Directory Proxy Server 5.2 and MS Active Directory
Hi,
The features of DPS are exactely what I'm looking for but the Directory Servers I would like to run it against are Microsoft Active Directory Domain Controllers...
Did anyone tried this before ? Was it a success story ? ;-)
Thanks for your input.
I am very interest in this my self, since I have tried to follow the instruction at docs.sun.com and find it very poor. If you can answer the original question with some good doc would be great!!
Similar Messages
-
I have windows server 2012 R2 and install active directory
My question is I install active directory in windows server 2012 R2 and create Group Policy. ( These set-up is only for test)
Have not registered domain only install active directory to test.
So the problem is when I created Group policy for my user and put software restriction policy but its affected to my administrator accounts too, No when I open VMware (install Virtual Machine windows XP) and start os then its shows you can not user this
software as you restricted from installing software (Something like that don't know exact Error). I could not start installed Virtual Machine.
Please give me a solution for this.
This is the setup for a test use only so their not big environment connect with my pc.
Thanks in advance.
Regards,
KrunalHi,
The following article is talking about creating and managing Group Policy on a Windows Server 2012:
http://www.thomas-krenn.com/en/wiki/Creating_and_managing_a_Group_Policy_on_a_Windows_2012_Server
As Darren Blanchard mentioned, if you want to apply the GPO, you could link it to an OU that contain the computer or user.
Group Policy Overview
http://technet.microsoft.com/en-us/library/hh831791.aspx
Please feel free to let us know if you need further assistance.
Regards.
Vivian Wang -
User base Synchronization between SAP and MS Active Directory Server
Dear all!
I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
i successfully implemented the synchronization of user data between SAP and the ADS.
My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
Currently I don't have a clue how to do this.
Regards,
ChristophHave you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
Regards,
Marc g -
Does directory proxy server 6.0 support access to ds5.1SP3
Hi,
Does anyone have experience with setting up a directory proxy server 6.0 as a frontend to directory server 5.1SP3 servers ?
(where can I find a list of supported directory servers by the proxy ?)
I would like to use the proxy as part of the migration to a new data centre.
ThanksYes Directory Proxy Server 6.0 works with DS 5.1SP3.
DPS uses LDAPv3 protocol and works with most of the LDAPv3 compliant servers. It has been tested with Sun DS, Active Directory, OpenLDAP and OpenDS.
Some specific feature may require the support of the Proxied Authorization Control (RFC 3829), but that's it.
Regards,
Ludovic. -
How to install Small Business Server 2008 in an existing Active Directory domain
It is shown on this page:
http://support.microsoft.com/kb/884453, "How to install Small Business Server 2003 in an existing Active Directory domain".
Is it possible to do this with SBS2008 ?
If "YES", are there any published information about the procedure ?Yes, it is. Thank you very much.
But there is something that confuses me - I want to migrate from Win2003Std to SBS2008. And also, I want to keep the existing Win2003Std as a second DC for a long time.
But it is written in the shown article:
... After the migration is finished, you must remove the Source Server from the network within 21 days. ...
Is this rule mandatory for the scenarios where the Source Server is Std, not SBS ? As I know, I can have more than one DC(Win2003Std/Win2008Std) together with SBS2003. But what about SBS2008 ? -
Problem in installing Directory Proxy server
Hi all! Recently downloaded the trial version of sun one directory proxy server. After installing the sun one DS 5.2 . I tried to install sun one proxy server..when it asks for configuration server information i have given the admin id and password ....
but it gave me following error message
"The given Administrator Id/password combination was not accepted by the
Configuration Directory Server.
The Sun ONE configuration directory administrator is the ID typically used to
log in to the console."
I did used the same id and password to login to console & i am able to log in.
Please advice.Two quick hints.
First off, instead of hitting <Enter> to accept the default for the username [admin], type "admin" (without the quotes) as if you were giving different credentials. There's a known issue during the installation where the default text doesn't work.
Additionally, I had to change my admin password in the configuration directory to cleartext in order to get it to work. For some reason the password encryption during the bind was never successful. To do that:
dn: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
changetype: modify
replace: userPassword
userPassword: {CLEAR}password
I have no idea if this addresses the problem itself or just a symptom, but it did allow me to install DPS. You might want to give it a shot. -
Installing Sunone Directory Proxy server
Hi all! I am in the process of installing sunone directory proxy server. also in the same machine i have directory server and administration server.
For some reason directory poxy installation fails at the end.
look at the log file all i can see is
Admin Server refused to disclose its pid!
can any one had this experience or share some thoughts.
ThanksI'm Using standalone DPS installer. Here is what i see in installation log
[5] stdout> executing dps52cfgUninstall::main
[5] stdout> Retry for: /admin-serv/tasks/Operation/Restart?op=getpid
[5] stdout> Retry for: /admin-serv/tasks/Operation/Restart?op=getpid
[5] stdout> Retry for: /admin-serv/tasks/Operation/Restart?op=getpid
[5] stdout> Retry for: /admin-serv/tasks/Operation/Restart?op=getpid
[5] stdout> Retry for: /admin-serv/tasks/Operation/Restart?op=getpid
[5] stdout> Retry for: /admin-serv/tasks/Operation/Restart?op=getpid -
ODSEE 11g - DPS Directory proxy server suddenly increase load average
Hi all
Recently upgraded from directory server 5.2 to ODSEE 11g, one directory proxy configure to one master directory server and one consumer directory server.
all the three instances are in the same sparc t3 machine.
Directory proxy server alerts server load average on the machine is above 6.00 normally it is 0.66. I'm not sure what is causing the sudden burst in the load ? the traffic is normal there is no abnormal requests coming to the server. proxy performance degrades over the span of 24 hours ....and Once i restart the proxy services (dpsadm restart) all load averages comes to normal and directory proxy runs normal for the next two - three weeks. The same cycle continues ...I'm not sure what was causing the sudden load increase.
I increased the JVM heap size from 1GB to 2 GB still continue to have the problem ..did anyone else experience similar problem. How did you fix it....
Any input or advise in the right direction is much appreciated.
Thank you.server load I'm referring to "prstat command" - server load average suddenly shoot up from 0.66 to 6.00 ie) the CPU usage. Alert is from our server monitoring tool not related to directory proxy.
Clients report connections time out (etime goes from etime=0 ..2..4.....) over 24 hours i can see the etime increases and eventually the proxy server get hung and non responsive. Once I restart all the performance back to normal at-least for another two weeks.
I suspect there might be a memory leak or JVM Garbage collection issue -- any expert input how to figure this out will help.
Here is the JVM args in the proxy server "Xms2g -Xmx2g -Xmn1g -XX:SurvivorRatio=4 -XX:+UseParNewGC -XX:+UseConcMarkSweepGC"
Here is a jstat during the problem
./jstat -gcutil -t 25365 2s 30
Timestamp S0 S1 E O P YGC YGCT FGC FGCT GCT
982106.4 0.00 26.17 4.26 92.25 59.52 523 60.979 689 1002.587 1063.566
982108.4 0.00 26.17 4.40 92.25 59.52 523 60.979 689 1002.587 1063.566
982110.4 0.00 26.17 4.80 92.25 59.52 523 60.979 689 1002.587 1063.566
982112.4 0.00 26.17 5.10 92.25 59.52 523 60.979 690 1002.719 1063.698
982114.4 0.00 26.17 5.15 92.25 59.52 523 60.979 690 1002.719 1063.698
982116.4 0.00 26.17 5.32 92.25 59.52 523 60.979 691 1003.009 1063.988
982118.4 0.00 26.17 5.72 92.25 59.52 523 60.979 691 1003.009 1063.988
982120.4 0.00 26.17 5.80 92.25 59.52 523 60.979 691 1003.009 1063.988
982122.4 0.00 26.17 5.93 92.25 59.52 523 60.979 692 1003.168 1064.146
982124.4 0.00 26.17 6.03 92.25 59.52 523 60.979 692 1003.168 1064.146
982126.4 0.00 26.17 6.15 92.25 59.52 523 60.979 693 1003.481 1064.460
982128.5 0.00 26.17 6.18 92.25 59.52 523 60.979 693 1003.481 1064.460
982130.5 0.00 26.17 6.25 92.25 59.52 523 60.979 693 1003.481 1064.460
982132.5 0.00 26.17 6.29 92.25 59.52 523 60.979 694 1003.656 1064.635
982134.5 0.00 26.17 6.31 92.25 59.52 523 60.979 694 1003.656 1064.635
982136.5 0.00 26.17 6.36 92.25 59.52 523 60.979 695 1003.988 1064.967
982138.5 0.00 26.17 6.89 92.25 59.52 523 60.979 695 1003.988 1064.967
982140.5 0.00 26.17 6.99 92.25 59.52 523 60.979 695 1003.988 1064.967
982142.5 0.00 26.17 7.08 92.25 59.52 523 60.979 696 1004.187 1065.165
982144.5 0.00 26.17 7.31 92.25 59.52 523 60.979 696 1004.187 1065.165
982146.5 0.00 26.17 7.82 92.25 59.52 523 60.979 697 1004.553 1065.531
982148.5 0.00 26.17 7.92 92.25 59.52 523 60.979 697 1004.553 1065.531
982150.5 0.00 26.17 8.01 92.25 59.52 523 60.979 697 1004.553 1065.531
982152.5 0.00 26.17 8.17 92.25 59.52 523 60.979 698 1004.786 1065.764
982154.5 0.00 26.17 8.26 92.25 59.52 523 60.979 698 1004.786 1065.764
982156.5 0.00 26.17 8.38 92.25 59.52 523 60.979 699 1005.174 1066.153
982158.5 0.00 26.17 8.74 92.25 59.52 523 60.979 699 1005.174 1066.153
982160.5 0.00 26.17 8.88 92.25 59.52 523 60.979 699 1005.174 1066.153
982162.5 0.00 26.17 8.96 92.25 59.52 523 60.979 700 1005.433 1066.412
982164.5 0.00 26.17 9.09 92.25 59.52 523 60.979 700 1005.433 1066.412
jstat after the restart
./jstat -gcutil -t 10084 2s 30
Timestamp S0 S1 E O P YGC YGCT FGC FGCT GCT
40312.6 0.00 25.13 88.49 1.98 63.68 21 2.366 0 0.000 2.366
40314.6 0.00 25.13 88.58 1.98 63.68 21 2.366 0 0.000 2.366
40316.6 0.00 25.13 88.71 1.98 63.68 21 2.366 0 0.000 2.366
40318.6 0.00 25.13 88.99 1.98 63.68 21 2.366 0 0.000 2.366
40320.6 0.00 25.13 89.31 1.98 63.68 21 2.366 0 0.000 2.366
40322.6 0.00 25.13 89.36 1.98 63.68 21 2.366 0 0.000 2.366
40324.6 0.00 25.13 89.42 1.98 63.68 21 2.366 0 0.000 2.366
40326.6 0.00 25.13 89.53 1.98 63.68 21 2.366 0 0.000 2.366
40328.6 0.00 25.13 89.60 1.98 63.68 21 2.366 0 0.000 2.366
40330.6 0.00 25.13 89.72 1.98 63.68 21 2.366 0 0.000 2.366
40332.6 0.00 25.13 90.11 1.98 63.68 21 2.366 0 0.000 2.366
40334.6 0.00 25.13 90.56 1.98 63.68 21 2.366 0 0.000 2.366
40336.6 0.00 25.13 90.67 1.98 63.68 21 2.366 0 0.000 2.366
40338.6 0.00 25.13 90.75 1.98 63.68 21 2.366 0 0.000 2.366
40340.6 0.00 25.13 91.09 1.98 63.68 21 2.366 0 0.000 2.366
40342.6 0.00 25.13 91.36 1.98 63.68 21 2.366 0 0.000 2.366
40344.6 0.00 25.13 91.47 1.98 63.68 21 2.366 0 0.000 2.366
40346.6 0.00 25.13 91.53 1.98 63.68 21 2.366 0 0.000 2.366
40348.7 0.00 25.13 91.64 1.98 63.68 21 2.366 0 0.000 2.366
40350.7 0.00 25.13 91.77 1.98 63.68 21 2.366 0 0.000 2.366
40352.7 0.00 25.13 91.87 1.98 63.68 21 2.366 0 0.000 2.366
40354.7 0.00 25.13 91.95 1.98 63.68 21 2.366 0 0.000 2.366
40356.7 0.00 25.13 92.11 1.98 63.68 21 2.366 0 0.000 2.366
40358.7 0.00 25.13 92.19 1.98 63.68 21 2.366 0 0.000 2.366
40360.7 0.00 25.13 92.24 1.98 63.68 21 2.366 0 0.000 2.366
40362.7 0.00 25.13 92.85 1.98 63.68 21 2.366 0 0.000 2.366
40364.7 0.00 25.13 93.19 1.98 63.68 21 2.366 0 0.000 2.366
40366.7 0.00 25.13 93.40 1.98 63.68 21 2.366 0 0.000 2.366
40368.7 0.00 25.13 93.44 1.98 63.68 21 2.366 0 0.000 2.366
40370.7 0.00 25.13 93.47 1.98 63.68 21 2.366 0 0.000 2.366
Any one else had similar behavior. Any input to the right direction is highly appreciated.
Thanks. -
Question on Sun Directory Proxy Server 5.2.4
Hello Guys,
Is it a good idea to have DPS and DS on the same server? Did anyone run into any issues? We have four Sun DS servers four-way master replicated on Windows 2003 std. We are in the process of evaluating Sun Directory Proxy server to resolve single point of failure between our custom apps and LDAP servers. I would appreciate any insights on Sun DPS implementation on Windows 2003 Std.
ThanksWhile it might not be too good an idea (you essentially want the DPS for load balancing AND failover, right? So why risk putting it on the same machine ;) ), it does work.
I recently implemented DPS on Solaris, and things generally work fine. (The command line interface isn't too reliable though). If you are thinking of routing all your traffic over SSL (ie, Client---ssl--->DPS---ssl--->DS), make sure you apply the latest patch available for the DPS. The dps524.jar that comes with the default installer isn't what it used to be (JES 2005Q4), and will give you issues when configuring SSL for DPS. Apart from that, things are more or less a breeze. -
Directory Proxy Server Public API
Where to find Directory Proxy Server (6 or 7) public API?
Thank youWell, DPS is mainly a LDAP proxy, so upon reception of a bind, it will forward it to a LDAP directory server that would compare the credentials with the standard userPassword attribute.
DPS can be also used OOTB as a Virtual Directory to provide a LDAP view of non-LDAP data, e.g a SQL database: In that case, DPS implements natively the bind operation, that is, it retrieve the user password from the SQL db, then compare
it with the credentials provided by the client. In that case, the user password can be retrieved from any SQL column.
So to achieve this with a LDAP backend, a DPS bind plugin would have to get the user password from the target LDAP entry and do the comparison. A secured channel between DPS and the backend would be required to exchange such sensitive pieces of information. Technically, this would work only if you plan to use LDAP for authentication only (bind only), because the backend LDAP directory server would not consider user entries w/o userPassword attribute as regular accounts (with associated access rights).
Could you explain where you requirement comes from?
Thanks
-Sylvain -
Integration of sap R/3 (4.7) and Microsoft active directory (2003)
Hi All,
I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
Pls help me with this issue.
Thanks in advance,
Regards,
Raghav.Hi,
First You should read:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
Regards,
Jarek -
I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.
You problem is here.
right
join v_R_User USR on USR.ResourceID
= CS.ResourceID
USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
end up with unreliable results.
Anyways you need to make these changes to your query.
left
join v_R_User USR on USR.Unique_User_Name0
= CS.UserName0
http://www.enhansoft.com/ -
OID and MS Active Directory LDAP information Synchronization
Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?
Hi, I have the same question.
Thanks,
Malin -
Tuning directory proxy server parameters
I need help to tune following parameters of Directory proxy server 5.2patch4.
simultaneous operations per connection
Total operations per connection
Simultaneous connections to this group
simultaneous connections per ip address.
Before tuning these parameters, I wanted to know how can I find current usage of above parameters from directory server/directory proxy server. Right now there is no value set for these parameters.
Is there any tool/command line utility or any other way to find current usage of these parameters?
Any help will be appreciated. Thanks in advance.
Thanks
-AshokI think the default is unlimited. You can use these
params to tune your server.Thanks for response.
How do I know the baseline to set these parameters? What tool/utility can I use on Proxy server/Directory server in order to find the baseline for these parameters.
To make it more clear, how can I find from proxy server/DS server that how many currently simultaneous operations per connection are going on..
how many total operations per connection are running..
how many simultaneous connections to this group are running.
how may simutaneous connections per ip address are running.
Please let me know if you need further info.
Thanks again. -
Issue with binary attribute types through Directory Proxy Server 6.3.1
I'm having problems with DPS 6.3.1.1 on Solaris 10 with binary attribute types. From most LDAP servers, requesting an attribute such as userCertificate would return userCertificate;binary without any issues. However, DPS seems to consider these two separate attributes. In order to see userCertificate;binary, I have to ask for it in that exact format. This obviously is causing trouble for many clients as they shouldn't care about the binary type as it's the same attribute.
I've tried to correct this with a virtual data transformation (dpconf add-virtual-transformation 'PKI Tree' read add-attr-value userCertificate \${userCertificate\;binary}) but the end results are the same. Any ideas on how I can correct this one?
Thanks in advance.Here is some complementary information:
system (uname -a):
SunOS xxx 5.10 Generic_142900-13 sun4u sparc SUNW,Sun-Fire-V440
since patch 118666-26: update java 1.5.0 update 24
we are experiencing the follwing problem:
xxx$ ./dpadm start /opt/ldap/instances/mail/
The Directory Proxy Server instance '/opt/ldap/instances/mail' failed to start after the waiting period.
The Directory Proxy Server instance start has produced the following error output:
Exception in thread "main" java.lang.NoSuchFieldError: strm
at java.util.zip.Inflater.initIDs(Native Method)
at java.util.zip.Inflater.<clinit>(Inflater.java:60)
at java.util.zip.ZipFile.getInflater(ZipFile.java:375)
at java.util.zip.ZipFile.getInputStream(ZipFile.java:320)
at java.util.zip.ZipFile.getInputStream(ZipFile.java:286)
at java.util.jar.JarFile.hasClassPathAttribute(JarFile.java:469)
at java.util.jar.JavaUtilJarAccessImpl.jarFileHasClassPathAttribute(JavaUtilJarAccessImpl.java:21)
at sun.misc.URLClassPath$JarLoader.getClassPath(URLClassPath.java:809)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:293)
at sun.misc.URLClassPath.getResource(URLClassPath.java:160)
at java.net.URLClassLoader$1.run(URLClassLoader.java:192)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:300)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
The Directory Proxy Server instance '/opt/ldap/instances/mail' is not running.
We have tried to install patch 118666-27 (not recommended, but already available) which includes jdk 1.5.0 update 25 -> same problem
When returning to jdk 1.5.0 update 20 the directory proxy server starts as normal
Maybe you are looking for
-
after i put my ipad in discover mode from being disabled, i cannot tranfer app from my itunes .i keeps saying computer not authorized. is there something i have to sign to on my ipad after discover mode?
-
Some {@link} tags do not seem to generate hyperlinks
Hi, I am having some trouble getting some {@link} tags to generate hyperlinks. Specifically, {@link} tags to methods in classes in other packages. I've tried specifying the method arguments, including the fully qualified argument types, but I cannot
-
MS-ACCESS from Unix system..
Hi, I have a MS-Access database on Windows 2000 server. I need to write a java program running on a Unix system (AIX, Solaris or Linux) that accesses the database on the windows 2000 server. I can make it work on windows box using JDBC-ODBC bridge. H
-
Map pExtraParameters issue in calculators
HI Guys I have extended ConfigurableItemPriceCalculator class and i overrided this method i have one doubt in this method public void priceItem(ItemPriceInfo pPriceQuote, CommerceItem pItem, RepositoryItem pPricingModel, Locale pLocale, RepositoryI
-
Please someone can u tell me how to delete movies
I can't delete a movie i put on my ipod and ive gone through the manual and stuff and i cant get it off on the options-video-and delete movie.