Delegated Admin

There's a requirement from my customer that I have to create a group containing only managers and I have to give them only manage user menu item.In that manage user menu item they can see only their reportees and nothing else.
So I created a delegated group called managers and gave them the manage user menu item.When I login in OIM as one of the member of the group I get to see the menu item in the web console but when I search besed on user id I get the following error
Your search did not return any results.
Try again.
So guys please help with this and in the manage user filter i dont need all other attributes like search based on userid,employee no etc

Look at tjspSearchUser.jsp in xlWebApp/pages and tjspSearchUserTiles.jsp in xlWebApp/tiles , you could make your custom code based on it then you could create a new menu item for your custom search criteria only for your managers
Oracle has a workshop explaining these customizing task, i don't know if it is public content.

Similar Messages

  • Delegated Admin and non-flat user/group structures

    Hello, I am trying to build a directory structure with several containers under an organization used to store different portions of userdata and group data (i.e. not only ou=people and ou=group, but also a few ou's like them). Server software is from OUCS 7u2 release. Users in "other" containers are populated into LDAP (ODSEE 11) by replication, filling in all the same attributes as a freshly DA-created account has.
    The Delegated Admin interface and other parts of the software accept this and work okay with this setup, displaying user information, allowing logins and so on - except for attempts to edit user accounts in the alternate containers in the DA (i.e. add/remove service packages, change quotas, etc.). First I've verified that this is not an LDAP problem - I can use both command-line ldapmodify and an LDAPBrowser GUI to edit the entries with no hiccups.
    I tracked that when trying to save account information for accounts in non-standard containers, the DA still tries to use a hard-coded path (i.e. uid=USERNAME,ou=people,o=DOMAINNAME,dc=DOMAIN,dc=NAME) despite the fact that the user account is (and DA displayed it from) uid=USERNAME,ou=morePeople,o=DOMAINNAME,dc=DOMAIN,dc=NAME.
    Possibly, this "hardcoding" stems from DA configuration in WEB-INF/classes/sun/comm/cli/server/servlet/serverconfig.properties which does list components of the LDAP structure:
    # Ldap configuration.
    # List of ldap hosts. Form is <ldaphost>:<portnumber>. (Default port = 389)
    # add additional hosts with ldaphost-<consecutive number>
    # Schema type is either "1" or "2".
    # Reconnect interval is in seconds
    # Group and people container is dn from organization dn (e.g ou=people)
    ldaphost-1=oucsldap01:389
    ldaphost-2=oucsldap02:389
    ldaphost-suffix=dc=DOMAIN,dc=NAME
    ldaphost-dcsuffix=dc=DOMAIN,dc=NAME
    ldaphost-maxcount=50
    ldaphost-schematype=2
    ldaphost-reconnectinterval=60
    ldaphost-peoplecontainer=ou=People
    ldaphost-groupcontainer=ou=Groups
    ldaphost-orgadminrole=cn=Organization Admin Role
    While the organization root dn is not explicit here (and shouldn't be), the default people container is... I might guess a coding error logic like this: indeed, the "ou=People" container should be used by default when creating a user via DA; as a likely error, it might also be used when editing existing users - instead of their existing full DN/parent DN.
    Questions:
    1) Does anyone have a working configuration with several user/group containers within an organization like this? Would you care to share details and workarounds, if were needed?
    2) I think that possibly the "shared domain/organization hosting" mode might help here - at least it is expected to have several LDAP trees with their delegated administrators performing as a single e-mail domain. Before I go and reconfigure everything, I'd love to hear if there are any success stories with this route? Is it a proper solution (or THE solution) for such config?
    Thanks,
    //Jim Klimov

    I wanted to follow up that reconfiguring the directory structure according to shared domain hosting, with branches for ISW-synchronized accounts as one of the sub-organizations which share the domain, and manually created OUCS-only accounts being in another sub-organization. This works for both messaging components and the DA, as long as UIDs are in ou=People in their organization. Somewhat unfortunately, ISW config seems to allow only one DSEE target branch and puts groups (CN) there as well. Well, for our needs to edit user attributes and service packages via DA, this suffices. Sometimes there are hiccups (Can not save changes), but they are intermittent and harder to trace debug; usually go away with restart of the DA web container. The DSEE LDAP instances are configured with plugins to enforce uid uniqueness across the organization and uniqueness of values of messaging email address attributes (mail, mailAlternateAddress, mailEqiuvalentAddress) to avoid mixups between user accounts in different branches.
    Also, we had a problem with Calendar server after migrating the LDAP entries: since our deployment used the nsUniqueID for calendar user identification, relocation of entries (the way we did it) generated new values for new entries and users got new empty caledar databases. On this POC this was not a major problem, and newer OUCS releases with a davUniqueID attribute should specifically be immune to this problem. However, for others trodding this path I can suggest that they export the LDAP database into LDIF including the unique IDs, recreate the suffixes as needed (the ISW target organization in DSEE should be a separate LDAP database suffix), change the LDIF entry pathnames, and import the LDIF anew. This would wipe old LDAP data and should add old nsUniqueIDs to relocated entries (unlike recreation via ldapadd or relocation via ldapmodrdn).
    We have also hit a problem with DA refusing to render the list of accounts (returning 0 or 25 empty entries in a table). The LDAP logs showed that on the LDAP side all is ok, and expected amount of replies was located. Pattern searches often produced the proper table with a subset of users in DA. Ultimately, we linked the problem to ISW binary base64-encoded attributes (dspswuserlink et al; some of those values also garbaged output of commadmin queries in a terminal) and created an LDAP ACI which forbade our DA-admin user to read,search,compare these attributes. This solved the problem for us. I wonder if a more generic solution is possible, so as to apply this ACI not to an explicitly named admin user but to any users with DA admin privileges (by group or role? which string, to cover them all in advance)? Or, perhaps, nobody except the ISW user account should see these ISW attributes?
    Hope this report helps others who would try to pioneer this path of messaging integration
    //Jim Klimov

  • Can't login to Delegated Admin after redeploy

    I originally had Delegated Admin 6.4 running on port 80 in Webserver 7u3 along with AM, and UWC. I needed to move DA off of port 80 so I created another Webserver instance on port 81 and then uninstalled and reinstalled Delegated Admin against the new instance. In the configurator I specified port 80 where it asked about Access Manager and port 81 where it asked to deploy DA. Now I cannot login to DA. It keeps telling me: "Invalid login ID or password, please try again". The ID and password are correct. No LDAP traffic is being generated during the attempted login. I turned on DA logging and this is what I get:
    Aug 23, 2008 4:43:39 PM com.sun.comm.da.security.DALoginManager login
    INFO: Login failed, login id [admin]
    com.sun.comm.jdapi.DAException: Moved Temporarily: Moved Temporarily
    at com.sun.comm.jdapi.DAConnection.liveAuth(DAConnection.java:88)
    at com.sun.comm.jdapi.DAConnection.authenticate(DAConnection.java:130)
    at com.sun.comm.da.security.DALoginManager.login(DALoginManager.java:209)
    at com.sun.comm.da.view.LoginViewBean.handleLoginButtonRequest(LoginViewBean.java:212)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
    at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
    at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
    at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
    at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
    at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
    at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
    at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:816)
    at com.sun.comm.da.DAServlet.service(DAServlet.java:152)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
    at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
    at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:133)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
    at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
    at com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)
    Here is a sample of what I get when I run commadmin:
    ./commadmin -v search domain o=xyz.com
    [Debug]: DBG:Object = search ; task = domain
    [Debug]: default domain from Properties: xyz.com
    [Debug]: IShost from Properties: webmail.xyz.com
    [Debug]: ISPort from Properties: 80
    Enter login ID: admin
    Enter login password:
    [Debug]: Contacting : http://webmail.xyz.com:80/commcli/auth
    [Debug]: To servlet: domain=xyz.com&username=admin&password=xxxxxxxx&charsetenc=UTF-8
    [Debug]: Http Error recvd: Moved Temporarily
    Moved Temporarily: Moved Temporarily
    Invalid value for Identity server host name: webmail.xyz.com
    Invalid value for Identity server port: 80
    Enter Identity server port[80]:
    Any ideas?

    sheger77 wrote:
    I originally had Delegated Admin 6.4 running on port 80 in Webserver 7u3 along with AM, and UWC. I needed to move DA off of port 80 so I created another Webserver instance on port 81 and then uninstalled and reinstalled Delegated Admin against the new instance. In the configurator I specified port 80 where it asked about Access Manager and port 81 where it asked to deploy DA.As per the administration guide, Delegated Administrator server needs to be installed in the same web-container/instance as Access Manager.
    http://docs.sun.com/app/docs/doc/819-4438/acfck?a=view
    "The Delegated Administrator server uses the same Web container as Access Manager. The configuration program asks for Web container information after it asks for the Access Manager base directory."
    [Debug]: IShost from Properties: webmail.xyz.com
    [Debug]: ISPort from Properties: 80The commadmin client is trying to contact the DA server which is supposed to be installed in the same Web container as Access Manager
    (hence the use of IShost/ISPort):
    [Debug]: Contacting : http://webmail.xyz.com:80/commcli/auth
    [Debug]: To servlet: domain=xyz.com&username=admin&password=xxxxxxxx&charsetenc=UTF-8
    [Debug]: Http Error recvd: Moved TemporarilyCan't contact DA server so attempt fails.
    Regards,
    Shane.

  • From schema 1 to schema 2 migration delegated admin problem

    I want migrate from schema 1 to schema 2 the messaging server 6.2 ( jes 2005q1).
    I have install access manager and delegated admin.
    With the commdirmig I migrate the domain and schema , the messaging work correctly.
    I have a problem with the delegated admin web interface.
    The delegated don't view my domain. If I add the sundelegatedorganization objectclass I can view my domain on delegated admin but I can view user and group.
    Any Idea?
    TIA
    Bye Giovanni

    There are two very different products called "deletaged admin". The old iPlanet Delegated Admin (iDA) only works with Schema 1. The current Delegated Admin, that comes with JES3 only works with Schema 2.
    If you're using the old iDA that worked with schema 1, it won't work with schema 2. You have to install the new DA for that.
    It doesn't work with groups/lists, only with users and domains.

  • While installing IMS on p4, the delegated admin, MTA and IWS6.0 could not be started

    I am installing IMS 5.1 NT version on a p4 machine and my MTA services are not starting, i searched for the IMTA.conf file but that was not found. Also the IWS 6.0 that was installed additionally for the upgraded JVM is not getting started , and the delegated admin through the browser could not be accessed

    I am installing IMS 5.1 NT version on a p4 machine and my MTA services are not starting, i searched for the IMTA.conf file but that was not found. Also the IWS 6.0 that was installed additionally for the upgraded JVM is not getting started , and the delegated admin through the browser could not be accessed

  • Delegated Admin reports strange number of users

    I recently noted that our Delegated Admin (Delegated Administrator 6.4-2.05, B2008-04-29) Organizations page
    (the one which lists the hosted domains and particularly their "Number of Users") lists this number plain wrong.
    For many organizations it is reported as 0 or 1, for one there's a blank line, and only one seemingly has 39 users.
    When I click on organizations however, I see their full lists of users (I believe, ones which have a non-empty mail
    attribute set in LDAP) and there are tens in most orgs and over a hundred accounts in the larger org.
    What is wrong? Does DA's Organization-List page use some other means of counting the users than the individual
    Organization's page?

    JimKlimov wrote:
    In fact, while importing our old server, I did initialize most domains' users via
    ldapclient queries as discussed on-list in mid-2008. Nobody said that there
    are other static values outside of a user's account data :)The sunnumusers: attribute is commonly overlooked -- primarily because it is for admin-interface purposes only and doesn't impact on the operation of user accounts.
    Is it possible to replace this value of sunnumusers by a dynamic search (or
    counter), either in the GUI code or perhaps in the LDAP attribute?No. Any such dynamic search would have an adverse performance impact on the DA interface for large environments.
    What is the logically correct value, the count of users with mail attribute set?If you want the sunnumusers: to match the number of users displayed when you click on the organisation in the "Organizations" tab then you would count the users which matched the following search for the domain:
    ""(&(uid=*)(&(objectClass=inetuser)(|(inetUserStatus=active)(inetUserStatus=inactive))))""
    Regards,
    Shane.

  • Delegated admin login problem

    I am running Iplanet messaging server 5.2 and am having problems loging into the delegated administrator. When I try to log in as ServiceAdmin I immediately get a screen telling me that the session has timed out and to re-authenticate.
    Any ideas what is wrong?

    Unknown. Not nearly enough data to guess.
    Please examine your LDAP access logs, and comment.
    You should be looking for BIND commands for "NDAdmin". This is the first step in logging into Delegated Admin. If this fails, no user will be able to use DA.
    Do you have password expiration set up in DS? did you remove this account? Change the pw?

  • How do I suite Delegated admin to my LDAP structure

    Hello All
    I've been working in a customer's Mail server (messaging 5.1, Directory 4.16) and I am having a problem with ida.
    All the users are on:
    ou=001,o=Student, o=People, o=acme.com,o=acme.com
    And, the user's mail is [email protected]
    Now, with Branch ou=998, o=Student, .....
    They want all the users to have an e-mail address of the form [email protected] (DONE) and they want to have an administrator to handle the users in this ou
    I tried to setup a mail domain with Delegated admin but, I see no way of mapping this new domain to this ou (ida expects things to be in the dc= subtree that doesn't even exist)
    Anyone has any ideas?
    Thanks
    //JaimeC

    The image which appears in the Store page is referenced in the 'itunes:image' tag. This tag is present in your feed but the URL is of your website. You need to create an image, which should be 1400 x 1400 and either JPG or PNG, and reference it in this tag. I don't know anything about 'Podcast Suite': probably it has somewhere to enter the image details.

  • Using Mail, Calendar and Delegated Admin

    I�ve installed mail, calendar and delegated admin for one of the domains I�m hosting.
    I can�t figure out where I can adjust the settings for service packages ex earth. I�d like to have 60 mb mail box in stead of 6. (Changing this on user level in LDAP is not an option.)
    Any one who can give me some tips about where to change this?
    Tnx.
    Kristian

    Sounds like you need to change one of your Service Package templates. Alas, I've not had time to dive into that.
    There is a default config setting for quota, that's global. If you set that, and don't put anything into the user's individual ldap entries, then everybody gets that quota:
    store.defaultmailboxquota
    http://docs.sun.com/app/docs/doc/819-2651/6n4u5ce7i?a=view

  • XI3.1 and delegated admin?

    hi,
    we have two distinct project. each project must have delegated admin (manage user and group) : each admin must see only its users and groups...
    we have apply this :
    1/create specific admin groups
    2/ create specific acces level (view object/general +add objects/content folder all rights/system user all rights/system usergroup)
    3/ on user and groups/manage top level security/all group :
    add the two admin groups and apply acces level
    4/ on each group and subgroup remove acces on the admin group that does not (because each admin group is  in inherited rigth...)
    this work, but not for for user level, delegated admin can't create user and if we apply top level security acces level , the admingroup can see ALL user. it's not that we want...
    have you ideas?
    thank's

    Hi Phil!
    I think it is designed as is - but did you try to use Windows AD Groups.
    You can enable specific windows AD groups to BO. These will be created automatically the first time they logon, or you can trigger an AD refresh. So the users are created automatically.
    You admins could then have the rights to see the users only and  to see/edit their own set of Groups, where they can put these users to. Also you can define which admin sees which objects (reports, universes, connections, ...)
    But: you will get an issue if you loose/change your AD connection to your server, then everything must be redone.
    ciao Hakan

  • Delegated Admin and User Management in WLP 9.2

    Hi,
    I've made Delegated Administrator role and a user for it. The user is Delegated Admin for our users and groups. Still that user cannot create new users, only new groups.
    The error message that shows when creating new user is "The subject does not have access to the specified group".
    What should I do to make it work ?
    Regards,
    Tanja

    Unfortunately, you've run into a bug in the product. See CR282051 in the WLP 9.2 release notes.
    http://edocs.bea.com/wlp/docs92/relnotes/relnotes.html#wp1147925
    If you have a support contract, you might be able contact BEA Support to see if a patch might be available.

  • Delegated Admin login fail

    I installed Solaris 9 05/9 and JES05Q4 in a Sun Fire V440 recently.
    I chose these components only:
    Directory server
    Administration server
    Web server
    Access manager
    Messaging server
    Delegated administrator
    Directory preparation tools
    I can use commadm to created users after installation and initial configuration, but I can't login to the delegated admin with any account. http://server.mydomain.com/da/DA/Login
    After I check the DA log file, it shows:
    WARNING: User &#91;admin&#93; has no valid role assigned, aborting login
    What kind of role required for da login ?
    Thanks in advance for any help.
    dx

    I recommend that you post your question to the Messaging Server forum (also listed at the bottom of the Java ES forums page):
    http://swforum.sun.com/jive/forum.jspa?forumID=15
    You might also want to search that forum for similar problem reports.

  • Appserver dies (Delegated Admin)

    Hi,
    Running an instance of the Messaging Q12005. No additional patches installed after installation. The problem we are facing is that periodically (once or more a day) the Delegated Admin web access is not reachable. It seems that the App. Server process dies because when I try to stop the App server using asadmin , it replies that it is not running, so after restarting the App server and the Access Manager admin server also restarted, the Delegated Admin Web access works again.
    Any idea why this is hapenning ?

    Alas, I don't know much about troubleshooting App Server. Last time I even looked at it, I vaguely remember that it should be restarting itself.
    I use the web server, as a container for DA,and have no such issues.
    Does App Server dump core? Are you configured so it can? Have you opened a tech support case for this?

  • Cpu high while installing delegated admin 2nd instance.

    Hi,
    I am using Sun JES 2005Q1 on Solaris9 sparc platform.
    AM, Delegated Admin & MEM are running on 1 host which is working perfectly.
    I have installed another instance of AM on another host which is also working perfect.
    Whenever I try to install 2nd instance of Delegated Admin, the cpu utilization of my ldap server goes very high (98%) and installation doesnt proceed.
    I have increased the nsslapd-allidthreshold value from 4000 to 15000.
    Also indexing of attributes are already done.
    But still no luck for me.
    I am getting error logs on ldap server "search is not indexed".
    Can anyone help me out ?
    Regards,
    Shujaat Nazir Khan
    Senior System Engineer
    Cyber Internet Services (Pvt.) Ltd.

    The access manager has the same "oversight" but it was easy enough to fix by adding WS_ADMINHOST=admin.dom.tld to the amsamplesilent, and sed -i 's/--host=$WS_HOST/--host=$WS_ADMINHOST/g' to amws70config and amconfigupdate, and things actually worked when I did this (with a little more hackery, like manually editing mime.types and server.policy). This DA configurator is less straight forward, and when I fixed up the files and reran the failed scripts, things didn't work.
    Does it make sense to run the administration server in its own zone/machine from an architectural standpoint? There has to be at least one admin server, so is the point AM/DA makes "it may as well be running on the node that _requires_ it to be running" versus "separate services into logical partitions?" It seems to me the first option is "good enough" while the second makes sense, but I'm looking for confirmation or further input.

  • Delegated Admin web application only requests first 100 accounts?

    Hi,
    - Sun Java System Messenger Express 6.2
    - Delegated Administrator 6.3-0.09 built Sep 6, 2005
    Is this true that the Delegated Admin (DA) web application only requests first 100 accounts?
    Once logged in to DA web application, we only see "Retrieved Users (100)" if we want to see all users; but if we do a search on uid or username, all other users are retrieved.
    One of the admin gave us the following response:
    This is not a directory-related problem, but rather a matter of the design of the DA application you are using. The web-based java app only requests the first 100 accounts from the directory (presented by default as 10 pages of 10 accoints each.) , since you're supposed to be using the search facility to find accounts when you need to modify or delete them.
    This is a deliberate design choice by the Sun programmers who wrote the thing, probably because the directory is capable of holding several thousand accounts and pulling them all would take quite a bit of time (not to mention memory space), so in the interest of response-time speed they limited the data pull.
    I cannot modify this application's functionality. If you need a list of all user accounts in your domain, I can supply an LDIF on request, with any attributes (mail, uid, cn, etc.) that you like.
    Please let us know if there is any way we can view all users (approx. 1000) from DA web application.
    Thank you for your time,
    GJ

    Yes, the terminal commands I gave are changing permissions.
    Properly written OS X apps should run under any user account, and should store any account-specific information in the each user's home folder. Some poorly written apps might only be executable by the administrator. Running the first command I have will make the app executable to all users.
    Some even more poorly written apps will write user data into the application itself rather than to the user's home folder. This is a particularly bad problem with game software, which for example might write high score info into the app itself. If this is the case for your misbehaving apps, the second command I gave will make the app writable by everybody and should solve the problem.

  • Delegated admin problems with 5.2

    I just installed iMS 5.2 and the delegated admin server. i'm using Direct ldap, my ldap server is on another machine. my problem is, i cannot log into the delegated admin at all, using any account.
    my ldap error log tailed no entries.
    this is the ldap access log:
    [17/Feb/2006:09:24:00 -0500] conn=250 fd=60 slot=60 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:09:24:00 -0500] conn=250 op=0 BIND dn="uid=NDAUser, ou=config, o=ida" method=128 version=3
    [17/Feb/2006:09:24:00 -0500] conn=250 op=0 RESULT err=32 tag=97 nentries=0 etime=0
    [17/Feb/2006:09:24:00 -0500] conn=250 op=1 BIND dn="" method=128 version=3
    [17/Feb/2006:09:24:00 -0500] conn=250 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    [17/Feb/2006:09:31:31 -0500] conn=251 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:09:31:31 -0500] conn=251 op=-1 fd=61 closed - B1
    [17/Feb/2006:09:41:31 -0500] conn=252 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:09:41:31 -0500] conn=252 op=-1 fd=61 closed - B1
    [17/Feb/2006:09:51:30 -0500] conn=253 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:09:51:30 -0500] conn=253 op=-1 fd=61 closed - B1
    [17/Feb/2006:10:01:30 -0500] conn=254 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:10:01:30 -0500] conn=254 op=-1 fd=61 closed - B1
    [17/Feb/2006:10:02:49 -0500] conn=255 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:10:02:49 -0500] conn=255 op=0 BIND dn="uid=NDAUser, ou=config, o=ida" method=128 version=3
    [17/Feb/2006:10:02:49 -0500] conn=255 op=0 RESULT err=32 tag=97 nentries=0 etime=0
    [17/Feb/2006:10:02:49 -0500] conn=255 op=1 BIND dn="" method=128 version=3
    [17/Feb/2006:10:02:49 -0500] conn=255 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    [17/Feb/2006:10:11:31 -0500] conn=256 fd=62 slot=62 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:10:11:31 -0500] conn=256 op=-1 fd=62 closed - B1
    Thanks in advance for any help anyone can give. i know i'll need to provide more detail so if you need any info i'll be happy to divulge it, i just thought this would be an ok starter. I do need some help with this, I just want to get this working.
    Thanks in advance for any help.

    The old iPlanet Delegated Admin uses a special account itself, rather than the one you use to log in as.
    I see that login failing:
    [17/Feb/2006:10:02:49 -0500] conn=255 op=0 BIND dn="uid=NDAUser, ou=config, o=ida" method=128 version=3
    [17/Feb/2006:10:02:49 -0500] conn=255 op=0 RESULT err=32 tag=97 nentries=0 etime=0
    err=32 means, "no such object". This means that this user, NDAUser has been deleted, as have some of the entries above that.
    A failure to bind or locate an entry is not "an error" to Directory Server, it's a failed lookup or failure to bind. Nothing like this is going to be logged into the errors log.
    It's still clearly the problem....
    The password for NDAUser is in clear text in your iDA config file, "resource.properties" Likely, you could create the user and password, or you coule reinstall Delegated Admin.
    If you haven't downloaded the later version, 1.2p2, I STRONGLY recommend that you uninstall the version that came with Messaging 5.2, and install the later one.

Maybe you are looking for

  • Printing ⎮ 10 x 15 big problem

    hi, this is a desperate plea for help. i am a european user of aperture and i am having big trouble printing 4 in x 6 in prints. we use the same format it france, and we call it 10 cm x 15 cm even though the exact measurements are 10.159 cm x 15.238

  • Insert date in dd-mmm-yyyy format

    I have a jsp page, from that i can enter values in oracle database. my jsp page is working, but the problem is that it can only accept the date dd-mmm-yyyy format. i.e 20-jun-2004, but when i enter date in dd/mm/yyyy format i.e 20/06/2004, it does no

  • Tiger / Compressor 1.2.1 and MPEG-2 output - How to avoid jumpy video.

    This post is to summarise my experience with compressor and mpeg2 transcoding in the hope that it will save someone else time and help them avoid similar problems. I recently transcoded a series of mpeg2 files to a lower compression setting using com

  • Badi or Transaction TO update the NAST-TDCOVTITLE in transaction ME22N

    Hi Friends, I want to change the Title of the Purchase order in the SPOOL.Currently it is coming as "Purchase order created". But i am looking for the user exit or BADI, where i can write a code,so that title of spool should come as "Purchase order 4

  • Macbook Pro freezes ALL THE TIME...not even a month old

    What is the deal? I got the Macbook Pro because it was supposed to be the best computer, and literally I can't do anything on it beause it is constantly frozen with the spinning color wheel. I HATE it. It's the most non productive notebook i have eve