Directory Server 6.2 - Possible Database Corruption

We have become aware of a bug in Directory Server 6.2 only that could cause database corruption. We have a hotfix for this issue, and if you are running Directory Server 6.2 and run into this problem then you should contact Sun Support and ask for the fix for the following bug
6642430: DB corruption (zero’d pages) when performing db2ldif against large 20GB ldif file.
The sunsolve record for this bug can be found at [http://sunsolve.sun.com/search/document.do?assetkey=1-1-6642430-1].
NOTE: This issue does not affect Directory Server 6.0 or 6.1 release so you only need this fix if you are running Directory Server 6.2.
After you have the hotfix for this issue on Directory Server 6.2 and have applied the hotfix, then you will have to re-initialize the database from an LDIF backup to fully correct the corruption issue. Simply applying the hotfix will not fix the database if the database is already corrupted. Database corruption can be present though not detected with data in binary formats. You must therefore rebuild the database by importing an LDIF backup.
Directory Server Enterprise Edition 6.2 is no longer available for download and Directory Server Enterprise Edition 6.3, which includes a fix for this issue, will be available for download early April. When upgrading to Directory Server 6.3 from 6.2 (not needed if you are on 6.0 or 6.1), make sure you export the database (db2ldif) prior to the upgrade and then re-import the database after the upgrade to fully re-initialize the database and to ensure that no corruption issues remain.
Recommended patch or upgrade procedures:
<ol><li>     Shut down each directory server instance, as described in [Starting, Stopping, and Restarting a Directory Server Instance|http://docs.sun.com/app/docs/doc/820-2491/6ne3dhd8u?a=view#bcaan].
</li>
<li>     Perform an LDIF export of the database, as described in [Backing Up to LDIF|http://docs.sun.com/app/docs/doc/820-2491/6ne3dhdio?a=view#ganwh].
</li>
<li>     Install the [hotfix for bug 6642430|http://sunsolve.sun.com/search/document.do?assetkey=1-1-6642430-1] on Directory Server 6.2, or upgrade your Directory Server 6.2 instance to Directory Server 6.3 once Directory Server 6.3 is available for download (early April). You will need to login to Sunsolve in order to
     see this bug description.
</li>
<li>     Re-initialize the database from the LDIF exported in step 2, as described in [Importing Data From an LDIF File|http://docs.sun.com/app/docs/doc/820-2491/6ne3dhdj4?a=view#ganwc].
     If you are running replicated instances of Directory Server, make sure you read [Restoring Replicated Suffixes|http://docs.sun.com/app/docs/doc/820-2491/6ne3dhdjc?a=view#bcajf] as well.
</li>
</ol>
Edited by: KevinLeMay on Mar 28, 2008 4:48 AM

The entry was not imported most likely because it's parent isn't in the database yet. Are entries above this in another backend ? If so try importing that backend first. Also, that dn is so long, that it exhausted the buffer which is used to write messages in the access log. This is why, there's nothing after "which".
What is the exact reason why a export and import is necessary? Or is it only necessary if
the database is already corrupt? Is there a way to check that?The database corruption could be silent. So a binary backup/restore when going from 6.2 to 6.3 is not recommended and the LDIF route must be used.

Similar Messages

  • Moved to Server 2012 getting Access Database Corruption

    We moved our company file shares to a new Windows 2012 server and are now having issues with Access databases becoming corrupted when accessed by multiple clients at the same time.  Does anyone have any ideas on what could be causing this?  We
    were not having any issues with this on the 2008 or 2003 servers these were on previously.

    We migrated from a Windows 2008 file server cluster with four nodes to a Windows 2012 R2 file cluster with two nodes. 
    After the migration to the new file server cluster our customers running Windows 7 SP1 started reporting Access Database corruption and slow file access. 
    However, if the SAME Access Database file was hosted on a Windows 2012 R2 file server NOT in a cluster there was no corruption. 
    I will not bore you with all the tests we ran while trying to determine the cause but here is what we did to fix the issue.
     The solution was provided via an open case with Microsoft.
    1. Create the following registry entries on all Windows 2012 R2 Servers in the new file server CLUSTER and reboot.
    Key:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
    Value:  DisableLeasing
    Type:  DWORD
    Data:  0x1

  • Directory Server SMF tripping over itself (crosspost)

    I've posted this question in the SMF related forum too, so if replies could go there, that would be handy: [http://forums.sun.com/thread.jspa?messageID=10940406]
    We have a working instance of DSEE6.3.1 under Solaris 10 managed via SMF (using the manifest generated by dsadm/dscfg -- I forget which).
    # svcs -a | grep ldap-user
    online         10:47:08 svc:/application/sun/ds:ds--data-ldap-user-instanceAfter a forced shutdown, DSEE starts up and does a self-recovery (as it should). When that's complete, the slapd process is running and the startup script exits with status 221 (ie. Not 0) -- however slapd is running.
    SMF notices that it's !0 and tries to restart DSEE... by issuing another start. This second start then exits almost immediately saying "slapd already running" but this time exits with 0 -- are we ok? No... cos SMF then notices that all the processes it just started have gone away so it calls "stop" followed by another "start".
    This is where it gets a bit hazy as it looks like DSEE never shut down cleanly again so the whole process repeats itself ad infinitum (although I suspect that's a separate issue). :-(
    I guess what I'm asking is -- is there a way to stop SMF from doing that: perhaps treat exit=221 as non-fatal and perform a service check?
    Log file below:
    [ Feb 26 21:40:42 Enabled. ]
    [ Feb 26 21:40:50 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
    Failed to start Directory Server instance '/data/ldap/user/instance'
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Directory Server instance '/data/ldap/user/instance' has detected a disorderly shutdown or a change in cache
    size
    Recovery phase is starting, this may take a while...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    ns-slapd wrote the following lines in the error log (/data/ldap/user/instance/logs/errors):
    ##[26/Feb/2010:22:00:07 +0000] - Sun-Java(tm)-System-Directory/6.3.1 B2008.1121.0156 (64-bit) starting up
    ##[26/Feb/2010:22:00:09 +0000] - WARNING<20488> - Backend Database - conn=-1 op=-1 msgId=-1 -  Detected Diso
    rderly Shutdown last time Directory Server was running, recovering database.
    ##[26/Feb/2010:22:01:38 +0000] - Database recovery is 0% complete.
    ##[26/Feb/2010:22:01:51 +0000] - Database recovery is 100% complete.
    ##[26/Feb/2010:22:01:59 +0000] - WARNING<20805> - Backend Database - conn=-1 op=0 msgId=-1 -  search is not
    indexed base='cn=changelog' filter='(replicationcsn>=4b87f656000000000000)' scope='sub'
    [ Feb 26 22:02:17 Method "start" exited with status 221 ]
    [ Feb 26 22:02:17 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
    Directory Server instance '/data/ldap/user/instance' is already running (pid: 352)
    [ Feb 26 22:02:18 Method "start" exited with status 0 ]
    [ Feb 26 22:02:18 Stopping because all processes in service exited. ]
    [ Feb 26 22:02:18 Executing stop method ("/opt/SUNWdsee/ds6/bin/dsadm stop --exec /data/ldap/user/instance")
    Directory Server instance '/data/ldap/user/instance' stopped
    [ Feb 26 22:02:20 Method "stop" exited with status 0 ]
    [ Feb 26 22:02:20 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
    Failed to start Directory Server instance '/data/ldap/user/instance'
    .......................... repeat ........................

    Well, one way around it is to write your own start script and manage the exit codes yourself.
    I have some doubts about the autorestart configuration of DS, especially in a case like this where the server seems to be crashing. Realistically, you can end up worse off if your server has crashed by automatically restarting it. Your data may be corrupt, and the process may eventually stay up (especially if you work around the current issue), but the DS is not really healthy and it does need an administrator to investigate what's wrong with it. It may also return inconsistent or simply bad data to clients. All in all, I would prefer an instance in such a state to stay down and trigger alarms, assuming it has failover peers that can take on its workload.

  • Directory Server SMF tripping over itself

    We have a working instance of DSEE6.3.1 under Solaris 10 managed via SMF (using the manifest generated by dsadm/dscfg -- I forget which).
    # svcs -a | grep ldap-user
    online         10:47:08 svc:/application/sun/ds:ds--data-ldap-user-instanceAfter a forced shutdown, DSEE starts up and does a self-recovery (as it should). When that's complete, the slapd process is running and the startup script exits with status 221 (ie. Not 0) -- however slapd is running.
    SMF notices that it's !0 and tries to restart DSEE... by issuing another start. This second start then exits almost immediately saying "slapd already running" but this time exits with 0 -- are we ok? No... cos SMF then notices that all the processes it just started have gone away so it calls "stop" followed by another "start".
    This is where it gets a bit hazy as it looks like DSEE never shut down cleanly again so the whole process repeats itself ad infinitum (although I suspect that's a separate issue). :-(
    I guess what I'm asking is -- is there a way to stop SMF from doing that: perhaps treat exit=221 as non-fatal and perform a service check?
    Log file below:
    [ Feb 26 21:40:42 Enabled. ]
    [ Feb 26 21:40:50 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
    Failed to start Directory Server instance '/data/ldap/user/instance'
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Directory Server instance '/data/ldap/user/instance' has detected a disorderly shutdown or a change in cache
    size
    Recovery phase is starting, this may take a while...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    Waiting for Directory Server instance '/data/ldap/user/instance' to start...
    ns-slapd wrote the following lines in the error log (/data/ldap/user/instance/logs/errors):
    ##[26/Feb/2010:22:00:07 +0000] - Sun-Java(tm)-System-Directory/6.3.1 B2008.1121.0156 (64-bit) starting up
    ##[26/Feb/2010:22:00:09 +0000] - WARNING<20488> - Backend Database - conn=-1 op=-1 msgId=-1 -  Detected Diso
    rderly Shutdown last time Directory Server was running, recovering database.
    ##[26/Feb/2010:22:01:38 +0000] - Database recovery is 0% complete.
    ##[26/Feb/2010:22:01:51 +0000] - Database recovery is 100% complete.
    ##[26/Feb/2010:22:01:59 +0000] - WARNING<20805> - Backend Database - conn=-1 op=0 msgId=-1 -  search is not
    indexed base='cn=changelog' filter='(replicationcsn>=4b87f656000000000000)' scope='sub'
    [ Feb 26 22:02:17 Method "start" exited with status 221 ]
    [ Feb 26 22:02:17 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
    Directory Server instance '/data/ldap/user/instance' is already running (pid: 352)
    [ Feb 26 22:02:18 Method "start" exited with status 0 ]
    [ Feb 26 22:02:18 Stopping because all processes in service exited. ]
    [ Feb 26 22:02:18 Executing stop method ("/opt/SUNWdsee/ds6/bin/dsadm stop --exec /data/ldap/user/instance")
    Directory Server instance '/data/ldap/user/instance' stopped
    [ Feb 26 22:02:20 Method "stop" exited with status 0 ]
    [ Feb 26 22:02:20 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
    Failed to start Directory Server instance '/data/ldap/user/instance'
    .......................... repeat ........................

    Well, one way around it is to write your own start script and manage the exit codes yourself.
    I have some doubts about the autorestart configuration of DS, especially in a case like this where the server seems to be crashing. Realistically, you can end up worse off if your server has crashed by automatically restarting it. Your data may be corrupt, and the process may eventually stay up (especially if you work around the current issue), but the DS is not really healthy and it does need an administrator to investigate what's wrong with it. It may also return inconsistent or simply bad data to clients. All in all, I would prefer an instance in such a state to stay down and trigger alarms, assuming it has failover peers that can take on its workload.

  • SMTP requests cause the directory server to allocate all processor resource

    Using JES 2005Q1.
    The problem started when adding mass number of users. When running the commadmin for a long time, the system will hang. We tuned the directory server by increasing the database, initialization and entry cache. I changed many other parameters to tune parameters. It was worthless.
    I shifted to ldif and used ldapmodify to create those users.
    The users were created successfully. But when the smtp traffic was directed to the server, the nslapd process will allocate 95% of the CPU in 5 minutes.
    The problem is in the way the directory server is searched when it accepts an smtp request.
    Knowing that the server is currently used only for Messaging Server, any suggestions on how to improve the performance of the directory?
    Thanks in advance.

    The "lookthroughlimit" is set to -1.
    I sent from a local user on the server to the same user and the log was this :
    "[04/Oct/2005:10:26:02 -0300] conn=1407 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:02 -0300] conn=1406 op=-1 msgId=-1 - closing - T1
    [04/Oct/2005:10:26:02 -0300] conn=1406 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:26:02 -0300] conn=1407 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
    [04/Oct/2005:10:26:02 -0300] conn=1407 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
    [04/Oct/2005:10:26:02 -0300] conn=1407 op=1 msgId=2 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=marmara.terra.net.lb)(sunPreferredDomain=marmara.terra.net.lb)))" attrs=ALL
    [04/Oct/2005:10:26:02 -0300] conn=1408 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:02 -0300] conn=1408 op=0 msgId=141 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:26:02 -0300] conn=1408 op=0 msgId=141 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:26:02 -0300] conn=1407 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
    [04/Oct/2005:10:26:16 -0300] conn=1407 op=2 msgId=3 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=terra.net.lb)(sunPreferredDomain=terra.net.lb)))" attrs=ALL
    [04/Oct/2005:10:26:16 -0300] conn=1407 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:16 -0300] conn=1407 op=3 msgId=4 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(&(uid=dede1)(objectClass=inetmailuser))" attrs="uid inetUserStatus mailUserStatus mailAllowedServiceAccess inetsubscriberstatus inetauthorizedservices nsmsgDisallowAccess mailAccessDomain mailHost mailMessageStore preferredLanguage mail mailQuota mailMsgQuota aclGroupAddr pabURI maxPabEntries preferredLocale"
    [04/Oct/2005:10:26:16 -0300] conn=1407 op=3 msgId=4 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:16 -0300] conn=1409 op=-1 msgId=-1 - fd=41 slot=41 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:16 -0300] conn=1409 op=0 msgId=1 - BIND dn="uid=dede1,ou=People,o=terra.net.lb,o=isp" method=128 version=3
    [04/Oct/2005:10:26:16 -0300] conn=1409 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=dede1,ou=people,o=terra.net.lb,o=isp"
    [04/Oct/2005:10:26:17 -0300] conn=1407 op=4 msgId=5 - SRCH base="uid=dede1,ou=people,o=terra.net.lb,o=isp" scope=0 filter="(objectClass=*)" attrs="cn cn;lang-en givenName givenName;lang-en mail mailAlternateAddress mailAutoReplyMode mailAutoReplySubject mailAutoReplySubject;lang-en mailAutoReplyText mailAutoReplyText;lang-en mailAutoReplyTextInternal mailAutoReplyTextInternal;lang-en mailAutoReplyTimeout mailDeliveryOption mailForwardingAddress mailQuota mailMsgQuota preferredLanguage sn sn;lang-en uid vacationEndDate vacationStartDate mailHost mailSieveRuleSource sunUCDateFormat sunUCDateDelimiter sunUCTimeFormat nswmExtendedUserPrefs"
    [04/Oct/2005:10:26:17 -0300] conn=1407 op=4 msgId=5 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=-1 msgId=-1 - fd=42 slot=42 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=1 msgId=2 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(|(cn=*)(ou=*))" attrs=ALL
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=1 msgId=2 - RESULT err=0 tag=101 nentries=2 etime=0
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=2 msgId=3 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(|(objectClass=pab)(objectClass=pabgroup))" attrs=ALL
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=3 msgId=4 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(memberOfPAB=AddressBookabbe53c)" attrs="un cn sn givenName mail description telephoneNumber homePhone memberOfPAB memberOfPABGroup objectClass"
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=3 msgId=4 - RESULT err=0 tag=101 nentries=0 etime=0
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=-1 msgId=-1 - fd=49 slot=49 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=1 msgId=2 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=terra.net.lb)(sunPreferredDomain=terra.net.lb)))" attrs=ALL
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=2 msgId=3 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(|([email protected])([email protected])([email protected]))" attrs="preferredLanguage mail mailEquivalentAddress"
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=3 msgId=4 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(|([email protected])([email protected])([email protected]))" attrs="objectClass inetUserStatus mailUserStatus inetMailGroupStatus uid preferredLanguage mailRoutingAddress mailDeliveryOption mail mailAlternateAddress mailEquivalentAddress vacationStartDate vacationEndDate mailConversionTag mailMsgMaxBlocks mailHost mailQuota mailMsgQuota mailProgramDeliveryInfo mailDeliveryFileURL maildeliveryfile mailAutoReplyMode mailAutoReplySubject mailAutoReplyText mailAutoReplyTextInternal mailAutoReplyTimeout mailSieveRuleSource mailForwardingAddress mailDeferProcessing mgrpMsgRejectAction mgrprejecttext mgrpMsgRejectText mgrpBroadcasterPolicy mgrpDisallowedBroadcaster mgrpAllowedBroadcaster mgrpDisallowedDomain mgrpAllowedDomain mgrpMsgMaxsize mgrpAuthPassword mgrpModerator mgrpDeliverTo memberURL uniqueMember mgrpRFC822MailMember rfc822mailmember mgrpErrorsTo mgrpAddHeader mgrpRemoveHeader mgrpMsgPrefixText mgrpMsgSuffixText mgmanMemberVisibility expandable"
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=3 msgId=4 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=4 msgId=5 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=ims-ms-daemon)(sunPreferredDomain=ims-ms-daemon)))" attrs=ALL
    [04/Oct/2005:10:26:48 -0300] conn=1411 op=4 msgId=5 - RESULT err=0 tag=101 nentries=0 etime=1
    [04/Oct/2005:10:26:48 -0300] conn=1412 op=-1 msgId=-1 - fd=50 slot=50 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:48 -0300] conn=1412 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
    [04/Oct/2005:10:26:48 -0300] conn=1412 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:26:48 -0300] conn=1412 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    [04/Oct/2005:10:26:48 -0300] conn=1412 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:32:56 -0300] conn=1415 op=-1 msgId=-1 - closing - T1
    [04/Oct/2005:10:32:56 -0300] conn=1415 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=0 msgId=1 - BIND dn="cn=admin-serv-marmara, cn=Administration Server, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=3
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=1 msgId=2 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=1 msgId=2 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=2 msgId=3 - UNBIND
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=2 msgId=-1 - closing - U1
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=1 msgId=2 - SRCH base="cn=statusping,cn=operation,cn=tasks,cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=0 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=2 msgId=3 - SRCH base="cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=2 msgId=3 - RESULT err=0 tag=101 nentries=22 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=3 msgId=4 - SRCH base="cn=slapd-marmara,cn=sun one directory server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=3 msgId=4 - RESULT err=0 tag=101 nentries=9 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=4 msgId=5 - SRCH base="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=4 msgId=5 - RESULT err=0 tag=101 nentries=16 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=5 msgId=6 - SRCH base="cn=sun one directory server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=5 msgId=6 - RESULT err=0 tag=101 nentries=13 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=6 msgId=7 - SRCH base="cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=6 msgId=7 - RESULT err=0 tag=101 nentries=22 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=7 msgId=8 - SRCH base="cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=7 msgId=8 - RESULT err=0 tag=101 nentries=17 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=8 msgId=9 - UNBIND
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=8 msgId=-1 - closing - U1
    [04/Oct/2005:10:32:57 -0300] conn=1419 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:33:02 -0300] conn=1420 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:33:02 -0300] conn=1420 op=0 msgId=143 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:33:02 -0300] conn=1420 op=0 msgId=143 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:35:00 -0300] conn=1420 op=-1 msgId=-1 - closing - T1
    [04/Oct/2005:10:35:00 -0300] conn=1420 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=2 msgId=3 - UNBIND
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=2 msgId=-1 - closing - U1
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - closing - B1
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:35:02 -0300] conn=1423 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:35:02 -0300] conn=1423 op=0 msgId=144 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:35:02 -0300] conn=1423 op=0 msgId=144 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 127.0.0.1 to 127.0.0.1
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=1 msgId=3 - UNBIND
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=1 msgId=-1 - closing - U1
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.21 to 212.98.130.20
    [04/Oct/2005:10:37:05 -0300] conn=1423 op=-1 msgId=-1 - closing - T1
    [04/Oct/2005:10:37:05 -0300] conn=1423 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=coral.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.21 to 212.98.130.20
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=coral.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=2 msgId=3 - UNBIND
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=2 msgId=-1 - closing - U1
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - closing - B1
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:37:17 -0300] conn=1427 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:37:17 -0300] conn=1427 op=0 msgId=145 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:37:17 -0300] conn=1427 op=0 msgId=145 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    This log was generated when the message was sent and recieved.
    Thanks for the help.

  • Are there any known issues concerning using DIGEST-MD5 SASL authentication with iPlanet Directory Server 5.0 on Windows NT 4.0?

    I am developing support for the DIGEST-MD5 sasl mechnism on a c-ldap client. I am using the evaluation version of the iPlanet Directory Server 5.0 which lists DIGEST-MD5 as a supported SASL mechanism. The server is running on NT 4.0 After installing the Directory Server with the test database, a changed the passwordStorageScheme from the default of SSHA to clear text. I then added my test user. When I run my test I always get back a resultCode of 49 (invalidCredentials). The digest-challenge I receive from the server and my digest-response are shown below. I have satisfied myself that the calculation of the response directive in the digest response is correct. Does anyone see any problems in the digest response or have any other suggestions? Is there a known problem with the iPlanet Directory Server 5.0?
    digest-challenge:
    realm="BGB2.ndp.provo.novell.com",nonce="Ed8UPLXsWaC6CN",qop="auth",algorithm=md5-sess,charset=utf-8
    digest-response:
    username="uid=bgbrown,ou=people,dc=siroe,dc=com",realm="BGB2.ndp.provo.novell.com",cnonce="A9IuPJKr30RiwL",nc=00000001,qop=auth,digest-uri="ldap/BGB2.ndp.provo.novell.com",response=97061205298e5ebaf206c8ac3598fdce,charset=utf-8,nonce="Ed8UPLXsWaC6CN"

    Found the answer. When the username is an LDAP DN it needs to be proceeded by "dn:".
    example: username="dn:uid=bgbrown,ou=people,dc=siroe,dc=com"
    The server also accepts a simple uid value.
    example: username="bgbrown"

  • Create a Different instance with Separte amserver,psconsole,directory serve

    Hi
    I have created different instance in same node using webserver 7.0(Sun Java Sytem portal Server 7.1 Update 2). i want to know about how to create different instance each instance have separate acessmanager, psconsole and directory server, is it possible?? i am using sun java sytem portal server 7.1 update 2.
    Can you any one please tell me the further steps..
    Cheers..
    Sekar M

    This is possible but not easy to explain in a few lines on a forum. You may want to consider using Solaris 10 zones instead and just put each stack into a separate zone.

  • Cannnot start  Directory Server

    We cannot start the service currently.
    Please see the error below.
    =================
    [16:16:22] root@ecditnp03-1[!]# ./dsadm start /opt/app/sun/DS-ecditnp03-1/
    svcadm: Instance "svc:/application/sun/ds:ds--opt-app-sun-DS-ecditnp03-1" is in maintenance state.
    [16:16:22] root@ecditnp03-1[!]# svcs -a |grep DS
    maintenance 16:19:24 svc:/application/sun/ds:ds--opt-app-sun-DS-ecditnp03-1
    [16:18:48] root@ecditnp03-1[!]# cd /opt/app/sun/DS-ecditnp03-1/logs/
    [16:18:48] root@ecditnp03-1[!]# tail -f errors
    [03/Apr/2009:15:38:20 +0200] - DEBUG - conn=-1 op=-1 msgId=-1 - libdb: unable to join the environment
    [03/Apr/2009:15:39:50 +0200] - Sun-Java(tm)-System-Directory/6.3 B2008.0311.0058 (64-bit) starting up
    [03/Apr/2009:15:39:51 +0200] - WARNING<20488> - Backend Database - conn=-1 op=-1 msgId=-1 - Detected Disorderly Shutdown last time Directory Server was running, recovering database.
    [03/Apr/2009:15:40:09 +0200] - DEBUG - conn=-1 op=-1 msgId=-1 - libdb: unable to join the environment
    [03/Apr/2009:15:43:40 +0200] - Sun-Java(tm)-System-Directory/6.3 B2008.0311.0058 (64-bit) starting up
    [03/Apr/2009:15:43:41 +0200] - WARNING<20488> - Backend Database - conn=-1 op=-1 msgId=-1 - Detected Disorderly Shutdown last time Directory Server was running, recovering database.
    [03/Apr/2009:15:43:59 +0200] - DEBUG - conn=-1 op=-1 msgId=-1 - libdb: unable to join the environment
    [16:02:16] root@ecditnp03-1[!]# tail /var/svc/log/application-sun-ds:ds--opt-app-sun-DS-ecditnp03-1.log
    [ Apr  3 15:39:47 Enabled. ]
    [ Apr  3 15:39:47 Executing start method ("/opt/app/sun/ds6/bin/dsadm start --exec /opt/app/sun/DS-ecditnp03-1") ]
    [ Apr  3 15:40:48 Method or service exit timed out.  Killing contract 402367 ]
    [ Apr  3 15:40:48 Method "start" failed due to signal KILL ]
    [ Apr  3 15:43:31 Leaving maintenance because disable requested. ]
    [ Apr  3 15:43:31 Disabled. ]
    [ Apr  3 15:43:37 Enabled. ]
    [ Apr  3 15:43:37 Executing start method ("/opt/app/sun/ds6/bin/dsadm start --exec /opt/app/sun/DS-ecditnp03-1") ]
    [ Apr  3 15:44:37 Method or service exit timed out.  Killing contract 402404 ]
    [ Apr  3 15:44:37 Method "start" failed due to signal KILL ]
    ======================

    yes,we tried clear,but failed.Please see the message log below.
    ==========
    Apr 3 15:33:01 ecditnp03-1 svc.startd[2292]: [ID 636263 daemon.warning] svc:/application/sun/ds:ds--opt-app-sun-DS-ecditnp03-1: Method "/opt/app/sun/ds6/bin/dsadm start --exec /opt/app/sun/DS-ecditnp03-1" failed due to signal KILL.
    Apr 3 15:33:01 ecditnp03-1 svc.startd[2292]: [ID 748625 daemon.error] application/sun/ds:ds--opt-app-sun-DS-ecditnp03-1 failed: transitioned to maintenance (see 'svcs -xv' for details)
    Apr 3 15:38:59 ecditnp03-1 svc.startd[2292]: [ID 122153 daemon.warning] svc:/application/sun/ds:ds--opt-app-sun-DS-ecditnp03-1: Method or service exit timed out. Killing contract 402360.
    Apr 3 15:38:59 ecditnp03-1 svc.startd[2292]: [ID 636263 daemon.warning] svc:/application/sun/ds:ds--opt-app-sun-DS-ecditnp03-1: Method "/opt/app/sun/ds6/bin/dsadm start --exec /opt/app/sun/DS-ecditnp03-1" failed due to signal KILL.
    Apr 3 15:38:59 ecditnp03-1 svc.startd[2292]: [ID 748625 daemon.error] application/sun/ds:ds--opt-app-sun-DS-ecditnp03-1 failed: transitioned to maintenance (see 'svcs -xv' for details)
    Apr 3 15:40:48 ecditnp03-1 svc.startd[2292]: [ID 122153 daemon.warning] svc:/application/sun/ds:ds--opt-app-sun-DS-ecditnp03-1: Method or service exit timed out. Killing contract 402367.
    Apr 3 15:40:48 ecditnp03-1 svc.startd[2292]: [ID 636263 daemon.warning] svc:/application/sun/ds:ds--opt-app-sun-DS-ecditnp03-1: Method "/opt/app/sun/ds6/bin/dsadm start --exec /opt/app/sun/DS-ecditnp03-1" failed due to signal KILL.
    Apr 3 15:40:48 ecditnp03-1 svc.startd[2292]: [ID 748625 daemon.error] application/sun/ds:ds--opt-app-sun-DS-ecditnp03-1 failed: transitioned to maintenance (see 'svcs -xv' for details)
    Apr 3 15:44:37 ecditnp03-1 svc.startd[2292]: [ID 122153 daemon.warning] svc:/application/sun/ds:ds--opt-app-sun-DS-ecditnp03-1: Method or service exit timed out. Killing contract 402404.
    ==========

  • Netscape directory server startup failture

    Hi,
    I wonder if anyone can help me.....
    We are running Netscape 4.1 under solaris 2.6, and basically what has
    happened is that the LDAP server crashed out because it was unable to
    write the db file because the file system was full up.
    When I try and restart the server I get the following message in the
    log file
    [11/Sep/2001:08:40:30 -0400] - Netscape-Directory/4.1 B99.262.2243
    starting up
    [11/Sep/2001:08:40:31 -0400] - Detected Disorderly Shutdown last time
    Directory Server was running, recovering database.
    [11/Sep/2001:08:40:53 -0400] - Database Recovery Process FAILED. The
    database is not recoverable.
    [11/Sep/2001:08:40:53 -0400] - start: Failed to init database, err=22
    Invalid argument
    [11/Sep/2001:08:40:53 -0400] - Backend 'ldbm' failed to start. (-1)
    Does anyone have any ideas?
    Sachin

    Hi Vikram,
    Thanks for your quick response. Sorry but i missed to metion that the memory usage was 96% and then i removed some of unnecessary files from the server so that LDAP server can run properly. But still it is giving me the same error. Please help me out. Thanks in advance
    Sachin

  • RE: Number if databases in Directory Server 5.2

    Hi,
    Im looking to find out what the maximum number of databases should be in Directory Server 5.2.
    I know that previously Sun had recommended that a certain number not be exceeded, but Im now looking for figures.
    If there is any other information available, please post it.
    thanks
    ndrb

    Just for the fun of testing, we did create more than 50 databases... The server works ok, but some operations start to be less responsive...
    I would not recommend to use this in real deployments if there is also a lot of entries in the databases.
    Regards
    Ludovic.

  • Possible to "move" Java Directory Server ?

    Hi,
    Has anyone tried moving Java Directory server (LDAP) from one host to another ?That is not having to reinstall the Directory server when moving hosts ?
    I would like to know if anyone has and if any tips and tricks would be great. Thanks

    Yes, I tried to move the DS from a zone to the global yesterday. It was not fun or intuitive. You cannot simply copy instance's dir tree or certificates. The DS creates a certificate database with a randomized password, so you need a new instance to add the certificates back.
    Start with backing up the old instance and copy the dir tree to the new server:
    dsadm stop $DSINS
    dsadm backup $DSINS /archive/path
    On the new server create a new DS instance and restore to it:
    dsadm create $DSINS
    dsadm restore $DSINS /archive/path
    Finally start it to see what breaks:
    dsadm start $DSINS
    I ended up having to request and sign a new server cert. Though, it should be realized you need to create a new DS instance on a server with the original FQDN to add the old certificates back. I modified the local /etc/hosts and the DNS with the original CNAME as a pointer to the real hostname. I had no end of fun getting everything working again. All the clients needed to be re-initialized with the modified profile for the server list. BTW, if your profiles specify the old IP for the default server-list, your ldap clients will fail/hang when being initialized.

  • "Database" - Sun ONE Directory server 5.2

    The user manuals refer to the sun ONE "database".
    Where can I find the name of my directory server's "database" ?
    Is the default database name "db", as in the files stored in this path: ............/slapd-ala-devldap/db

    Run the monitor command. Under the backendmonitordn there should be a line for each database.
    Sample:
    backendmonitordn: cn=monitor,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
    In this case my database is userRoot.
    Alternatively, you could use the start console, and look under the configuration tab.

  • Directory Server 6.2 upgrade to 6.3: import LDIF problem

    Hi all,
    I have tried upgrading my Directory Server 6.2 to version 6.3 because of the database integrity issues as stated in:
    http://blogs.sun.com/dsee/entry/directory_server_6_2_database
    I have followed the steps defined in this article:
    1. Shut down each directory server instance, as described in Starting, Stopping, and Restarting a Directory Server Instance.
    2. Perform an LDIF export of the database, as described in Backing Up to LDIF.
    3. Install the hotfix for bug 6642430 on Directory Server 6.2, or upgrade your Directory Server 6.2 instance to Directory Server 6.3 once Directory Server 6.3 is available for download (early April). You will need to login to Sunsolve in order to see this bug description.
    But when importing the LDIF export, I got the following error:
    [17/Dec/2008:14:44:08 +0100] - import ec: WARNING: Skipping entry "sunPortalAdminPortalDomainPortalServerInstanceMonitoringID=Monitoring,sunPortalAdminPortalDomainPortalServerInstanceID=sol10portal-80,sunPortalAdminPortalDomainPortalID=portal1,sunPortalAdminPortalDomainID=defaultDomain,o=example" whichIt's the only information I get about why the entry was skipped (I did not forget to copy the part after 'which', there was no information there :-))
    This resulted in a missing Portal instance configuration and thus I got a 'configuration error' when surfing through the gateway to the portal.
    I have also tried: manually importing that entry, which resulted in a 'Object does not exist' error. I have tried copying the whole tree from another backup with identical setup, which wasn't working either.
    Did anyone experience the same problems before? Did I do something wrong or is there a workaround for this?
    Second question: What is the exact reason why a export and import is necessary? Or is it only necessary if the database is already corrupt? Is there a way to check that?
    Thanks alot!
    Sten

    The entry was not imported most likely because it's parent isn't in the database yet. Are entries above this in another backend ? If so try importing that backend first. Also, that dn is so long, that it exhausted the buffer which is used to write messages in the access log. This is why, there's nothing after "which".
    What is the exact reason why a export and import is necessary? Or is it only necessary if
    the database is already corrupt? Is there a way to check that?The database corruption could be silent. So a binary backup/restore when going from 6.2 to 6.3 is not recommended and the LDIF route must be used.

  • Migration Users with MD5 Passwords to Directory Server 6.1 on Solaris 10

    Hi,
    We are currently in a requirement of migrating some users to a application database to inside LDAP. Currently Application maintained the passwords in the MD5 hash form. Typical 32 digit Hex value - 41da76f0fc3ec62a6939e634bfb6a342
    Is there a way we can migrate these Users password to directory Server as-is so that they don't end up facing the prospect of resetting post migration.
    I have done some of the initial ground work but seems to be missing other critical info if at all it's possible.
    I believe it's possible to have CRYPT password policy (which directory server uses from underlying OS) as one of the plug-ins to configure in a way that underlying CRYPT utility starts to process/provide/support MD5 hashes. I got it to work, my using the below command on DSEE instance:
    dsconf set-plugin-prop -p 389 CRYPT argument:'$md5$'
    But for some reasons the MD5 hash (Sun MD5 library) provides does not match with the original hash value. It's 22 char long (as I have not specified any salt length) so I am assuming it's Base64 encoded. I have a perl script which converts the original 32-digit hex values to a base64 encoded representation (which I have also verified with other open source tools)
    Is there a way I can tweak CRYPT utility or something so that it understands typical standard MD5 hashes. (Confused between Sun MD5 and BSD (Linux) MD5 - none of them seems to match standard MD5 generated value).
    Any leads on this would be really helpful ?

    Just to reclarify or throw more information:
    a password - cleartext value - testuser1 has 32-digit HEX value as - 41da76f0fc3ec62a6939e634bfb6a342
    Same password when converted to Base64 pattern becomes - Qdp28Pw+xippOeY0v7ajQg==
    But when I use pwdhash utility in DSE after configuring CRYPT to use MD5 hashes it becomes -
    {crypt}$md5$$LiB/H70zXr3xfQPoXVuUQ1
    I used below command :
    pwdhash -D /opt/SUNWdsee/dsee6/ds6/slapd-oha-dev -s CRYPT testuser1
    Actual hash value of pwdhash is -LiB/H70zXr3xfQPoXVuUQ1 with rest of the prefix is to meet RFC standard and salt and algo name separator.
    I am wondering if Sun MD5 default uses any salt even when I haven't used or DS does it. Or if any other MD5 option is there which can be used.
    Thanks,
    Gaurav

  • Installing iMS 5.2 Patch 1 with Sun ONE Directory Server 5.1

    Hi,
    In the documentation of "Installation Guide for Windows NT iPlanet� Messaging Server - Release5.2" It is said that it is possible to install iMS 5.2 with Directory Server 5.1 SP2.
    I am currently using Dir Server 4.16 and I tried recently to install Directory Server 5.1 and iMS 5.2 on a new machine configured to run with Win 2000 Server. The problem is that the installation doesn't work correctly, the database can't connect or I couldn't find the files with the Perl script to update the server. When I copy them from the version 4.16 and try to apply the script, it refuses to apply. It seems that Directory Server 5.1 is too recent to be used with iMS 5.2. Is it possible ?
    Is there a way to get them work together instead of working with the (old) 4.16 release ? The doc says it is possible but I tried every possible ways, it didn't install correctly.
    If anyone has a suggestion ...
    Thank you,
    Fr�d�ric

    I have a problem while running the ims_dssetup.pl patch, here is the msg I receive :
    Here is a summary of the settings that you chose:
    Server Root : d:\iplanet\servers
    Server Instance : slapd-dns1
    Users/Groups Directory : Yes
    Update Schema : yes
    DC Root : o=internet
    User/Group Root : o=gcity-creative.com
    Add New Indexes : yes
    Schema Directory : .\config
    Directory Manager DN : cn=Directory Manager
    Do you want to continue [y]:
    Please check the user/group suffix "o=gcity-creative.com" under "cn=mapping tree
    , cn=config". at ims_dssetup.pl line 969.
    And of course if I install the iMS 5.2 after that (I have iMS 5.2 in iplanet\server5 folder and iDS 5.1 in iplanet\servers folder), the installation crashes telling me that the system can't create the DC tree etc...
    Any idea about this ?

Maybe you are looking for