Command to list logged in users in Identity Server 6.1

Is there a Identity Server command line command to list the currenlty logged in users? I know GUI does provide the current sessions info. but would like to know the equivalent from the shell if any.
Thanks
Bala

/opt/SUNWam/bin/amadmin -u "uid=amAdmin,ou=People,dc=<your organization>" -w <your ampassword> --session http://<your web container>:<your web container port>

Similar Messages

How to list contact or user in a Group especial in DL by command-line?

I know some commands can list contacts or users in a OU such as
squery user OU-DN
OR
dsquery contact OU-DN
list a group and mark with SecGroup or DL can use by:
dsquery group OU-DN | dsget group -dn -secgrp
and list all members of a group by:
dsget group GroupDN -members
But the list cannot tell me who are contacts and who are users.
Are there any ways can check which members of Group are contacts or users in command-line?
Thanks

This isn't pretty, but it works:
dsquery * -filter "(memberOf=cn=Mygroup,ou=Sales,dc=MyDomain,dc=com)" -attr distinguishedName objectClass
The objectClass attribute indicates whether each member is a user, contact, group, or computer.
Richard Mueller
MVP ADSI

Can not log on user@domain

I can not log on the JES identity server 6.1 with user@domain.
How do i setting the identity server to support user@domain ?
Thanks

Configure LDAP attribute name which contains this value in the list of aliases for core and authentication modules.

Widget for Logged On Users

Is there a widget that will let one determine the users (IP or name) that are logged onto your machine, say for example, remotely? IS there there some other way of doing this?
Thanks. Paulo.

sm04-shows the logged on users of current server.
AL08-shows logged on users of all servers in the network.
Even you can access this from SM51 and selecting the server on which you want to see logged on users and hit user processes tab.
mark as answered if it solved the problem and reward points for the same.

Custom Authentication Module on Identity Server

Hi,
I have a custom authentication module which I am trying to access through the policy agent.
I have set the following property in AMAgent.properties file
com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login?module=CustomLoginModule.
My login module code is something like this:
package com.iplanet.am.samples.authentication.providers;
import java.util.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import java.rmi.RemoteException;
import java.io.FileInputStream;
import java.util.Properties;
public class LoginModule1 extends AMLoginModule
private String userName;
private String userTokenId;
private HashMap usersMap;
private java.security.Principal userPrincipal = null;
public LoginModule1() throws LoginException
public void init(Subject subject, Map sharedState, Map options)
          System.out.println("LoginModule1 initialization");
          usersMap = new HashMap();
          ResourceBundle bundle = ResourceBundle.getBundle("users");
          Enumeration users = bundle.getKeys();
          while (users.hasMoreElements())
               String user = (String)users.nextElement();
               String password = bundle.getString(user.trim());
               usersMap.put(user, password);
public int process(Callback[] callbacks, int state) throws AuthLoginException
          int currentState = state;
          if (currentState == 1)
               userName = ((NameCallback) callbacks[0]).getName().trim();
               char[] passwd = ((PasswordCallback) callbacks[1]).getPassword();
               String passwdString = new String (passwd);
               if (userName.equals(""))
                    throw new AuthLoginException("names must not be empty");
               if (userName.equals("testuser") && passwdString.equals("testuser"))
                    userTokenId = userName;
                    return -1;
               if (usersMap.containsKey(userName))
                    if (usersMap.get(userName).equals(new String(passwd)))
                         userTokenId = userName;
                         return -1;
               return 0;
     public java.security.Principal getPrincipal()
          if (userPrincipal != null)
               return userPrincipal;
          else
          if (userTokenId != null)
               userPrincipal = new SamplePrincipal("testuser");
               return userPrincipal;
          else
               return null;
So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication does not succeed and I get the following error message in the agent log file.
2004-08-09 15:24:08.640 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:09.030 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:23.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:29.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:29.499 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
2004-08-09 15:24:29.499 128 2712:24fda5e8 RemoteLog: User unknown was denied access to http://ps0391.persistent.co.in:80/test/index.html.
2004-08-09 15:24:29.499 Error 2712:24fda5e8 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
2004-08-09 15:24:29.499 Error 2712:24fda5e8 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
2004-08-09 15:24:29.499 -1 2712:24fda5e8 PolicyAgent: validate_session_policy() access denied to unknown user
The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
Thanks
Srinivas

Does the principal "testuser" exist in your realm? If I understand your module correctly, it looks like it always returns "testuser".
I am guessing that Access Manager is not finding your principal. Typically if access manager cannot associate the principal returned by the custom AMLoginModule it will fail the authentication.
I am wondering if this is related to a seperate problem I have seen with custom login modules. Try chaning the code to return an LDAP style principal it may work:
so return "uid=testuser,ou=People,dc=yourdomain,dc=com" for example. In theory this should not be necessary but it solved some problems for me, though I am not sure why.

My Tasks View in my custom task list fails to display the tasks assigned to me (that is the currently logged in user)

Hi
I am new to sharepoint 2010.
I created a custom task list, where I have many tasks assigned to users (I had tasks assigned to me as well). I created a view as "My tasks "and having a filter as Assigned To is equal to [Me]. When I do that my view fails to show the
tasks assigned to me. This happens same with the Sharepoints 'My Tasks' view as well. I tested by creating some test tasks under my name and when I selected 'My Tasks' view no tasks are getting displayed.
Please help.
Thanks,
Gokulkumar.

Hi,
According to your post, my understanding is that you wanted to display the tasks assigned the current logged in user.
In my environment, if I used the System Account, My Task view didn’t display any tasks.
However , if I used other users except the System Account, My Task view could display current user tasks correctly.
I recommend to use other accounts except System Account to log in site. Then everything will work well.
Thank you for your understanding.
Best Regards,
Linda Li
Linda Li
TechNet Community Support

How to get a list of Local Users who has not logged in for 3 months or around 90 days

hi
i found this thread to pull out a list of local users
Retrieve all local user accounts information on remote computers (PowerShell)
however, i need to filter out users who has not logged in for 3 months or around 90 days, how can i do further filtering?
i understand dsquery has an -inactive <xweeks> , however i am doing it for local accounts

$ErrorActionPreference = "silentlycontinue"
$([ADSI]"WinNT://$env:COMPUTERNAME").Children | where {$_.SchemaClassName -eq 'user' -and $_.lastLogin -gt (Get-Date).AddDays(-90)} | ft name,lastlogin
using the sample from the link extendend with the 90 days criteria, the erroraction preference surpresses the errors you get for accounts with no lastlogon value (guest being a typical one)

Identity User( Find Current Logged in User) Windows Forms

I have implemented dummy code for logging in to a windows Forms Application using Identity (Owin Auth). part of my code is as follows:
private bool validateuser()
bool isAuthorised = false;
Login1 log = new Login1();
if (DialogResult.OK == log.ShowDialog())
Splasher.Show(typeof(frmSplash));
userC = log.usernameTextBox.Text;
PassC = log.passwordTextBox.Text;
if (userC == "" || PassC == "")
count++;
//isAuthorised = false;
if (count > 0) log.LoginStatus.Text = "Empty passwords or usernames are not allowed. please try again";
if (count == 2) MessageBox.Show("You have one try remaining");
if (count == 3) { MessageBox.Show("You have exosted your tries application will now close"); Application.Exit(); }
validateuser();
else
var userStore = new UserStore<IdentityUser>();
var userManager = new UserManager<IdentityUser>(userStore);
var user = userManager.Find(userC, PassC);
if (user != null)
var userIdentity = userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
isAuthorised = userIdentity.IsAuthenticated;
userIdentity.AddClaim(new Claim("FullName", user.UserName));
userIdentity.AddClaim(new Claim("User_Id", user.Id));
return isAuthorised;
else
count++;
//Application.Exit();
if (count > 0) log.LoginStatus.Text = "You may have entered a wrong password or username. Please try again";
if (count == 2) MessageBox.Show("You have one try remaining");
if (count == 3) { MessageBox.Show("You have exosted your tries, application will now close"); Application.Exit(); }
validateuser();
count = 0;
return isAuthorised;
When the code works fine and is able to authenticate from the database. In the current form, I'm able to get the current user by using user.UserName or id by using user.Id
How do I get to retrieve the name or Id of the current logged in user from another form. Please Help
Thanks
My ASP

Type in c.Type is giving an error. could I be missing any important reference?
My ASP
Hi,
Looks from Aram's code, I found a blog from Leandro Boffi.
http://leandrob.com/2012/02/claims-identity-c-4-0-dynamics/
Some similar code like Aram's. You should install
Windows Identity Foundation and the companion
WIF SDK
Best regards,
Kristin
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

How to list all logged in users in Weblogic?

Dear All,
I want to list all the logged in users in weblogic since we have assigned each user a separate login.
Right now, weblogic console shows if any user is making any changes. However, I want to list all users logged in even if they are in idle state.
I have also looked in domainRuntime location using WLST but couldn't find any info.
Please suggest.
Thanks,
Karan

Hi,
can you try with this JMX code.
import javax.naming.*;
import javax.management.MBeanInfo;
import weblogic.jndi.Environment;
import weblogic.management.runtime.ServerRuntimeMBean;
import weblogic.security.providers.authentication.DefaultAuthenticatorMBean;
import weblogic.management.security.authentication.UserReaderMBean;
import weblogic.management.security.authentication.GroupReaderMBean;
import weblogic.management.MBeanHome;
import weblogic.management.WebLogicMBean;
import weblogic.management.tools.Info;
import weblogic.management.Helper;
import weblogic.management.security.authentication.*;
public class ListUsersAndGroups
public static void main(String[] args)
MBeanHome home = null;
try
Environment env = new Environment();
env.setProviderUrl(“t3://localhost:7001?);
env.setSecurityPrincipal(“weblogic”);
env.setSecurityCredentials(“weblogic”);
Context ctx = env.getInitialContext();
home = (MBeanHome)ctx.lookup(“weblogic.management.adminhome”);
weblogic.management.security.RealmMBean rmBean = home.getActiveDomain().getSecurityConfiguration().getDefaultRealm();
AuthenticationProviderMBean[] authenticationBeans = rmBean.getAuthenticationProviders();
DefaultAuthenticatorMBean defaultAuthenticationMBean = (DefaultAuthenticatorMBean)authenticationBeans[0];
UserReaderMBean userReaderMBean = (UserReaderMBean)defaultAuthenticationMBean;
GroupReaderMBean groupReaderMBean = (GroupReaderMBean)defaultAuthenticationMBean;
String userCurName = userReaderMBean.listUsers(“*”, 100);
while (userReaderMBean.haveCurrent(userCurName) )
String user = userReaderMBean.getCurrentName(userCurName);
System.out.println(“\n User: ” + user);
userReaderMBean.advance(userCurName);
String cursorName = groupReaderMBean.listGroups(“*”, 100);
while (groupReaderMBean.haveCurrent(cursorName) )
String group = groupReaderMBean.getCurrentName(cursorName);
System.out.println(“\n Group: ” + group);
groupReaderMBean.advance(cursorName);
catch (Exception e)
e.printStackTrace();
Regards,
Kal

Display sharepoint list based on logged in user

Hi,
I have a sharepoint list which has 10 items.My friends and me use that list to add and delete items.
What i would want is when my friends log in they should be able to see only their items in the list and when I log in I should be able to see all items in the list.Is this possible?
Kindly help as i am new to sharepoint and this is my first project.Learning by doing :)

Two ways of doing this stand out. I think it'll boil down to whether you want to allow your colleagues to look at other tickets.
In the list Advanced Settings, you can configure the list so that users can only see and edit items that they create. This is useful if you want to enforce security. SharePoint has a feature known as security trimming which will hide all content
not relevant to other people
Views are also possible. You can create views that filter dynamically against the account logged in. This can be set up on any column in the list that uses your company address book for its data. So, the "created by" column would work
as well as any additional columns you might make. This way is "smoke and mirrors" though and doesn't apply security to items assigned to other people.
Steven Andrews
SharePoint Business Analyst: LiveNation Entertainment
Blog: baron72.wordpress.com
Twitter: Follow @backpackerd00d
My Wiki Articles:
CodePlex Corner Series
Please remember to mark your question as "answered" if this solves (or helps) your problem.

Programatically Check if the logged in user matches with user in a list item

Hi All,
I have a custom list with 1) title column 2) People column.
I simple need to check if the logged in user = user in the column 2, and if yes fill a List<> with column 1 value.
But when comparing, the value in list item is in different format than what we get by user.ToString()
Following is what I tried:
SPUser user = oWeb.CurrentUser;
List<String> usergrps = new List<String>();
foreach (SPListItem itemA in GrpSubsItems)
if (itemA["SubscribedBy"].ToString() == user.ToString())
usergrps.Add(itemA["Group"].ToString());
itemA["SubscribedBy"].ToString() gives = 10;#Some Name
where as user.ToString() gives = i:0#.w|domain\user
Kindly guide if my approach is not correct. Thanks.
Regards, Nayan

Hi Nayan,
Please modify the code like below:
SPUser user = oWeb.CurrentUser;
List<string> usergrps = new List<string>();
foreach (SPListItem itemA in GrpSubsItems)
string userName = itemA["SubscribedBy"] as string;
SPFieldUserValue userA = new SPFieldUserValue(itemA.ParentList.ParentWeb, userName);
if (userA.LoginName==user.LoginName)
usergrps.Add(itemA["Group"].ToString());
More information:
http://ethan-deng.blogspot.com/2013/03/get-spuser-from-user-column-there-are.html
Best Regards,
Dennis Guo
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

Programatically Check if the logged in user is in the Administrators group in Project Server (C#, VS2010)

Hi I would like to be able to check if the logged in user is a member of the administrator group programatically through c#
I know that I can get the user's GUID / check if they are actually a user in project server (resource table in reporting DB) but I am having trouble finding out how to programatically check if they are a member of the "Administrators" group.
Could somebody please provide a code sample of how to check if a user is in the administrators group when you have their GUID or username or name?
I did not see a table in the reporting DB that has this so I am guessing this has to be done through the PSI..
Thanks in advance!
BTW.. i am just wondering is there a way to check each groups permission levels? was wondering that if it is possible, what is the best way to implement a similar security model to that of the actual project server 2010

hi Amit :) I ended up finding the answer myself before you posted here but thank you for your reply anyways, it is basically the same thing that I did.
This is what I ended up doing :) Basically I have three different types of users configured in my web.config - admins, readwrite users, and read only users. In my code here I loop through and find out who the person is. Based on what group they are in I
can later show/hide different options in my application :)
SvcSecurity.SecurityClient security = new SecurityClient(ENDPOINT_PROJ_SECURITY);
string adminGroupsString = ConfigurationManager.AppSettings["adminGroups"];
string readWriteString = ConfigurationManager.AppSettings["readWriteGroups"];
string readOnlyString = ConfigurationManager.AppSettings["readOnlyGroups"];
List<string> adminGroups = new List<string>(adminGroupsString.Split(';'));
List<string> readWriteGroups = new List<string>(readWriteString.Split(';'));
List<string> readOnlyGroups = new List<string>(readOnlyString.Split(';'));
List<Guid> adminGroupIDs = new List<Guid>();
List<Guid> readWriteGroupIDs = new List<Guid>();
List<Guid> readOnlyGroupIDs = new List<Guid>();
List<Project> projectList = new List<Project>();
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["RDB"].ConnectionString);
con.Open();
SqlCommand command = new SqlCommand("SELECT * FROM MSP_EpmResource where ResourceNTAccount = @username", con);
command.Parameters.AddWithValue("@username", this.User.Identity.Name);
SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
string resourceID = reader["ResourceUID"].ToString();
//Get a list of security groups
SvcSecurity.SecurityGroupsDataSet sgds = security.ReadGroupList();
//Get the IDs of the required groups
foreach (SvcSecurity.SecurityGroupsDataSet.SecurityGroupsRow ds in sgds.SecurityGroups)
if (adminGroups.Exists(group => ds.WSEC_GRP_NAME == group))
adminGroupIDs.Add(ds.WSEC_GRP_UID);
else if (readWriteGroups.Exists(group => ds.WSEC_GRP_NAME == group))
readWriteGroupIDs.Add(ds.WSEC_GRP_UID);
else if (readOnlyGroups.Exists(group => ds.WSEC_GRP_NAME == group))
readOnlyGroupIDs.Add(ds.WSEC_GRP_UID);
bool isAdmin = false;
//Go through each group using the id and check if the current
//user is in that group (for example here check if the user is an admin)
foreach (Guid id in adminGroupIDs)
SecurityGroupsDataSet group = security.ReadGroup(id);
foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
if (member.RES_UID.ToString().Equals(resourceID))
isAdmin = true;
Session["createReport"] = "true";
break;
//If the user is not an admin then continue checking who they are
if (!isAdmin)
bool readWrite = false;
//Check if the user is a read write group member
foreach (Guid id in readWriteGroupIDs)
SecurityGroupsDataSet group = security.ReadGroup(id);
foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
if (member.RES_UID.ToString().Equals(resourceID))
Session["createReport"] = "true";
readWrite = true;
break;
//If the user is not a read write group member either then check if they are a team member
if (!readWrite)
foreach (Guid id in readOnlyGroupIDs)
SecurityGroupsDataSet group = security.ReadGroup(id);
foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
if (member.RES_UID.ToString().Equals(resourceID))
Session["createReport"] = "false";
break;
Cheers! :)

Sharepoint 2013 delivers documents through IIS too good! Need to restrict by logged in user

I have a Sharepoint 2013 app that lets external users (https://) pull data from SQL to create links on the page that the user can click on to get documents to pop-up in the browser so they can view/save them. The page sends the user's ID as a parameter
and the stored proc uses that to return only the documents that user is allowed to see. Took forever to figure out... looks great... my employer is going to be impressed and save money... yada, yada yada! Problem is: If you knew the name
of a directory on the mapped location and knew the filename (somehow), and you had a login that got you to the site, you could successfully put that address in your address bar and the document would come up! That's a bad thing! I need to only
let users see documents they have access to.
I have been playing with the app pool settings and advanced settings for the sub-site, but it still lets me pull items that the logged-in user doesn't have permissions on the server to get to. I haven't been able to prove it, but I suspect that IIS
is sending another login credential to the directory to retrieve the file... something like "admin" or something that can have wider access.
Here is my setup: I have a directory on another server that is mapped to the Sharepoint Server box. I have a Virtual Directory that points to that mapped drive. My Sharepoint Page is on a site of its own and is called with the URL "https://reportcenter.<company
name>.com". There is only one page on the site. When the page opens it provides links to documents on the Virtual Directory. When you click on any of them the files appear in the browser just fine. Sharepoint is running on a
Windows 2012 R2 Standard OS. The test user I am using is "Client1" and they are a member of the "SP_Clients" group which is not a member of anything else in Active Directory. In the file directory I went to the Share list and
made sure my test user and the SP_Clients group is not in the list... if the system tried to use Client1 there is no way they should get access.
Any thoughts on what I can do to stop Clients from getting to files they shouldn't be?

Thank you for your question and reply.
No, the identity is not passed as a URL property. The way it works is that SP verifies the user and sends them to the default page after they sign-in. Once there, the page evaluates the UserID value and that values is passed to a stored procedure
as a parameter. The user can't get to the page unless they are verified by SP, they can't somehow go around this.
Now, once the page loads they click on one of files they wish to see (a link on the page that was created from the results of the stored procedure call). The link points to a virtual directory setup in IIS that points to a mapped drive where the files
are located. The security on the files is set on the directories in their actual location. I just need SP to pass the user's ID to the file directory and check the sharing rights on the file to see if this user has rights to get it. It seems
like SP is passing some other credential (probably SP_Admin, or Admin or something) which has the ability to read the file and therefore pass it back to the screen.
I can't put the documents in SharePoint... they have to be in a file directory. The reason is that we have an elaborate program that runs every month to create these files and places them in the correct directories. Somehow changing that application
to create the files and place them programmatically in a SharePoint directory is beyond the scope of the project. Under the circumstances, it would be much simpler to just provide the user a list of the documents they have access to and have them click
on a link on a page and have the document appear in their browser. Everything actually works, but I just have this last piece where SP is not 'telling' the file directory the UserID of the logged in user and therefore all the documents are available.
All that needs to be done, is to make sure the userID is passed to the file directory so it can be checked against the security there to see if the user can have the file or not.
I hope that makes sense. I look forward to hearing back from you with your thoughts on this and how this can be accomplished.
Thanks,
Scott

Jabber for windows logged in user count

We recently deployed Jabber for windows 9.1.3 to 4000 users over a 3 week span. I have been trying to monitor how many people are logged in and using the client. I am using both CUPS admin and RTMT to try and figure this out and am now confused as to what I am actually seeing.
When looking in CUPS under application/Jabber/user settings, I have been looking at the number of users who have a client type and version listed as I found in initial testing, those fields update when a client is launched (doesn't need to be logged in). Further testing shows this isn't always correct in that I have found a client type and version for users who do not have the client launched, and nothing for a user who has Jabber launched.
When using RTMT, the Cisco Jabber Summary produces no information, but the CUP Summary does. I see the "Current XMPP Clients Connected" chart increase through the day, but not sure if this is logged in Jabber users, or not.
I looked in the reporting on CUPS and there does not seem to be a report for clients.
Does anyone know of a definitive way to track how many Jabber clients are logged in?
CUPS 8.6.4.11900-1
CCM 8.6.2.20000-2
Jabber for windows 9.1.3
Thanks
Michael

Hi Michael,
One of our clients reported the same issue to us recently, also running CUP version 8.6.4.11900-1.
This was logged with TAC and it seems we are hitting Bug ID "CSCub94611 - Blank Cisco jabber Summary page"
Details of this bug are not currently available to the public.
Issue is fixed in CUP version 9.1.1.10000-8.
The Cisco engineer also provided a CLI command to view how many users are logged in.
Command is: show perf query counter "Cisco XCP CM" "CmConnectedSockets"
Regards,
Ismail

Identity Server has not been configured for this new user/group suffix

Hi all
I am having a problem trying to configure the Directory Server (5.2) for Messaging Server.
My configuration is as follows:
SJES Q12005
Server 1 - Directory Server 5.2
Server 1 - Access Manager (formerly Identity Server)
Server 1 - Web Server 6.1
I have successfully installed the above and can login to Access Manager.
I next installed Calendar & Messengar Server on "Server 1". Upon running "comm_dssetup.pl" from /opt/SUNWcomds/sbin, I get the following error:
"Identity Server has not been configured for this new user/group suffix"
Copy and paste of what I entered:
bash-2.05# perl comm_dssetup.pl
Welcome to the Directory Server preparation tool for
Sun Java(tm) System communication services.
(Version 6.3 Revision 1.0)
This tool prepares your directory server for use by the
communications services which include Messaging, Calendar and their components.
The logfile is /var/tmp/dssetup_20050830165940.log.
Do you want to continue [y]:
Please enter the full path to the directory where the Sun ONE
Directory Server was installed.
Directory server root [var/opt/mps/serverroot] : /opt/mps/serverroot
Please select a directory server instance from the following list:
[1] slapd-sunldap
Which instance do you want [1]:
Please enter the directory manager DN [cn=Directory Manager]: cn=DirMan
Password:
Detected DS version 5.2
Will this directory server be used for users/groups [Yes]:
Please enter the Users/Groups base suffix [dc=samplecompany-dev,dc=co,dc=uk] : ou=infrastructure,o=sampletown,dc=samplecompany-dev,dc=co,dc=uk
There are 3 possible schema types:
1 - schema 1 for systems with iMS 5.x data
1.5 - schema 2 compatibility for systems with iMS 5.x data
that has been converted with commdirmig
2 - schema 2 native for systems using Identity Server
Please enter the Schema Type (1, 1.5, 2) [1]: 2
Identity Server has not been configured for this new user/group suffix
You can opt to continue, but you will not be able to use
features that depend on Identity Server
Are you sure you want this schema type? [n]:
I have entered my user group suffix exactly as specified during the Access Manager install (hence I am able to login as "amadmin").
Looking at the LDAP logs to try and figure out whats going wrong I see its not getting hits on all searches it is performing:
[30/Aug/2005:16:41:18 +0100] conn=299 op=159 msgId=161 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(obj
ectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscape
Resource)(objectClass=domain))" attrs="dn"
[30/Aug/2005:16:41:18 +0100] conn=299 op=159 msgId=161 - RESULT err=4 tag=101 nentries=1 etime=0
[30/Aug/2005:16:41:18 +0100] conn=299 op=160 msgId=162 - ABANDON targetop=NOTFOUND msgid=161
[30/Aug/2005:16:41:18 +0100] conn=299 op=161 msgId=163 - SRCH base="ou=people,ou=infrastructure,o=northampton,dc=dataforce-de
v,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(objec
tClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscapeRe
source)(objectClass=domain))" attrs="dn"
[30/Aug/2005:16:41:18 +0100] conn=299 op=161 msgId=163 - RESULT err=0 tag=101 nentries=0 etime=0
[30/Aug/2005:16:41:18 +0100] conn=299 op=162 msgId=164 - SRCH base="ou=clientdata,ou=infrastructure,o=northampton,dc=dataforc
e-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(o
bjectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netsca
peResource)(objectClass=domain))" attrs="dn"
[30/Aug/2005:16:41:18 +0100] conn=299 op=162 msgId=164 - RESULT err=0 tag=101 nentries=1 etime=0
[30/Aug/2005:16:41:18 +0100] conn=299 op=163 msgId=165 - ABANDON targetop=NOTFOUND msgid=164
[30/Aug/2005:16:41:20 +0100] conn=299 op=164 msgId=166 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
dev,dc=co,dc=uk" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates ref aci"
[30/Aug/2005:16:41:20 +0100] conn=299 op=164 msgId=166 - RESULT err=0 tag=101 nentries=41 etime=0
[30/Aug/2005:16:41:28 +0100] conn=299 op=165 msgId=167 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
dev,dc=co,dc=uk" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates ref aci"
[30/Aug/2005:16:41:28 +0100] conn=299 op=165 msgId=167 - RESULT err=0 tag=101 nentries=1 etime=0
[30/Aug/2005:16:41:28 +0100] conn=299 op=166 msgId=168 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(obj
ectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscape
Resource)(objectClass=domain))" attrs="objectClass numSubordinates ref aci"
[30/Aug/2005:16:41:29 +0100] conn=299 op=166 msgId=168 - RESULT err=0 tag=101 nentries=41 etime=1
[30/Aug/2005:16:41:29 +0100] conn=299 op=167 msgId=169 - SRCH base="ou=iplanetamauthservice,ou=services,ou=infrastructure,o=n
orthampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectC
lass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServ
er)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
[30/Aug/2005:16:41:29 +0100] conn=299 op=167 msgId=169 - RESULT err=0 tag=101 nentries=1 etime=0
[30/Aug/2005:16:41:29 +0100] conn=299 op=168 msgId=170 - ABANDON targetop=NOTFOUND msgid=169
[30/Aug/2005:16:41:29 +0100] conn=299 op=169 msgId=171 - SRCH base="ou=iplanetamauthldapservice,ou=services,ou=infrastructure
,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(obj
ectClass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscape
Server)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
[30/Aug/2005:16:41:29 +0100] conn=299 op=169 msgId=171 - RESULT err=0 tag=101 nentries=1 etime=0
[30/Aug/2005:16:41:29 +0100] conn=299 op=170 msgId=172 - ABANDON targetop=NOTFOUND msgid=171
[30/Aug/2005:16:41:29 +0100] conn=299 op=171 msgId=173 - SRCH base="ou=iplanetampolicyconfigservice,ou=services,ou=infrastruc
ture,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)
(objectClass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=nets
capeServer)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
[30/Aug/2005:16:41:29 +0100] conn=299 op=171 msgId=173 - RESULT err=0 tag=101 nentries=1 etime=0
[30/Aug/2005:16:41:29 +0100] conn=299 op=172 msgId=174 - ABANDON targetop=NOTFOUND msgid=173
[30/Aug/2005:16:41:29 +0100] conn=299 op=173 msgId=175 - SRCH base="ou=iplanetamauthenticationdomainconfigservice,ou=services
,ou=infrastructure,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(
--More--(83%)
The list goes on.
Can anyone give me any pointers?
Thanks

Hi
Thanks for your reply!
I did mis-type, my mistake - sorry about that.
If I dont over-ride the default it works, I've pretty much got the whole setup working now but I'm not particularly over the moon about the way the ldap tree is setup, I'd like finer granuality as we are going to attempt to get syncronization working with AD.
I have an idea about how I'd like to set up our Mail/Calendar/LDAP infrastructure the 2nd time around (I'm just testing at the mo) - so I might have a question or two for you if you dont mind taking a look when you have a minute?
Thanks Jay

Command to list logged in users in Identity Server 6.1

Similar Messages

Maybe you are looking for