H/w requirements for DIrectory server for 200,000 users

Similar Messages

• End of support dates for Directory Server

  does anyone know where I can find an end of support matrix for Directory Server ? We are still running 5.1sp4.....Thanks

  Is this information publicly available? I am interested in this as well...
  Thanks

• Compatible tomcat version for Directory server 6.3

  Dear All,
  Could someone please tell me which version of Tomcat will be the compatible for Directory Server 6.3. And i am new to this directory server environment, here i need to install tomcat too so kindly send me the steps for installing tomcat. Thanks!
  Regards,
  Karthik

  Hi Karthik,
  Directory Server 6.3 Control Center has been released many years ago, so it has been certified (so this means that IT IS OFFICIALLY SUPPORTED) on the most common application servers at that time, so Tomcat 5.5 and Sun App Server 8.2.
  Personally I've run the DSCC also on the latest releases of Tomcat (6.0.35 at the time of writing) and Glassfish (2.1.1 series) for test deployments absolutely fine; but in case of issues, if you want your solution to be 'officially supported' by Oracle, you've got to reproduce the problem on the supported app servers in the compatibility matrix.
  HTH,
  marco
  P.S.: also Directory Server 6.3 is getting older and older... at least try to get the latest patch: 6.3.1.1.1
  http://docs.oracle.com/cd/E19261-01/E26994/html/index.html
  The latest release is now 11.1.1.5.0 if you don't have any architectural/sw compatibility constraint, try to move/migrate to a more recent release

• The DHCP service failed to see a directory server for authorization.

  We have two DHCP servers hosted on Hyper-V.
  But after shutdown activity at our DC, the servers gave an usual issue.
  "The DHCP service failed to see a directory server for authorization."
  We have rebooted number of time before getting this server into production but it never gave such kind of error.
  Also this time the local DC was shutdown.
  Please suggest the necessary steps to be taken.

  Hi,
  The authorized DHCP server contacts a domain controller every 60 min to detect/redetect his status. Maybe your DHCP has tried to reach the DC which was offline thus throwing that error. Are you still having issues with DHCP server servicing clients?
  Once the server talks to a DC and checks that his authorized the service will start leasing IPs to clients.
  http://technet.microsoft.com/en-us/library/cc754493.aspx
  http://technet.microsoft.com/en-us/library/cc781697(v=ws.10).aspx
  Regards,
  Calin

• The DHCP Service failed to see a directory server for authorization error

  Hi Experts,
  "The DHCP Service failed to see a directory server for authorization error"
  I have DHCP Server installed on the same server where Active directory is installed its a domain controller, when I see the event logs I saw the above error. 
  This alert comes a number of times, just after the error
  "The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain eg.com.pk, has determined that it is authorized to start. It is servicing clients now."
  Please somebody suggest some solution for this.
  TechSpec90

  Two questios:
  Is the server a domain controller?
  And, according to this, "The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain eg.com.pk, has determined that it is authorized to start. It is servicing clients now", the service eventually do start, yes?
  Best Regards,
  Jesper Vindum, Denmark
  Systems Administrator
  Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

• Generating Self Signed Certificate for iPlanet Directory Server for testing

  Hi Experts,
  I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
  Thanks in Advance,
  Kalyan

  Here's one I did earlier.
  Refers to Solaris 10
  SSL Security
  add a new certificate that lasts for ten years (120 months).
  stop the instance:
  dsadm stop <instance>
  Remove DS from smf control:
  dsadm disable-service <instance>
  Change Certificate Database Password:
  dsadm set-flags <instance> cert-pwd-prompt=on
       Choose the new certificate database password:
       Confirm the new certificate database password:
  Certificate database password successfully updated.
  Restart the instance from the dscc:
  DSCC -> start <instance>
  Now add a new Certificate which lasts for ten years (120 months; -v 120):
  `cd <instance_path>`
  `certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
       Enter Password or Pin for "NSS Certificate DB":
  Stop the Instance.
  On the DSCC Security -> Certificates tab:
       select option to "Do not Prompt for Password"
  Restart the instance.
  On the Security -> General tab, select the new certificate to use for ssl encryption
  Restart the instance
  Stop the instance
  Put DS back into smf control:
  dsadm enable-service <instance>
  Check the smf:
  svcs -a | grep ds
  # svcs -a|grep ds
  disabled Aug_16 svc:/application/sun/ds:default
  online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
  online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1

• Enable Custom Authentication for License Server for Packager Server

  How to enable processing of Custom Authentication for License Server for Packager Server?
  Please give examples.

  If I understand your question, you want to use the Flash Access Manager and/or the Watched Folder Packager (both are components of the Reference Implementation) to package content for a license server that uses Custom Authentication. To accomplish this, you need to use the Flash Access SDK to create a policy that specifies Custom Authentication is used.  For example:
  Policy pol = new Policy(false);
  LicenseServerInfo licServer = new LicenseServerInfo(AuthenticationType.Custom);
  pol.setLicenseServerInfo(licServer);
  // set rights and other policy attributes
    Once you create the policy, place the policy file on the Packager Server, and you can use this policy to package content.

• Minimum Solaris installation for Directory Server

  Hello,
  i want to set up a new Solaris installation for Sun ONE directory server.
  But i don't want to install always the "entire distribution" and then turn off all services. I want to keep the solaris os installation as small as possible. Has anybody tried this before and can report some experiences? Is the "reduced network" cluster the right way to go or better the "core" cluster? Does anybody have a list of the packages which must be installed after a minimal solaris installation for the ds to work?
  Thanks a lot,
  af_inet

  Since you original question is "minimum requirement
  at the SERVER", I would say that X is not really
  needed at the server end if you use installer text
  mode CLI (command is "./installer -nodisplay")
  instead of installer graphical mode (GUI). However,
  to fix uninstall/reinstall issue, X is needed as the
  "prodreg" which is used to uninstall packages is a X
  program, without text mode option.This is correct.
  It is not a must to run ./startconsole (X program)
  LOCALLY so as to perform DS admin functions as you
  could always run SUN ONE Console REMOTELY from any
  remote host (Windows or UNIX/Linux) with just the
  console binaries installed. (for large data centre
  env. the LDAP server is usually locked in server room
  away from your desk and you tend to use remote admin
  console).This is correct too. I think it's a matter of taste if i want to install console on the DS itself or on a separate host. As long as i have only one DS i will leave it on the machine itself. But you are right, this is not a must. So i should have asked my question more precicely :-)
  Thank you very much,
  Chris

• Configuring a Directory Server for Digital IDs and Certificates

  My company is moving toward using electronic signatures for internal documents. All of the users are on XP machines and have Acrobat Professional 8.0 installed. So far, I've been manually adding trusted IDs for each person who will be receiving signed documents that need to be validated. I'd like to make this a little easier by storing everyone's certificates on a server (Windows 2003) so that people can just go out there and add them all as one .fdf file. What I'm wondering is, what is the difference between doing it this way versus going through Acrobat and configuring a directory server? Will it work either way?
  Thanks!
  Anita

  Hi,
  Sorry for the late reply, regarding the error message: The DHCP services could not Contact Active Directory,
  please check the below KB article to see if it could help here:
  You are unable to authorize DHCP Server in Active Directory
  http://support.microsoft.com/kb/303317/en-us
  Reference for error ID 1059, and
  error ID 10020.
  For The specified server are already present in the directory services,
  please take a look into the below Blog:
  Active Directory DHCP authorisation issues
  The method mentioned in the blog above is trying to move the old information that stored in AD, and then take an action of re-authorisation of the DHCP server.
  Hope this may help
  Best regards
  Michael
  If you have any feedback on our support, please click
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Change Directory server for Portal Server 6.2

  Hi there,
  I have the following problem with Portal Server 6.2 configuration which hopefully someone here will be able to help me with.
  Basically our current setup is the Sun Portal Server 6.2, ID server 6.1 and Directory server all sitting on one (Solaris 9) box. We now wish to separate the Portal / ID server components and the Directory Server component to separate boxes. In portal server 6.0 i think there was a pssetup tool which allowed configuration of a directory server which populated it with the necessary data for portal and ID server. The directory server we will be installing to will not necessarily be a clean install, i.e. it may already be populated with data.
  Is there some way therefore to re-configure the existing directory server to allow us to point our portal / ID server at it?
  Thanks in advance for any help
  Laurence.

  This can be done. You need to import the portal/identity server's schema into your new directory server and then export your existing directory server's content and import it into the new one.

• Which directory server for naming?

  We are currently using OID for our Oracle naming resolution.  We are not running Identity Management, Portal, or any of the myriad of other middleware products that rely on directory server.  
  I need to migrate the OID to new hosts.  I've been flailing about with ODSEE, not realizing that Oracle has 3 different directory servers -- OID, OUD, and ODSEE.  Which one of these would be the best to use for this purpose?   Also, which one would leave me in the best position if we do adopt one of these other products?

  OUD is the best option as it supports TNS Names and EUS like OID does. I don't think ODSEE is an option here.
  Have a look at Frankie goes to Hollywood: Oracle Unified Directory 11.1.2.1.0: TNS and EUS - Part 1: TNS Resolving
  Sylvain

• Single directory Server for Messaging and Portal

  We are trying to unify our directory services.
  At present, there two directory servers, one for iPlanet messaging 5.2 and another for Portal server 6.0.
  Messaging's Directory server is v5.1 and Portal's Directory server is v5.2. Their BaseDN is same.
  Now, What we are planning to do is as below.
  1. LDIF everything from Msgr Directory and import into Portal's Directory.
  2. Point Msg Server to the Portal's directory.
  But, we are not sure what to export or how to tell messaging server to look at the Portal's Directory. Any help will be greatly appreciated!!!
  Thanks
  Srini

  What you are trying to do is non-trivial.
  Setting the ldap server for user and groups on the mail server is easy enough -- look at the output of configutil and you will find the values of local.ugldap*
  define the values you need to change.
  e.g.:
  local.ugldapbasedn
  local.ugldapbindcred
  local.ugldapbinddn
  local.ugldaphost
  local.ugldapport
  etc.
  These are all listed in the messaging reference manual.
  You need to ensure that the schemas of the two apps. match. For example, if you are using schema 1 for mail and schema 2 for the portal (quite likely), there will be a lot more work to do on the directory than simply moving the user entries accross and merging them.
  Unless you have done this sort of thing before, or feel very comfortable and knowlegable about how the messaging server in partuicular works with LDAP, I would suggest that you seriously consider getting help from Sun Professonal Services.

• URL to be used in high availability for Directory Server

  Hi All,
  I have an environment configured for high availability. I have two OVD and OID servers each in this environment, configured in high availability. What should be the value in the Server URL field of the Directory Server IT Resource in the OIM for this environment? In the normal environment, I had it as "ldap://ovdhost01:6501" and it was working fine. But since there are two servers here, I am not sure what URL to use in place of this. The entry for the two ovd hosts in the OHS is "idstore.com" which is configured on 6501 port. But I tried using the following URLs and none of them worked:
  1. idstore.com
  2. ldap://idstore.com
  3. ldap://idstore.com:6501
  4. ldap://ovdhost01:6501,ldap://ovdhost01:6501
  Can someone help me know the correct URL to be used in this case?
  Thanks,
  $id

  Not sure about OVD or OID but for SOA and OIM:
  SOA:
  XMLConfig -> XMLConfig.SOAConfig -> SOAConfig
  Rmiurl -> t3://soahost1:soaport1,soahost2:soaport2
  Soapurl -> Load balancer or web server url (without the /workflow context)
  OIM:
  XMLConfig -> XMLConfig.DiscoveryConfig -> Discovery
  OimFrontEndUrl -> Load balance or web server url (without the /oim context)
  And ofcourse on your LB or WebServer, you need to configure these:
  SOA: http://docs.oracle.com/cd/E23943_01/core.1111/e10106/ha_soa.htm#CHDDJEGD
  OIM: http://docs.oracle.com/cd/E21764_01/core.1111/e10106/imha.htm#BGBDFEIE
  -Bikash

• Can't start NT service for Directory Server using other acc. than LocalSys.

  Hi!
  I'm using Directory Server 5.1 on a Windows 2000 machine.
  I wrote a Plug-In for DS that needs Administrator Access to the NT Domain. So I tried to run the DS-Service as Administrator but the service can not start. I just keeps in status "starting...".
  I don't get any error message and the errorlog doesn't contain anything.
  Has anyone an idea?
  Thanks!
  Florian

  I forgot to tell one thing: I use SSL, without SSL I do not have this problem. Perhaps it's only the popup I get when starting DS, where I have to enter the certificate password?

• How can I achieve high available solution for directory server

   

  You can start with deploying multi master replication which will give you 2 servers available for writes (and as many read-only consumers as you want).
  You can also install Directory Server in a Cluster (using Sun Cluster) which will provide more failover capabilities.
  If you combine both, you should be able to have almost no downtime.
  You can also use the Directory Proxy Server (aka iDAR) to provide transparent failover for client applications.
  I hope this help.
  Regards,
  Ludovic.