Dsconf export - SunOne 6.2 DS

Similar Messages

• DSEE 6:  do "dsconf export" and "dsadm export" produce identical results?

  Hi,
  I tried exporting using "dsconf export" with the flag "not-export-unique-id". I was surprised that when I checked the resulting LDIF file "nsUniqueId" values were present.
  I then tried the same export using "dsadm export" with the "not-export-unique-id" flag, and the resulting LDIF file did not include the "nsUniqueId" values (expected).
  Here are the examples:
  # dsconf export -Q -f not-export-unique-id dc=example,dc=com /u1/dsconf.out
  # grep -ic '^nsuniqueid' /u1/dsconf.out
  14304
  # /u1/dsee/stop-slapd
  # dsadm export -Q -f not-export-unique-id /u1/dsee dc=example,dc=com /u1/dsadm.out
  # grep -ic '^nsuniqueid' /u1/dsadm.out
  0
  Is this a bug that someone else has come across? Is it fixed in 6.3, or will it be fixed in 6.4?
  Thanks, Greg

  Hi Greg, I checked and did not see this as a know issue so this is likely a bug that we have not come across yet. Do you have a support contract with Sun ? If so I would log a support call on this so that we can get it in the queue for an upcoming release.
  - Kevin

• Online export and import in DS6

  Hello,
  We are running Sun Java System Directory Server Enterprise Edition 6.0 on Solaris 10.
  We need to export ou=people,o=xyz.com,dc=xyz,dc=com ONLINE and export to other Server (running same version) ONLINE (without stopping the services). So i ran the below:
  ./dsconf export -h webmail.xyz.com -p 389 ou=people,o=xyz.com,dc=xyz,dc=com ppl.ldif
  prompts for "cn=Directory Manager" password and after entering it says "ou=people,o=xyz.com,dc=xyz,dc=com" does NOT exist. But it actually exists.
  We're able to export "dc=xyz,dc=com" without any problems but we need ou=people only.
  Appreciate if anyone could provide solution with exact commands to run for export and import (without stopping the DS)
  Thanks much
  Prvn

  "dsconf export" operates only on suffix DNs (i.e., usually the base of your DIT which corresponds to the LDBM backend database).
  Usage (from the dsconf manpage):
  dsconf export [-h host] [-p port] [-aQ] [-f  FLAG] ... [[-s DN] ... | [-x DN] ...] SUFFIX_DN [SUFFIX_DN...] LDIF_FILE
  Look into these options and see if they can help limit its output:
  -s DN
  --include DN
  Exports all data under specified DN.
  -x DN
  --exclude DN
  Does not import or export data contained under the specified DN.

• Dsconf backup/restore in a replication environment

  Hi,
  using Sun JS Directory Server 6.3.1. Two servers in a multi-master topology. When making a backup of the directory (on both systems) using dsconf backup, my question is: how should the restore be done, given the fact that there's a replication agreement between the two servers. Should both servers be restored (from the same backup date/time) and when after the restore will the replication start again? Is it possible that replication from host A already starts while host B is still restoring? And if so, how to prevent this situation?
  /rolf

  One other way to do it is with "dsconf export" and "dsconf import" (2 ways) -
  1. When you use dsconf export, without -Q switch, then it automatically import the replication information. You will then have to import both suffixes and enable the "repl-accept-client-update-enabled" attribute to "on" for master instance to start accepting updates from clients.
  Eg.
  # dsconf set-suffix-prop –e –p <port>“<suffix>” repl-accept-client-update-enabled:on
  2. If you export the backup with -Q switch, then you will anyhow import one of the instances and initialize the other from first instance as "dsconf import -Q" does not import the replication information.

• Exporting LDIF Data in gunzip format

  Hi All,
  When you export suffix data, if the filename of the export file ends with .gz, ODSEE automatically compresses the file.
  [http://docs.oracle.com/cd/E35622_01/html/821-1216/whatsnew7.html#scrolltoc].
  I tried exporting the suffix data in .gz format using below command:
  ./dsconf export -h host -p port "dc=test,dc=com" /home/oracle/test.gz
  Although it created the file but I was not able to see the contents and gunzip command throwed me the error "not in gzip format".
  So, does this command work, I mean export the data in .gz format or I am missing something here?
  I was able to export the data in ldif using the same command.
  Regards,
  Sunny

  My bad, the file name has to be test.ldif.gz.

• DS6 export/import performance

  Hi,
  is it just me, or is LDIF export quite slow in DS6? For example:
  725,000 Entries, DS6:
  offline dsadm export: 44 minutes
  online dsconf export: 44 minutes
  online dsconf export -Q: 53 minutes
  offline db2ldif -r: 47 minutes
  As opposed to that:
  725,000 Entries, DS5.2P4 (same machine, same cache sizes):
  online db2ldif: 13 minutes
  offline db2ldif -r: 10 minutes
  Also import seems to be a bit slower for DS6.
  I really liked the fast LDIF export, hope this gets fixed (if it's not a problem with my configuration).
  Cheers,
  Holger

  I checked iostat, for DS6 export the disk is roughly as busy as for DS5.2P4, although the export for DS6 is much slower. So maybe the disk is the limiting factor. The question is why the disk load is almost the same, although DS6 throughput is around 4x less?Sorry, this information was wrong, I checked again. Disk usage was much higher with DS6. Busy percentages during export were roughly:
  DS5.2P4: 40-50%
  DS6: 80-90%
  Then I realized some configuration difference, db cache files location was not in /tmp for DS6. After I changed that, performance for DS6 was much better:
  DS6: 60-70% disk busy
  15 minutes export time
  Still not as fast as DS5.2P4, but acceptable for me.

• Could not read ruv entry

  Can anyone explain what exactly below WARNING message means.
  +[01/May/2009:12:56:47 +1200] - WARNING<20515> - Backend Database - conn=-1 op=-1 msgId=-1 - could not read ruv entry, this ldif should not be used to initialize replicas+
  I see above warning is logged to error log everytime I execute "dsconf export" command in a standalone directory server 6.3.1 instance (not in a replicated environment).

  Yes, it is.
  all-ids-threshold : inherited (4000)
  compressed-entries : overflow
  compression-mode : none
  db-name : usergroupdb2
  db-path : /opt/SUNWdsee/dsinst-mldap1/db/usergroupdb2
  enabled : on
  entry-cache-count : unlimited
  entry-cache-size : 100M
  entry-count : 43452
  index-filter-analyzer-enabled : off
  index-filter-analyzer-max-entries : 2000
  moddn-enabled : inherited (off)
  parent-suffix-dn : undefined
  referral-mode : disabled
  referral-url : ldap://mldap2:389/o%3Dusergroup
  repl-accept-client-update-enabled : on
  repl-cl-max-age : 1w
  repl-cl-max-entry-count : 0
  repl-id : 10
  repl-manager-bind-dn : cn=replication manager,cn=replication,cn=config
  repl-purge-delay : 1w
  repl-rewrite-referrals-enabled : off
  repl-role : master
  require-index-enabled : off

• Method for copying a directory tree from production server to test server

  I have DSEE 6.3 running on Solaris 10 (servers A, B & C are multi-mastered and replicating successfully) in production. I have the same arrangement on a test set of servers (D, E, F). Could someone explain what is the best method for zapping the entire directory tree on test servers D, E, F ... and creating a complete copy of the tree on production servers A, B, C ... and then loading that copy on test servers D, E, F?
  Thanks very much!

  Could someone explain what is the best method for zapping the entire directory tree on test servers D, E, F...dsadm delete
  dsadm create
  ...and creating a complete copy of the tree on production servers A, B, C ... and then loading that copy on test servers D, E, F?dsconf export
  dsconf import
  [http://docs.sun.com/app/docs/doc/820-2767/dsadm-1m]
  [http://docs.sun.com/app/docs/doc/820-2767/dsconf-1m]

• Hostname change: Failed to contact DSCC registry

  Dear all,
  we have installed ODSEE 11.1.1.5 under Solaris x86 10 08/11 successfully
  ie were able to log into DSCC as Directory Service Manager.
  After changing the system's hostname from OLD to NEW we can't now use
  the DSCC again because there is this message after putting in the directory service
  password:
  Failed to contact DSCC regisrty. Make sure that the DSCC registry is online and
  listening on ldap://*OLD*:3998
  How can we arrange it that the registry is listening now to ..//_NEW_:3998?
  Should we use 'dsccsetup dismantle/initialize?
  Many thanks in advance for any hint!
  Rainer

  1) "dsconf export -p 3998 -c cn=dscc /your_DSEE_INSTALL_PATH/var/dcc/ads/ldif/export.ldif" or something like that will do the job. You can also use "dsadm export" with a slightly different syntax. The main difference is that dsconf works offline I believe, so you need to stop the DSCC registry before.
  2) Edit the LDIF export and remove the unwanted entries. Since you'll have to dismantle/reinitialize the DSCC registry, there's no need to keep the DSCC registry up. Moreover, you can safely stop it without any impact on your existing DS servers. The DSCC is just required for some dsadm/dpadm/dsconf/dpconf/dsccsetup commands and the GUI, but it's not a requirement at all to run your DS instances.

• Error exporting application into a ear file

  I'm developing an application with the Sun One 5 IDE,and Application server 8, i'm making CMP entity bean, when i try to export to an ear file an error occur
  Validation failed for entities.CMPAdministradorBean. Verify that all fields are mapped.
  CMP Mapping Error in bean CMPAdministrador:: Warning: The bean pcImpl0.moduleComp0.entities.CMPAdministrador is not mapped.
  Set the primary table for the bean.
  No jndi-name defined for the cmp-resource element of this module.
  Select the SunONE tab for the ejb module and configure the CMP Resource property.
  and they can't make the ear
  somebody can help me with this.
  Thank you

  Figured it out, found similar post that stated changing the HEAP size
  Increase the page size in odiparams.bat in the bin folder and restart Designer.
  For eg:
  set ODI_INIT_HEAP=128m
  set ODI_MAX_HEAP=1024m

• Run SunOne using normal user

  Hi, I have installed SunOne AppSvr7 on UNIX Server (SunOS) on my own directory "/export/home/SUNWappsvr7".
  I have installed the software using root permission.
  I can start and stop the app-server using root with no problem.
  However, I need to run/operate the app-server with user which does not have root permission.
  I do a chown to user with no root permission on the following directory:
  - <install_config_dir>: /export/home/SUNWappsvr7/config
  - /export/home/SUNWappsvr7/var <-- this contains the domains directory
  - /export/home/SUNWappsvr7/bin
  The error message that i get from the server.log file is as follows:
  [25/Mar/2003:09:19:06] INFO ( 3947): CORE1116: Sun ONE Application Server 7.0
  [25/Mar/2003:09:19:16] INFO ( 3948): CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.4.0_02] from [Sun Microsystems Inc.]
  [25/Mar/2003:09:19:29] INFO ( 3948): JMS5029: Successfully attached to an existing Message Queue broker. Instance Name = TowerDomain_TowerInst
  [25/Mar/2003:09:19:48] INFO ( 3948): JTS5014: Recoverable JTS instance, serverId = [100]
  [25/Mar/2003:09:19:51] INFO ( 3948): RAR5060: Install JDBC Datasources ...
  [25/Mar/2003:09:19:52] INFO ( 3948): JMS5015: Install JMS resources ...
  [25/Mar/2003:09:20:03] SEVERE ( 3948): HTTP3127: HTTP listener http-listener-1 [http://suntest11:88]: Error creating socket (Permission denied)
  [25/Mar/2003:09:20:03] SEVERE ( 3948): HTTP3094: 1 HTTP listener socket(s) could not be created
  [25/Mar/2003:09:20:03] SEVERE ( 3948): CORE3186: Failed to set configuration
  Is there any special configurations or any other required steps to get Appserver running with no root permission?
  If anyone could help me with this problem, it would be deeply appreciated.
  Thanks in advance.

  Only root is allowed to listen on ports below 1024. Your Application Server has an HTTP listener configured on port 88. If you will not be starting your Application Server as root, you must choose another port.

• SunONE 6.1 admin console problem

  Hi,
  I've got 6.1 installed on a machine running a fully patched Solaris 8.5/03 install (including patches recommended by SunONE webserver 6.1) on an E250.
  When we start the admin console we get the following error message in the errors file.
  CORE3274: successful server startup
  [04/Dec/2003:10:32:51] failure (  431): cgi_init reports: HTTP4047: could not initialize CGI subsystem (Cgistub
  path ../../bin/https/bin/Cgistub), err fork() failure [Not enough space]
  [04/Dec/2003:10:32:51] failure (  431): for host 10.X.X.X trying to GET /https-admserv/bin/index, cgi_st
  art_exec reports: HTTP4066: cannot initialize CGI exec subsystemWe've inserted the recommended changes into /etc/system (and even tried doubling the values) to no effect.
  Anyone got any suggestions or anything?
  Thanks kindly.

  doh Just gave it a shot and it didn't work. :(
  Another chap setup the machine itself so perhaps there isn't enough space to begin with...
  df -k results in:
  # df -k
  Filesystem            kbytes    used   avail capacity  Mounted on
  /dev/dsk/c0t0d0s0     482824   65765  368777    16%    /
  /dev/dsk/c0t0d0s3    5171298 1305671 3813915    26%    /usr
  /proc                      0       0       0     0%    /proc
  fd                         0       0       0     0%    /dev/fd
  mnttab                     0       0       0     0%    /etc/mnttab
  /dev/dsk/c0t0d0s4     963869   94872  811165    11%    /var
  swap                   83720      16   83704     1%    /var/run
  swap                   93832   10128   83704    11%    /tmp
  /dev/dsk/c0t8d0s0    3099093 2379953  657159    79%    /u01
  /dev/dsk/c0t0d0s1     963869       9  906028     1%    /swap
  /dev/dsk/c0t8d0s1    3099093 1655555 1381557    55%    /u02
  /dev/dsk/c0t8d0s4    1018382    4411  952869     1%    /u04
  /dev/dsk/c0t8d0s3    1018382    6623  950657     1%    /u03
  /dev/dsk/c0t0d0s7     963869  780099  125938    87%    /export/homeSo, although it looks small doesn't seem to be particularly full (but I'm not a UNIX meister - only knowing enough to work sunONE on a day to day basis really).

• Suffix data gets deleted when SunOne server is restarted

  I manually created a new suffix for a program I'm installing. The program, during configuration, creates directory entries in this new suffix. Everything works great, but whenever you restart the SunOne server, the data entries underneath this suffix get deleted. the suffix is still there, but when you click on the Directory tab in the console, the directory entries have all disappeared for the suffix I created. Very bizarre. Any help would be appreciated!

  I checked both the access and the error logs, nothing of significance shows up. The suffix was originally created from the console manually. This problem occured on a Solaris 9 server, but I have been able to re-create it very easily on a Windows 2000 Advanced server.
  Using VMWare, I can easily keep going back and forth from the image with the data and the image with the data missing. I've also noticed that if I try to do an export of the data for this suffix, I get an error that says
  "LDAP server is unwilling to perform". I'm wondering if these two errors are related. When I try to do an export with a different suffix on this server, it works great. Right before you do the export, it tells you that if the server does not have the proper access rights on this file, the export will not succeed. I'm not sure how to check that. I did create the suffix manually from the console logged in as cn=Directory Manager". Should I be using a different id? Thanks for your help!

• How to enable FIPS on sunone directory server 6.3?

  Hi all,
  My product needs FIPS certification.
  As part of that we will be connecting to sunone directory server and use it as user store.
  For that i need the steps to enable FIPS on sunone directory server 6.3.
  Has any one done this before?
  Please help me in this.
  Thanks in advance.
  Usha.

  To enable the TLS Encryption Cipher
  1. Check out the ssl-supported-ciphers property of the server.
  $ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
  $ dsconf get-server-prop -h host -p port ssl-supported-ciphers
    ssl-supported-ciphers :     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    ...Hope this helps,
  -Shankar

• Installing certificate on SunOne Webserver7

  Hi,
  i have installed SunOne webserver 7 on Solaris10.
  i had a problem installing a certificate on
  the SunOne webserver7.
  i got a .p12 certificate from a wellknown CA.
  according to sun i need to enter a .DER
  certificate by path to the file or paste
  the Binary file.
  through openssl command i have converted the .p12 to .pem and from there to .DER.
  but it seems that only one part of the certificate is pass from .pem to .DER.
  which is the privat key or the certificate
  its self i dont know.
  .DER is a binary file so i cant see actually what part did he transfer completly.
  though the SunOne7 says he cant find the private key.
  eventually i have exported the certificate and private key seperatly to .DER files
  but couldnt find the command to join them into one .DER file.
  if someone can help i will appriciate it.
  thanks

  If the certificate and key are in a PKCS#12 format file, then you can import it into a server instance using the pk12util command.
  First ensure that the administration server config store and the instance are synched by deploying/pulling any changes to one of them.
  Then use pk12util to import the pkcs file. You will need the password assigned to the file.
  $ ${server-install-dir}/bin/pk12util -i <exported-pkcs12-file> -d ${server-instance-dir}/configExample:
  $ /d2/nelson/webserver7/bin/pk12util -i /d2/nelson/server.pk12 -d /d2/nelson/webserver7/https-example.com/config
    Enter password for PKCS12 file:
    pk12util: PKCS12 IMPORT SUCCESSFULThen pull the config changes into the admin configuration store using wadm
  wadm> pull-config --config=example.com server.instance
  CLI201 Command 'pull-config' ran successfullyList the certificate
  wadm> list-certs --config=example.com --verbose
  nickname
  ALIAS