DSML on DSEE Proxy 6.3.1
Does anyone know how to enable DSML communications to the Proxy server? I see how to enable it to the LDAP server, but could not find any documentation or server setting to enable it on the Proxy server.
Actually you can't - DPS is a pure LDAP proxy.
Similar Messages
-
Solaris Express Zone install error with SUNWiiimr and SUNWcnetr
Hi all,
I got these errors when installing a new zone on a Solaris Express 1/08 (5.11) on a x64 box:
Installation of these packages generated errors: SUNWiiimr
Installation of these packages generated warnings: SUNWcnetr
The zone creation log shows:
*** package -SUNWiiimr- failed to install with fatal errors:
/export/zones/newzone/root/var/sadm/pkg/SUNWiiimr/install/postin stall: /export/zones/newzone/root/lib/postrun: not found
/export/zones/newzone/root/var/sadm/pkg/SUNWiiimr/install/postinstall: /export/zones/newzone/root/lib/postrun: not found
pkgadd: ERROR: postinstall script did not complete successfully
Installation of -SUNWiiimr- on zone -newzone- failed.
*** package -SUNWcnetr- installed with warnings:
pkgadd: ERROR: unable to create package object -/export/zones/newzone/root/etc/dladm-.
owner name -dladm- not found in passwd table(s)
ERROR: attribute verification of -/export/zones/newzone/root/etc/dladm/aggregation.conf- failed
owner name -dladm- not found in passwd table(s)
ERROR: attribute verification of -/export/zones/newzone/root/etc/dladm/linkprop.conf- failed
owner name -dladm- not found in passwd table(s)
ERROR: attribute verification of -/export/zones/newzone/root/etc/dladm/secobj.conf- failed
owner name -dladm- not found in passwd table(s)
Installation of -SUNWcnetr- on zone -newzone- partially failed.
-newzone- was configured to be a whole root zone. Are there any ways to solve these installation errors?
Thanks in advance.This problem seems some strange - this time with Solaris 10u4, from 10 containers installed on a brand new X2200 (2x cpu) only one do not output those errors, but just this one cannot install the dsee or proxy. This time the errors were from:
Installation of <SUNWxwplr> on zone <dsee-proxy> partially failed.
Installation of <SUNWdtdmr> on zone <dsee-proxy> partially failed.
Installation of <SUNWmconr> on zone <dsee-proxy> partially failed.
Installation of <SUNWrmwbr> on zone <dsee-proxy> partially failed.
Installation of <SUNWlvmr> on zone <dsee-proxy> partially failed.
Installation of <SUNWzebrar> on zone <dsee-proxy> partially failed.
So the machine was, too, just installed. After several hours, anoter atempt to install a zone, this time just this one, returned no errors - and the dsee installed without any complains. All configurations were for whole root zones. Used was Solaris 10u4 with the most recent patch cluster applied. -
Dsml and SQL 2005 reporting services?
I usually post over in the IDM forum so be nice to the newbie here :)
I have a Sun Directory server that I've enabled DSML on. On that side everything is good. However, ideally I want to pull this data into a MS SQL 2005 reporting services report. They have support for XML and web services, but the DSML front end doesn't accept GET requests and I don't know how to send the request as post in reporting services.
Has anyone else be able to get something like this working?
Thanks!No idea about MS SQL, but is your reporting service able to use files on disk? If so I guess your problem is easily solved by using an app to fetch data from directory server to disk. If you're more adventerous, you write a script in perl/python which acts as a proxy and translates GET requests to POST and relays data back in real time. Not sure if these help or not, just my thoughts.
-
Dsee 6.2, idsconfig, vlv index processing problems
Hey Folks,
I ran into a problem where the idsconfig script failed on creating 4 vlvindex entries. I had to modify the script to allow me to troubleshoot the problem. I ended up fixing the problem manually, but I'm still not to sure why it happened to begin with. It seems like a race condition, but i could be dead wrong. I thought it might have been the way I answered the idsconfig questions but I went over it quite a bit. This post may be a bit long, but I want to provide enough information.
- Solaris 10 08/07 fully patched (using smpatch) as of 1/10/2008
- DSEE 6.2
- idsconfig that comes bundled with Solaris 10 08/07
- All this is being done inside a logical domain (ldom) on a T2000 using a file image as a disk
The first thing I did was make the following modifications to the idsconfig script so it would not exit on error while adding vlv index entries, and also commented out the cleanup process so I could view the temp file created by idsconfig
Original Code from the add_vlv_indexes() function:
# Add the index.
${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/vlv_index_${i} ${VERB}"
if [ $? -ne 0 ]; then
${ECHO} " ERROR: Adding VLV index for ${i} failed!"
cleanup
exit 1
fiSame code, after my modifications:
# Add the index.
${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/vlv_index_${i} ${VERB}"
if [ $? -ne 0 ]; then
${ECHO} " ERROR: Adding VLV index for ${i} failed!"
#cleanup
#exit 1
fiHere is the full output of the way I used idsconfig to configure the directory:
It is strongly recommended that you BACKUP the directory server
before running idsconfig.
Hit Ctrl-C at any time before the final confirmation to exit.
Do you wish to continue with server setup (y/n/h)? [n] y
Enter the JES Directory Server's hostname to setup: machinename-ldom1
Enter the port number for iDS (h=help): [389]
Enter the directory manager DN: [cn=Directory Manager]
Enter passwd for cn=Directory Manager :
Enter the domainname to be served (h=help): [example.edu]
Enter LDAP Base DN (h=help): [dc=example,dc=edu]
Checking LDAP Base DN ...
Validating LDAP Base DN and Suffix ...
sasl/GSSAPI is not supported by this LDAP server
Enter the profile name (h=help): [default]
Default server list (h=help): [10.1.8.15]
Preferred server list (h=help):
Choose desired search scope (one, sub, h=help): [one]
The following are the supported credential levels:
1 anonymous
2 proxy
3 proxy anonymous
4 self
5 self proxy
6 self proxy anonymous
Choose Credential level [h=help]: [1] 2
The following are the supported Authentication Methods:
1 none
2 simple
3 sasl/DIGEST-MD5
4 tls:simple
5 tls:sasl/DIGEST-MD5
6 sasl/GSSAPI
Choose Authentication Method (h=help): [1] 2
Current authenticationMethod: simple
Do you want to add another Authentication Method? n
Do you want the clients to follow referrals (y/n/h)? [n]
Do you want to modify the server timelimit value (y/n/h)? [n]
Do you want to modify the server sizelimit value (y/n/h)? [n]
Do you want to store passwords in "crypt" format (y/n/h)? [n]
Do you want to setup a Service Authentication Methods (y/n/h)? [n] y
Do you want to setup a Service Auth. Method for "pam_ldap" (y/n/h)? [n] y
The following are the supported Authentication Methods:
1 simple
2 sasl/DIGEST-MD5
3 tls:simple
4 tls:sasl/DIGEST-MD5
5 sasl/GSSAPI
Choose Service Authentication Method: [1] 1
Current authenticationMethod: pam_ldap:simple
Do you want to add another Authentication Method? n
Do you want to setup a Service Auth. Method for "keyserv" (y/n/h)? [n]
Do you want to setup a Service Auth. Method for "passwd-cmd" (y/n/h)? [n] y
The following are the supported Authentication Methods:
1 simple
2 sasl/DIGEST-MD5
3 tls:simple
4 tls:sasl/DIGEST-MD5
5 sasl/GSSAPI
Choose Service Authentication Method: [1] 1
Current authenticationMethod: passwd-cmd:simple
Do you want to add another Authentication Method? n
Client search time limit in seconds (h=help): [30]
Profile Time To Live in seconds (h=help): [43200]
Bind time limit in seconds (h=help): [10]
Do you wish to setup Service Search Descriptors (y/n/h)? [n] n
Summary of Configuration
1 Domain to serve : example.edu
2 Base DN to setup : dc=example,dc=edu
3 Profile name to create : default
4 Default Server List : 10.1.8.15
5 Preferred Server List :
6 Default Search Scope : one
7 Credential Level : proxy
8 Authentication Method : simple
9 Enable Follow Referrals : FALSE
10 iDS Time Limit :
11 iDS Size Limit :
12 Enable crypt password storage : FALSE
13 Service Auth Method pam_ldap : pam_ldap:simple
14 Service Auth Method keyserv :
15 Service Auth Method passwd-cmd: passwd-cmd:simple
16 Search Time Limit : 30
17 Profile Time to Live : 43200
18 Bind Limit : 10
19 Service Search Descriptors Menu
Enter config value to change: (1-19 0=commit changes) [0]
Enter DN for proxy agent: [cn=proxyagent,ou=profile,dc=example,dc=edu] uid=admin-user,ou=People,dc=example,dc=edu
Enter passwd for proxyagent:
Re-enter passwd:
ERROR: passwords don't match; try again.
Enter passwd for proxyagent:
Re-enter passwd:
WARNING: About to start committing changes. (y=continue, n=EXIT) y
1. Schema attributes have been updated.
2. Schema objectclass definitions have been added.
3. NisDomainObject added to dc=example,dc=edu.
4. Top level "ou" containers complete.
5. automount maps: auto_home auto_direct auto_master auto_shared processed.
6. ACI for dc=example,dc=edu modified to disable self modify.
7. Add of VLV Access Control Information (ACI).
8. Proxy Agent uid=admin-user,ou=People,dc=example,dc=edu already exists.
9. Give uid=admin-user,ou=People,dc=example,dc=edu read permission for password.
10. Generated client profile and loaded on server.
11. Processing eq,pres indexes:
uidNumber (eq,pres) Finished indexing.
ipNetworkNumber (eq,pres) Finished indexing.
gidnumber (eq,pres) Finished indexing.
oncrpcnumber (eq,pres) Finished indexing.
automountKey (eq,pres) Finished indexing.
12. Processing eq,pres,sub indexes:
ipHostNumber (eq,pres,sub) Finished indexing.
membernisnetgroup (eq,pres,sub) Finished indexing.
nisnetgrouptriple (eq,pres,sub) Finished indexing.
13. Processing VLV indexes:
example.edu.getgrent vlv_index Entry created
example.edu.gethostent vlv_index Entry created
example.edu.getnetent vlv_index Entry created
ERROR: Adding VLV index for example.edu.getpwent failed!
example.edu.getpwent vlv_index Entry created
example.edu.getrpcent vlv_index Entry created
ERROR: Adding VLV index for example.edu.getspent failed!
example.edu.getspent vlv_index Entry created
example.edu.getauhoent vlv_index Entry created
ERROR: Adding VLV index for example.edu.getsoluent failed!
example.edu.getsoluent vlv_index Entry created
ERROR: Adding VLV index for example.edu.getauduent failed!
example.edu.getauduent vlv_index Entry created
example.edu.getauthent vlv_index Entry created
example.edu.getexecent vlv_index Entry created
example.edu.getprofent vlv_index Entry created
example.edu.getmailent vlv_index Entry created
example.edu.getbootent vlv_index Entry created
example.edu.getethent vlv_index Entry created
example.edu.getngrpent vlv_index Entry created
example.edu.getipnent vlv_index Entry created
example.edu.getmaskent vlv_index Entry created
example.edu.getprent vlv_index Entry created
example.edu.getip4ent vlv_index Entry created
example.edu.getip6ent vlv_index Entry created
idsconfig: Setup of iDS server machinename-ldom1 is complete.
Note: idsconfig has created entries for VLV indexes. Use the
directoryserver(1m) script on machinename-ldom1 to stop
the server and then enter the following vlvindex
sub-commands to create the actual VLV indexes:
directoryserver -s inst_name vlvindex -n example -T example.edu.getgrent
directoryserver -s inst_name vlvindex -n example -T example.edu.gethostent
directoryserver -s inst_name vlvindex -n example -T example.edu.getnetent
directoryserver -s inst_name vlvindex -n example -T example.edu.getpwent
directoryserver -s inst_name vlvindex -n example -T example.edu.getrpcent
directoryserver -s inst_name vlvindex -n example -T example.edu.getspent
directoryserver -s inst_name vlvindex -n example -T example.edu.getauhoent
directoryserver -s inst_name vlvindex -n example -T example.edu.getsoluent
directoryserver -s inst_name vlvindex -n example -T example.edu.getauduent
directoryserver -s inst_name vlvindex -n example -T example.edu.getauthent
directoryserver -s inst_name vlvindex -n example -T example.edu.getexecent
directoryserver -s inst_name vlvindex -n example -T example.edu.getprofent
directoryserver -s inst_name vlvindex -n example -T example.edu.getmailent
directoryserver -s inst_name vlvindex -n example -T example.edu.getbootent
directoryserver -s inst_name vlvindex -n example -T example.edu.getethent
directoryserver -s inst_name vlvindex -n example -T example.edu.getngrpent
directoryserver -s inst_name vlvindex -n example -T example.edu.getipnent
directoryserver -s inst_name vlvindex -n example -T example.edu.getmaskent
directoryserver -s inst_name vlvindex -n example -T example.edu.getprent
directoryserver -s inst_name vlvindex -n example -T example.edu.getip4ent
directoryserver -s inst_name vlvindex -n example -T example.edu.getip6entSince I still had the temp files to look through I was able to find out what entries where not created, and manually added them myself without problems.
The four entries were:
ERROR: Adding VLV index for example.edu.getpwent failed!
ERROR: Adding VLV index for example.edu.getspent failed!
ERROR: Adding VLV index for example.edu.getsoluent failed!
ERROR: Adding VLV index for example.edu.getauduent failed!I then was able to run the following commands successfully:
dsadm reindex -l -t example.edu.getgrent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.gethostent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getnetent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getrpcent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getspent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getauhoent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getauhoent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getsoluent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getauhoent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getauduent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getauthent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getexecent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getprofent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getmailent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getbootent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getethent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getngrpent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getipnent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getmaskent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getprent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getip4ent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=edu
dsadm reindex -l -t example.edu.getip6ent /usr/local/ds6-instances/slapd-inst_name dc=example,dc=eduIm really not sure why I ran into this problem, and was hoping someone would be able to shine some light on something that i possibly could have done wrong. I have read blogs about others running this script on dsee 6.x successfully, so thinking its a bug doesn't seem right.
If anyone wants me to test something or provide more info, i'd be happy to.
Thanks for reading,
Deejam
Edited by: Deejam on Jan 14, 2008 3:44 PM
Edited by: Deejam on Jan 14, 2008 7:57 PMThanks for the response. Sorry about not including the logs. I should have. I have gathered the full logs during the time idsconfig was trying to add the vlvindex entries. I did see that there where a few err=32 codes on the ADD operations on the entries that I had to add manually.
Here is one thing I did notice when I was adding the 4 entries manually. In each of the ldif files idsconfig creates, there are 2 entries as in the following example.
dn: cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: vlvSearch
cn: example.edu_passwd_vlv_index
vlvbase: ou=people,dc=example,dc=edu
vlvscope: 1
vlvfilter: (objectClass=posixAccount)
aci: (target="ldap:///cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config")(targetattr="*")(version 3.0; acl "Config";allow(read,search,compare)userdn="ldap:///anyone";)
dn: cn=example.edu.getpwent,cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config
cn: example.edu.getpwent
vlvSort: cn uid
objectclass: top
objectclass: vlvIndex After idsconfig was done running the entry with the dn of "dn: cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" was created, but the "dn: cn=example.edu.getpwent,cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm" was not created.
This is weird because according to the logs (if i am reading them right) the add operation for the dn that was actually created seemed like it failed.
[14/Jan/2008:14:34:34 -0600] conn=115 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33406 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=115 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:34 -0600] conn=115 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:34 -0600] conn=115 op=1 msgId=2 - ADD dn="cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=115 op=1 msgId=2 - RESULT err=32 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=115 op=2 msgId=3 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=115 op=2 msgId=-1 - closing from 192.168.1.1:33406 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=115 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=1
[14/Jan/2008:14:34:35 -0600] conn=115 op=-1 msgId=-1 - closed.So in fixing it manually I just fed an ldif file that looked like the following:
dn: cn=example.edu.getpwent,cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config
changetype: add
cn: example.edu.getpwent
vlvSort: cn uid
objectclass: top
objectclass: vlvIndexThanks again for the help, and as mentioned before, i will be happy to test, or provide more information,
Deejam
Here are the logs as mentioned above.
[14/Jan/2008:14:34:33 -0600] conn=108 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33399 to 192.168.1.1
[14/Jan/2008:14:34:33 -0600] conn=108 op=0 msgId=1 - SRCH base="cn=example.edu.getgrent,cn=example.edu_group_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:33 -0600] conn=108 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:33 -0600] conn=108 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:33 -0600] conn=108 op=1 msgId=-1 - closing from 192.168.1.1:33399 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:33 -0600] conn=109 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33400 to 192.168.1.1
[14/Jan/2008:14:34:33 -0600] conn=108 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:33 -0600] conn=109 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:33 -0600] conn=109 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:33 -0600] conn=109 op=1 msgId=2 - ADD dn="cn=example.edu_group_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:33 -0600] conn=109 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:33 -0600] conn=109 op=2 msgId=3 - ADD dn="cn=example.edu.getgrent,cn=example.edu_group_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=109 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=1
[14/Jan/2008:14:34:34 -0600] conn=109 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=109 op=3 msgId=-1 - closing from 192.168.1.1:33400 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=110 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33401 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=109 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=110 op=0 msgId=1 - SRCH base="cn=example.edu.gethostent,cn=example.edu_hosts_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:34 -0600] conn=110 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=110 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=110 op=1 msgId=-1 - closing from 192.168.1.1:33401 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=111 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33402 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=110 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=111 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:34 -0600] conn=111 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:34 -0600] conn=111 op=1 msgId=2 - ADD dn="cn=example.edu_hosts_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=111 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=111 op=2 msgId=3 - ADD dn="cn=example.edu.gethostent,cn=example.edu_hosts_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=111 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=111 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=111 op=3 msgId=-1 - closing from 192.168.1.1:33402 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=112 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33403 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=111 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=112 op=0 msgId=1 - SRCH base="cn=example.edu.getnetent,cn=example.edu_networks_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:34 -0600] conn=112 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=112 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=112 op=1 msgId=-1 - closing from 192.168.1.1:33403 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=113 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33404 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=112 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=113 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:34 -0600] conn=113 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:34 -0600] conn=113 op=1 msgId=2 - ADD dn="cn=example.edu_networks_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=113 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=113 op=2 msgId=3 - ADD dn="cn=example.edu.getnetent,cn=example.edu_networks_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=113 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=113 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=113 op=3 msgId=-1 - closing from 192.168.1.1:33404 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=114 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33405 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=113 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=114 op=0 msgId=1 - SRCH base="cn=example.edu.getpwent,cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:34 -0600] conn=114 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=114 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=114 op=1 msgId=-1 - closing from 192.168.1.1:33405 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:34 -0600] conn=115 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33406 to 192.168.1.1
[14/Jan/2008:14:34:34 -0600] conn=114 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:34 -0600] conn=115 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:34 -0600] conn=115 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:34 -0600] conn=115 op=1 msgId=2 - ADD dn="cn=example.edu_passwd_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:34 -0600] conn=115 op=1 msgId=2 - RESULT err=32 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:34 -0600] conn=115 op=2 msgId=3 - UNBIND
[14/Jan/2008:14:34:34 -0600] conn=115 op=2 msgId=-1 - closing from 192.168.1.1:33406 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=115 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=1
[14/Jan/2008:14:34:35 -0600] conn=116 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33407 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=115 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=116 op=0 msgId=1 - SRCH base="cn=example.edu.getrpcent,cn=example.edu_rpc_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:35 -0600] conn=116 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=116 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=116 op=1 msgId=-1 - closing from 192.168.1.1:33407 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=117 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33408 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=116 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=117 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:35 -0600] conn=117 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:35 -0600] conn=117 op=1 msgId=2 - ADD dn="cn=example.edu_rpc_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:35 -0600] conn=117 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=117 op=2 msgId=3 - ADD dn="cn=example.edu.getrpcent,cn=example.edu_rpc_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:35 -0600] conn=117 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=117 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=117 op=3 msgId=-1 - closing from 192.168.1.1:33408 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=118 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33409 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=117 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=118 op=0 msgId=1 - SRCH base="cn=example.edu.getspent,cn=example.edu_shadow_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:35 -0600] conn=118 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=118 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=118 op=1 msgId=-1 - closing from 192.168.1.1:33409 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=119 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33410 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=118 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=119 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:35 -0600] conn=119 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:35 -0600] conn=119 op=1 msgId=2 - ADD dn="cn=example.edu_shadow_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:35 -0600] conn=119 op=1 msgId=2 - RESULT err=32 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=119 op=2 msgId=3 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=119 op=2 msgId=-1 - closing from 192.168.1.1:33410 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=119 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=120 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33411 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=119 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=120 op=0 msgId=1 - SRCH base="cn=example.edu.getauhoent,cn=example.edu_auho_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:35 -0600] conn=120 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=120 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=120 op=1 msgId=-1 - closing from 192.168.1.1:33411 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:35 -0600] conn=121 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33412 to 192.168.1.1
[14/Jan/2008:14:34:35 -0600] conn=120 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:35 -0600] conn=121 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:35 -0600] conn=121 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:35 -0600] conn=121 op=1 msgId=2 - ADD dn="cn=example.edu_auho_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:35 -0600] conn=121 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=121 op=2 msgId=3 - ADD dn="cn=example.edu.getauhoent,cn=example.edu_auho_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:35 -0600] conn=121 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:35 -0600] conn=121 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:35 -0600] conn=121 op=3 msgId=-1 - closing from 192.168.1.1:33412 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=122 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33413 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=121 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=122 op=0 msgId=1 - SRCH base="cn=example.edu.getsoluent,cn=example.edu_solu_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:36 -0600] conn=122 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=122 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=122 op=1 msgId=-1 - closing from 192.168.1.1:33413 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=123 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33414 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=122 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=123 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:36 -0600] conn=123 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:36 -0600] conn=123 op=1 msgId=2 - ADD dn="cn=example.edu_solu_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:36 -0600] conn=123 op=1 msgId=2 - RESULT err=32 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=123 op=2 msgId=3 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=123 op=2 msgId=-1 - closing from 192.168.1.1:33414 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=123 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=124 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33415 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=123 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=124 op=0 msgId=1 - SRCH base="cn=example.edu.getauduent,cn=example.edu_audu_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:36 -0600] conn=124 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=124 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=124 op=1 msgId=-1 - closing from 192.168.1.1:33415 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=125 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33416 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=124 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=125 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:36 -0600] conn=125 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:36 -0600] conn=125 op=1 msgId=2 - ADD dn="cn=example.edu_audu_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:36 -0600] conn=125 op=1 msgId=2 - RESULT err=32 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=125 op=2 msgId=3 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=125 op=2 msgId=-1 - closing from 192.168.1.1:33416 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=125 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=126 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33417 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=125 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=126 op=0 msgId=1 - SRCH base="cn=example.edu.getauthent,cn=example.edu_auth_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:36 -0600] conn=126 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=126 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=126 op=1 msgId=-1 - closing from 192.168.1.1:33417 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=127 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33418 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=126 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=127 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:36 -0600] conn=127 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:36 -0600] conn=127 op=1 msgId=2 - ADD dn="cn=example.edu_auth_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:36 -0600] conn=127 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=127 op=2 msgId=3 - ADD dn="cn=example.edu.getauthent,cn=example.edu_auth_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:36 -0600] conn=127 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=127 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=127 op=3 msgId=-1 - closing from 192.168.1.1:33418 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:36 -0600] conn=128 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33419 to 192.168.1.1
[14/Jan/2008:14:34:36 -0600] conn=127 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:36 -0600] conn=128 op=0 msgId=1 - SRCH base="cn=example.edu.getexecent,cn=example.edu_exec_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:36 -0600] conn=128 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:36 -0600] conn=128 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:36 -0600] conn=128 op=1 msgId=-1 - closing from 192.168.1.1:33419 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:37 -0600] conn=129 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33420 to 192.168.1.1
[14/Jan/2008:14:34:37 -0600] conn=128 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:37 -0600] conn=129 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:37 -0600] conn=129 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:37 -0600] conn=129 op=1 msgId=2 - ADD dn="cn=example.edu_exec_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:37 -0600] conn=129 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=129 op=2 msgId=3 - ADD dn="cn=example.edu.getexecent,cn=example.edu_exec_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:37 -0600] conn=129 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=129 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:37 -0600] conn=129 op=3 msgId=-1 - closing from 192.168.1.1:33420 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:37 -0600] conn=130 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33421 to 192.168.1.1
[14/Jan/2008:14:34:37 -0600] conn=129 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:37 -0600] conn=130 op=0 msgId=1 - SRCH base="cn=example.edu.getprofent,cn=example.edu_prof_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:37 -0600] conn=130 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=130 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:37 -0600] conn=130 op=1 msgId=-1 - closing from 192.168.1.1:33421 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:37 -0600] conn=131 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33422 to 192.168.1.1
[14/Jan/2008:14:34:37 -0600] conn=130 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:37 -0600] conn=131 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:37 -0600] conn=131 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:37 -0600] conn=131 op=1 msgId=2 - ADD dn="cn=example.edu_prof_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:37 -0600] conn=131 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=131 op=2 msgId=3 - ADD dn="cn=example.edu.getprofent,cn=example.edu_prof_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:37 -0600] conn=131 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=131 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:37 -0600] conn=131 op=3 msgId=-1 - closing from 192.168.1.1:33422 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:37 -0600] conn=132 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33423 to 192.168.1.1
[14/Jan/2008:14:34:37 -0600] conn=131 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:37 -0600] conn=132 op=0 msgId=1 - SRCH base="cn=example.edu.getmailent,cn=example.edu_mail_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:37 -0600] conn=132 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:37 -0600] conn=132 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:37 -0600] conn=132 op=1 msgId=-1 - closing from 192.168.1.1:33423 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:38 -0600] conn=133 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33424 to 192.168.1.1
[14/Jan/2008:14:34:38 -0600] conn=132 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:38 -0600] conn=133 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:38 -0600] conn=133 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:38 -0600] conn=133 op=1 msgId=2 - ADD dn="cn=example.edu_mail_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:38 -0600] conn=133 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=133 op=2 msgId=3 - ADD dn="cn=example.edu.getmailent,cn=example.edu_mail_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:38 -0600] conn=133 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=133 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:38 -0600] conn=133 op=3 msgId=-1 - closing from 192.168.1.1:33424 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:38 -0600] conn=134 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33425 to 192.168.1.1
[14/Jan/2008:14:34:38 -0600] conn=133 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:38 -0600] conn=134 op=0 msgId=1 - SRCH base="cn=example.edu.getbootent,cn=example.edu__boot_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:38 -0600] conn=134 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=134 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:38 -0600] conn=134 op=1 msgId=-1 - closing from 192.168.1.1:33425 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:38 -0600] conn=135 op=-1 msgId=-1 - fd=54 slot=54 LDAP connection from 192.168.1.1:33426 to 192.168.1.1
[14/Jan/2008:14:34:38 -0600] conn=134 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:38 -0600] conn=135 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[14/Jan/2008:14:34:38 -0600] conn=135 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[14/Jan/2008:14:34:38 -0600] conn=135 op=1 msgId=2 - ADD dn="cn=example.edu__boot_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:38 -0600] conn=135 op=1 msgId=2 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=135 op=2 msgId=3 - ADD dn="cn=example.edu.getbootent,cn=example.edu__boot_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config"
[14/Jan/2008:14:34:38 -0600] conn=135 op=2 msgId=3 - RESULT err=0 tag=105 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=135 op=3 msgId=4 - UNBIND
[14/Jan/2008:14:34:38 -0600] conn=135 op=3 msgId=-1 - closing from 192.168.1.1:33426 - U1 - Connection closed by unbind client -
[14/Jan/2008:14:34:38 -0600] conn=136 op=-1 msgId=-1 - fd=51 slot=51 LDAP connection from 192.168.1.1:33427 to 192.168.1.1
[14/Jan/2008:14:34:38 -0600] conn=135 op=-1 msgId=-1 - closed.
[14/Jan/2008:14:34:38 -0600] conn=136 op=0 msgId=1 - SRCH base="cn=example.edu.getethent,cn=example.edu_ethers_vlv_index,cn=example,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL
[14/Jan/2008:14:34:38 -0600] conn=136 op=0 msgId=1 - RESULT err=32 tag=101 nentries=0 etime=0
[14/Jan/2008:14:34:38 -0600] conn=136 op=1 msgId=2 - UNBIND
[14/Jan/2008:14:34:38 -0600] conn=136 -
I am having some problems configuring the DSEE 6.0 Proxy Server. It seems like it should be fairly straightforward and maybe I am missing something obvious.
I create the Proxy Server instance, then created a data source to my Directory Instance, through the DSCC. After I create the Data Source under Operational Staus it says 'Could not Retrieve Status'
The following is in the logs:
No data source available for ADD,BIND,COMPARE,DELETE,MODIFY,SEARCH, in data source pool cn=dscc admin data source pool,cn=datasource pools,cn=config .You may want to check whether the configuration of this pool contains at least one data source enabled and with non-zero weights.
I have the data source enabled and also have created a pool and checked the weights and of course verified that the instance of the Directory is up and running. Which btw is running on the same machine.
Anybody had any luck with setting up the Proxy Server or encountered a similiar problem?Here a link available in the Oracle forum:
DPS DSCC doesn't show operational status
-Sylvain -
DSEE problem with SElinux on CentOS
Hi,
this morning tried to install DSEE 7.0 on a CentOS 5.4 system and had problems starting a directory server instance, due to SElinux. With SElinux disabled there is no problem, however as soon as SElinux is enabled I get errors. Later on tried SElinux enforcing enabled with DSEE 6.3.1 and got the same problem. The error I get with SElinux enabled is:
$ sudo /srv/sun/DSEE/dsee6/ds6/bin/dsadm start '/srv/sun/DSEE/instances/dnldap01'
Password:
/srv/sun/DSEE/dsee6/ds6/lib/ns-slapd: error while loading shared libraries: /srv/sun/DSEE/dsee6/ds6/lib/libsh.so: cannot restore segment prot after reloc: Permission denied
/srv/sun/DSEE/dsee6/ds6/lib/ns-slapd -D /srv/sun/DSEE/instances/dnldap01 -i /srv/sun/DSEE/instances/dnldap01/logs/pid failed: err=127
Failed to start Directory Server instance '/srv/sun/DSEE/instances/dnldap01'
After disabling SElinux, there is no problem:
$ sudo /srv/sun/DSEE/dsee6/ds6/bin/dsadm start '/srv/sun/DSEE/instances/dnldap01'
Directory Server instance '/srv/sun/DSEE/instances/dnldap01' started: pid=4014
Information:
$ /srv/sun/DSEE/dsee6/ds6/lib/ns-slapd -V
Sun Microsystems, Inc.
Sun-Java(tm)-System-Directory/6.3.1 B2008.1121.0522 32-bit
ns-slapd : 6.3.1 B2008.1121.0522 DirectoryServices631_branch (Linux clochette 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:32:18 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux) ZIP
Slapd Library : 6.3.1 B2008.1121.0522 DirectoryServices631_branch (Linux clochette 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:32:18 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux)
Front-End Library : 6.3.1 B2008.1121.0522 DirectoryServices631_branch (Linux clochette 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:32:18 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux)
The company policy is to enforce SElinux; what do I need to do to be able to start the directory instance with SELinux enabled? And the same question applies to the directory proxy server instance.
Any suggestions appreciated,
/rolfDSEE 6 or 7 have not been tested with SELinux, therefore unsupported.
-
Solaris Name Service Cache and Directory Proxy Problem
We have some Solaris 10 clients ldapcliented to a Directory Proxy Server. After 15 minutes, the Solaris name service cache will fail to communicate to the proxy instance and the proxy instance's readconnectionsrefused attribute will start incrementing.
At first it seemed we would need to increase the worker-threads and num-bind-limit, but those do not fix the problem.
At the same time the name-service-cache starts failing, I am still able to query and search the proxy. I have set up a Jmeter test which continues to run and they never fail.
It seems very consistent that the problem with the name-service-cache occurs every 15 minutes and I am able to reproduce this at the client's site and in my lab. Restarting either the proxy or the name-service-cache clears the problem.
Has anyone else seen this problem?
Edited by: 957466 on Sep 6, 2012 9:11 AMThe idle-timeout on DSEE was set to none, which I believe is the default. I tried setting it to 1200 and 2400 seconds without success.
h3. get-ldap-data-source-pool-prop
<pre>
client-affinity-bind-dn-filters : any
client-affinity-criteria : connection
client-affinity-ip-address-filters : any
client-affinity-policy : write-affinity-after-write
client-affinity-timeout : 20s
description : -
enable-client-affinity : false
load-balancing-algorithm : proportional
minimum-total-weight : 100
proportion : 100
sample-size : 100
</pre>
h3. get-ldap-data-source-prop
<pre>
bind-dn : none
bind-pwd : none
client-cred-mode : use-client-identity
connect-timeout : 10s
description : -
down-monitoring-interval : inherited
is-enabled : true
is-read-only : false
ldap-address : localhost
ldap-port : ldap
ldaps-port : ldaps
monitoring-bind-dn : none
monitoring-bind-pwd : none
monitoring-bind-timeout : 5s
monitoring-entry-dn : ""
monitoring-entry-timeout : 5s
monitoring-inactivity-timeout : 2m
monitoring-interval : 30s
monitoring-mode : proactive
monitoring-retry-count : 3
monitoring-search-filter : (objectClass=*)
monitoring-search-scope : base
num-bind-incr : 10
num-bind-init : 2
num-bind-limit : 1024
num-read-incr : 10
num-read-init : 2
num-read-limit : 1024
num-write-incr : 10
num-write-init : 2
num-write-limit : 1024
proxied-auth-use-v1 : false
ssl-policy : never
use-read-connections-for-writes : false
use-tcp-keep-alive : true
use-tcp-no-delay : true
</pre> -
Base="" sub search in DSEE and OpenLdap & SLAPI_PLUGIN_PRE_SEARCH_FN troubl
I'm trying to migrate some application from using OpenLdap as user information repositorium, to Sun Directory Server 6.2.
The suffixes layout in OpenLdap looks like this:
rootDSE
|
| - cn=app_configuration
| - dc=com
| | - dc=somedomain
| | - (some users accounts here)
| - dc=net
| | - dc=someotherdomain
| | - (some users accounts here)
......... (and so on)Problem - when user try to login in application, it's using ldap search like this "ldapsearch -b "" -s sub (uid=loginname)"
Which is working perfeclty fine with openldap:
[sady@sady-lin bin]$ ./ldapsearch -b '' -x -s sub '(objectclass=*)' dn
# extended LDIF
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: dn
# ru
dn: dc=ru
# admin, people, sady-lin.energo.ru
dn: uid=admin,ou=people,dc=sady-lin,dc=energo,dc=ru
# com
dn: dc=com
# wiki, people, nwenergo.com
dn: uid=wiki,ou=people,dc=nwenergo,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 23
# numEntries: 22As you can see, all uid entries in all domains are finded.
But in DSEE rootDSE don't follow SUB search, and with base dn equal "" you can see only base dn itself:
[root@ch0-bl1 ~]# ldapsearch -D 'cn=directory manager' -w 12345678 -b '' -s sub '(objectclass=*)'
ldap_search: No such object
[root@ch0-bl1 ~]# ldapsearch -D 'cn=directory manager' -w 12345678 -b '' -s base '(objectclass=*)'
version: 1
dn:
objectClass: top
namingContexts: dc=com
namingContexts: dc=leivo,dc=r
namingContexts: dc=ru
namingContexts: o=comms-config
namingContexts: o=pab
namingContexts: o=PiServerDb
.....I tryed to use Directory Proxy Server, to resolv this issue, but with no result.
I created ldap-data-view with base-dn:"" and dn-mapping-source-base-dn:"dc=ru" (for example). but when i search throu Proxy, it isn't do the mapping:
[16/May/2009:13:03:20 +0400] - OPERATION - INFO - conn=225 op=1 msgid=2 SEARCH base="" scope=2 filter="(objectclass=*)" attrs="*"
[16/May/2009:13:03:20 +0400] - OPERATION - INFO - conn=225 op=1 SEARCH RESPONSE err=0 msg="" nentries=0 etime=0Here is my ldap-data-view props:
[root@ch0-bl1 examples]# dpconf get-ldap-data-view-prop -p 1389 -w /tmp/pass myds2-view
alternate-search-base-dn : dc=com
alternate-search-base-dn : dc=ru
attr-name-mappings : none
base-dn : ""
contains-shared-entries : false
custom-distribution-algorithm : none
description : -
distribution-algorithm : none
dn-join-rule : none
dn-mapping-attrs : none
dn-mapping-source-base-dn : dc=ru
excluded-subtrees : dc=com
filter-join-rule : none
is-enabled : true
is-read-only : false
is-routable : true
ldap-data-source-pool : myds1-pool
lexicographic-attrs : all
lexicographic-lower-bound : none
lexicographic-upper-bound : none
non-viewable-attr : none
non-writable-attr : none
numeric-attrs : all
numeric-default-data-view : false
numeric-lower-bound : none
numeric-upper-bound : none
pattern-matching-base-object-search-filter : all
pattern-matching-dn-regular-expression : all
pattern-matching-one-level-search-filter : all
pattern-matching-subtree-search-filter : all
process-bind : -
replication-role : master
viewable-attr : all except non-viewable-attr
writable-attr : all except non-writable-attr It do mapping perfectly fine, with dc=com, switched for dc=ru,
with this ldap-view parameters:
base-dn : dc=com
dn-mapping-source-base-dn : dc=ru Log will be:
[16/May/2009:13:07:32 +0400] - OPERATION - INFO - conn=229 op=1 msgid=2 SEARCH base="dc=com" scope=2 filter="(objectclass=*)" attrs="*"
[16/May/2009:13:07:32 +0400] - SERVER_OP - INFO - conn=229 op=1 SEARCH base="dc=ru" scope=2 filter="(objectclass=*)" attrs="*" s_msgid=5 s_conn=myds1:131and ldapsearch will return all entries in dc=ru domain.
It's interesting, that when i'm search with base-dn="dc=ru", witch is only routed with Proxy trou my ldap-view with base-dn="", log output looks like this:
[16/May/2009:13:07:27 +0400] - OPERATION - INFO - conn=228 op=1 msgid=2 SEARCH base="dc=ru" scope=2 filter="(objectclass=*)" attrs="*"
[16/May/2009:13:07:27 +0400] - SERVER_OP - INFO - conn=228 op=1 SEARCH base=",dc=ru" scope=2 filter="(objectclass=*)" attrs="*" s_msgid=5 s_conn=myds1:132
[16/May/2009:13:07:27 +0400] - SERVER_OP - INFO - conn=228 op=1 SEARCH RESPONSE err=34 msg="Invalid DN" nentries=0 s_conn=myds1:132
[16/May/2009:13:07:27 +0400] - OPERATION - INFO - conn=228 op=1 SEARCH RESPONSE err=34 msg="Invalid DN" nentries=0 etime=0You can see that base="dc=ru" have been mapped to base=",dc=ru" (with , )/* Break down and log information about the search request. */
int
rootdsesub(Slapi_PBlock * pb)
char * base = NULL;/* Base DN for search */
int scope; /* Base, 1 level, subtree */
int connId, opId, rc = 0;
long msgId;
// char * index = "";
char * indexes[] = {"dc=ru","dc=com"};
char * filter = "";
char * attrs[] = {"",NULL};
int attrsonly = 0;
Slapi_PBlock * search_pb = NULL;
int ind_cnt = 2;
int i = 0;
rc |= slapi_pblock_get(pb, SLAPI_OPERATION_MSGID, &msgId);
rc |= slapi_pblock_get(pb, SLAPI_CONN_ID, &connId);
rc |= slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opId);
if (rc == 0) {
LOG1("*** PREOPERATION SEARCH PLUG-IN - START ***\n");
} else {
return (rc);
/* Log base DN and scope for search. */
rc |= slapi_pblock_get(pb, SLAPI_SEARCH_TARGET, &base);
rc |= slapi_pblock_get(pb, SLAPI_SEARCH_SCOPE, &scope);
if (rc == 0) {
if (scope == LDAP_SCOPE_SUBTREE && strcmp( base, "" )==0 )
rc |= slapi_pblock_set(pb, SLAPI_SEARCH_TARGET, "dc=ru");
rc |= slapi_pblock_get(pb, SLAPI_SEARCH_STRFILTER, &filter);
rc |= slapi_pblock_get(pb, SLAPI_SEARCH_ATTRS, &attrs);
rc |= slapi_pblock_get(pb, SLAPI_SEARCH_ATTRSONLY, &attrsonly);
LOG2("Target DN:%s\n", base);
LOG2("filter:%s\n", filter);
//filter = "uid=sady";
LOG2("filter:%s\n", filter);
LOG2("attrs[0]:%s\n", attrs[0]);
// attrs[0]="uid";
LOG2("attrsonly:%d\n", attrsonly);
search_pb = slapi_pblock_new();
if (search_pb == NULL ) return 1;
LOG1("new pb\n");
for ( i=0; i<ind_cnt; i++)
LOG3("indexes[%d]=%s\n",i,indexes);
rc = slapi_search_internal_set_pb(
search_pb,
indexes[i], /* Base DN for search */
LDAP_SCOPE_SUBTREE, /* Scope */
filter, /* Filter */
attrs, /* Set to get all user attrs. */
attrsonly, /* Return attrs. and values */
NULL, /* No controls */
NULL, /* DN rather than unique ID */
plugin_id,
SLAPI_OP_FLAG_NEVER_CHAIN /* Never chain this operation. */
LOG1("set pb\n");
rc |= slapi_search_internal_callback_pb(search_pb, pb,NULL, rootdse_send,NULL);
LOG1("search inter call pb\n");
slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
if (rc != LDAP_SUCCESS) { LOG1("NOT SUCCESS\n");slapi_pblock_destroy(search_pb);return -1;}
LOG1("get pb result\n");
slapi_free_search_results_internal(search_pb);
LOG1("clean memory\n");
slapi_pblock_destroy(search_pb);
LOG1("clean memory\n");
slapi_send_ldap_result(pb, 0, NULL, NULL, 1, NULL);
LOG1("send ldap result \n");
} else {
return (rc);
LOG1("*** PREOPERATION SEARCH PLUG-IN - END ***\n");
return (rc);
/* Register the plug-in with the server. */
#ifdef _WIN32
__declspec(dllexport)
#endif
int
rootdse_sub_init(Slapi_PBlock * pb)
int rc = 0; /* 0 means success */
rc |= slapi_pblock_set( /* Plug-in API version */
pb,
SLAPI_PLUGIN_VERSION,
SLAPI_PLUGIN_CURRENT_VERSION
rc |= slapi_pblock_set( /* Plug-in description */
pb,
SLAPI_PLUGIN_DESCRIPTION,
(void *) &preop_desc
rc |= slapi_pblock_set( /* Startup function */
pb,
SLAPI_PLUGIN_PRE_RESULT_FN,
//SLAPI_PLUGIN_POST_SEARCH_FN,
(void *) rootdsesub
rc |= slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &plugin_id);
return (rc); -
Errors in starting proxy server
Hi,
i installed DSEE 6.3 Native package for Solaris 10 SPARC platform as "root".
Then i switched as another user "ldap" and created new directory server instances and started them on ports > 1024.
Then i created a new DPS instance as "ldap" user on port 389/636. I switched to "root" and then when i try to start the instance i get the following errors:
Error: Could not initialize the distribution server - Unable to create a client listener 0.0.0.0:389:java.net.SocketException: Permission denied. Disabling the client listener.
The Directory Proxy server failed to start after the waiting period.
The ,,,, instance is not running.
Error executing the operation . The error code is 221
It seems the only way to have it started is to start it as the user who created that "instance".
So to have the proxy running at ports < 1024, i need to create the instance as "root" and start it as "root".
Can any one let me know if there is a workaround to create a DPS instance on ports<1024 as non-root users and then start as "root"Hi Deepz,
here's a quick RBAC recipe I baked last night in search for an answer to exactly your question.
As a summary, I will say that the only trick to solve this is to know that dpadm is a C cli that eventually, after it's done all its checks, spawns a JVM.
Consequently we need to configure two exec permission sets. Here's how:
. log in as root
. create a profile dps-profile by adding the following line in /etc/security/prof_attr
dps-profile:::A profile to allow DPS to bind to 389:help=fake.html. create a permission for dpadm by adding the following line in /etc/security/exec_attr
dps-profile:solaris:cmd:::/path/to/sun/dsee/6.3/bits/dps6/bin/dpadm:uid=0. create a permission for JAVA
to know which java DPS will be started with, simply do dpadm info </path/to/your/instance>For example:
/path/to/bin/dpadm info privileged-proxy/
Instance Path: /path/to/sun/dsee/6.3/forum-5320987/privileged-proxy
Install Path: /path/to/sun/dsee/6.3/bits/dps6
Owner: root(other)
Non-secure port: 389
Secure port: 636
State: running
Server PID: 22060
DSCC url: -
SMF application: -
Instance tag: P-A00
Java command: /path/to/sun/dsee/6.3/bits/jre/bin/javaThis last line is what you are looking for to create permission for this java process to bind to privileged ports as follows:
add the following line in the same file /etc/security/exec_attr
dps-profile:solaris:cmd:::/path/to/sun/dsee/6.3/bits/jre/bin/java:privs=net_privaddr. create a role 'dps-role'
roleadd -P dps-profile dps-role. assign a password to your role:
passwd dps-role. assign your user the role and profile:
usermod -R dps-role -P dps-profile yourUser. log in as your user and then
su - dps-role. make sure your shell is profile-aware. echo $SHELL should output pfsh.
. you can now create and start an instance that is able to bind to port 389 and 636 without the need to be root.
Here's a log of my session -note: I use 6.3 zip install here, hence the custom path- :
$ echo $SHELL
/bin/pfsh
$ id
uid=102(dps-role) gid=1(other)
$ profiles
dps-profile
Basic Solaris User
All
$ /path/to/sun/dsee/6.3/bits/dps6/bin/dpadm create -p 389 -P 636 -D uid=admin -w /path/to/pwd privileged-proxy
Use 'dpadm start /path/to/sun/dsee/6.3/forum-5320987/privileged-proxy' to start the instance
$ /path/to/sun/dsee/6.3/bits/dps6/bin/dpadm start privileged-proxy
Directory Proxy Server instance '/path/to/sun/dsee/6.3/forum-5320987/privileged-proxy' started: pid=22060I do hope this will help you somehow
-=arnaud=- -
Idsconfig, DSEE, and ldapclient error
I've used idsconfig on both Solaris 10 11/06 and Solaris Express b73 to generate a profile that uses proxy credentials and simple authentication. When I run ldapclient on a system to setup the client binding, I get this:
[root@ldap-client1 ~]# ldapclient init -a profileName=profile1 -a proxyDN=cn=proxyagent,ou=profile,dc=const,dc=lan -a domainName=orion.const -a proxyPassword=foo 192.168.2.27
Failed to find defaultSearchBase for domain orion.const
I'm aware of the fact that the idsconfig shipped with Solaris 10 11/06 doesn't support DSEE 6, but the idsconfig in Solaris Express b73 does. When using ldapclient on both of those releases, as well, it still fails with the same error message.
Doing manual initialization doesn't work either. To verify this I've done an ldapsearch, which fails to connect to the DSEE server.
My guess would be that proxyagent doesn't have the correct permissions to read the directory information that it needs to. I've also done an init -v and it seems to not be able to access nisDomain in dc=orion,dc=const. Doing an 'ldapsearch -D="Directory Manager" -b dc=orion,dc=const -h 192.168.2.27 "nisDomain=*" yields one entry. Likewise, using the proxyDN as the binding yields nothing.
Perhaps someone can point me in the right direction for further troubleshooting. I'm running DSEE 6.2 with the latest patch installed (125276-05).
Thanks
Edited by: graphic7 on Oct 13, 2007 1:53 AM
Edited by: graphic7 on Oct 13, 2007 1:55 AMHi,
I do not think that your Directory Server allow anonymous searches. Try to add this ACI for the baseDN: dc=orion,dc=const when initializing the clients:
(target="ldap:///dc=orion,dc=const") (targetattr !="userPassword")(version 3.0;acl "Anonymous read-search access";allow (read, search, compare)(userdn = "ldap:///anyone");)
-Hope this helps! -
Proxy server and or redirction: general question
i would like to setup my network so that all user that see it will have to login and then get access to the internet. i don't know where to start.
on a small scale, using my wireless router, my mac, and the addressed passed out by the router, what do i need? or what do i need to configure?
do i need:
a proxy server? or some kind of configuation on DNS/BIND? kerberos? radius? or just macos x server?
thanks everyone,
g.Yes, you could use DPS to balance load to both masters. But now you have the same issue where if DPS dies, you lose access. So you could have two DPS behind a hardware load balancer. The admin guide explains how to set all this up.
DS 5.2 and DSEE 6.3.1 are ldap v3 compliant. So if you do go with the DPS route, you can use DPS 5.2 or DPS 6.3.1 -
Proxy Servers, Password Resets/Expirations and Password Policies
Our current configuration has two directory proxy servers and two directory servers, all running DSEE 6.3.1. The LDAP clients point to the proxy servers and the proxy servers point to the directory servers.
When the LDAP clients user the proxy servers, users aren't notified on password resets or expirations. When I point one of the LDAP clients directly at on the directory servers, bypassing the proxy servers, the expected behavior of being required to change a password on reset or notification of password expiration works fine.
We would like this to work via the proxy servers as well. Can anyone point me in a direction or two to determine why this isn't working as expected ?
TIA!I opened a service call on this and in speaking with the rep, who was reading the CR mentioned in the first reply, he said it contained a note about the fix being scheduled for release in DSEE 7.x. I'm not sure if it made it into the recently released 7.0 or not.
A patch released for the 6.3.1 proxy servers on the 21st of December didn't include mention of the CR in the notes, although there was mention of another CR that sounded like it might be related.
Since it appears the CR was created in late November, I'd be surprised if either the DPS 6.3.1 patch or the 7.0 full release address the CR. In either case, I'm assuming you'll have to wait if you don't have a support contract with Sun that covers DSEE. -
{font:arial,helvetica,sans-serif}We have just released the latest update in the Directory Server Enterprise Edition 6.x product line. {font}
{font:arial,helvetica,sans-serif}This patch release brings:
{font}
<ul><li>
{font:arial,helvetica,sans-serif}Improved performance for some specific deployments. For example,
deletion of a suborganization is now faster.{font}
</li>
<li>
{font:arial,helvetica,sans-serif}Support for the SuSE 10 operating system. See [Operating System Requirements|http://docs.sun.com/app/docs/doc/820-2759/software?a=view] for details.{font}
</li>
<li>
{font:arial,helvetica,sans-serif}Support for HP-UX 11.23 (PA-RISC). See [Operating System Requirements|http://docs.sun.com/app/docs/doc/820-2759/software?a=view] for details.{font}
</li>
<li>
{font:arial,helvetica,sans-serif}Increased flexibility and security for deployments, with the Directory Service Control Center registry
allowing port change and listening on addresses defined by an IP address.{font}
</li>
<li>
{font:arial,helvetica,sans-serif}Reduced disk space used, by purging replication metadata using
a new purge-csn option in the dsadm command.{font}
</li>
<li>
{font:arial,helvetica,sans-serif}Improved interoperability with other products through the Directory Proxy Server,
with improved LDAP control support.{font}
</li>
<li>
{font:arial,helvetica,sans-serif}The Directory Proxy Server allows bind operations to multiple
data sources including Active Directory and to Sun Java System Directory Server.
Bad password attempts now block users from multiple data sources, increasing
security.{font}
</li>
<li>
{font:arial,helvetica,sans-serif}Install the ZIP distribution as any user on Windows.{font}
</li>
</ul>
*{font:arial,helvetica,sans-serif}You can download Sun Java System Directory Server Enterprise Edition 6.3 software
from the following location.{font}*
*{font:arial,helvetica,sans-serif}[http://www.sun.com/software/products/directory_srvr_ee/get.jsp|http://www.sun.com/software/products/directory_srvr_ee/get1.jsp]{font}*
{font:arial,helvetica,sans-serif}The download page serves as a starting point to direct you to the proper
downloads depending on the distribution type you need to download. Directory Server Enterprise Edition 6.3 is
available in the following distributions.{font}
<ul><li>
{font:arial,helvetica,sans-serif}Native package distribution (Solaris PKG, Red Hat RPM, Windows MSI)
{font}
</li>
<li>
{font:arial,helvetica,sans-serif}ZIP distribution (Solaris, Red Hat, SuSE, HP-UX, Windows)
{font}
</li>
</ul>
{font:arial,helvetica,sans-serif}Identity Synchronization for Windows is not delivered in the Directory Server Enterprise Edition native package
distribution and is only available in the ZIP distribution.
{font}
{font:arial,helvetica,sans-serif}Directory Server Enterprise Edition 6.3 is available in the following forms.{font}
<ul><li>
{font:arial,helvetica,sans-serif}Native patch – patches to upgrade Directory Server Enterprise Edition 6.0, 6.1
and 6.2 native packages installed using the Java ES installer.{font}
</li>
<li>
{font:arial,helvetica,sans-serif}ZIP based distribution – standalone delivery to install Directory Server Enterprise Edition 6.3 or
upgrade Directory Server Enterprise Edition 6.0 and 6.1 and 6.2 ZIP installations.{font}
{font:arial,helvetica,sans-serif}If
you are not familiar with the difference between the Native
installation and ZIP installation please read the following information
in the documentation before upgrading or installing DSEE 6.3: [Directory Server Enterprise Edition Software Distributions|http://docs.sun.com/app/docs/doc/820-2763/install-distributions?a=view]{font}
</li>
</ul>
{font:arial,helvetica,sans-serif}*Note –* {font}
<ol><li>{font:arial,helvetica,sans-serif}The patch release for native installations of Directory Server Enterprise Edition 6.3 on
the Microsoft Windows platform is not available at the same time as the patch
releases on other platforms. The patch release
for native installations of Directory Server Enterprise Edition 6.3 on the Microsoft
Windows platform will be available at a later time and we will update this blog when we have a known date for this.{font}{font:arial,helvetica,sans-serif}
Zip distribution
is currently available for on the Microsoft Windows platform.
{font}</li>
<li>{font:arial,helvetica,sans-serif}The
localization patch files for the native installations have not been
released yet on SunSolve but should be available within a week. The ZIP
downloads contain all the localization files so there are no extra
downloads required for ZIP installations. We will update this blog
once they are available on native installations.{font}
</li>
</ol>
{font:arial,helvetica,sans-serif}For information on patch numbers, see [Software Installation in Sun Java System Directory Server Enterprise Edition 6.3 Installation
Guide|http://docs.sun.com/app/docs/doc/820-2761/install-software?a=view].{font}
{font:arial,helvetica,sans-serif}For the detailed information on what you need to install based on your
current installation, refer to the [Installation Procedure Quick
Reference in Sun Java System Directory
Server Enterprise Edition 6.3 Installation Guide|http://docs.sun.com/app/docs/doc/820-2761/gexdu?a=view].{font}
+{font:arial,helvetica,sans-serif}Directory Server Enterprise Edition+
+Marketing Team{font}+Word on the street is that 6.3.1 should be out in a month or two. I'll try to post an update here once it's out.
You can also keep an eye on this blog http://blogs.sun.com/directoryservices/ (rss feed available)
Edited by: etst123 on Jan 8, 2009 9:25 AM -
Having LDAPS intermittent connection delays of 30sec - 3 min on DSEE 6.3.1
After a lengthy evaluation, we've been running 6.3.1 for a couple of months now in production. Just recently we've been experiencing issues with delayed connections to the server. The delays seem to happen in increments of 30 seconds - sometimes as long as 3 minutes (e.g. :30, 1:00, 1:30, 2:00, 2:30) - although many seem to be 2:30 min. Access logs show that no search or modify operations occur during this period - just connection closures (either B4 or T1 tags). It's as if the DSEE software thinks the network has disappeared. Once the period of time is up, operations resume normally. Does not happen at fixed intervals - can be working fine for 2-3 hours and then hit a snag. Needless to say, some of the users hitting the directory have shorter time-outs than the 2-3 minutes this can take to resolve itself, so there are complaints. Error log does not provide any information except that there are no entires in it for the duration of the service disruption. Note that all connections to this server are SSL connections(LDAPS). I think I ruled out the network as this problem happens even when ldapsearches are issued from the localhost box. The system does not seem to be stressed that I can tell - iostat shows minimal disk usage, prstat shows under 8% CPU utilization.
Particulars:
Platform: Sparc Solaris 10
Hardware: T2000 16GB RAM
Software: DSEE 6.3.1
A couple of theories - Java garbage collection? Thread count issues? Solaris 10 listener issue?
Has this been seen before? Please help!
Thanks.DPS tends to be the answer to the kind of rate limiting you are talking about. You can define a specific connection handler for a particular pattern of bind dn, send the connections to a specific view that uses a data source pool with whatever limits you want.
On the subject of open connections, I can tell you that in one of my load tests on 6.3, I was able to get a throughput of ~30K ops/sec using rsearch with 10 threads (i.e., 10 open connections). The etimes on those operations were in the 20 - 40 ms range, very acceptable performance. When I increased the number of threads to 100, I got the exact same throughput, but etimes increased substantially. When I raised the number of threads to 1000, I again got ~30K ops/sec but average etimes were over one second!
There is a polling thread configuration that can increase the number of threads available to handle incoming requests, but raising it did not change the results appreciably. So I would tend to agree that one key to your performance is limiting the number of open connections to the Directory in the first place. DPS is an excellent way to accomplish this. DPS can also offload SSL computing from your DS if you have the network security to terminate SSL at the proxy and use LDAP only to your DS systems.
Two additional thoughts regarding your OP.
- The 30 second interval is suspicious. Have you explained it? Does your connection flurry happen on a 30 second interval? What is your db checkpoint interval?
- BINDs aren't neccesarily all that expensive, but they can be if they induce writes. Do you have any password policies turned on? -
Native Solaris 10 with DSEE 6.3.1 (or JSDS) with SSL (tls:simple)
Hello There,
I need some help from DSEE or LDAP experts.
I am trying to configure DSEE 6.3.1 to use SSL(tls:simple).
*{color:#0000ff}I have Simple(non-SSL) method working just fine and*
**Also ldapsearch command works fine with simple and SSL methods*{color}**. So I know my certs are good but I just can not make ldap clien to work*
*I followed this document [http://brandonhutchinson.com/wiki/Soup_To_Nuts_Sun_DSEE#Solaris_10_instructions]*
I am using
ldapclient -v init -a profileName=profile3 -a certificatePath=/var/ldap -a domainName=mydomain.com -a proxyDN="cn=proxyagent,ou=pro*file,dc=mydomain,dc=com" -a proxyPassword=XXXXX ldap200.mydomain.com*
Here is the output
+Parsing profileName=profile3+
+Parsing certificatePath=/var/ldap+
+Parsing domainName=mydomain.com+
+Parsing proxyDN=cn=proxyagent,ou=profile,dc=mydomain,dc=com+
+Parsing proxyPassword=xxxxx+
+Arguments parsed:+
+domainName: mydomain.com+
+proxyDN: cn=proxyagent,ou=profile,dc=mydomain,dc=com+
+profileName: profile3+
+proxyPassword: xxxxx+
+defaultServerList: ldap200.mydomain.com+
+certificatePath: /var/ldap+
+Handling init option+
+About to configure machine by downloading a profile+
+findBaseDN: begins+
+findBaseDN: ldap not running+
+findBaseDN: calling __ns_ldap_default_config()+
+found 1 namingcontexts+
+findBaseDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject)(nisdomain=mydomain.com))"+
+rootDN[0] dc=mydomain,dc=com+
+found baseDN dc=mydomain,dc=com for domain mydomain.com+
+Proxy DN: cn=proxyagent,ou=profile,dc=mydomain,dc=com+
+Proxy password: {NS1}67eb0f447bc0f619+
+Credential level: 1+
+Authentication method: 3+
+About to modify this machines configuration by writing the files+
+Stopping network services+
+sendmail not running+
+nscd not running+
+autofs not running+
+ldap not running+
+nisd not running+
+nis(yp) not running+
+file_backup: stat(/etc/nsswitch.conf)=0+
+file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)+
+file_backup: stat(/etc/defaultdomain)=0+
+file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)+
+file_backup: stat(/var/nis/NIS_COLD_START)=-1+
+file_backup: No /var/nis/NIS_COLD_START file.+
+file_backup: nis domain is "mydomain.com"+
+file_backup: stat(/var/yp/binding/mydomain.com)=-1+
+file_backup: No /var/yp/binding/mydomain.com directory.+
+file_backup: stat(/var/ldap/ldap_client_file)=-1+
+file_backup: No /var/ldap/ldap_client_file file.+
+Starting network services+
+start: /usr/bin/domainname mydomain.com... success+
+start: sleep 100000 microseconds+
+start: sleep 200000 microseconds+
+start: network/ldap/client:default... success+
+restart: sleep 100000 microseconds+
+restart: sleep 200000 microseconds+
+restart: milestone/name-services:default... success+
+System successfully configured+
+When I run+
*It takes long time and then*
*+ldaplist: Object not found (Session error no available conn.+*
*+)+*
{color:#0000ff}The command logins also takes long time and does not show any LDAP users.{color}
*+{color:#ff6600}Here is the output from cachemgr.log on client*+*
*+{color}+*
+Tue Jul 14 12:16:07.8984 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log+
+Tue Jul 14 12:16:07.9391 sig_ok_to_exit(): parent exiting...+
+Tue Jul 14 12:16:17.9511 getldap_set_refresh_ttl:(6) refresh ttl is 300 seconds+
+Tue Jul 14 12:16:38.0741 getldap_set_refresh_ttl:(6) refresh ttl is 150 seconds+
+Tue Jul 14 12:16:38.0755 Error: Unable to refresh profile:profile3:Session error no available conn.+
+Tue Jul 14 12:16:38.0756 Error: Unable to update from profile+
+{color:#ff6600}Here is the out from /var/adm/messages.+
+{color:#000000}Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 293258 daemon.warning] libsldap: Status: 81 Mesg: openConnection: simple bind fai{color}+{color:#000000}+led - Can't contact LDAP server+
+Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 292100 daemon.warning] libsldap: could not remove 192.168.190.146 from servers list+
+Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 293258 daemon.warning] libsldap: Status: 7 Mesg: Session error no available conn.+
+Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 186574 daemon.error] Error: Unable to refresh profile:profile3: Session error no available conn.+
+Jul 14 12:16:38 ldap300 /usr/lib/nfs/nfsmapid[19731]: [ID 293258 daemon.warning] libsldap: Status: 81 Mesg: openConnection: simple+ +bind failed - Can't contact LDAP server+
+Jul 14 12:16:38 ldap300 /usr/lib/nfs/nfsmapid[19731]: [ID 292100 daemon.warning] libsldap: could not remove 192.168.190.146 from servers list+
+Jul 14 12:16:38 ldap300 /usr/lib/nfs/nfsmapid[19731]: [ID 293258 daemon.warning] libsldap: Status: 7 Mesg: Session error no avaible conn.+
*ANY HELP IS GREATLY APPRECIATED*
*THANKS*
Edited by: PranavPatel on Jul 14, 2009 12:41 PM
Edited by: PranavPatel on Jul 14, 2009 12:46 PMHere is the the profile from Server
Non-editable attributes
dn: cn=profile3,ou=profile,dc=mydomain,dc=com
authenticationmethod: tls:simple
bindtimelimit: 10
cn: profile3
credentiallevel: proxy
defaultsearchbase: dc=mydomain,dc=com
defaultsearchscope: one
defaultserverlist: 192.168.190.146 192.168.11.221
followreferrals: FALSE
objectclass: top
objectclass: DUAConfigProfile
profilettl: 43200
searchtimelimit: 30
serviceauthenticationmethod: passwd-cmd:tls:simple
serviceauthenticationmethod: keyserv:tls:simple
serviceauthenticationmethod: pam_ldap:tls:simple
Editable attributes:
createtimestamp: 20090714180638Z
creatorsname: cn=directory manager
entrydn: cn=profile3,ou=profile,dc=mydomain,dc=com
entryid: 26
hassubordinates: FALSE
modifiersname: cn=directory manager
modifytimestamp: 20090714180638Z
nsuniqueid: f37fa281-70a011de-80b5f403-069e0ba9
numsubordinates: 0
parentid: 13
subschemasubentry: cn=schema
And here is the output of
*# ldapclient list*
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=mydomain,dc=com
+NS_LDAP_BINDPASSWD= {NS1}67eb0f447bc0f619+
NS_LDAP_SERVERS= 192.168.190.146, 192.168.11.221
NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=com
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= profile3
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_BIND_TIME= 10
NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:tls:simple
NS_LDAP_SERVICE_AUTH_METHOD= keyserv:tls:simple
NS_LDAP_SERVICE_AUTH_METHOD= passwd-cmd:tls:simple
NS_LDAP_HOST_CERTPATH= /var/ldap
Edited by: PranavPatel on Jul 14, 2009 1:08 PM
Maybe you are looking for
-
BUG? using own EntityResolver with SAX doesn't work
Hello, I was experimenting with the oracle.xml.parser.XMLParser using the SAX interface. I've written a test program that instantiates a driver and registers my own handlers (which just print to System.out). I also have my own org.xml.sax.EntityResol
-
trying to connect my iPhone 4 to a blue tooth network on my iMac, and can't do - can anyone help please?
-
Why is my bootcamp software download so slow
Hi everyone, Lately I have had some problems while playing games on bootcamp 4 (windows 7 64 bits) so I wanted to update bootcamp to the latest software which is 5.1.5621 but here is the problem, the download is very slow (5ko/sec). I guess that's no
-
Rebate processing and settlement
Hi All , how can i make the base for my scal in rebate is always zero (eg: 0: 1000 > 1%, 0:2000->2% , 0:3000--->3%) and how can i make partial settelment to my rebate agreement? htanks alot.
-
Rowspan in a report? (APEX 2.2.0)
Hi all, I have a report that looks roughly like the data below. (Please forgive the boring sample data; my imagination is busy elsewhere.) | COL_A | COL_B | col_c | col_d | COL_E | | aye 1 | bee 1 | cee 1a | dee 1a | ee 1a | | aye 1 | bee 1 | cee 1