Alias support in directory server 5

Similar Messages

• PasswordPolicyControl support in Directory Server 5.2

  Hi,
  Does the SunOne Directory Server 5.2 support Password Policy Control (OID 1.3.6.1.4.1.42.2.27.8.5.1)?
  Thanks,
  ~AA
  Message was edited by:
  ambhaikar123

  No, this control will be supported in Directory Server 6.0.
  Regards,
  Ludovic

• JNDI Support in Directory Server 5.1 and 5.2

  Does anyone know where I can find documentation on whether Directory Server supports - JNDI -(java naming directory interface), and whether this is an industry standard that is outlined in an RFC somewhere?
  Thanks

  JNDI support is documented in Chapter 35 of the DSRK guide at http://docs.sun.com/source/816-6400-10/jndi.html
  JNDI is a part of J2SE, a Java Community Process specification. See http://www.jcp.org
  --Stephen                                                                                                                                                                                                                                                                                                                                                                                                                                   

• When will Directory Server support RFC 4511?

  I would like to know when Sun plans to support the new LDAP v3 suite of RFCs, including RFC 4511?

  Thanks Ludovic.
  So if a client wants to support the password policies that are currently implemented on Directory Server 5.2, and also the policies that will be implemented in 6.0, then the client needs to support both the "vchu" and "behera" Internet Drafts, correct? Just to make sure I understand the "vchu" draft, the client is NOT required to send a password policy request control to the server in order to get password policy information returned, correct? ALL the policy information comes either in the error string associated with the LDAPResult OR in the 2 new controls defined in "vchu" (for expiring and already-expired passwords). Is all that correct?
  Is that the extent of what the client would need to do for support of 5.2? Or are there other password policy issues the client would need to code for in addition to what's in "vchu"?
  Also, does the "behera" draft define the extent of Directory Server 6.0 support for password policies, or will there be additional things the client will have to be aware of and code for?
  Thanks,
  gil
  I'm also confused about the relationship between the shadowAccount object class attributes defined in RFC 2307 vs. the password policy supported by Directory Server 5.2 (and 6.0). Are these attributes needed in support of either the "old" or the "new" password policies? Are they obsoleted by either password policy? Do the shadowAccount and password policy attributes operate independently from each other? If so, what do the shadowAccount attributes do for you that the password policy attributes don't? I'm having a hard time sorting out whether I need both types of attributes or only one...
  Thanks,
  gil
  Message was edited by: Gil Geiman
  ggeiman

• How do I extend the schema with a new auxiliary objectclass in Directory Server 4.11?

  There seems to be no way to mark a new objectclass as AUXILIARY from the Netscape Console with Directory Server 4.11. Likewise, there is no mention of auxiliary objectclasses in the Administrator's Guide or Deployment Guide. When I simply mark the new objectclass with a superior of 'top', I get an Object class violation error when I try to add the objectclass and new attributes to an existing entry.
  So my questions are:
  1. Are auxiliary objectclasses supported in Directory Server 4.x?
  2. If so, how do I add them with the Netscape Console or directory in the configuration files?
  3. If not, is there a workaround that mimics the behavior of auxiliary objectclasses?
  Thanks.

  Even if 4.x supports marking objectclasses as Auxiliary (which I don't think it does. iDS 5.x does), the Directory Server ignores the flags when it comes to schema checking, ie you can mimic behavior of auxiliary objectclasses without tagging the objectclass as Auxialiry in the schema.
  Regards,
  Ludovic

• End of support dates for Directory Server

  does anyone know where I can find an end of support matrix for Directory Server ? We are still running 5.1sp4.....Thanks

  Is this information publicly available? I am interested in this as well...
  Thanks

• Directory Server & RedHat AS support

  Good day,
  We are using Directory Server 5.2P4 on RHEL 3.
  We want to install another copy (which replicates with/to the others) on our Messaging 6.3 server, this server however runs on RHEL 4.
  Is this possible and/or supported ?
  (and if not which versions are supported on RHEL 4 and/or 5)
  I've tried to find this information on the Sun website but have found it difficult to find for RedHat.
  Much obliged and kind regards,
  Jeffrey

  Is 5.2P4 on RHEL 3 is supported? I guess it is :) I think your question is this.. you run 5.2P4 on RHEL 3 and you want to run 5.2P4 on RHEL 4 which is also supported, and replicate between them. Thats fine shouldnt be a problem. I had 5.2P4 on windows 2000 replicating to DS 6.3 on RHEL 4. Sorry I know a few of you just threw up a little in your mouth :)

• Sun Directory Server role support?

  I would like to set up roles in the sun directory and use the identity manager in the future. Does identity manager support the role mechanism used by Sun directory server 5.2 and above? Are there any inconsistencies that I should be aware of?
  Also, AFIAK Active Directory does not support multi-valued DN's as attribute values. If I use identity manager to sync Sun DS with AD will user entries with multiple Sun DS roles become a problem?

  We are in intial stages of design. Yes that was the goal to take the roles from Sun DS and use them in AD by way of identity manager. I am new to identity manager, so there may be a mapping instead of a direct push.
  The Sun DS roles are operational attributes and I am not sure how identity manager sees them or supports them. I guess if it can see tham then it can map them to anything.

• Weblogic server 5.1.0 with sp8 does not work with LDAP (Netscape Directory Server 4.12)

  I have weblogic server 5.1.0 with the sp8 running on Windows NT server 4.0.
  The weblogic server is configured to use LDAP realm (Netscape directory
  server 4.12).
  When I try to run weblogic server and I am getting the following errors:
  The WebLogic Server did not start up properly.
  Exception raised: java.lang.reflect.InvocationTargetException
  java.lang.reflect.InvocationTargetException: java.lang.ExceptionInInitialize
  or: weblogic.security.ldaprealm.LDAPRealmException: cannot connect to ldapse
  without a principal to authenticate as
  at weblogic.security.ldaprealm.LDAPDelegate.setupProperties(LDAPDele
  .java, Compiled Code)
  at weblogic.security.ldaprealm.LDAPDelegate.<clinit>(LDAPDelegate.ja
  83)
  at weblogic.security.ldaprealm.LDAPRealm.<init>(LDAPRealm.java:34)
  at java.lang.Class.newInstance0(Native Method)
  at java.lang.Class.newInstance(Class.java:241)
  at weblogic.security.acl.Realm.getRealm(Realm.java:78)
  at weblogic.security.acl.Realm.getRealm(Realm.java:56)
  at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1756)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
  at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.Server.startServerDynamically(Server.java:99)
  at weblogic.Server.main(Server.java:65)
  at weblogic.Server.main(Server.java:55)
  java.lang.ExceptionInInitializerError: weblogic.security.ldaprealm.LDAPRealm
  ption: cannot connect to ldapserver without a principal to authenticate as
  at weblogic.security.ldaprealm.LDAPDelegate.setupProperties(LDAPDele
  .java, Compiled Code)
  at weblogic.security.ldaprealm.LDAPDelegate.<clinit>(LDAPDelegate.ja
  83)
  at weblogic.security.ldaprealm.LDAPRealm.<init>(LDAPRealm.java:34)
  at java.lang.Class.newInstance0(Native Method)
  at java.lang.Class.newInstance(Class.java:241)
  at weblogic.security.acl.Realm.getRealm(Realm.java:78)
  at weblogic.security.acl.Realm.getRealm(Realm.java:56)
  at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1756)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
  at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.Server.startServerDynamically(Server.java:99)
  at weblogic.Server.main(Server.java:65)
  at weblogic.Server.main(Server.java:55)
  And here is the my ldaprealm.properties file
  netscape.server.host=localhost
  netscape.server.port=389
  netscape.server.ssl=false
  netscape.server.principal=uid=admin, ou=Administrators,
  ou=TopologyManagement, o=NetscapeRoot
  netscape.server.credential=password
  netscape.user.dn=ou=People, o=towers.com
  netscape.user.filter=(&(uid=%u)(objectclass=person))
  netscape.group.dn=ou=Groups, o=towers.com
  netscape.group.filter=(&(cn=%g)(objectclass=groupofuniquenames))
  netscape.membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquename
  s))
  By looking at the error message, it seems like the "server.principal" and
  "server.credential" info is not correct.
  But I was able to use the same Netscape Directory server with Welogic 5.1.0
  with sp4, although the ldaprealm.properties file has somewhat different
  format.
  Did anyone have similar problems with sp8?
  Thanks in advance for any suggestions.

  BEA support just gave me the solution.
  They told me to uncomment out the line
  server.alias=netscape
  in the ldaprealm.properties file
  And I am able to start weblogic with my NIS
  Thanks
  "Enrique" <[email protected]> wrote in message
  news:[email protected]...
  >
  Hi,
  Have you try to remove the "system" user on the LDAP server?
  Regards.
  "Honghai Zhang" <[email protected]> wrote:
  I have weblogic server 5.1.0 with the sp8 running on Windows NT server
  4.0.
  The weblogic server is configured to use LDAP realm (Netscape directory
  server 4.12).
  When I try to run weblogic server and I am getting the following errors:***************************************************************************
  The WebLogic Server did not start up properly.
  Exception raised: java.lang.reflect.InvocationTargetException
  java.lang.reflect.InvocationTargetException:
  java.lang.ExceptionInInitialize
  or: weblogic.security.ldaprealm.LDAPRealmException: cannot connect toldapse
  without a principal to authenticate as
  atweblogic.security.ldaprealm.LDAPDelegate.setupProperties(LDAPDele
  ..java, Compiled Code)
  atweblogic.security.ldaprealm.LDAPDelegate.<clinit>(LDAPDelegate.ja
  83)
  atweblogic.security.ldaprealm.LDAPRealm.<init>(LDAPRealm.java:34)
  at java.lang.Class.newInstance0(Native Method)
  at java.lang.Class.newInstance(Class.java:241)
  at weblogic.security.acl.Realm.getRealm(Realm.java:78)
  at weblogic.security.acl.Realm.getRealm(Realm.java:56)
  at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1756)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
  at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.Server.startServerDynamically(Server.java:99)
  at weblogic.Server.main(Server.java:65)
  at weblogic.Server.main(Server.java:55)
  java.lang.ExceptionInInitializerError:weblogic.security.ldaprealm.LDAPRealm
  ption: cannot connect to ldapserver without a principal to authenticate
  as
  atweblogic.security.ldaprealm.LDAPDelegate.setupProperties(LDAPDele
  ..java, Compiled Code)
  atweblogic.security.ldaprealm.LDAPDelegate.<clinit>(LDAPDelegate.ja
  83)
  atweblogic.security.ldaprealm.LDAPRealm.<init>(LDAPRealm.java:34)
  at java.lang.Class.newInstance0(Native Method)
  at java.lang.Class.newInstance(Class.java:241)
  at weblogic.security.acl.Realm.getRealm(Realm.java:78)
  at weblogic.security.acl.Realm.getRealm(Realm.java:56)
  at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1756)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
  at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.Server.startServerDynamically(Server.java:99)
  at weblogic.Server.main(Server.java:65)
  at weblogic.Server.main(Server.java:55)***************************************************************************
  And here is the my ldaprealm.properties file////////////////////////////////////////////////////////////////////////////
  netscape.server.host=localhost
  netscape.server.port=389
  netscape.server.ssl=false
  netscape.server.principal=uid=admin, ou=Administrators,
  ou=TopologyManagement, o=NetscapeRoot
  netscape.server.credential=password
  netscape.user.dn=ou=People, o=towers.com
  netscape.user.filter=(&(uid=%u)(objectclass=person))
  netscape.group.dn=ou=Groups, o=towers.com
  netscape.group.filter=(&(cn=%g)(objectclass=groupofuniquenames))
  netscape.membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquename
  s))////////////////////////////////////////////////////////////////////////////
  By looking at the error message, it seems like the "server.principal" and
  "server.credential" info is not correct.
  But I was able to use the same Netscape Directory server with Welogic5.1.0
  with sp4, although the ldaprealm.properties file has somewhat different
  format.
  Did anyone have similar problems with sp8?
  Thanks in advance for any suggestions.

• Sun Directory Server 5.2 installation problem on AIX 5.2

  Hi,
  Am newbie to sun ds5.2 and I got stuck during installation for last 2 days. Could you pls guide to resolve this issue. Please error msg below
  Checking disk space...
  The following items for the product Directory Server will be installed:
  Product: Directory Server
  Location: /Sun/mps
  Space Required: 141.70 MB
  Sun ONE Directory Suite
  Sun ONE Directory Server
  Sun ONE Directory Console Support
  Sun ONE Administration Services
  Sun ONE Administration Server
  Sun ONE Administration Console
  Sun ONE Server Console
  Sun ONE Server Console Core
  Java Runtime Environment
  Sun ONE Server Basic Libraries
  Ready to Install
  1. Install Now
  2. Start Over
  3. Exit Installation
  What would you like to do [1] {"<" goes back, "!" exits}? 1
  Installing Directory Server
  |-1%--------------25%-----------------50%-----------------75%--------------100%|
  [slapd-bmpdev4]: starting up server ...
  error:server:The server could not be started due to invalid command syntax or
  operating system resource limits.
  system_errno:2
  Configuration of the Directory Server failed.
  Warning creating dbswitch.conf
  Warning creating ssusers.conf
  Error Directory Server configuration failure
  Checking connection to the Configuration Directory Server... failed.
  The Admininistration Server cannot be configured.
  Error Administration Server configuration failure
  Error Configuration of the server(s) failed.
  Installation Details:
  Product Result More Information
  1. Directory Server Partially Installed. Refer to "Details..." for more
  information. Available
  2. Done
  Enter the number corresponding to the desired selection for more
  information, or enter 2 to continue [2] {"!" exits}: 2
  thanks
  Bala

  You are correct. Dir 5.2 is not certified for AIX 5.2. It does install though. Like a previous reponse stated. Check the permissions for the user you are installing with and the file system you are installing to. Make certain you have enough disk space. My install took 150 MB of disk space. Finally, Dir 5.2 creates the file "/var/adm/sw/productregistry" during install. If you do not have permissions to /var/adm/sw, you may have troubles.
  Tim
  Computer Systems Engineer
  Komatsu Canada Limited

• H/w requirements for DIrectory server for 200,000 users

  Hi,
  I would like to implement Directory services for 200,000 users. How can I know whether iPlanet Directory 5.1 will support this many users or not? If supports, Which h/w I have to use?
  If any one can let me know the formula to calculate users and h/w
  Thanks

  The directory server can handle many more users than 200K. The hardware requirements calculations are amply explained in the book "Solaris and LDAP Naming Services" by Bialaski. If you have iPlanet support contract they can provide you tuning information which includes this info.
  You should remember the possibility of growth and load in terms of number of clients and peak requests per second. With your needs, my gut feeling is that even a Netra can host it. However, if it's an enterprise service you may want to go with at least 220 machines in a replicated configuration for load balancing and availability.
  DISCLAIMER: Use these opinions at your own risk. You must do your own analysis and calculations to design a suitable physical/logical architecture.

• Configuring a Directory Server for Digital IDs and Certificates

  My company is moving toward using electronic signatures for internal documents. All of the users are on XP machines and have Acrobat Professional 8.0 installed. So far, I've been manually adding trusted IDs for each person who will be receiving signed documents that need to be validated. I'd like to make this a little easier by storing everyone's certificates on a server (Windows 2003) so that people can just go out there and add them all as one .fdf file. What I'm wondering is, what is the difference between doing it this way versus going through Acrobat and configuring a directory server? Will it work either way?
  Thanks!
  Anita

  Hi,
  Sorry for the late reply, regarding the error message: The DHCP services could not Contact Active Directory,
  please check the below KB article to see if it could help here:
  You are unable to authorize DHCP Server in Active Directory
  http://support.microsoft.com/kb/303317/en-us
  Reference for error ID 1059, and
  error ID 10020.
  For The specified server are already present in the directory services,
  please take a look into the below Blog:
  Active Directory DHCP authorisation issues
  The method mentioned in the blog above is trying to move the old information that stored in AD, and then take an action of re-authorisation of the DHCP server.
  Hope this may help
  Best regards
  Michael
  If you have any feedback on our support, please click
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Which directory server for naming?

  We are currently using OID for our Oracle naming resolution.  We are not running Identity Management, Portal, or any of the myriad of other middleware products that rely on directory server.  
  I need to migrate the OID to new hosts.  I've been flailing about with ODSEE, not realizing that Oracle has 3 different directory servers -- OID, OUD, and ODSEE.  Which one of these would be the best to use for this purpose?   Also, which one would leave me in the best position if we do adopt one of these other products?

  OUD is the best option as it supports TNS Names and EUS like OID does. I don't think ODSEE is an option here.
  Have a look at Frankie goes to Hollywood: Oracle Unified Directory 11.1.2.1.0: TNS and EUS - Part 1: TNS Resolving
  Sylvain

• Using Linux/Red Hat/Intel for Sun ONE/Java Directory Server

  Anybody have any experience of this? We're looking to get off AIX, and Total Cost of Ownership for using Solaris/Sparc versus Linux/Intel is very similar.
  The decider will be if no-one is using Linux as a platform for Sun ONE/Java Directory Server....
  Any feedback would be appreciated....

  We run Directory 5.1 in production on Solaris/Sparc, but I've tried it with sucess on Red Hat 7.2 on Intel. We have not been able to get it to work on Red Hat Enterprise 2.1 or 3.0. The main problem has been that the administration server fails on startup. Obvious the lack of support for the latest enterprise class Linux is a huge drawback. At this point I've decided to stay on Solaris/Sparc until Red Hat comes out with its own release of Netscape's Directory. When that happens we're going to evaluate whether to move the whole environment to Red Hat. The Sun and Netscape servers are almost identical in terms of features and performance, but having an open source version that can run on less expensive hardware would be a terrific win for us.

• Open directory server crashing every 30 days / clients unable to connect to calendar, contacts server

  Hello everyone,
  I am running an up to date Mavericks Server which serves exclusively as a calendar and contacts server for about two dozens devices. The server is reachable via DynDNS, however, the public IP hardly ever changes (only once or twice a year maybe). Tried setting the OS X DNS Server to serve "all clients" and "some clients".
  For about 6 months (i.e. also under Mountain Lion), I am having a very strange problem. Roughly every 20-30 days, clients will not be able to connect to the server, instead getting a "wrong password" dialog. Restarting the open directory server will help for the next 30 days.
  I have tried repairing the database as detailed here, however, the issue persists.
  Any help would be highly appreciated!
  I would have tried setting up a clean server installation, migrating calendars/contacts manually and re-adding all users by hand, however, I am not aware of an easy way to do so. The terminal command for calendar backup is broken under mavericks (might work with this workaround) and re-adding users manually would apparently involve correcting user UUIDs afterwards in order to match the migrated calendar data. Do you know of a better approach?
  Thanks a lot!
  DPSG-Scout

  Hi Linc,
  This looks the most relevant to me:
  opendirectory.log
  2014-03-11 11:13:09.460675 CET - 333.2628758.2628759 - Client: Python, UID: 93, EUID: 93, GID: 93, EGID: 93
  2014-03-11 11:13:09.460675 CET - 333.2628758.2628759, Node: /Local/Default, Module: PlistFile - predicates with 'AND' are not supported
  2014-03-11 12:09:00.296514 CET - State information (some requests have been active for extended period):
            Sessions: {
                28 -- opendirectoryd:
                            Session ID: 7BFBA6FE-A968-4399-A129-E3A5945E2A81
                            Refs: singleton
                            Type: Default
                            Target: localhost
            Nodes: {
                43 -- authd:
                            Node ID: 6D0E236D-6DBD-4E8C-BC01-B3F50C2C2D8E
                            Nodename: /LDAPv3/127.0.0.1
                            Session ID: <Default>
                            Refs: 1
                            Internal Use: X
  an many more similar ones…
  Thanks for your effort!