Directory server and ldap TLS on windows platform

Any body, tested "sun directory server" and "ldap tls" on windows platform"??? cause I tried it, and I cant established a secure connection. On other platform, and I speack about solaris 9, evry thing is ok. Some comments??

It's a rather unusual way to use attribute subtypes. You may be able to do something with the mapping engine in DPS - I'll wait for Sylvain or someone else who knows DPS really well to answer that. But from the perspective of the information model, I have some doubts about this approach. For instance, what happens if you have multiple subtypes on a single-valued attribute?
Usually, for example, if there is a "preferred" common name as opposed to some other common names, it would be modeled in an entirely different attribute type, such as "preferredName". The subtypes are almost exclusively used for language specification nowadays. That's another question - what happens if you ever need to store multiple languages in your Directory?
Do you know of anyone else who is using this kind of information model in their Directory?

Similar Messages

  • Sun java directory server and Active Directory

    We are using two different directory servers Sun java directory server and active directory.
    My question is how we can have password synchronization between these two directory servers.
    I have checked Sun Java[TM] System Identity Synchronization for Windows 1 2004Q3
    http://www.sun.com/download/products.xml?id=41537425
    It seems that it's supported platforms is only for solaris and windows , but I have installed my Sun java directory server on linux and obviously it doesn't work for me.
    I would be grateful if anyone can suggest a solution to work around this situation.
    I have checked identity manager , I would like to know that if I can do this using this product.
    http://www.sun.com/software/products/identity_mgr/specs.jsp
    --regards.
    Sara

    Yes RHEL 4 is a supported OS with DSEE 6.0.
    Identity Synchronization for Windows is a part of DSEE that allows synchronization of users, passwords and groups between Sun Directory Server and Active Directory bi-directionally without altering the users environments, ie it does not require that users change their current habits.
    Identity Manager is a complete identity management solution that is targetting enterprise work flow when it comes to user provisioning and de-provisioning, but also allows to build authentication and password change forms that will provision the passwords to many different systems including Sun Directory Server and Active Directory but also IBM mainframes, legacy applications, databases...
    If you are implementing a complete identity management solution, then go with Identity Manager. If you need a lightweight and fast solution for just synchronizing users and passwords between Sun DS and MS AD, Identity Synchronization for Windows should be your choice.
    Regards,
    Ludovic.

  • Why is it that directory server and IAS will not install through a remote Terminal Services session??

     

    Hi,
    I think this can be done in Unix, using telnet, you may log into the
    system and install it.
    Regards
    Raj
    Mozkill Williams wrote:
    why is it that directory server and IAS will not install through a
    remote Terminal Services session??
    Try our New Web Based Forum at http://softwareforum.sun.com
    Includes Access to our Product Knowledge Base!

  • Profile server and ldap server login

    To enable my portal to have anonymous login and skip the login menu, from the admin console, i've added "Membership" and "Ldap" under the interactive mode section. This is to allow Ldap or Membership authentication methods enabled at the anonymous page. I tried to use the default login channel to log into the portal using LDAP authentication, but it doesn't work. I can log into the portal via the login channel using "Membership" authentication method. But somehow i have no idea how to "integrate" my membership (profile) authentication with Ldap authentication. (Syncs between profile server and LDAP Server for user name and password). Anyone out there have any idea what went wrong here? Thanks a lot.

    The sp3a release notes shows how you can modify the login channel to work with other authentication modules.
    The sample given is for unix authentication to make that sample work for ldap authentication take a copy of that sample
    cp display_iwtAuthUnix.html display_iwtAuthLdap.html
    now look for form action and replace the form action from /login/Unix to /login/Ldap, now follow the instructions given in the sp3a release notes, replace unix with ldap everywhere and it should work ..

  • LDAP (Directory service) server and client compatiblw with windows 7

    Hello Experts,
    Earlier we were using Netscape Server 4.0 and Console  in Windows XP for LDAP Integration testing with BRM.
    Now that Windows XP is soon going to be decommissioned and the software is incompatible with windows 7,I am looking for Directory service (both server and client) alternatives compatible with Windows 7.
    Has  anyone tried setting up a Directory service(or LDAP) in windows 7 Operating system ??
    Any help is appreciated. Thank you

    Hello Mr Thio,
    Basic cause for this type of error message is Generally permission issue.If you are using a domain account make sure it is added as local administrator in local machine.
    RK on setup.exe and select run as administrator
    Makes sure you copy installables on local drive and run setup from machine if your are running from CD directly avoid it.
    Below MS link has documented this error please go through the link properly
    http://support.microsoft.com/kb/2799534
    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

  • Directory Server and windows clients

    Is it possible for a MS windows client to join a Domain on a Directory Server ver 5.2?

    Hello,
    with GPO you can't, there is no special setting for this. Adding the scheduled task is the way to do it. But the scheduled task can be added with startup scripts.
    Create shutdown.cmd for example with the following content:
    ;Create the scheduled task on remote workstation's
    if not exist %systemroot%\tasks\at1.job at 17:30 /every:m,t,w,th,f,s,su shutdown.exe /r /t 120 /c "This computer will shutdown and restart automatically, please close your open applications. Your Administrator." /f
    :Copy the shutdown.exe to remote workstation
    if not exist %systemroot%\system32\shutdown.exe copy "\\domainname\netlogon\shutdown.exe" "%systemroot%\system32\shutdown.exe"
    Keep in mind to replace domainname with your ones and to copy the shutdown.exe to the
    \\yourdomainname\netlogon folder.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Sun Directory Server and OID Synchronization

    I'm having a problem with synchronizing OID with our existing Sun Directory Server. This is a one way synchronization, using Sun DS as the source, and OID as the destination. I've successfully installed OID with SSL enabled (this is part of an Oracle Portal installation), and followed what docs I could find. I created an integration profile based off the iPlanet Import profile, and imported a custom mapping profile based off a differing DIT naming convention (o=company.com vs dc=company,dc=com). I have applied an ACI that should allow the synchronization profile user to update entries on the OID side, and a user in Sun DS that has access to the appropriate areas on that side. I was able to successfully bootstrap and import all of our users, and it was also able modify the last changelog number.
    Having said all of that, incremental changes aren't propagating to OID. I'm not sure where to look or what steps to take to troubleshoot this, as I'm brand new to OID. There's an agent execution command that is blank in the integration profile, but according to what I've found that's the default and is acceptable.
    Am I missing a step here? According to the docs, all I need to do is enable the profile, and away it goes.
    One last thing I had to do to overcome an issue with the changelog number not updating was adding our internal root ca's certificate to the local JVM's cacerts file. I accomplished this with the keytool command, and it seemed to work fine. I'm unsure if it's the SSL config that is hosed and is causing this, or if it's a configuration parameter I'm missing.. but I don't have anywhere to start as far as troubleshooting is concerned.

    On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
    You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
    - Brian

  • Sun Directory Serve and AIX

    I want to Integrate AIX an HPUX in an SUN Ldap Enviroment.
    I ve got a SUN LDAP Directory Server 5.2 P4 on Windows2003 Enterprise Server.
    My Question: How can I get the Schema LDIF files with the attributes an objektclasses in a LDIF Format to
    include it to my LDAP Server. So that i can Integrate Users an logon to my AIX with authenticating by the Sun LDAP Server.
    I need only the Schema files with Objectcalsses an Attributes!!!!!

    On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
    You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
    - Brian

  • Directory Server and Samba 3 PDC

    I'm trying to connect to directory server from samba 3
    # ./smbpasswd -w secret
    # ./net getlocalsid
    it says:
    bash-3.00# ./net getlocalsid
    [2006/04/29 13:29:10, 0] lib/smbldap.c:smbldap_connect_system(890)
    failed to bind to server ldap://merlin.cotarh.local with dn="cn=admin,dc=cotarh,dc=local" Error: Inappropriate authentication
    [2006/04/29 13:29:25, 0] lib/smbldap.c:smbldap_search_suffix(1346)
    smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timelimit exceeded)
    SID for domain MERLIN is: S-1-5-21-3865381809-2382358429-1619658665
    What's wrong?

    Once the user has authenticated with Kerberos, the token can be used with LDAP using the SASL authentication with GSSAPI / Kerbv5 mechanism.
    How to configure Directory Server 5.2 for this is fully documented in the Chapter 11 - Managing Authentication and Encryption of the Administration Manual.
    <http://docs.sun.com/source/817-5221/ssl.html#wp20166>
    Regards,
    Ludovic.

  • Error starting the Application Server and Deployment Tool in Windows 2000

    After installing the iPlanet Aplication Server with sp3 in Windows 2000 I
    get the following
    errors starting the Application Server and Deployment Tool.
    iAS Application Server
    ================
    GXBindInit: GXBindBasic failed
    GXContextInit: GXBindInit failed 2
    [26/Out/2001 17:46:49:8] error: ENGINE-context_init_failed: EngineClassSpace
    ContextModule.createContextInit failed:
    error: could not get context
    *** Errors in initialization from registry ***
    Errors in initialization, exiting ...
    iAS Deployment Tool
    ===============
    GXBindInit: GXBindBasic failed
    GXContextInit: GXBindInit failed 2
    [26/Out/2001 17:23:40:7] error: ENGINE-context_init_failed: EngineClassSpace
    ContextModule.createContextInit failed:
    Exception in thread "main" java.lang.NullPointerException
    at com.kivasoft.util.Util.loadComponent(Unknown Source)
    at
    com.iplanet.ias.tools.buzz.ui.application.StartBuzz.initGDS(Unknown Source)
    at com.iplanet.ias.tools.buzz.ui.application.StartBuzz.main(Unknown
    Source)
    Can anyone help me please!

    Okay, pls check that you are logged in as administrator and installed and now you are logged in as administrator and registering the iAS server. Did you get any installation failures while installing and are you able to register the server using iASAT ?

  • Guest Server and LDAPS

    I've recently setup our NAC Guest Server and cannot get Secure LDAP to work. The config guide says you can use ldap://server or ldaps://server. When I use ldap://server it works but doesn't when I change it to ldaps. Our LDAP server has a Verisign cert. Any ideas?
    Thanks,
    -Dusty

    I've some (very) basic questions.
    Let's say guest vlan = x
    1)vlan x should be created on the foreign controllers as on the anchor controller, with the same properties
    2)on the anchor controller a dynamic interface has to be created acting as default gateway for the guest clients.
    3)it's advised to place the guest server in the guest vlan? Eg. Somewhere in the server farm?
    4)Once traffic coming from the guests is arrived at the anchor controller. (I know to less of WLC ;)) Will it forwarded with as source IP, the IP of the anchor controller towards the anchor default gateway (firewall or internet router?)
    4)authentication: user connect to SSID guest and opens a browser. The user is redirected and a login page is displayed. Is this page downloaded from the anchor controller? I think it is and pushed via WCS. So Guest NAC server has nothing to deal with this page? Correct?
    The anchor controller polls the nac guest server with the given credentials. Anchor controller forwards the credentials to the NAC guest server. The NGS replies with authenticated or not. If authenticated. The guest can browse. Probably on regular base, the anchor controller will poll the NAC guest in order to check if he's still authenticated and if enabled pass information to the NAC guest for accounting. Is this somehow ok?
    I've found to open the following ports in the firewall:
    UDP 97 for EoIP
    UDP 16666 for intercontroller traffic
    and 1812/1813 for Radius.
    Thanks in advance

  • Directory Server and ip change

    hi..
    i must to change ip server where is allocate an directory server (Sun One Directory Server v5.4)..
    ¿there's any detail to know or issues about these change of configuration?
    Thanks for advance!!!

    Hi,
    Do you access the SunONE DS only via IP address, rather than using a hostname?
    If you use a hostname, can't you just change the DNS entry for the SunONE DS hostname?
    If you use only an IP address, maybe you could either:
    1) Setup your new SunONE DS instance, then setup a replication agreement between the old/current SunONE DS and the new SunONE DS, then let the replication occur, then shutdown the old/current SunONE DS, or
    2) Export the data from the old/current SunONE DS, then import it into the new SunONE DS.
    Jim

  • Directory Server and syslog

    Is there any way to configure Directory Server to log to syslog instead? I would like to centralize the logging and for security requirements, I need to have all of the DS logs in a central logging faciltiy. Does anyone have any ideas or suggestions, if syslog isn't possible?

    We have a central login facility too. I had to write a few scripts to capture the logs only the access logs, copy them to another directory where another script (not by me) ftps the files to our 'centralized logs repository'. Good luck.

  • Directory server and freeradius

    Hello guys
    Does anyone used freeradius with directory server for wifi authentication ? Which password scheme works with freeradius i dont want use cleartext with directory server.

    As far as freeradius uses BIND operations instead of searching for the userpassword attribute, you should be able to use
    any scheme.

  • Relationship b/w sga configuration and boot.ini in windows platforms

    hi all,
    i have doubt on sga configuration and boot.ini settings.
    assume the following configuration's
    1.Db is 10g r2.
    2.OS is Windows server 2003 ,RAM is 8gb
    3.SGA_max_size=4gb,SGA_atrget=4gb
    1.For the above settings i must initialize the /3g /PAE in bott.ini file?
    2. the boot.ini configuration is optional one?
    3. what is criteria to set the /3g /PAE parameter in boot.ini and why?
    4. what is advantage and disadvantage of boot.ini
    please explain.
    Thanks is advance..

    Deepak_DBA wrote:
    hi,
    1.Db is 10g r2.
    2.OS is Windows server 2003 ,RAM is 8gb
    3.SGA_max_size=4gb,SGA_atrget=4gbfor this configuration no need to set /3g /PAE..
    coz in Windows server 2003
    When the physical RAM in the system exceeds 16 GB and the /3GB switch is used, the operating system will ignore the additional RAM until the /3GB switch is removed. This is because of the increased size of the kernel required to support more Page Table Entries. The assumption is made that the administrator would rather not lose the /3GB functionality silently and automatically; therefore, this requires the administrator to explicitly change this setting.
    The /3GB switch allocates 3 GB of virtual address space to an application that uses IMAGE_FILE_LARGE_ADDRESS_AWARE in the process header. This switch allows applications to address 1 GB of additional virtual address space above 2 GB.
    The virtual address space of processes and applications is still limited to 2 GB, unless the /3GB switch is used in the Boot.ini file. The following example shows how to add the /3GB parameter in the Boot.ini file to enable application memory tuning:
    [boot loader]
    timeout=30
    default=multi(0)disk(0)rdisk(0)partition(2)\WINNT
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(2)\WINNT="????" /3GB
    so no need to se the bbot.ini files in your case..
    Deepak,
    Its not good to quote from a link and not give the entire link.
    http://www.microsoft.com/whdc/system/platform/server/PAE/PAEmem.mspx
    HTH
    Aman....

Maybe you are looking for