Directory server and freeradius

Similar Messages

• Sun java directory server and Active Directory

  We are using two different directory servers Sun java directory server and active directory.
  My question is how we can have password synchronization between these two directory servers.
  I have checked Sun Java[TM] System Identity Synchronization for Windows 1 2004Q3
  http://www.sun.com/download/products.xml?id=41537425
  It seems that it's supported platforms is only for solaris and windows , but I have installed my Sun java directory server on linux and obviously it doesn't work for me.
  I would be grateful if anyone can suggest a solution to work around this situation.
  I have checked identity manager , I would like to know that if I can do this using this product.
  http://www.sun.com/software/products/identity_mgr/specs.jsp
  --regards.
  Sara

  Yes RHEL 4 is a supported OS with DSEE 6.0.
  Identity Synchronization for Windows is a part of DSEE that allows synchronization of users, passwords and groups between Sun Directory Server and Active Directory bi-directionally without altering the users environments, ie it does not require that users change their current habits.
  Identity Manager is a complete identity management solution that is targetting enterprise work flow when it comes to user provisioning and de-provisioning, but also allows to build authentication and password change forms that will provision the passwords to many different systems including Sun Directory Server and Active Directory but also IBM mainframes, legacy applications, databases...
  If you are implementing a complete identity management solution, then go with Identity Manager. If you need a lightweight and fast solution for just synchronizing users and passwords between Sun DS and MS AD, Identity Synchronization for Windows should be your choice.
  Regards,
  Ludovic.

• Why is it that directory server and IAS will not install through a remote Terminal Services session??

   

  Hi,
  I think this can be done in Unix, using telnet, you may log into the
  system and install it.
  Regards
  Raj
  Mozkill Williams wrote:
  why is it that directory server and IAS will not install through a
  remote Terminal Services session??
  Try our New Web Based Forum at http://softwareforum.sun.com
  Includes Access to our Product Knowledge Base!

• Directory server and ldap TLS on windows platform

  Any body, tested "sun directory server" and "ldap tls" on windows platform"??? cause I tried it, and I cant established a secure connection. On other platform, and I speack about solaris 9, evry thing is ok. Some comments??

  It's a rather unusual way to use attribute subtypes. You may be able to do something with the mapping engine in DPS - I'll wait for Sylvain or someone else who knows DPS really well to answer that. But from the perspective of the information model, I have some doubts about this approach. For instance, what happens if you have multiple subtypes on a single-valued attribute?
  Usually, for example, if there is a "preferred" common name as opposed to some other common names, it would be modeled in an entirely different attribute type, such as "preferredName". The subtypes are almost exclusively used for language specification nowadays. That's another question - what happens if you ever need to store multiple languages in your Directory?
  Do you know of anyone else who is using this kind of information model in their Directory?

• Sun Directory Server and OID Synchronization

  I'm having a problem with synchronizing OID with our existing Sun Directory Server. This is a one way synchronization, using Sun DS as the source, and OID as the destination. I've successfully installed OID with SSL enabled (this is part of an Oracle Portal installation), and followed what docs I could find. I created an integration profile based off the iPlanet Import profile, and imported a custom mapping profile based off a differing DIT naming convention (o=company.com vs dc=company,dc=com). I have applied an ACI that should allow the synchronization profile user to update entries on the OID side, and a user in Sun DS that has access to the appropriate areas on that side. I was able to successfully bootstrap and import all of our users, and it was also able modify the last changelog number.
  Having said all of that, incremental changes aren't propagating to OID. I'm not sure where to look or what steps to take to troubleshoot this, as I'm brand new to OID. There's an agent execution command that is blank in the integration profile, but according to what I've found that's the default and is acceptable.
  Am I missing a step here? According to the docs, all I need to do is enable the profile, and away it goes.
  One last thing I had to do to overcome an issue with the changelog number not updating was adding our internal root ca's certificate to the local JVM's cacerts file. I accomplished this with the keytool command, and it seemed to work fine. I'm unsure if it's the SSL config that is hosed and is causing this, or if it's a configuration parameter I'm missing.. but I don't have anywhere to start as far as troubleshooting is concerned.

  On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
  You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
  - Brian

• Sun Directory Serve and AIX

  I want to Integrate AIX an HPUX in an SUN Ldap Enviroment.
  I ve got a SUN LDAP Directory Server 5.2 P4 on Windows2003 Enterprise Server.
  My Question: How can I get the Schema LDIF files with the attributes an objektclasses in a LDIF Format to
  include it to my LDAP Server. So that i can Integrate Users an logon to my AIX with authenticating by the Sun LDAP Server.
  I need only the Schema files with Objectcalsses an Attributes!!!!!

  On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
  You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
  - Brian

• Directory Server and ip change

  hi..
  i must to change ip server where is allocate an directory server (Sun One Directory Server v5.4)..
  ¿there's any detail to know or issues about these change of configuration?
  Thanks for advance!!!

  Hi,
  Do you access the SunONE DS only via IP address, rather than using a hostname?
  If you use a hostname, can't you just change the DNS entry for the SunONE DS hostname?
  If you use only an IP address, maybe you could either:
  1) Setup your new SunONE DS instance, then setup a replication agreement between the old/current SunONE DS and the new SunONE DS, then let the replication occur, then shutdown the old/current SunONE DS, or
  2) Export the data from the old/current SunONE DS, then import it into the new SunONE DS.
  Jim

• Directory Server and Samba 3 PDC

  I'm trying to connect to directory server from samba 3
  # ./smbpasswd -w secret
  # ./net getlocalsid
  it says:
  bash-3.00# ./net getlocalsid
  [2006/04/29 13:29:10, 0] lib/smbldap.c:smbldap_connect_system(890)
  failed to bind to server ldap://merlin.cotarh.local with dn="cn=admin,dc=cotarh,dc=local" Error: Inappropriate authentication
  [2006/04/29 13:29:25, 0] lib/smbldap.c:smbldap_search_suffix(1346)
  smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timelimit exceeded)
  SID for domain MERLIN is: S-1-5-21-3865381809-2382358429-1619658665
  What's wrong?

  Once the user has authenticated with Kerberos, the token can be used with LDAP using the SASL authentication with GSSAPI / Kerbv5 mechanism.
  How to configure Directory Server 5.2 for this is fully documented in the Chapter 11 - Managing Authentication and Encryption of the Administration Manual.
  <http://docs.sun.com/source/817-5221/ssl.html#wp20166>
  Regards,
  Ludovic.

• Directory Server and syslog

  Is there any way to configure Directory Server to log to syslog instead? I would like to centralize the logging and for security requirements, I need to have all of the DS logs in a central logging faciltiy. Does anyone have any ideas or suggestions, if syslog isn't possible?

  We have a central login facility too. I had to write a few scripts to capture the logs only the access logs, copy them to another directory where another script (not by me) ftps the files to our 'centralized logs repository'. Good luck.

• Directory Server and windows clients

  Is it possible for a MS windows client to join a Domain on a Directory Server ver 5.2?

  Hello,
  with GPO you can't, there is no special setting for this. Adding the scheduled task is the way to do it. But the scheduled task can be added with startup scripts.
  Create shutdown.cmd for example with the following content:
  ;Create the scheduled task on remote workstation's
  if not exist %systemroot%\tasks\at1.job at 17:30 /every:m,t,w,th,f,s,su shutdown.exe /r /t 120 /c "This computer will shutdown and restart automatically, please close your open applications. Your Administrator." /f
  :Copy the shutdown.exe to remote workstation
  if not exist %systemroot%\system32\shutdown.exe copy "\\domainname\netlogon\shutdown.exe" "%systemroot%\system32\shutdown.exe"
  Keep in mind to replace domainname with your ones and to copy the shutdown.exe to the
  \\yourdomainname\netlogon folder.
  Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Active Directory 2003 and Sun One Directory Server 5.2

  I just installed Sun One Directory Server 5.2 on a Linux machine. I want to configure LDAP on that machine so that it can be authenticated on Active Directory 2003. How do I go about doing this?

  Active Directory server is a "directory server" (and kerberos server.) If your linux client authenticates against Active Directory it doesn't have to involve the Sun Directory Server at all. You have several general approaches you could investigate:
  1. Linux client gets accounts and and authentication via LDAP from Active Directory
  If you use AD to handle unix LDAP authentication (opt 1) you may need to extend schema in AD to add the unix password field. I haven't tried it yet, but hope to.
  2. Linux client gets accounts from AD LDAP and authorization from AD Kerberos.
  There should be docs on support.microsoft.com on enabling kerberos support for non-Win clients.
  3. Linux client (with samba client installed, with winbind or pam_smb to support unix level services) gets accounts and authentication as a "Windows" client from Active directory "Windows server"
  Check the samba.org docn or forums- I think this is a pretty common solution.
  4. Linux client gets account information from Sun Directory server but uses kerberos (against active directory) for authentication.
  There should be docs on support.microsoft.com on enabling kerberos support for non-Win clients.
  5 Linux client gets account and authorization from Sun Directory server, which the sun Directory server configured to use Active Directory as a Kerberos server.
  Probably incredibly complex.

• Passwordless ssh login using kerberos in Directory Server 5.2

  Hello all,
  I am trying to do passwordless ssh login in directory server 5.2 . I have done everything on directory server and client such as enabling sasl/gssapi, configuring kdc, creating gssapi profile, identity mapping, configured client with that profile. ldapsearch with -o mech=gssapi works fine.
  But still i can't do password less ssh login. However, i can do passwordless login with the kerberos principal for local user but not for user which is in directory server.
  Any help will be greatly appreciated.

  Hello all,
  I am trying to do passwordless ssh login in directory server 5.2 . I have done everything on directory server and client such as enabling sasl/gssapi, configuring kdc, creating gssapi profile, identity mapping, configured client with that profile. ldapsearch with -o mech=gssapi works fine.
  But still i can't do password less ssh login. However, i can do passwordless login with the kerberos principal for local user but not for user which is in directory server.
  Any help will be greatly appreciated.

• Change Directory server for Portal Server 6.2

  Hi there,
  I have the following problem with Portal Server 6.2 configuration which hopefully someone here will be able to help me with.
  Basically our current setup is the Sun Portal Server 6.2, ID server 6.1 and Directory server all sitting on one (Solaris 9) box. We now wish to separate the Portal / ID server components and the Directory Server component to separate boxes. In portal server 6.0 i think there was a pssetup tool which allowed configuration of a directory server which populated it with the necessary data for portal and ID server. The directory server we will be installing to will not necessarily be a clean install, i.e. it may already be populated with data.
  Is there some way therefore to re-configure the existing directory server to allow us to point our portal / ID server at it?
  Thanks in advance for any help
  Laurence.

  This can be done. You need to import the portal/identity server's schema into your new directory server and then export your existing directory server's content and import it into the new one.

• Error while installing iplanet directory server 5.0

  Hi I am trying to install iPlanet directory server 5.0 on my local machine.My computer name doesnot contain any domain name.it is simply like "ERT3210".
  While installing Directory server it is asking for the computer name and if i give the computer name without domain it is not accepting.And i am unable to rename my computer name suffixing domain name as it is not contained in any domain..Now How can i give the computer name to install directory server?.Its very urgent for me.It will be great help if any one give reply.

  Start/Stop Directory Server and Start/Stop Admin Server are usually present in My Computer/Manage/Services, just start or stop the service.
  Assuming the install root directory is %LDAP_ROOT%
  You could always create program icons for
  1) start/stop dirrectory server
  %LDAP_ROOT%\slapd-%COMPUTERNAME%\start-slapd.exe
  %LDAP_ROOT%\slapd-%COMPUTERNAME%\stop-slapd.exe
  2) start/stop admin server
  %LDAP_ROOT%\start-admin.exe
  %LDAP_ROOT%\stop-admin.exe
  3) SUN ONE Console (iPlanet Console)
  %LDAP_ROOT%\startconsole.exe
  Gary

• Retrieving user data from Directory Server using java code

  Can anyone send java code to bind to directory server and retrieve the user information from server instance.

  To CRabel,
  My company have restriction on using the open sources product/code, but i will take a look on netscape ldap sdk as a reference~
  To raghu1978 ,
  i find a product call Directory Editor 1 2005Q1, I hope it is useful.
  thz all~