Dsconf export - SunOne 6.2 DS
Do we have any command to export ldif in DS6 which does not prompt for password.
I tried ./dsconf export -c -h servername -p 389 suffix-DN /path/output.ldif
I know we can have -w option to pass password file, but we don't want to use it. Is there any other way?
Thanks in advance
we would still like to have a daily online ldif exort - without putting the password in clear text on the systemI'm not sure how you intend to authenticate the directory manager when generating an export if the password is not provided on the console or in a file. If you want the password encrypted in a file, then you'll have to provide a password to unlock it every time it's used, so you're back to where you started. If the password is encrypted using a reversible scheme, then anyone with access to the file can recover the password anyway. The best way is to put the password in a file and set permissions so only the DS' user can access it
DS 5.2 had db2ldif but without the password, you could only get a non-replica extract. You can still do the same thing with "dsadm export" and not use any password but the instance would have to be stopped.
Similar Messages
-
DSEE 6: do "dsconf export" and "dsadm export" produce identical results?
Hi,
I tried exporting using "dsconf export" with the flag "not-export-unique-id". I was surprised that when I checked the resulting LDIF file "nsUniqueId" values were present.
I then tried the same export using "dsadm export" with the "not-export-unique-id" flag, and the resulting LDIF file did not include the "nsUniqueId" values (expected).
Here are the examples:
# dsconf export -Q -f not-export-unique-id dc=example,dc=com /u1/dsconf.out
# grep -ic '^nsuniqueid' /u1/dsconf.out
14304
# /u1/dsee/stop-slapd
# dsadm export -Q -f not-export-unique-id /u1/dsee dc=example,dc=com /u1/dsadm.out
# grep -ic '^nsuniqueid' /u1/dsadm.out
0
Is this a bug that someone else has come across? Is it fixed in 6.3, or will it be fixed in 6.4?
Thanks, GregHi Greg, I checked and did not see this as a know issue so this is likely a bug that we have not come across yet. Do you have a support contract with Sun ? If so I would log a support call on this so that we can get it in the queue for an upcoming release.
- Kevin -
Online export and import in DS6
Hello,
We are running Sun Java System Directory Server Enterprise Edition 6.0 on Solaris 10.
We need to export ou=people,o=xyz.com,dc=xyz,dc=com ONLINE and export to other Server (running same version) ONLINE (without stopping the services). So i ran the below:
./dsconf export -h webmail.xyz.com -p 389 ou=people,o=xyz.com,dc=xyz,dc=com ppl.ldif
prompts for "cn=Directory Manager" password and after entering it says "ou=people,o=xyz.com,dc=xyz,dc=com" does NOT exist. But it actually exists.
We're able to export "dc=xyz,dc=com" without any problems but we need ou=people only.
Appreciate if anyone could provide solution with exact commands to run for export and import (without stopping the DS)
Thanks much
Prvn"dsconf export" operates only on suffix DNs (i.e., usually the base of your DIT which corresponds to the LDBM backend database).
Usage (from the dsconf manpage):
dsconf export [-h host] [-p port] [-aQ] [-f FLAG] ... [[-s DN] ... | [-x DN] ...] SUFFIX_DN [SUFFIX_DN...] LDIF_FILE
Look into these options and see if they can help limit its output:
-s DN
--include DN
Exports all data under specified DN.
-x DN
--exclude DN
Does not import or export data contained under the specified DN. -
Dsconf backup/restore in a replication environment
Hi,
using Sun JS Directory Server 6.3.1. Two servers in a multi-master topology. When making a backup of the directory (on both systems) using dsconf backup, my question is: how should the restore be done, given the fact that there's a replication agreement between the two servers. Should both servers be restored (from the same backup date/time) and when after the restore will the replication start again? Is it possible that replication from host A already starts while host B is still restoring? And if so, how to prevent this situation?
/rolfOne other way to do it is with "dsconf export" and "dsconf import" (2 ways) -
1. When you use dsconf export, without -Q switch, then it automatically import the replication information. You will then have to import both suffixes and enable the "repl-accept-client-update-enabled" attribute to "on" for master instance to start accepting updates from clients.
Eg.
# dsconf set-suffix-prop –e –p <port>“<suffix>” repl-accept-client-update-enabled:on
2. If you export the backup with -Q switch, then you will anyhow import one of the instances and initialize the other from first instance as "dsconf import -Q" does not import the replication information. -
Exporting LDIF Data in gunzip format
Hi All,
When you export suffix data, if the filename of the export file ends with .gz, ODSEE automatically compresses the file.
[http://docs.oracle.com/cd/E35622_01/html/821-1216/whatsnew7.html#scrolltoc].
I tried exporting the suffix data in .gz format using below command:
./dsconf export -h host -p port "dc=test,dc=com" /home/oracle/test.gz
Although it created the file but I was not able to see the contents and gunzip command throwed me the error "not in gzip format".
So, does this command work, I mean export the data in .gz format or I am missing something here?
I was able to export the data in ldif using the same command.
Regards,
SunnyMy bad, the file name has to be test.ldif.gz.
-
DS6 export/import performance
Hi,
is it just me, or is LDIF export quite slow in DS6? For example:
725,000 Entries, DS6:
offline dsadm export: 44 minutes
online dsconf export: 44 minutes
online dsconf export -Q: 53 minutes
offline db2ldif -r: 47 minutes
As opposed to that:
725,000 Entries, DS5.2P4 (same machine, same cache sizes):
online db2ldif: 13 minutes
offline db2ldif -r: 10 minutes
Also import seems to be a bit slower for DS6.
I really liked the fast LDIF export, hope this gets fixed (if it's not a problem with my configuration).
Cheers,
HolgerI checked iostat, for DS6 export the disk is roughly as busy as for DS5.2P4, although the export for DS6 is much slower. So maybe the disk is the limiting factor. The question is why the disk load is almost the same, although DS6 throughput is around 4x less?Sorry, this information was wrong, I checked again. Disk usage was much higher with DS6. Busy percentages during export were roughly:
DS5.2P4: 40-50%
DS6: 80-90%
Then I realized some configuration difference, db cache files location was not in /tmp for DS6. After I changed that, performance for DS6 was much better:
DS6: 60-70% disk busy
15 minutes export time
Still not as fast as DS5.2P4, but acceptable for me. -
Can anyone explain what exactly below WARNING message means.
+[01/May/2009:12:56:47 +1200] - WARNING<20515> - Backend Database - conn=-1 op=-1 msgId=-1 - could not read ruv entry, this ldif should not be used to initialize replicas+
I see above warning is logged to error log everytime I execute "dsconf export" command in a standalone directory server 6.3.1 instance (not in a replicated environment).Yes, it is.
all-ids-threshold : inherited (4000)
compressed-entries : overflow
compression-mode : none
db-name : usergroupdb2
db-path : /opt/SUNWdsee/dsinst-mldap1/db/usergroupdb2
enabled : on
entry-cache-count : unlimited
entry-cache-size : 100M
entry-count : 43452
index-filter-analyzer-enabled : off
index-filter-analyzer-max-entries : 2000
moddn-enabled : inherited (off)
parent-suffix-dn : undefined
referral-mode : disabled
referral-url : ldap://mldap2:389/o%3Dusergroup
repl-accept-client-update-enabled : on
repl-cl-max-age : 1w
repl-cl-max-entry-count : 0
repl-id : 10
repl-manager-bind-dn : cn=replication manager,cn=replication,cn=config
repl-purge-delay : 1w
repl-rewrite-referrals-enabled : off
repl-role : master
require-index-enabled : off -
Method for copying a directory tree from production server to test server
I have DSEE 6.3 running on Solaris 10 (servers A, B & C are multi-mastered and replicating successfully) in production. I have the same arrangement on a test set of servers (D, E, F). Could someone explain what is the best method for zapping the entire directory tree on test servers D, E, F ... and creating a complete copy of the tree on production servers A, B, C ... and then loading that copy on test servers D, E, F?
Thanks very much!Could someone explain what is the best method for zapping the entire directory tree on test servers D, E, F...dsadm delete
dsadm create
...and creating a complete copy of the tree on production servers A, B, C ... and then loading that copy on test servers D, E, F?dsconf export
dsconf import
[http://docs.sun.com/app/docs/doc/820-2767/dsadm-1m]
[http://docs.sun.com/app/docs/doc/820-2767/dsconf-1m] -
Hostname change: Failed to contact DSCC registry
Dear all,
we have installed ODSEE 11.1.1.5 under Solaris x86 10 08/11 successfully
ie were able to log into DSCC as Directory Service Manager.
After changing the system's hostname from OLD to NEW we can't now use
the DSCC again because there is this message after putting in the directory service
password:
Failed to contact DSCC regisrty. Make sure that the DSCC registry is online and
listening on ldap://*OLD*:3998
How can we arrange it that the registry is listening now to ..//_NEW_:3998?
Should we use 'dsccsetup dismantle/initialize?
Many thanks in advance for any hint!
Rainer1) "dsconf export -p 3998 -c cn=dscc /your_DSEE_INSTALL_PATH/var/dcc/ads/ldif/export.ldif" or something like that will do the job. You can also use "dsadm export" with a slightly different syntax. The main difference is that dsconf works offline I believe, so you need to stop the DSCC registry before.
2) Edit the LDIF export and remove the unwanted entries. Since you'll have to dismantle/reinitialize the DSCC registry, there's no need to keep the DSCC registry up. Moreover, you can safely stop it without any impact on your existing DS servers. The DSCC is just required for some dsadm/dpadm/dsconf/dpconf/dsccsetup commands and the GUI, but it's not a requirement at all to run your DS instances. -
Error exporting application into a ear file
I'm developing an application with the Sun One 5 IDE,and Application server 8, i'm making CMP entity bean, when i try to export to an ear file an error occur
Validation failed for entities.CMPAdministradorBean. Verify that all fields are mapped.
CMP Mapping Error in bean CMPAdministrador:: Warning: The bean pcImpl0.moduleComp0.entities.CMPAdministrador is not mapped.
Set the primary table for the bean.
No jndi-name defined for the cmp-resource element of this module.
Select the SunONE tab for the ejb module and configure the CMP Resource property.
and they can't make the ear
somebody can help me with this.
Thank youFigured it out, found similar post that stated changing the HEAP size
Increase the page size in odiparams.bat in the bin folder and restart Designer.
For eg:
set ODI_INIT_HEAP=128m
set ODI_MAX_HEAP=1024m -
Hi, I have installed SunOne AppSvr7 on UNIX Server (SunOS) on my own directory "/export/home/SUNWappsvr7".
I have installed the software using root permission.
I can start and stop the app-server using root with no problem.
However, I need to run/operate the app-server with user which does not have root permission.
I do a chown to user with no root permission on the following directory:
- <install_config_dir>: /export/home/SUNWappsvr7/config
- /export/home/SUNWappsvr7/var <-- this contains the domains directory
- /export/home/SUNWappsvr7/bin
The error message that i get from the server.log file is as follows:
[25/Mar/2003:09:19:06] INFO ( 3947): CORE1116: Sun ONE Application Server 7.0
[25/Mar/2003:09:19:16] INFO ( 3948): CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.4.0_02] from [Sun Microsystems Inc.]
[25/Mar/2003:09:19:29] INFO ( 3948): JMS5029: Successfully attached to an existing Message Queue broker. Instance Name = TowerDomain_TowerInst
[25/Mar/2003:09:19:48] INFO ( 3948): JTS5014: Recoverable JTS instance, serverId = [100]
[25/Mar/2003:09:19:51] INFO ( 3948): RAR5060: Install JDBC Datasources ...
[25/Mar/2003:09:19:52] INFO ( 3948): JMS5015: Install JMS resources ...
[25/Mar/2003:09:20:03] SEVERE ( 3948): HTTP3127: HTTP listener http-listener-1 [http://suntest11:88]: Error creating socket (Permission denied)
[25/Mar/2003:09:20:03] SEVERE ( 3948): HTTP3094: 1 HTTP listener socket(s) could not be created
[25/Mar/2003:09:20:03] SEVERE ( 3948): CORE3186: Failed to set configuration
Is there any special configurations or any other required steps to get Appserver running with no root permission?
If anyone could help me with this problem, it would be deeply appreciated.
Thanks in advance.Only root is allowed to listen on ports below 1024. Your Application Server has an HTTP listener configured on port 88. If you will not be starting your Application Server as root, you must choose another port.
-
SunONE 6.1 admin console problem
Hi,
I've got 6.1 installed on a machine running a fully patched Solaris 8.5/03 install (including patches recommended by SunONE webserver 6.1) on an E250.
When we start the admin console we get the following error message in the errors file.
CORE3274: successful server startup
[04/Dec/2003:10:32:51] failure ( 431): cgi_init reports: HTTP4047: could not initialize CGI subsystem (Cgistub
path ../../bin/https/bin/Cgistub), err fork() failure [Not enough space]
[04/Dec/2003:10:32:51] failure ( 431): for host 10.X.X.X trying to GET /https-admserv/bin/index, cgi_st
art_exec reports: HTTP4066: cannot initialize CGI exec subsystemWe've inserted the recommended changes into /etc/system (and even tried doubling the values) to no effect.
Anyone got any suggestions or anything?
Thanks kindly.doh Just gave it a shot and it didn't work. :(
Another chap setup the machine itself so perhaps there isn't enough space to begin with...
df -k results in:
# df -k
Filesystem kbytes used avail capacity Mounted on
/dev/dsk/c0t0d0s0 482824 65765 368777 16% /
/dev/dsk/c0t0d0s3 5171298 1305671 3813915 26% /usr
/proc 0 0 0 0% /proc
fd 0 0 0 0% /dev/fd
mnttab 0 0 0 0% /etc/mnttab
/dev/dsk/c0t0d0s4 963869 94872 811165 11% /var
swap 83720 16 83704 1% /var/run
swap 93832 10128 83704 11% /tmp
/dev/dsk/c0t8d0s0 3099093 2379953 657159 79% /u01
/dev/dsk/c0t0d0s1 963869 9 906028 1% /swap
/dev/dsk/c0t8d0s1 3099093 1655555 1381557 55% /u02
/dev/dsk/c0t8d0s4 1018382 4411 952869 1% /u04
/dev/dsk/c0t8d0s3 1018382 6623 950657 1% /u03
/dev/dsk/c0t0d0s7 963869 780099 125938 87% /export/homeSo, although it looks small doesn't seem to be particularly full (but I'm not a UNIX meister - only knowing enough to work sunONE on a day to day basis really). -
Suffix data gets deleted when SunOne server is restarted
I manually created a new suffix for a program I'm installing. The program, during configuration, creates directory entries in this new suffix. Everything works great, but whenever you restart the SunOne server, the data entries underneath this suffix get deleted. the suffix is still there, but when you click on the Directory tab in the console, the directory entries have all disappeared for the suffix I created. Very bizarre. Any help would be appreciated!
I checked both the access and the error logs, nothing of significance shows up. The suffix was originally created from the console manually. This problem occured on a Solaris 9 server, but I have been able to re-create it very easily on a Windows 2000 Advanced server.
Using VMWare, I can easily keep going back and forth from the image with the data and the image with the data missing. I've also noticed that if I try to do an export of the data for this suffix, I get an error that says
"LDAP server is unwilling to perform". I'm wondering if these two errors are related. When I try to do an export with a different suffix on this server, it works great. Right before you do the export, it tells you that if the server does not have the proper access rights on this file, the export will not succeed. I'm not sure how to check that. I did create the suffix manually from the console logged in as cn=Directory Manager". Should I be using a different id? Thanks for your help! -
How to enable FIPS on sunone directory server 6.3?
Hi all,
My product needs FIPS certification.
As part of that we will be connecting to sunone directory server and use it as user store.
For that i need the steps to enable FIPS on sunone directory server 6.3.
Has any one done this before?
Please help me in this.
Thanks in advance.
Usha.To enable the TLS Encryption Cipher
1. Check out the ssl-supported-ciphers property of the server.
$ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
$ dsconf get-server-prop -h host -p port ssl-supported-ciphers
ssl-supported-ciphers : TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ssl-supported-ciphers : TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ssl-supported-ciphers : TLS_DHE_RSA_WITH_AES_256_CBC_SHA
ssl-supported-ciphers : TLS_DHE_DSS_WITH_AES_256_CBC_SHA
...Hope this helps,
-Shankar -
Installing certificate on SunOne Webserver7
Hi,
i have installed SunOne webserver 7 on Solaris10.
i had a problem installing a certificate on
the SunOne webserver7.
i got a .p12 certificate from a wellknown CA.
according to sun i need to enter a .DER
certificate by path to the file or paste
the Binary file.
through openssl command i have converted the .p12 to .pem and from there to .DER.
but it seems that only one part of the certificate is pass from .pem to .DER.
which is the privat key or the certificate
its self i dont know.
.DER is a binary file so i cant see actually what part did he transfer completly.
though the SunOne7 says he cant find the private key.
eventually i have exported the certificate and private key seperatly to .DER files
but couldnt find the command to join them into one .DER file.
if someone can help i will appriciate it.
thanksIf the certificate and key are in a PKCS#12 format file, then you can import it into a server instance using the pk12util command.
First ensure that the administration server config store and the instance are synched by deploying/pulling any changes to one of them.
Then use pk12util to import the pkcs file. You will need the password assigned to the file.
$ ${server-install-dir}/bin/pk12util -i <exported-pkcs12-file> -d ${server-instance-dir}/configExample:
$ /d2/nelson/webserver7/bin/pk12util -i /d2/nelson/server.pk12 -d /d2/nelson/webserver7/https-example.com/config
Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFULThen pull the config changes into the admin configuration store using wadm
wadm> pull-config --config=example.com server.instance
CLI201 Command 'pull-config' ran successfullyList the certificate
wadm> list-certs --config=example.com --verbose
nickname
ALIAS
Maybe you are looking for
-
IOS 4.2.1 - Calendar alerts *still* one hour early - help?
Upgraded to 4.2.1 in hopes of squashing this bug, but no go. Yes, I have tried all the obvious solutions: manual time, automatic time, making sure time zones are the same for the clock and the calendar prefs. Nothing works. Any advice? Just to be cle
-
Error: Unable to find all subVIs from saved VIs.
TestStand 2010 SP1, LabVIEW 2011, WinXP Trying to build a deployment in TestStand. During the build, I get the now-infamous popup: Title: "Save Modified VIs?" Text: "An error occured while trying to read the dependencies of your VIs; a possible cause
-
Interfacing with C API/SDK and other questions
Please be patient with me, I am new at Java and J2me.... 1. What are the limitations in using J2me v 2 in writing apps (non games for a mobile device? 2. Can J2me interface with C APIs/SDKs Is there a JNI for J2me? 3. What Functions are available for
-
Aperture 3 and Micro Four Thirds lenses
I'm thinking of buying an Olympus PEN camera. But I'm aware of the huge barrel distortions of the M4/3 lenses that should be corrected by software. I love using Aperture 3 to edit photos taken from my DSLR. But does Aperture 3 automatically corrects
-
Diff between 0PS_C02 and 0PS_C021(project system cubes)
Hello experts, Please let me know the difference between above cubes for project systems in terms one says 'Dates(Identification Using External ID)' and the second one says 'Dates(Identification using GUID)' Regards Shanthi