DS 5.2: passwordexpirationtime is 19700101000000Z

Hi all,
after a password reset the users passwordexpiratontime is set to 19700101000000Z. This causes problems on linux and solaris 8 clients. The user is not able to login and called upon changing his password.
Why is the pwexpirationtime set to 1970... and how can I prevent this behavior?
Regards
Martin

If you enable "user maust change password after reset", you will encounter this problem.
Basically, after you enable the option, whenever your password is reset by admin, you will be prompted to change your password in your next login attempt.
If you don't want this happen, you can just turnoff this option in DS.

Similar Messages

PasswordExpirationTime: ldap_modify_s: Protocol error

Hi I have an error when trying to change the passwordExpirationTime for a testuser results in an error
$ ldapsearch -D "cn=Directory Manager" -w password -b "dc=mycompany,dc=com" uid=test002 passwordexpirationtime uid=test002,ou=People,o=mymail2.mycompany.com,dc=mycompany,dc=com
passwordexpirationtime=20060417180533
$ ldapsearch -D "cn=Directory Manager" -w password -b "dc=mycompany,dc=com" uid=test002 password* uid=test002,ou=People,o=mymail2.mycompany.com,dc=mycompany,dc=com
$ ldapmodify -D "cn=Directory Manager" -w password uid=test002,ou=People,o=mymail2.mycompany.com,dc=mycompany,dc=com
changetype: modify
replace: passwordexpirationtime
passwordExpirationTime: 20380119031407Z
modifying entry uid=test002,ou=People,o=mymail2.mycompany.com,dc=mycompany,dc=com
ldap_modify_s: Protocol error
$
- Why the error?
My Ldif output for that user is as below:
dn: uid=test002,ou=People,o=mymail2.mycompany.com,dc=mycompany,dc=com
modifyTimestamp: 20060306090533Z
modifiersName: cn=puser,ou=dsame users,dc=mycompany,dc=com
passwordAllowChangeTime: 19700101000000Z
passwordHistory: 20050826195029Z{SSHA}uxaVbJBpxXx+q2SkIOiRuut6MgPrJVkTB3LLLg==
passwordHistory: 20051011150602Z{SSHA}CHAjinJxd93Z7aGx3SoOCL9uv77dSlsQ9Eaieg==
passwordHistory: 20050826194645Z{SSHA}UGZkBLsx8XEZjpvVmVV8vwssETZmDN1knANDeQ==
passwordHistory: 20051026234259Z{SSHA}zxdWfC/w+eI/ohp8/NDiXpVoIiaNTd1kWHn5Tg==
passwordHistory: 20050826194857Z{SSHA}dIaTelLCf6JSrA8yg8kcVQtst0OFLXUXoDwkYg==
passwordHistory: 20051115044336Z{SSHA}ZMi+AFFp9tIq4R6To5ZaPPlqoM4nAj8/cDOGNg==
passwordHistory: 20050828212706Z{SSHA}BEd23EiwmQTc798rr0ztEODU3WMkcaApZBnvMQ==
passwordHistory: 20050902012035Z{SSHA}0NdVlRJtdMXZMnTrdMt8Jm8tbCF4GUkudmLcNQ==
passwordHistory: 20050826194411Z{SSHA}4zKjk6tcZ7T7xr4ndVt6KjLaEUm6bdglMgiuQw==
passwordPolicySubentry: cn=AIGT-STANDARD,ou=Policies,dc=mycompany,dc=com
passwordExpirationTime: 20060417180533
userPassword: {SSHA}iOt7DAlcCS3r6EAYjdLDJ+uKXZJkUekRoxxiHg==
passwordExpWarned: 0
pwdChangedTime: 20060306090533Z
department: IT
title: IT Services
physicalDeliveryOfficeName: My Data Center
o: mycompany
preferredLanguage: en
preferredLocale: en
postalCode: 07039
accountUnlockTime: 20050824213436Z
createTimestamp: 20050721063645Z
creatorsName: cn=puser,ou=dsame users,dc=mycompany,dc=com
uid: test002
mailAllowedServiceAccess: imaps:ALL$smtps:ALL$+imap:ALL$+smtp:ALL$
employeeType: mycompany
givenName: Lits
inetSubscriberAccountId: TEST002
objectClass: userpresenceprofile
objectClass: top
objectClass: iplanet-am-managed-person
objectClass: iplanet-am-user-service
objectClass: inetadmin
objectClass: organizationalperson
objectClass: person
objectClass: inetuser
objectClass: inetlocalmailrecipient
objectClass: iplanetpreferences
objectClass: ipuser
objectClass: inetorgperson
objectClass: mycompanymsaddressbook
objectClass: inetsubscriber
objectClass: inetmailuser
facsimileTelephoneNumber: 111 222 3333
mailAlternateAddress: [email protected]
mailQuota: 31457280
mail: [email protected]
cn: Test2, Lits@TEST
iplanet-am-user-account-life: 07/24/2005 01:35
telephoneNumber: 111 222 4444
mailDeliveryOption: mailbox
psIncludeInGAB: false
mailUserStatus: active
st: ST
l: Location
postalAddress: postalAddress
inetUserStatus: Active
mailHost: mbx01.mycompany.com
iplanet-am-modifiable-by: cn=Top-level Admin Role,dc=mycompany,dc=com
iplanet-am-modifiable-by: cn=Organization Help Desk Admin Role,o=mymail2.mycompany.com,dc=mycompany,dc=com
sn: Test2
mailMsgQuota: -1
inetCOS: mycompanyMailService
c: Country
nsUniqueId: c8f27202-f9b111d9-80d7aa98-bca9472b
retryCountResetTime: 20051011151438Z
passwordRetryCount: 0

I thought you have to specify the full dn as in:
$ ldapmodify -D "cn=Directory Manager" -w password
dn: uid=test002,ou=People,o=mymail2.mycompany.com, dc=mycompany,dc=com
changetype: modify
replace: passwordexpirationtime
passwordExpirationTime: 20380119031407Z

How to get the value of passwordexpirationtime at LDAP

LDAP Gurus,
I want to sent an email notification before user's password is expired, so I need get the value of attribute "passwordexpirationtime" for all the users.
while I tried a lot of ways, but I can not see and get the value.
e.g command and output of 1 user as follow
ldapsearch -p 370 -h ldapserver.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=*
dn: uid=user1,ou=People, dc=abc,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: shadowaccount
givenName: John
sn: Paul
description: John Paul
loginShell: /bin/bash
gidNumber: 9042
uidNumber: 9042
uid: user1
cn: John Paul
gecos: John Paul
homeDirectory: /export/home/user1
Question:
which ldap command and options can be used to get the value of attribute "passwordexpirationtime" for all the users.
Environment:
Sun Directory Server 5.2_Patch_4
Thanks you in advance.

Thanks your guys help first.
1.we need send email notification to user before password expired as a lot of users not often login servers(UNIX) and they even can not get password expired prompt, these users are personal UNIX users, not service users. we need the value of passwordexpirationtime to do a script to send email.
2. I tried these command you advised, while still can not get the value of passwordexpirationtime.
1)ldapsearch -p 370 -h ldapserver1.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=* passwordexpirationtime
dn: uid=d411,ou=People, dc=abc,dc=com
dn: uid=user2,ou=People, dc=abc,dc=com
2)ldapsearch -p 370 -h ldapserver1.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=passwordobject passwordexpirationtime
ldapsearch -p 370 -h ldapserver1.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=passwordobject
output is nothing.
3.Enrique mentioned about passwordobject object class to have access to the passwordexpirationtime attribute. I am not sure if it has been
granted/defined or not.while I check the DS GUI as follow(sorry I can not past screenshoot here, so I need describe as follow)
when I go to DS server GUI, configuration->Schema and select "passwordobject" under Standard Object Classes(Read-Only), I can see there are "passwordExpirationTime" Under Allowed Attributes.
if NOT, what I need do to grant the access (or through create custom object), how this will affect our ldap server as ldap server is very critical.
4.I did above ldapsearch using unix root user, do I need use ldap directory manager user to do search, if so , how I can put manager username/password into ldapsearch command?
Again thank all your help.

LDAP - Reset passwordExpirationTime

Hello,
I am trying to use LDAP to modify a specific user's password in
e-directory and also resetting the passwordExpirationTime to its
original expiration length. I can change the password without a problem
but every time I attempt to modify the passwordExpirationTime attribute
it sets it to 0.
We are using E-Directory 8.8 SP5 and also have Universal Password
enabled. I believe this might be where the problem lays but I'm new to
the Novell and E-Directories infrastructures.
Before posting this thread I searched the forum and I found a few
things. One thing I did try was setting the time format in seconds
before 1970 instead of the YYMMddHHmmssZ format. When I did this I
received a LDAP "Constraint Violation" error. Any ideas? Thanks in
advance!
Tim Burrows
Application Developer
M.S. Kennedy Corporation
tburrows315
tburrows315's Profile: http://forums.novell.com/member.php?userid=85424
View this thread: http://forums.novell.com/showthread.php?t=410492

AFAIR this is native eDirectory behaviour. If an admin and not the user
himself modifies a password with expiration time, the expiration is set
to
01.01.1980 (which might be 'zero') for security reasons. So you have to
do two steps: First modify the passwort and close! (save that change)
that task. eDir will save the password and set the password to expired
by setting the expiration time to zero. In the second step, you modify
the expiration time.
HTH
Tom
What might work also is first disabling expiration time, changing the
password
and then reenabling expiration time.
bwisupport
bwisupport's Profile: http://forums.novell.com/member.php?userid=19240
View this thread: http://forums.novell.com/showthread.php?t=410492

Unable to catch LDAPException error code(53) in jsp on weblogic 6.1

When I try to authenticate a user in LDAP whose account is inactivated the following error is thrown UNWILLING_TO_PERFORM in weblogic Server log.
My JSP file couldn't to catch this exception, where as it could catch all other exception like NO_SUCH_OBJECT
INVALID_CREDENTIALS. It throws 500 internal server error on browser which seems awkward to the user.
Im Using basic authentication model by setting 401 status code in response.
I have even tried catch block with Exception, but failed to catch it.
Could Any one plz help me out.
Exception in detail-----
Servlet failed with Exception
netscape.ldap.LDAPException: error result (53); Account inactivated. Contact system administrator.; DSA is unwilling to perform
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
        at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
        at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
        at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
        at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
        at weblogic.security.ldaprealmv2.LDAPDelegate.authenticate(LDAPDelegate.java:851)
        at weblogic.security.ldaprealmv2.LDAPRealm.authUserPassword(LDAPRealm.java:61)
        at weblogic.security.acl.AbstractListableRealm.authInternal(AbstractListableRealm.java:186)
        at weblogic.security.acl.AbstractListableRealm.authenticate(AbstractListableRealm.java:127)
        at weblogic.security.acl.AbstractListableRealm.getUser(AbstractListableRealm.java:110)
        at weblogic.security.acl.CachingRealm.authenticate(CachingRealm.java:945)
        at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:889)
        at weblogic.security.acl.Realm.authenticate(Realm.java:200)
        at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
        at weblogic.security.acl.internal.Security.authenticate(Security.java:172)
        at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:302)
        at weblogic.servlet.security.ServletAuthentication.weak(ServletAuthentication.java:318)
        at weblogic.servlet.security.internal.BasicSecurityModule.checkAuthenticateHeader(BasicSecurityModule.java:62)
        at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:118)
        at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2674)
        at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2427)
        at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:159)
        at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:140)
--------------- nested within: ------------------
weblogic.security.ldaprealmv2.LDAPRealmException: Account inactivated. Contact system administrator. - with nested exception:
[netscape.ldap.LDAPException: error result (53); Account inactivated. Contact system administrator.; DSA is unwilling to perform]
        at weblogic.security.ldaprealmv2.LDAPDelegate.authenticate(LDAPDelegate.java:885)
        at weblogic.security.ldaprealmv2.LDAPRealm.authUserPassword(LDAPRealm.java:61)
        at weblogic.security.acl.AbstractListableRealm.authInternal(AbstractListableRealm.java:186)
        at weblogic.security.acl.AbstractListableRealm.authenticate(AbstractListableRealm.java:127)
        at weblogic.security.acl.AbstractListableRealm.getUser(AbstractListableRealm.java:110)
        at weblogic.security.acl.CachingRealm.authenticate(CachingRealm.java:945)
        at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:889)
        at weblogic.security.acl.Realm.authenticate(Realm.java:200)
        at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
        at weblogic.security.acl.internal.Security.authenticate(Security.java:172)
        at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:302)
        at weblogic.servlet.security.ServletAuthentication.weak(ServletAuthentication.java:318)
        at weblogic.servlet.security.internal.BasicSecurityModule.checkAuthenticateHeader(BasicSecurityModule.java:62)
        at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:118)
        at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2674)
        at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2427)
        at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:159)
        at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:140)
..so on

It would worth if you take a look to the access log file, and see what error code is returning your operation. I detected that when you perform an ldapsearch using a user with expired password (with DS 5.2, explicitly passwordExpirationTime set to 19700101000000Z in my case) the command returns "ldap_search: DSA is unwilling to perform"
jair@riscl~ $ ldapsearch -b "o=isp" -D "uid=RRJA2829,ou=people,o=affiliates,o=isp" -w met999 "uid=admin"
ldap_search: DSA is unwilling to perform
jair@riscl~ $ echo $?
53And the access log shows (LDAP_SUCCESS for BIND operation):
[23/Jun/2009:15:16:14 -0500] conn=1847 op=-1 msgId=-1 - fd=48 slot=48 LDAP connection from 127.0.0.1 to 127.0.0.1
[23/Jun/2009:15:16:14 -0500] conn=1847 op=0 msgId=1 - BIND dn="uid=RRJA2829,ou=people,o=affiliates,o=isp" method=128 version=3
[23/Jun/2009:15:16:14 -0500] conn=1847 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=rrja2829,ou=people,o=affiliates,o=isp"
[23/Jun/2009:15:16:14 -0500] conn=1847 op=1 msgId=2 - need new password
[23/Jun/2009:15:16:14 -0500] conn=1847 op=1 msgId=2 - RESULT err=53 tag=101 nentries=0 etime=0
[23/Jun/2009:15:16:14 -0500] conn=1847 op=2 msgId=3 - UNBIND
[23/Jun/2009:15:16:14 -0500] conn=1847 op=2 msgId=-1 - closing - U1
[23/Jun/2009:15:16:15 -0500] conn=1847 op=-1 msgId=-1 - closed.So, it is possible that your code doesn't catch the exception because the bind operation is returning code 0 (LDAP_SUCCESS) and for some other reason weblogic is receiving a second code 53 which is thrown by the server and not catched by your code, I really don't know if it is possible, is just what comes to my mind right now.
I also made a test with java using the same user with expired password and couldn't catch any exception like in your case
import java.util.Hashtable;
import javax.naming.directory.*;*
*import javax.naming.ldap.*;
import javax.naming.*;
public class Password {
   public static void main (String args[]) {
      LdapContext ctx = null;
      String userid = "uid=RRJA2829,ou=people,o=affiliates,o=isp";
      String passwd = "met999";
      try {
         Hashtable env = new Hashtable();
         env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
         env.put("java.naming.provider.url", "ldap://riscl:389/");
         env.put("java.naming.security.principal", userid);
         env.put("java.naming.security.credentials", passwd);
         ctx = new InitialLdapContext(env, null);
      } catch (AuthenticationException e) {
            System.out.println("=> " +e.getMessage()+ " <=");
      } catch (NamingException ne) {
         System.out.println("=> " +ne.getMessage()+ " <=");
}and the logs showed:
[23/Jun/2009:15:32:41 -0500] conn=43 op=-1 msgId=-1 - fd=52 slot=52 LDAP connection from 127.0.0.1 to 127.0.0.1
[23/Jun/2009:15:32:41 -0500] conn=43 op=0 msgId=1 - BIND dn="uid=RRJA2829,ou=people,o=affiliates,o=isp" method=128 version=3
[23/Jun/2009:15:32:41 -0500] conn=43 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=rrja2829,ou=people,o=affiliates,o=isp"
[23/Jun/2009:15:32:42 -0500] conn=43 op=-1 msgId=-1 - closing - B1
[23/Jun/2009:15:32:42 -0500] conn=43 op=-1 msgId=-1 - closed.but in this case LDAP is not returning the code 53 "UNWILLING TO PERFORM" to java app in the way it did to ldapsearch.
Hope it helps.
BR,
jairsinho

DS5.0 and password policy

When i choose password to be expired (passwordexpirationtime attribute then is 19700101000000Z) and when i want to log in to the directory using the Server Gateway, i am asked to change my password (Your Directory Server password has expired. You must change your password immediately). But the password expirationtime is not changed and i can't log in to the directory. What can i do ?

Which version of Directory Server ?
As the Directory Manager, you can remove or change the passwordExpirationTime attribute in the user entry, provided you're absolutely sure that the password is now correct...
Ludovic

How can I reset password in iDS5.1?

A newbie question:
There is a thread as below, can some one tell me if there is a passwordMustChange value in iDS5.1? Cause I change the password in console as a diretory manager and checked on 'User must change password after reset', but there is no password expired control when the user binding after the reset. Wondering how to reset the password in console properly.
Thanks,
Ben
Craig Epstein on 2/21/2002 answered:"James,In order to view the values for the following attributes: passwordExpirationTime passwordExpWarned, passwordRetryCount, retryCountResetTime, accountUnlockTime, passwordHistory, passwordAllowChangeTimethey must be specifically requested in an ldap search operation. For example, if the password policy is configured so that a user must wait 3 days before changing his password, an ldap search on the user's entry where passwordAllowChangeTime is specifically requested will return the absolute time when the password can be changed.General password policy for attributes such as passwordMustChange, is stored under the cn=config entry. So, if the LDAP database is configured so that users must change their passwords after a reset, the passwordMustChange attribute in this entry should be set to on.If you can be more specific, perhaps I can help further.Regards,Craig"

THe Password policy is working the same in 5.1 as in the previous release (minus bugs).
Password Reset only works when done by "Cn=directory manager".
Regards,
Ludovic

Can't log into Sun DS 5.2 Console after installing Identity Synchronization

Installing the Identity Synchronization module over the directory server prevents me from logging into the server using the console.
I installed Sun Java System Directory Server 5.2 on a Windows 2000 server. After that, I installed the following in the order below:
1. Patch 5077789 Patch 2
2. Patch 117667-03
3. Sun Java System Message Queue 3.5 SP1.
Upto this point, I was able to log into the DS server without any problems. I was also able to access and use the MQ.
After this, I installed the Sun Java System Identity Synchronization module.
Now I am unable to log into the DS console. The error I get is "Cannot logon because of an incorrect User ID, Incorrect password or Directory problem.
java.net.SocketException: Connection reset"
Any ideas what the problem might be? I've tried uninstalling, cleaning up and reinstalling everything, but to no avail.
Thanks in advance

Look at the logs/error under admin-serv directory for more clue
Make sure hostname.ldapdomainname (eg: ldap1.example.com) for LDAP server is set in Windows hosts file as 1st field.
cd to slapd-hostname and run
.\saveconfig
Notepad the ldif file generated, search for userPassword for cn=admin-serv-hostname, AND CHECK IF there is passwordExpirationTime set, if there it could mean userPassword of admin-serv-hostname expired, if so you may follow a recent thread to set it to never expire.
http://swforum.sun.com/jive/thread.jspa?threadID=48144&tstart=0
Gary

Admin Server password not working

Running Netscape Directory Server 4.1 on Solaris 9.
I see this:
[root@arthur]> ldapsearch -D "cn=Directory Manager" -w ******** -b o=netscaperoot "cn=admin-serv-arthur" passwordexpirationtime
cn=admin-serv-arthur, cn=Netscape Administration Server, cn=Server Group, cn=arthur.cusys.edu, ou=cusys.edu, o=NetscapeRoot
passwordexpirationtime=20060215123431
But when I try to modify via:
[root@arthur]> ldapmodify -D "cn=Directory Manager" -w ******** -f pwexptime.ldif
where pwexptime.ldif is:
dn: cn=admin-serv-arthur, cn=Netscape Administration Server, cn=Server Group,
cn=arthur.cusys.edu, ou=cusys.edu, o=NetscapeRoot
chnagetype:modify
replace:passwordexpirationtime
passwordexpirationtime: 20090215123431
I get:
modifying entry cn=admin-serv-arthur, cn=Netscape Administration Server, cn=Server Group,cn=arthur.cusys.edu, ou=cusys.edu, o=NetscapeRoot
ldap_modify_s: Object class violation
I can't find passwordexpirationtime as an attribute for any of the associated admin-serv-arthur object classes, thus the object class violation. Then where did it come from in the ldapsearch above?
How do I change this passwordexpirationtime attribute?

What about changing the password of this account itself.
AFAICR (as this werver is quite out-of-date) passwordexirationtime is a operational attribute set by the server itself.
Read out userpassword with ldapsearch.
use ldapmodify to changeit to some value
use ldapmodify again to set it back to the old value.
General advice:
It seems you�re using a password policy.
As this old server does not have scoped password policies (like the new server does) you should set up a separate Directory Server instance which holds the "o=netscapeRoot" tree. This one is called the configuration directory server - and it's best practice to have it as a different instance.
-Bernhard
Of course ugrading to Directory Server 5.2 is adviced as well because the version you are using is already end of support live.

Mechanism level: Checksum failed

Hello everyone, I hope that you can help me.I have problems with the examples of JGSS. The log is:
GSSServer:
Config name: C:\WINDOWS\krb5.ini
KeyTabInputStream, readName(): HIPER.COM.PE
KeyTabInputStream, readName(): developer
KeyTab: load() entry length: 56; type: 17
KeyTabInputStream, readName(): HIPER.COM.PE
KeyTabInputStream, readName(): developer
KeyTab: load() entry length: 56; type: 23
KeyTabInputStream, readName(): HIPER.COM.PE
KeyTabInputStream, readName(): developer
KeyTab: load() entry length: 64; type: 16
KeyTabInputStream, readName(): HIPER.COM.PE
KeyTabInputStream, readName(): developer
KeyTab: load() entry length: 48; type: 3
KeyTabInputStream, readName(): HIPER.COM.PE
KeyTabInputStream, readName(): developer
KeyTab: load() entry length: 48; type: 1Added key: 1version: 1
Added key: 3version: 1
Added key: 16version: 1
Added key: 23version: 1
Added key: 17version: 1
Ordering keys wrt default_tkt_enctypes list
default etypes for default_tkt_enctypes: 17 23 16 3 1.
0: EncryptionKey: keyType=17 kvno=1 keyValue (hex dump)=
0000: E2 4B DD 17 2F 34 55 E6 BB 78 33 85 28 90 52 3C .K../4U..x3.(.R<
1: EncryptionKey: keyType=23 kvno=1 keyValue (hex dump)=
0000: 25 F1 43 85 EE 17 82 BB 71 FE E1 E5 83 5D 63 0F %.C.....q....]c.
2: EncryptionKey: keyType=16 kvno=1 keyValue (hex dump)=
0000: 31 04 E0 F8 F4 CB 57 89 C1 13 B3 15 20 A1 10 64 1.....W..... ..d
0010: 16 57 CB 57 01 D9 F8 67
3: EncryptionKey: keyType=3 kvno=1 keyValue (hex dump)=
0000: 70 38 0E 49 73 2A 57 51
4: EncryptionKey: keyType=1 kvno=1 keyValue (hex dump)=
0000: 70 38 0E 49 73 2A 57 51
default etypes for default_tkt_enctypes: 17 23 16 3 1.
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=192.168.61.2 UDP:88, timeout=30000, number of retries =3, #bytes=152
KDCCommunication: kdc=192.168.61.2 UDP:88, timeout=30000,Attempt =1, #bytes=152
KrbKdcReq send: #bytes read=626
KrbKdcReq send: #bytes read=626
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
KrbAsRep cons in KrbAsReq.getReply developerAuthenticated principal: [[email protected]]
Found key for [email protected](1)
Found key for [email protected](23)
Found key for [email protected](16)
Found key for [email protected](17)
Found key for [email protected](3)
Waiting for incoming connection...
Got connection from client /192.168.61.66
Entered Krb5Context.acceptSecContext with state=STATE_NEW
EType: sun.security.krb5.internal.crypto.ArcFourHmacETypeChecksum failed !
Exception in thread "main" java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at com.hiper.jgss.Jaas.loginAndAction(Jaas.java:95)
at com.hiper.jgss.GssServer.main(GssServer.java:89)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
at com.hiper.jgss.GssServer$GssServerAction.run(GssServer.java:168)
... 4 more
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
... 7 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388)
at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83)
... 13 more
Java Result: 1
GSSClient:
run:
KinitOptions cache name is C:\Documents and Settings\cgamarra\krb5cc_cgamarra
DEBUG <CCacheInputStream> client principal is [email protected]
DEBUG <CCacheInputStream> server principal is krbtgt/[email protected]
DEBUG <CCacheInputStream> key type: 23
DEBUG <CCacheInputStream> auth time: Wed Jan 16 17:56:16 COT 2008
DEBUG <CCacheInputStream> start time: Wed Jan 16 17:56:16 COT 2008
DEBUG <CCacheInputStream> end time: Thu Jan 17 03:56:16 COT 2008
DEBUG <CCacheInputStream> renew_till time: Wed Dec 31 19:00:00 COT 1969
CCacheInputStream: readFlags() INITIAL;Host address is /192.168.61.66
DEBUG <CCacheInputStream>
KrbCreds found the default ticket granting ticket in credential cache.
Obtained TGT from LSA: Credentials:[email protected]
server=krbtgt/[email protected]
authTime=20080116225616Z
startTime=20080116225616Z
endTime=20080117085616Z
renewTill=19700101000000Z
flags: INITIAL
EType (int): 23
Authenticated principal: [[email protected]]
Connected to address cgamarra/192.168.61.66
Config name: C:\WINDOWS\krb5.ini
Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Thu Jan 17 03:56:16 COT 2008
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Thu Jan 17 03:56:16 COT 2008
Service ticket not found in the subject
Credentials acquireServiceCreds: same realmdefault etypes for default_tgs_enctypes: 17 23 16 3 1.
CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
KrbKdcReq send: kdc=192.168.61.2 UDP:88, timeout=30000, number of retries =3, #bytes=596
KDCCommunication: kdc=192.168.61.2 UDP:88, timeout=30000,Attempt =1, #bytes=596
KrbKdcReq send: #bytes read=569
KrbKdcReq send: #bytes read=569
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
KrbApReq: APOptions are 00100000 00000000 00000000 00000000
EType: sun.security.krb5.internal.crypto.ArcFourHmacETypeKrb5Context setting mySeqNumber to: 372002863
Created InitSecContextToken:
0000: 01 00 6E 82 01 EA 30 82 01 E6 A0 03 02 01 05 A1 ..n...0.........
0010: 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 01 ......... ......
0020: 0E 61 82 01 0A 30 82 01 06 A0 03 02 01 05 A1 0E .a...0..........
0030: 1B 0C 48 49 50 45 52 2E 43 4F 4D 2E 50 45 A2 28 ..HIPER.COM.PE.(
0040: 30 26 A0 03 02 01 00 A1 1F 30 1D 1B 04 68 6F 73 0&.......0...hos
0050: 74 1B 15 63 67 61 6D 61 72 72 61 2E 68 69 70 65 t..cgamarra.hipe
0060: 72 2E 63 6F 6D 2E 70 65 A3 81 C4 30 81 C1 A0 03 r.com.pe...0....
0070: 02 01 17 A1 03 02 01 0B A2 81 B4 04 81 B1 8D 1D ................
0080: 14 45 C1 35 7D C5 71 4C 81 10 FE 41 D7 34 48 15 .E.5..qL...A.4H.
0090: 78 35 3D 63 4D F5 4B F5 39 18 2D 28 50 E7 A8 D7 x5=cM.K.9.-(P...
00A0: 4E 32 F2 F9 62 63 DE 2D E3 05 F7 B3 41 E4 CE 16 N2..bc.-....A...
00B0: 77 A1 F4 0E BC 04 59 03 0D 06 12 FB F4 7F 5B 60 w.....Y.......[`
00C0: E0 1D 9A 37 9C 07 9A FA FD A6 2A 57 84 3D 20 86 ...7......*W.= .
00D0: 3B 7F 39 5E 07 63 EC 32 20 36 47 5E FA F9 49 C6 ;.9^.c.2 6G^..I.
00E0: E9 E1 77 1E 77 EC C8 B5 35 FE 80 38 3B 4E 98 21 ..w.w...5..8;N.!
00F0: 5D 63 EB 19 4D A8 0A 79 52 D8 8C 72 05 AA 81 4E ]c..M..yR..r...N
0100: 7E 93 47 06 79 AF 81 DE C1 3A E5 A2 93 8C 12 AB ..G.y....:......
0110: 85 96 22 09 71 37 E5 99 31 86 33 AC 3A 89 F7 CB ..".q7..1.3.:...
0120: CE 02 0F 49 1F F2 B7 9D A5 79 B4 28 B7 14 99 A4 ...I.....y.(....
0130: 81 BE 30 81 BB A0 03 02 01 17 A2 81 B3 04 81 B0 ..0.............
0140: E4 97 3F 28 21 08 16 19 46 5B B8 FF C7 4C 53 D1 ..?(!...F[...LS.
0150: E6 5B AE 64 23 70 9E 72 11 B5 AE 2C 0D 5C 6D 48 .[.d#p.r...,.\mH
0160: B5 7D 3B 83 90 17 1B D1 65 FB 78 BF 6E 34 18 5C ..;.....e.x.n4.\
0170: B5 3A 3D 5C 40 8F 82 3E EC DB 11 B3 0D 06 2B C1 .:=\@..>......+.
0180: 4C FD A1 A4 E1 DE 1A 94 AB F0 43 56 B8 14 48 00 L.........CV..H.
0190: 55 EC 55 00 F5 01 9C 80 C3 F4 9E 1C B8 BA FE 86 U.U.............
01A0: 14 BA 23 CC 61 18 44 3F C2 CC D1 76 A3 3C 9C 57 ..#.a.D?...v.<.W
01B0: D3 3A 58 D5 36 C9 CC 59 55 4E 38 88 47 5A 3C 1A .:X.6..YUN8.GZ<.
01C0: 03 18 3B 53 B8 60 6E 6A 19 A8 AE FD 0E D0 9D 60 ..;S.`nj.......`
01D0: 3A 7F B1 F3 28 0C 3A 96 61 80 0A 36 16 28 6B 80 :...(.:.a..6.(k.
01E0: 1D F9 6C 76 C2 98 8D D0 7E A4 EF 8D A8 02 2B CC ..lv..........+.
Exception in thread "main" java.security.PrivilegedActionException: java.net.SocketException: Connection reset
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at com.hiper.jgss.Jaas.loginAndAction(Jaas.java:100)
at com.hiper.jgss.GssClient.main(GssClient.java:103)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at java.net.SocketInputStream.read(SocketInputStream.java:182)
at java.io.DataInputStream.readInt(DataInputStream.java:370)
at com.hiper.jgss.GssClient$GssClientAction.run(GssClient.java:203)
... 4 more
Java Result: 1
Does anyone know how to fix the exception: Mechanism level: Checksum failed ?
Thanks.

Looks like the client's target and the server does not match, maybe not the same principal.
The JGSS tutorials starts the server side program using a service principal, which looks like host/[email protected] As I read from your debug output, your server program's principal is [email protected], which is a normal user principal.

IDS 5.0 SP2 + Solaris 8 password problem

Iplanet version : iDS 5.0 SP2 + Solaris 8
Password:
user must change password after reset : yes
user may change password : yes
allow changes in 0 days
keep password history : yes
remeber 6 password
Password expires after 90 days
send warning 7 days before password expires
check password syntax : yes
password min length : 6
Account lockout:
Account maybe lockout : yes
Lockout account after 3 login failures
reset failure count after 525600 minutes
Lockout forever : yes
We discovered that when the user password is expired due to the field 'passwordexpirationtime' is past, there are two types of password expiration within iplanet ldap. One type of expiration will allow user to change the password by themselves, however, the other type did not
We discovered that when we put a 'Z' on the field passwordexpirationtime, it will show the first type of password expiration that user can change their password. When we remove the 'Z' from the field passwordexpirationtime. it will not allow the user to change the password by themselves, we provide a screen dump at the end.
Moreover, the problem may be triggered by other event instead of adding a 'Z' on the passwordexpirationtime field
Here is the screen dump for you to investigate, you can see that the output with 'DSA is unwilling to perform' is the type where user can change their password, while the output with 'Invalid credentials' is the type where user CANNOT change their password.
Case 1
======
%ldapsearch -p 3389 -b o=orange,c=us uid=john passwordexpirationtimeuid=john,o=jpmorgan,c=us
passwordexpirationtime=19900101000000Z
%ldapsearch -v -p 3389 -D uid=john,o=orange,c=us -w abc123 -b o=jpmorgan,c=us uid=john
ldap_init(localhost, 3389)
filter pattern: uid=john
returning: ALL
filter is: (uid=john)
ldap_search: DSA is unwilling to perform
0 matches
Case 2
======
%ldapsearch -p 3389 -b o=orange,c=us uid=john passwordexpirationtimeuid=john,o=jpmorgan,c=us
passwordexpirationtime=19900101000000
%ldapsearch -v -p 3389 -D uid=john,o=orange,c=us -w abc123 -b o=jpmorgan,c=us uid=john
ldap_init(localhost, 3389)
ldap_simple_bind: Invalid credentials
ldap_simple_bind: additional info: password expired!
I know there's nothing to do with 'zuru' suffix, ldap schema supports both of attribute
values format. But this happen in my LDAP. Any hints?
Question:
- Under what condition the LDAP will complain "DSA is unwilling to perform" or
"Invalid credentials"
- Any hints to resolve the problem

If something had changed recently, drill into that.
Do a hardware RAM test to confirm HW level soundness.
You may capture the core dump or similar information and send it to Microsoft for analysis.
They may ask you to do the usual thing: apply W2KSP4 and/or OS and security patches.
You also have the option of migrating IDS5.0/Windows to IDS5.2Patch3 (also as Sun Java System DirSvr 5.2) running on Solaris10 x86.
Gary

Persistent search using system.directoryservices.protocols

My goal is to develop an application in VB.NET that monitors eDirectory
using an LDAP persistent search. As user objects are added, moved,
renamed and deleted in eDirectory, the program will construct an event
notification in XML format and send it to an email account for
processing by other programs.
I've tried implementing the above functionality using the now
unsupported Novell Internet Directory ActiveX control (NWIDir), which
supports a PersistentSearch method and change notification via a
DirectoryModified event. But have found that it will only run for a few
minutes and then crashes either when run in the VB6 IDE or as an
executable. Since the these ActiveX controls are now unsupported (a
real shame, since they offer AMAZING functionality and INCREDIBLE ease
of use), I decided to go with a pure VB.NET solution.
I settled on using the System.DirectoryServices.protocols name space
and have tried to implement a persistent search with the following code:
Dim error_message As String = ""
Dim ldapcon As LdapConnection = LDAP_Connect(error_message)
If ldapcon Is Nothing Then
'Failed to connect to the ldap server.
MessageBox.Show("Failed to connect to ldap server,
Exception: " & error_message)
Exit Sub
End If
Dim attributesList() As String = {"cn", "SSN", "sn",
"givenname", "initials", "l", "ou", "telephonenumber",
"facsimiletelephonenumber", "title", "description", "uid",
"logindisabled", "logintime", "passwordexpirationtime",
"passwordexpirationinterval"}
Dim ctrlData As Byte() = BerConverter.Encode("{ibb}", New
Object() {1, True, True})
Dim persistentSearchControl As New
DirectoryControl("2.16.840.1.113730.3.4.3", ctrlData, True, True)
Dim searchRequest As New SearchRequest("o=oes",
"(&(objectclass=inetorgperson)(cn=*))",
System.DirectoryServices.Protocols.SearchScope.Sub tree, attributesList)
searchRequest.Controls.Add(persistentSearchControl )
Dim asyncCallBack As New AsyncCallback(AddressOf
PersistentSearchCallBack)
Dim timeSpan As New TimeSpan(1, 0, 0, 0, 0)
ldapcon.BeginSendRequest(searchRequest, timeSpan,
PartialResultProcessing.ReturnPartialResults, asyncCallBack,
searchRequest)
Here's my Asynch callback subroutine definition:
Sub PersistentSearchCallBack(ByVal ar As IAsyncResult)
End Sub
Here's my function library that I developed for connecting to
eDirectory VIA SSL just for reference:
Function LDAP_Connect(ByRef Error_Message As String) As
LdapConnection
'This function connects to an LDAP server and returns an
LDAPConnection object.
'If a connection cannot be established, the function will
return Nothing, and the
'Error_Message parameter will be set to the error returned by
the LDAP server.
Error_Message = ""
Try
Dim ldapcon As LdapConnection = New LdapConnection(New
LdapDirectoryIdentifier(LDAP_Server_IP & ":" & LDAP_Port), New
System.Net.NetworkCredential(LDAP_Authentication_D N, ldap_Password))
ldapcon.SessionOptions.SecureSocketLayer = True
ldapcon.SessionOptions.VerifyServerCertificate = New
VerifyServerCertificateCallback(AddressOf ServerCallback)
ldapcon.AuthType = AuthType.Basic
ldapcon.Bind()
Return ldapcon
Catch ex As Exception
'Failed to bind to ldap server.
Error_Message = ex.Message.ToString
Return Nothing
End Try
End Function
Public Function ServerCallback(ByVal connection As LdapConnection,
ByVal certificate As
System.Security.Cryptography.X509Certificates.X509 Certificate) As
Boolean
'Validate that the exchanged public keys match each other.
Try
Dim expectedCert As X509Certificate = New
X509Certificate(LDAP_SSL_Certificate)
If expectedCert.GetRawCertDataString =
certificate.GetRawCertDataString Then
Return True
Else
Return False
End If
Catch ex As Exception
'Certificate could not be loaded.
Return False
End Try
End Function
When I run the code, I get an the following error message:
The server does not support the control. The control is
critical.
Any help from someone who has successfully done an LDAP persistent
search against eDirectory using the System.DirectoryServices.Protocols
name space would be greatly appreciated, I've been trying to figure this
out in my spare time for a few weeks now. Thanks in advance!
jstaffor
jstaffor's Profile: http://forums.novell.com/member.php?userid=18218
View this thread: http://forums.novell.com/showthread.php?t=414012

On 6/23/2010 8:03 AM, Michael Bell wrote:
> On 6/23/2010 7:06 AM, jstaffor wrote:
>>
>> My goal is to develop an application in VB.NET that monitors eDirectory
>> using an LDAP persistent search. As user objects are added, moved,
>> renamed and deleted in eDirectory, the program will construct an event
>> notification in XML format and send it to an email account for
>> processing by other programs.
>>
>> I've tried implementing the above functionality using the now
>> unsupported Novell Internet Directory ActiveX control (NWIDir), which
>> supports a PersistentSearch method and change notification via a
>> DirectoryModified event. But have found that it will only run for a few
>> minutes and then crashes either when run in the VB6 IDE or as an
>> executable. Since the these ActiveX controls are now unsupported (a
>> real shame, since they offer AMAZING functionality and INCREDIBLE ease
>> of use), I decided to go with a pure VB.NET solution.
>>
>> I settled on using the System.DirectoryServices.protocols name space
>> and have tried to implement a persistent search with the following code:
>>
>>
>> ************************************************** *******
>> Dim error_message As String = ""
>> Dim ldapcon As LdapConnection = LDAP_Connect(error_message)
>>
>> If ldapcon Is Nothing Then
>> 'Failed to connect to the ldap server.
>> MessageBox.Show("Failed to connect to ldap server,
>> Exception: "& error_message)
>> Exit Sub
>> End If
>> Dim attributesList() As String = {"cn", "SSN", "sn",
>> "givenname", "initials", "l", "ou", "telephonenumber",
>> "facsimiletelephonenumber", "title", "description", "uid",
>> "logindisabled", "logintime", "passwordexpirationtime",
>> "passwordexpirationinterval"}
>>
>> Dim ctrlData As Byte() = BerConverter.Encode("{ibb}", New
>> Object() {1, True, True})
>>
>> Dim persistentSearchControl As New
>> DirectoryControl("2.16.840.1.113730.3.4.3", ctrlData, True, True)
>> Dim searchRequest As New SearchRequest("o=oes",
>> "(&(objectclass=inetorgperson)(cn=*))",
>> System.DirectoryServices.Protocols.SearchScope.Sub tree, attributesList)
>>
>> searchRequest.Controls.Add(persistentSearchControl )
>> Dim asyncCallBack As New AsyncCallback(AddressOf
>> PersistentSearchCallBack)
>> Dim timeSpan As New TimeSpan(1, 0, 0, 0, 0)
>>
>> ldapcon.BeginSendRequest(searchRequest, timeSpan,
>> PartialResultProcessing.ReturnPartialResults, asyncCallBack,
>> searchRequest)
>> ************************************************** ******
>> Here's my Asynch callback subroutine definition:
>>
>> Sub PersistentSearchCallBack(ByVal ar As IAsyncResult)
>>
>> End Sub
>>
>> Here's my function library that I developed for connecting to
>> eDirectory VIA SSL just for reference:
>>
>> Function LDAP_Connect(ByRef Error_Message As String) As
>> LdapConnection
>> 'This function connects to an LDAP server and returns an
>> LDAPConnection object.
>> 'If a connection cannot be established, the function will
>> return Nothing, and the
>> 'Error_Message parameter will be set to the error returned by
>> the LDAP server.
>> Error_Message = ""
>>
>> Try
>> Dim ldapcon As LdapConnection = New LdapConnection(New
>> LdapDirectoryIdentifier(LDAP_Server_IP& ":"& LDAP_Port), New
>> System.Net.NetworkCredential(LDAP_Authentication_D N, ldap_Password))
>> ldapcon.SessionOptions.SecureSocketLayer = True
>> ldapcon.SessionOptions.VerifyServerCertificate = New
>> VerifyServerCertificateCallback(AddressOf ServerCallback)
>> ldapcon.AuthType = AuthType.Basic
>> ldapcon.Bind()
>> Return ldapcon
>> Catch ex As Exception
>> 'Failed to bind to ldap server.
>> Error_Message = ex.Message.ToString
>> Return Nothing
>> End Try
>> End Function
>>
>> Public Function ServerCallback(ByVal connection As LdapConnection,
>> ByVal certificate As
>> System.Security.Cryptography.X509Certificates.X509 Certificate) As
>> Boolean
>> 'Validate that the exchanged public keys match each other.
>> Try
>> Dim expectedCert As X509Certificate = New
>> X509Certificate(LDAP_SSL_Certificate)
>>
>> If expectedCert.GetRawCertDataString =
>> certificate.GetRawCertDataString Then
>> Return True
>> Else
>> Return False
>> End If
>> Catch ex As Exception
>> 'Certificate could not be loaded.
>> Return False
>> End Try
>> End Function
>>
>> When I run the code, I get an the following error message:
>>
>> The server does not support the control. The control is
>> critical.
>>
>> Any help from someone who has successfully done an LDAP persistent
>> search against eDirectory using the System.DirectoryServices.Protocols
>> name space would be greatly appreciated, I've been trying to figure this
>> out in my spare time for a few weeks now. Thanks in advance!
>>
>>
> That error is telling you plain and simple the control you want to use
> doesn't exist in the RootDSE.
Also see,
http://www.novell.com/documentation/...a/agpcvpg.html
You have to enable persistant searches.

No password expiration warning

Dear,
When setting a password with the use of the command passwd -w <days> <username>, the selected user is not being warned about the expiration date when logging in.
However, when using passwd –f <username> it prompts the user at the login for a new password.
Example:
passwd -w 7 extelt
passwd -x 30 extelt
passwd -s extelt
(Command set at 7/6/2011)
So the password expires at 07-07-2011.
Should start warning the user at 30-06-2011.
As explained, there are no warnings given from the 'checkpoint (30-06-2011)'.
What else can i try?
Thanks in advance.
Regards,
Tommy

Did you also upgrade the Password Compatibility to 6?
If so, then all the password attributes will have a prefix of "pwd" instead of "password" so it might break somethings in your application if it is looking for "passwordExpirationTime" or something.
Thanks.

Ticket isnt for us - Apache DS on Windows Server 2008 with Kerberos

Hello there,
I installed Apache DS 1.5.7 on Windows Server 2008 R2 with Kerberos enabled.
I followed the instructions here http://directory.apache.org/apacheds/1.5/543-kerberos-in-apacheds-155.html.
I added the my users like the example ldif file of the official instructions. Users got their krb keys.
But when i try to authenticate with Apache Directory Studio using Kerberos authentication as told in the instructions.
I get ERROR 35 "Ticket isn't for us".
I tried googling this issuebut i couldnt solve it on my own.
Any help will be greatly appreciated.
Here is the server log
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR [org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450 The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR [org.apache.directory.server.Service] - Cannot start the server : reuseAddress can't be set while the acceptor is bound.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 RCVD: [email protected]5a608
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Received Authentication Service (AS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 |      messageType: AS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 |      protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 |      nonce: 2070170438
INFO | jvm 1 | 2012/01/04 18:03:35 |      kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 |      realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 |      renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: myuser
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 4
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: myname mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM subsystem.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using encrypted timestamp.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal [email protected] has no SAM type. Proceeding with standard pre-authentication.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
INFO | jvm 1 | 2012/01/04 18:03:35 | org.apache.directory.server.kerberos.shared.exceptions.KerberosException: Additional pre-authentication required
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:269)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:107)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.lang.Thread.run(Thread.java:722)
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Responding to request with error:
INFO | jvm 1 | 2012/01/04 18:03:35 |      explanatory text: Additional pre-authentication required
INFO | jvm 1 | 2012/01/04 18:03:35 |      error code: 25
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      client time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      server time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 SENT: org.apache.directory.server.kerberos.shared.messages.ErrorMessage@1878a17
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 RCVD: [email protected]8df29
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Received Authentication Service (AS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 |      messageType: AS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 |      protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 |      nonce: 205129622
INFO | jvm 1 | 2012/01/04 18:03:35 |      kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 |      realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 |      renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: myuser
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 4
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: myname mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM subsystem.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using encrypted timestamp.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal [email protected] has no SAM type. Proceeding with standard pre-authentication.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Pre-authentication by encrypted timestamp successful for [email protected].
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=krbtgt,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: gosaAccount
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: krbtgt
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: Service
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x5E 0x10 0xEF 0xE9 0x83 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x18 0x85 0x5A 0xA3 0xC9 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xEC 0xE0 0x98 0x6D 0x85 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 3
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: KDC Service
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Ticket will be issued for access to krbtgt/[email protected].
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Monitoring Authentication Service (AS) context:
INFO | jvm 1 | 2012/01/04 18:03:35 |      clockSkew 300000
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientAddress /192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 |      principal [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      cn null
INFO | jvm 1 | 2012/01/04 18:03:35 |      realm null
INFO | jvm 1 | 2012/01/04 18:03:35 |      principal [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      SAM type null
INFO | jvm 1 | 2012/01/04 18:03:35 |      principal krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      cn null
INFO | jvm 1 | 2012/01/04 18:03:35 |      realm null
INFO | jvm 1 | 2012/01/04 18:03:35 |      principal krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      SAM type null
INFO | jvm 1 | 2012/01/04 18:03:35 |      Request key type des-cbc-md5 (3)
INFO | jvm 1 | 2012/01/04 18:03:35 |      Client key version 0
INFO | jvm 1 | 2012/01/04 18:03:35 |      Server key version 0
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Responding with Authentication Service (AS) reply:
INFO | jvm 1 | 2012/01/04 18:03:35 |      messageType: AS_REP
INFO | jvm 1 | 2012/01/04 18:03:35 |      protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 |      nonce: 205129622
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      client realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      server realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      auth time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 |      start time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      end time: 20120105160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 |      renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 SENT: org.apache.directory.server.kerberos.shared.messages.AuthenticationReply@14fa707
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 RCVD: [email protected]eef81
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] - Received Ticket-Granting Service (TGS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 |      messageType: TGS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 |      protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 |      nonce: 263725163
INFO | jvm 1 | 2012/01/04 18:03:35 |      kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: ldap/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 |      realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 |      renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - The ticket isn't for us (35)
INFO | jvm 1 | 2012/01/04 18:03:35 | org.apache.directory.server.kerberos.shared.exceptions.KerberosException: The ticket isn't for us
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.verifyTgt(TicketGrantingService.java:233)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:100)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.lang.Thread.run(Thread.java:722)
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Responding to request with error:
INFO | jvm 1 | 2012/01/04 18:03:35 |      explanatory text: The ticket isn't for us
INFO | jvm 1 | 2012/01/04 18:03:35 |      error code: 35
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      client time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 |      server time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 SENT: org.apache.directory.server.kerberos.shared.messages.ErrorMessage@1c83981

From AD end
Create an OU
Create an Group
Create an User
add user to group
=============================
From LDAP client you should point to Active directory , to be more precise
LDAP base DN eg: dc=Microsoft , dc=com
search at the specific scope :EG; full search / subtree search
add the user in your application ( user is the one which you have created in AD )
client will connect to LDAP server , binds and then searches under the specified scope

Iplanet Directory server 5.0 replication issue

Hi,
I'm currently running some test for replication with the OLD version of DS 5.0 on Windows XP
Running 2 Servers Master A and Consumer B, where A is the original who initialise B with Data then from there on Master A replicates changes to Consumer B.
My problem is here, I can initialise the the Data ( copying it from A to B ) no problem.
But when I make changes in A and wait for it to replication from A --> B.
it does nothing.
I followed MOST of the steps in the replication guide for Administrator, but have hit a wall.
Only part i did no understand is below:
//=============================================
Create the entry corresponding to the supplier bind DN, if it does not exist. This is the special entry that the supplier will use to bind.
In the Directory Server Console, click the Directory tab, and create an entry. For example you could use cn=Replication Manager,cn=config.
Specify a userPassword attribute-value pair.
If you have enabled password expiration, or intend to do so in future, disable the password expiration policy on this attribute, by adding the passwordExpirationTime attribute with a value of 20380119031407Z.
//=============================================
Therefore I used cn=Replication Manager,cn=config wheen it asked during the replication config setup.
I also used this when creating the Directory server instance for Master A and Consumer B.
Logs are below:
ConsumerB Error Log
[31/Oct/2008:11:29:44 +1300] - slapd started. Listening on all interfaces port 10264 for LDAP requests
[31/Oct/2008:11:29:44 +1300] - cos_cache_getref: no cos cache created
[31/Oct/2008:11:34:34 +1300] NSMMReplicationPlugin - multimaster_be_state_change: replica o=psbconexa.co.nz is going offline; disabling replication
[31/Oct/2008:11:34:34 +1300] - import userRoot: Index buffering enabled with bucket size 10
[31/Oct/2008:11:34:34 +1300] - import userRoot: Beginning import job...
[31/Oct/2008:11:34:35 +1300] - import userRoot: Workers finished; cleaning up...
[31/Oct/2008:11:34:37 +1300] - import userRoot: Workers cleaned up.
[31/Oct/2008:11:34:37 +1300] - import userRoot: Indexing complete. Post-processing...
[31/Oct/2008:11:34:37 +1300] - import userRoot: Flushing caches...
[31/Oct/2008:11:34:37 +1300] - import userRoot: Closing files...
[31/Oct/2008:11:34:37 +1300] - import userRoot: Import complete. Processed 3 entries in 3 seconds. (1.00 entries/sec)
[31/Oct/2008:11:34:37 +1300] NSMMReplicationPlugin - multimaster_be_state_change: replica o=psbconexa.co.nz is coming online; enabling replication
[31/Oct/2008:11:34:38 +1300] NSMMReplicationPlugin - repl_set_mtn_referrals: could not set referrals for replica o=psbconexa.co.nz: 53
ConsumerB Access Log:
[31/Oct/2008:11:36:32 +1300] conn=6 op=6 UNBIND
[31/Oct/2008:11:36:32 +1300] conn=6 op=6 fd=1320 closed - U1
[31/Oct/2008:11:36:38 +1300] conn=2 op=135 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
[31/Oct/2008:11:36:38 +1300] conn=2 op=135 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=136 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsslapd-suffix nsBackendSuffix"
[31/Oct/2008:11:36:38 +1300] conn=2 op=136 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=137 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="namingContexts"
[31/Oct/2008:11:36:38 +1300] conn=2 op=137 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=138 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:38 +1300] conn=2 op=138 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=139 SRCH base="o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:38 +1300] conn=2 op=139 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=140 SRCH base="o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:38 +1300] conn=2 op=140 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=141 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-privatenamespaces"
[31/Oct/2008:11:36:38 +1300] conn=2 op=141 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=142 SRCH base="cn=schema" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:38 +1300] conn=2 op=142 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=143 SRCH base="cn=monitor" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:38 +1300] conn=2 op=143 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=144 SRCH base="cn=monitor" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:38 +1300] conn=2 op=144 RESULT err=0 tag=101 nentries=0 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=145 SRCH base="cn=monitor" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:38 +1300] conn=2 op=145 RESULT err=0 tag=101 nentries=0 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=146 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:38 +1300] conn=2 op=146 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=147 SRCH base="cn=config" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:38 +1300] conn=2 op=147 RESULT err=0 tag=101 nentries=4 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=148 ABANDON msgid=628
[31/Oct/2008:11:36:38 +1300] conn=2 op=149 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="subschemaSubentry"
[31/Oct/2008:11:36:38 +1300] conn=2 op=149 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:38 +1300] conn=2 op=150 SRCH base="cn=schema" scope=0 filter="(objectClass=subschema)" attrs="* ldapSyntaxes"
[31/Oct/2008:11:36:38 +1300] conn=2 op=150 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:39 +1300] conn=2 op=151 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nscpEntryDN ldapSyntaxes nsUniqueId ldapSchemas passwordExpirationTime passwordRetryCount nsTimeLimit hasSubordinates modifiersName passwordAllowChangeTime numSubordinates copyingFrom nsRoleDN entryid passwordExpWarned nsIdleTimeout entrydn modifyTimestamp accountUnlockTime nsRole nsds5ReplConflict nsAccountLock passwordHistory retryCountResetTime parentid copiedFrom createTimestamp nsBackendSuffix nsSchemaCSN subschemaSubentry creatorsName aci nsSizeLimit dncomp nsLookThroughLimit *"
[31/Oct/2008:11:36:39 +1300] conn=2 op=151 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:39 +1300] conn=2 op=152 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:39 +1300] conn=2 op=152 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:39 +1300] conn=2 op=153 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
[31/Oct/2008:11:36:39 +1300] conn=2 op=153 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:39 +1300] conn=2 op=154 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
[31/Oct/2008:11:36:39 +1300] conn=2 op=154 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:39 +1300] conn=2 op=155 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[31/Oct/2008:11:36:39 +1300] conn=2 op=155 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:39 +1300] conn=2 op=156 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:39 +1300] conn=2 op=156 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:39 +1300] conn=2 op=157 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
[31/Oct/2008:11:36:39 +1300] conn=2 op=157 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:41 +1300] conn=2 op=158 SRCH base="ou=Ray001,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:41 +1300] conn=2 op=158 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:41 +1300] conn=2 op=159 SRCH base="ou=Ray001,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[31/Oct/2008:11:36:41 +1300] conn=2 op=159 VLV 50:50:49:0 0:0 (0)
[31/Oct/2008:11:36:41 +1300] conn=2 op=159 RESULT err=0 tag=101 nentries=0 etime=0 notes=U
[31/Oct/2008:11:36:41 +1300] conn=2 op=160 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
[31/Oct/2008:11:36:41 +1300] conn=2 op=160 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:41 +1300] conn=2 op=161 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsBackendSuffix"
[31/Oct/2008:11:36:41 +1300] conn=2 op=161 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:41 +1300] conn=2 op=162 SRCH base="cn=MCC ou=Ray001 o=psbconexa.co.nz, cn=userRoot, cn=ldbm database, cn=plugins, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[31/Oct/2008:11:36:41 +1300] conn=2 op=162 RESULT err=32 tag=101 nentries=0 etime=0
[31/Oct/2008:11:36:48 +1300] conn=2 op=163 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-accesslog nsslapd-accesslog-list"
[31/Oct/2008:11:36:48 +1300] conn=2 op=163 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:50 +1300] conn=2 op=164 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-errorlog nsslapd-errorlog-list"
[31/Oct/2008:11:36:50 +1300] conn=2 op=164 RESULT err=0 tag=101 nentries=1 etime=0
[31/Oct/2008:11:36:52 +1300] conn=2 op=165 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-auditlog nsslapd-auditlog-list"
[31/Oct/2008:11:36:52 +1300] conn=2 op=165 RESULT err=0 tag=101 nentries=1 etime=0
//=====================
MasterA Error Log:
There seem to have no update during the time i started teh replication? replication updated started at about 31/Oct/2008:11:36:XX but in the logs in is 1 min behind with nothing i believe is important.
but let me know if needed.

And here is the backward replication from consumer to master WHICH SHOULDN"T happen.......
Created a new entry organization called, TEST002 on consumer side, which did not appear of course, but appeared on the Master side????...........................................................................
Master log:
[05/Nov/2008:10:58:21 +1300] conn=13617 fd=2292 slot=2292 connection from 10.1.1.79 to 10.30.1.200
[05/Nov/2008:10:58:21 +1300] conn=13617 op=0 BIND dn="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128 version=3
[05/Nov/2008:10:58:21 +1300] conn=13617 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
[05/Nov/2008:10:58:21 +1300] conn=13617 op=1 ADD dn="ou=TEST002,o=marketsite,o=psbconexa.co.nz"
[05/Nov/2008:10:58:21 +1300] conn=13617 op=1 RESULT err=0 tag=105 nentries=0 etime=0 csn=4910c57d000000050000
[05/Nov/2008:10:58:21 +1300] conn=13617 op=2 UNBIND
[05/Nov/2008:10:58:21 +1300] conn=13617 op=2 fd=2292 closed - U1
[05/Nov/2008:10:58:28 +1300] conn=13614 op=236 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
[05/Nov/2008:10:58:28 +1300] conn=13614 op=236 RESULT err=0 tag=101 nentries=1 etime=0
[05/Nov/2008:10:58:28 +1300] conn=13614 op=237 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsslapd-suffix nsBackendSuffix"
[05/Nov/2008:10:58:28 +1300] conn=13614 op=237 RESULT err=0 tag=101 nentries=1 etime=0
[05/Nov/2008:10:58:28 +1300] conn=13614 op=238 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
[05/Nov/2008:10:58:28 +1300] conn=13614 op=238 RESULT err=0 tag=101 nentries=1 etime=0
[05/Nov/2008:10:58:28 +1300] conn=13614 op=239 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[05/Nov/2008:10:58:28 +1300] conn=13614 op=239 RESULT err=0 tag=101 nentries=1 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=240 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=240 RESULT err=0 tag=101 nentries=1 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=241 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=241 RESULT err=0 tag=101 nentries=12 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=242 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=242 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=243 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=243 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=244 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=244 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=245 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=245 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=246 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=246 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=247 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=247 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=248 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=248 RESULT err=0 tag=101 nentries=18 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=249 ABANDON msgid=322
[05/Nov/2008:10:58:32 +1300] conn=13614 op=250 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=250 RESULT err=0 tag=101 nentries=2 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=251 ABANDON msgid=324
[05/Nov/2008:10:58:32 +1300] conn=13614 op=252 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=252 RESULT err=0 tag=101 nentries=5 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=253 ABANDON msgid=326
[05/Nov/2008:10:58:32 +1300] conn=13614 op=254 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:32 +1300] conn=13614 op=254 RESULT err=0 tag=101 nentries=9 etime=0
[05/Nov/2008:10:58:32 +1300] conn=13614 op=255 ABANDON msgid=328
[05/Nov/2008:10:58:33 +1300] conn=13614 op=256 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=256 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=257 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=257 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=258 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=258 SORT cn givenName o ou sn (12)
[05/Nov/2008:10:58:33 +1300] conn=13614 op=258 VLV 50:50:49:0 12:12 (0)
[05/Nov/2008:10:58:33 +1300] conn=13614 op=258 RESULT err=0 tag=101 nentries=12 etime=0 notes=U
[05/Nov/2008:10:58:33 +1300] conn=13614 op=259 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=259 RESULT err=0 tag=101 nentries=5 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=260 ABANDON msgid=333
[05/Nov/2008:10:58:33 +1300] conn=13614 op=261 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=261 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=262 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=262 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=263 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=263 RESULT err=0 tag=101 nentries=2 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=264 ABANDON msgid=337
[05/Nov/2008:10:58:33 +1300] conn=13614 op=265 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=265 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=266 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=266 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=267 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=267 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=268 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=268 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=269 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=269 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=270 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=270 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=271 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=271 RESULT err=0 tag=101 nentries=9 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=272 ABANDON msgid=345
[05/Nov/2008:10:58:33 +1300] conn=13614 op=273 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=273 RESULT err=0 tag=101 nentries=18 etime=0
[05/Nov/2008:10:58:33 +1300] conn=13614 op=274 ABANDON msgid=347
[05/Nov/2008:10:58:33 +1300] conn=13614 op=275 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nscpEntryDN ldapSyntaxes nsUniqueId ldapSchemas passwordExpirationTime passwordRetryCount nsTimeLimit hasSubordinates modifiersName passwordAllowChangeTime numSubordinates copyingFrom nsRoleDN entryid passwordExpWarned nsIdleTimeout entrydn modifyTimestamp accountUnlockTime nsRole nsds5ReplConflict nsAccountLock passwordHistory retryCountResetTime parentid copiedFrom createTimestamp nsBackendSuffix nsSchemaCSN subschemaSubentry creatorsName aci nsSizeLimit dncomp nsLookThroughLimit *"
[05/Nov/2008:10:58:33 +1300] conn=13614 op=275 RESULT err=0 tag=101 nentries=1 etime=0
///===========
Consumer log:
[05/Nov/2008:10:58:20 +1300] conn=1 op=449 ADD dn="ou=TEST002,o=marketsite,o=psbconexa.co.nz"
[05/Nov/2008:10:58:20 +1300] conn=1 op=449 RESULT err=10 tag=105 nentries=0 etime=0
[05/Nov/2008:10:58:20 +1300] conn=13 fd=1088 slot=1088 connection from 10.30.1.200 to 10.1.1.79
[05/Nov/2008:10:58:20 +1300] conn=13 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[05/Nov/2008:10:58:20 +1300] conn=13 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[05/Nov/2008:10:58:20 +1300] conn=13 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[05/Nov/2008:10:58:20 +1300] conn=13 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[05/Nov/2008:10:58:20 +1300] conn=13 op=2 EXT oid="2.16.840.1.113730.3.5.3"
[05/Nov/2008:10:58:20 +1300] conn=13 op=2 RESULT err=0 tag=120 nentries=0 etime=0
[05/Nov/2008:10:58:20 +1300] conn=13 op=3 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="nsSchemaCSN"
[05/Nov/2008:10:58:20 +1300] conn=13 op=3 RESULT err=0 tag=101 nentries=1 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=450 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=450 RESULT err=0 tag=101 nentries=10 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=451 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=451 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=452 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=452 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=453 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=453 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=454 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=454 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=455 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=455 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=456 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=456 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=457 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=457 RESULT err=0 tag=101 nentries=18 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=458 ABANDON msgid=542
[05/Nov/2008:10:58:21 +1300] conn=1 op=459 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=459 RESULT err=0 tag=101 nentries=2 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=460 ABANDON msgid=544
[05/Nov/2008:10:58:21 +1300] conn=1 op=461 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=461 RESULT err=0 tag=101 nentries=5 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=462 ABANDON msgid=546
[05/Nov/2008:10:58:21 +1300] conn=1 op=463 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=463 RESULT err=0 tag=101 nentries=9 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=464 ABANDON msgid=548
[05/Nov/2008:10:58:21 +1300] conn=1 op=465 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=465 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=466 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=466 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=467 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=467 SORT cn givenName o ou sn (10)
[05/Nov/2008:10:58:21 +1300] conn=1 op=467 VLV 50:50:49:0 10:10 (0)
[05/Nov/2008:10:58:21 +1300] conn=1 op=467 RESULT err=0 tag=101 nentries=10 etime=0 notes=U
[05/Nov/2008:10:58:21 +1300] conn=1 op=468 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=468 RESULT err=0 tag=101 nentries=5 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=469 ABANDON msgid=553
[05/Nov/2008:10:58:21 +1300] conn=1 op=470 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=470 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=471 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=471 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=472 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=472 RESULT err=0 tag=101 nentries=2 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=473 ABANDON msgid=557
[05/Nov/2008:10:58:21 +1300] conn=1 op=474 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=474 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=475 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=475 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=476 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=476 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=477 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=477 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=478 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=478 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=479 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=479 RESULT err=0 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=480 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=480 RESULT err=0 tag=101 nentries=9 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=481 ABANDON msgid=565
[05/Nov/2008:10:58:21 +1300] conn=1 op=482 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=482 RESULT err=0 tag=101 nentries=18 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=483 ABANDON msgid=567
[05/Nov/2008:10:58:21 +1300] conn=1 op=484 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=484 RESULT err=0 tag=101 nentries=1 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=485 SRCH base="o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=485 SORT cn givenName o ou sn (2)
[05/Nov/2008:10:58:21 +1300] conn=1 op=485 VLV 50:50:49:0 2:2 (0)
[05/Nov/2008:10:58:21 +1300] conn=1 op=485 RESULT err=0 tag=101 nentries=2 etime=0 notes=U
[05/Nov/2008:10:58:21 +1300] conn=1 op=486 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=486 RESULT err=0 tag=101 nentries=10 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=487 ABANDON msgid=571
[05/Nov/2008:10:58:21 +1300] conn=1 op=488 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
[05/Nov/2008:10:58:21 +1300] conn=1 op=488 RESULT err=0 tag=101 nentries=1 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=489 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsBackendSuffix"
[05/Nov/2008:10:58:21 +1300] conn=1 op=489 RESULT err=0 tag=101 nentries=1 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=490 SRCH base="cn=MCC o=psbconexa.co.nz, cn=userRoot, cn=ldbm database, cn=plugins, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[05/Nov/2008:10:58:21 +1300] conn=1 op=490 RESULT err=32 tag=101 nentries=0 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=491 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=491 RESULT err=0 tag=101 nentries=1 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=492 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=492 SORT cn givenName o ou sn (10)
[05/Nov/2008:10:58:21 +1300] conn=1 op=492 VLV 50:50:49:0 10:10 (0)
[05/Nov/2008:10:58:21 +1300] conn=1 op=492 RESULT err=0 tag=101 nentries=10 etime=0 notes=U
[05/Nov/2008:10:58:21 +1300] conn=1 op=493 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
[05/Nov/2008:10:58:21 +1300] conn=1 op=493 RESULT err=0 tag=101 nentries=5 etime=0
[05/Nov/2008:10:58:21 +1300] conn=1 op=494 ABANDON msgid=578
[05/Nov/2008:10:58:21 +1300] conn=1 op=495 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource

DS 5.2: passwordexpirationtime is 19700101000000Z

Similar Messages

Maybe you are looking for