Directory Server and ip change

Similar Messages

• Sun java directory server and Active Directory

  We are using two different directory servers Sun java directory server and active directory.
  My question is how we can have password synchronization between these two directory servers.
  I have checked Sun Java[TM] System Identity Synchronization for Windows 1 2004Q3
  http://www.sun.com/download/products.xml?id=41537425
  It seems that it's supported platforms is only for solaris and windows , but I have installed my Sun java directory server on linux and obviously it doesn't work for me.
  I would be grateful if anyone can suggest a solution to work around this situation.
  I have checked identity manager , I would like to know that if I can do this using this product.
  http://www.sun.com/software/products/identity_mgr/specs.jsp
  --regards.
  Sara

  Yes RHEL 4 is a supported OS with DSEE 6.0.
  Identity Synchronization for Windows is a part of DSEE that allows synchronization of users, passwords and groups between Sun Directory Server and Active Directory bi-directionally without altering the users environments, ie it does not require that users change their current habits.
  Identity Manager is a complete identity management solution that is targetting enterprise work flow when it comes to user provisioning and de-provisioning, but also allows to build authentication and password change forms that will provision the passwords to many different systems including Sun Directory Server and Active Directory but also IBM mainframes, legacy applications, databases...
  If you are implementing a complete identity management solution, then go with Identity Manager. If you need a lightweight and fast solution for just synchronizing users and passwords between Sun DS and MS AD, Identity Synchronization for Windows should be your choice.
  Regards,
  Ludovic.

• Why is it that directory server and IAS will not install through a remote Terminal Services session??

   

  Hi,
  I think this can be done in Unix, using telnet, you may log into the
  system and install it.
  Regards
  Raj
  Mozkill Williams wrote:
  why is it that directory server and IAS will not install through a
  remote Terminal Services session??
  Try our New Web Based Forum at http://softwareforum.sun.com
  Includes Access to our Product Knowledge Base!

• Directory server and ldap TLS on windows platform

  Any body, tested "sun directory server" and "ldap tls" on windows platform"??? cause I tried it, and I cant established a secure connection. On other platform, and I speack about solaris 9, evry thing is ok. Some comments??

  It's a rather unusual way to use attribute subtypes. You may be able to do something with the mapping engine in DPS - I'll wait for Sylvain or someone else who knows DPS really well to answer that. But from the perspective of the information model, I have some doubts about this approach. For instance, what happens if you have multiple subtypes on a single-valued attribute?
  Usually, for example, if there is a "preferred" common name as opposed to some other common names, it would be modeled in an entirely different attribute type, such as "preferredName". The subtypes are almost exclusively used for language specification nowadays. That's another question - what happens if you ever need to store multiple languages in your Directory?
  Do you know of anyone else who is using this kind of information model in their Directory?

• Sun Directory Server and OID Synchronization

  I'm having a problem with synchronizing OID with our existing Sun Directory Server. This is a one way synchronization, using Sun DS as the source, and OID as the destination. I've successfully installed OID with SSL enabled (this is part of an Oracle Portal installation), and followed what docs I could find. I created an integration profile based off the iPlanet Import profile, and imported a custom mapping profile based off a differing DIT naming convention (o=company.com vs dc=company,dc=com). I have applied an ACI that should allow the synchronization profile user to update entries on the OID side, and a user in Sun DS that has access to the appropriate areas on that side. I was able to successfully bootstrap and import all of our users, and it was also able modify the last changelog number.
  Having said all of that, incremental changes aren't propagating to OID. I'm not sure where to look or what steps to take to troubleshoot this, as I'm brand new to OID. There's an agent execution command that is blank in the integration profile, but according to what I've found that's the default and is acceptable.
  Am I missing a step here? According to the docs, all I need to do is enable the profile, and away it goes.
  One last thing I had to do to overcome an issue with the changelog number not updating was adding our internal root ca's certificate to the local JVM's cacerts file. I accomplished this with the keytool command, and it seemed to work fine. I'm unsure if it's the SSL config that is hosed and is causing this, or if it's a configuration parameter I'm missing.. but I don't have anywhere to start as far as troubleshooting is concerned.

  On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
  You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
  - Brian

• Sun Directory Serve and AIX

  I want to Integrate AIX an HPUX in an SUN Ldap Enviroment.
  I ve got a SUN LDAP Directory Server 5.2 P4 on Windows2003 Enterprise Server.
  My Question: How can I get the Schema LDIF files with the attributes an objektclasses in a LDIF Format to
  include it to my LDAP Server. So that i can Integrate Users an logon to my AIX with authenticating by the Sun LDAP Server.
  I need only the Schema files with Objectcalsses an Attributes!!!!!

  On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
  You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
  - Brian

• Directory Server and Samba 3 PDC

  I'm trying to connect to directory server from samba 3
  # ./smbpasswd -w secret
  # ./net getlocalsid
  it says:
  bash-3.00# ./net getlocalsid
  [2006/04/29 13:29:10, 0] lib/smbldap.c:smbldap_connect_system(890)
  failed to bind to server ldap://merlin.cotarh.local with dn="cn=admin,dc=cotarh,dc=local" Error: Inappropriate authentication
  [2006/04/29 13:29:25, 0] lib/smbldap.c:smbldap_search_suffix(1346)
  smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timelimit exceeded)
  SID for domain MERLIN is: S-1-5-21-3865381809-2382358429-1619658665
  What's wrong?

  Once the user has authenticated with Kerberos, the token can be used with LDAP using the SASL authentication with GSSAPI / Kerbv5 mechanism.
  How to configure Directory Server 5.2 for this is fully documented in the Chapter 11 - Managing Authentication and Encryption of the Administration Manual.
  <http://docs.sun.com/source/817-5221/ssl.html#wp20166>
  Regards,
  Ludovic.

• Directory Server and syslog

  Is there any way to configure Directory Server to log to syslog instead? I would like to centralize the logging and for security requirements, I need to have all of the DS logs in a central logging faciltiy. Does anyone have any ideas or suggestions, if syslog isn't possible?

  We have a central login facility too. I had to write a few scripts to capture the logs only the access logs, copy them to another directory where another script (not by me) ftps the files to our 'centralized logs repository'. Good luck.

• Active directory, SSGD and password change

  Hi everybody, we have some problems with SSGD, active directory and password change
  Scenario:
  We have 2 different perfectly working Active directory called "Gruppo" and "Eracle";
  We have 2 different tarantella installations called "Sgd" and "Tlv";
  Sgd servers are working servers and users authenticate against Eracle, used by our customer.
  We made 2 basic different test with Tlv:
  1. we configure Tlv to authenticate users against Gruppo (that is our real need)---> we can't change pasword using kpasswd or ttakpasswd
  2. we configure Tlv to authenticate users against Eracle ---> everything was ok
  There are NO DIFFERENCE beetween Sgd and Tlv, they have same configuration, same krb5.conf etc..
  There is ONE DIFFERENCE beetween Eracle and Gruppo:
  Eracle Active Directory's properties:
  Domain functional level: Windows 2000 mixed
  Forest functional level: Windows 2000
  Gruppo Active Directory's properties:
  Domain functional level: Windows 2000 native
  Forest functional level: Windows 2000
  SSGD documentation doesn't speak about different Active Directory properties. The SSGD documentation says that you can authenticate users against Active directory, so, IT HAS TO WORK even if the domain functional level of active directory is different.
  Can someone help us^Hi Simon
  I'll try again to explain you our problem, because it seems that I wasn't so clear.
  Scenario:
  We have 2 different perfectly working Active directory called "Gruppo" and "Eracle";
  We have 2 different tarantella installations called "Sgd" and "Tlv";
  Sgd servers are working servers and users authenticate against Eracle, used by our customer.
  We made 2 basic different test with Tlv:
  1. we configure Tlv to authenticate users against Gruppo (that is our real need)---> we can't change pasword using kpasswd or ttakpasswd
  2. we configure Tlv to authenticate users against Eracle ---> everything was ok
  There are NO DIFFERENCE beetween Sgd and Tlv, they have same configuration, same krb5.conf etc..
  There is ONE DIFFERENCE beetween Eracle and Gruppo:
  Eracle Active Directory's properties:
  Domain functional level: Windows 2000 mixed
  Forest functional level: Windows 2000
  Gruppo Active Directory's properties:
  Domain functional level: Windows 2000 native
  Forest functional level: Windows 2000
  SSGD documentation doesn't speak about different Active Directory properties. The SSGD documentation says that you can authenticate users against Active directory, so, IT HAS TO WORK even if the domain functional level of active directory is different.
  Can someone help us?
  Many thank
  Patrizia

  Added question.
  Do you guys know if changing the password will change the password on their Active directory access.
  Thanks,
  helmut

• Directory Server and windows clients

  Is it possible for a MS windows client to join a Domain on a Directory Server ver 5.2?

  Hello,
  with GPO you can't, there is no special setting for this. Adding the scheduled task is the way to do it. But the scheduled task can be added with startup scripts.
  Create shutdown.cmd for example with the following content:
  ;Create the scheduled task on remote workstation's
  if not exist %systemroot%\tasks\at1.job at 17:30 /every:m,t,w,th,f,s,su shutdown.exe /r /t 120 /c "This computer will shutdown and restart automatically, please close your open applications. Your Administrator." /f
  :Copy the shutdown.exe to remote workstation
  if not exist %systemroot%\system32\shutdown.exe copy "\\domainname\netlogon\shutdown.exe" "%systemroot%\system32\shutdown.exe"
  Keep in mind to replace domainname with your ones and to copy the shutdown.exe to the
  \\yourdomainname\netlogon folder.
  Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Directory server and freeradius

  Hello guys
  Does anyone used freeradius with directory server for wifi authentication ? Which password scheme works with freeradius i dont want use cleartext with directory server.

  As far as freeradius uses BIND operations instead of searching for the userpassword attribute, you should be able to use
  any scheme.

• Directory Server Replication and Access Manager

  I've set up 2 Access Managers instances AM1 and AM2 connected to one Directory Server DS1. Changes to AM1 are replicated to AM1. DS1 is replicated to DS2 using MMR. I'm following Sun's document http://docs.sun.com/app/docs/doc/819-4672/6n6qcof22?a=view to setup failover for this environment. Step 5 says
  Modify the following properties to reflect the host and port number of a consumer Directory Server installed in Configuring For Replication .
  com.iplanet.am.directory.host = DS1.domain
  com.iplanet.am.directory.port = port of DS1
  How do I modify above to reflect DS2 so that should DS1 fail, DS2 takes over?
  Also step 9 says - In the serverconfig.xml file, specify the host name and port number of the consumer directory installed in Configuring For Replication, as shown in the following example for the serverconfig.xml file.
  <iPlanetDataAccessLayer>
  <ServerGroup name="default" minConnPool="1"
  maxConnPool="10">
  <Server name="Server1"
  host="consumer1.example.com" port="389"
  type="SIMPLE" />
  Again, how do I modify serverconfig.xml to reflect the 2nd Directory Server, DS2 so that if DS1 fails both AM1 and AM2 can connect to DS2. If anybody has done this please let me know how it worked, thanks.

  Are you talking about Access Manager flopping over from ds1 to ds2 if ds1 is down?
  In serverconfig.xml look for the line containing 'Server Name' and add a line like this directly underneath of it:
  <Server name="Server2" host="ds2" port="389" type="SIMPLE" />
  Save and exit
  vi AMConfig.properties and add something like this after the existing com.iplanet.am.directory.host and com.iplanet.am.directory.port:
  /* Added for multi-master directory fail-over */
  com.iplanet.am.directory.host=ds2
  com.iplanet.am.directory.port=389
  com.iplanet.am.replica.retries=3
  com.iplanet.am.replica.delay.between.retries=5000
  /* End Added for multi-master directory fail-over */
  Save and exit
  Restart the Access Manager web container

• Change Directory server for Portal Server 6.2

  Hi there,
  I have the following problem with Portal Server 6.2 configuration which hopefully someone here will be able to help me with.
  Basically our current setup is the Sun Portal Server 6.2, ID server 6.1 and Directory server all sitting on one (Solaris 9) box. We now wish to separate the Portal / ID server components and the Directory Server component to separate boxes. In portal server 6.0 i think there was a pssetup tool which allowed configuration of a directory server which populated it with the necessary data for portal and ID server. The directory server we will be installing to will not necessarily be a clean install, i.e. it may already be populated with data.
  Is there some way therefore to re-configure the existing directory server to allow us to point our portal / ID server at it?
  Thanks in advance for any help
  Laurence.

  This can be done. You need to import the portal/identity server's schema into your new directory server and then export your existing directory server's content and import it into the new one.

• Active Directory 2003 and Sun One Directory Server 5.2

  I just installed Sun One Directory Server 5.2 on a Linux machine. I want to configure LDAP on that machine so that it can be authenticated on Active Directory 2003. How do I go about doing this?

  Active Directory server is a "directory server" (and kerberos server.) If your linux client authenticates against Active Directory it doesn't have to involve the Sun Directory Server at all. You have several general approaches you could investigate:
  1. Linux client gets accounts and and authentication via LDAP from Active Directory
  If you use AD to handle unix LDAP authentication (opt 1) you may need to extend schema in AD to add the unix password field. I haven't tried it yet, but hope to.
  2. Linux client gets accounts from AD LDAP and authorization from AD Kerberos.
  There should be docs on support.microsoft.com on enabling kerberos support for non-Win clients.
  3. Linux client (with samba client installed, with winbind or pam_smb to support unix level services) gets accounts and authentication as a "Windows" client from Active directory "Windows server"
  Check the samba.org docn or forums- I think this is a pretty common solution.
  4. Linux client gets account information from Sun Directory server but uses kerberos (against active directory) for authentication.
  There should be docs on support.microsoft.com on enabling kerberos support for non-Win clients.
  5 Linux client gets account and authorization from Sun Directory server, which the sun Directory server configured to use Active Directory as a Kerberos server.
  Probably incredibly complex.

• Integrating Messaging Server and Identity Server

  I've got JES 2004Q2, and I'm trying to install the various components on different workstations to prove that a) the software works, and b) it's a viable alternative to Exchange (so please please help me get it working!)
  The problem I have is getting Messenger Server and Directory Server talking properly so that I can create users and then log in as those users. After days of frustrating searching for solutions to this problem (and also find people who have successfully done this), I decided to install the components onto one server.
  And it worked. Installing Messaging Server, Identity Server, Web Server (contained for Identity Server), Directory Server, and Admin Server all on the same box, configuring them all to use the same directory server for UG and preferences, running the various configuration tools that come with the software, and it all works together fine. Using "./commadmin domain modify .... -S mail", I get "OK". I can add users with the "-S mail" option, log in as those users, and send emails between those users. So this tells me that the software does work, albeit on one box.
  When I try to separate the services out to separate boxes, they don't seem to integrate properly. I thought that maybe the order in which you configured applications made a difference (ie. configuring Identity Server after Messenger Server means IS will pick up on the changes made to the directory by MS, and enable it). I also tried to see if using the same options directory server from different boxes helped, but nothing. I've even tried patching them using 116568-52 and 116585-10 but no luck.
  Therefore, I've found that installing all servers on one box works, but installing them on separate boxes doesn't (despite using the same directory servers). My conclusion in this is that one of two things must be the case:
  a) there's something in the install that has to be changed to reflect the fact that the services are running on different boxes
  b) the install of the services adds files to the system somewhere which other packages in JES pick up on (hence the reason why installing everything on one box works), and this isn't documented anywhere
  Unfortunately, the output of commadmin when it fails isn't that helpful (nothing against the developers, however it doesn't really help in the fault finding process). I do believe however that the problem is with Identity Server and its configuration, rather than Messaging Server.
  Here's some (possibly) useful info:
  kipling# ./imsimta version
  Sun Java(tm) System Messaging Server 6.1 HotFix 0.01 (built Jun 24 2004)
  libimta.so 6.1 HotFix 0.01 (built 12:52:04, Jun 24 2004)
  SunOS kipling 5.8 Generic_117350-02 sun4u sparc SUNW,Sun-Blade-1500
  kipling#
  (on UG server)
  # ./commadmin domain modify -D admin -w <password> -d uwe.ac.uk -n uwe.ac.uk -S mail -H kipling.uwe.ac.uk
  FAIL
  Unable to set attribute(s)
  (some verbose mode output)
  [Debug]: Contacting : http://bronte.uwe.ac.uk:10080/commcli/TaskManager
  [Debug]: To servlet: task=ModifyDomain&objecttype=Domain&domain=uwe.ac.uk&add_services=mail&add_preferredmailhost=kipling.uwe.ac.uk
  [Debug]: RECV: FAIL
  [Debug]: RECV: Unable to set attribute(s)
  [Debug]: CLITask: status returned =FAIL
  FAIL
  Unable to set attribute(s)
  [Debug]: DBG: doOne returned code=6
  [Debug]: Contacting : http://bronte.uwe.ac.uk:10080/commcli/logout
  [Debug]: Logout ...
  [Debug]: RECV: SSOToken id AQIC5wM2LY4SfcyW5hbVBGXqCdsYYDjVarSFRMd6HIxsGho=@AAJTSQACMDE=#
  [Debug]: RECV: destroyed
  Root suffix: dc=uwe,dc=ac,dc=uk (all "o=" references have been dropped)
  All services have their own local options directory server.
  Can anyone give me any suggestions? If I log a support call with Sun, what is the likely resolution time? My ultimate goal is to get the whole suite running together, then install Portal server. Once that's working, download the connectors for Outlook and get it all working with Outlook. As I said at the start, we're hoping to show this is a viable alternative to Exchange (certainly for the backend) so any help will be greatly appreciated!
  Iain

  slo_chewie wrote:
  Does the email recipient address change when the email is sent to gmail i.e. does an email sent to [email protected] become [email protected]?
  We've got google for domains setup, so users would retain a @domain.com address regardless if there mailbox was hosted on the internal server or hosted at google.You can make use of the mailRoutingAddress: user attribute and source routing to get the desired behaviour e.g.
  => Set the following value to the LDAP entry of the user who is hosted on the gmail server. The "[email protected]" address should match the users mail: address:
  mailRoutingAddress: @gmail.com:[email protected]=> Ensure the following option has been tcp_local channel in your imta.cnf file. This option strips off the "@gmail.com" value of the recipient address before sending the email to the gmail.com servers.
  dequeue_removerouteMake sure you run "./imsimta cnbuild;./imsimta restart" after modifying the imta.cnf file.
  Regards,
  Shane.