First time configuring Sol9 built-in SunONE Directory Server

Similar Messages

• JAAS LoginModule for SunOne Directory Server?

  I have a customer who is using SunOne Directory Server for LDAP.
  I have test code that uses the JAAS's com.sun.security.auth.module.JndiLoginModule to do authentication against an OpenLDAP test server.
  The test code won't work at the customer site because they need to use a special userid/pw along with the subject userid/pw in order to do an authentication. I assume this is LDAP v3 stuff, but the customer is unsure. Unfortunately I have no direct access to the customer's LDAP admin folk. Typical bureaucracy stuff.
  The customer was able to write java code that authenticates to his LDAP server using example code from http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html which uses the JNDI API and specifies the access userid/pw using Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS.
  So thats great, however my application uses JAAS, and therfore only indirectly uses JNDI. The JndiLoginModule provided by JAAS does not appear to support the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS parameters.
  A custom JAAS LoginModule could be written which interfaces to the JNDI LDAP stuff, however considering that JAAS and the SunOne Directory server are both Sun products, I thought perhaps SunOne Directory comes with a JAAS compatible LoginModule that my customer does not know about? I've looked at online docs, but haven't found any such thing yet.

  Hey dav,
  Sorry that I am not posting to give you a solution - it is more to ask for some guidance.
  I am implementing a client-server arch system which has a lot of 'privileged' actions to be managed. I have thus succesfully integrated the basics of JAAS in to the system... but I am now desparately looking for away to have client-side policies distributed at runtime from the server.
  I do not want to get involved with any web/application server stuff more than I need to; unfortunately one of the system requirements is for client-server comms to be facilitated by SOAP over HTTP, and thus probably JAX-RPC - but it is no problem. I have a developed a database backed Policy and (JAAS) Config which constitute parts of the server component. Now it is just a case of getting the policy to the client at client start-up and subsequently the configuration forJAAS authentication. The aim is that this data will be transfered once during login, and anytime that the the policy is requested to be refreshed.
  Since reading you post, I'm wondering what services LDAP or JNDI can offer me?
  Also, is JNDI an appropriate option for data persistence? is it better to go with JDO or some other object store abstraction.
  Kind regards,
  Darren B

• Change the User ID running the SunOne Directory Server 6.3 on Windows 2003

  Hi Experts,
  I have an install of SunOne Directory Server Enterprise edition 6.3 running on Windows 2003 server. It was installed using the Zip distribution and is running as a user ID in the Active Directory the server is part of. We are trying to change the user ID to a service account (not the current ID which belongs to a person), so that the Sun DS can run as a service within Windows 2003 server. Need help in doing this without having to re-install the Directory server. Has anyone done this and is it possible to do?

  Thank you very much for the insights and the responses sharmy28.
  Appreciate it very much.
  All I had to do was change the setting in this file only:
  Open the file dsee6/cacao_2/etc/cacao/instances/default/private/cacao.properties and change the below line with new id...
  # Define username and groupname for cacao process
  process.username=sunadmin
  process.groupname=sungroup
  As this is Windows 2003 and the installs are all default values, I had to reboot the server for the change to take effect.
  The file dsee6/cacao_2/usr/lib/cacao/lib/tools/scripts/globals.cfg does not exist. However the same file exists under the perl directory as globals.pl and the settings you specified are present there. In our case these were commented out and so I left them as is.
  Thanks once again for your responses which helped me solve the issue we had.
  Thanks.

• How to create users with i18n characters in SunONE directory server?

  Was trying to create users and groups with i18n characters in SunONE directory server
  1. Started LDAP console using -l option
  2. Chaged the Locale to Japanese
  3. Entered few japanese character as username (meaning internationalization user name)
  4. However, I could not able to type the password using the "soft keyboard" that comes with Japanese Locale
  5. to overcome with #4, for now, I typed english chars as the password
  6. Click OK to save the above username/pwd
  7. It says "netscape.ldap.LDAPException: error result (19); value of attribute "uid" contains extended (8-bit) characters"
  Has anyone ever created i18n user names in SunONE Directory Provider? Please help...

  Hi LostLad,
  Soryy for my ignorance...Could you please be elaborate on how to remove "uid attribute from 7-bit ASCII plugin?
  Thanks in advance..

• How to enable FIPS on sunone directory server 6.3?

  Hi all,
  My product needs FIPS certification.
  As part of that we will be connecting to sunone directory server and use it as user store.
  For that i need the steps to enable FIPS on sunone directory server 6.3.
  Has any one done this before?
  Please help me in this.
  Thanks in advance.
  Usha.

  To enable the TLS Encryption Cipher
  1. Check out the ssl-supported-ciphers property of the server.
  $ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
  $ dsconf get-server-prop -h host -p port ssl-supported-ciphers
    ssl-supported-ciphers :     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    ...Hope this helps,
  -Shankar

• SunOne Directory server on AIX 5.3

  Hello members,
  I have a question for the technical team. I am tasked to install SunOne
  directory server on AIX 5.3.
  We have already installed SunOne on AIX 5.2 and it is proven that it works fine in our live environement however it is not yet tested on AIX 5.3.
  I would like to know if SunOne 5.2 is supported by AIX 5.3 and if I should be aware any potential problems during installation.
  Thanks,
  G.S.

  Hello,
  Thanks Ludovic, I really appreciate info that you have provided.
  I have now managed to install SunOne on AIX 5.3 and tried to create new instance from server group through SUNOne server console GUI.
  But this gives me an error like below:
  createSIE failed for ssDN=test.example.co.uk
  The return code is:155Here is the sieEntry:
  objectclass: netscapeserver,nsDirectoryServer,nsConfig
  Has anybody ever delt with such an error?
  Thanks,
  G

• Regarding sunone directory server

  Hi, i am posting this topic here cos i cudnot find any forum for directory server,
  my query is that do we have any limitaions in group memberships for sunone directory server, kindly reply soon cos its urgent.

  http://forum.java.sun.com/index.jspa?tab=es

• Doubt on first time configuration

  good eve everyone,
  sir this is the first time i installed times ten on windows 7.after installing i done config by going to administrative tools->ODBC then i created the imdb name and the database character set as same as my oracle set and under first connection tab i configured permanent data size as 40 ,temporary data size as 32,replication parallelism buffer MB as 64 and under IMDB cache tab i named the oracle net service as orcl_db then i went to ttisql then this follows
  C:\>ttdaemonadmin -start
  System error 5 has occurred.
  Access is denied.can any one help me...
  thanking you,
  prakash

  ChrisJenkins wrote:
  So can you now start the daemon with ttDaemonAdmin -start? Can you conform that it is running with 'ttStatus'?
  This forum is not really the vehicle to provide detailed tutorials. To understand how to get started with TimesTen you need to invest a little time to (a) read some of the documentation and (b) follow the various 'how to' tutorials included in the TimesTen QuickStart. The documentation and the QuickStart are installed automatically when you install TimesTen on Windows.
  Regards,
  Christhank you for showing me where the vehicle is.now i got the fantastic vehicle .as,im in race need your help in the pitstops.
  i hope u will help me....
  i finally found that the log directory is missing after installation.then i reinstalled the ttdb and confirmed that the log directory is available this time.
  then i connected using
  Command> connect "dsn=my_ttdb";
  Connection successful: DSN=my_ttdb;UID=oomsys;DataStore=C:\TimesTen\DataStorePat
  h\my_ttdb;DatabaseCharacterSet=AL32UTF8;ConnectionCharacterSet=US7ASCII;DRIVER=C
  :\TimesTen\TT1122~1\bin\ttdv1122.dll;LogDir=C:\TimesTen\logs;PermSize=40;TempSiz
  e=32;TypeMode=0;OracleNetServiceName=XE;
  (Default setting AutoCommit=1)thank you chris :)
  Edited by: Prakash T Soundappan on Jun 7, 2013 7:00 PM
  Edited by: Prakash T Soundappan on Jun 7, 2013 7:00 PM

• Help me, please. Can't Install SunONE Directory Server 5.2 Beta 3 on Solari

  I try to install DS on SUN ULTRA 10 with Solaris 9. We don't use internal DNS server but external one.
  Cannot start console. Always I have an error:
  starting up server ...
  ERROR<38917> -Startup -conn=-1 msgId=-1 - Configuration error Can't find localhost name.
  error:Server not running!! Failed to start ns-slapd process.
  system_errno:2
  Configuration of Directory Server succeededConfiguratin of the admin server Failed
  The configuration is folowing:
  /etc/hosts:
  127.0.0.1 localhost
  192.168.1.105 iplanet iplanet.mydomain.nam
  /etc/resolv.conf:
  search mydomain.nam
  nameserver xxx.xxx.xxx.xxx
  nameserver yyy.yyy.yyy.zzz
  /etc/nsswitch.conf:
  hosts: files dns
  /etc/defaultrouter:
  192.168.1.1
  /etc/hostname.hme0:
  iplanet
  /etc/nodenam:
  iplanet
  /etc/netmasks:
  192.168.1.0 255.255.255.0
  Does anybody knows what's goin on?
  Thanks in advance.
  Marat.

  It is not possible to obtain the Sun ONE Directory Server 5.2 BETA Software. There are various reasons, one is the BETA program has been closed for sometime now. The RR of the Sun ONE Directory Server 5.2 should be available at the end of May.
  Regards
  -Michael
  Sun Microsystems, Inc.

• SunONE Directory server fails to install on RHEL 3 U6

  Hello
  we are trying to deploy a Sun Directory server 5.2 on a machine that runs RHEL3 Update 6. It comes back with the following error message:
  ERROR : Red Hat Enterprise Linux ES release 3 (Taroon Update 6) is not recognized by idsktune as a supported platform for Sun Java System Directory Server or Directory Proxy Server. Ensure you are running the version of idsktune provided with your product, or you can run idsktune in client mode (-c) if server support is not required
  I know that the product is compatible with RHEL 3 U4, but we are unable to deploy this version of RHEL because of the new hardware of the server.
  Please could anyone advise on how to resolve the problem. Thank you.

  Hi,
  idsktune should not prevent you from installing the product.
  Which version of Directory Server are you trying to install ? What command are you executing ?
  Regards,
  Ludovic

• Unable to create new instance of SunOne directory server.

  I am trying to create a new instance of LDAP server however I am getting following error
  CreateSIE failed for ssDN=dc=example.com machinename=home.example.com*
  The return code is: 155*
  Any idea?

  I am seeing this same error message. Have you been able to discover the cause?
  Thank you,
  Darren

• How failover works with SunONE Directory Server?

  Assume that I setup 2 masters using the multimaster scheme.
  When 1 master fails/down, how do the client knows or get routed to the other master?

  For full redundancy:
  At the application level:
  -redundant storage (raid, san,nas)
  -multiple connectors to this storage (fiber,ethernet...)
  -multiple LDAP servers (multimaster, replica's)
  -multiple LDAP proxy servers
  -redundant switches/routers (vrrp, ...)
  -loadbalanced by redundant interconnected loadbalancers (level7)
  All this helps in non persistant connections, if application are using connection pooling (for performance reasons), you have to verify the behaviour. Some applications only create this pool at start, but if the pool connections brake, it should reconnect.

• Unhandled exeception has occurred in your application. On first time instal

  I am installing on a server 2003 for the first time. After loading it on the server, I begin to run Installer for my frist instance. After clicking finish on the 'Installation Tasks' screen, it runs until it gets to the 'Installing Webfiles'.  This is where I get the error. As I said this is a first time Web Tools 6 install.  I have a copy of the error message here:
  SAP Business One Web Tools Installer.
  Unhandled exeception has occurred in your application.  If you click Continue,the application will ignore this error and attempt to
  continue.  If you click Quit, the application will close immediately.
  Some or all identity references could not be translated.
  DETAILS:
  See the end of this message for details on invoking
  just-in-time (JIT) debugging instead of this dialog box.
  Exception Text **************
  System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
     at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
     at System.Security.Principal.NTAccount.Translate(Type targetType)
     at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
     at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
     at System.Security.AccessControl.FileSystemSecurity.AddAccessRule(FileSystemAccessRule rule)
     at Installer.Workers.FileWorker.OnDoWork(DoWorkEventArgs e)
     at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)
  Loaded Assemblies **************
  mscorlib
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
  Installer
      Assembly Version: 2007.0.630.10
      Win32 Version: 2007.0.630.10
      CodeBase: file:///E:/Program%20Files/SAP/SAP%20Business%20One%20Web%20Tools/Installer/Installer.exe
  System.Windows.Forms
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
  System
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
  System.Drawing
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
  System.Xml
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
  System.ServiceProcess
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.ServiceProcess/2.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll
  Accessibility
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/Accessibility/2.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
  System.Data
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/assembly/GAC_32/System.Data/2.0.0.0__b77a5c561934e089/System.Data.dll
  System.DirectoryServices
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.DirectoryServices/2.0.0.0__b03f5f7f11d50a3a/System.DirectoryServices.dll
  System.Configuration
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
  System.Transactions
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/assembly/GAC_32/System.Transactions/2.0.0.0__b77a5c561934e089/System.Transactions.dll
  System.EnterpriseServices
      Assembly Version: 2.0.0.0
      Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
      CodeBase: file:///C:/WINDOWS/assembly/GAC_32/System.EnterpriseServices/2.0.0.0__b03f5f7f11d50a3a/System.EnterpriseServices.dll
  ChilkatDotNet2
      Assembly Version: 7.7.2379.17467
      Win32 Version: 7, 7, 0, 1
      CodeBase: file:///E:/Program%20Files/SAP/SAP%20Business%20One%20Web%20Tools/Installer/ChilkatDotNet2.DLL
  msvcm80
      Assembly Version: 8.0.50727.1433
      Win32 Version: 8.00.50727.1433
      CodeBase: file:///C:/WINDOWS/WinSxS/x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5CF844D2/msvcm80.dll
  JIT Debugging **************
  To enable just-in-time (JIT) debugging, the .config file for this
  application or computer (machine.config) must have the
  jitDebugging value set in the system.windows.forms section.
  The application must also be compiled with debugging
  enabled.
  For example:
  <configuration>
      <system.windows.forms jitDebugging="true" />
  </configuration>
  When JIT debugging is enabled, any unhandled exception
  will be sent to the JIT debugger registered on the computer
  rather than be handled by this dialog box.
  Please help, I am at a standstill!!! and can't go any further on the Web Tools Installation.

  ASPNET is a local Windows user and when IIS executes .Net pages and has to access  website files it authenticates to the system as that user. For instance, when you save changes to a theme, such as associating a catalog, you are writing to the files in the /assets/* directory and are doing so as the ASPNET Windows user. This user then needs to have write access to the /assets/* directories for the website to not throw an access denied error.
  In IIS if you look at the application pool settings on the identity tab, you will see an option to choose which local user or group will be this designated "IIS user". Typically this is the local group "Network Service"  which contains the local user ASPNET.
  In the case of the Installer, it is attempting to give the correct permissions to the file directory that contains your website to the ASPNET user. Verify on that server if this user exists by looking at the computer management mmc snap-in then expanding Local Users and Groups and opening the Users folder.

• Acs 5.1 first timer

  Good day to you all, this is actually my first time configuring the acs device. I have gone through the documentations, userguide and some other stuff but cant still find my way around the box. I wan to integrate the box on our network but i'm still testing its operation in a lab. How do I configure this box to interact with the hosts? are there any configuration examples or work through guide I can use?
  I have defined host and users but the host don't get authenticated by the acs box. is there anything I am supposed to do on the acs box to identify this host?
  HOST CONFIGURATION.
  enable password cisco
  username xxxx password yyyy
  tacacs-server host x.x.x.x key cisco
  aaa-new model
  aaa authentication login default group tacacs local enable
  aaa authentication login group console none
  line vty 0  4
  login authentication group tacacs
  exi
  line con 0
  login authentication console
  exi
  ON ACS 5.1 BOX.
  I define user, user password.
  i defined the host using the mac-adress of the host.
  now when i try to telnet, I get authenticated using the local database.
  what am I actually supposed to do on the acs box? are there any videos or slides i can use?
  PLEASE HELP

  On the ACS box a few things need to be done.
  1) Define the host via IP under the Identity group and selec the protocol you want to use
  2) Define a policy either under default device admin for tacacs or default network access for radius
  3) Add a local user to the ACS

• UploadedFile & https Only work first time upload ????

  I am using 10.1.3.4 Jdev. I use UploadedFile interface to upload files from local PC and ftp files to unix server. My "upload" web page works between my local PC and Unix server, but it only works first time upload file and ftp between
  https server (application server--weblogic 10.0) and Unix server. If I just use http without SSL and my codes work fine you can upload file as many times you want and ftp them to Unix server. I used FTP not sftp to transfer files from application server to unix server. Can anyone shed some lights on my head ???? Thx.

  Yes. I changed my code to SFT from ftp. it works. Thx. This URL for sftp: http://www.jcraft.com/jsch/ and is very good .
  Edited by: albertpi on Feb 11, 2010 8:05 AM
  Edited by: albertpi on Feb 11, 2010 8:05 AM