Configuring a Directory Server for Digital IDs and Certificates

Similar Messages

• Single directory Server for Messaging and Portal

  We are trying to unify our directory services.
  At present, there two directory servers, one for iPlanet messaging 5.2 and another for Portal server 6.0.
  Messaging's Directory server is v5.1 and Portal's Directory server is v5.2. Their BaseDN is same.
  Now, What we are planning to do is as below.
  1. LDIF everything from Msgr Directory and import into Portal's Directory.
  2. Point Msg Server to the Portal's directory.
  But, we are not sure what to export or how to tell messaging server to look at the Portal's Directory. Any help will be greatly appreciated!!!
  Thanks
  Srini

  What you are trying to do is non-trivial.
  Setting the ldap server for user and groups on the mail server is easy enough -- look at the output of configutil and you will find the values of local.ugldap*
  define the values you need to change.
  e.g.:
  local.ugldapbasedn
  local.ugldapbindcred
  local.ugldapbinddn
  local.ugldaphost
  local.ugldapport
  etc.
  These are all listed in the messaging reference manual.
  You need to ensure that the schemas of the two apps. match. For example, if you are using schema 1 for mail and schema 2 for the portal (quite likely), there will be a lot more work to do on the directory than simply moving the user entries accross and merging them.
  Unless you have done this sort of thing before, or feel very comfortable and knowlegable about how the messaging server in partuicular works with LDAP, I would suggest that you seriously consider getting help from Sun Professonal Services.

• Java SSF for Digital Signatures and Document Encryption

  Hello,
  I have read in "SAP Help - Java Development Manual" that there is a Java SSF library for Digital Signatures and Document Encryption API.
  http://help.sap.com/saphelp_nw04s/helpdata/en/4f/65c3b32107964996a56e4165077e24/frameset.htm
  I am trying to develop an example application in NWDS using Interfaces/classes (ISsfData, SsfDataXml...), but NWDS does not find this classes in any library.
  I have searched for Javadocs in NWDS plugins directory and this classes and interfaces should be in JAR com.sap.security.api.jar, but they aren't there.
  Our WAS version is: NW04s WAS 7.0 SP11 and he have downloaded Java Crypto Library (IAIK) and also SAP XML Toolkit.
  Does anyone know how to find or obtain this library?
  Thanks in advance,
  Jorge Linares

  Hello Francesco,
  I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
  http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
  Digital Signatures and Document Encryption api
  so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
  Kind Regards,
  Kubra fatima.

• Error CIM_ERR_FAILED - Configure the integration server for sld

  Hi,
  I´m running the Configuration Wizard SLD in "PI_00_This wizard will execute Postinstall steps of technical configuration for the PI Usage". In step 33/142 Configure the integration server for sld, I got following error:
  Error: CIM_ERR_FAILED: Qualifier MAX(1) violated for property reference SAP_XIIntegrationServerLogicalIdentity.SameElement
  Someone help me?
  Regards,

  The version is 7.0. I skip this step and finished with sucess. No run the step:
  PI_00_This wizard will execute Postinstall steps of technical configuration for the PI Usage  Cancelled
  PI_01_This template checks if the necessary services are started                                         Cancelled
  PI_05_This wizard will configure the integration server for sld                                                 Incompletely executed
  These steps are with the same error.
  Error: CIM_ERR_FAILED: Qualifier MAX(1) violated for property reference SAP_XIIntegrationServerLogicalIdentity.SameElement

• The DHCP service failed to see a directory server for authorization.

  We have two DHCP servers hosted on Hyper-V.
  But after shutdown activity at our DC, the servers gave an usual issue.
  "The DHCP service failed to see a directory server for authorization."
  We have rebooted number of time before getting this server into production but it never gave such kind of error.
  Also this time the local DC was shutdown.
  Please suggest the necessary steps to be taken.

  Hi,
  The authorized DHCP server contacts a domain controller every 60 min to detect/redetect his status. Maybe your DHCP has tried to reach the DC which was offline thus throwing that error. Are you still having issues with DHCP server servicing clients?
  Once the server talks to a DC and checks that his authorized the service will start leasing IPs to clients.
  http://technet.microsoft.com/en-us/library/cc754493.aspx
  http://technet.microsoft.com/en-us/library/cc781697(v=ws.10).aspx
  Regards,
  Calin

• The DHCP Service failed to see a directory server for authorization error

  Hi Experts,
  "The DHCP Service failed to see a directory server for authorization error"
  I have DHCP Server installed on the same server where Active directory is installed its a domain controller, when I see the event logs I saw the above error. 
  This alert comes a number of times, just after the error
  "The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain eg.com.pk, has determined that it is authorized to start. It is servicing clients now."
  Please somebody suggest some solution for this.
  TechSpec90

  Two questios:
  Is the server a domain controller?
  And, according to this, "The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain eg.com.pk, has determined that it is authorized to start. It is servicing clients now", the service eventually do start, yes?
  Best Regards,
  Jesper Vindum, Denmark
  Systems Administrator
  Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

• Why in MPE 2, some users when trying to join an audio conf., they are asked for their IDs and passwords while some are not?

  A meeting is established, and when ionternal users use their IP phone to attend the audio conference call, some are asked for their IDs and passwords and some are asked to enter the meeting ID directly.
  Why is it like that? We need all the users to be able to enter the meeting ID directly without needing to verify themselves, thanks.

  Agree with hirantha.
  Can you call from internal desktop client to external desktop client?
  Please check that first.
  If not, check the required port requirement for Lync Edge Server:
  http://technet.microsoft.com/en-us/library/gg398798.aspx
  Lisa Zheng
  TechNet Community Support

• How to Setup deducated server for FR Repoting and Consolidation

  Hi experts,
  We have an issue where running FR reports slow down HFM for users. We were thinking of dedication 1 server for FR reporting and another for consolidation. I read the 9.3.1 manual and it says it is possible to do that. However, no steps were provided.
  Can anyone please shed some light on the steps we need to perform ?
  Thnaks a lot for your help in advance

  >
  Hello!
  I have downloaded the SPARC ISOs for Solaris 9 from
  sun.com, and I have tried many times to set up Install
  server (Solaris 9) for SPARC machines on an Intel PC,
  but I always get the following error.
  I take it you're running solaris x86 on that intel pc?
  bash-2.05#
  /cdrom/cdrom0/Solaris_9/Tools/setup_install_server
  /export/home/sol-sparc/
  ERROR: Install boot image
  /cdrom/cdrom0/Solaris_9/Tools/Boot does not exist
  Check that boot image exists, or use [-t] to
  specify a valid boot image elsewhere.
  bash-2.05# If you do a "cd /cdrom/cdrom0/Solaris_9/Tools/" and then do an "ls" do you see the Boot directory? Is there anything in that directory? That's the software 1/2 CD you're running that command from right?
  Thanks,
  Daryl

• I have partitioned my time capsule, but I can't get it to work as a Time Machine back up and permanent media server for both mac and PC. What format do I need to partition the drive to so that it works for both mac and windows and so that it will be visab

  I have partitioned my time capsule, as I want part of it to act as a media server for both mac and windows. However I don't know what format that I need to partition it to. I also can't make it a permanently accesible drive. I want to restore the drive to the original format (which I don't know) and start again and re-partition the drive in a format that can be used for media by both mac and PC and for time machine back-ups and make the media part of it permanetly accesible so I can add and acccess my files.
  Thanks

  You are mixing up a couple of things here.
  The TC drive cannot be partitioned without removing it.. did you do that?
  If you partition it you must use a Mac disk utility and use the HFS+ ie standard Mac format. And GUID partition table not windows type.
  You can select erase disk in the airport utility.. that will take the disk back to original format. No partitions. TC is deliberately not partitioned as it is not a media server.. it is a backup device for TM. Over time .. the disk will be filled with TM backups so you have a long history of file changes to your computer.
  There is no media server in the TC.. it is merely disk storage.. you can serve files from it to a media device.. but the TC itself is dumb as dumb.
  Now the actual format of the drive is irrelevant to the PC.. The TC offers SMB file services to the network. You can copy files to and from the TC as if it was a local disk without caring one iota about the format. The TC handles that .. it is not a local disk .. it is a network drive.
  Although you cannot partition the TC. you can still copy files to it.. this does have implications for TM.. but as long as there is plenty of free space should not be a major issue.
  You can create a disk image via the disk utility in a Mac.. and as stated you can create partitions if you do it on a Mac with the disk directly connected which means breaking warranty if any exists on the TC.

• Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOA

  Can anyone help figure out why the Catalyst 6509 is not able to assign an IPv6 address? Thank you.
  Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOADDRS-AVAIL(2). My configuration on the 6500 for the DHCPv6 server is:
  ipv6 dhcp database disk0://DHCPV6-DB
  ipv6 dhcp pool VLAN206IPV6
   prefix-delegation pool VLAN206IPV6-POOL
   dns-server 2620:B700:0:1001::53
   domain-name global.bio.com
  ipv6 local pool VLAN206IPV6-POOL 2620:B700:0:12C7::/65 65
  interface Vlan206
   description *** IPv6 Subnet ***  
   ip address 10.2.104.2 255.255.255.0
   ipv6 address 2620:B700:0:12C7::2/64
   ipv6 nd prefix 2620:B700:0:12C7::/64 14400 14400 no-autoconfig
   ipv6 nd managed-config-flag
   ipv6 dhcp server VLAN206IPV6
   standby version 2
   standby 0 ip 10.2.104.1
   standby 0 preempt
   standby 6 ipv6 2620:B700:0:12C7::1/64
   standby 6 preempt
  I'm getting a result from my debug as follows:
  Apr 10 16:28:02.873 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:02.873 PDT: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:02.877 PDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Received SOLICIT from FE80::5D5E:7EBD:CDBF:2519 on Vlan206
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
  Apr 10 16:28:03.861 PDT:   src FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
  Apr 10 16:28:03.861 PDT:   dst FF02::1:2
  Apr 10 16:28:03.861 PDT:   type SOLICIT(1), xid 8277025
  Apr 10 16:28:03.861 PDT:   option ELAPSED-TIME(8), len 2
  Apr 10 16:28:03.861 PDT:     elapsed-time 101
  Apr 10 16:28:03.861 PDT:   option CLIENTID(1), len 14
  Apr 10 16:28:03.861 PDT:     00010001195FD895F01FAF10689E
  Apr 10 16:28:03.861 PDT:   option IA-NA(3), len 12
  Apr 10 16:28:03.861 PDT:     IAID 0x0FF01FAF, T1 0, T2 0
  Apr 10 16:28:03.861 PDT:   option UNKNOWN(39), len 32
  Apr 10 16:28:03.861 PDT:   option VENDOR-CLASS(16), len 14
  Apr 10 16:28:03.861 PDT:   option ORO(6), len 8
  Apr 10 16:28:03.861 PDT:     DOMAIN-LIST,DNS-SERVERS,VENDOR-OPTS,UNKNOWN
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Option IA-NA(3) is not supported yet
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Sending ADVERTISE to FE80::5D5E:7EBD:CDBF:2519 on Vlan206
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
  Apr 10 16:28:03.861 PDT:   src FE80::21D:E6FF:FEE4:4400
  Apr 10 16:28:03.861 PDT:   dst FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
  Apr 10 16:28:03.861 PDT:   type ADVERTISE(2), xid 8277025
  Apr 10 16:28:03.861 PDT:   option SERVERID(2), len 10
  Apr 10 16:28:03.865 PDT:     00030001001DE6E44400
  Apr 10 16:28:03.865 PDT:   option CLIENTID(1), len 14
  Apr 10 16:28:03.865 PDT:     00010001195FD895F01FAF10689E
  Apr 10 16:28:03.865 PDT:   option STATUS-CODE(13), len 15
  Apr 10 16:28:03.865 PDT:     status code NOADDRS-AVAIL(2)
  Apr 10 16:28:03.865 PDT:     status message: NOADDRS-AVAIL

  Hello,
  maybe hitting the following bug.
  Pv6 Address Assignment Support for IPv6 DHCP Server
  CSCse81385
  Hope this helps

• How to configure LabVIEW web server to allow viewing and accessing the content of a folders

  I have added the following html line to the body of the html file generated by the LabVIEW Web Publishing Tool:
  <a href="MyFolder" target="_blank">My Folder Content</a>
  I expect the link labeled "My Folder Content" to open a new browser window displaying the content of  "Myfolder" which is located inside the LabVIEW webserver root folder.  I got an error instead.  If I substitute "Myfolder" with a filename, the browser will display the file just fine.
  Can someone provide me with some hints on configuring the web server for this purpose?

  Hola Hector
                     Estoy trabajando con tu caso y se me ha hecho bastante interesante.
  Solo te quiero preguntar... que version de Internet Explorer tienes?
  Utilizas algun otro web server ? ( Mozilla tiene este problema me parece)
  Segui los pasos que mencionas con Internet Explorer 6
  y pude abrir la carpeta sin problemas.
  Te pido por favor que me contestes estos datos para darte una solucion muy especifica.
  lamentablemente tengas que hacer referencia directa ( todo el path) a los archivos del folder para accesar a ellos si tu explorador no lo permite.
  Lo unico que puedo confirmarte es que parece no ser un problema de National Instruments.
  sin embargo si me das mas informacion podemos descartar cualquiera de las conclusiones a las que he llegado.
  Espero tu respuesta
  Saludos 
  Erwin Franz R.

• Snow leopard server for net boot and software updates only what needs to be running to use it?

  Snow leopard server for net boot and software updates only what needs to be running to have it work right?

  Netboot and Software Update, at its simplest.  Mac OS X Server also expects to have functional IP networking and DNS services (somewhere) on the LAN (and if you're behind a NAT gateway, then the DNS server(s) are on your LAN and not out at your ISP), or things get weird.  SUS (usually) works out of the box, outside of cases where there's an outbound firewall.  Netboot can be more effort to setup, in terms of what you're loading into the clients.

• Generating Self Signed Certificate for iPlanet Directory Server for testing

  Hi Experts,
  I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
  Thanks in Advance,
  Kalyan

  Here's one I did earlier.
  Refers to Solaris 10
  SSL Security
  add a new certificate that lasts for ten years (120 months).
  stop the instance:
  dsadm stop <instance>
  Remove DS from smf control:
  dsadm disable-service <instance>
  Change Certificate Database Password:
  dsadm set-flags <instance> cert-pwd-prompt=on
       Choose the new certificate database password:
       Confirm the new certificate database password:
  Certificate database password successfully updated.
  Restart the instance from the dscc:
  DSCC -> start <instance>
  Now add a new Certificate which lasts for ten years (120 months; -v 120):
  `cd <instance_path>`
  `certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
       Enter Password or Pin for "NSS Certificate DB":
  Stop the Instance.
  On the DSCC Security -> Certificates tab:
       select option to "Do not Prompt for Password"
  Restart the instance.
  On the Security -> General tab, select the new certificate to use for ssl encryption
  Restart the instance
  Stop the instance
  Put DS back into smf control:
  dsadm enable-service <instance>
  Check the smf:
  svcs -a | grep ds
  # svcs -a|grep ds
  disabled Aug_16 svc:/application/sun/ds:default
  online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
  online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1

• Can anyone recommend a good document for Cisco IDS and AAA

  I need some basic tutorial for Cisco IDS and AAA. can anyone recommend any document for it?
  thanks

  The Cisco IDS/IPS senors do not perform any AAA functions. You can not validate a user/password externally.

• H/w requirements for DIrectory server for 200,000 users

  Hi,
  I would like to implement Directory services for 200,000 users. How can I know whether iPlanet Directory 5.1 will support this many users or not? If supports, Which h/w I have to use?
  If any one can let me know the formula to calculate users and h/w
  Thanks

  The directory server can handle many more users than 200K. The hardware requirements calculations are amply explained in the book "Solaris and LDAP Naming Services" by Bialaski. If you have iPlanet support contract they can provide you tuning information which includes this info.
  You should remember the possibility of growth and load in terms of number of clients and peak requests per second. With your needs, my gut feeling is that even a Netra can host it. However, if it's an enterprise service you may want to go with at least 220 machines in a replicated configuration for load balancing and availability.
  DISCLAIMER: Use these opinions at your own risk. You must do your own analysis and calculations to design a suitable physical/logical architecture.