Direct Ldap configuration mismatch....
I am running directory server 5.1 and messaging server 5.2.
I have one message store (msA.example.com) for users to retriew mail and it queries directory master server (dsA.exaple.com) with direct ldap configured.
I am configuring another messaging server (msB.example.com) with smtp authentication for same users to send mail through that and it queries another ldap consumer server (dsB.example.com).
dsB is replicated by dsA immediatly after any modification done to dsA. My present setup works fine if msB is configured on dirsync mode, but I want to configure it to use direct ldap from dsB.
When I try to send email via msB (with direct ldap enabled) it waits a long time after (smtp) authentication and then terminated with "server unexpectedly terminated the connection" message on outlook client. I can not see any message on mail.log_current.
All my direct ldap settings are correct and compiled properly.
Later I found that when I comment the
" $* $E$F$U%$[email protected]$V$H " line on imta.cnf file it works fine, ie. without any delay message is delivered.
(But this has to be uncomment with direct ldap mode according to the sun documentation)
Can anyone clarify this? I could see even without uncommenting the above line direct ldap works fine!
Thanks for replys...
But I tried with the way that you mentioned, but still the problem persists.
No any message on DEBUG logs.
But I have some more thing to tell....
When I first install the messaging server (msB), I used the dsA as the ldap server. So after installation I got gelow results with configutil.
local.ugldaphost = dsA.example.com
local.ldaphost = dsA.example.com
local.service.pab.ldaphost = dsA.example.com
Since I want to use ldap queries from dsB, I change user lookups to dsB
Then the output was,
local.ugldaphost = dsB.example.com
local.ldaphost = dsA.example.com
local.service.pab.ldaphost = dsB.example.com
Do you think this cause thye error?
I can not use dsB for local.ldaphost since it causes the msB not usable. What I only need here is to get the user lookups from dsB.
Similar Messages
-
MTA Direct LDAP Lookup Configuration
Does the MTA Direct LDAP Lookup permit the use of the short login under a multiple domaine configuration ???
Selim:
Direct LDAP only applies to the "MTA" portion of Messaing Server. Means SMTP processing.
Usually, "short form login" is talking about logging in to get messages, via IMAP, POP, or HTTP.
To get "short form", or login without domain portion of User_ID, you need to use the MMP, as it can provide the long form to the mail store. -
MQ + OpenLdap: Any working example of LDAP configuration?
MQ + OpenLdap: Any working example of [LDAP configuration], [LDIF initial data] and [imobjmgr addTopicFactory/addTopic command] files ?
I'm using Sun MQ3.5 + OpenLdap2.2.20 as jndi remote binding mechanism.
I've unsuccessfuly tryed to add a Topic Factory!
Running the command
imqobjmgr -i add_ldap_topic_factory.poperties
I get such an exception:
javax.naming.OperationNotSupportedException:
[LDAP: error code 53 - no global superior knowledge];
remaining name 'cn=myTopicConnectionFactory'
This is the test configuration adopted using rootdn user to write to LDAP repository:
#slapd.conf
include /usr/local/etc/openldap/schema/core.schema
database bdb
suffix "dc=imq,dc=com"
rootdn "cn=Manager,dc=imq,dc=com"
rootpw secret
directory /usr/local/etc/openldap/var/openldap-data
index objectClass eq
#test.ldif
dn: dc=imq,dc=com
objectClass: dcObject
objectClass: organization
dc: imq
o: imq
#add_ldap_topic_factory.poperties
version=2.0
cmdtype=add
obj.type=tf
obj.lookupName=cn=myTopicConnectionFactory
obj.attrs.imqAddressList=mq://localhost:7676/jms
objstore.attrs.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
objstore.attrs.java.naming.provider.url=ldap://localhost:389/o=imq
objstore.attrs.java.naming.security.principal=cn=Manager,dc=imq,dc=com
objstore.attrs.java.naming.security.credentials=secret
objstore.attrs.java.naming.security.authentication=simple
Thanks for any suggestion,
SilvanoAgreed.
I've been wanting to test the steps and write a tech article on this
and post it to somewhere on sunsolve.sun.com but have not had
time yet.
In any case, the instructions Ken-shi gave are below including
the 3 files (etang.ldif objectstore.properties slapd.conf). Not sure
how messy this posting can get due to size of files.
I'd much rather point you to a sunsolve article but don't want
to make you wait. When I do post the sunsolve article, this thread
will be updated with a ptr to it.
===Begin instructions===
Attached please see my working configuation files.
1.Modify your OpenLdap configuration. (see slapd.conf)
start OpenLdap: ./slapd
2.Modify you initial data.( see etang.ldif)
load initial data: ldapadd -x -D "cn=Manager,dc=etang,dc=com" -W -f
etang.ldif
3.ObjectStore properties ( see objectstore.properties )
create your object store with "Administration" GUI on windows;
while creating destinations or connection factories, be sure that the
lookup names start with "cn=".
===End instructions===
===Begin etang.ldif===
dn: dc=etang,dc=com
objectClass: dcObject
objectClass: organization
dc: etang
o: Etang Corporation
description: The etang corporation
dn: cn=Manager,dc=etang,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: o=IMQ,dc=etang,dc=com
objectClass: organization
o: IMQ
dn: ou=imqusers,o=IMQ,dc=etang,dc=com
objectClass: organizationalUnit
ou: imqusers
dn: cn=admin,ou=imqusers,o=IMQ,dc=etang,dc=com
objectClass: person
cn: admin
sn: admin
userPassword: admin
dn: cn=guest,ou=imqusers,o=IMQ,dc=etang,dc=com
objectClass: person
cn: guest
sn: guest
userPassword: guest
===End etang.ldif===
===Begin objectstore.properties===
java.naming.provider.url ldap://10.1.0.195:389/o=IMQ,dc=etang,dc=com
java.naming.factory.initial com.sun.jndi.ldap.LdapCtxFactory
java.naming.security.principal cn=admin,ou=imqusers,o=IMQ,dc=etang,dc=com
java.naming.security.authentication simple
java.naming.security.credentials admin
===End objectstore.properties===
===Begin slapd.conf===
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
include /usr/local/openldap/etc/schema/core.schema
include /usr/local/openldap/etc/schema/cosine.schema
include /usr/local/openldap/etc/schema/inetorgperson.schema
include /usr/local/openldap/etc/schema/dyngroup.schema
include /usr/local/openldap/etc/schema/java.schema
include /usr/local/openldap/etc/schema/nis.schema
include /usr/local/openldap/etc/schema/misc.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/openldap/var/run/slapd.pid
argsfile /usr/local/openldap/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/openldap/libexec
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
# rootdn can always read and write EVERYTHING!
access to * by * write
# ldbm database definitions
database bdb
suffix "dc=etang,dc=com"
rootdn "cn=Manager,dc=etang,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/openldap/var/openldap-data
# Indices to maintain
index objectClass eq
===End slapd.conf=== -
IMS52 (with Direct LDAP Mode) Directory Failover
I would like to configure all components of iMS5.2 for Directory Server failover. That should include (Direct LDAP) MTA, Messaging Express, authentication, Personal Address Book, Delegated Administration, etc.
What are all the settings I need to configure for any of these components to failover to an alternate directory server?
Thanks,
Fred./configutil -o local.ugldaphost -v "host.domain,host.domain,host.domain"
See the 5.2 Reference Manual, Chapter 4 for all of the configutil variables. -
Problem with LDAP configuration in Enterprise Manager
Hi all,
I'm new at Java CAPS. After install some pieces of Java CAPS now I'm trying to install and configure a Sun Java System Directory Server 5.2 in our environment.
I've already configured the Repository and the Logical Host to work with the ldap, but I have some troubles to do it with the Enterprise Manager.
I followed the instructions of the Administrator guide about the changes to do in web.xml and ldap.properties of the sentinel app but when I do login the Enterprise Manager I can't see the options of the tree to manage servers or users.
It seems that the app don't recover the user roles. I think so becouse I tried to create one user without roles (in normal authentication, without ldap configured) and when I did login in the result was the same.
At the beginning of the process I created the roles 'all', 'administration' and 'management'. However I tried to copy de roles of the Tomcat authentication from 'tomcat-users.xml' to ldap roles, but it doesn't work.
Anyone could help me?
Thanks in advance, and sorry for my rudimentary EnglishCheck that you have the correct Preferred Credentials with Logon as batch job if this is windows. Also check the correct configuration with regards LDAP integration for you platform.
-
LDAP configuration using AD in EP complete details steps
Hi gurus,
Can anybody provide me complete details
step to configur UME and LDAP configuration
THanks
HappyHi,
Below is the configuration for UME-LDAP. In configtool you have to do this configuration.
ume.ldap.access.server_name : <servername>
ume.ldap.access.server_port : <enter the port>
ume.ldap.access.user : <user>
ume.ldap.access.password : <password>
ume.ldap.access.base_path.user :
Ume.ldap.access.base_path.grup :
Refer the link for more info on LDAP configuration.
http://help.sap.com/saphelp_nw70/helpdata/en/63/14f5b51a6eff429f2d8b2063400e82/frameset.htm
Thanks
R.Murali -
Embedded LDAP configuration in Portal
Hi,
I am currently working on WL10.1MP1, and need to know the probable files involved in Embedded LDAP Configuration in the domain.
Can anyone let me know.
Regards
LakshmiHi Lakshmi,
Default configurations are part of config.xml, security.xml and ldif files in security folder and files in data/LDAP folder in Admin Server.
Vishnu -
OBIEE Start/Stop Services failed(After LDAP Configuration)
Hi ,
We made some changes(that is we have added new OID
and configured the new OID based upon the Oracle BI security guide which is in Oracle Site
) to the LDAP configuration in OBIEE web console and it prompted for a restart of the OBIEE services . when we tried restarting the services we are not able to stop all the services . Please find the attached log files .
Note:
1.unable to kill the process ID
which is releated to OBIEE 11.1.1.6.0 services..
2.We have follwed the section 3 in the below link to configure the LDAP : http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/toc.htm.
Please find the below error details in short form and kindly find the attahced file(file name) for more details
Error:
Caused By: oracle.security.jps.service.igf.IGFException: JPS-02597: You configured a custom Authentication Provider or WLS generic LDAPAuthenticator, which the libOvd can not recognize. Supply the idstore.type property in jps-config.xml file, or use a specific WLS LDAP Authentication provider that matches your LDAP server instead of a generic one.
at oracle.security.jps.internal.api.identitystore.IdentityStoreConfigurationUtil.checkIdStoreTypeLater(IdentityStoreConfigurationUtil.java:819)
at oracle.security.jps.internal.api.identitystore.IdentityStoreConfigurationUtil.getLibOvdLdapPushData(IdentityStoreConfigurationUtil.java:524)
at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider$1.run(OvdIGFServiceProvider.java:232)
at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider$1.run(OvdIGFServiceProvider.java:229)
at java.security.AccessController.doPrivileged(Native Method)
Truncated. see log file for complete stacktrace
>
<Jan 29, 2013 6:39:05 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Jan 29, 2013 6:39:05 AM CST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Jan 29, 2013 6:39:05 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state cha
Error Codes
Problem Category/Subcategory
BI EE Platform Administration/Administration Tool
Uploaded Files
File: nohup.zip:134848
Template Question Responses
1) ### Admin Tool version ###
2) Are you running Oracle Business Intelligence Enterprise Edition using virtualization or partitioning technologies (for example, VMWare) ?
No
3) If yes, please provide the product used and its version.
4) ### Documentation Used ###
5) ### Impact on Business ###
Edited by: 919942 on Jan 31, 2013 5:10 AM"JPS-02597: You configured a custom Authentication Provider or WLS generic LDAPAuthenticator, which the libOvd can not recognize. Supply the idstore.type property in jps-config.xml file, or use a specific WLS LDAP Authentication provider that matches your LDAP server instead of a generic one."
Looks like the config you entered was a tad off. Any chance you can roll back by restoring the original files from before the change?
$FMWH/user_projects/domains/yourdomain/config/config.xml
$FMWH/user_projects/domains/yourdomain/config/fmwconfig/jps-config.xml
In the config.xml, inside the <realm> tag yo ushould find your authenticaiton providers and there's two important things for your new one to check:
1.) xsi-type="wls:..." <-- This should be your OID type rather than a generic (or wrong) one
2.) If you're not 100% sure about the config or don't want to immediately shut out native WLS users or want to retain them (both OID and WLS LDAP considered valid), then PLEASE make sure that you run your new authenticator with <sec:control-flag>SUFFICIENT</sec:control-flag> and don't make it REQUIRED since otherwise you won't be able to bring anything up anymore if a single parameter in the authenticator config is off...
Also, check out what Tony wrote together a while back: http://www.peakindicators.com/index.php/knowledge-base/115-oracle-bi-11g-security-troubleshooting
Update:
Should have read the error message more carefully...looks like you actually just slipped by one line in the authenticator config and chose "OracleVirtualDirectory" instead of "OracleInternetDirectory" since it tries to use the libOvd rather than the OID one.
Edited by: Christian Berg on Jan 31, 2013 2:58 PM -
Hi Jay,
I am having a problem with the switch to Direct LDAP. I am finally doing it on my production server. Using ldap 4.16 currently. Once I get this working I am upgrading to 5.2
We have a server that holds messages until a user releases them. This server is called ewall.mydomain.com.
They get a message in their inbox that allows them to click on a link to send the ewall server a message to release the held mail.
the link would look like this:
[email protected]
(all on one line)
This worked just fine in dirsync mode but after switching to Direct Ldap I get an 5.1.1 unknown or illegal alias when the user tries to send the message. If I switch back to dirsync mode it works fine again. Everything else is working fine.
Any ideas?
Thanks
DonWell, it means that for some reason, your [email protected]
user isn't being picked up in the direct ldap.
It could be that your domain is "mydomain.com", and the user is in "ewall.mydomain.com". dirsync assumes that subdomains are part of an overall domain
direct ldap doesn't, unless you set
domain_uplevel=3 in your option.dat, and recompile -
LDAP Configuration for ECC 6.0 ( ABAP Stack only)
Hi,
Can any one guide me with the steps for the LDAP Configuration for ECC 6.0 ( Abap stack only).
Some of my observations are....
I can see the LDAP Support in the Installation master at the following path.
1. Additional Software Life cycle Tasks --> Application Server --> LDAP Support.
But the prerequisites for this task is given as "You must have extended the LDAP schema for the sap data types before.".
When i am goint thru service market place i came across the following note.
Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT.
Thanks,
TanujDear All,
We are trying to configure the LDAP using with active directory . In the
step of "Synchronization of SAP User Administration with LDAP
Directory"when executing the report"RSLDAPSYNC_USER" we are facing one
error.
Please find the trace file and error screenshot in the attachment.Please help us on
priority.
Please find the Trace log in the below:
RFC destination : LDAP_LDAPSE-01
Tracelevel : 8,704
F5: Shutdown F6: Clear list F7: Dump status F8: Refresh list
[Wed Jun 26 11:15:38 2013]
Slot 0 (WIPROTECH): >>> ldap_initU(host="abg-mumabc-dc1.abgplanet.abg.com", port=389)
[Wed Jun 26 11:15:39 2013]
Slot 0 (WIPROTECH): <<< ldap_initU() == <NOT NULL> := connected
Slot 0 (WIPROTECH): >>> ldap_set_option(version=3)
Slot 0 (WIPROTECH): <<< ldap_set_option() == 0
Slot 0 (WIPROTECH): >>> ldap_simple_bind_sU(dn="poornataad", password: not initial)
[Wed Jun 26 11:15:40 2013]
Slot 0 (WIPROTECH): <<< ldap_simple_bind_sU() == 0 := success
[Wed Jun 26 11:15:43 2013]
>>>>Required attributes table
Line 0: "CREATETIMESTAMP" (length 15)
Line 1: "MODIFYTIMESTAMP" (length 15)
Line 2: "SAPUSERNAME" (length 11)
<<<<Required attributes table
Slot 0 (WIPROTECH): >>> ldap_search_sU(base="CN=poornataad,CN=Users,DN=abgplanet,DC=abg,DC=com", filter="(&(OBJECTCLASS=user)(SAPUSERNAME=*))", scope=2)
Slot 0 (WIPROTECH): <<< ldap_search_sU() == 91
>>> ldap_msgfree()
<<< ldap_msgfree()
Slot 0 (WIPROTECH): >>> ldap_unbind_s()
Slot 0 (WIPROTECH): <<< ldap_unbind_s() == 0
Please find the error screenshot in the below.
Regards,
Dilip Sampath.CH
+91-9619735957. -
Errors in LDAP configuration with Shared Services
Dear sirs,
we are getting errors in LDAP configuration with Shared Services.
Base DN is ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East
The group cn is cn=AH
In LDAP log you can see the applications is searching the group:
"ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo"
When it should be:
“ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East”
We think the problem is with space in Base DN "o=Grupo East", it is not properly considered.
Error Codes
EPMCSS-05145
Thanks in advanceHi.
Could you try to define the Base DN as :
ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo\ East
I don't know if will work fine.. but you can use special characteres using with the "\"
Good luck.
Best regards! -
Fwsm - active/standby - "Vlan configuration mismatch between peers"
Hi,
A FWSM pair fall in to active active sittuation due to a vlan configuration mismatch. What would be the best way to synchronize configurations and return to the normal active/standbay? There is a new vlan on the primary fwsm and at present both are in active state.
Thank you in advance.
ZdravkoHi,
To my understanding the FWSMs (even though both active) have identical configurations?
Have you perhaps done so that on the core switch you have only issued the "firewall vlan-group only on the primary core device (to which the FWSM is attached) and not the secondary core device?
The only time I have witnessed the same situation is when configuring a new customer link and I have only configured the primary unit (and about to configure the same on the standby unit)
Hope it helps, not sure if the above was what you meant.
- Jouni -
Please let me know LDAP Configuration in Oracle Weblogic Server 10.3.2
Hi,
Please let me know LDAP Configuration in Oracle Weblogic Server 10.3.2.Please give me the steps to configure the LDAP in weblogic 10.3.2.Hi,
You can check http://download.oracle.com/docs/cd/E15523_01/doc.1111/e14142/console.htm#i1075285 -
Error after setting up direct LDAP
Running iMS 5.2 and LDAP 4.1.6
after making the changes to set up direct LDAP lookup I started getting the following error:
4.0.0 temporary error returned by alias expansion
While making the changes to set the server back to dirsync mode I noticed that the databases:
aliasesdb.db and reversedb.db had been recreated but were significanly smaller than the originals.
After changing the imta.cnf, option.dat,job_controller.cnf and mappings files back and replacing my db files I ran a imsimta cnbuild and a full dirsync and everything functioned normal again.
Any ideas?
DonHi Roger and Jay,
I followed the instructions exactly. I have restored my backups of the config files a couple times and started over again. I did catch the error that Roger pointed out and my line read exactly like his example (with my domain of course)
This is my old mailserver. I have a new one working right now. I am trying to get the updates all working on this one before I mess up the production machine so there is no problem with it being down while I work the bugs out.
Here is a clip from the ldap access log
the last line shows an error 11 that I assume is the problem.
[14/Dec/2004:15:44:29 -0700] conn=46 op=1 SRCH base="dc=sturgeon,dc=ab,dc=ca,o=Internet" scope=0 filter="(|(objectclass=inetDomain)(objectclass=inetdomainalias))"
[14/Dec/2004:15:44:29 -0700] conn=46 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=2 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(&(objectclass=groupOfUniqueNames)(objectclass=inetMailAdministrator))"
[14/Dec/2004:15:44:29 -0700] conn=46 op=2 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=3 SRCH base="cn=Domain Administrators,ou=Groups,o=sturgeon.ab.ca,o=ab.ca" scope=0 filter="(objectclass=*)"
[14/Dec/2004:15:44:29 -0700] conn=46 op=3 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=4 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(uid=carlgren)"
[14/Dec/2004:15:44:29 -0700] conn=46 op=4 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=47 fd=54 slot=54 connection from 192.168.0.12 to 192.168.0.12
[14/Dec/2004:15:44:29 -0700] conn=47 op=0 BIND dn="uid=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca" method=128 version=3
[14/Dec/2004:15:44:29 -0700] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=5 SRCH base="cn=Service Administrators,ou=Groups,o=ab.ca" scope=0 filter="(objectclass=groupOfUniqueNames)"
[14/Dec/2004:15:44:30 -0700] conn=46 op=5 RESULT err=0 tag=101 nentries=1 etime=1
[14/Dec/2004:15:44:30 -0700] conn=46 op=6 SRCH base="uid=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca" scope=0 filter="(objectclass=*)"
[14/Dec/2004:15:44:30 -0700] conn=46 op=6 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 fd=55 slot=55 connection from 192.168.0.12 to 192.168.0.12
[14/Dec/2004:15:44:31 -0700] conn=48 op=0 BIND dn="uid=msg-admin-1,ou=People,o=sturgeon.ab.ca,o=ab.ca" method=128 version=3
[14/Dec/2004:15:44:31 -0700] conn=48 op=0 RESULT err=0 tag=97 nentries=0 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 op=1 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(|(cn=*)(ou=*))"
[14/Dec/2004:15:44:31 -0700] conn=48 op=1 RESULT err=0 tag=101 nentries=40 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 op=2 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(|(objectclass=pab)(objectclass=pabgroup))"
[14/Dec/2004:15:44:31 -0700] conn=48 op=2 RESULT err=0 tag=101 nentries=2 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 op=3 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(memberofpab=AddressBook271b6af)"
[14/Dec/2004:15:44:31 -0700] conn=48 op=3 RESULT err=0 tag=101 nentries=37 etime=0
[14/Dec/2004:15:44:42 -0700] conn=38 op=3 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(|([email protected])([email protected])([email protected]))"
[14/Dec/2004:15:44:49 -0700] conn=38 op=3 RESULT err=11 tag=101 nentries=1 etime=7 notes=U
If I put the machine back into dirsync mode then everything works fine. I must be missing something.
In the morning I'll try again.
Thanks for the help,
Don -
Optimizing Mailing Lists with Direct LDAP
Hey all,
I've noticed performance issues with iMS 5.2p1 (with iDS 5.1) with respect to direct LDAP look up's, especially for large mailing lists. Even a 28 user list takes 10 minutes, where as with MS 4.1.5 it was practaically instance. We also have a dynamic group with everyone (4000 people or so) and it simply pegs the LDAP server @100% CPU and sits there for a day. It seems that there are a ton of ways to optimize the caches and LDAP lookups. Where should I start or what should I do? What settings should I look to fix on the LDAP server, IMTA, etc. to speed things up?
Thanks!
ChrisThis was an LDAP server optimization issue. I increased the memory for both the slapd cache and the database cache. I then added indexes for all the common items search for by the IMTA. I was watching the slapd access logs and saw that the IMTA searchs for a lot of imortant items that are not indexed by default. I added indexes for:
inetUserStatus
mailUserStatus
inetMailGroupStatus
mailEquivalentAddress
mailRoutingAddress
mailMsgMaxBlocks
mailQuota
mailMsgQuota
mailProgramDeliveryInfo
mailDeliveryFileURL
maildeliveryfile
mailConversionTag
mailDeliveryOption
vacationStartDate
vacationEndDate
mailForwardingAddress
memberURL
rfc822mailmember
mailAccessDomain
mailMessageStore
preferredLanguage
mailAllowedServiceAccess
Now a message to everyone that took 24 hours and never went through takes just over a minute to get to 4000 users on my little test server. Smaller dynamic lists are even faster. General performance of message delivery is also faster, as is SMTP response from the client prespective.
Maybe you are looking for
-
What's the size of the printable area?
Hi, im trying to do some printing using the Printable interface. But inside the print method I can't find the correct dimensions for the printable area, set by the page object. Could someone provide me with a print method, which prints a rectangle wh
-
How to change to original system of an object
We have moved some sources from one system to another and now the original system in the customers objects is obviously the old system. How can I change the original system in these objects? Can anyone tell me in which tables is this info kept and if
-
Sign in to iCloud control panel
i sign in to icloud control panel using my Apple ID but it says that, cannot sign up this apple ID is valid but is not an icloud account! what can i do? Message was edited by: Xtiandimasacat
-
i bought a used iphone4s and it says that the maximum number of icloud accounts have already been registered on it and i cannot now access to it. what to do?
-
Captivate 3 in trial not working
hi im trying to install and run captivate 3 in trial mode and each time i redownload and try to start it after the setup complete .. i got 2 option enter a serial number or start it in trial mode but each time i try to start it it said that i need to