Corrupted ldap directory - URGENT

Similar Messages

• How to fix a issue with a corrupted LDAP?

  Hi all.
  I am new to this communty
  ll appreciate if some of the knowledgeable members can help me on few weblogic scenario based querries.
  so here's it:
  If your weblogic server fails to start after you enter your credentials; and you know it’s an issue with a corrupted ldap; how would you fix it?

  firstly, check if you are entering the correct data..
  1) If you are entering right and getting rejected, rename the LDAP directory and restart the servers.
  (It will create a new LDAP directory with encrpted values in their files)
  2) If you forgot your password, rename LDAP directory and replace the encripted password with the new password in boot.properties and restart the server(s)
  Please let me know if that does not work.
  PS.. DONOT delete the LDAP directory, rename it(just in case)...

• Jabber for Windows - wildcard search against LDAP directory

  Hi all,
  I have set up an on premise environment with CUCM, CUPS and a 3rd party LDAP Directory. For CUPC everything is working fine. For Jabber for Windows it took me some time to find the correct jabber-config.xml settings to make it working.
  At the moment I am able to search the LDAP Directory, but I have to write the complete Name, i.e. "Miller, John", in the search field. If I try it with "Miller" only, I get no results for my search.
  I played arround with the  <UseWildcards>0</UseWildcards>  tag without any changes in the behaviour.
  Is there anybody who can help?
  Best regards
  Manfred

  Hi Manfred,
  Jabber for Windows has been tested with following directory services:
  Supported Directories
  Microsoft Active Directory  2003
  Microsoft Active Directory  2008
  Cisco Unified Communications Manager User Data Service UDS  is supported on Cisco Unified Communications Manager version 8.6.2 or later.
  OpenLDAP
  The behavior you are seeing could be related to interop issues. I suggest to open a TAC case for further assistance.
  Thanks,
  Maqsood

• Can't Authenticate in LDAP directory after upgrade from 10.4.11 to 10.5.1

  Hi, all
  Yesterday I have tried to upgrade my Xserve Intel from 10.4.11 Tiger to 10.5.1 Leopard Server
  In my server there is this service:
  -AFP
  -DNS
  -SMB
  -Open Directory Master
  - XSAN Primary MDC
  All works fine but when I try to acces with worgroup manager to LDAP directory I can't authenticate with "diradmin" this thing appen in local machine and with remote worgroup manager connected to the server.
  I have tried with "root" user and I have been able to authenticate for some time, (5-15 min.) after It's impossible to access with all user.
  The client still authenticate with user and password in all computer with 10.5.1 and 10.4.11 workstation, but now i wan't to add some new users and I can't do That!!!!!
  So for now I have restore my old 10.4.11 Server Tiger, but I wish to know if someone have tried new 10.5.2 server upgrade and maybe there is some kind of fix to this problem.
  Thank's In Advance

  After posting on numerous message boards, and no one having an exact answer, but several making plenty of great suggestions, I think I've finally figured out the cause of this issue or at least part of the cause.
  Within 'Server Admin', select "Open Directory",
  under: Settings > Policy > Binding
  there are six check boxes under "Security"... for testing kerberos, I have been checking the first four boxes, which are:
  1. disable clear text passwords
  2. digitally sign all packets (requires Kerberos)
  3. encrypt all packets (requires ssl or kerberos)
  4. block man-in-the-middle attackes (requires kerberos)
  through troubleshooting this myself, and doing each change, followed by a server reboot, then immediately attempting to authenticate to /LDAPv3/127.0.0.1/, it seems that enabling some, or some combination of these Security settings triggers WordGroup Manager to not accept the diradmin password.
  referring to the numbers above (1 through 4)...
  2 or 4 by themselves fails
  1 and 3 together fails
  I haven't gone beyond that for testing and don't know what other combinations works or fails.
  I don't know if there is something beyond this that is specific to my configuration or environment that plays a part in this failing. All I know is that turning off all Security checkboxes in this section fixes the problem.
  I wonder if anyone who has never seen this problem can try this on their 10.5.2 Server and see if they are still able to authenticate as their diradmin to WGM. Regardless, seems that this is a WGM bug to me, right?
  if you are having this problem, uncheck all of these boxes and then reboot before trying to authenticate.

• Integrating Flat File data to LDAP Directory using sunopsis driver

  Hello
  I need to import data from a csv file into a LDAP Directory.
  In order to acheive this, i used Demo physical and logical File data server (called FILE_GENERIC) and set up a new LDAP data server using tutorial "Oracle Data Integrator Driver for LDAP - User's Manual".
  I can manually see and update data on both file and LDAP datastores.
  The fact is that i cannot manage to import/update data from the file to the LDAP directory through a dedicated interface.
  The issue do, i think, come from the PK/FK used by sunopsis relational model to represent the directory.
  LDAP DN is represented by a set of two table representing in my example the organizational units in one hand and the persons in the other hands, linking them through FK in persons to auto-generated PK in organization units. My person table also have a auto generated PK. All the directory datastore tables have been reversed through ODI.
  In my interface, i always use my cn as update key.
  I first tried not to map the person PK in the interface, letting the driver generating it for me (or mapping a null PK). I then catch in operator a message like: " null : java.sql.SQLException: Try to insert null into a non-nullable column".
  Anyway, the first row is created in the directory and a new PK is given into ODI datastore. Curiously, this is not as i would presume the last PK value + 1.
  There are some kinds of gaps in the ID sequences.
  I even tried checking the "tolerated error" into the IKM step called "Insert new row". I'm using IKM shipped with ODI :"IKM SQL Incremental Update". The sequence is finished in operator but due, i guess, to the catched error, the other rows are not processed. (Anyway i shouldn't have to tolerate errors)
  I tried after to put not used custom PK values into my file, then map the PK column to the LDAP datastore PK column without much success: Only one row is processed. Futhermore, the id of the PK in the datastore is different of the one I put in the file.
  I finally tried to generate PK values through SQL instructions by creating new steps in the IKM modul but that did not worked much.
  I really do not see any other ideas to either have the driver construct new PK at insert/update or to make him ignore the null PK problem and process all the rows.
  If anyone do have an idea about it, please share...
  Greetings,
  Adrien

  Hi,
  I am facing an issue who is probably the same.
  using ODI 10.1.3.5, I can't insert new rows into my openLDAP.
  One of the point I see is that the execution take the LDAP server for staging area and want to create I$ table into it, so the data are already imported into the ldap Server.
  thanks for any help.

• Problem with Sun Outlook connector Microsoft LDAP Directory MAPI Service Pr

  Dear All
  I have big problem with sun outlook connector and I can find any way to fix the problem,
  I am using sun java system connector deployment to create installation script for my clients.
  in the tool I have specify the location of Microsoft LDAP services, I am using outlook 2003 and sun say this option is not needed for outlook 2003, if I try to create the script and run the script on target client I will receive below error,
  I tried the office CD-ROM as path for LDAP services but the outlook connector says there is no LDAP services on the CD and I receive same error,
  19:02:29 [5365] Outlook version is 11.0.5608.0.
  19:02:29 [5376] Adding MAPI directory 'C:\Program Files\Common Files\System\MAPI\1033' to PATH.
  19:02:29 [5475] TMP directory is 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp'.
  19:02:31 [5362] Checking Windows version.
  19:02:31 [5363] Windows version is 5.1.
  19:02:31 [5364] Checking Outlook version.
  19:02:31 [5509] Checking default mail client.
  19:02:31 [5508] Default mail client is 'Microsoft Outlook'.
  19:02:31 [5178] Verifying that Outlook is not running.
  19:02:31 [5179] Trying to login to shared session.
  19:02:31 [5369] Installing Sun Java System MAPI Service Providers using 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp\Sun Outlook Connector\sunone-mapi-services.msi'.
  19:02:32 [5502] Upgrading the Sun Java System MAPI Service Providers.
  19:02:40 [5370] Finished installing Sun Java System MAPI Service Providers.
  19:02:40 [5366] Checking whether Sun Java System MAPI Service Providers are installed.
  19:02:40 [5367] Sun Java System MAPI Service Providers are installed.
  19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
  19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
  19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
  19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
  19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
  19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
  19:02:41 ERROR: Microsoft LDAP Directory MAPI Service Provider must first be installed.
  Best regards
  Mo

  Hi,
  Have a look at:
  http://forum.java.sun.com/thread.jspa?messageID=9320116
  Directions on the installation/configuration and requirements of the outlook connector (for 2005Q4 since you haven't told us what version of the comm suite you are using) are available at docs.sun.com e.g.
  http://docs.sun.com/app/docs/prod/2783#hic
  Outlook connector requires that you have UWC (a.k.a communication express) installed and configured, which has it's own requirements. UWC provides the single web-interface to mail & calendar & address-book. Outlook uses the address-book functionality via UWC, IMAP and SMTP for messaging/email, plus WCAP for calendar.
  Regards,
  Shane.

• How to fill a LDAP directory

  Hi;
  I have realize a application which authenticates from LDAP directory, the users and affect profils to them.
  Q: which is the best means to feed this directory LDAP (its possible from my web application to modify the LDAP password) in using another application or another LDAP directory, or another solution ?
  Regards;

  Q: which is the best means to feed this directory
  LDAP (its possible from my web application to modify
  the LDAP password) in using another application or
  another LDAP directory, or another solution ?Are you looking to manually update this information or are you looking for a way for users to be able to interactively maintain passwords and admin to maintain roles in real time? Another possibility is keeping seperate corporate ldap and an application ldap instances in sync (ie - user has 1 password for all network apps maintained in corporate ldap, but application ldap has application specific roles and such which cannot be stored in corporate ldap). Clearer definition of exactly what you need here would be useful.
  If the first case, there are ldap utilities which work with ldif files to handle this - should be able to google it to come up with what you need - ldapmodify I think.
  If you are looking to be able to maintain the data from the application, likely you'll need to figure out your security model and build the interface to update this information. It can be done from the web app, from a standalone utility, or whatever works best for your situation.

• How do I export existing Siebel employees to my LDAP directory?

  All;
  I have a fully-functional Siebel implementation using an LDAP directory server; I can create new employees, and they are migrated to the LDAP server without any problem.
  Unfortunately, I'm using a pre-populated Siebel database with roughly 250 employees, none of whom are in the LDAP directory. I can enter them on the LDAP server one-by-one, but this is painful, to say the least.
  If I try to add a password to them using the Siebel application to get them moved to the LDAP directory, I am told that "the user does not exist in the authentication system".
  So the problem is clear: In Siebel CRM, on a "create", an LDAP record is created. On an "update", it looks for an existing LDAP record, which I don't have.
  Is there any easy way around this, so I can populate my LDAP directory with my existing employees and their passwords?
  Thanks!
  Joe

  What about using a DB client and export the user data that you have in the Siebel DB?
  Then use this data to load the users into the LDAP server?
  Axel

• Problem with outlook connector LDAP Directory MAPI Service Provider is not

  Hi,
  I have very basic problem with sun outlook connector client.
  I am using sun java system connector deployment tools to create client installation script, on first page I have to supply the location for web publisher and Microsoft LDAP service, I can find web publisher and I don't have any clue about location of LDAP services and without this my client instaltion script keep failing with following error.
  The Microsoft LDAP Directory MAPI Service Provider is not installed.
  --- 2006/09/25 14:14 ---
  14:14:25 [5365] Outlook version is 11.0.5608.0.
  14:14:25 [5376] Adding MAPI directory 'C:\Program Files\Common Files\System\MAPI\1033' to PATH.
  14:14:25 [5475] TMP directory is 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp'.
  14:14:26 [5362] Checking Windows version.
  14:14:26 [5363] Windows version is 5.1.
  14:14:26 [5364] Checking Outlook version.
  14:14:26 [5509] Checking default mail client.
  14:14:26 [5508] Default mail client is 'Microsoft Outlook'.
  14:14:26 [5178] Verifying that Outlook is not running.
  14:14:26 [5179] Trying to login to shared session.
  14:14:26 [5369] Installing Sun Java System MAPI Service Providers using 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp\Sun Outlook Connector\sunone-mapi-services.msi'.
  14:14:28 [5502] Upgrading the Sun Java System MAPI Service Providers.
  14:14:38 [5370] Finished installing Sun Java System MAPI Service Providers.
  14:14:38 [5366] Checking whether Sun Java System MAPI Service Providers are installed.
  14:14:38 [5367] Sun Java System MAPI Service Providers are installed.
  14:14:38 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
  14:14:38 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
  14:14:38 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
  14:14:38 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
  14:14:38 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
  14:14:38 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
  14:14:38 ERROR: Microsoft LDAP Directory MAPI Service Provider must first be installed.
  Thank you for your help.
  Best regards
  Mo

  Hi,
  If memory serves, Outlook XP offered the ability to set what address-book connectors were installed, one of which was LDAP (by default enabled). It may be a similar situation with Outlook 2003 (which I assume you are using based on the version number in the debug logs). Try using the Office '03 install CD and see if you can find the LDAP addressbook option and install it.
  Regards,
  Shane.

• Connecting MDM to a LDAP directory (IDM)

  Hi experts,
  Does anybody already connected MDM to a LDAP directory? I have a requirement to integrate MDM with IDM (Novell). The IDM should mantain users and groups of MDM.
  Also, is there any way to connect UME on MDM user and groups database? this solution is also valid once the IDM is already integrated with EP.
  Thanks in advance,
  Armando Martines Neto

  Hi Armando,
  MDM integration with LDAP is supported in MDM 7.1, you can configure and use LDAP as a datasource for users and roles. You can create a custom attribute in LDAP to identify the MDM Roles. Refer to the MDM Console Reference Guide for the procedure.
  Regarding you second question, if you have configured the same LDAP ds in portal also then you can us Trusted Connections to enable SSO between portal and MDM.
  Hope this helps!!
  Cheers,
  Arafat

• WebLogic 7.0 LDAP Directory

  We are running WebLogic 7.0.1.0 on Solaris 8.
  There's a ldap directory generated by default under
  /<BEAHome>/<DomainName>/<ServerName> each time a new server instance
  is created and started up for the first time, along with the server
  log files. I'd like to change the location of this directory, like
  how I can change the server log directory under Logging tab in each
  server in Admin Console, but I can't seem to find it anywhere.
  Can anyone point me to where I can change this configuration or to
  documentation on how to do it?
  Thanks in advance.
  Maggie Hu

  Sorry to say, it is not configurable.
  -utpal
  "Maggie Hu" <[email protected]> wrote in message
  news:[email protected]..
  We are running WebLogic 7.0.1.0 on Solaris 8.
  There's a ldap directory generated by default under
  /<BEAHome>/<DomainName>/<ServerName> each time a new server instance
  is created and started up for the first time, along with the server
  log files. I'd like to change the location of this directory, like
  how I can change the server log directory under Logging tab in each
  server in Admin Console, but I can't seem to find it anywhere.
  Can anyone point me to where I can change this configuration or to
  documentation on how to do it?
  Thanks in advance.
  Maggie Hu

• Using JNDI to connect LDAP directory : pb of reconnection

  Hi everybody !
  I really need our help.
  I work with java servlets and i try to connect a LDAP directory with JNDI.
  When i launch my application, and when LDAP server is ready, connection is done, i get data from ldap, everything is ok.
  But when ldap server fails down, and startup, (my application doesn't stop), i can't connect again to ldap (ldap connext is not null). I get an error "Connection reset by peer, socket write error".
  I can't connect, even if i put my context null, and build another context, to get ldap data.
  Maybe its a problem of servlet programmation, or JNDI use, i don't know.
  Any ideas ?? Thanks you so much for your help !
  Here i give my code, to build ldap context (which is equivalent to a connection to ldap) :
  _env = new Hashtable();
  env.put(Context.INITIALCONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDERURL, "ldap://"+_ldapIPAddress+"/o=netcentrex");
  //securite
  env.put(Context.SECURITYAUTHENTICATION, "simple");
  env.put(Context.SECURITYPRINCIPAL, "cn=admin, o=div");
  env.put(Context.SECURITYCREDENTIALS, "admin");
  try
  ldapCtx = new InitialDirContext(env);
  catch(NamingException e)
  System.out.println("ConnectionLdap : Cannot get directory context for LDAP");

  Sorry, no need to reply !!
  I've found my error (3 days i am searching, and its a stupid null ldap address) !!!

• Workflow reviewers in an ldap directory

  Hi,
  I have integrated an ldap directory with UCM as the user/group store.
  I need to create a criteria workflow where the initial reviewer(s) are actually users in the ldap directory. After the intial review, it would be escalated to another higher level group of users, also in the ldap directory.
  i) In this case, how would I be able to have UCM search the ldap store as reviewers? I don't recall idoc script being able to do this.
  ii)What would be the best practice to accomplish this?
  Thanks.

  Blake,
  If I am using a web application model, I would use the following to allow
  "everyone" in my LDAP server to get into certian area's of web applications:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>GeneralEmployee</web-resource-name>
  <description>Employee Resource</description>
  <url-pattern>/process/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <description>Employees only</description>
  <role-name>everyone</role-name>
  </auth-constraint>
  </security-constraint>
  If you are allowing access to this servlet, I would try:
  weblogic.allow.execute.weblogic.servlet.servlets/iclientservlet=bseely,every
  one
  Ken
  "Blake Seely" <[email protected]> wrote in message
  news:3b4c9003$[email protected]..
  >
  <sigh>it's already been a long day: my number is 877-870-4718
  Thanks again,
  Blake
  "Blake Seely" <[email protected]> wrote:
  I have a servlet set up on a WebLogic 5.1 SP 8 server running on NT 4.
  I want that servlet protected so that only company employees defined
  in our Netscape
  LDAP directory can log in.
  If I just want a single user to access, then my access controls for the
  servlet
  are:
  weblogic.httpd.register.servlets/iclientservlet=iclientservlet
  weblogic.allow.execute.weblogic.servlet.servlets/iclientservlet=bseely
  I have set up the LDAP Realm (ldaprealm.properties is attached) and this
  works
  fine for one user. (all lookups, access, etc are anonymous on this
  directory,
  so I didn't specify any principals or passwords)
  But now I need to specify that any user who is in the directory canaccess
  the
  servlet - how do I do that? What do I list in theweblogic.allow.execute...
  line?
  How do I need to change my ldaprealm.properties?
  Thanks - any help appreciated. If anyone has time to give me a call,
  I would appreciate
  that, too.

• Integrating standalone OC with existing 3rd party LDAP directory question

  Hello everyone,
  we have a standalone version 9 Oracle Calendar server with internal directory. We also have an existing enterprise wide LDAP directory. We would like to integrate them together, with as few changes to our existing LDAP schema as possible. Has anyone dealt with this issue before? Are there any documents out there describing how to deal with such situation? What if we upgrade to OC version 10 first?
  Thanks

  Migration might be tricky -
  We've been running Calendar since the Netscape era with external LDAP. Basically user's preferences are stored in LDAP, though these can be 'regenerated' on the fly by the client using defaults.
  You will need to modify the schema, but it's simply as loading the supplied schema file.
  Data itself is still maintained in the internal DB. The link between the DB and LDAP is done via the calendar ID number which gets stored in the user's entry in ldap.
  I don't think it would matter on upgrading OC to 10 or not, since the upgrade would not modify anything on the LDAP side (schema has not changed).
  You should set up a test environment and test it out...

• Access Ldap directory

  Dear All,
  I want to access the ldap directory to get the users' names , but i don't know how to get the ldap password and data required to access it, plz help.
  Thanks alot,
  Marwa

  The SDK works with CCM4 only. However, it shouldn't be hard to rewrite components to work with CCM6 if you look at the list of what has changed: http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Phone%20Services%20for%20Developers&topicID=.ee94c94&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc1020e
  Just grab a copy of the latest developer guide and adapt the code: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/devguide/6_0_1/cucm_devguide.html
  The database schema (here's a link to bookmark immediately - it contains all developer guides for all ccm releases: http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_programming_reference_guides_list.html)
  is also helpful depending on what you do (e.g if you want to know which user is currently logged into a phone by extension mobility).. there's no AXL call for that so you need to make an sql query to extract that information.