DSCC- DirectoryServers- Servers displaying replication agreements?
Hello Folks -
When working through DS 6.x I noticed that sometimes the creation of a replication agreement will result in that agreement being displayed under the Servers tab within the DSCC. It will not happen for all agreements. When logging into DSCC - there are numerous searches which take place against the all registered instances - I assume to get some data to display. The searches for the replication agreements take place on all hosts - so why only some are displayed is odd. Any help would be appriciated.
Thanks
Randy
Example:
All JES Installs
Host 1: DS 6.3
Host 2: DS 6.0
ADS exists on Host 1 - both instances registered.
SSL agreement from Host1 -> Host2 = not displayed
SSL agreement from Host2 -> Host1 = dispalyed in DSCC Servers tab
Example of display:
HOST1:HOST1_SSL_PORT -secure port- (server not registered) and no instance path is displayed
Ok - this has been resolved. The issue was - when HOST1 was registered locally to the ADS it was with the command 'dsccreg add-server $instance_path'. The name of the host was then taken from the local machine (from /etc/nodename?) and was not the FQDN. Then the replication agreement was created from HOST2 -> HOST1 and the FQDN was used. The DSCC was not able to match the host names and considered the replication agreement a new host which was not registered. The resolution was to either create the replication agreement with the same value which was stored during registration - or better yet - register the local host again with the FQDN.
Similar Messages
-
Replication agreement configure via DSCC
Hi
I have problem on config replication agreement. I want to make replication between 2 masters which installed on different physical machines. But they cannot find out with each ohter Or how to add remote servers on server list, I even tried to do register server but failed.
Thank you.Can you check if cacao is running?
/opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm status
If not running, start it:
/opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm start
If this did not help, please explain: "But they cannot find out with each ohter Or how to add remote servers on server list, I even tried to do register server but failed."
What steps did do follow to register a server andwhat error did you see? Post error and access log snippets -
DSEE 6.2: port change and replication agreement update
I evaluate DSEE 6.2. I have created three ds instances in one host, two master and one slave. I changed the LDAP port number of my slave instance from 391 to 392 with DSCC. DSCC started to update configurations but stopped at 10 %:
Updating LDAP configuration of Directory Server
Updating Replication Agreements
10% Complete
Updating Directory Server ldap:391 LDAP configuration . . . . . Done.
Updating registration information . . . . . Done.
Updating Replication Configuration of suffix c=fi on server ldap:390:
Modifying Replication Agreement . . .
There are replication agreements between masters and both masters feed the slave.
BR,
-jukka-Looks like you have a certificate problem:
"##[19/Dec/2007:09:27:17 -0700] - ERROR<4753> - SSL - conn=-1 op=-1 msgId=-1 - Security Initialization: Can't find certificate (ca-cert) for family cn=rsa,cn=encryption,cn=config (error -8174 - security library: bad database.)"
and until it is resolved, you wont be able to do much while in SSL mode.
Is your certificate expired? If it is, can you create a new, self-signed cert and try to run on that just to make sure it's not something else with server setup? -
Problem with replication agreement
Hi All,
I am trying to setup a replication agreement within the version 5.1 console. I am using a multi-master model. I have run into a snag in that section where I need to enter the Consumer and the Connection->Simple Authentication. For some reason after I enter in the proper information the next button is still 'greyed' out.
Is this an indication that something is not right?
Thank you for any help/information.Please ignore this post. I was able to sort my way through this porblem only to find another involving permissions.
-
SASL Replication Agreement Authentication
Is it possible to use SASL mechanisms for replication agreement authentication in DS5.2P4? (GSSAPI specifically). If not, are there plans to include this functionality in 5.2P5, or DS6, or some other future version?
It is currently not possible and it will not be in 5.2p5 nor 6.0.
There are many things in the pipe for future versions, and certainly SASL authn for the Replication session is one one them. I suggest that you contact your prefered Sun representative and try to have the priority raised
Ludovic -
Help AAA Servers Database Replication
Hi Guys,
I have 2 AAA Servers Acting as Prim/Backup.
Recently we were facing some issues with Backup Server, so upgraded the windows to Windows 2008 Server, and reinstalled ACS 4.2
Now when i try to Replicate every thing from Primary to Secondary. it is not replicating AAA Clients. i can see all the groups / users / Settings replicated. but there are no AAA Clients in Network Configuration.
Any point i am missing in Replication Configuration????
Replication Components "Network Configuration Device Tables" already marked. So whats missing???
Thanks in advanceOk got answer myself....
in future anyone faces same issue... Just make sure you are using the EXACT SAME Versions on both devices. the Minior version difference will even not work.
i hade 4.2.1(15) on primary and 4.2.0 on secondary... there was no errors but still not working. after upgrading to same version it worked. !!! -
Is there a possibility to display a license agreement to the user and remove the application from the cache if the user does not accept the license agreement? Or does the application have to implement this by itself?
Such a feature would be of utmost importance to us. Thanks for any hints,
ThomasYou could do it as part of your main application, but there are some disadvantages:
1) The installer has the advantage of running only once. If you include this as part of your ap. it will run it every time.
2) The installer has access to the InstallPath, and methods such as RemoveResource(). If you do it without an installer, I guess you will need to disable your application in some other manner (e.g. looking for a license file).
On the other hand the advantage is that you will not be tied to using Java Web Start as a launch mechanism..
John -
Is there a BAPI that displays Scheduling Agreement line items?
Hi,
If a PO number is passed to BAPI_PO_GETITEMS, all line items are returned.
Is there a BAPI that will do the same thing for a scheduling agreement?
Thx.
AndyHi,
try BAPI_PO_GETDETAIL
Regards.
David -
ODSEE 11gR1: DS server instances displayed twice in DSCC console
I recently migrated some DSEE 6.x DS instances to ODSEE 11gR1 (dsconf : 11.1.1.5.0 B2011.0517.2145) on RHEL 5.7 x64 .
When running "./dsccreg list-servers -aC" on the DSCC host, I can see all my ODSEE instances.
However, in the DSCC console, some instances appear twice, in the "Directory Servers" -> "Servers" sub-tab, and some others appear
only once, normally.
For the instances appearing twice, I have the following in the "Server" column:
server shortname:389 (server not registered)
server FQDN:389
I'd like to know how to remove the "server not registered" lines. I don't know how does DSCC build this server list, but I've checked it's
not defined under th cn=dscc tree.
The problem with that wrong display, is that for example in the replication agreements tab, some replication agreements are displayed twice too,
which is confusing.
DSCC runs in a Tomcat 6.0.35 container, and my java version is as follows:
java version "1.6.0_20"
OpenJDK Runtime Environment (IcedTea6 1.9.10) (rhel-1.23.1.9.10.el5_7-x86_64)
OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode)
Any idea ?I did what you suggested. Both commands worked fine and produced no errors but the problem remains in the DSCC GUI.
When running ./dsccreg list-servers, it still works fine, I see all servers only once.
Also, I noticed that if I look at the GUI between the remove-server and the add-server command, each server appears
twice with the following comment between brackets: (server not registered).
After registering the server again, one the "(server not registered)" comment 's been removed but the other instance
with the comment remains.
So, the remove-server command doesn't prevent an instance from being displayed in the DSCC GUI. This is what I'd like. -
DSCC multi-master replication issue
Hello All,
I am trying to setup 2 DSCC consoles with multi-master replication enabled(cn=dscc), facing issue when I see directory server list in both dscc consoles, I see below 2 dscc instances also which should not be there(since they are ADS, should be hidden). Also the changes does not reflect immediately, takes around 30 minutes or so.
Please note I am running 2 ADS instances on one box with port no 3998 and 4000 both are master. Seek your guidance on how to fix this issue.
localhost:3998 (server not registered) - Started -
localhost:4000 (server not registered) - Started -
Below are the steps I carried out to setup multi-master replication-
On instance 1
Check the DSCC port no of instance 1
D:\ldap_server\ds6\bin>dsadm info d:\ldap_server\var\dscc6\dcc\ads
Instance Path: d:/ldap_server/var/dscc6/dcc/ads
Owner: AT0094060
Non-secure port: 3998
Secure port: 3999
Bit format: 32-bit
State: Running
Server PID: 2820
DSCC url: -
Windows service registration: Disabled
Instance version: D-A00
Enable replication-
D:\ldap_server\ds6\bin>dsconf enable-repl -h localhost -p 3998 -e -d 10 master cn=dscc
Enter "cn=Directory Manager" password:
Use "dsconf create-repl-agmt" to create replication agreements on "cn=dscc".
Setup repl agmt
D:\ldap_server\ds6\bin>dsconf create-repl-agmt -h localhost -p 3998 -e cn=dscc localhost:4000
Enter "cn=Directory Manager" password:
Use "dsconf init-repl-dest cn=dscc localhost:3998" to start replication of "cn=dscc" data.
Setup rep password
D:\ldap_server\ds6\bin>dsconf set-server-prop -h localhost -p 3998 -D "cn=directory manager" -e def-repl-manager-pwd-file:d:\rmpassword.txt
Enter "cn=Directory Manager" password:
Check the password
D:\ldap2_server\ds6\bin>dsconf get-server-prop -h localhost -p 3998 -e def-repl-manager-pwd
Enter "cn=Directory Manager" password:
def-repl-manager-pwd : {SSHA}g9OpeO2H57MH2Eq4xV5gbxVqHGzEG2VpdBSuIA==
Restart ADS to read new changes
D:\ldap_server\ds6\bin>dsadm restart d:\ldap-server\var\dscc\dcc\ads
Check suffix prop-
D:\ldap_server\ds6\bin>dsconf get-suffix-prop -h localhost -p 3998 -e cn=dscc
Enter "cn=Directory Manager" password:
all-ids-threshold : inherited (4000)
db-name : bellatonus
db-path : D:/ldap_server/var/dscc6/dcc/ads/db/bellatonus
enabled : on
entry-cache-count : unlimited
entry-cache-size : 10M
entry-count : 12
moddn-enabled : inherited (off)
parent-suffix-dn : undefined
referral-mode : disabled
referral-url : ldap://machine1:4000/cn%3Ddscc
repl-accept-client-update-enabled : on
repl-cl-max-age : 1w
repl-cl-max-entry-count : 0
repl-id : 10
repl-manager-bind-dn : cn=replication manager,cn=replication,cn=config
repl-purge-delay : 1w
repl-rewrite-referrals-enabled : off
repl-role : master
require-index-enabled : off
Run accord-
D:\ldap_server\ds6\bin>dsconf accord-repl-agmt -h localhost -p 3998 -e cn=dscc localhost:4000
To test replication manager password use-
ldapsearch -h localhost -p 3998 -D "cn=replication manager,cn=replication,cn=config" -q -b "" -s base objectclass=*namingContexts
Please enter bind password:
check the replication status
D:\ldap2_server\ds6\bin>dsconf show-repl-agmt-status -h localhost -p 3998 -e cn=dscc localhost:4000
Enter "cn=Directory Manager" password:
Configuration Status : OK
Authentication Status : OK
Initialization Status : OK
Status : Enabled
Last Update Date : Jun 13, 2012 4:04:22 PM
On instance 2
Check the DSCC port no-
D:\ldap_server\ds6\bin>dsadm info d:\ldap2_server\var\dscc6\dcc\ads
Instance Path: d:/ldap2_server/var/dscc6/dcc/ads
Owner: AT0094060
Non-secure port: 4000
Secure port: 4001
Bit format: 32-bit
State: Running
Server PID: 4264
DSCC url: -
Windows service registration: Disabled
Instance version: D-A00
Enable replication
D:\ldap_server\ds6\bin>dsconf enable-repl -h localhost -p 4000 -e -d 10 master cn=dscc
Enter "cn=Directory Manager" password:
Use "dsconf create-repl-agmt" to create replication agreements
on "cn=dscc".
Setup repl agmt
D:\ldap_server\ds6\bin>dsconf create-repl-agmt -h localhost -p 4000 -e cn=dscc localhost:3998
Enter "cn=Directory Manager" password:
Use "dsconf init-repl-dest cn=dscc localhost:3998" to start replication of "cn=dscc" data.
Setup repl password
D:\ldap_server\ds6\bin>dsconf set-server-prop -h localhost -p 4000 -D "cn=directory manager" -e def-repl-manager-pwd-file:d:\rmpassword.txt
Enter "cn=Directory Manager" password:
Check the password
D:\ldap2_server\ds6\bin>dsconf get-server-prop -h localhost -p 4000 -e def-repl-manager-pwd
Enter "cn=Directory Manager" password:
def-repl-manager-pwd : {SSHA}g9OpeO2H57MH2Eq4xV5gbxVqHGzEG2VpdBSuIA==
Restart ADS
D:\ldap_server\ds6\bin>dsadm restart d:\ldap2-server\var\dscc\dcc\ads
test replication manager password with
ldapsearch -h localhost -p 4000 -D "cn=replication manager,cn=replication,cn=config" -q -b "" -s base objectclass=*namingContexts
Please enter bind password:
D:\ldap2_server\ds6\bin>dsconf get-suffix-prop -h localhost -p 4000 -e cn=dscc
Enter "cn=Directory Manager" password:
all-ids-threshold : inherited (4000)
db-name : bellatonus
db-path : D:/ldap2_server/var/dscc6/dcc/ads/db/bellatonus
enabled : on
entry-cache-count : unlimited
entry-cache-size : 10M
entry-count : 12
moddn-enabled : inherited (off)
parent-suffix-dn : undefined
referral-mode : disabled
referral-url : ldap://machine1:3998/cn%3Ddscc
repl-accept-client-update-enabled : on
repl-cl-max-age : 1w
repl-cl-max-entry-count : 0
repl-id : 20
repl-manager-bind-dn : cn=replication manager,cn=replication,cn=config
repl-purge-delay : 1w
repl-rewrite-referrals-enabled : off
repl-role : master
require-index-enabled : off
Initialize ADS2 from ADS1 using the replication agreement:
dsconf init-repl-dest -e -i -h localhost -p 3998 cn=dscc localhost:4000
Delete
Check the replication status
D:\ldap2_server\ds6\bin>dsconf show-repl-agmt-status -h localhost -p 4000 -e cn=dscc localhost:3998
Enter "cn=Directory Manager" password:
Configuration Status : OK
Authentication Status : OK
Initialization Status : OK
Status : Enabled
Last Update Date : Jun 13, 2012 4:07:36 PM
Run insync
D:\ldap2_server\ds6\bin>insync -D "cn=directory manager" -j d:\dmpw.txt -s localhost:3998 -c localhost:4000 20
ReplicaDn Consumer Supplier Delay
cn=dscc localhost:4000 localhost:3998 0
cn=dscc localhost:4000 localhost:3998 0
cn=dscc localhost:4000 localhost:3998 0
^C
D:\ldap_server\ds6\bin>insync -D "cn=directory manager" -j d:\dmpw.txt -s localhost:4000 -c localhost:3998 20
ReplicaDn Consumer Supplier Delay
cn=dscc localhost:3998 localhost:4000 0
cn=dscc localhost:3998 localhost:4000 0
cn=dscc localhost:3998 localhost:4000 0Replicating the ADS instance, ie cn=dscc is not supported and not supposed to work so what you are trying to do is futile.
-
Enhancement for VF02 in which agreement no to be displayed in assignment filed in FI document?
Hi Experts,
Does anyone know which exit has to be used in order to display the agreement no in assignment filed in FI document for transaction VF02 (SD).
lets say
when i click on doc no. in the " Documents in Accounting" pop up , Agreement no to be displayed in the assignment field instead of Date.
Could anybody please help me out as i've never done any enhancement before.
Thanks in Advance
Regards
SatishHi Experts,
Does anyone know which exit has to be used in order to display the agreement no in assignment filed in FI document for transaction VF02 (SD).
lets say
when i click on doc no. in the " Documents in Accounting" pop up , Agreement no to be displayed in the assignment field instead of Date.
Could anybody please help me out as i've never done any enhancement before.
Thanks in Advance
Regards
Satish -
Replication overwrites the AAA servers table in the secondary server
Hi,
I've configured two ACS servers with replication but i noticed that when the replication takes place it overwrites the AAA servers table configured in the network configuration of the secondary server and that makes the next replication to fail because the two servers have the same configuration of AAA servers, if i uncheck the "Network Configuration Device tables" and the "Network Access Profiles" from the "Database Replication Setup" wich includes the AAA servers table I also missed the replication of the new network devices that are added in the master server.
Do you know how can i exclude only the AAA servers table from the replication??
Other thing is that I configured the Outbound replication as "Automatically triggered cascade", I'm not sure if this means that at the exactly moment that there is a change on the primary server it will replicate it to the secondary???? because if that is the case it is not doing it.
Thanks in advance for your helpHi,
I understand, thanks alot for making that clear!.
I now have another situation and i was wondering if you can help me, i made some changes in the AAA servers trying to solve this situation but i wasn't able to, so i leave again the servers in the same way that they were configured by the time the replication was working but now it is not, in the master server i get this message:
ERROR ACS 'LACSLVBCDVAS007' has denied replication request
and in the second server i get this:
ERROR Inbound database replication from ACS 'lacslvbcpvas011' denied - shared secret mismatch
I've checked the same key configured for both and are the same, i've deleted the AAA servers and the configure them again, restart the services but the problem remains, dou you have any idea what this could be??
Thanks in advance for your help.
Best Regards, -
DS 6.0 - Multi Master replication over SSL
Hello,
Any got replication workin over SSL. I've tried both DSCC and command line, but it fails over SSL. I am able to get replication configured over non-secure LDAP port.
I've exchanged CA certs between the two master servers involved. The admin guide on page 251 lists the following command.
dsconf create-repl-agmt -h example1.server -p 1389 -e -i \
--auth-protocol "ssl-simple" dc=example,dc=com example2.server:2636
$ dsconf create-repl-agmt -h example2.server -p 2389 -e -i \
--auth-protocol "ssl-simple" dc=example,dc=com example1.server:1636
I believe "-e" option stands for non secure. When I run the above commands, dsconf complains that --auth-protocol is not a valid option.
Usinf DSCC, I am able to create the replication agreement using simple SSL. When I try to initialize the suffixes, I get a bind error. I am using the built in "replication manager" account to bind.
Thanks for your help and input.It took me a while to figure it out myself, but if you do what is in the documentation(Replicating Over SSL) to a T(not through DSCC), that is how I got it to work. You also have to make sure that you have valid certs, and that they are both added to each box, and trusted. I think that was where I had the most problem. The other thing I ran into, is that you have to keep the case sensitivity with the server names when you register them.
It works, but it's a little bit of a pain. -
Hi,
one of our locations changed IP of LDAP-server host. I deleted before the weekend all replication agreements from our master and deleted the host in DSCC.
Replication agreement is fine again, but setup the host in DSCC is failing with error message, that DSCC can't contact the cacaoadm on the new IP.
If I snoop I can see, that DSCC ist contacting the old IP adress of the server. FQDN is completely the same as before the IP move.
I restarted DSCC instance, didn't helped. I can't find any informations regarding the old IP adress in DSCC instance config.
Can you help me ho to solve this?I'd suggest you to first use the dsccreg command, rather than the GUI, to prevent some problems with it or with the browser's cache.
Then, first check that from the DSCC host, the new IP resolves to the right FQDN and vice-versa.
Then, if you see your LDAP server in the "dsccreg list-servers" output, I'd suggest you to remove it (dsccreg remove-server) and add it again (dsccreg add-server).
If it still fails, you can export your DSCC registry to an LDIF file, check each IP address in the LDIF export, fix it if needed and import it again.
Nothing here will break your LDAP service or replication, so you can do it safely.
It you still have a problem, it could be also come from either the name service cache daemon (nscd), if started on your DSCC host
(just restart it in such a case), or it could come from your replication agreements. I had a issue recently where I had to recreate every replication agreement.
You can also do it safely, without having to reinitialize your LDAP servers. They' will just not be up to date for a few seconds. -
Load Balancing Directory Servers with Access Manager - Simple questions
Hi.
We are in the process of configuring 2 Access Manager instances (servers) accessing the same logical LDAP repository (comprising physically of two Directory Servers working together with Multi-Master Replication configured and tested) For doing this, we are following guide number 819-6258.
The guide uses BigIP load balancer for load balancing the directory servers. However, we intend to use Directory Proxy Server. Since we faced some (unresolved) issues last time that we used DPS, there are some simple questions that I would be very grateful to have answers to:
1. The guide, in section 3.2.10 (To configure Access Manager 1 with the Directory Server load balancer), talks about making changes at 4 places, and replacing the existing entry (hostname and port) with the load balancer's hostname and port (assuming that the load balancer has already been configured). It says that changes need not be made on Access Manager 2 since the LDAPs are in replication, and hence changes will be replicated at all places. However, the guide also states that changes have to be made in two files, namely AMConfig.properties, and the serverconfig.xml file. But these changes will not be reflected on Access Manager 2, since these files are local on each machine.
Question 1. Do changes have to be made in AMConfig.properties and serverconfig.xml files on the other machine hosting Access Manager 2?
Question 2: What is the purpose of putting these values here? Specifically, what is achieved by specifying the Directory server host and port in AMConfig.properties, as well as in serverconfig.xml?
Question 3. In the HTTP console, there is the option of specifying multiple primary LDAP servers, as well as multiple secondary LDAP servers. What is the purpose of these? Are secondary servers attempted when none of the list in the primary list are accessible? Also, if there are multiple entries in the primary server list, are they accessed in a round robin fashion (hereby providing rudimentary load balancing), or are other servers accessed only when the one mentioned first is not reachable etc.?
2. Since I do not have a load balancer setup yet, I tried the following deviation to the above, which, according to me, should have worked. If viewed in the HTTP console, LDAP / Membership / MSISDN and Policy configuration all pointed to the DS on host 1. When I changed all these to point to the directory server on host 2 (and made AMConfig.properties and serverconfig.xml on host 1 point to DS of host 2 as well), things should have worked fine, but apparently Access manager 1 could not be started. Error from Webserver:
[14/Aug/2006:04:30:36] info (13937): WEB0100: Loading web module in virtual server [https-machine_1_FQDN] at [search]
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Exception in thread "EventService" java.lang.ExceptionInInitializerError
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.iplanet.services.ldap.event.EventServicePolling.run(EventServicePolling.java:132)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at java.lang.Thread.run(Thread.java:595)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Caused by: java.lang.InterruptedException
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.sun.identity.sm.ServiceManager.<clinit>(ServiceManager.java:74)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: ... 2 more
In effect, AM on 1 did not start. On rolling back the changes, things again worked like previously.
Will be really grateful for any help / insight / experience on dealing with the above.
Thanks!Update to the above, incase anyone is reading:
We setup a similar setup in Windows, and it worked. Here is a detailed account of what was done:
1. Host 1: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST1:389)
2. Host 2: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST2:389)
3. Host 1: Started replication. Set to Master
4. Host 2: Started replication. Set to Master
5. Host 1: Setup replication agreement to Host 2
6. Host 2: Setup replication agreement to Host 1
7. Initiated the remote replica from Host 1 ----> Host 2
Note that since default installation uses abc.....xyz as the encryption key, setting this to same was not an issue.
9. Started webserver for Host 1 and logged into AM as amadmin.
10. Added Host 2 FQDN in DNS Aliases / Realms
11. Added http://HOST2_FQDN:80 in the Platform server (instance) list.
12. Started Host 2 webserver. Logged in AM on Host 2, things worked fine.
At this stage, note the following:
a) Host 1:
AMConfig.properties file has
com.iplanet.am.directory.host=host1_FQDN
and
com.iplanet.am.directory.port=389
serverconfig.xml has:
<Server name="Server1" host="host1_FQDN" port="389" type="SIMPLE" />
b) Host 2:
AMConfig.properties file has
com.iplanet.am.directory.host=host2_FQDN
and
com.iplanet.am.directory.port=389
serverconfig.xml has:
<Server name="Server1" host="host2_FQDN" port="389" type="SIMPLE" />
c) If one logs into AM, and checks LDAP servers for LDAP / Policy Configuration / Membership etc services, they all contain Host2_FQDN:389 (which makes sense, since replica 2 was initialized from 1)
Returning back to the configuations:
13. On Host 1, login into the Admin server console of the Directory server. Navigate to the DPS, and confgure the following:
a) Network Group
b) LDAP servers
c) Load Balancing
d) Change Group
e) Action on-bind
f) Allow all actions (permit modification / deletion etc.).
g) any other configuations required - Am willing to give detailed steps if someone needs them to help me / themselves! :)
So now, we have DPS configured and running on Host1:489, and distributing load to DS1 and DS2 on a 50:50 basis.
14. Now, log into AM on Host 1, and instead of Host1_fqdn:389 (for DS) in the following places, specify Host1_fqdn:489 (for the DPS)--
LDAP Authentication
MSISDN server
Membership Service
Policy configuation.
Verified that this propagated to the Policy Configuration service and the LDAP authentication service that are already registered with the default organization.
15. Log out of AM. Following the documentation, modify directory.host and directory.port in AMConfig.properties to point to Host 1_FQDN and 489 respectively. Make this change in AMConfig.properties of both Host 1 as well as 2.
16. Edit serverconfig.xml on both hosts, and instead of they pointing to their local directory servers, point both to host1_FQDN:489
17. When you start the webserver, it will refuse to start. Will spew errors such as:
[https-host1_FQDN]: Sun ONE Web Server 6.1SP5 B06/23/2005 17:36
[https-host1_FQDN]: info: CORE3016: daemon is running as super-user
[https-host1_FQDN]: info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.5.0_04] from [Sun Microsystems Inc.]
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amserver]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [ampassword]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amcommon]
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amconsole]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [search]
[https-host1_FQDN]: warning: CORE3283: stderr: netscape.ldap.LDAPException: error result (32); matchedDN = dc=sun,dc=com; No such object (DN changed)
[https-host1_FQDN]: warning: CORE3283: stderr: Got LDAPServiceException code=-1
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getConnection(DSConfigMgr.java:357)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewFailoverConnection(DSConfigMgr.java:314)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewConnection(DSConfigMgr.java:253)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:184)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:194)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.initLdapPool(DataLayer.java:1248)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.(DataLayer.java:190)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:215)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:246)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.initialize(SMSLdapObject.java:156)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.(SMSLdapObject.java:124)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance0(Class.java:350)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance(Class.java:303)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.SMSEntry.(SMSEntry.java:216)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ServiceSchemaManager.(ServiceSchemaManager.java:67)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.getServiceSchemaManager(AMClientDetector.java:219)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.(AMClientDetector.java:94)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.mobile.filter.AMLController.init(AMLController.java:85)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:322)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:120)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3271)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3747)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]: failure: WebModule[amserver]: WEB2783: Servlet /amserver threw load() exception
[https-host1_FQDN]: javax.servlet.ServletException: WEB2778: Servlet.init() for servlet LoginLogoutMapping threw exception
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:949)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
[https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]: ----- Root Cause -----
[https-host1_FQDN]: java.lang.NullPointerException
[https-host1_FQDN]: at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
[https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]:
[https-host1_FQDN]: info: HTTP3072: [LS ls1] http://host1_FQDN:58080 [i]ready to accept requests
[https-host1_FQDN]: startup: server started successfully
Success!
The server https-host1_FQDN has started up.
The server infact, didn't start up (nothing even listening on 58080).
However, if AMConfig.properties is left as it originally was, and only serverconfig.xml files were changed as mentioned above, web servers started fine, and things worked all okay. (Alright, except for some glitches when viewed in /amconsole. If /amserver/console is accessed, all is good. Can this mean that all is still not well? I am not sure).
So far so good. Now comes the sad part. When the same is done on Solaris 9, things dont work. You continue to get the above error, OR the following error, and the web server will refuse to start:
Differences in Solaris and Windows are as follows:
1. Windows hosts have 1 IP and hostname. Solaris hosts have 3 IPs and hostnames (for DS, DPS, and webserver).
No other difference from an architectural perspective.
Any help / insight on why the above is not working (and why the hell does the documentation seem so sketchy / insecure / incorrect).
Thanks a bunch!
Maybe you are looking for
-
Can't burn a iDVD movie I created.
Created a movie in iMovie, sent it to iDVD and set up chapters etc. Viewed the whole movie in the iDVD preview and there were no problems, buttons work great everything works fine. Send it to burn the DVD, it goes through setting up the menu, compres
-
Field description of an internal table
Hi, I am trying to read the field description of an internal table, which consists of fields from different DD tables. I am able to read the descriptions of a DD table by using FM 'DDIF_FIELDINFO_GET'. Can you please suggest me how can read the text
-
Dreamweaver open link in same window (basic)
Hey, I have a verry basic question. So im creating a page with File->New->2 column left sidebar fixed. And now i want to have "Link one" link to a new page, and that new page has to be shown on the right side. so that the left bar is still there. How
-
I tried to sync Firefox mobile to my PC. Then I tried to upgrade to Firefox 4.0, which was a mistake, because I already had 4.0. I checked yes to install it again. Then I tried to uninstall and reinstall 4.0. That is when I started getting the error
-
When Setting Vertical Align on a TextFlow to VerticalAlign.MIDDLE or VerticalAlign.BOTTOM, The First TextFlowLine Selection and Caret is vertically offset with respect to the distance of vertical space between the top of the Container boundary and th