Can an LDAP server be it's own client?
In short yes, why would you want to do this? Many reasons, but mine is to be able to use ldap on laptops running Solaris and have them log into the machine with ldap credentials off the network. When we plug them back onto the network, I have a master server send any new data via one-way replication. I will give 2 separate ways to accomplish this. One is, to put it bluntly, a dirty hack to get it working. The second is much more elegant and it's the one I have stressed tested to verify that it works.
Disclaimer: I have only used these methods on Solaris10 update 3 with Trusted Extensions using directory server 5.2 as well as the administration server. I have used a few different kinds of machines (all x86) and have not had a problem with it. I do not know if it will work on any other version or hardware. I haven't even looked at the source code, all assumptions made here are from observing the systems behavior while making minor changes.
Now, the reasons why normally you can't be your own client (at least as far as I can tell) is because of the way the system boots and the dependencies that the ldap/client service needs to start up. If you boot a machine that is it's own client and ldap/client runs before the directory server starts, of course it will fail. The system boots the services first, then legacy init scripts. Directory Server 5.2 uses init scripts. Correct me if I am wrong, but that is the only real hurdle in your way.
So the first way to get it 'working' (dirty hack) is to delay the ldap/client smf service from starting until the directory server is started. After you become a client of yourself (in this case the global zone) disable the ldap/client serrvice.
svcadm disable ldap/clientThen enable it temporarily with the -t option
svcadm enable -t ldap/clientWell if you were to reboot now it would not work because the service would not start at boot because it is set to be administratively down. Edit the S72directory script in /etc/rc2.d and after the start commands just add the svcadm enable -t ldap/client command and it will load right after directory server starts. Will this work? Yes, is it a clean way to do it? NO. I used this method just for testing the theory that the only reason I could not be my own client was because of the booting issue.
Now the best way that I can see to accomplish this is to create your own smf services for the directory server and admin server. That way all you have to do is add a dependency to the ldap/client xml file to wait until the new directory server service is started before it starts. So in /var/svc/manifest/site create a folder called ldap (I put this in site because I didn't want to run into any issues of patching). In /var/svc/manifest/site/ldap/ create two xml files named:
quick note: These are the first services I have created. There may be a much better way to make them. If you can re-code it better, please let me know so I can look at them. Also there is no restart command in here (actually I just noticed that) so adding one of those would be wise.
ds_admin.xml and directory_server.xml.
ds_admin.xml contains<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright 2004 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
ident "@(#)client.xml 1.4 04/12/09 SMI"
NOTE: This service manifest is editable; its contents will not
be overwritten by package or patch operations, including
operating system upgrade.
-->
<service_bundle type='manifest' name='SUNWdsadmin:dsadmin'>
<service
name='site/ldap/ds_admin'
type='service'
version='1'>
<create_default_instance enabled='false' />
<single_instance />
<dependency
name='fs'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/filesystem/minimal' />
</dependency>
<dependency
name='net'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/network/initial' />
</dependency>
<exec_method
type='method'
name='start'
exec='/lib/svc/method/ds_admin start'
timeout_seconds='120' >
<method_context>
<method_credential user='root' group='sys' />
</method_context>
</exec_method>
<exec_method
type='method'
name='stop'
exec='/lib/svc/method/ds_admin stop'
timeout_seconds='60' >
<method_context>
<method_credential user='root' group='sys' />
</method_context>
</exec_method>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'>
LDAP Admin server
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
LDAP admin server
Information Service lookups
</loctext>
</description>
</template>
</service>
</service_bundle>and directory_server.xml contains:
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright 2004 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
ident "@(#)client.xml 1.4 04/12/09 SMI"
NOTE: This service manifest is editable; its contents will not
be overwritten by package or patch operations, including
operating system upgrade.
-->
<service_bundle type='manifest' name='SUNWds:ds'>
<service
name='site/ldap/directory_server'
type='service'
version='1'>
<create_default_instance enabled='false' />
<single_instance />
<dependency
name='usr'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/filesystem/minimal' />
</dependency>
<dependency
name='net'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/network/initial' />
</dependency>
<dependency
name='ds_admin'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri
value='svc:/site/ldap/ds_admin' />
</dependency>
<exec_method
type='method'
name='start'
exec='/lib/svc/method/directory_server start'
timeout_seconds='120' >
<method_context>
<method_credential user='root' group='sys' />
</method_context>
</exec_method>
<exec_method
type='method'
name='stop'
exec='/lib/svc/method/directory_server stop'
timeout_seconds='60' >
<method_context>
<method_credential user='root' group='sys' />
</method_context>
</exec_method>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'>
LDAP directory server
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
LDAP directory server
Information Service lookups
</loctext>
</description>
</template>
</service>
</service_bundle>Now the start/stop scripts will be located in /lib/svc/method and are as followed:
ds_admin
#!/sbin/sh
case "$1" in
start)
/usr/sbin/directoryserver start-admin
stop)
/usr/sbin/directoryserver stop-admin
echo "Usage: $0 { start | stop }"
exit 1
esac
exit 0simple yes.
directory_server
#!/sbin/sh
HOST_NAME=`hostname`
SERVER_ROOT=/var/opt/mps/serverroot
DIRECTORY_SERVER_INSTANCE=slapd-${HOST_NAME}
case "$1" in
start)
${SERVER_ROOT}/${DIRECTORY_SERVER_INSTANCE}/start-slapd
stop)
${SERVER_ROOT}/${DIRECTORY_SERVER_INSTANCE}/stop-slapd
echo "Usage: $0 { start | stop }"
exit 1
esac
exit 0The only thing left to do is modify the ldap/client smf file to wait until the directory server starts before it loads.
So edit /var/svc/manifest/network/ldap/client.xml and right before the dependency for for /var/ldap/ldap_client_file add this
<dependency
name='directory_server'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri
value='svc:/site/ldap/directory_server' />
</dependency>
Any changes made to the /ldap/client xml file must be made after ALL zones have been installed. If this file is copied to a zone it will never work as the directory_server service is not loaded in the zones.
Now what? You must remove the legacy init scripts in /etc/rc2.d. Those would be S72directory and S73mpsadm. No need to keep them around, alternatively, you can just change the capital 'S' to lower case and they want start.
You can now either use svccfg to validate and import the new services or you can reboot. Typically, I reboot and use the '-m verbose' option on boot to watch the services for any errors. I haven't had any lately but on different systems I always watch to see if it behaves different.
That's it. I have rebooted all the machines many, many times without error. This of course does not address loading the directory server or adding users, tnrhdb file, etc... We have scripted most of loading out and once we get some error correction coded in I will post them.
Also, if you find any errors or even a better way to accomplish this, please post it.
This restriction is only in terms of implementing the Solaris support for LDAP as a naming service. If the Solaris OS is configured to use LDAP as a naming service, it can't use a LDAP server running on the same host.
The reason is that the LDAP server makes naming service calls before it gets fully started up. If the OS wants to use the LDAP server for the naming service, then a deadlock happens, where the LDAP server's gethostbyname() call can't complete because the LDAP server isn't up.
It is possible to configure the Solaris naming resolution to avoid this problem. I've got a system set up this way myself. Regardless, the official support channels won't support a system set up this way, so if you do this you do it at your own risk.
Similar Messages
-
Can Mac OS Server limit up time for clients
Can Mac OS Server limit up time for clients like a linksys router can? I want to base the time limit on mac addresses.
what exactly do you want to limit?
uptime is the time since the computer has been turned on (total time running), sounds more like you would like to limit internet acccess...?? -
Can't get server to send file to client
On the client side, when I type in a filename in the JTextField and press enter, nothing happens. I want the server to get the file and send the contents back to the client. The client is connecting; I believe my problem is in my processConnection method in the server file.
Please advise. The code for both server.java and client.java is below.
import java.io.*;
import java.net.*;
public class Server
private BufferedWriter output;
private BufferedReader input;
private ServerSocket server;
private Socket connection;
private String message;
public void runServer ( )
try
server = new ServerSocket ( 8189 );
connection = server.accept ( );
getStreams ( );
processConnection ( );
closeConnection ( );
catch ( EOFException eofException )
System.out.println ( "Client terminated connection" );
catch ( IOException ioException )
ioException.printStackTrace ( );
private void getStreams ( ) throws IOException
output = new BufferedWriter ( new OutputStreamWriter ( connection.getOutputStream ( ) ) );
output.flush ( );
input = new BufferedReader ( new InputStreamReader ( connection.getInputStream ( ) ) );
private void processConnection ( ) throws IOException
message = ( String ) input.readLine ( );
File file = new File ( message );
BufferedReader fileInput = new BufferedReader ( new InputStreamReader
( new FileInputStream ( file ) ) );
String str = fileInput.readLine ( );
while ( str != null )
output.write ( str );
str = fileInput.readLine ( );
output.flush ( );
fileInput.close ( );
private void closeConnection ( ) throws IOException
output.close ( );
input.close ( );
connection.close ( );
public static void main ( String [ ] args )
Server application = new Server ( );
application.runServer ( );
import java.io.*;
import java.net.*;
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
public class Client extends JFrame
private JTextField enterField;
private JTextArea displayArea;
private BufferedWriter output;
private BufferedReader input;
private Socket connection;
private String message;
public Client ( )
super ( "Client" );
Container container = getContentPane ( );
enterField = new JTextField ( 10 );
enterField.addActionListener (
new ActionListener ( )
public void actionPerformed ( ActionEvent event )
sendFile ( enterField.getText ( ) );
container.add ( enterField, BorderLayout.NORTH );
displayArea = new JTextArea ( );
container.add ( displayArea, BorderLayout.CENTER );
setSize ( 500, 400 );
setVisible ( true );
public void runClient ( )
try
connectToServer ( );
getStreams ( );
processConnection ( );
closeConnection ( );
catch ( EOFException eofException )
System.out.println ( "Server terminated connection" );
catch ( IOException ioException )
ioException.printStackTrace ( );
private void connectToServer ( ) throws IOException
displayArea.setText ( "Attempting connection\n" );
connection = new Socket ( InetAddress.getLocalHost ( ), 8189 );
displayArea.append ( "Connected to: " + connection.getInetAddress ( ).getHostName ( ) );
private void getStreams ( ) throws IOException
output = new BufferedWriter ( new OutputStreamWriter ( connection.getOutputStream ( ) ) );
output.flush ( );
input = new BufferedReader ( new InputStreamReader ( connection.getInputStream ( ) ) );
displayArea.append ( "\nGot I/O streams\n" );
private void processConnection ( ) throws IOException
message = ( String ) input.readLine ( );
displayArea.append ( "\n" + message );
private void closeConnection ( ) throws IOException
displayArea.append ( "\nClosing connection" );
output.close ( );
input.close ( );
connection.close ( );
private void sendFile ( String message )
try
output.write ( message );
output.flush ( );
catch ( IOException ioException )
displayArea.append ( "\nError writing string" );
public static void main ( String [ ] args )
Client application = new Client ( );
application.setDefaultCloseOperation ( JFrame.EXIT_ON_CLOSE );
application.runClient ( );How about some serialization:
URLConnection con = ....
con.setRequestProperty("Content-Type", "java/octet");
con.setDoOutput(true);
ObjectOutputStream oos = new ObjectOutputStream(con.getOutputStream());
oos.writeObject(dataSend);
stream = con.getInputStream();
ObjectInputStream ois = new ObjectInputStream(stream);
Object dataReceive = ois.readObject();
You determine the types of the objects that will carry the content,
they just need to be Serializable. Maybe you will wanr to change the connection type but I think it will be almost the same scheme
HTH
Mike -
Can I use your Embeded LDAP Server?
Hi,
WebLogic Server 7.0 and 8.1 comes with an embedded LDAP Server?
I have an application that requires iPlanet Directory Server for 7000 entries.
Can I use the embedded LDAP Server to put my own entries and use it?
Regards,
Shanmugavel R PAre these videos on mozilla.org somewhere? Please see the last section of the following page, on "Site Licensing": http://www.mozilla.org/about/legal.html
-
Hi,
I am trying to bind objects to LDAP server running on Windows 2000 locally.I found LDAP server for other OS s and Windows NT,but not for Win 2000.Can anybody suggest where we can download LDAP server for Win 2000.Or, how can we create an account on free LDAP servers on line and use.
Thanks in advance
GopalI don't see how "Find me a free LDAP server that runs on Windows 2000" qualifies as a Java programming question. And it took me less than a minute to find one via Google. So STFW.
-
Can't connect to the LDAP server
I have two PCs on my network. Both have the Softerra LDAP Browser program. One can connect to the OpenLDAP.com LDAP server without issue, but my other computer gets a "can't connect.." error.
The box that can connect is my own personal machine, and the box that won't connect is a notebook given to me by my work. Are there any specific settings that could be changed to prevent LDAP access?
Thanks,
rThis sounds like a problem with the networking configuration of the notebook. It's certainly not a JNDI problem.
-
How can we update data in LDAP server using PL/SQL.
Hi,
How can we update data in LDAP server using PL/SQL program.
Is there any sample code for refrence.
Thanks,
TarunHi Justin,
Thanks for your help. You got my correct requirements.
Tim's example returning all the attributes of current user which is admin user. Please correct me if I am wrong.
I have the following information:
the admin user and password,server info , port and ldap_base for admin.
I have uid and password for regular user, I am trying find the ldap_base for regular user, which may be different from adminuser.
Please help me.
Thanks,
Edited by: james. on Jan 12, 2009 5:39 PM -
Java ftp server which can use LDAP, how to integrate with WLS' implementation of LDAP?
Howdy.
I'm setting up a java ftp server
(http://www.mycgiserver.com/~ranab/ftp/index.html) which is capable of using
LDAP for it's user security. I would like to integrate this ftp server with
wls' implementation of LDAP so I only have to admin one user list.
Does wls put it's user list in the LDAP or in it's own proprietary setup? I
tried playing around with it, but the users don't seem to appear in the JNDI
tree. Is this where the LDAP stuff is located? I thought it was in there?
If it's in it's own setup, is there a way to propagate the users to LDAP?
If these look like newbie Q&A, I guess they kind of are, I'm new to LDAP.
Thanks for any input you might have.Peter,
If you are talking about using the embedded LDAP server in WLS 7.0 for this purpose
I think you are going done the wrong path.
Look at the following URL on how to use an external LDAP server for your custom
application
http://e-docs.bea.com/wls/docs70/secmanage/realm.html#1172008
Chuck Nelson
DRE
BEA Technical Support -
How can portal use two different LDAP Server in UME
Hi,
My question is Can UME in portal be configured for multiple LDAP sources.Currently i have a setting in portal
as follows:
Server Name : Abcd
port : 1234
user : CN=" ",Ou=" ",Ou=" ",Dc=AD,Dc=my company,Dc=com
password :
user path : DC=AD,Dc=My company,Dc=Com
group Path : same as user path
I want to configure one more LDAP server to my portal UME,how can give values for that in above sttings.I even want these current settings to be enabled.
Do anyone have idea on this.
Thanks and Regards
Rani AHi again ,
I know it can be done. But how urgent is this for you.
I can get back to you in couple of days, me lil busy today.
cheers,
Anu... -
Why can't I get my Mac to like the LDAP server?
On Monday I started hammering away at getting the LDAP server setup on the Linux server with openldap. I was able to get a test Mac running Leopard to see the LDAP server and the accounts. The next battle was to get home directories to mount under /home. I was about to do that after finding a working ldif example using automaster and autohome. After that I was able to get the Public share automatically mounted on /Network/Public. Wonderful!
Tuesday I came in thinking that the next battle would be with Samba. Unfortunately, somewhere in powering off the Mac and rebooting it, I lost all the share mounting! It still sees the accounts, but it absolutely will not see the mounts. In trying to figure it out I have wiped the LDAP database and restarted it, I have wiped the test Mac twice, I have made sure the Mac is running the latest updates, and still nothing.
If I go into dscl this is now what I see:
ls Automount/
Record Name Unknown
Record Name Unknown
ls AutomountMap/
Record Name Unknown
Record Name Unknown
cat Mounts/10.110.1.1:\/share\/public/
dsAttrTypeNative:cn: 10.110.1.1:/share/public
dsAttrTypeNative:objectClass: mount top
AppleMetaNodeLocation: /LDAPv3/10.110.1.1
RecordName: 10.110.1.1:/share/public
RecordType: dsRecTypeStandard:Mounts
On the LDAP server, the records look like:
dn: automountMapName=auto_master,ou=mounts,dc=example,dc=com
automountMapName: auto_master
objectClass: top
objectClass: automountMap
dn: automountKey=/home,automountMapName=auto_master,ou=mounts,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: /home
automountInformation: auto_home
dn: automountMapName=auto_home,ou=mounts,dc=example,dc=com
automountMapName: auto_home
objectClass: top
objectClass: automountMap
dn: automountKey=*,automountMapName=auto_home,ou=mounts,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: *
automountInformation: 10.110.1.1:/home/&
dn: cn=10.110.1.1:/share/public,ou=mounts,dc=example,dc=com
mountDirectory: /Network/Public
objectClass: mount
objectClass: top
mountType: nfs
cn: 10.110.1.1:/share/public
It looks like for some reason it's either missing entries from the LDAP server, and/or it's ignoring some of the mapping and leaving them out. The Mounts entry is missing the VFSLinkDir which maps to mountDirectory. The Automount stuff is missing the RecordName which maps to automountKey and automountMapName.
What the heck happened? Why does the Mac refuse to see the LDAP server the way it did on Monday?I am having something similar going on and can't sort out what it is doing:
ldiffs:
dn: automountMapName=auto_master,dc=example,dc=edu
objectClass: top
objectClass: automountMap
automountMapName: auto_master
dn: automountKey=/foo,automountMapName=auto_master,ou=Mounts,dc=soe,dc=ucsc,
dc=edu
objectClass: automount
automountKey: /foo
automountInformation: auto.foo,dc=example,dc=edu -rw,resvport,
hard,intr,nosuid,tcp
Second one:
dn: automountMapName=auto.foo,dc=example,dc=edu
objectClass: top
objectClass: automountMap
automountMapName: auto.foo
dn: automountKey=tstaff,automountMapName=auto.foo,dc=example,dc=edu
objectClass: top
objectClass: automount
automountInformation: fileserver:/export/foo/tstaff
automountKey: tstaff
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 name=tstaff[] map=auto.foo,dc=example,dc=edu opts=rw,resvport,hard,intr,nosuid,tcp path=/foo direct=0
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 getmapent_ds called
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 getmapent_ds: key=[ tstaff ]
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match called
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match: key =[ tstaff ]
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match: Searching for tstaff,automountMapName=auto.foo,dc=example,dc=edu
9/25/09 11:45:25 AM automountd[1101] ds_search failed
exiting ...
It seems like it can't find the trigger point tstaff. It is looking for:
ds_match: Searching for tstaff,automountMapName=auto.foo,dc=example,dc=edu
which isn't what the DN is in ldap:
Distinguished Name: automountKey=tstaff,automountMapName=auto.foo,dc=example,dc=edu
any thoughts?
regards,
Derek -
Can I use LDAP server's authentication mechanism rather than comparing password ?
Hi All,
The weblogic security and adminguide says that the user authencation can be of
the following 3 types:
1. Bind specifies that the LDAP security realm
retrieves user data, including the password for
the LDAP server, and checks the password in
WebLogic Server.
2. External specifies that the LDAP security
realm authenticates a User by attempting to
bind to the LDAP server with the username
and password supplied by theWebLogic
Server client. If you choose the External
setting, you must also use the SSL protocol.
3. Local specifies that the LDAP security realm
authenticates a User by looking up the
UserPassword property in the LDAP directory
and checking it against the passwords in
WebLogic Server.
But say I want that my users should be authenticated by the LDAP server rather
than picking up the password from LDAP and comparing at weblogic end. Then what
should I do ?
Because no. 2 is applicable only for ssl certificates, no.1 and no.3 picks up
password using the login dn and password provided at the time of configuration
of realm and compare with password given by user.
And once gain there some issues on having picking up password and comparing it:
1. Netscape directory server can store the password in oneway hashed form(and
that is preferred , too). So when userpassword attribute is read , it's in one
way hashed form. So how the comparison will go on ?
2. Creating a user who has the access to user data along with userpassword attribute
itself is a security threat, as if someone can crack that user's dn and password
then he/she can do anything as userdata can be read.
Any suggestion is welcome.
TIA,
SudarsonThanks a lot Jerry.
I got these stuff from weblogic 6.1 docs sets security.pdf and adminguide.pdf.
I have another question, if that is the case (in Case of BIND), then why do we
a require a dn of user and password who has the access to read the entire directory
And at the same time, u specified this for Bind, what are the cases for other
two-local and external ? And then what is actually difference between Bind and
Local ?
Pls help me.
Thanks,
Sudarson
Jerry <[email protected]> wrote:
Hi Sudarson,
Whatever doc you were reading is at least partially incorrect, unfortunately...
I know for sure that when you specify BIND, weblogic sends the username/password
to your
LDAP server in an attempt to bind to it.
If the bind is successful, WLS determines that the username/password
pair were correct.
If the bind was unsuccessful, WLS determines that the username/password
pairing is not
valid.
At all times, WebLogic is letting the LDAP server do the actual compare
of
username/password. WLS does not, at any time, retrieve a password from
the LDAP server.
I hope this helps,
Joe Jerry
sudarson wrote:
Hi All,
The weblogic security and adminguide says that the user authencationcan be of
the following 3 types:
1. Bind specifies that the LDAP security realm
retrieves user data, including the password for
the LDAP server, and checks the password in
WebLogic Server.
2. External specifies that the LDAP security
realm authenticates a User by attempting to
bind to the LDAP server with the username
and password supplied by theWebLogic
Server client. If you choose the External
setting, you must also use the SSL protocol.
3. Local specifies that the LDAP security realm
authenticates a User by looking up the
UserPassword property in the LDAP directory
and checking it against the passwords in
WebLogic Server.
But say I want that my users should be authenticated by the LDAP serverrather
than picking up the password from LDAP and comparing at weblogic end.Then what
should I do ?
Because no. 2 is applicable only for ssl certificates, no.1 and no.3picks up
password using the login dn and password provided at the time of configuration
of realm and compare with password given by user.
And once gain there some issues on having picking up password and comparingit:
1. Netscape directory server can store the password in oneway hashedform(and
that is preferred , too). So when userpassword attribute is read ,it's in one
way hashed form. So how the comparison will go on ?
2. Creating a user who has the access to user data along with userpasswordattribute
itself is a security threat, as if someone can crack that user's dnand password
then he/she can do anything as userdata can be read.
Any suggestion is welcome.
TIA,
Sudarson -
Solaris 10 client - ldap_search: Can't connect to LDAP server
Hello
I have following configuration:
- openLDAP server in Solaris 10 zone called ldap
- native LDAP client in different Solaris 10 zone called mail on the same SPARC machine
I can't get ldapsearch results after ldapclient initialization.
[root@mail ~]# ldapsearch -b dc=pov,dc=pl objectclass=*
ldap_search: Can't connect to the LDAP server - Connection refused
But I am able to get data from LDAP server if address of the server is specified:
[root@mail ~]# ldapsearch -b dc=pov,dc=pl -h 192.168.1.40 objectclass=*
version: 1
dn: ou=users,dc=pov,dc=pl
objectClass: organizationalUnit
ou: Users
Here is ldapclient config:
[root@mail ~]# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 192.168.1.40
NS_LDAP_SEARCH_BASEDN= dc=pov,dc=pl
NS_LDAP_AUTH= none
NS_LDAP_CACHETTL= 0
What am I missing?Hi, I'm no exprert but I will try to help you. Are you still working on this?
This what my stuff looks like:
# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= uid=proxyagent,ou=People,dc=deathnote,dc=net
NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411
NS_LDAP_SERVERS= 10.0.1.21:389
NS_LDAP_SEARCH_BASEDN= dc=deathnote,dc=net
NS_LDAP_AUTH= none
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=deathnote,dc=net
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=deathnote,dc=net
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=deathnote,dc=net
NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple
[root@light migration]# cat user00.ldif
dn: uid=user00,ou=People,dc=deathnote,dc=net
uid: user00
cn: user00
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 805
gidNumber: 501
homeDirectory: /home/user00
gecos: ldap user
Also update you hosts file and add your server to the domain.
I hope this helps.
Edited by: CyberNinja on Oct 22, 2011 12:37 PM -
HELP: Can not connect LDAP server with 64bit ldap csdk5.08 on Solaris10
We are using 64bit ldap csdk5.08 on SunOS5.10. But it doesn't work.
We wrote a simple client program that connects using ldap_simple_bind_s() function. When I run the code it gives an error saying 'Can't connect to the LDAP server - Connection refused' .
At the same time using snoop to capture network packages on the ldap server , it shows no package received at all.
But if we use 32bit ldap library, the program works well and no error is raised.
And the 64bit ldap tool ldapsearch also works well, it can search data from the server successfully.
The sample code:
==================================================
#include <ldap.h>
#include <stdio.h>
int
main( int argc, char **argv )
LDAP *ld;
int rc;
/* Get a handle to an LDAP connection. */
if ( (ld = ldap_init( "150.236.42.53", 38902)) == NULL )
perror( "ldap_init" );
return( 1 );
/* Bind anonymously to the LDAP server. */
rc = ldap_simple_bind_s( ld, NULL, NULL );
if ( rc != LDAP_SUCCESS )
ldap_perror(ld, "ldap_simple_bind_s:");
return( 1 );
}This looks like a mismatch between C-sdk libraries and Solaris native libraries.
Are you sure your program loads the correct libraries ?
Ludovic. -
Please Help. How can you monitor a directory using jndi connection to a ldap server?
How can you monitor a directory using jndi connection to a ldap server? I
want the ldap server to monitor the content change in a file system
directory on another computer on the network. Can someone please help.
Thanks
FredHi,
Why do you want to use LDAP for Hard disk monitoring..???
U can do this by creating a MD5 checksum for all the files existing in some
perticular
directory and every hour or any configurable period u can recalculate the
checksum
to find out the change in the content.
I guess all u need is to get the code for "updatedb" utility of Linux and
instrument it for ur needs..
Hope it helps...
-aseem
mr wrote:
How can you monitor a directory using jndi connection to a ldap server? I
want the ldap server to monitor the content change in a file system
directory on another computer on the network. Can someone please help.
Thanks
Fred -
LDAP Bind Failure: Can't contact LDAP server in Presentation Server
I have configured LDAP configuration in the RPD and am able to connect to the LDAP from the BI server. Its returning the information i need when i test through the admin tool. But when i try to log in from the PS using the same network id and password, it gives me the below error:
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused. [53003] LDAP bind failure: Can't contact LDAP server. (08004).
I know for sure, the network connectivity is working as i get my results back from the BI Server. Please advise, if i need to change other configurations on the Presentation end. As my network folks have run out of ideas. Thx!user9125812 wrote:
Yes, i am pinging from OBIEE Server through the RPD and i am successful.Pinging the OBIEE Server through the RPD? Ping is a DOS command, how can oyu "ping through the RPD".
Can you go to the server, open a CMD windows and do "ping nsldap.companyname.com" and see if it works. If it works it could be that the LDAP port is blocked by a firewall or OBIEE is not able to make a connection. Make sure you are using the correct port as well. Install an LDAP client in your OBIEE Server and test that you can connect to your LDAP server from your OBIEE Server, not from the RPD. You can use this:
http://jxplorer.org/
Maybe you are looking for
-
We're buying a new platform for our Oracle server. It'll be... (4) 1.3ghz 64 bit (Madisons) 48gb memory (2) 36gb drives - For OS and Swap (2) 146gb drives - For general work space The question is where to put the disks that will contain the database
-
TAX Calculation as per child items for fininsh goods in sale bill.
hi team, here i am implementing SAP business one in construction company : SCENARIO: TEMPLATE BOM= FG=ABC+D steps: 1.sales order for FG item in which child items we are manually at row level for print layout issues. 2.Delivery challan document we are
-
I have paid Bell to unlock my old iphone4 and they have said it is now unlocked. Can I skip the back up and restore process and just buy another carriers sim card from my daugther Kodoo plan, install it and active the iphone4 on itunes account in her
-
Urgent: Unable to run JSP pages(using JRun Custom Tags) in Weblogic 5.1
Hi, I am using JRun Custom tags to bulid JSP pages. Could not run the jsp page on Weblogic 5.1. I could run the same on JRun Server but not on Weblogic?. Had placed JRuntags.jar in the web_inf directory. What/where i need to update in properties file
-
I cannot register my new phone as a message comes up saying Can anyone help me here?