Directory Server Directions

We are using Sun Directory Server 6.3.1 ,
and are pleased with its performance and stability.
We run entreprise critical systems on these servers.
I have been tasked with researching the migration path
fotr these systems . Can someone reply with urls
for documentation on :
- expected life of DS 6.3.1
- current products in the DS 6.3.1 line
- oracle expected migration path for identity management
Thank You,
JYard
UCLA

Hi,
Please refer to http://www.oracle.com/us/support/library/lifetime-support-middleware-069163.pdf for product Lifetime Support, per Oracle policy.
Since DS 6.3.1, 6.3.1.1, 7.0 and 11gR1 (Oracle rebranding of 7.0) have been released and are available for download. ODSEE 11gR1 is a rebranded release of Sun Directory Server Enterprise Edition 7.0
To download Sun branded products, go to Oracle E-Delivry: http://edelivery.oracle.com/. When you have reached "Media Pack Search " page, please select "Sun Products" as Product Pack.
You can get the 11gR1 from http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html
Documentation for each release can be downloaded from http://www.oracle.com/technetwork/documentation/legacy-sun-identity-mgmt-193462.html
For migration, you can start at http://download.oracle.com/docs/cd/E19656-01/821-1505/index.html
Hope this helps
-Sylvain

Similar Messages

  • SMTP requests cause the directory server to allocate all processor resource

    Using JES 2005Q1.
    The problem started when adding mass number of users. When running the commadmin for a long time, the system will hang. We tuned the directory server by increasing the database, initialization and entry cache. I changed many other parameters to tune parameters. It was worthless.
    I shifted to ldif and used ldapmodify to create those users.
    The users were created successfully. But when the smtp traffic was directed to the server, the nslapd process will allocate 95% of the CPU in 5 minutes.
    The problem is in the way the directory server is searched when it accepts an smtp request.
    Knowing that the server is currently used only for Messaging Server, any suggestions on how to improve the performance of the directory?
    Thanks in advance.

    The "lookthroughlimit" is set to -1.
    I sent from a local user on the server to the same user and the log was this :
    "[04/Oct/2005:10:26:02 -0300] conn=1407 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:02 -0300] conn=1406 op=-1 msgId=-1 - closing - T1
    [04/Oct/2005:10:26:02 -0300] conn=1406 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:26:02 -0300] conn=1407 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
    [04/Oct/2005:10:26:02 -0300] conn=1407 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
    [04/Oct/2005:10:26:02 -0300] conn=1407 op=1 msgId=2 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=marmara.terra.net.lb)(sunPreferredDomain=marmara.terra.net.lb)))" attrs=ALL
    [04/Oct/2005:10:26:02 -0300] conn=1408 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:02 -0300] conn=1408 op=0 msgId=141 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:26:02 -0300] conn=1408 op=0 msgId=141 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:26:02 -0300] conn=1407 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
    [04/Oct/2005:10:26:16 -0300] conn=1407 op=2 msgId=3 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=terra.net.lb)(sunPreferredDomain=terra.net.lb)))" attrs=ALL
    [04/Oct/2005:10:26:16 -0300] conn=1407 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:16 -0300] conn=1407 op=3 msgId=4 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(&(uid=dede1)(objectClass=inetmailuser))" attrs="uid inetUserStatus mailUserStatus mailAllowedServiceAccess inetsubscriberstatus inetauthorizedservices nsmsgDisallowAccess mailAccessDomain mailHost mailMessageStore preferredLanguage mail mailQuota mailMsgQuota aclGroupAddr pabURI maxPabEntries preferredLocale"
    [04/Oct/2005:10:26:16 -0300] conn=1407 op=3 msgId=4 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:16 -0300] conn=1409 op=-1 msgId=-1 - fd=41 slot=41 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:16 -0300] conn=1409 op=0 msgId=1 - BIND dn="uid=dede1,ou=People,o=terra.net.lb,o=isp" method=128 version=3
    [04/Oct/2005:10:26:16 -0300] conn=1409 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=dede1,ou=people,o=terra.net.lb,o=isp"
    [04/Oct/2005:10:26:17 -0300] conn=1407 op=4 msgId=5 - SRCH base="uid=dede1,ou=people,o=terra.net.lb,o=isp" scope=0 filter="(objectClass=*)" attrs="cn cn;lang-en givenName givenName;lang-en mail mailAlternateAddress mailAutoReplyMode mailAutoReplySubject mailAutoReplySubject;lang-en mailAutoReplyText mailAutoReplyText;lang-en mailAutoReplyTextInternal mailAutoReplyTextInternal;lang-en mailAutoReplyTimeout mailDeliveryOption mailForwardingAddress mailQuota mailMsgQuota preferredLanguage sn sn;lang-en uid vacationEndDate vacationStartDate mailHost mailSieveRuleSource sunUCDateFormat sunUCDateDelimiter sunUCTimeFormat nswmExtendedUserPrefs"
    [04/Oct/2005:10:26:17 -0300] conn=1407 op=4 msgId=5 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=-1 msgId=-1 - fd=42 slot=42 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=1 msgId=2 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(|(cn=*)(ou=*))" attrs=ALL
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=1 msgId=2 - RESULT err=0 tag=101 nentries=2 etime=0
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=2 msgId=3 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(|(objectClass=pab)(objectClass=pabgroup))" attrs=ALL
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=3 msgId=4 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(memberOfPAB=AddressBookabbe53c)" attrs="un cn sn givenName mail description telephoneNumber homePhone memberOfPAB memberOfPABGroup objectClass"
    [04/Oct/2005:10:26:18 -0300] conn=1410 op=3 msgId=4 - RESULT err=0 tag=101 nentries=0 etime=0
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=-1 msgId=-1 - fd=49 slot=49 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=1 msgId=2 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=terra.net.lb)(sunPreferredDomain=terra.net.lb)))" attrs=ALL
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=2 msgId=3 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(|([email protected])([email protected])([email protected]))" attrs="preferredLanguage mail mailEquivalentAddress"
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=3 msgId=4 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(|([email protected])([email protected])([email protected]))" attrs="objectClass inetUserStatus mailUserStatus inetMailGroupStatus uid preferredLanguage mailRoutingAddress mailDeliveryOption mail mailAlternateAddress mailEquivalentAddress vacationStartDate vacationEndDate mailConversionTag mailMsgMaxBlocks mailHost mailQuota mailMsgQuota mailProgramDeliveryInfo mailDeliveryFileURL maildeliveryfile mailAutoReplyMode mailAutoReplySubject mailAutoReplyText mailAutoReplyTextInternal mailAutoReplyTimeout mailSieveRuleSource mailForwardingAddress mailDeferProcessing mgrpMsgRejectAction mgrprejecttext mgrpMsgRejectText mgrpBroadcasterPolicy mgrpDisallowedBroadcaster mgrpAllowedBroadcaster mgrpDisallowedDomain mgrpAllowedDomain mgrpMsgMaxsize mgrpAuthPassword mgrpModerator mgrpDeliverTo memberURL uniqueMember mgrpRFC822MailMember rfc822mailmember mgrpErrorsTo mgrpAddHeader mgrpRemoveHeader mgrpMsgPrefixText mgrpMsgSuffixText mgmanMemberVisibility expandable"
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=3 msgId=4 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:26:47 -0300] conn=1411 op=4 msgId=5 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=ims-ms-daemon)(sunPreferredDomain=ims-ms-daemon)))" attrs=ALL
    [04/Oct/2005:10:26:48 -0300] conn=1411 op=4 msgId=5 - RESULT err=0 tag=101 nentries=0 etime=1
    [04/Oct/2005:10:26:48 -0300] conn=1412 op=-1 msgId=-1 - fd=50 slot=50 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:26:48 -0300] conn=1412 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
    [04/Oct/2005:10:26:48 -0300] conn=1412 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:26:48 -0300] conn=1412 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    [04/Oct/2005:10:26:48 -0300] conn=1412 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:32:56 -0300] conn=1415 op=-1 msgId=-1 - closing - T1
    [04/Oct/2005:10:32:56 -0300] conn=1415 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=0 msgId=1 - BIND dn="cn=admin-serv-marmara, cn=Administration Server, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=3
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=1 msgId=2 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=1 msgId=2 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=2 msgId=3 - UNBIND
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=2 msgId=-1 - closing - U1
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:32:56 -0300] conn=1418 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=1 msgId=2 - SRCH base="cn=statusping,cn=operation,cn=tasks,cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=0 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=2 msgId=3 - SRCH base="cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=2 msgId=3 - RESULT err=0 tag=101 nentries=22 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=3 msgId=4 - SRCH base="cn=slapd-marmara,cn=sun one directory server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=3 msgId=4 - RESULT err=0 tag=101 nentries=9 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=4 msgId=5 - SRCH base="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=4 msgId=5 - RESULT err=0 tag=101 nentries=16 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=5 msgId=6 - SRCH base="cn=sun one directory server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=5 msgId=6 - RESULT err=0 tag=101 nentries=13 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=6 msgId=7 - SRCH base="cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=6 msgId=7 - RESULT err=0 tag=101 nentries=22 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=7 msgId=8 - SRCH base="cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=7 msgId=8 - RESULT err=0 tag=101 nentries=17 etime=0
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=8 msgId=9 - UNBIND
    [04/Oct/2005:10:32:56 -0300] conn=1419 op=8 msgId=-1 - closing - U1
    [04/Oct/2005:10:32:57 -0300] conn=1419 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:33:02 -0300] conn=1420 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:33:02 -0300] conn=1420 op=0 msgId=143 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:33:02 -0300] conn=1420 op=0 msgId=143 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:35:00 -0300] conn=1420 op=-1 msgId=-1 - closing - T1
    [04/Oct/2005:10:35:00 -0300] conn=1420 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=2 msgId=3 - UNBIND
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=2 msgId=-1 - closing - U1
    [04/Oct/2005:10:35:00 -0300] conn=1422 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - closing - B1
    [04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:35:02 -0300] conn=1423 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:35:02 -0300] conn=1423 op=0 msgId=144 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:35:02 -0300] conn=1423 op=0 msgId=144 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 127.0.0.1 to 127.0.0.1
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=1 msgId=3 - UNBIND
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=1 msgId=-1 - closing - U1
    [04/Oct/2005:10:35:31 -0300] conn=1424 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.21 to 212.98.130.20
    [04/Oct/2005:10:37:05 -0300] conn=1423 op=-1 msgId=-1 - closing - T1
    [04/Oct/2005:10:37:05 -0300] conn=1423 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=coral.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.21 to 212.98.130.20
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=coral.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=2 msgId=3 - UNBIND
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=2 msgId=-1 - closing - U1
    [04/Oct/2005:10:37:05 -0300] conn=1426 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - closing - B1
    [04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - closed.
    [04/Oct/2005:10:37:17 -0300] conn=1427 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
    [04/Oct/2005:10:37:17 -0300] conn=1427 op=0 msgId=145 - BIND dn="cn=Directory Manager" method=128 version=3
    [04/Oct/2005:10:37:17 -0300] conn=1427 op=0 msgId=145 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    This log was generated when the message was sent and recieved.
    Thanks for the help.

  • How to get account expiry date for Oracle Directory Server?

    I need to get the account expiry date for Oracle Directory server. Which attribute stores this value? Please let me also know the attribute type and how to fetch it.
    Thanks,
    Subrat

    Hello,
    Yes you can use nsAccountLock directly (When nsAccountLock=true, the object is inactivated and the user cannot log in)
    This is documented in Modifying Directory Server’s NsAccountLockAttribute Directly (Sun Java System Directory Server Enterprise Edition 6.2 In…  (release number is old but it does not matter, Thats the first one Ive found)
    You can also use dsutil account-inactivate as described in dsutil - 11g Release 1 (11.1.1.7.0)
    Sylvain
    Please mark this response as correct or helpful when appropriate to make it easier for others to find it

  • Ldif2db virtual memory error Directory Server enterprise 6

    Hello,
    I installed directory server ee 6 on a Solaris 10 sparc machine, 8 gigs of ram. This is a testing environment. The installation, startup, and tools, like dcc/webconsole all work fine.
    I created a new DS instance.
    Next I copied a 5.2 instance from an older testing server, and ran the dsmig utility on it, directing the utility to migrate the 5.2 instance to the new instance of 6.0 that I had created.
    All parts of the migration worked except the data import. So I tried manually doing an export from 5.2 to ldif, then an import into 6.0. I received this error:
    root@WEB_ZONE_vmpwd1# ./ldif2db -n userRoot -i /vmpwd1_d_p01/portal/userRoot.ldif
    importing data ...
    [08/Aug/2008:09:01:01 -0700] - Waiting for 6 database threads to stop
    [08/Aug/2008:09:01:02 -0700] - All database threads now stopped
    [08/Aug/2008:09:01:03 -0700] - import userRoot: Index buffering enabled with bucket size 9
    [08/Aug/2008:09:01:03 -0700] - import userRoot: Beginning import job...
    [08/Aug/2008:09:01:03 -0700] - import userRoot: Processing file "/vmpwd1_d_p01/portal/userRoot.ldif"
    [08/Aug/2008:09:01:03 -0700] - ERROR<5132> - Resource Limit - conn=-1 op=-1 msgId=-1 - Memory allocation error realloc of 100 bytes failed; errno 0
    The server has probably allocated all available virtual memory. To solve this problem, make more virtual memory available to your server, or reduce the size of the server's `Maximum Entries in Cache' (cachesize) or `Maximum DB Cache Size' (dbcachesize) parameters.
    can't recover; calling exit(1)
    Any ideas?
    The only forums posts I could find about this message pertained to DS 5.2 and were written in 2004.
    There is nothing running on the server except DS 6 and its tools.

    Update:
    Well, I tried something different. I created a new 6.0 instance, and then migrated just the schema and tried and ldif2db of 5.2 data into the 6.0 instance. That failed because it did not have the suffixes setup.
    So I tried a migrate-data, and it created the suffixes and imported the data into 6.0.
    While I am still curious what could have caused the error above, my immediate problem of getting 5.2 data into a 6.0 instance is take care of.

  • Activity on my DIRECTORY Server

    Hello
    I use SUNONE Directory server for authentication with COGNOS product.
    I would like to know the activity on my Directory server especially who accessing to the server (ip ? host ? name ? application ? ....
    On the admin console, in log item, we have actived 3 files "access", "audit" "error" but information is very simple
    Are there any way to log detailed information ?
    Are there any log level ?
    Thanks in advance.

    Detailed information can be obtained in access log. You can configure some properties regarding access log in DSCC or dsconf.
    There you'll see the IP addresses of the clients. You also might take a look on the logconv tool included in the product.
    Given the fact that you're using a product that uses LDAP, I infer that your main client would be your product and the final actual clients would connect to the product itself, not directly to ldap, therefore you'll see in the logs only activity of the cognos app.
    Regards

  • User base Synchronization between SAP and MS Active Directory Server

    Dear all!
    I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
    i successfully implemented the synchronization of user data between SAP and the ADS.
    My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
    Currently I don't have a clue how to do this.
    Regards,
    Christoph

    Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
    The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
    Regards,
    Marc g

  • Store Print & File Server on iPlanet Directory Server?

    I've a NT 4.0 server which I'm using as both a Print & File Server. Would I be able to use iPlanet Directory Server to do the same thing?
    If I can, please explain how? or direct me to where I can know how?
    If it can't be done, is there any other way(s) I can do it?
    Thanks!

    I don't understand. iDS is not a file and print server, it is a user data and user authentication server. Do you want to use iDS for your user authentication for file and print services instead of NT 4 domains? I don't think this is possible. What is possible is using iDS as your primary data store, and using iPlanet Meta Directory to sync changes from iDS to the NT 4 domain.

  • Installation Error with iPlanet Directory Server 5.1 SP1 and Windows 2000

    Hello,
    I'm having real trouble getting iPlanet Directory Server installed on a Windows 200 Server machine. Every time I install it, no matter what options I choose, I get this series of popup boxes at the end:
    - Setup is unable to store configuration data in the LDAP directory
    - Unable to create Administration Server configuration
    - Could not authenticate ldap connection, "Unknown error"
    - Unable to set ACI in Configuration Directory Server
    But searching on this forum, I have found a lot of post. I have tested the different solution proposed :
    * Add on the host file the short name and the long name of my machine with it's IP adress
    * When the installation process crash, uninstall the software, reboot the machine and then restart the installation
    With all this solution, the problem is always here.
    Could you help me ?
    Boris MANCHETTE

    Are you using Terminal Services. iPlanet DS will not install properly over Terminal Services. You have to install from the direct attached console.
    Ted

  • Sun Directory Server Password Policy Problems

    Hi,
    I am using Sun Directory Server and Sun AM (2005Q1).
    We are using SUN DS to configure the password policy to expire user passwords after 30 days.
    Also, the warning has been set to "one day before expiry". However, when the warning IS displayed to the user and the user changes his/her password on display of the warning, even though the user's password expiration timestamp attribute contains a new timestamp (which is 30 days hence the date of change), on next login user is AGAIN thrown the warning that his/her password will expire in "HH hours: MM mins".
    I do not understand what needs to be done to fix this. Any help would be appreciated.

    How is the user authenticated ? Through Access Manager or directly to the Directory Server ?
    Access Manager can be configured to handle Password expiration, and so can Directory Server. I would advise you to check which system is actually throwing the warning.
    Regards,
    Ludovic

  • Sun Directory Server as Primary Domain Controller.

    Hello,
    I've recently installed Sun Directory Server, Access Manager, and DSEE Identity Manager, on CentOS 5.2, with success, but my question is:
    Can I use this directory as a primary domain controller for my network, I want to know if it is possible to integrate this directory in the same way that Active Directory works, I mean connecting Windows computers to the DC with some kind of connector (because windows won't connect to another directory than AD natively). I know that there are some MSGina replacements, like pgina, but I'm looking for some serious solution, especially for computers running Windows Vista.
    Thanks in advance.

    Hi,
    thanks for your answer, but.. there is a way to configure the DSEE to be like a native 2000/2003 Active Directory?, I mean, connecting directly to the DSEE without using Samba, I know that is possible to use that solution, but you lose some functionality.
    I've been trying to do some research about the topic, like modifying the bind DNS to act like a AD DNS, and it works at a certain grade, windows xp detects the SVR records but when it tries to connect to the directory it fails giving me an error telling that the DC isn't available. It will be great to make such environment, Windows XP / Vista connected to DSEE without third party software.
    Any comment would be greatly appreciated.
    Thanks.

  • Synchronization between AD and Sun Java Directory Server

    I would like to build an environment as below, kindly let me know whether it is possible or not.
    My Enterprise Directory is Active Directory and i have Policy Server which directs the sso users to get authenticated with that server. I would like to synchronize the user data from Active Directory to Sun Java Directory Server (existing version is 5.2 Service Pack 4) including the passwords and i would like to know with which hashing algorithm these passwords are stored in the sun directory server. Because i want to synchronize the same attributes from sun java directory server to Oracle Internet Directory and is it possible to get my sso users to get authenticated at OID even?
    Kindly let me know whether this approach is feasible or not?
    Any suggestion to this approach is greatly appreciated...
    Thanks in advance...
    Regards,
    Kishore Repakula.

    i would like to know with which hashing algorithm these
    passwords are stored in the sun directory server.Like most other directory servers, SunDS offers a few choices here.
    The most secure is SSHA, which you'd probably want to use unless you have apps with dependencies on other hashes (e.g., CRYPT for backward compatibility with UNIX password field).
    I would like to synchronize the user data from Active Directory
    to Sun Java Directory Server (existing version is 5.2
    Service Pack 4) including the passwords...Sun has a "Identity Synchronization for Windows" product which might work for you.
    http://www.sun.com/software/products/directory_srvr_ee/identity_synch/
    Unfortunately, the big trick with AD passwords is that they are stored in a proprietary one-way hash, so you can't just sync them directly over to another directory. Likewise, you can't import password hashes from other sources into AD and expect them to work.

  • Sun java directory server and Active Directory

    We are using two different directory servers Sun java directory server and active directory.
    My question is how we can have password synchronization between these two directory servers.
    I have checked Sun Java[TM] System Identity Synchronization for Windows 1 2004Q3
    http://www.sun.com/download/products.xml?id=41537425
    It seems that it's supported platforms is only for solaris and windows , but I have installed my Sun java directory server on linux and obviously it doesn't work for me.
    I would be grateful if anyone can suggest a solution to work around this situation.
    I have checked identity manager , I would like to know that if I can do this using this product.
    http://www.sun.com/software/products/identity_mgr/specs.jsp
    --regards.
    Sara

    Yes RHEL 4 is a supported OS with DSEE 6.0.
    Identity Synchronization for Windows is a part of DSEE that allows synchronization of users, passwords and groups between Sun Directory Server and Active Directory bi-directionally without altering the users environments, ie it does not require that users change their current habits.
    Identity Manager is a complete identity management solution that is targetting enterprise work flow when it comes to user provisioning and de-provisioning, but also allows to build authentication and password change forms that will provision the passwords to many different systems including Sun Directory Server and Active Directory but also IBM mainframes, legacy applications, databases...
    If you are implementing a complete identity management solution, then go with Identity Manager. If you need a lightweight and fast solution for just synchronizing users and passwords between Sun DS and MS AD, Identity Synchronization for Windows should be your choice.
    Regards,
    Ludovic.

  • Are there any known issues concerning using DIGEST-MD5 SASL authentication with iPlanet Directory Server 5.0 on Windows NT 4.0?

    I am developing support for the DIGEST-MD5 sasl mechnism on a c-ldap client. I am using the evaluation version of the iPlanet Directory Server 5.0 which lists DIGEST-MD5 as a supported SASL mechanism. The server is running on NT 4.0 After installing the Directory Server with the test database, a changed the passwordStorageScheme from the default of SSHA to clear text. I then added my test user. When I run my test I always get back a resultCode of 49 (invalidCredentials). The digest-challenge I receive from the server and my digest-response are shown below. I have satisfied myself that the calculation of the response directive in the digest response is correct. Does anyone see any problems in the digest response or have any other suggestions? Is there a known problem with the iPlanet Directory Server 5.0?
    digest-challenge:
    realm="BGB2.ndp.provo.novell.com",nonce="Ed8UPLXsWaC6CN",qop="auth",algorithm=md5-sess,charset=utf-8
    digest-response:
    username="uid=bgbrown,ou=people,dc=siroe,dc=com",realm="BGB2.ndp.provo.novell.com",cnonce="A9IuPJKr30RiwL",nc=00000001,qop=auth,digest-uri="ldap/BGB2.ndp.provo.novell.com",response=97061205298e5ebaf206c8ac3598fdce,charset=utf-8,nonce="Ed8UPLXsWaC6CN"

    Found the answer. When the username is an LDAP DN it needs to be proceeded by "dn:".
    example: username="dn:uid=bgbrown,ou=people,dc=siroe,dc=com"
    The server also accepts a simple uid value.
    example: username="bgbrown"

  • Subtree replication in Directory Server 5

    Hi,
    I previously posted this question in the netscape.server.directory
    newsgroup because I didn't know this one existed! (The link on the
    iplanet web page points to the
    netscape newsgroup)
    The administrator's guide for iplanet Directory Server 5 states that
    "the smallest unit of replication is the database".
    Our previous implementation of replication using DS 4.x replicates
    subtrees.
    Does anyone know if iPlanet is going to restore this feature in further
    versions or why they do not support it anymore?
    Thanks!
    Buzz

    Anyone wanting to control what part of the DIT, and what attributes of each
    object are synced, may want to take a look at SimpleSync from CPS Systems
    www.cps-systems.com
    This product lets you select what part(s) of the directory to sync, or which
    parts to exclude. It also lets you determine what attributes get synced.
    Further, it treats all directories as peers, so you can sync in one or both
    directions. Lastly, it syncs at the attribute level so is not schema
    dependent.
    In addition to iPlanet, SimpleSync synchronizes Active Directory/Exchange
    2000 Forests, Exchange 5.5 Organizations, Lotus Notes/Domino.
    Cheers,
    Jerry
    "Rosanne Gillis" <[email protected]> wrote in message
    news:[email protected]..
    Hi,
    I previously posted this question in the netscape.server.directory
    newsgroup because I didn't know this one existed! (The link on the
    iplanet web page points to the
    netscape newsgroup)
    The administrator's guide for iplanet Directory Server 5 states that
    "the smallest unit of replication is the database".
    Our previous implementation of replication using DS 4.x replicates
    subtrees.
    Does anyone know if iPlanet is going to restore this feature in further
    versions or why they do not support it anymore?
    Thanks!
    Buzz

  • JAAS LoginModule for SunOne Directory Server?

    I have a customer who is using SunOne Directory Server for LDAP.
    I have test code that uses the JAAS's com.sun.security.auth.module.JndiLoginModule to do authentication against an OpenLDAP test server.
    The test code won't work at the customer site because they need to use a special userid/pw along with the subject userid/pw in order to do an authentication. I assume this is LDAP v3 stuff, but the customer is unsure. Unfortunately I have no direct access to the customer's LDAP admin folk. Typical bureaucracy stuff.
    The customer was able to write java code that authenticates to his LDAP server using example code from http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html which uses the JNDI API and specifies the access userid/pw using Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS.
    So thats great, however my application uses JAAS, and therfore only indirectly uses JNDI. The JndiLoginModule provided by JAAS does not appear to support the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS parameters.
    A custom JAAS LoginModule could be written which interfaces to the JNDI LDAP stuff, however considering that JAAS and the SunOne Directory server are both Sun products, I thought perhaps SunOne Directory comes with a JAAS compatible LoginModule that my customer does not know about? I've looked at online docs, but haven't found any such thing yet.

    Hey dav,
    Sorry that I am not posting to give you a solution - it is more to ask for some guidance.
    I am implementing a client-server arch system which has a lot of 'privileged' actions to be managed. I have thus succesfully integrated the basics of JAAS in to the system... but I am now desparately looking for away to have client-side policies distributed at runtime from the server.
    I do not want to get involved with any web/application server stuff more than I need to; unfortunately one of the system requirements is for client-server comms to be facilitated by SOAP over HTTP, and thus probably JAX-RPC - but it is no problem. I have a developed a database backed Policy and (JAAS) Config which constitute parts of the server component. Now it is just a case of getting the policy to the client at client start-up and subsequently the configuration forJAAS authentication. The aim is that this data will be transfered once during login, and anytime that the the policy is requested to be refreshed.
    Since reading you post, I'm wondering what services LDAP or JNDI can offer me?
    Also, is JNDI an appropriate option for data persistence? is it better to go with JDO or some other object store abstraction.
    Kind regards,
    Darren B

Maybe you are looking for