Flash or imaging solaris with directory server

Hi,
I don;t know weather it is "doable" or not and im not sure weather this question belong to directory server or solaris OS question.
This is about OS imaging, but with directory server. Reason, i have to build 10 servers with directory server in it.
Did anybody install directory server on a solaris machine and image that server?
can i use the same image to create rest of the servers?
Appriciate any thoughts / suggestions
-S-

Don't ask me exactly how but flash/flar/imaging is exactly that a complete system image. So you could do this but you will end up with 10 identical - i.e. hostname, IP , nodename - servers.
If it's worth the effort I'd suggest putting the JES components that you need, with SILENT install templates etc, into a jumpstart configuration. Then jumpstart/install each server and run the silent installs with appropriate hostname configurations, I've seen this entirely automated but it takes some work
If this is the only time you're EVER going to do this I'd say you're on the verge of the time worth it versus not stage, if you see the need to do this again in future I'd say it is worth the time investment.
You may consider just using jumpstart with appropriate installation bits to get each server OS going and manually install the Directory.
C

Similar Messages

Performance concern with directory server implementation

performance concern with directory server implementation
I first posted this at metalink forum, and was suggested to post it here instead.
Hi,
I'd like to get any feedback regarding performance of oracle directory server implementation. Below is what I copy&patested from 9i Net Services Administrator's Guide, I found no 'directory server vendor documentation', so anything regarding this is welcome too.
Performance
Connect identifiers are stored in a directory server for all clients to access.
Depending on the number of clients, there can be a significant load on a directory
server.
During a connect identifier lookup, a name is searched under a specific Oracle
Context. Because of the scope of the lookup, you probably want users to experience
relatively quick performance so that the database connect time is not affected. Users
may begin to notice slow connect times if lookups takes more than one second.
You can resolve performance problems changing the network topology or
implementing replication.
See Also: Directory server vendor documentation for details on
resolving performance issues
Thanks.
Shannon

Shannon,
you can find some tuning advises in the following
a) OiD Capacity Planning Considerations
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96574/cap_plan.htm#1030019
b) Tuning Considerations
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96574/tuning.htm#999468
c) oracle net services
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96579/products.htm#1005697
you should start with a) to get an overview what to be aware of
--Olaf

Ldap client with directory server 6.0 on solaris 9 systems

I have a directory server 6.0 running on a solaris 9 system. I have set up idsconfig, vlvindex and certificate database on the server side. The client ldap I am trying to set up is also solaris 9 system. I have set the certificate database on this ldap client using the Resource Kit certutil and import the server certificate to client certificate database. It seems the TLS secure connection did work between LDAP server and client. (I use the Resource Kit ldapsearch command to test it) I use 'ldapclient -v init ...' command using 'profileName=tlsprofile' to initialize the LDAP client and the information returned from that command said LDAP client configed sucsessfully. But when I run ldapaddent command to import /etc/passwd. I got error:
Passwd container does not exist.
The ldapaddent command I ran like this:
ldapaddent -v -f <passwd file> -D "cn=Directory Manager" passwd
Then I tried to use 'ldapclient -v manual ....' command to set up LDAP client. That command finishes succefully. But I still can not import /etc/passwd using ldapaddent with same error.
What is wrong with my set-up?
Thanks,
--xinhuan

I looked into the /var/adm/messages, and I have the following error:
ldap_cachemgr[1640]: [ID 605618 daemon.error] libldap: CERT_VerifyCertName: cert server name 'directory server' does not match 'hostname.mycompany.com': SSL connection denied
It seems I have problem with SSL certificate set-up. I did generate the server side 'hostname.mycompany.com' certificate then use the Resource Kit certutil import that certificate to the client side. Is that right way to do?
Thanks,
--xinhuan

11 instances with Directory server Enterprise 6.3

Hi all, I plan to install the Directory Enterprise server 6.3 with 11 instances. only 1 on the instances will be updated/modified, the rest of the instances are for Querying onl. the directory server will be running on a sun server with 4 CPUs and 4 GB of RAM. Each instance will hold an average of 55,000 entries.
In your oponion, is a setup like this possibe?
Thanks for your time

Thanks for the reply Chris. This is something I inherited.
there is data for a year on each instance. and each instance is running on a seperate port. so slapd-server-1 is running on port 1999, because it has the archived data from 1999, slapd-server-2 is running on port 2000 because it has the archived data from the year 2000. Here is what the instances look like.
bash-3.00# ps -ef|grep slapd
ldap 16690 12518 0 12:24:01 ? 2:15 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-7 -i /opt/e
ldap 16672 12518 0 12:23:27 ? 1:36 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-5 -i /opt/e
ldap 13281 12518 0 Jul 21 ? 4:12 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/var/dscc6/dcc/ads -i /opt/elds/var/d
ldap 13264 12518 0 Jul 21 ? 4:09 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd10 -i /opt/
ldap 16652 12518 0 12:20:33 ? 1:24 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-3 -i /opt/e
ldap 16699 12518 0 12:24:19 ? 2:29 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-8 -i /opt/e
ldap 13242 12518 0 Jul 21 ? 7:26 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-9 -i /opt/e
ldap 16681 12518 0 12:23:50 ? 1:49 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd--6 -i /opt/e
ldap 13096 12518 0 Jul 21 ? 11:23 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-2 -i /opt/e
ldap 16663 12518 0 12:23:16 ? 1:30 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-4 -i /opt/e
ldap 17188 12518 0 13:48:02 ? 0:10 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-1 -i /opt/e
I actually had to disable theDCSS console because of memory issues. Question, i have not finished with this setup yet, is it best to get another server and split up the instances?
thanks

Critical problem with directory server--please help!

We are having issues with some applications and the root cause seems to be the directory server. We see the following errors in the directory server log.
[03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
some other stuff in the log file:
[03/Oct/2008:11:48:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
[03/Oct/2008:11:50:26 -0600] - WARNING<20805> - Backend Database - conn=2361383 op=1 msgId=2 - search is not indexed
[03/Oct/2008:11:50:27 -0600] - WARNING<20805> - Backend Database - conn=2361384 op=1 msgId=2 - search is not indexed
[03/Oct/2008:11:50:28 -0600] - WARNING<20805> - Backend Database - conn=2361385 op=1 msgId=2 - search is not indexed
[03/Oct/2008:11:53:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
[03/Oct/2008:11:57:27 -0600] - WARNING<20805> - Backend Database - conn=2197806 op=82101 msgId=686205 - search is not indexed
[03/Oct/2008:11:57:57 -0600] - ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry "uid=s0224025,ou=People,dc=lethbridgecollege,dc=ab,dc=ca", attribute "pabURI" is not allowed
[03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
[03/Oct/2008:12:03:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
top shows the following: but cpu many times maxes out and runs 100%. Do i need to perform some indexing somewhere or is there other issues?
load averages: 3.04, 3.15, 3.55 12:11:26
224 processes: 222 sleeping, 1 running, 1 on cpu
CPU states: 37.7% idle, 40.2% user, 22.1% kernel, 0.0% iowait, 0.0% swap
Memory: 2048M real, 36M free, 2429M swap in use, 2979M swap free
PID USERNAME LWP PRI NICE SIZE RES STATE TIME CPU COMMAND
10828 mwadmin 129 59 0 0K 0K run 148.1H 24.83% ns-slapd
9466 mwadmin 70 59 0 151M 65M sleep 743:06 1.98% ns-httpd
10738 root 1 59 0 4240K 1032K sleep 34.3H 1.73% top
26298 root 1 0 0 4096K 1696K cpu 0:00 1.51% top
5759 root 9 59 0 14M 96K sleep 851:54 0.77% cctransport
13378 ward 1 59 0 0K 0K sleep 1:23 0.57% prstat
25284 root 1 59 0 68M 27M sleep 561:22 0.50% mixer_applet2
10005 mwadmin 1 59 0 68M 27M sleep 604:43 0.49% mixer_applet2
10003 mwadmin 1 59 0 69M 2600K sleep 306:12 0.25% gnome-netstatus
25282 root 1 59 0 69M 2664K sleep 274:36 0.23% gnome-netstatus
9881 mwadmin 1 59 0 17M 11M sleep 241:04 0.21% Xvnc
9896 root 1 59 0 17M 6856K sleep 245:53 0.19% Xvnc
9911 root 1 59 0 15M 5512K sleep 159:38 0.13% gconfd-2
9901 mwadmin 1 59 0 15M 5576K sleep 157:18 0.13% gconfd-2
7962 mwadmin 45 59 0 0K 0K sleep 749:45 0.10% ns-slapd
any advice would be great.
Darren

Darren,
For this error:
[03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
some other stuff in the log file:
[03/Oct/2008:11:48:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
Solution/Notes:_
The below errors are "informational" in nature.
This is not an issue with the directory server, but with a connection to the directory server and whatever(device,script, or application) is attempting this connection.
These informational errors you are seeing in the logs are typically related to incoming connections from a load balancer or switch.
It is usually some device,script or application doing monitoring of the LDAP server,port or connection.
It is found that one of the biggest culprits to be the Cisco Content Switch or load balancer.
Generally the cause of this error is a "sticky bit" setting within the Cisco Content Services Switch that is causing these errors.
These load balancers periodically ping the servers (every five seconds) to verify that they are alive.
After turning off the "sticky bit" setting, which disables the ping to the server every 5 seconds, the errors will no longer show up.
The best course of action is to find the client doing this kind of monitoring and change it's behavior.You can look at the directory server's access log for B1 errors (the same client causing the PR accept errors in the errors log will cause B1 errors in the access log) at the same time you see these errors in the errors log. Then back track the connection in the access log to find the connectiing IP address of the clienton the first BIND.
If you can not determine the client causing these errors and are concerned about your errors logs filling up then you can either turn off this error logging.
This can be done dynamically on the server with a ldapmodify command:
cd /install-root/shared/bin or cd /var/opt/mps/serverroot/shared/bin
./ldapmodify -p port -h hostname -D "cn=Directory Manager" -w password
dn: cn=config
changetype: modify
replace: nsslapd-infolog-area
nsslapd-infolog-area: 0
If you don't want to do that then you can try and modify this attribute.
"nsslapd-nagle
When the value of this attribute is off, the TCP_NODELAY option is set so that LDAP responses
(such as entries or result messages) are sent back to a client immediately.
When the attribute is turned on, default TCP behavior applies.
That is, the sending of data is delayed, in the hope that this will enable additional data to be grouped into
one packet of the underlying network MTU size (typically 1500 bytes for Ethernet)."
This will require you to stop and restart the server.
NOTE: Below is the suggested fix, however, please apply this at your own discretion as this may or may not fix the issue. It depends on the client making these connections.
1. Stop the directory server
2. Edit the dse.ldif configuration file
3. In the "cn=config
" entry, add the attribute "nsslapd-nagle" with a value of "on".
4. Start the directory server.

Can't synchronize with Directory Server

I am using IdM 8.0.0.1 and Sun Directory Server EE 6.3.
I have created a server instance and suffix in DS and enabled Retro Changelog plug-in.
In IdM I have created a LDAP resource for the DS. The synchronization policy uses the same base context as the suffix and the changenumber attribute.
My problem is that when starting synchronization, IdM looks for changenumbers larger than the the last changenumber in the changelog suffix.
If I create a user in IdM and assigns the DS resource, the user is created in DS. Changes to e.g. the name in DS is shown in IdM but a sync results in an error in the sync log: java.util.ArrayList cannot be cast to java.lang.String.
I hope all this makes some sort of sense and even more, I hope someone can help me make this work.
Thank you in advance.
Stefan

I don't see any references in the error, and I only changed the name attribute so I don't think that is the problem.
I tried something else: I used Load from Resource to do the first import of users from DS to IdM. This worked as expected so now I have some users to play with. But when I create a new user in DS and starts a Sync, nothing happens. I would expect the new user to be sync'ed into IdM?
And IdM still uses the last changenumber+1 as start point - This explains why nothing is sync'ed, but I don't understand why IdM behaves like that or where the start point comes from?
If anyone can point me to a few tutorials on synchronization, I would appreciate it very much.
Stefan

Can I install Portal server 6.1 with Directory server 5.2

Hi,
Can I install Sun ONE Portal Server 6.1 with Sun ONE Directory Server 5.2 that is an existing installation? I have checked iPS 6.1 installation guide that mentioned iDS version should be 5.1.
Thanks a lot,
Yu Mao

Identity server 6.0 SPx has not been certified/tested on DS 5.2.
IS 6.1 will support DS 5.2.

Flash video image problem with newest nVidia driver

I've got a very weird display error since the last update. Basically, whenever I play flash video and afterwards close the browser (chromium), any purely black surfaces will display the full flash player image. The effect is only visible in the "first" window of a xmonad tab, that means if I cycle the window positions it will be in a different window. The others are not affected. When I restart X, I can see the flash video image flashing up shortly on the black screen. Restarting X fixes the issue. I cannot take any screenshot of the problem because the error is NOT visible on the screenshot. Therefore I suspect that some frame buffer used for the flash player is not getting cleared properly after exiting the browser, but it's really little more than a wild guess.
As there are multiple components involved, I'm at a loss of where this might be coming from. I hope someone might be able to shed some light on this situation. Please post here if you have the same problem or have any idea why this happens!
My setup:
-nvidia 260.19.36-2
-flashplugin 10.2.152.27-1
-chromium 9.0.597.94-1
-xmonad 0.9.2-1
-xmonad-contrib 0.9.2-1
Last edited by Natanji (2011-02-15 11:33:11)

Natanji wrote:Thanks, that seems like it helped. So this is a flashplayer bug? Was it already reported?
if you asking about a bug reported on arch linux bugtracker, then you are doing it the wrong way.
flash and nvidia are closed source, we can't do anything. A better place is to submit bugs to nvidia and adobe.
Now i see that nvidia 270.26 was released. Maybe you want to check that out:
http://www.nvnews.net/vbulletin/showthread.php?t=159683

Weblogic Core Dumps on Solaris with Hotspot Server VM

For Sun Microsystems SPARC with Solaris 2.7 the supported platform is
"SunSoft SDK 1.3.1 JavaTM 2 Runtime Environment, Standard Edition (build
1.3.1-b24) Java HotSpotTM Server VM (build 1.3.1-b24, mixed mode)"
We have set the MaxPermSize as specified below and are still receiving
periodic core dumps in a production environment. The most recent of which
is "Unexpected Signal : 11 occurred at PC=0xee4b5d00 Function
name=JVM_CurrentTimeMillis" a reported bug on Sun's bug parade (Bug Id
#4488864). Are there some other settings that we should try? Is there a
more stable VM we should be using like "SunSoft SDK 1.3.0 JavaTM 2 Runtime
Environment, Standard Edition (build 1.3.0) "?
Help would be appreciated,
Thanks
Problems with JDK 1.3 crashing
If you have problems with OutOfMemory errors and the JVM crashing with JDK
1.3, try setting: -XX:MaxPermSize=128m. There is currently an open bug on
Sun's bug parade that describes this problem. See,
http://developer.java.sun.com/developer/bugParade/bugs/4390238.html

FYI: Stability seems to have been achieved by setting:
-XX:MaxNewSize=64m
-XX:MaxPermSize=128m
"Paul Hamill" <[email protected]> wrote in message
news:[email protected]..
Unfortunately we tried switching to client and we still periodically getthe
core dumps.
"Dimitri Rakitine" <[email protected]> wrote in message
news:[email protected]..
I'd be interested to know this as well - so far the only stable option
that I know of is to use client JVM. Server Hotspot crashes, sooner
or later. 1.3.1-b24 server crashes as well, but not the client JVM.
Paul Hamill <[email protected]> wrote:
For Sun Microsystems SPARC with Solaris 2.7 the supported platform is
"SunSoft SDK 1.3.1 JavaTM 2 Runtime Environment, Standard Edition
(build
1.3.1-b24) Java HotSpotTM Server VM (build 1.3.1-b24, mixed mode)"
We have set the MaxPermSize as specified below and are still receiving
periodic core dumps in a production environment. The most recent of
which
is "Unexpected Signal : 11 occurred at PC=0xee4b5d00 Function
name=JVM_CurrentTimeMillis" a reported bug on Sun's bug parade (Bug Id
#4488864). Are there some other settings that we should try? Is
there
a
more stable VM we should be using like "SunSoft SDK 1.3.0 JavaTM 2Runtime
Environment, Standard Edition (build 1.3.0) "?
Help would be appreciated,
Thanks
Problems with JDK 1.3 crashing
If you have problems with OutOfMemory errors and the JVM crashing with
JDK
1.3, try setting: -XX:MaxPermSize=128m. There is currently an open bugon
Sun's bug parade that describes this problem. See,
http://developer.java.sun.com/developer/bugParade/bugs/4390238.html
Dimitri

BOXI # 1 On Sun SOlaris with SQL Server 2005

HI Friends,
Could some on provide me the Procedure to follow to install Sql Server JDBC Drivers 2.0 on Solaris Server and Installing Repository on to the SQL Server 2005.
I appreciate Your help
Thank You

You seem to have done everything correctly and diligently. I would ask that you open
an official support case.

How can I install Calendar 3.51 with Directory Server 5.1

Just before completion whilst adding the node, error 327747 is being returned. Install guide says to select suitespot user for ldap when installing ldap but this was not possible. Also the ldap logfiles show nothing in the error log and the access log only show the check for existing node number.

http://xml.apache.org/soap/faq/faq_chawke.html#Q2_30

Solaris 8 and iPlanet Directory Server 5.1: Help

Could anyone help with advice or where to find documentation of how to setup a Solaris 8 client machine to authenticate against iPlanet Directory Server 5.1? The only documentation (eg books, BluePrint articles) I can find cover iPlanet Directory 4.11 or 4.12 and a Solaris 8 client. Even the tools from the BluePrint Tools area at Sun only talk about using iPlanet Directory Server 4.11/12. Quite a lot seems to have change from iDS 4.12 to iDS5.1.
Any help would be greatly appreciated.
Thanks in advance,
Stewart

Hi Steven, I suppose that this question is identical to your other question: " Topic: solaris 8 client setup with solaris 9 ldap".
So the answer will be the same.
You may find what you are looking for in the following technical note: http://knowledgebase.iplanet.com/ikb/kb/articles/7966.html
It is called: "Cookbook for Solaris 8 client with Directory Server 5.1/Solaris 9"
Cheers / Damien.

Installing iMS 5.2 Patch 1 with Sun ONE Directory Server 5.1

Hi,
In the documentation of "Installation Guide for Windows NT iPlanet� Messaging Server - Release5.2" It is said that it is possible to install iMS 5.2 with Directory Server 5.1 SP2.
I am currently using Dir Server 4.16 and I tried recently to install Directory Server 5.1 and iMS 5.2 on a new machine configured to run with Win 2000 Server. The problem is that the installation doesn't work correctly, the database can't connect or I couldn't find the files with the Perl script to update the server. When I copy them from the version 4.16 and try to apply the script, it refuses to apply. It seems that Directory Server 5.1 is too recent to be used with iMS 5.2. Is it possible ?
Is there a way to get them work together instead of working with the (old) 4.16 release ? The doc says it is possible but I tried every possible ways, it didn't install correctly.
If anyone has a suggestion ...
Thank you,
Fr�d�ric

I have a problem while running the ims_dssetup.pl patch, here is the msg I receive :
Here is a summary of the settings that you chose:
Server Root : d:\iplanet\servers
Server Instance : slapd-dns1
Users/Groups Directory : Yes
Update Schema : yes
DC Root : o=internet
User/Group Root : o=gcity-creative.com
Add New Indexes : yes
Schema Directory : .\config
Directory Manager DN : cn=Directory Manager
Do you want to continue [y]:
Please check the user/group suffix "o=gcity-creative.com" under "cn=mapping tree
, cn=config". at ims_dssetup.pl line 969.
And of course if I install the iMS 5.2 after that (I have iMS 5.2 in iplanet\server5 folder and iDS 5.1 in iplanet\servers folder), the installation crashes telling me that the system can't create the DC tree etc...
Any idea about this ?

Replication problem with iPlanet directory server 5.1 SP2 HF1

If I make a apply a change to either of consumer servers for an entry that belongs to the large database, that change does get applied to the consumer targated but it can not refer the change to teh master. Neither the master, nor the other consumers get updated consequently. I did not have this problem with directory server 5.1 SP1. I only see this problem after I apply directory server 5.1 SP2 HF1.
From the error log file, I see the following message:
NSMMReplicationPlugin - repl_set_mtn_referrals: could not set referrals for replica

I have a suggestion - try another means for administering your directory - use the console only for maintenance and tuning purposes. There are several products out there that are much better for day to day operations ...
Otherwise - I think with 5.1 the view is based on the rdn of the entries - and I am not sure it is customizable. Additionally I know 5.2 solved your second issue - maybe the latest SP of 5.1 has solved it as well - though I don't really know ...
-Chris Larivee

When I try to connect LDAP server with Directory certificate installed in Onboard Administrator , I get the below error message. Initiating Directory Settings diagnostic for LDAP server 10.0.0.2 port 636

10.0.0.2Accepting Directory Server certificate for /CN=qtp-ldap.oaqtp.com signed by /DC=com/DC=oaqtp/CN=qtp-ldap
Skipping certificate 1 (/CN=qtp-ldap.oaqtp.com): subject issuer mismatch
Certificate of Directory Server cannot be verified with the installed LDAP certificate.
Unable to establish SSL connection with directory server.
You may need to install a certificate for your server to allow SSL connections.
It says "Subject Issuer mismatch" .. What could be the reason ?
-Shibi Keyan

Well, it sounds like the certificate name is different than what you are trying to connect to. Can you try connecting to the DNS name instead? This sounds like a DNS and Certificate Name issue.
http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx
Kurt Hudson, Sr. Technical Writer AD DS, AD CS, PKI, Azure AD

Flash or imaging solaris with directory server

Similar Messages

Maybe you are looking for