DNS configuration and JNDI performance
Could DNS configuration affect JNDI lookup performance (I guess it
could)? Are there any tips & tricks on how to configure DNS properly
for the JNDI lookup usage?
Thanx for any answer
Wojtek
Since most naming services cache lookups on the client side, this should only
affect the first lookup. Using an IP address would eliminate the need for a DNS
lookup.
Mike
Wojciech Ozimek <[email protected]> wrote:
Could DNS configuration affect JNDI lookup performance (I guess it
could)? Are there any tips & tricks on how to configure DNS properly
for the JNDI lookup usage?
Thanx for any answer
Wojtek
Similar Messages
-
DNS configuration for web access
Hi All,
I'm setting up a SL server for the first time and it's working great for users inside our building and on our network, but we're unable to access anything on it through the web (including a basic homepage) and I think it has to do with our DNS setup. We've got the domain tgroupproductions.com through goDaddy and I've set up the ns1 and ns2 info in the host summary pointing to my public ip 216.3.118.152 and added both ns1.tgroupproductions.com and ns2.tgroupproductions.com to the goDaddy nameserv list.
I've attached images of my dns configuration and of the intodns.com scan results. I just want to double check to make sure I'm setup correctly. It's possible I just haven't waited long enough for the changes to take effect
DNS Setting: https://files.me.com...ek.klein/mp3enf
Intodns.com: https://files.me.com...ek.klein/d33nltSorry about the images...don't know why they are working. I'll embed them at the bottom of this post.
As for why I'm not using GoDaddy...I have no problem using them as a public dns (meaning I'd have to change the nameservs back to the ns17.domaincontrol.com and ns18 nameservs?) but the site wasn't functioning with those in place so we tried to set up our own internal dns. I had followed a tutorial at http://osx411.com/index.php?/topic/19-using-mac-os-x-server-to-host-websites-fro m-home/ but either I'm misunderstanding or I missed something.
Here are the images:
Message was edited by: fkick1 -
Mail server and DNS configuration
I have an XServe G4 running Mac OS X 10.4 Tiger Server, and I have successfully configured two domains that I purchased from GoDaddy as websites on this XServe. It's behind an Airport Extreme, and I have forwarded a bunch of ports in order to enable FTP, SSH, Web, remote Server Administration, webmail, and I have also forwarded the IMAP and SMTP ports. All of these services work except for email, so I am wondering if there is any special DNS settings that I need to configure in the GoDaddy total dns configuration page. I have the MX record pointed directly to my IP, just like the A record. I also have mail.mydomain.com pointed to the A record's IP (maybe I described that poorly, but I hope it gets the point across). I am able to log into webmail and send email out to other people, but when I try replying back to the email which I sent from webmail, I get a bounced message. I also cannot configure a Mail client, but I think I need to get the accounts at least working first. Can someone provide a list of DNS requirements or server configuration requirements for me to check off in order to make this happen? Does anyone know of any great resources to learn this kind of stuff? I'm kinda new to the server thing.
Thanks!
Paulpostconf -n results:
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
html_directory = no
inet_interfaces = localhost
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname,localhost.$mydomain,localhost,rubenkalath.com
mydomain = rubenkalath.com
mydomain_fallback = localhost
myhostname = mail.rubenkalath.com
mynetworks = 127.0.0.0/8
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdtls_certfile = /etc/certificates/Default.crt
smtpdtls_keyfile = /etc/certificates/Default.key
smtpdusetls = no
unknownlocal_recipient_rejectcode = 550
virtualmailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp
ps U _postfix results:
ps: _postfix: no such user
tail -20 /var/log/mail.log results:
May 15 15:55:27 sincity postfix/cleanup[1257]: 765DC4517A: message-id=<[email protected]>
May 15 15:55:27 sincity postfix/qmgr[1239]: 765DC4517A: from=<[email protected]>, size=881, nrcpt=1 (queue active)
May 15 15:55:27 sincity postfix/smtpd[1254]: disconnect from localhost[127.0.0.1]
May 15 15:55:27 sincity postfix/pipe[1259]: 765DC4517A: to=<[email protected]>, relay=cyrus, delay=0, status=sent (mail.rubenkalath.com)
May 15 15:55:27 sincity postfix/qmgr[1239]: 765DC4517A: removed
May 15 15:58:09 sincity postfix/smtpd[1338]: connect from localhost[127.0.0.1]
May 15 15:58:13 sincity postfix/smtpd[1338]: lost connection after CONNECT from localhost[127.0.0.1]
May 15 15:58:13 sincity postfix/smtpd[1338]: disconnect from localhost[127.0.0.1]
May 15 16:06:09 sincity postfix/postfix-script: refreshing the Postfix mail system
May 15 16:06:09 sincity postfix/master[590]: reload configuration
May 15 16:12:48 sincity postfix/smtpd[1709]: connect from localhost[127.0.0.1]
May 15 16:12:54 sincity postfix/smtpd[1709]: lost connection after CONNECT from localhost[127.0.0.1]
May 15 16:12:54 sincity postfix/smtpd[1709]: disconnect from localhost[127.0.0.1]
May 15 16:28:58 sincity postfix/smtpd[2068]: connect from localhost[127.0.0.1]
May 15 16:28:58 sincity postfix/smtpd[2068]: 1FA354537C: client=localhost[127.0.0.1]
May 15 16:28:58 sincity postfix/cleanup[2071]: 1FA354537C: message-id=<[email protected]>
May 15 16:28:58 sincity postfix/qmgr[1530]: 1FA354537C: from=<[email protected]>, size=776, nrcpt=1 (queue active)
May 15 16:28:58 sincity postfix/smtpd[2068]: disconnect from localhost[127.0.0.1]
May 15 16:29:02 sincity postfix/smtp[2072]: 1FA354537C: to=<[email protected]>, relay=mercury.gatech.edu[130.207.192.26], delay=4, status=sent (250 Ok: queued as 67542CDF86) -
DNS server configuration and behaivour
Hi all,
I'm looking for detail explanations which can explain how Mac OS X 10.6 *DNS client* works and may be configured.
According to http://discussions.apple.com/thread.jspa?threadID=2227251 nothing is not guaranteed like order and failover.
According to http://support.apple.com/kb/HT4030 failover will take affect when DNS server returns with SERV_FAIL (0x2) error code. What about NXDOMAIN (0x3) error code (which is more interesting scenario)?
What I'm looking for DNS client?
I'm looking for several DNS servers configuration which allow to split DNS domains for several areas. This, for example, may be very useful for VPN connections when VPN DNS server will resolve internal resource and another server (configured before VPN tunnel established) will resolve external resources.
Is there any possible configuration to achieve this requirement for Mac OS?
Thanks in advance,
Oleg.Thanks Felix for quick response.
In your scenario:
1. You configured to different DNS servers and probably only one of them replied to DNS queries. And this is OK.
2. When non valid IP configured means that DNS server will not reply to DNS query and than failover will query the second DNS server in the list. And this is also OK.
I'm looking 2 different DNS servers configuration when one of them will reply to different domains. For example:
First server will reply to *.mycompany.com.
The second one will reply to any query except mycompany.com domain(since it is not published).
Thanks again,
Oleg. -
Script to perform post server build configurations and validate settings
Hello!
I would like to create a script that can set numerous Windows server settings and validate that they are indeed set correctly, based on a predefined list of settings.
For example: A third party company deploys servers from templates. I am tasked with going through the build and verifying certain configurations and settings are set, based on my company's build request. Depending on where the server resides (physically)
it will get specific settings.
Is there a way to script making the correct changes and also display a validation report that all the settings/attributes that were changed, meet the expected value?
Settings like dns settings, netbios, pagefile size/location, Terminal Server host settings(session limits etc), local admin accounts, windows features, bginfo, drive letters, drive sizes, installed ram, number of cpu cores, date/timezone, and the list goes
on. I currently run a few batch files to make the changes, but I'm still required to check that the settings are correct. It would be nice to have all the batch files rolled into a script that makes changes and then runs a validation test against
those changes. Or at the least, make changes and display all of the current values/settings so I can validate they are the correct ones.
I have little scripting/powershell experience. I could use some assistance to get me going in the right direction.Here's some intro information that should give you a place to start pulling threads:
http://blogs.technet.com/b/heyscriptingguy/archive/2014/03/09/weekend-scripter-intro-to-powershell-4-0-desired-state-configuration.aspx
Don't retire TechNet! -
(Don't give up yet - 13,225+ strong and growing) -
How to Configure bootpd to Perform Dynamic DNS Updates
I have been able to get bootpd configured to function as a basic DHCP server. I would now like to configure it to dynamically update DNS forward and reverse zones when leases are assigned, released, or expired.
Does anyone have an example of a bootpd.plist file to configure bootpd for dynamic DNS updates?Hi,
I am not sure what you are attempting to configure here.
But what the NAT configuration above does is do a Dynamic PAT for all the servers on the "firewall-dmz" to a single IP address towards the "firewall-outbound"
This Dynamic translation doesnt however enable connections to be initiated from behind the "firewall-outbound" interface. When your hosting a server which needs a NAT towards the users then the NAT type has to be Static NAT or Static PAT.
Static NAT will essentially use up one public IP address for just the single local host/server.
Static PAT will do a Port Forward from the public IP address and public port to the local IP and local port. And this is most commonly used with environments which only public IP address is the one that the ASA holds in its WAN interface.
A typical Static NAT configuration is this
static (inside,outside) 1.1.1.1 10.10.10.10 netmask 255.255.255.255
Where
inside = is the interface behind which the host is
outside = is the interface towards which the host is NATed
1.1.1.1 = is the public NAT IP address for the host
10.10.10.10 = is the local IP address of the host
A typical Static PAT configuration is this
static (inside,outside) tcp interface 80 10.10.10.10 80 netmask 255.255.255.255
Where
tcp = specifies the protocol for which the Static PAT configured
interface = specifies that we will be using the public IP address of the destination interface "outside" as the public IP address for this single Port Forward.
80 = first "80" specifies the public port visible to users behind the destination interface
80 = second "80" specifies the actual local port on which the local host is listening on
Hope this helps
- Jouni -
Hi there,
My Mac OS X Server 8.2 got buggered after I did the following steps:
Wiped Profile manager using "/Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeD B.sh"
Clicking the Off button in the Profile Manager section of the Server.app
Clicking the On button of the same
Clicking on asks if I want to create a new directory master, but I know that one already exists. Trying to continue confirms this. So, I go and destroy it to start again, but afterward, I get the following error when trying to create the directory master:
I've done this enough times while watching the system log to see the actual error thrown, which is:
Nov 12 22:01:24 srv.domain.com Server[279]: An error occurred while configuring srv as a directory server:
Error Domain=XSActionErrorDomain Code=-1 "A child action failed" UserInfo=0x7fee9516c0f0 {XSActionErrorActionsKey=(
"Creating Open Directory master"
), NSLocalizedDescription=A child action failed}
I have Googled the above and have discovered only a few entries here in these Apple communities, but have found no joy.
Here's a similar threads:
https://discussions.apple.com/message/19237429#19237429
Interestingly/confusingly, this server has been working just fine as a domain master using different domain names (on separate occasions/setups). It was only after having clicked the OFF button in Profile Manager (after a wipe) that things stopped working.
I could rebuild this server, as I have a backup image of it that I can restore, but I'd rather find out what's broken and fix it so as to hopefully be able to fix it if/when this ever happens to me again, learning something in the process.
That said, I perform the following steps prior to running the Open Directory setup on a the server to try and clean it up as best possible.
Clean up steps:
Delete the DNS zone (and all entries).
Turn off all server services
Delete all file server sharepoints
Change the host name at Hardware => SRV => Network tab. This runs the Change Host Name program.
Close Server.app
Throw Server.app in the trash / Empty trash (I've also just trashed and put back with same result)
Delete the /Library/Server directory
Clear and recreate System keychain using "systemkeychain -vfcC" to clear out all the certs related to old host name.
Delete all the entries in the Login keychain
Reboot (probably don't have to)
Re-download and install Server.app
Run Server.app, which actually retains some settings from the last setup, though I don't know where to clean those.
After Server setup, confirm that the host name from step 4 is what I want.
Running "changeip -checkhostname" shows "Success". I'm using an Internet domain name so pinging the "internal" zone (srv.domain.com) resolves with the correct internal IP, and pinging the "external" zone resolves to the correct external address on the Internet.
It would seem like I'm all good to go, but when I try to turn on Open Directory and go through the setup prompts, I get the same "Confirm Settings" error as above.
The *only* way that I've come close to "fixing" this is to cancel out of the Profile Manager. Then, go destroy the open directory that already exists. Then create the domain via the Profile Manager enabling process. At present, this only seems work to for a "private" domain. Neither of the two Internet domain names that I've used successfully in the past work with this (or any) method.
Any advice or clues you can throw my way would be most appreciated.
Thanks,
KimHad the same problem found the answer here:
https://discussions.apple.com/thread/3264944?start=0&tstart=0 -
So my airport extreme recently had some nat/dns issue and in the airport utility displayed a warning about it and to correct it. I wasn't sure what to do so i pressed the resolve icon and now my guest network is not working.
Anytime you change networking hardware, it is always a good idea to perform a complete power recycle of your networking components.
I would recommend that you do the following as a minimum:
Power-down the modem, AirPort base station, and computer(s).
Disconnect the AirPort base station from the Internet broadband modem.
While all of the devices are powered-down, perform a "factory default" reset on the base station. This will get it back to its "out-of-the-box" configuration and make setting it up much easier, especially if you use the "Assist me" process within the AirPort Utility. (ref: Resetting an AirPort Base Station or Time Capsule)
After the base station resets, go ahead and power it back down.
Reconnect the AirPort base station to the Internet broadband modem. For the Extreme and Time Capsule, be sure to connect the cable to the base station's WAN (circle-of-dots) port.
Power-up the modem; wait at least 10-15 minutes to allow it adequate time to initialize.
Power-up the AirPort base station; wait at least 5-10 minutes. Note: The AirPort's status light may continue to flash amber after it has intialized. That is because, there may be some additional configuration items necessary, like setting up wireless security, before the overall setup is completed to get a green status.
Power-up your computer(s).
In this basic configuration, the AirPort base station will broadcast an unsecured wireless network with a Network Name (SSID) of Apple Network NNNNNN. Network clients, connected to the base station either by wire or wireless, should now be able to access the Internet through the ISP's modem. Once Internet connectivity has been verified, you can use the AirPort Utility to configure the base station for wireless security and any other desired options. Please post back your results. -
Dynamic DNS issues and/or confusion
I work for a small university. We have two domain controllers running on Windows 2008 (not R2). On dc2 we have a DHCP server running serving several VLANs across campus. We've been having issues where the dynamic DNS entries contain an
incorrect IP address for several machines. In some cases there are even several entries for a single machine. I've notice two main issues by looking at the DNS server. First, old entries aren't being cleaned up. Second, after re-imaging
a workstation the DNS entry for that machine is not being updated. After doing some research I came across the blog entry from Ace Fekay on how to go about setting up dynamic DNS. I immediately determined from reading that scavenging was not setup
properly on our server. I think I've corrected that problem, but I'll have to be patient and see what happens over time. This brings me to the issue of machines not adding themselves or updating their records in DNS.
After reading Ace's blog I decided to follow his recommendations for configuring dynamic DNS. I created a normal active directory user to use for configuring the DHCP credentials (it appears our server was set to use domain administrator previously).
I added the DHCP computer object (this is also one of our domain controllers) to the DnsUpdateProxy group. On the DHCP server I have checked "Enable DNS dynamic updates according to the settings below" along with the "Always A and PTR
records when lease is deleted". I also checked "Dynamically update DNS A and PTR records for DHCP clients that do not request updates...". After doing all of this I rebooted the dc2 server. I then manually deleted all of the
existing dynamic entries on the DNS server, so they could properly be recreated. Now, here is the problem after setting all of this up. I'm now seeing student's personal machines, phones, tablets, etc. being populated in our DNS. Before making
these changes only domain joined machines existed in DNS. Our DNS is configured to allow only secure updates. Why is it that now non domain trusted devices are being allowed to create DNS entries? I was under the assumption that secure updates
meant domain only. Am I not understanding something properly here? Can someone please provide me some insight to what's going on and what I might be able to do to prevent non-domain joined devices from having entries created in DNS?Hi,
According to your description, my understanding is that non domain trusted devices have been registered their DNS entries in DNS which is configured to allow only secure updates.
If a DHCP server that is running on a domain controller is configured to perform dynamic updates on behalf of its clients, that DHCP server is able to take ownership of any record, even in the zones that are configured to allow only secure dynamic update.
This is because a DHCP server runs under the computer account, so if it is installed on a domain controller it has full control over DNS objects stored in the Active Directory.
DHCP server will perform dynamic updates on behalf of its clients when you enable the option "Dynamically update DNS A and PTR records for DHCP clients that do not request updates...", and this means that the “owner” of the DNS entries is
DHCP server, not the clients. And the zone accepts the DHCP server’s update because the server has full permission.
You may try to uncheck the option "Dynamically update DNS A and PTR records for DHCP clients that do not request updates...".
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Hi Eve,
You are correct in your understanding that "non domain trusted devices have been registered their DNS entries in DNS which is configured to allow only secure updates." I also made a mistake in my original post. I meant to say that I also
had "Always dynamically update DNS A and PTR records".
Now back to your reply. Are you saying that if I had my DHCP server running on a non-domain controller that I would be seeing a different behavior in regards to permissions of DNS objects and that I wouldn't be experiencing the behavior of non domain
trusted devices being created in a secure zone? I thought setting the DNS dynamic credentials to a normal user account was supposed to help with security concerns in regards to DNS objects. What would happen if someone named their personal computer
the same name as one of our file servers or even a domain controller? Would the DHCP/DNS server actually have the power to overwrite that record in DNS?
I'll try your recommendation of unchecking the "Dynamically update DNS A and PTR records..." option and see what happens.
Thanks for your reply... -
Problem with OpenLDAP and JNDI
I'm having problem working with OpenLDAP and JNDI.
First I have changed LDAP's slapd.conf file:
suffix "dc=antipodes,dc=com"
rootdn cn=Manager,dc=antipodes,dc=com
directory "C:/Program Files/OpenLDAP/data"
rootpw secret
schemacheck offthan i used code below, to create root context:
package test;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.*;
import java.util.*;
public class MakeRoot {
final static String ldapServerName = "localhost";
final static String rootdn = "cn=Manager,dc=antipodes,dc=com";
final static String rootpass = "secret";
final static String rootContext = "dc=antipodes,dc=com";
public static void main( String[] args ) {
// set up environment to access the server
Properties env = new Properties();
env.put( Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory" );
env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );
try {
// obtain initial directory context using the environment
DirContext ctx = new InitialDirContext( env );
// now, create the root context, which is just a subcontext
// of this initial directory context.
ctx.createSubcontext( rootContext );
} catch ( NameAlreadyBoundException nabe ) {
System.err.println( rootContext + " has already been bound!" );
} catch ( Exception e ) {
System.err.println( e );
}this worked fine, I could see that by using "LDAP Browser/Editor".
and then I tried to create group with code:
package test;
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.ldap.*;
import javax.naming.directory.*;
public class MakeGroup
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String ldapURL = "ldap://127.0.0.1:389";
String groupName = "CN=Evolution,OU=Research,DC=antipodes,DC=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL,ldapURL);
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new group
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass","group");
attrs.put("samAccountName","Evolution");
attrs.put("cn","Evolution");
attrs.put("description","Evolutionary Theorists");
//group types from IAds.h
int ADS_GROUP_TYPE_GLOBAL_GROUP = 0x0002;
int ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 0x0004;
int ADS_GROUP_TYPE_LOCAL_GROUP = 0x0004;
int ADS_GROUP_TYPE_UNIVERSAL_GROUP = 0x0008;
int ADS_GROUP_TYPE_SECURITY_ENABLED = 0x80000000;
attrs.put("groupType",Integer.toString(ADS_GROUP_TYPE_UNIVERSAL_GROUP + ADS_GROUP_TYPE_SECURITY_ENABLED));
// Create the context
Context result = ctx.createSubcontext(groupName, attrs);
System.out.println("Created group: " + groupName);
ctx.close();
catch (NamingException e) {
System.err.println("Problem creating group: " + e);
}got the error code: Problem creating group: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - groupType: attribute type undefined]; remaining name 'CN=Evolution,OU=Research,DC=antipodes,DC=com'
I tried by creating organizational unit "ou=Research" from "LDAP Browser/Editor", and then running the same code -> same error.
also I have tried code for adding users:
package test;
import java.util.Hashtable;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import javax.naming.*;
import javax.net.ssl.*;
import java.io.*;
public class MakeUser
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String userName = "cn=Albert Einstein,ou=Research,dc=antipodes,dc=com";
String groupName = "cn=All Research,ou=Research,dc=antipodes,dc=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:389");
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
//These are the mandatory attributes for a user object
//Note that Win2K3 will automagically create a random
//samAccountName if it is not present. (Win2K does not)
attrs.put("objectClass","user");
attrs.put("samAccountName","AlbertE");
attrs.put("cn","Albert Einstein");
//These are some optional (but useful) attributes
attrs.put("giveName","Albert");
attrs.put("sn","Einstein");
attrs.put("displayName","Albert Einstein");
attrs.put("description","Research Scientist");
attrs.put("userPrincipalName","[email protected]");
attrs.put("mail","[email protected]");
attrs.put("telephoneNumber","999 123 4567");
//some useful constants from lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
//Note that you need to create the user object before you can
//set the password. Therefore as the user is created with no
//password, user AccountControl must be set to the following
//otherwise the Win2K3 password filter will return error 53
//unwilling to perform.
attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE));
// Create the context
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Created disabled account for: " + userName);
//now that we've created the user object, we can set the
//password and change the userAccountControl
//and because password can only be set using SSL/TLS
//lets use StartTLS
StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
tls.negotiate();
//set password is a ldap modfy operation
//and we'll update the userAccountControl
//enabling the acount and force the user to update ther password
//the first time they login
ModificationItem[] mods = new ModificationItem[2];
//Replace the "unicdodePwd" attribute with a new value
//Password must be both Unicode and a quoted string
String newQuotedPassword = "\"Password2000\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
// Perform the update
ctx.modifyAttributes(userName, mods);
System.out.println("Set password & updated userccountControl");
//now add the user to a group.
try {
ModificationItem member[] = new ModificationItem[1];
member[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName));
ctx.modifyAttributes(groupName,member);
System.out.println("Added user to group: " + groupName);
catch (NamingException e) {
System.err.println("Problem adding user to group: " + e);
//Could have put tls.close() prior to the group modification
//but it seems to screw up the connection or context ?
tls.close();
ctx.close();
System.out.println("Successfully created User: " + userName);
catch (NamingException e) {
System.err.println("Problem creating object: " + e);
catch (IOException e) {
System.err.println("Problem creating object: " + e); }
}same error.
I haven't done any chages to any schema manually.
I know I'm missing something crucial but have no idea what. I have tried many other code from tutorials from net, but they are all very similar and throwing the same error I showed above.
thanks in advance for help.I've solved this.
The problem was that all codes were using classes from Microsoft Active Directory, and they are not supported in OpenLDAP (microsoft.schema in OpenLDAP is just for info). Due to this some fields are not the same in equivalent classes ("user" and "person").
so partial code for creating user in root would be:
import java.util.Hashtable;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import javax.naming.*;
import javax.net.ssl.*;
import java.io.*;
public class MakeUser
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String userName = "cn=Albert Einstein,ou=newgroup,dc=antipodes,dc=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:389");
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass","user");
attrs.put("cn","Albert Einstein");
attrs.put("userPassword","Nale");
attrs.put("sn","Einstein");
attrs.put("description","Research Scientist");
attrs.put("telephoneNumber","999 123 4567");
// Create the context
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Successfully created User: " + userName);
catch (NamingException e) {
System.err.println("Problem creating object: " + e);
}hope this will help anyone. -
Hi All
This may be a silly question so please forgive me, I haven't set-up a DNS in a while and I know I have forgotten something simple in my configuration.
I have set up an Xserver 10.5.6 with a fully qualified domain name for example:
mydomain.com
machine name: ho.mydomain.com
For some reason I am unable to access the external hosted web site without www (https://mydomain.com) on the internal network.
From out side I can access the external hosted site with or without www, so my external hosting configuration is correct.
What simple thing have i missed in DNS configuration my configuration?
Primary Domain:
mydomain.com
www. machine (external ip address of web host)
ho machine (server ip address)
Please help, what have I forgotten to do?Hi,
I think you want to replace
www. machine (external ip address of web host)
with
A record mydomain.com -> external IP
This sends an external request outside and comes back in;
that way you can reach either www.mydomain.com or mydomain.com
Ensure you have an alias record in the website setup for the www.
HTH,
Harry -
DNS configuration in two-domain forests
hi all,
We have a forest with two separate domains.First of all we had domain A. When we added the first domain controller for the second domain (B), a trust relationship was established and look fine. but then we realised DNS configuration was not nice and
some replication issues came out.
What we have done is setting up domain B zone as a secondary Zone in domain A, and viceversa.
We configured primary zones to be able to be transferred to the Domain controllers in the other domain and also configured notifications.
Even with this configuration, some times we check zones and find it empty but a single.
Does anyone one if our configuration is the right one for our infrastructure? I have been loking in the internet for a manual or a document regarding DNS configuration for this infrastructure, but I could not find it, Do you know of any manual or document?
Thank you very much
kind regards.
David.Hi David,
First, make sure that the TCP and UDP port 53 is not blocked. To verify it a port is blocked, please use the portqry.
To download portqry, please click the link below,
PortQryUI - User Interface for the PortQry Command Line Port Scanner
http://www.microsoft.com/en-hk/download/details.aspx?id=24009
If the port is not blocked, please check the serial number of the zone in both of the primary and secondary server.
If serial number is the same at both the source and destination servers, no zone transfer occurs between the servers.
To resolve this issue, please follow the steps blow,
After you increase the serial number at the master server to a higher value than is used currently at the secondary server, initiate zone transfer at the secondary server.
Increase the value of the serial number for the zone at the master server (source) to a number greater than the value at the applicable secondary server (destination).
Here is an article about how to troubleshoot zone issues, it may be helpful.
http://technet.microsoft.com/en-us/library/cc731210.aspx
Besides, instead of creating scondary zone, we can add conditional forwarder on the DNS server.
To add conditional forwarder, please refer to the link below,
http://technet.microsoft.com/en-us/library/cc794735(v=WS.10).aspx
Best Regards.
Steven Lee
TechNet Community Support -
Hello all,
I need some feedback regarding a network setup.
A 1800series router is configures as an adsl router.
It also carries 2 ethernet connections.
int f0 is connected to my inside home network.(192.168.0.0/24)
int f1 is connected to a mikrotic router (10.2.101.0/24)
The mikrotic router is actually a gateway to a wireless metropolitan network. The metropolitan network is actually a class A network 10.0.0.0/8
I am having some issues configuring the dns service.
mikrotik router has dns enabled and answers all my queries for the wireless network.
cisco has dns enabled and answers all my normal internet queries.
What i need is by entering only my cisco as a dns server to automatically get responses for both my networks.
is that possible?
If a enter the mikrotik router as a primary dns it works as long as my wireless links are up. If mikrotik wireless links (towards tha wireless community)
go down then all resolving stops.
my dhcp pool config:
ip dhcp pool aeon_pool
import all
network 192.168.0.0 255.255.255.0
dns-server 8.8.8.8 10.2.101.1
default-router 192.168.0.254
any dns conf:
ip domain name garden.org
ip host Aeon 192.168.0.254
ip host Pulsar 10.2.101.1
ip name-server 8.8.8.8
ip name-server 10.2.101.1Hi Karolo,
Sorry to say that i didnt understand what exactly you are trying to achive :-( May be my fault. As i understand it your network have only exit to internet which is through milkrotik router..
The point i didnt understand is that what exactly you are trying to resolve internally? Do you have any intra net?
Is your requirment is to internally resolve your hostname as Aeon to 192.168.0.254 & Pulsar to 10.2.101.1?
From the DHCP pool i can see that you have configured the DNS as 8.8.8.8 which is public dns server hosted on internet. So it make sence that dns resolution stops when milkrotik wireless goes down as it can not communicate with the internet for dns resolution.
It would be great if you could be specific about your requirment.
Appologies for my lack of understanding of your requirment.
Regards
Najaf -
ERROR: Exception occured while encrypting the configuration and database
I'm facing below issue/error during the OIM 11g R2 configuration (fresh install). Resolutions from other blog with same error (DOMAIN_HOME misconfigured) isn't helping in my case.
Thanks for your help
updateMLSLocale:ORACLE_HOME :/fmw/Oracle_IDM1
updateMLSLocale:LOCALE_PROPERTIES_FILE :/fmw/Oracle_IDM1/inventory/Scripts/ext/jlib/oim/OIMLocales.properties
java.lang.Exception: Exception occured while encrypting the configuration and database
at oracle.as.install.oim.config.util.EncryptConfigurationAndDB.encryptConfigurationAndDatbase(EncryptConfigurationAndDB.java:239)
at oracle.as.install.oim.config.OIMConfigManager.encryptDB(OIMConfigManager.java:1035)
at oracle.as.install.oim.config.OIMConfigManager.configureOIM(OIMConfigManager.java:891)
at oracle.as.install.oim.config.OIMConfigManager.doExecute(OIMConfigManager.java:583)
at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:371)
at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:88)
at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:105)
at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:64)
at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:160)
at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:86)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.Exception: Exception occured while encrypting the database
at oracle.as.install.oim.config.util.EncryptDataBase.encryptDBContent(EncryptDataBase.java:159)
at oracle.as.install.oim.config.util.EncryptConfigurationAndDB.encryptConfigurationAndDatbase(EncryptConfigurationAndDB.java:230)
... 12 more
Caused by: java.lang.Exception: Exception occured in updateMLSLocale method while updating Locale to OIM DB
at oracle.as.install.oim.config.util.EncryptDataBase.updateMLSLocale(EncryptDataBase.java:318)
at oracle.as.install.oim.config.util.EncryptDataBase.encryptDBContent(EncryptDataBase.java:125)
... 13 more
Caused by: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV_OIM.UK_MLS_LOCALE_MLS_LOCALE_CODE) violated
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:548)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:217)
at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedStatement.java:1115)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1488)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3769)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:3904)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeUpdate(OraclePreparedStatementWrapper.java:1512)
at oracle.as.install.oim.config.util.EncryptDataBase.updateMLSLocale(EncryptDataBase.java:310)
... 14 moreHi
I faced this issue before ,Reinstall is the option you have .Verify the version of RCU before you start creating schema .Set all Pre DB setting ,hostname and IP Address ,If DB and OIM are in ifferent machines check pinging from both the sides .
Please Drop all OLD schema ,Create a New "Prefix" for fresh installation , don't use old schema .
Let me know .
Thanks,
Ari -
HR infotype log in PCL4 and overall performance
Hi there,
There has been a few threads about PCL4 performance with regards to reading, but I have a slightly different question:
We are working on an export program for HR masterdata and are considering using logging in PCL4 to be able to export only changed fields in the infotypes. To achieve this we need to add quite alot of extra fields and infotypes to the configuration in the IMG.
Does anyone have any experience about how additional fields and infotypes affect runtime and database performance of the system? How optimized is the system with regards to writing to this cluster?
It will obviously cause more data to be logged, and the database will grow slightly faster, but does it decrease responsiveness of PA30/40 for the end users? Is it possible to archive old data from this cluster? I'm guessing that it won't be a big problem, but any feedback is greatly appreciated.
Best regards,
Lars G. GudbrandsenHi Lars,
Probably you would get a better response in the HCM section as opposed to ABAP.
Maybe you can use change pointers, and badis rather, to acheive what you want but I am not 100% sure the requirement.
Additional fields and infotypes don't impact the system negatively in my opinion. It wouldn't affect PA30, unless the specific infotype is selected and then provided if it has been correctly created in PM01 it should be fine, also depending how many fields you are talking about of course. PA40 would only be impacted for those transacitons for which the infotype is included.
As for archiving, I am not sure, but once again i think HCM forum is your best bet.
Maybe you are looking for
-
Material Price updation through Material Ledger
Hi, I implemented the ML and after executing the ML Costing run & on 1st movement of material( Dynamic price release) the The Per Unit price* which is calculated in ML costing run is not updating in the current std price area in Costing View 2 Tab. I
-
Will lightening adapter work with bose speakers
Has anyone tested this out yet?
-
JEditorPane.setPage() final phase takes a while!!!
Hi Java users, I'm displaying a document on a JEditorPane. I am using a SwingWorker to launch a thread that will accomplish the document load. However, there is a point when the SwingWorker has already finished his job (I now this since the finished(
-
My camera app wont open on my 5s.
why wont my original camera app will not open at all on my 32gb 5s.
-
My mouse stops responding and the computer locks up after running the initVXIlibrary. Windows 95 Labview 5.1.1 AT-MXI (ver 1.1)