DSEE on Solaris 11
It is possible to install DSEE11g on Solaris 11?
Ok, zip distribution is not an option, but:
pkg works too if:
# pkg install cacao
add Solaris10 pkgs:
# pkgadd SUNWicu SUNWldapcsdk-libs SUNWsasl
and then
# pkgadd SUNWdsee7 SUNWdsee7-var
Similar Messages
-
Migrating Linux shadow-file MD5 passwords to Sun DSEE for Solaris/SunMail
Hello all,
We are about to undertake migration of an outdated mail server based on RedHat 7.2 and Sendmail/ipop3d to Sun Messaging Server (JCS6u2). While the filesystem/mail are not a problem, we're stuck at the question of how to best migrate old users' identities.
The old Linux system used user names and password hashes stored in /etc/passwd and /etc/shadow files. Hashes are mostly MD5 and a few seem like crypt.
Question is: are there known incompatibilities between password hashes (algorithms, expected format) in Linux and Sun products - Solaris/DSEE/SunMail?
That is, if we just take strings like these:
usemd5:$1$Wu7IqFT5$TeUht3OMdeSSBB3Vab4dB.:11262:0:::::134540116
usecrypt:DD2kEwCD8nies:10220::::::
Can we simply place the second column as the userPassword attribute in Sun DSEE and expect that users would be able to log in to LDAP-enabled Solaris and Sun Mail with their old passwords knownst only to them?
If not, is there some simple modification/translation of such hashes to a format accepted by Sun products?
Or are these formats/algorithms known to be incompatible somehow in a fatal manner, so our only option would be generation of new passwords for Sun DSEE and its clients?
Thanks,
//JimJust to reclarify or throw more information:
a password - cleartext value - testuser1 has 32-digit HEX value as - 41da76f0fc3ec62a6939e634bfb6a342
Same password when converted to Base64 pattern becomes - Qdp28Pw+xippOeY0v7ajQg==
But when I use pwdhash utility in DSE after configuring CRYPT to use MD5 hashes it becomes -
{crypt}$md5$$LiB/H70zXr3xfQPoXVuUQ1
I used below command :
pwdhash -D /opt/SUNWdsee/dsee6/ds6/slapd-oha-dev -s CRYPT testuser1
Actual hash value of pwdhash is -LiB/H70zXr3xfQPoXVuUQ1 with rest of the prefix is to meet RFC standard and salt and algo name separator.
I am wondering if Sun MD5 default uses any salt even when I haven't used or DS does it. Or if any other MD5 option is there which can be used.
Thanks,
Gaurav -
Run DSEE 6.3.1.1.1 on Solaris 11
Hello,
I know that Solaris 11 is not a supported platform for the DSEE 6.3.x releases, but I've been stubbornly trying to get it working anyway. What's interesting is that DSEE 6.3 works, and DSEE 6.3.1 works, but when I patch 6.3.1 to 6.3.1.1.1, suddenly cacaoadm doesn't work anymore. I'm using the zip releases, and the final lines of output from the dsee_deploy command for the 6.3.1.1.1 patch are as follows:
Configuring Cacao at /opt/SUNWdsee/dsee6/cacao_2
Setting Cacao parameter jdmk-home with saved value [/opt/SUNWdsee/dsee6/private]
Failed setting jdmk-home with value [/opt/SUNWdsee/dsee6/private]
Setting Cacao parameter java-home with saved value [/opt/SUNWdsee/jre]
Failed setting java-home with value [/opt/SUNWdsee/jre]
Setting Cacao parameter nss-lib-home with saved value [/opt/SUNWdsee/dsee6/private/lib]
Failed setting nss-lib-home with value [/opt/SUNWdsee/dsee6/private/lib]
Setting Cacao parameter nss-tools-home with saved value [/opt/SUNWdsee/dsee6/bin]
Failed setting nss-tools-home with value [/opt/SUNWdsee/dsee6/bin]
Setting Cacao parameter jmxmp-connector-port with saved value [11162]
Failed setting jmxmp-connector-port with value [11162]
Setting Cacao parameter network-bind-address with saved value [0.0.0.0]
Failed setting network-bind-address with value [0.0.0.0]
Error: cannot register into cacao framework
Cannot register sysidconfig script.
Cannot perform firstime initialisation and configuration.
The last two lines -- "Cannot register sysidconfig script" and "Cannot perform firstime initialisation and configuration" -- are the only output I can get from cacaoadm after updating to 6.3.1.1.1 no matter what I try. Under 6.3 and 6.3.1, cacaoadm works fine. Any ideas would be greatly appreciated.
The reason for all of this is that we have an aging Sun server running DSEE 6.3.1 on Solaris 10, which I'm looking to replace. We have a T4-1 running Solaris 11 which has a lot of unused resources available on it, and I would like to set up a zone on it to be the new LDAP server. I tried ODSEE 11.1.1.7.0, and that installed just fine, but it doesn't work with our existing DSCC 6 server, which apparently can't interact with DSEE servers unless they're using cacao. Before I go down the path of setting up DSCC 7 and incurring sporadic downtime for the restarts of the instances on all of our LDAP servers, I thought I'd try one last time to get 6.3.1.1.1 working. If we're staying with the 6.3 family, we need 6.3.1.1.1 for it's support of 2048-bit SSL certificates.
Sheesh! Nothing's ever simple. :-)I recall reading somewhere else in this forum that cacao is no longer used in 11.1.1.7.0, which would most likely be the cause of your problems.
See:
https://forums.oracle.com/message/10984367#10984367
-mi -
Native Solaris 10 with DSEE 6.3.1 (or JSDS) with SSL (tls:simple)
Hello There,
I need some help from DSEE or LDAP experts.
I am trying to configure DSEE 6.3.1 to use SSL(tls:simple).
*{color:#0000ff}I have Simple(non-SSL) method working just fine and*
**Also ldapsearch command works fine with simple and SSL methods*{color}**. So I know my certs are good but I just can not make ldap clien to work*
*I followed this document [http://brandonhutchinson.com/wiki/Soup_To_Nuts_Sun_DSEE#Solaris_10_instructions]*
I am using
ldapclient -v init -a profileName=profile3 -a certificatePath=/var/ldap -a domainName=mydomain.com -a proxyDN="cn=proxyagent,ou=pro*file,dc=mydomain,dc=com" -a proxyPassword=XXXXX ldap200.mydomain.com*
Here is the output
+Parsing profileName=profile3+
+Parsing certificatePath=/var/ldap+
+Parsing domainName=mydomain.com+
+Parsing proxyDN=cn=proxyagent,ou=profile,dc=mydomain,dc=com+
+Parsing proxyPassword=xxxxx+
+Arguments parsed:+
+domainName: mydomain.com+
+proxyDN: cn=proxyagent,ou=profile,dc=mydomain,dc=com+
+profileName: profile3+
+proxyPassword: xxxxx+
+defaultServerList: ldap200.mydomain.com+
+certificatePath: /var/ldap+
+Handling init option+
+About to configure machine by downloading a profile+
+findBaseDN: begins+
+findBaseDN: ldap not running+
+findBaseDN: calling __ns_ldap_default_config()+
+found 1 namingcontexts+
+findBaseDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject)(nisdomain=mydomain.com))"+
+rootDN[0] dc=mydomain,dc=com+
+found baseDN dc=mydomain,dc=com for domain mydomain.com+
+Proxy DN: cn=proxyagent,ou=profile,dc=mydomain,dc=com+
+Proxy password: {NS1}67eb0f447bc0f619+
+Credential level: 1+
+Authentication method: 3+
+About to modify this machines configuration by writing the files+
+Stopping network services+
+sendmail not running+
+nscd not running+
+autofs not running+
+ldap not running+
+nisd not running+
+nis(yp) not running+
+file_backup: stat(/etc/nsswitch.conf)=0+
+file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)+
+file_backup: stat(/etc/defaultdomain)=0+
+file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)+
+file_backup: stat(/var/nis/NIS_COLD_START)=-1+
+file_backup: No /var/nis/NIS_COLD_START file.+
+file_backup: nis domain is "mydomain.com"+
+file_backup: stat(/var/yp/binding/mydomain.com)=-1+
+file_backup: No /var/yp/binding/mydomain.com directory.+
+file_backup: stat(/var/ldap/ldap_client_file)=-1+
+file_backup: No /var/ldap/ldap_client_file file.+
+Starting network services+
+start: /usr/bin/domainname mydomain.com... success+
+start: sleep 100000 microseconds+
+start: sleep 200000 microseconds+
+start: network/ldap/client:default... success+
+restart: sleep 100000 microseconds+
+restart: sleep 200000 microseconds+
+restart: milestone/name-services:default... success+
+System successfully configured+
+When I run+
*It takes long time and then*
*+ldaplist: Object not found (Session error no available conn.+*
*+)+*
{color:#0000ff}The command logins also takes long time and does not show any LDAP users.{color}
*+{color:#ff6600}Here is the output from cachemgr.log on client*+*
*+{color}+*
+Tue Jul 14 12:16:07.8984 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log+
+Tue Jul 14 12:16:07.9391 sig_ok_to_exit(): parent exiting...+
+Tue Jul 14 12:16:17.9511 getldap_set_refresh_ttl:(6) refresh ttl is 300 seconds+
+Tue Jul 14 12:16:38.0741 getldap_set_refresh_ttl:(6) refresh ttl is 150 seconds+
+Tue Jul 14 12:16:38.0755 Error: Unable to refresh profile:profile3:Session error no available conn.+
+Tue Jul 14 12:16:38.0756 Error: Unable to update from profile+
+{color:#ff6600}Here is the out from /var/adm/messages.+
+{color:#000000}Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 293258 daemon.warning] libsldap: Status: 81 Mesg: openConnection: simple bind fai{color}+{color:#000000}+led - Can't contact LDAP server+
+Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 292100 daemon.warning] libsldap: could not remove 192.168.190.146 from servers list+
+Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 293258 daemon.warning] libsldap: Status: 7 Mesg: Session error no available conn.+
+Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 186574 daemon.error] Error: Unable to refresh profile:profile3: Session error no available conn.+
+Jul 14 12:16:38 ldap300 /usr/lib/nfs/nfsmapid[19731]: [ID 293258 daemon.warning] libsldap: Status: 81 Mesg: openConnection: simple+ +bind failed - Can't contact LDAP server+
+Jul 14 12:16:38 ldap300 /usr/lib/nfs/nfsmapid[19731]: [ID 292100 daemon.warning] libsldap: could not remove 192.168.190.146 from servers list+
+Jul 14 12:16:38 ldap300 /usr/lib/nfs/nfsmapid[19731]: [ID 293258 daemon.warning] libsldap: Status: 7 Mesg: Session error no avaible conn.+
*ANY HELP IS GREATLY APPRECIATED*
*THANKS*
Edited by: PranavPatel on Jul 14, 2009 12:41 PM
Edited by: PranavPatel on Jul 14, 2009 12:46 PMHere is the the profile from Server
Non-editable attributes
dn: cn=profile3,ou=profile,dc=mydomain,dc=com
authenticationmethod: tls:simple
bindtimelimit: 10
cn: profile3
credentiallevel: proxy
defaultsearchbase: dc=mydomain,dc=com
defaultsearchscope: one
defaultserverlist: 192.168.190.146 192.168.11.221
followreferrals: FALSE
objectclass: top
objectclass: DUAConfigProfile
profilettl: 43200
searchtimelimit: 30
serviceauthenticationmethod: passwd-cmd:tls:simple
serviceauthenticationmethod: keyserv:tls:simple
serviceauthenticationmethod: pam_ldap:tls:simple
Editable attributes:
createtimestamp: 20090714180638Z
creatorsname: cn=directory manager
entrydn: cn=profile3,ou=profile,dc=mydomain,dc=com
entryid: 26
hassubordinates: FALSE
modifiersname: cn=directory manager
modifytimestamp: 20090714180638Z
nsuniqueid: f37fa281-70a011de-80b5f403-069e0ba9
numsubordinates: 0
parentid: 13
subschemasubentry: cn=schema
And here is the output of
*# ldapclient list*
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=mydomain,dc=com
+NS_LDAP_BINDPASSWD= {NS1}67eb0f447bc0f619+
NS_LDAP_SERVERS= 192.168.190.146, 192.168.11.221
NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=com
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= profile3
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_BIND_TIME= 10
NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:tls:simple
NS_LDAP_SERVICE_AUTH_METHOD= keyserv:tls:simple
NS_LDAP_SERVICE_AUTH_METHOD= passwd-cmd:tls:simple
NS_LDAP_HOST_CERTPATH= /var/ldap
Edited by: PranavPatel on Jul 14, 2009 1:08 PM -
Dsee 6.2, idsconfig, vlv index processing problems
Hey Folks,
I ran into a problem where the idsconfig script failed on creating 4 vlvindex entries. I had to modify the script to allow me to troubleshoot the problem. I ended up fixing the problem manually, but I'm still not to sure why it happened to begin with. It seems like a race condition, but i could be dead wrong. I thought it might have been the way I answered the idsconfig questions but I went over it quite a bit. This post may be a bit long, but I want to provide enough information.
- Solaris 10 08/07 fully patched (using smpatch) as of 1/10/2008
- DSEE 6.2
- idsconfig that comes bundled with Solaris 10 08/07
- All this is being done inside a logical domain (ldom) on a T2000 using a file image as a disk
The first thing I did was make the following modifications to the idsconfig script so it would not exit on error while adding vlv index entries, and also commented out the cleanup process so I could view the temp file created by idsconfig
Original Code from the add_vlv_indexes() function:
# Add the index.
${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/vlv_index_${i} ${VERB}"
if [ $? -ne 0 ]; then
${ECHO} " ERROR: Adding VLV index for ${i} failed!"
cleanup
exit 1
fiSame code, after my modifications:
# Add the index.
${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/vlv_index_${i} ${VERB}"
if [ $? -ne 0 ]; then
${ECHO} " ERROR: Adding VLV index for ${i} failed!"
#cleanup
#exit 1
fiHere is the full output of the way I used idsconfig to configure the directory:
It is strongly recommended that you BACKUP the directory server
before running idsconfig.
Hit Ctrl-C at any time before the final confirmation to exit.
Do you wish to continue with server setup (y/n/h)? [n] y
Enter the JES Directory Server's hostname to setup: machinename-ldom1
Enter the port number for iDS (h=help): [389]
Enter the directory manager DN: [cn=Directory Manager]
Enter passwd for cn=Directory Manager :
Enter the domainname to be served (h=help): [example.edu]
Enter LDAP Base DN (h=help): [dc=example,dc=edu]
Checking LDAP Base DN ...
Validating LDAP Base DN and Suffix ...
sasl/GSSAPI is not supported by this LDAP server
Enter the profile name (h=help): [default]
Default server list (h=help): [10.1.8.15]
Preferred server list (h=help):
Choose desired search scope (one, sub, h=help): [one]
The following are the supported credential levels:
1 anonymous
2 proxy
3 proxy anonymous
4 self
5 self proxy
6 self proxy anonymous
Choose Credential level [h=help]: [1] 2
The following are the supported Authentication Methods:
1 none
2 simple
3 sasl/DIGEST-MD5
4 tls:simple
5 tls:sasl/DIGEST-MD5
6 sasl/GSSAPI
Choose Authentication Method (h=help): [1] 2
Current authenticationMethod: simple
Do you want to add another Authentication Method? n
Do you want the clients to follow referrals (y/n/h)? [n]
Do you want to modify the server timelimit value (y/n/h)? [n]
Do you want to modify the server sizelimit value (y/n/h)? [n]
Do you want to store passwords in "crypt" format (y/n/h)? [n]
Do you want to setup a Service Authentication Methods (y/n/h)? [n] y
Do you want to setup a Service Auth. Method for "pam_ldap" (y/n/h)? [n] y
The following are the supported Authentication Methods:
1 simple
2 sasl/DIGEST-MD5
3 tls:simple
4 tls:sasl/DIGEST-MD5
5 sasl/GSSAPI
Choose Service Authentication Method: [1] 1
Current authenticationMethod: pam_ldap:simple
Do you want to add another Authentication Method? n
Do you want to setup a Service Auth. Method for "keyserv" (y/n/h)? [n]
Do you want to setup a Service Auth. Method for "passwd-cmd" (y/n/h)? [n] y
The following are the supported Authentication Methods:
1 simple
2 sasl/DIGEST-MD5
3 tls:simple
4 tls:sasl/DIGEST-MD5
5 sasl/GSSAPI
Choose Service Authentication Method: [1] 1
Current authenticationMethod: passwd-cmd:simple
Do you want to add another Authentication Method? n
Client search time limit in seconds (h=help): [30]
Profile Time To Live in seconds (h=help): [43200]
Bind time limit in seconds (h=help): [10]
Do you wish to setup Service Search Descriptors (y/n/h)? [n] n
Summary of Configuration
1 Domain to serve : example.edu
2 Base DN to setup : dc=example,dc=edu
3 Profile name to create : default
4 Default Server List : 10.1.8.15
5 Preferred Server List :
6 Default Search Scope : one
7 Credential Level : proxy
8 Authentication Method : simple
9 Enable Follow Referrals : FALSE
10 iDS Time Limit :
11 iDS Size Limit :
12 Enable crypt password storage : FALSE
13 Service Auth Method pam_ldap : pam_ldap:simple
14 Service Auth Method keyserv :
15 Service Auth Method passwd-cmd: passwd-cmd:simple
16 Search Time Limit : 30
17 Profile Time to Live : 43200
18 Bind Limit : 10
19 Service Search Descriptors Menu
Enter config value to change: (1-19 0=commit changes) [0]
Enter DN for proxy agent: [cn=proxyagent,ou=profile,dc=example,dc=edu] uid=admin-user,ou=People,dc=example,dc=edu
Enter passwd for proxyagent:
Re-enter passwd:
ERROR: passwords don't match; try again.
Enter passwd for proxyagent:
Re-enter passwd:
WARNING: About to start committing changes. (y=continue, n=EXIT) y
1. Schema attributes have been updated.
2. Schema objectclass definitions have been added.
3. NisDomainObject added to dc=example,dc=edu.
4. Top level "ou" containers complete.
5. automount maps: auto_home auto_direct auto_master auto_shared processed.
6. ACI for dc=example,dc=edu modified to disable self modify.
7. Add of VLV Access Control Information (ACI).
8. Proxy Agent uid=admin-user,ou=People,dc=example,dc=edu already exists.
9. Give uid=admin-user,ou=People,dc=example,dc=edu read permission for password.
10. Generated client profile and loaded on server.
11. Processing eq,pres indexes:
uidNumber (eq,pres) Finished indexing.
ipNetworkNumber (eq,pres) Finished indexing.
gidnumber (eq,pres) Finished indexing.
oncrpcnumber (eq,pres) Finished indexing.
automountKey (eq,pres) Finished indexing.
12. Processing eq,pres,sub indexes:
ipHostNumber (eq,pres,sub) Finished indexing.
membernisnetgroup (eq,pres,sub) Finished indexing.
nisnetgrouptriple (eq,pres,sub) Finished indexing.
13. Processing VLV indexes:
example.edu.getgrent vlv_index Entry created
example.edu.gethostent vlv_index Entry created
example.edu.getnetent vlv_index Entry created
ERROR: Adding VLV index for example.edu.getpwent failed!
example.edu.getpwent vlv_index Entry created
example.edu.getrpcent vlv_index Entry created
ERROR: Adding VLV index for example.edu.getspent failed!
example.edu.getspent vlv_index Entry created
example.edu.getauhoent vlv_index Entry created
ERROR: Adding VLV index for example.edu.getsoluent failed!
example.edu.getsoluent vlv_index Entry created
ERROR: Adding VLV index for example.edu.getauduent failed!
example.edu.getauduent vlv_index Entry created
example.edu.getauthent vlv_index Entry created
example.edu.getexecent vlv_index Entry created
example.edu.getprofent vlv_index Entry created
example.edu.getmailent vlv_index Entry created
example.edu.getbootent vlv_index Entry created
example.edu.getethent vlv_index Entry created
example.edu.getngrpent vlv_index Entry created
example.edu.getipnent vlv_index Entry created
example.edu.getmaskent vlv_index Entry created
example.edu.getprent vlv_index Entry created
example.edu.getip4ent vlv_index Entry created
example.edu.getip6ent vlv_index Entry created
idsconfig: Setup of iDS server machinename-ldom1 is complete.
Note: idsconfig has created entries for VLV indexes. Use the
directoryserver(1m) script on machinename-ldom1 to stop
the server and then enter the following vlvindex
sub-commands to create the actual VLV indexes:
directoryserver -s inst_name vlvindex -n example -T example.edu.getgrent
directoryserver -s inst_name vlvindex -n example -T example.edu.gethostent
directoryserver -s inst_name vlvindex -n example -T example.edu.getnetent
directoryserver -s inst_name vlvindex -n example -T example.edu.getpwent
directoryserver -s inst_name vlvindex -n example -T example.edu.getrpcent
directoryserver -s inst_name vlvindex -n example -T example.edu.getspent
directoryserver -s inst_name vlvindex -n example -T example.edu.getauhoent
directoryserver -s inst_name vlvindex -n example -T example.edu.getsoluent
directoryserver -s inst_name vlvindex -n example -T example.edu.getauduent
directoryserver -s inst_name vlvindex -n example -T example.edu.getauthent
directoryserver -s inst_name vlvindex -n example -T example.edu.getexecent
directoryserver -s inst_name vlvindex -n example -T example.edu.getprofent
directoryserver -s inst_name vlvindex -n example -T example.edu.getmailent
directoryserver -s inst_name vlvindex -n example -T example.edu.getbootent
directoryserver -s inst_name vlvindex -n example -T example.edu.getethent
directoryserver -s inst_name vlvindex -n example -T example.edu.getngrpent
directoryserver -s inst_name vlvindex -n example -T example.edu.getipnent
directoryserver -s inst_name vlvindex -n example -T example.edu.getmaskent
directoryserver -s inst_name vlvindex -n example -T example.edu.getprent
directoryserver -s inst_name vlvindex -n example -T example.edu.getip4ent
directoryserver -s inst_name vlvindex -n example -T example.edu.getip6entSince I still had the temp files to look through I was able to find out what entries where not created, and manually added them myself without problems.
The four entries were:
ERROR: Adding VLV index for example.edu.getpwent failed!
ERROR: Adding VLV index for example.edu.getspent failed!
ERROR: Adding VLV index for example.edu.getsoluent failed!
ERROR: Adding VLV index for example.edu.getauduent failed!I then was able to run the following commands successfully:
dsadm reindex -l -t example.edu.getgrent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.gethostent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getnetent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getrpcent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getspent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getauhoent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getauhoent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getsoluent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getauhoent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getauduent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getauthent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getexecent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getprofent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getmailent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getbootent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getethent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getngrpent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getipnent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getmaskent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getprent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getip4ent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getip6ent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=eduIm really not sure why I ran into this problem, and was hoping someone would be able to shine some light on something that i possibly could have done wrong. I have read blogs about others running this script on dsee 6.x successfully, so thinking its a bug doesn't seem right.
If anyone wants me to test something or provide more info, i'd be happy to.
Thanks for reading,
Deejam
Edited by: Deejam on Jan 14, 2008 3:44 PM
Edited by: Deejam on Jan 14, 2008 7:57 PMThanks for the response. Sorry about not including the logs. I should have. I have gathered the full logs during the time idsconfig was trying to add the vlvindex entries. I did see that there where a few err=32 codes on the ADD operations on the entries that I had to add manually.
Here is one thing I did notice when I was adding the 4 entries manually. In each of the ldif files idsconfig creates, there are 2 entries as in the following example.
dn: cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: vlvSearch
cn: example.edu_passwd_vlv_index
vlvbase: ou=people,dc=example,dc=edu
vlvscope: 1
vlvfilter: (objectClass=posixAccount)
aci: (target="ldap:///cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config")(targetattr="*")(version 3.0; acl "Config";allow(read,search,compare)userdn="ldap:///anyone";)
dn: cn=example.edu.getpwent,cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config
cn: example.edu.getpwent
vlvSort: cn uid
objectclass: top
objectclass: vlvIndex After idsconfig was done running the entry with the dn of "dn: cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" was created, but the "dn: cn=example.edu.getpwent,cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm" was not created.
This is weird because according to the logs (if i am reading them right) the add operation for the dn that was actually created seemed like it failed.
[14/Jan/2008:14:34:34 -0600] conn=115 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33406 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=115 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:34 -0600] conn=115 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:34 -0600] conn=115 op=1 msgId=2 - ADD dn="cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=115 op=1 msgId=2 - RESULT err=32 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=115 op=2 msgId=3 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=115 op=2 msgId=-1 - closing from 192.168.1.1:33406 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=115 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=1
[14/Jan/2008:14:34:35 -0600] conn=115 op=-1 msgId=-1 - closed.So in fixing it manually I just fed an ldif file that looked like the following:
dn: cn=example.edu.getpwent,cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config
changetype: add
cn: example.edu.getpwent
vlvSort: cn uid
objectclass: top
objectclass: vlvIndexThanks again for the help, and as mentioned before, i will be happy to test, or provide more information,
Deejam
Here are the logs as mentioned above.
[14/Jan/2008:14:34:33 -0600] conn=108 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33399 to 192.168.1.1
[14/Jan/2008:14:34:33 -0600] conn=108 op=0 msgId=1 - SRCH base="cn=example.edu.getgrent,cn=example.edu_group_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:33 -0600] conn=108 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:33 -0600] conn=108 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:33 -0600] conn=108 op=1 msgId=-1 - closing from 192.168.1.1:33399 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:33 -0600] conn=109 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33400 to 192.168.1.1
[14/Jan/2008:14:34:33 -0600] conn=108 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:33 -0600] conn=109 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:33 -0600] conn=109 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:33 -0600] conn=109 op=1 msgId=2 - ADD dn="cn=example.edu_group_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:33 -0600] conn=109 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:33 -0600] conn=109 op=2 msgId=3 - ADD dn="cn=example.edu.getgrent,cn=example.edu_group_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=109 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=1
[14/Jan/2008:14:34:34 -0600] conn=109 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=109 op=3 msgId=-1 - closing from 192.168.1.1:33400 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=110 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33401 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=109 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=110 op=0 msgId=1 - SRCH base="cn=example.edu.gethostent,cn=example.edu_hosts_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:34 -0600] conn=110 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=110 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=110 op=1 msgId=-1 - closing from 192.168.1.1:33401 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=111 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33402 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=110 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=111 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:34 -0600] conn=111 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:34 -0600] conn=111 op=1 msgId=2 - ADD dn="cn=example.edu_hosts_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=111 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=111 op=2 msgId=3 - ADD dn="cn=example.edu.gethostent,cn=example.edu_hosts_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=111 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=111 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=111 op=3 msgId=-1 - closing from 192.168.1.1:33402 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=112 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33403 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=111 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=112 op=0 msgId=1 - SRCH base="cn=example.edu.getnetent,cn=example.edu_networks_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:34 -0600] conn=112 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=112 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=112 op=1 msgId=-1 - closing from 192.168.1.1:33403 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=113 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33404 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=112 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=113 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:34 -0600] conn=113 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:34 -0600] conn=113 op=1 msgId=2 - ADD dn="cn=example.edu_networks_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=113 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=113 op=2 msgId=3 - ADD dn="cn=example.edu.getnetent,cn=example.edu_networks_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=113 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=113 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=113 op=3 msgId=-1 - closing from 192.168.1.1:33404 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=114 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33405 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=113 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=114 op=0 msgId=1 - SRCH base="cn=example.edu.getpwent,cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:34 -0600] conn=114 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=114 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=114 op=1 msgId=-1 - closing from 192.168.1.1:33405 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=115 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33406 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=114 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=115 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:34 -0600] conn=115 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:34 -0600] conn=115 op=1 msgId=2 - ADD dn="cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=115 op=1 msgId=2 - RESULT err=32 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=115 op=2 msgId=3 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=115 op=2 msgId=-1 - closing from 192.168.1.1:33406 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=115 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=1
[14/Jan/2008:14:34:35 -0600] conn=116 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33407 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=115 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=116 op=0 msgId=1 - SRCH base="cn=example.edu.getrpcent,cn=example.edu_rpc_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:35 -0600] conn=116 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=116 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=116 op=1 msgId=-1 - closing from 192.168.1.1:33407 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=117 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33408 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=116 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=117 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:35 -0600] conn=117 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:35 -0600] conn=117 op=1 msgId=2 - ADD dn="cn=example.edu_rpc_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:35 -0600] conn=117 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=117 op=2 msgId=3 - ADD dn="cn=example.edu.getrpcent,cn=example.edu_rpc_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:35 -0600] conn=117 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=117 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=117 op=3 msgId=-1 - closing from 192.168.1.1:33408 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=118 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33409 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=117 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=118 op=0 msgId=1 - SRCH base="cn=example.edu.getspent,cn=example.edu_shadow_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:35 -0600] conn=118 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=118 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=118 op=1 msgId=-1 - closing from 192.168.1.1:33409 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=119 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33410 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=118 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=119 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:35 -0600] conn=119 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:35 -0600] conn=119 op=1 msgId=2 - ADD dn="cn=example.edu_shadow_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:35 -0600] conn=119 op=1 msgId=2 - RESULT err=32 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=119 op=2 msgId=3 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=119 op=2 msgId=-1 - closing from 192.168.1.1:33410 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=119 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=120 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33411 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=119 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=120 op=0 msgId=1 - SRCH base="cn=example.edu.getauhoent,cn=example.edu_auho_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:35 -0600] conn=120 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=120 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=120 op=1 msgId=-1 - closing from 192.168.1.1:33411 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=121 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33412 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=120 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=121 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:35 -0600] conn=121 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:35 -0600] conn=121 op=1 msgId=2 - ADD dn="cn=example.edu_auho_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:35 -0600] conn=121 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=121 op=2 msgId=3 - ADD dn="cn=example.edu.getauhoent,cn=example.edu_auho_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:35 -0600] conn=121 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=121 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=121 op=3 msgId=-1 - closing from 192.168.1.1:33412 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=122 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33413 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=121 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=122 op=0 msgId=1 - SRCH base="cn=example.edu.getsoluent,cn=example.edu_solu_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:36 -0600] conn=122 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=122 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=122 op=1 msgId=-1 - closing from 192.168.1.1:33413 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=123 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33414 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=122 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=123 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:36 -0600] conn=123 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:36 -0600] conn=123 op=1 msgId=2 - ADD dn="cn=example.edu_solu_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:36 -0600] conn=123 op=1 msgId=2 - RESULT err=32 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=123 op=2 msgId=3 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=123 op=2 msgId=-1 - closing from 192.168.1.1:33414 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=123 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=124 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33415 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=123 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=124 op=0 msgId=1 - SRCH base="cn=example.edu.getauduent,cn=example.edu_audu_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:36 -0600] conn=124 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=124 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=124 op=1 msgId=-1 - closing from 192.168.1.1:33415 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=125 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33416 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=124 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=125 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:36 -0600] conn=125 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:36 -0600] conn=125 op=1 msgId=2 - ADD dn="cn=example.edu_audu_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:36 -0600] conn=125 op=1 msgId=2 - RESULT err=32 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=125 op=2 msgId=3 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=125 op=2 msgId=-1 - closing from 192.168.1.1:33416 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=125 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=126 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33417 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=125 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=126 op=0 msgId=1 - SRCH base="cn=example.edu.getauthent,cn=example.edu_auth_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:36 -0600] conn=126 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=126 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=126 op=1 msgId=-1 - closing from 192.168.1.1:33417 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=127 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33418 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=126 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=127 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:36 -0600] conn=127 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:36 -0600] conn=127 op=1 msgId=2 - ADD dn="cn=example.edu_auth_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:36 -0600] conn=127 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=127 op=2 msgId=3 - ADD dn="cn=example.edu.getauthent,cn=example.edu_auth_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:36 -0600] conn=127 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=127 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=127 op=3 msgId=-1 - closing from 192.168.1.1:33418 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=128 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33419 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=127 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=128 op=0 msgId=1 - SRCH base="cn=example.edu.getexecent,cn=example.edu_exec_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:36 -0600] conn=128 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=128 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=128 op=1 msgId=-1 - closing from 192.168.1.1:33419 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:37 -0600] conn=129 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33420 to 192.168.1.1
[14/Jan/2008:14:34:37 -0600] conn=128 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:37 -0600] conn=129 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:37 -0600] conn=129 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:37 -0600] conn=129 op=1 msgId=2 - ADD dn="cn=example.edu_exec_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:37 -0600] conn=129 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=129 op=2 msgId=3 - ADD dn="cn=example.edu.getexecent,cn=example.edu_exec_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:37 -0600] conn=129 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=129 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:37 -0600] conn=129 op=3 msgId=-1 - closing from 192.168.1.1:33420 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:37 -0600] conn=130 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33421 to 192.168.1.1
[14/Jan/2008:14:34:37 -0600] conn=129 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:37 -0600] conn=130 op=0 msgId=1 - SRCH base="cn=example.edu.getprofent,cn=example.edu_prof_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:37 -0600] conn=130 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=130 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:37 -0600] conn=130 op=1 msgId=-1 - closing from 192.168.1.1:33421 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:37 -0600] conn=131 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33422 to 192.168.1.1
[14/Jan/2008:14:34:37 -0600] conn=130 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:37 -0600] conn=131 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:37 -0600] conn=131 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:37 -0600] conn=131 op=1 msgId=2 - ADD dn="cn=example.edu_prof_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:37 -0600] conn=131 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=131 op=2 msgId=3 - ADD dn="cn=example.edu.getprofent,cn=example.edu_prof_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:37 -0600] conn=131 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=131 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:37 -0600] conn=131 op=3 msgId=-1 - closing from 192.168.1.1:33422 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:37 -0600] conn=132 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33423 to 192.168.1.1
[14/Jan/2008:14:34:37 -0600] conn=131 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:37 -0600] conn=132 op=0 msgId=1 - SRCH base="cn=example.edu.getmailent,cn=example.edu_mail_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:37 -0600] conn=132 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=132 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:37 -0600] conn=132 op=1 msgId=-1 - closing from 192.168.1.1:33423 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:38 -0600] conn=133 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33424 to 192.168.1.1
[14/Jan/2008:14:34:38 -0600] conn=132 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:38 -0600] conn=133 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:38 -0600] conn=133 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:38 -0600] conn=133 op=1 msgId=2 - ADD dn="cn=example.edu_mail_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:38 -0600] conn=133 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=133 op=2 msgId=3 - ADD dn="cn=example.edu.getmailent,cn=example.edu_mail_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:38 -0600] conn=133 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=133 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:38 -0600] conn=133 op=3 msgId=-1 - closing from 192.168.1.1:33424 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:38 -0600] conn=134 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33425 to 192.168.1.1
[14/Jan/2008:14:34:38 -0600] conn=133 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:38 -0600] conn=134 op=0 msgId=1 - SRCH base="cn=example.edu.getbootent,cn=example.edu__boot_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:38 -0600] conn=134 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=134 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:38 -0600] conn=134 op=1 msgId=-1 - closing from 192.168.1.1:33425 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:38 -0600] conn=135 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33426 to 192.168.1.1
[14/Jan/2008:14:34:38 -0600] conn=134 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:38 -0600] conn=135 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:38 -0600] conn=135 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:38 -0600] conn=135 op=1 msgId=2 - ADD dn="cn=example.edu__boot_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:38 -0600] conn=135 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=135 op=2 msgId=3 - ADD dn="cn=example.edu.getbootent,cn=example.edu__boot_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:38 -0600] conn=135 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=135 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:38 -0600] conn=135 op=3 msgId=-1 - closing from 192.168.1.1:33426 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:38 -0600] conn=136 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33427 to 192.168.1.1
[14/Jan/2008:14:34:38 -0600] conn=135 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:38 -0600] conn=136 op=0 msgId=1 - SRCH base="cn=example.edu.getethent,cn=example.edu_ethers_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:38 -0600] conn=136 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=136 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:38 -0600] conn=136 -
Native ldap client doesn't work with an openldap Server : No root DSE data
Hello!
My configuration :
- an openldap 2.2.23 server (linux debian) (server name = serv_annu)
- a ldap client (solaris 10) (server name = client_annu)
I want to configure my client by using Solaris Native ldap and I follow the excellent doc of gary tay (http://web.singnet.com.sg/~garyttt)
I use TLS and I had generated a certificate by using Mozilla . TLS works because ldapsearch from my solaris client works:
FROM CLIENT_ANNU:
+# ldapsearch -h server_annu -p 636 -b"dc=mydomain,dc=fr" -s base -Z -P /var/ldap/cert8.db "objectclass=*"+
version: 1
dn: dc=mydomain,dc=fr
dc: mydomain
objectClass: top
objectClass: dcObject
objectClass: organization
objectClass: nisDomainObject
nisDomain: mydomain.fr
o: mydomain
LOG FROM SERVER_ANNU:
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 fd=10 ACCEPT from IP=172.30.69.216:36020 (IP=0.0.0.0:636)
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=0 SRCH base="dc=mydomain,dc=fr" scope=0 deref=0 filter="(objectClass=*)"
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=1 UNBIND
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 fd=10 closed
1) I add DUAConfigProfile.schema and solaris.schema on my openldap server.
2) I add a nisDomainObject at the root DN (see the result of the ldapsearch above)
3) I Add ACL in slapd.conf to allow reading of rootDSE.
access to dn.base="" by ssf=128 * read
4) I launch on my solaris client
crle -u -s /usr/lib/mps
crle -64 -u -s /usr/lib/mps/64
5) I can't apply result.c patch on my openldap server (production server!) then I can't create /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred by using ldapclient command. Then I create manually /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred : the syntax is correct because the "ldapclient list" command works :
+# ldapclient list+
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= uid=toto,ou=People,dc=people1,dc=mydomain,dc=fr
+NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411+
NS_LDAP_SERVERS= server_annu
NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=fr
NS_LDAP_AUTH= tls:simple
NS_LDAP_CREDENTIAL_LEVEL= anonymous
NOTE : I've had to add NS_LDAP_BINDDN and NS_LDAP_BINDPASSWD even if I use anonymous credential level because I get an error when I launch ldap client process.
Then here, everything is apparently OK but when I enable ldap client process the cachemgr process is running about 30s then it crashes:
FROM CLIENT_ANNU:
svcadm disable /network/ldap/client;svcadm enable /network/ldap/client
+/etc/init.d/nscd stop;/etc/init.d/nscd start+
LOG FROM SERVER_ANNU:
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 fd=10 ACCEPT from IP=172.30.69.216:36021 (IP=0.0.0.0:389)
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SRCH attr=supportedControl supportedsaslmechanisms
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=1 UNBIND
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 fd=10 closed
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 fd=10 ACCEPT from IP=172.30.69.216:36022 (IP=0.0.0.0:389)
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SRCH attr=supportedControl supportedsaslmechanisms
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=1 UNBIND
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 fd=10 closed...
FROM CLIENT ANNU :
+# /usr/lib/ldap/ldap_cachemgr -g+
cachemgr configuration:
server debug level 0
server log file "/var/ldap/cachemgr.log"
number of calls to ldapcachemgr 2
cachemgr cache data statistics:
Configuration refresh information:
Previous refresh time: 2008/04/02 09:58:12
Next refresh time: 2008/04/02 21:58:12
Server information:
Previous refresh time: 2008/04/02 09:58:32
Next refresh time: 2008/04/02 09:58:33
server: server_annu, status: ERROR
error message: No root DSE data returned.*
Cache data information:
Maximum cache entries: 256
Number of cache entries: 0
My problem is why I get the following error message : No root DSE data returned.
Thanks in advance for your help!Hi
Is your OpenLDAP server configured to allow anonymous read of the rootDSE attributes ?
Regards,
Ludovic. -
Solaris Name Service Cache and Directory Proxy Problem
We have some Solaris 10 clients ldapcliented to a Directory Proxy Server. After 15 minutes, the Solaris name service cache will fail to communicate to the proxy instance and the proxy instance's readconnectionsrefused attribute will start incrementing.
At first it seemed we would need to increase the worker-threads and num-bind-limit, but those do not fix the problem.
At the same time the name-service-cache starts failing, I am still able to query and search the proxy. I have set up a Jmeter test which continues to run and they never fail.
It seems very consistent that the problem with the name-service-cache occurs every 15 minutes and I am able to reproduce this at the client's site and in my lab. Restarting either the proxy or the name-service-cache clears the problem.
Has anyone else seen this problem?
Edited by: 957466 on Sep 6, 2012 9:11 AMThe idle-timeout on DSEE was set to none, which I believe is the default. I tried setting it to 1200 and 2400 seconds without success.
h3. get-ldap-data-source-pool-prop
<pre>
client-affinity-bind-dn-filters : any
client-affinity-criteria : connection
client-affinity-ip-address-filters : any
client-affinity-policy : write-affinity-after-write
client-affinity-timeout : 20s
description : -
enable-client-affinity : false
load-balancing-algorithm : proportional
minimum-total-weight : 100
proportion : 100
sample-size : 100
</pre>
h3. get-ldap-data-source-prop
<pre>
bind-dn : none
bind-pwd : none
client-cred-mode : use-client-identity
connect-timeout : 10s
description : -
down-monitoring-interval : inherited
is-enabled : true
is-read-only : false
ldap-address : localhost
ldap-port : ldap
ldaps-port : ldaps
monitoring-bind-dn : none
monitoring-bind-pwd : none
monitoring-bind-timeout : 5s
monitoring-entry-dn : ""
monitoring-entry-timeout : 5s
monitoring-inactivity-timeout : 2m
monitoring-interval : 30s
monitoring-mode : proactive
monitoring-retry-count : 3
monitoring-search-filter : (objectClass=*)
monitoring-search-scope : base
num-bind-incr : 10
num-bind-init : 2
num-bind-limit : 1024
num-read-incr : 10
num-read-init : 2
num-read-limit : 1024
num-write-incr : 10
num-write-init : 2
num-write-limit : 1024
proxied-auth-use-v1 : false
ssl-policy : never
use-read-connections-for-writes : false
use-tcp-keep-alive : true
use-tcp-no-delay : true
</pre> -
Hello All,
Am a new learner here, and I was trying to install DSEE 7 [Oracle DSEE 11g] native package on my x86 Solaris 10 9/10 [latest] box, and have added packages as per the installation documents. The idsktune was executed and there was no errors related to system configuration. While when i tried to initialize the dscc it was ejected with an error, which at present am not having and will update here. Once after that I have cross checked the system required patches for Solaris x86 10 and able to track the missing of below patches, though only Authorized accounts only can download the patches, how can i continue here. Without the installation its tough for me to start my learning. Please advise me here
patch ID package name
119345-07 SUNWsasl
119044-03 SUNWjdmk-runtime, SUNWjdmk-runtime-jmx
125444-13 SUNWmfwk-rt
136798-03 SUNWldapcsdk-libs, SUNWldapcsdk-tools, SUNWldapcsdk-dev
119725-06 SUNWljdk
Thanks,
YathiIf you need to download patches, you have to login to My Oracle Support site ( https://support.oracle.com/CSP/ui/flash.html ) and be sure that you support contract grants you the necessary permissions for that.
I'm sorry I can't be much of help, but these are Oracle policies.
Regards,
marco -
Solaris Express Zone install error with SUNWiiimr and SUNWcnetr
Hi all,
I got these errors when installing a new zone on a Solaris Express 1/08 (5.11) on a x64 box:
Installation of these packages generated errors: SUNWiiimr
Installation of these packages generated warnings: SUNWcnetr
The zone creation log shows:
*** package -SUNWiiimr- failed to install with fatal errors:
/export/zones/newzone/root/var/sadm/pkg/SUNWiiimr/install/postin stall: /export/zones/newzone/root/lib/postrun: not found
/export/zones/newzone/root/var/sadm/pkg/SUNWiiimr/install/postinstall: /export/zones/newzone/root/lib/postrun: not found
pkgadd: ERROR: postinstall script did not complete successfully
Installation of -SUNWiiimr- on zone -newzone- failed.
*** package -SUNWcnetr- installed with warnings:
pkgadd: ERROR: unable to create package object -/export/zones/newzone/root/etc/dladm-.
owner name -dladm- not found in passwd table(s)
ERROR: attribute verification of -/export/zones/newzone/root/etc/dladm/aggregation.conf- failed
owner name -dladm- not found in passwd table(s)
ERROR: attribute verification of -/export/zones/newzone/root/etc/dladm/linkprop.conf- failed
owner name -dladm- not found in passwd table(s)
ERROR: attribute verification of -/export/zones/newzone/root/etc/dladm/secobj.conf- failed
owner name -dladm- not found in passwd table(s)
Installation of -SUNWcnetr- on zone -newzone- partially failed.
-newzone- was configured to be a whole root zone. Are there any ways to solve these installation errors?
Thanks in advance.This problem seems some strange - this time with Solaris 10u4, from 10 containers installed on a brand new X2200 (2x cpu) only one do not output those errors, but just this one cannot install the dsee or proxy. This time the errors were from:
Installation of <SUNWxwplr> on zone <dsee-proxy> partially failed.
Installation of <SUNWdtdmr> on zone <dsee-proxy> partially failed.
Installation of <SUNWmconr> on zone <dsee-proxy> partially failed.
Installation of <SUNWrmwbr> on zone <dsee-proxy> partially failed.
Installation of <SUNWlvmr> on zone <dsee-proxy> partially failed.
Installation of <SUNWzebrar> on zone <dsee-proxy> partially failed.
So the machine was, too, just installed. After several hours, anoter atempt to install a zone, this time just this one, returned no errors - and the dsee installed without any complains. All configurations were for whole root zones. Used was Solaris 10u4 with the most recent patch cluster applied. -
Solaris 10 LDAP Clients Intermittently Fail
I'm working on a rather puzzling issue with some of our Solaris 10 systems authenticating against DSEE 6.3. These clients previously worked without issue but starting last week SSH connections would hang for a few minutes and then start working again. This never happened on more than one system at a time.
I found the following messages in /var/adm/messages during the time we have these problems:
Apr 27 08:04:57 hostname nscd[20634]: [ID 293258 user.warning] libsldap: Status: 7 Mesg: LDAP ERROR (85): Timed out.
Apr 27 08:05:47 hostname nscd[20634]: [ID 293258 user.warning] libsldap: Status: 7 Mesg: LDAP ERROR (85): Timed out.
... many of these
Apr 27 08:10:07 hostname nscd[20634]: [ID 293258 user.warning] libsldap: Status: 7 Mesg: LDAP ERROR (85): Timed out.
Apr 27 08:10:17 hostname nscd[20634]: [ID 293258 user.warning] libsldap: Status: 7 Mesg: LDAP ERROR (85): Timed out.
Apr 27 08:10:31 hostname nscd[20634]: [ID 293258 user.warning] libsldap: Status: 7 Mesg: LDAP ERROR (81): Can't contact LDAP server.
To test connectivity to the LDAP server I have a ldapsearch running every 15 seconds an logging the time it took and checking for correct results. during the time that I see the libsldap messages and ssh connections are hanging, the ldapsearch command continues to run fine without slowing down.
A final note is that all three of the problem systems are on the same subnet and systems outside of this subnet aren't having any problems with the same configuration. My first thought was the firewall but ldapsearch continues to work.
Does anyone know if nscd tries to keep the LDAP connection open. Looking at the logged messages it appears as though it gives up after 5 minutes or so, throws the LDAP ERROR (81) and then starts to work again.
Any ideas would be appreciated. This one is making me crazy (crazier).
Thanks.rukbat wrote:
Has anything changed in that time frame?
Any physical changes such as office-moves? new hires? lay-offs?
Could there have been any modifications to the networking hardware such as lengthening the cabling? Is it possible to re-route the subnet to different switches or to different posts on the switches? You might consider snooping the traffic to watch how it traverses the paths to the LDAP server.
If there are other systems on the subnet, do they experience any sort of timeouts ( even if it is to unrelated tasks such as database access or surfing to the Intranet/Internet ) ?
... just random thoughts from a hardware perspective.Given that this started after a maintenance night I'm sure you are correct and something changed. However there are no changes in the maintenance plan that could cause this and nobody will own up to any additional changes. This leaves it to me to try to find what is causing the failure so I can get it corrected.
These are the only three Unix systems on that subnet and they are all experiencing the problem so I don't have anything that is working to compare them to except for the other systems that aren't on that subnet. The other systems are working fine with the same configuration. That's why I'm thinking that it is something external to the problem systems.
Given that all other services on these systems are working, I'm not currently exploring a hardware type failure.
I've been running pfiles on nscd and it appears that it is indeed holding a connection to the LDAP server open (if I'm reading it correctly). The inode assocated with #8 hasn't changed. So my current theory is that maybe the firewall is killing off long connections after a while. This appears to be consistent with the log entries where I get many ERROR (85) and then a final (81). I'm thinking that after the ERROR 81, it re-opens the connection. Just guesses though.
8: S_IFSOCK mode:0666 dev:329,0 ino:3753 uid:0 gid:0 size:0
O_RDWR|O_NONBLOCK
SOCK_STREAM
SO_SNDBUF(49152),SO_RCVBUF(49680),IP_NEXTHOP(0.0.194.16)
sockname: AF_INET6 ::ffff:10.1.50.50 port: 42758
peername: AF_INET6 ::ffff:10.1.52.25 port: *636* -
Dear All,
I need some guidance on Java version compatibility and configuration with Solaris 10. We are having SunOS 5.10 Generic_144488-17, but in the DSEE installation we have used JES 5 which have built in problems, which actually de graded system cacao services and libraries. Later we resolved this issue by applying patch and upgraded the cacao. Here the question is, now i need to verify the Java on the system is reliable and accurate. Could you provide me some link, where I could understand the Java and Solaris.
Below is the Java information which am able to pull from the server.
bash-3.00# java -version
java version "1.5.0_30"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_30-b03)
Java HotSpot(TM) Server VM (build 1.5.0_30-b03, mixed mode)
bash-3.00# uname -a
SunOS ssino07 5.10 Generic_144488-17 sun4v sparc SUNW,SPARC-Enterprise-T5220
bash-3.00# showrev
Hostname: sxxx
Hostid: 85594e34
Release: 5.10
Kernel architecture: sun4v
Application architecture: sparc
Hardware provider: Sun_Microsystems
Domain:
Kernel version: SunOS 5.10 Generic_144488-17
Also would like to share one error, which actually made to open this thread on Solaris Form. Its related to DSEE installation [already opened a thread there], when we copying the one LDAP configuration settings from one server to another server, we got a schema error. Could you guide me specific to Java here.
Failed: Error updating the server xxxx:389. The error is javax.naming.NameAlreadyBoundException: mgrpRFC822MailMember"
Many thanks in advance,Your default system java doesn't matter, ie Solaris has a version of java linked to /usr/bin/java which may link to the same version that DSEE is using or not, ie you can have multiple versions of java on your system. DSEE and the rest of the JES products have their own Java installation linked to a location under /usr/jdk/entsys-j2se
As for your second question, if the schema is different between two servers, then migrating data between them will give you schema violations. In your specific case, have you ever installed any versions of the JES Messaging Server? Some older versions had a conflicting OID in the schema. A quick fix would be just copy the S99user.ldif from the working server to the other server. -
Hi All,
i have very simple and short query, Is Sun Directory comes bundled with Solaris 10 ? or we need to download explicitely.
If we download that is a free version or we need to procure.
Thanks
AvninderHi Avninder,
No it does not come with Solaris 10, nor Solaris 10 current license gives you entitlement with support for it.
Please go and download from www.sun.com/dsee
Etienne -
Problem with adding CA signed Certificate to DSEE Ldap Instance
I am trying to enable SSL with the SUN DSEE LDAP server.
DSEE version: 6.0
Solaris version: 10.3
I am following instructions from the SUNDSEE-ADMIN guide to generate the cert request, and got the signed certificate file. So here is my procedure:
1. generate cert request:
dsadm request-cert ...
2. send the request file to CA
3. got the signed cert back from CA with format like this:
----------BEGIN CERTIFICATE------------
----------END OF CERTIFICATE----------
So now I got two files at hand: the cert request, and the signed cert.
Then I am trying to add the cert to the cert store for my LDAP instance:
$ dsadm add-cert /path/to/instance my-cert ldapcert.crt
Unable to find private key for this certificate.
Failed to add the certificate.
$ dsadm add-cert -C /path/to/instance my-cert ldapcert.crt
This command will complete. But if you list cert, you can only see the CA cert, no new server cert.
My question is, where is this private key file stored? I searched on the forum, and someone mentioned the private key is generated when you issue request-cert command.
So how can I add the server cert? What procedure am I missing here? If you only get one cert file which only has the public key in it from CA, how do you add the server cert apart from the CA cert?
Let me know if I have a wrong understanding for the procedure.
Thanks!I looked at this certificate under windows. It has a certificate chain issued for our LDAP server:
CA root
|----- LDAP server
It looks fine. It is the signed server cert.
I tested import-cert the self-signed cert which has both the private key and public key packed together, and it worked. A new cert is shown up for both "dsadm list-certs" and "dsadm list-certs -C".
But when trying to import the CA-signed server cert, it complains that no private key is found.
I am following instructions from this link:
http://docs.sun.com/app/docs/doc/819-0995/6n3cq3aqp?a=view
But if I do add-cert, I got this error:
$ dsadm add-cert /path/to/instance my-cert ldapcert.crt
Unable to find private key for this certificate.
Failed to add the certificate.It works to import the CA cert though. Can someone advise about the private key missing issue?
Thanks. -
We've just encountered a problem with servers expiring the root password without us previously being notified that the password is about to expire.
When you use su to get to root, (we use SSH to connect to remote servers and deny root access by default - you have to login with normal username and then su as root) are you supposed to get the warnings that the password is going to expire? If you are, then we didn't and now we are stuck until someone can get to the server and boot off CD. Bit of a blow as the server is a few hundred miles down the road! Are there any patches that fix this 'bug'?
Cheers,
Mark.I'm still struggling to get password expiration and inactivation to work with DS 6.3.1 and Solaris 10 5/08. When accounts are expired or inactivated (nsAccountLock) users can still login via ssh. But when accounts are temporarily locked (pwdAccountLockedTime) ssh does the right thing and won't let them log in.
Things work properly when I have
passwd: files ldap
in nsswitch.conf, but when I go to compatibility mode:
passwd: compat
passwd_compat: ldap
ssh 'ignores' expiration and inactivation status of accounts.
Following the advice of your last comment here (4.5 years ago!) I took away all access to the 'userPassword' attribute for the proxy account, but nothing changed (I did an 'ldapsearch' as the proxy account to ensure that the aci was working as expected and denying all access to the attribute).
Would you, akillenb, or anyone, be so kind as to give any information that will let a Solaris 10 client work properly with the enhanced account management facilities of the Sun DSEE 6.3.1 LDAP server? Copies of pam.conf and nsswitch.conf and details on LDAP aci's would be most gratefully received!!! -
Idsconfig, DSEE, and ldapclient error
I've used idsconfig on both Solaris 10 11/06 and Solaris Express b73 to generate a profile that uses proxy credentials and simple authentication. When I run ldapclient on a system to setup the client binding, I get this:
[root@ldap-client1 ~]# ldapclient init -a profileName=profile1 -a proxyDN=cn=proxyagent,ou=profile,dc=const,dc=lan -a domainName=orion.const -a proxyPassword=foo 192.168.2.27
Failed to find defaultSearchBase for domain orion.const
I'm aware of the fact that the idsconfig shipped with Solaris 10 11/06 doesn't support DSEE 6, but the idsconfig in Solaris Express b73 does. When using ldapclient on both of those releases, as well, it still fails with the same error message.
Doing manual initialization doesn't work either. To verify this I've done an ldapsearch, which fails to connect to the DSEE server.
My guess would be that proxyagent doesn't have the correct permissions to read the directory information that it needs to. I've also done an init -v and it seems to not be able to access nisDomain in dc=orion,dc=const. Doing an 'ldapsearch -D="Directory Manager" -b dc=orion,dc=const -h 192.168.2.27 "nisDomain=*" yields one entry. Likewise, using the proxyDN as the binding yields nothing.
Perhaps someone can point me in the right direction for further troubleshooting. I'm running DSEE 6.2 with the latest patch installed (125276-05).
Thanks
Edited by: graphic7 on Oct 13, 2007 1:53 AM
Edited by: graphic7 on Oct 13, 2007 1:55 AMHi,
I do not think that your Directory Server allow anonymous searches. Try to add this ACI for the baseDN: dc=orion,dc=const when initializing the clients:
(target="ldap:///dc=orion,dc=const") (targetattr !="userPassword")(version 3.0;acl "Anonymous read-search access";allow (read, search, compare)(userdn = "ldap:///anyone");)
-Hope this helps!
Maybe you are looking for
-
Oracle Hyperion Query and Reporting Runtime Setup
Experts, We are in the process to implementing Hyperion application (IR & FR), and we are looking for a way to setup some security governance on reports/queries that run for more than an hr. We were told that there is no "out of box" solution from Hy
-
How to monitor changes in a directory
Hai I want my program to listen to a directory and monitor changes made. That is , when ever a new file comes in the directory , i need to copy that file to another directory specified. How can i do it ?
-
How can we generate a usage report
Hi Friends, As my application is going to live, for that i want to usage report. how can we generate a usage reopts ? Thanks in advance
-
Hi, I couldn't able to use insert activity in appending some xml node to my out varaible. It is more confusing between Expression and XPath. Any inputs on this really appreciated Thanks & Regards Venkata Madhu
-
Assignment of Transaction Code to Quick Viewer Program
Hello, We have created the Quick Viewer under Production Server. We would like to assign the transaction code to the quick viewer program. Will it possible to copy the program from production server to development server, creation of transaction code