/27 12:43:19.908] DoBind on connection 0xa284e420
    LDAP: [2013/08/27 12:43:19.908] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
    LDAP: [2013/08/27 12:43:19.909] Sending operation result 0:"":"" to connection 0xa284e420
    LDAP: [2013/08/27 12:43:19.909] DoBind on connection 0xa284e580
    LDAP: [2013/08/27 12:43:19.909] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
    LDAP: [2013/08/27 12:43:19.910] Sending operation result 0:"":"" to connection 0xa284e580
    LDAP: [2013/08/27 12:43:19.910] DoBind on connection 0xa284e6e0
    LDAP: [2013/08/27 12:43:19.910] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
    LDAP: [2013/08/27 12:43:19.910] Sending operation result 0:"":"" to connection 0xa284e6e0
    LDAP: [2013/08/27 12:43:19.911] DoBind on connection 0xa284e840
    LDAP: [2013/08/27 12:43:19.911] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
    LDAP: [2013/08/27 12:43:19.911] Sending operation result 0:"":"" to connection 0xa284e840
    LDAP: [2013/08/27 12:43:19.912] DoBind on connection 0xa284e9a0
    LDAP: [2013/08/27 12:43:19.912] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
    LDAP: [2013/08/27 12:43:19.912] Sending operation result 0:"":"" to connection 0xa284e9a0
    LDAP: [2013/08/27 12:43:19.913] DoBind on connection 0xa284eb00
    LDAP: [2013/08/27 12:43:19.913] Bind name:cn=iFolder_ServerAgent,O=xxx, version:3, authentication:simple
    LDAP: [2013/08/27 12:43:19.913] Sending operation result 0:"":"" to connection 0xa284eb00
    LDAP: [2013/08/27 12:43:19.923] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
    LDAP: [2013/08/27 12:43:19.923] TLS handshake failed on connection 0xa284ec60, err = -5875
    LDAP: [2013/08/27 12:43:19.923] BIO ctrl called with unknown cmd 7
    LDAP: [2013/08/27 12:43:19.925] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
    LDAP: [2013/08/27 12:43:19.925] TLS handshake failed on connection 0xa284ec60, err = -5875
    LDAP: [2013/08/27 12:43:19.925] BIO ctrl called with unknown cmd 7
    LDAP: [2013/08/27 12:43:19.926] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
    LDAP: [2013/08/27 12:43:19.926] TLS handshake failed on connection 0xa284ec60, err = -5875
    LDAP: [2013/08/27 12:43:19.926] BIO ctrl called with unknown cmd 7
    LDAP: [2013/08/27 12:43:19.927] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
    LDAP: [2013/08/27 12:43:19.927] TLS handshake failed on connection 0xa284ec60, err = -5875
    LDAP: [2013/08/27 12:43:19.927] BIO ctrl called with unknown cmd 7
    LDAP: [2013/08/27 12:43:19.929] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
    LDAP: [2013/08/27 12:43:19.929] TLS handshake failed on connection 0xa284ec60, err = -5875
    LDAP: [2013/08/27 12:43:19.929] BIO ctrl called with unknown cmd 7
    LDAP: [2013/08/27 12:43:19.930] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
    LDAP: [2013/08/27 12:43:19.930] TLS handshake failed on connection 0xa284ec60, err = -5875
    LDAP: [2013/08/27 12:43:19.930] BIO ctrl called with unknown cmd 7
    LDAP: [2013/08/27 12:43:19.932] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
    LDAP: [2013/08/27 12:43:19.932] TLS handshake failed on connection 0xa284ec60, err = -5875
    LDAP: [2013/08/27 12:43:19.932] BIO ctrl called with unknown cmd 7
    LDAP: [2013/08/27 12:43:19.933] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
    LDAP: [2013/08/27 12:43:19.933] TLS handshake failed on connection 0xa284ec60, err = -5875
    LDAP: [2013/08/27 12:43:19.933] BIO ctrl called with unknown cmd 7
    LDAP: [2013/08/27 12:43:19.934] TLS accept failure 1 on connection 0xa284ec60, setting err = -5875. Error stack: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
    LDAP: [2013/08/27 12:43:19.934] TLS handshake failed on connection 0xa284ec60, err = -5875
    LDAP: [2013/08/27 12:43:19.934] BIO ctrl called with unknown cmd 7
    I'm now pretty sure that the cert is being invalidated because the new CA is not trusted by the old server. Strange that PKIDiag has no problems with it. So really looking for a way to authorise a CA for ldap secure I think.
    I can connect to the server over ldaps (port 636) using Softerra Ldap browser from my PC, again I get the certificate not valid as we have the internal CA authorising it, but you can accept the certificate and authenticate fine and use LDAP.
    BR,
    Mark.

  • Free (java-based) LDAP server for Windows

    Hello,
    I am experimenting with JNDI. Can anyone tell me if there is a free LDAP server for Windows that I could use to run JNDI examples.
    Thanks in advance,
    Balteo.

    Attached is may slapd.conf file I used while I was working through the JNDI tutorial. You can find any comments in the original config file - I deleted them in the attachment.
    Do not forget to create the directory 'openldap-ldbm' manually in the apropriate place as defined in the config file.
    cu, Adrian
    slapd.conf
    # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
    # See slapd.conf(5) for details on configuration options.
    # This file should NOT be world readable.
    #include          %SYSCONFDIR%/schema/core.schema
    include          d:/OpenLDAP/schema/core.schema
    include          d:/OpenLDAP/schema/java.schema
    include          d:/OpenLDAP/schema/krb5-kdc.schema
    pidfile          d:/OpenLDAP/slapd.pid
    argsfile     d:/OpenLDAP/slapd.args
    database     ldbm
    suffix          "o=JNDITutorial"
    rootdn          "cn=Manager,o=JNDITutorial"
    rootpw          changeit
    #directory     %LOCALSTATEDIR%/openldap-ldbm
    directory     d:/OpenLDAP/openldap-ldbm
    index     objectClass     eq

  • Free LDAP server for Win32 to play?

    Hi.. anybody know free LDAP server for Win32?
    Thanks!

    I found this:
    http://www.eudora.com/free/ldap.html
    Looks like you'll have to compile it yourself, though.
    Actually, can't you access the Windows 2000 Active Directory through LDAP as well?
    .P.

Maybe you are looking for

  • US Ipads in the UK?

    Hello all - I want to buy an Ipad while back in the US. Can I still use it without any compatibility issues/wireless problems here in the UK? Does it affect anything in regards to ease of use, connectivity, etc?

  • Can't back up iPhone 5 to my computer

    Can't back up my iPhone 5 to my computer using iTunes. The "back up now" or "Restore" bottons are grey

  • Default timeframe for SC timeframe need to be changed to 90 days from 7 day

    Hi  All,      In check status of the shopping cart (T-CODE = BBPSC04) by default we get   timeframe of   7 days but client requirement is change to 90  days .I checked  the badi      BADI : BBP_CHANGE_DEFAULT   Method: IF_EX_BBP_CHANGE_DEFAULT~CHANGE

  • Old IPhone vs. New IPhone

    So I'm hoping there would be some form of special rate for the loyal customers before the IPHONE 3G but it doesn't seem to be coming around. I understand that this one will be ALOT cheaper but I don't want to have to deal with paying for anything. Wh

  • I'm trying to update my iPhone 4 operating system

    I have a PC with Windows 8. I'm trying to update my iPhone 4 to iOS 7 but I can't iTunes to connect with the phone. I'm using a USB port. I just updated itunes to 11.1. Any advice?