How to configure sendmail to use multiple LDAP servers ?
Hi everybody!
I have a sendmail running on Solaris 10 and a LDAP server(192.168.1.9) also running Solaris 10 OS. I have configured the sendmail the following way:
bash-3.00# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=email,dc=reso,dc=ru
NS_LDAP_BINDPASSWD= {NS1}*********************
NS_LDAP_SERVERS= 192.168.1.9
NS_LDAP_SEARCH_BASEDN= dc=email,dc=domain,dc=ru
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_BIND_TIME= 10
I also have another LDAP server (IP 192.168.1.10). It is configured as a replicant of the 192.168.1.9 LDAP server.
The question is how can i configure sendmail to use both LDAP servers ?
The man pages explain how to configure ldapclient to use ONE server and what if want to use two or more? All the settings and the profiles the same.
Thanks in advance =))
Hi!
To add LDAP servers to the Solaris ldapclient, you might use the ldapclient command:
ldapclient manual -v -a defaultServerList="servera.yourdomain.com serverb.yourdomain.com"
But this is only failover, AFAIK the Solaris ldapclient does not perform loadbalancing by itself.
But I am not sure about your sendmail programm. Normally, sendmail has its own configuration
and can be configured to use LDAP e.g. for aliases etc.
Regards!
Rainer
Similar Messages
-
How to configure human workflow using embedded ldap in standalone weblogic
I am trying to use embedded ldap to select users for a human workflow. I have created an application server instance using soa server details but the realm field in human workflow remains empty.
Please let me know what would be right steps.Can you provide more details about the context of where this happens? Are you selecting users in the Organization editor in BPM studio? Is this on 11.1.1.3 or 11.1.1.4?
-
How to Configure the Communication among Multiple OpenMQ Servers
Hi,
My application is distributed across multiple machines available in the LAN.
Components running on one machine can only communicate to OpenMQ server running on same machine.
I want to run OpenMQ server on all the machines where components of my application is running.
I also want a way of communication between all OpenMQ servers so that OpenMQ server exchange messages among them to transfer message to destination component running on any of the machines in the LAN.
How can i configure two OpenMQ servers to communicate each other?
please help with sample configuration or example.
Thanks & regards,
Pawan ModiHi Pawan,
It sounds like you are asking how to configure a cluster of Open Message Queue brokers.
There's a general explanation of broker clusters at
[http://docs.sun.com/app/docs/doc/820-6424/aerdj?a=view|http://docs.sun.com/app/docs/doc/820-6424/aerdj?a=view]
Details of how to configure them are given at
[http://docs.sun.com/app/docs/doc/820-6740/aeohv?a=view|http://docs.sun.com/app/docs/doc/820-6740/aeohv?a=view]
Nigel -
How to configure Firefox to use OpenVPN?
summary: I'm running OpenVPN from a Debian client through a Debian jumpbox/server. After I [start the server, start the client] most IP-based applications (DNS, ping, ssh) seem to work from the client, but client's Firefox cannot connect to http://www.whatismyip.com/ (or any other URI). How to configure Firefox to use the VPN? or otherwise fix the problem? or further debug it?
details:
I have a laptop running debian_version==jessie/sid with Firefox version=33.0 which needs to access a compute cluster. The cluster formerly required only an SSL VPN (enabled by a Firefox plugin) to access, but now has several additional requirements, which I seek to satisfy by running the SSL VPN through a jumpbox running an OpenVPN server. The jumpbox is running a "vanilla" Debian 7.7.
I have been using the laptop successfully for a few years without network problems. Currently I have the laptop connected by wire directly to an ISP-supplied modem/router. With `openvpn` NOT running on the laptop, I see:
* `ifconfig` shows no entry='tun0' (just "the usual" entries for 'eth0', 'lo', 'wlan0'), and shows the expected client IP# bound to 'eth0'.
* I can `ping` my jumpbox/server using its real IP#, but cannot `ping 10.8.0.1`
* I can `ssh` to my jumpbox/server using its real IP#, but cannot `ssh 10.8.0.1`
* `nslookup www.whatismyip.com` gives correct results
* browsing to http://www.whatismyip.com/ shows my client's IP# (as also shown in `ifconfig`)
Both my client/laptop and server/jumpbox setups are quite generic OpenVPN-wise, and are almost exactly as described on the Debian wiki
https://wiki.debian.org/openvpn%20for%20server%20and%20client
me@jumpbox:~$ date ; cat /etc/openvpn/server.conf
Sat Nov 8 16:49:00 EST 2014
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8" # google public DNS
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
me@laptop:~$ date ; cat /etc/openvpn/client1.conf
Sat Nov 8 16:51:31 EST 2014
client
dev tun
proto udp
remote ser.ver.IP.num 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
mute-replay-warnings
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
ns-cert-type server
comp-lzo
verb 3
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
My jumpbox/server firewall is currently set to forward everything, using `iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`:
me@jumpbox:~$ date ; sudo iptables -L
Sat Nov 8 16:42:06 EST 2014
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
After I start `openvpn` on first the server and then the client, I see no OpenVPN errors on either the server or the client:
me@jumpbox:~$ sudo openvpn --script-security 2 --config /etc/openvpn/server.conf &
Sat Nov 8 17:48:25 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Sat Nov 8 17:48:25 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 8 17:48:25 2014 Diffie-Hellman initialized with 1024 bit key
Sat Nov 8 17:48:25 2014 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Nov 8 17:48:25 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Nov 8 17:48:25 2014 ROUTE default_gateway=ser.ver.gate.way
Sat Nov 8 17:48:25 2014 TUN/TAP device tun0 opened
Sat Nov 8 17:48:25 2014 TUN/TAP TX queue length set to 100
Sat Nov 8 17:48:25 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov 8 17:48:25 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sat Nov 8 17:48:25 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Sat Nov 8 17:48:25 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Nov 8 17:48:25 2014 GID set to nogroup
Sat Nov 8 17:48:25 2014 UID set to nobody
Sat Nov 8 17:48:25 2014 UDPv4 link local (bound): [undef]
Sat Nov 8 17:48:25 2014 UDPv4 link remote: [undef]
Sat Nov 8 17:48:25 2014 MULTI: multi_init called, r=256 v=256
Sat Nov 8 17:48:25 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Nov 8 17:48:25 2014 ifconfig_pool_read(), in='TomRoche,10.8.0.4', TODO: IPv6
Sat Nov 8 17:48:25 2014 succeeded -> ifconfig_pool_set()
Sat Nov 8 17:48:25 2014 IFCONFIG POOL LIST
Sat Nov 8 17:48:25 2014 TomRoche,10.8.0.4
Sat Nov 8 17:48:25 2014 Initialization Sequence Completed
me@laptop:~$ sudo openvpn --script-security 2 --config /etc/openvpn/client1.conf &
Sat Nov 8 17:49:12 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 8 17:49:12 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Nov 8 17:49:12 2014 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Nov 8 17:49:12 2014 UDPv4 link local: [undef]
Sat Nov 8 17:49:12 2014 UDPv4 link remote: [AF_INET]jump.box.IP.num:1194
Sat Nov 8 17:49:12 2014 TLS: Initial packet from [AF_INET]jump.box.IP.num:1194, sid=25df7af6 0ece4089
Sat Nov 8 17:49:13 2014 VERIFY OK: depth=1, <my config data/>
Sat Nov 8 17:49:13 2014 VERIFY OK: nsCertType=SERVER
Sat Nov 8 17:49:13 2014 VERIFY OK: depth=0, <my config data/>
Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 8 17:49:14 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Nov 8 17:49:14 2014 [TomRoche] Peer Connection Initiated with [AF_INET]jump.box.IP.num:1194
Sat Nov 8 17:49:16 2014 SENT CONTROL [TomRoche]: 'PUSH_REQUEST' (status=1)
Sat Nov 8 17:49:16 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: route options modified
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Nov 8 17:49:16 2014 ROUTE_GATEWAY lap.top.gate.way/255.255.255.0 IFACE=eth0 HWADDR=la:pt:op:MAC:ad:dr
Sat Nov 8 17:49:16 2014 TUN/TAP device tun0 opened
Sat Nov 8 17:49:16 2014 TUN/TAP TX queue length set to 100
Sat Nov 8 17:49:16 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov 8 17:49:16 2014 /sbin/ip link set dev tun0 up mtu 1500
Sat Nov 8 17:49:16 2014 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Sat Nov 8 17:49:16 2014 /etc/openvpn/update-resolv-conf tun0 1500 1542 10.8.0.6 10.8.0.5 init
dhcp-option DNS 8.8.8.8
Sat Nov 8 17:49:16 2014 /sbin/ip route add lap.top.IP.num/32 via lap.top.gate.way
Sat Nov 8 17:49:16 2014 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Sat Nov 8 17:49:16 2014 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Sat Nov 8 17:49:16 2014 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Sat Nov 8 17:49:16 2014 GID set to nogroup
Sat Nov 8 17:49:16 2014 UID set to nobody
Sat Nov 8 17:49:16 2014 Initialization Sequence Completed
I then see the following on my client:
* `ifconfig` shows a new entry=`tun0`, which looks correct
* I can `ping` the server using either its real IP# or `10.8.0.1`
* I can `ssh` to the server using either its real IP# or `10.8.0.1`
* `nslookup www.whatismyip.com` gives correct results
... but I get no connection if I open a new instance of Firefox and browse to http://www.whatismyip.com/ :-( "Looking up www.whatismyip.com..." succeeds quickly but the status line continues to display "Connecting to www.whatismyip.com..." until the attempt times out. I also get the same behavior (connection timeout) if I open a new instance of Chrome, or if I browse to http://www.whatismyip.com/ with a Firefox opened prior to starting OpenVPN. FWIW I get the same behavior browsing to any URI, including (e.g.) Google.
This is a major problem for me! For the SSL VPN to work, I need to start a Firefox and run it (since the SSL VPN's vendor only supports it on Linux via a Firefox plugin) to access a particular remote-access website. Furthermore I need the SSL VPN to run through the jumpbox/OpenVPN. (Don't ask, it's a long, sad story ...)
Is there something I must do to configure Firefox to use the VPN? Or is there some other way to fix this?
Alternatively, what should I do to further debug the problem? It just seems odd to me that the other services work (e.g., `nslookup`, `ssh`) but Firefox does not. That being said, both Firefox and Chrome fail in this usecase, so the problem might be generic to web browsers.
your assistance is appreciated, Tom Roche <[email protected]>You're kidding. You have to go through that rigamarole just to put your bookmarks on your own server? Where's the simple FTP option?
Also, the above-linked article has a broken link. The link to the weaveserver (which is what you have to set up on your own server) is no good, and there is no obvious replacement. There are plenty of Weave-related repositories here:
http://hg.mozilla.org/labs
but it's not clear what you need. -
How to configure sap to use gmail as smtp server?
Hi experts,
I need to know how to configure gmail as my smtp server. In the scot transaction I don't see anywhere where to specify whether it is a ssh connection, ports for secure smtp, username, password.
Does anyone know how to configure sap to use gmail as the smtp server?
I've seen some similar threads about this, but they are of no help. Although they are classified as answered, in most cases the reason they are answered is because the person who made the query dropped the cause trying to make it work. I'd like to know for sure is this is possible or not.Hi Camilo,
You can't set up gmail as your smtp server to handle this. gmail is an email server which generally are based on POP protocol. now for SAP to send mail to gmail, you would need one SMTP capable server which can relay those message received from SAP to configured email address.
As of WAS 6.10 SAP kernel supports SMTP without more components. i.e e-mails can be sent (or received) from the SAP system to each SMTP-compatible mail server. see SAP note 455140 for more details.
Hope this clarifies your doubt.
http://en.wikipedia.org/wiki/SMTP_server
Regards,
Debasis. -
How to configure router to use ip pool on the aaa server for vpn clients
how to configure router to use ip pool on the aaa server for vpn clients . i want to use vpn clients to connect to the router. authenticate using the aaa server username databse and also use the ip pool cretaed on the aaa server. i am not able to find the command on the router pointing to use the pool created on the aaa server. can u some one help me with this command.
sebastanHello Sebastan,
what do you use as AAA server (e.g. ACS with TACACS+ or RADIUS) ?
Regards,
GNT -
Multiple LDAP Servers in Fusion Middleware (OBIEE 11g)
Hello,
I have a question, regarding integration of multiple LDAP servers with single Weblogic Server of Fusion Middleware (OBIEE 11g). We are currently using OBIEE 10g. We are on verge of migrating to 11g. However, I have a question regarding the LDAP server.
Our two applications run on two distinct LDAP servers. The plan is to provide a single sign on link for OBIEE 11g reports to the end users and depending on what application they are using, they must be authenticated against the respective LDAP server.
So, my question, is it possible to Integrate two different LDAP servers in the Weblogic of Fusion Middleware (OBIEE 11g). If so, what would be the steps. Any helpful document will also be appreciated.
Thank you,
Chandu.Yes, you can configure multiple authentication providers one by one as you generally do.
When you configure multiple Authentication providers, use the JAAS Control Flag for each provider to control how the Authentication providers are used in the login sequence. You can set the JAAS Control Flag in the WebLogic Administration Console.
REQUIRED—The Authentication provider is always called, and the user must always pass its authentication test. If authentication succeeds or fails, authentication still continues down the list of providers.
REQUISITE—The user is required to pass the authentication test of the Authentication provider. If the user passes the authentication test of this Authentication provider, subsequent providers are executed but can fail (except for Authentication providers with the JAAS Control Flag set to REQUIRED).
SUFFICIENT—The user is not required to pass the authentication test of the Authentication provider. If authentication succeeds, no subsequent Authentication providers are executed. If authentication fails, authentication continues down the list of providers.
OPTIONAL—The user is allowed to pass or fail the authentication test of this Authentication provider. However, if all Authentication providers configured in a security realm have the JAAS Control Flag set to OPTIONAL, the user must pass the authentication test of one of the configured providers.
refer - http://docs.oracle.com/cd/E13222_01/wls/docs92/secmanage/atn.html
Regards
Mukesh Negi
http://weblogicserveradministration.blogspot.in/ -
Cisco ACS 5.2 authentication against multiple LDAP servers
Hi Folks,
I have a wireless network that uses ACS 5.2 to handle authentication. The ACS is integrated with an Active Directory LDAP server (my_ldap) and is working correctly at the moment. The authentication flow looks like this:
- User tries to associate to WLAN
- Authentication request is sent to ACS
- Service selection rule chooses an access-policy (wireless_access_policy)
- wireless_access_policy is configured to use my_ldap as identity source.
A sister company is about to move into our offices, and will need access to the same WLAN. Users in the sister company are members of a separate AD domain (sister_company_ldap). I would like to modify the wireless_access_policy so that when it receives an authentication request it will query both my_ldap and sister_company_ldap, and return a passed authentication if either attempt is successful. Is this possible?Assuming you're already authenticating using your AD binding and AD1 as your identity source, you can add a further LDAP server as another identity source and add this to your identity store sequence in your access policy to authenticate against both.
You can also add multiple LDAP servers and add them both to the identity store sequence (if you're not using AD1). -
Integrating BIP with multiple LDAP servers
Hi,
my question is very simple. In Admin->Security Configuration->Security Model section i've setted Security model combobox with LDAP value. Then i've filled all LDAP information field (for example:URL). All works. But in my rpd i 've multiple LDAP servers (multiple URL) and in the form i can insert information about only one LDAP server.
Is it possible configure BIP with multiple LDAP servers?
Thanks
Giancarlo
P.S. I'm using OBIEE 10gHi,
my question is very simple. In Admin->Security Configuration->Security Model section i've setted Security model combobox with LDAP value. Then i've filled all LDAP information field (for example:URL). All works. But in my rpd i 've multiple LDAP servers (multiple URL) and in the form i can insert information about only one LDAP server.
Is it possible configure BIP with multiple LDAP servers?
Thanks
Giancarlo
P.S. I'm using OBIEE 10g -
Multiple LDAP servers on single System
hi,
Would like to know if its a good idea to have multiple LDAP servers running on a single System (Hardware) ..
100,000 user base
We would like to run the old and new LDAP databases on the same server till we phase out the old LDAP database after migrating all applications..
System:
2 x V880 4CPU 8GB RAM --multi-master configuration
4 x V420R 4CPU 8GB RAM -- read only replicasShouldnt be an issue - thats not a particularly large user base and thats some heft y HW. Keep in mind though that they will be on different ports so any software you migrate may eventually need tweaking to the default port when the new takes over.
-
LDAP Authentication Scheme - Multiple LDAP Servers?
How to set up ldap authentication so that multiple ldap servers are available? Scenario: ldap service is replicated through several servers, but does not sit behind a common dns/reverse proxy connection, so applications would list each ldap server and attempt to contact each in order if one or more ldap servers is unreachable.
How to set up ldap authentication so that multiple ldap servers are available? Scenario: ldap service is replicated through several servers, but does not sit behind a common dns/reverse proxy connection, so applications would list each ldap server and attempt to contact each in order if one or more ldap servers is unreachable.
-
Multiple LDAP Servers and Attribute-Based Data Partitioning
Hello
We currently want to implement following szenario on Netweaver 2004s. From the
following SAP Help documentation we want attribute based data partitioning:
http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
The difference to the SAP document is that we want a distribution of attributes over
multiple LDAP servers. So we tried to fit that concept into xml. see attached xml source.
The Portal finds both LDAP Systems but it is NOT that the useres are beeing merged
but they appear as two distict users in the portal UME. If you do a lookup in the portal
usernamagent system you get and see two users.
User1: unique ID = USER.Datasource1.uid
User2: unique ID = USER.Datasource2.uid
Obviously the UME system was not able to merge that information of the two distict
LDAP Systems. MSADS and Lotus Notes.
Hence my questions:
1) is it possible to distribute attributes over multiple ldap data sources
2) any ideas why UME constructs two different users based in Datasource ID's specified in XML
Thanks for any contributions or ideas,
Ulrich Scherb
<?xml version="1.0" encoding="UTF-8"?>
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<privateSection>
</privateSection>
</dataSource>
<dataSource id="NOTES_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="true"
isPrimary="true">
<homeFor/>
<responsibleFor>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user"/>
<attribute name="logonalias"/>
<attribute name="j_password"/>
<attribute name="userid"/>
</nameSpace>
<nameSpace name="com.sap.security.core.authentication">
<attribute name="principal"/>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="firstname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="email"/>
<attribute name="uniquename" populateInitially="true"/>
</nameSpace>
<nameSpace name="$usermapping$">
<attribute name="REFERENCE_SYSTEM_USER"/>
</nameSpace>
</principal>
</responsibleFor>
<attributeMapping>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user">
<physicalAttribute name="uid"/>
</attribute>
<attribute name="logonalias">
<physicalAttribute name="uid"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="unicodepwd"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="*null*"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.authentication">
<attribute name="principal">
<physicalAttribute name="uid"/>
</attribute>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="uid"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="*null*"/>
</attribute>
<attribute name="email">
<physicalAttribute name="mail"/>
</attribute>
</nameSpace>
<nameSpace name="$usermapping$">
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</nameSpace>
</principal>
</attributeMapping>
<privateSection>
<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
<ume.ldap.access.server_name>ldap1</ume.ldap.access.server_name>
<ume.ldap.access.server_port>389</ume.ldap.access.server_port>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.user>xxxxx</ume.ldap.access.user>
<ume.ldap.access.password>xxxxx</ume.ldap.access.password>
<ume.ldap.access.base_path.user>O=SMT_TEST</ume.ldap.access.base_path.user>
<ume.ldap.record_access>TRUE</ume.ldap.record_access>
<ume.ldap.unique_uacc_attribute>uid</ume.ldap.unique_uacc_attribute>
<ume.ldap.unique_user_attribute>uid</ume.ldap.unique_user_attribute>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>person</ume.ldap.access.objectclass.user>
<ume.ldap.access.objectclass.uacc>person</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>uid</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>uid</ume.ldap.access.auxiliary_naming_attribute.uacc>
</privateSection>
</dataSource>
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="true"
isPrimary="true">
<homeFor/>
<responsibleFor>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user"/>
<attribute name="logonalias"/>
<attribute name="j_password"/>
<attribute name="userid"/>
</nameSpace>
<nameSpace name="com.sap.security.core.authentication">
<attribute name="principal"/>
<attribute name="realm"/>
<attribute name="domain"/>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="firstname" populateInitially="true"/>
<attribute name="displayname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="fax"/>
<attribute name="title"/>
<attribute name="department"/>
<attribute name="description"/>
<attribute name="mobile"/>
<attribute name="telephone"/>
<attribute name="streetaddress"/>
<attribute name="uniquename" populateInitially="true"/>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</nameSpace>
<nameSpace name="$usermapping$">
<attribute name="REFERENCE_SYSTEM_USER"/>
</nameSpace>
</principal>
<principal type="group">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="displayname" populateInitially="true"/>
<attribute name="description" populateInitially="true"/>
<attribute name="uniquename"/>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attribute name="dn"/>
</nameSpace>
</principal>
</responsibleFor>
<attributeMapping>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="logonalias">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="unicodepwd"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="*null*"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.authentication">
<attribute name="principal">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="realm">
<physicalAttribute name="*null*"/>
</attribute>
<attribute name="domain">
<physicalAttribute name="*null*"/>
</attribute>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="fax">
<physicalAttribute name="facsimiletelephonenumber"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="*null*"/>
</attribute>
<attribute name="mobile">
<physicalAttribute name="mobile"/>
</attribute>
<attribute name="telephone">
<physicalAttribute name="telephonenumber"/>
</attribute>
<attribute name="department">
<physicalAttribute name="ou"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="streetaddress">
<physicalAttribute name="postaladdress"/>
</attribute>
<attribute name="pobox">
<physicalAttribute name="postofficebox"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="memberof"/>
</attribute>
</nameSpace>
<nameSpace name="$usermapping$">
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</nameSpace>
</principal>
<principal type="group">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="uniquename" populateInitially="true">
<physicalAttribute name="cn"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
<physicalAttribute name="member"/>
</attribute>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="memberof"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attribute name="dn">
<physicalAttribute name="*null*"/>
</attribute>
</nameSpace>
</principal>
</attributeMapping>
<privateSection>
<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
<ume.ldap.access.server_name>ldap2</ume.ldap.access.server_name>
<ume.ldap.access.server_port>389</ume.ldap.access.server_port>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.user>yyyyy</ume.ldap.access.user>
<ume.ldap.access.password>yyyyy</ume.ldap.access.password>
<ume.ldap.access.base_path.user>O=SMT_TEST</ume.ldap.access.base_path.user>
<ume.ldap.access.base_path.grup>O=SMT_TEST</ume.ldap.access.base_path.grup>
<ume.ldap.record_access>TRUE</ume.ldap.record_access>
<ume.ldap.unique_uacc_attribute>samaccountname</ume.ldap.unique_uacc_attribute>
<ume.ldap.unique_user_attribute>samaccountname</ume.ldap.unique_user_attribute>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
</privateSection>
</dataSource>
</dataSources>Hi Ulrich,
Hope your problem is resolved. We are using EP7 and SP18. We are doing some study on your first issue. i.e. Distributing a user attribute into multiple LDAPs. Can you please let me know the feasibility? If yes, what are all step do I have to follow? Expecting your valuable answer. Thanks in advance!
Regards,
Kabali -
How to configure qpopper to authenticate against LDAP server
Hi,
This is re-post of my question:
I have directory server 6.0 set up on Solaris 9 system. Also, I have set up Solaris 9 system native LDAP client. The qpopper daemon is running on that client. I have re-compiled the qpopper to use PAM authentication, then 'kill -HUP' inetd. But when I try to connect to qpopper with PAM authentication, I got an error:
-ERR [AUTH] PAM authentication failed for user "nsr": No account present for user (13)
I do have user's account and I am able to retrieve the user's account information by 'ldaplist -l passwd nsr'. I guess it is related pam configuration problem, but I don't know how to configure pam for qpopper. The information provided by qpopper manual is listed below:
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so nullok
use_authtok md5 shadow
session required /lib/security/pam_pwdb.so
Obviously, the example configuration is for Linux. So how I can configure Solaris pam.conf to have qpopper authenticate through pam?
My current pam.conf is listed here also:
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_dial_auth.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth binding pam_unix_auth.so.1 server_policy
rsh auth required pam_ldap.so.1
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1
passwd auth binding pam_passwd_auth.so.1 server_policy
passwd auth required pam_ldap.so.1
cron account required pam_unix_account.so.1
other account requisite pam_roles.so.1
other account binding pam_unix_account.so.1 server_policy
other account required pam_ldap.so.1
other session required pam_unix_session.so.1
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1 server_policy
Thanks,
--xinhuaniAS 6.0 sp4 officially does only support iPlanet Directory Server 5.0 sp1 and 4.13.
For more details visit: http://docs.iplanet.com/docs/manuals/ias/60/sp4/ig/prep.htm#42084
I guess, you can specify the directory server during the time of installation.
Thanks,
Rakesh. -
How to configure sendmail on linux
Hi,
I have to configure sendmail for workflow notifications. I have just done necessary changes in sendmail.mc and generated sendmail.cf. But still i am not able to send mail. Could any one please tell me how sendmail sends mail.
The scenario is:
We aer hosting our domain at smtp.gmail.com. So all the emails have domain @xyz.com. How can i configure sendmail so that i can send mails from my linux server to [email protected]
Do i need to generate any certificates, Is this for free. How do i generate these.
Please help
Regards
Taher
Edited by: user11970143 on Jun 7, 2010 5:06 AMWhat do you mean by having done the necessary sendmail changes?
From what I understand, your question cannot be easily answered without knowing your security or Firewall DMZ requirements. You may have to define a default mail relay gateway on your sendmail server to relay all outgoing messages to a specific relay mail server for forwarding to the Internet.
You may also have to define approprate mail exchange MX records in your DNS.
Perhaps you can use Sendmail's personal mail forwarding. Sendmail allows individual users to define their own forwarding. The user defines personal forwarding in the .forward file in the home directory. Sendmail checks for this file after using the aliases file and before making final delivery to the user. If the .forward file exists, sendmail delivers the mail as directed by that file. For example, say that user oracle has a .forward file in the home directory that contains [email protected] -
How to configure Sendmail mail relay with authentication
Hi,
How to configure send mail relay. Client gave us smtp host,port, username and password. We have a couple of server. If we configure the relay in any one of the server other servers able send mails using relay server. Please help me on this?.Create an IT Resource of Type Mail Server. Give Name as "Email Server.Now populate the values for all the parameter for example Server,username,password and authentication type.
.Go to System Configuration and in Email Server property value give the name of IT resource you created in step1 so the name will be "Email Server".
http://forums.oracle.com/forums/messageview.jspa?messageID=3867506&stqc=true
Maybe you are looking for
-
How Can I Get Wav and Mic Options?
When running Windows XP I had a Soundblaster sound card and when I wanted to brodcast Internet Radio, I went to the sound icon, Recording, and selected Mic to talk or Wav for playing music. On my new computer, I am running Windows 7 Professional. I h
-
How to decide between OWB and ODI?
Having to decide whether to choose Oracle Data Integrator or Oracle Warehouse Builder like tool for creating a dataware house and loading data into it, what should I choose and why? I'm an old pl/sql developer but new on datawarehousing (I've been de
-
TS1436 why i cannot back up my music in itunes?
i been trying to back up my music from itunes and i can't find the link?
-
I am unable to update my iPad or iPhone.
I am unable to update my iPad or iPhone. Message keeps popping up that paypal is not supported on this device. Please update your account information. I have updated my account and it continues to give me the same message. Please help
-
Problem adding Office 365 Preview
Hi all. Just getting started with Siena here. Have a little problem I hope you can help me with. When I try adding the Office 365 Preview data source I just get an error: "Something went wrong :( Check if you have network connectivity or permissions