How to enable FIPS on sunone directory server 6.3?

Similar Messages

• How to enable "Starttls" on sun directory server?

  I setup directory server 5.2 on windows XP SP2. using InitialLdapContext of JNDI to connect, the program throws a exception in "StartTlsResponse tls =(StartTlsResponse)ctx.extendedOperation(tldsReq);"
  the exception message:
  javax.naming.CommunicationException: [LDAP: error code 2 - unsupported extended operation]; remaining name ''
       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.extendedOperation(Unknown Source)
       at javax.naming.ldap.InitialLdapContext.extendedOperation(Unknown Source)
       at LDAPtlsDemo.main(LDAPtlsDemo.java:28)
  so i think that the "Starttls" of server is unabled. I have enabled "SSL", and connected ok by using nitialLdapContext of JNDI.
  But I can't find the way to enable "Starttls" via the GUI. Please make some help.

  To enable the TLS Encryption Cipher
  1. Check out the ssl-supported-ciphers property of the server.
  $ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
  $ dsconf get-server-prop -h host -p port ssl-supported-ciphers
    ssl-supported-ciphers :     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    ...Hope this helps,
  -Shankar

• How to create users with i18n characters in SunONE directory server?

  Was trying to create users and groups with i18n characters in SunONE directory server
  1. Started LDAP console using -l option
  2. Chaged the Locale to Japanese
  3. Entered few japanese character as username (meaning internationalization user name)
  4. However, I could not able to type the password using the "soft keyboard" that comes with Japanese Locale
  5. to overcome with #4, for now, I typed english chars as the password
  6. Click OK to save the above username/pwd
  7. It says "netscape.ldap.LDAPException: error result (19); value of attribute "uid" contains extended (8-bit) characters"
  Has anyone ever created i18n user names in SunONE Directory Provider? Please help...

  Hi LostLad,
  Soryy for my ignorance...Could you please be elaborate on how to remove "uid attribute from 7-bit ASCII plugin?
  Thanks in advance..

• First time configuring Sol9 built-in SunONE Directory Server

  Hi!
  I'm using Solaris 9 Sparc and I'm trying to configure the SunONE Directory Server included with Sol9.
  When I type :
  directoryserver startconsole , it asks for :
  UserID
  Password
  Administration URL
  but how can I specify these info if it's a first time configuration ?

  Because I have it on a Netra T1 AC200 without video card and I can't find the Directoryserver binary...

• Change the User ID running the SunOne Directory Server 6.3 on Windows 2003

  Hi Experts,
  I have an install of SunOne Directory Server Enterprise edition 6.3 running on Windows 2003 server. It was installed using the Zip distribution and is running as a user ID in the Active Directory the server is part of. We are trying to change the user ID to a service account (not the current ID which belongs to a person), so that the Sun DS can run as a service within Windows 2003 server. Need help in doing this without having to re-install the Directory server. Has anyone done this and is it possible to do?

  Thank you very much for the insights and the responses sharmy28.
  Appreciate it very much.
  All I had to do was change the setting in this file only:
  Open the file dsee6/cacao_2/etc/cacao/instances/default/private/cacao.properties and change the below line with new id...
  # Define username and groupname for cacao process
  process.username=sunadmin
  process.groupname=sungroup
  As this is Windows 2003 and the installs are all default values, I had to reboot the server for the change to take effect.
  The file dsee6/cacao_2/usr/lib/cacao/lib/tools/scripts/globals.cfg does not exist. However the same file exists under the perl directory as globals.pl and the settings you specified are present there. In our case these were commented out and so I left them as is.
  Thanks once again for your responses which helped me solve the issue we had.
  Thanks.

• JAAS LoginModule for SunOne Directory Server?

  I have a customer who is using SunOne Directory Server for LDAP.
  I have test code that uses the JAAS's com.sun.security.auth.module.JndiLoginModule to do authentication against an OpenLDAP test server.
  The test code won't work at the customer site because they need to use a special userid/pw along with the subject userid/pw in order to do an authentication. I assume this is LDAP v3 stuff, but the customer is unsure. Unfortunately I have no direct access to the customer's LDAP admin folk. Typical bureaucracy stuff.
  The customer was able to write java code that authenticates to his LDAP server using example code from http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html which uses the JNDI API and specifies the access userid/pw using Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS.
  So thats great, however my application uses JAAS, and therfore only indirectly uses JNDI. The JndiLoginModule provided by JAAS does not appear to support the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS parameters.
  A custom JAAS LoginModule could be written which interfaces to the JNDI LDAP stuff, however considering that JAAS and the SunOne Directory server are both Sun products, I thought perhaps SunOne Directory comes with a JAAS compatible LoginModule that my customer does not know about? I've looked at online docs, but haven't found any such thing yet.

  Hey dav,
  Sorry that I am not posting to give you a solution - it is more to ask for some guidance.
  I am implementing a client-server arch system which has a lot of 'privileged' actions to be managed. I have thus succesfully integrated the basics of JAAS in to the system... but I am now desparately looking for away to have client-side policies distributed at runtime from the server.
  I do not want to get involved with any web/application server stuff more than I need to; unfortunately one of the system requirements is for client-server comms to be facilitated by SOAP over HTTP, and thus probably JAX-RPC - but it is no problem. I have a developed a database backed Policy and (JAAS) Config which constitute parts of the server component. Now it is just a case of getting the policy to the client at client start-up and subsequently the configuration forJAAS authentication. The aim is that this data will be transfered once during login, and anytime that the the policy is requested to be refreshed.
  Since reading you post, I'm wondering what services LDAP or JNDI can offer me?
  Also, is JNDI an appropriate option for data persistence? is it better to go with JDO or some other object store abstraction.
  Kind regards,
  Darren B

• How to enable remote connections in SQL Server 2008

  I'm trying to enable remote connections in SQL Server 2008 R2 as described in the following article.  I see the error message at the top of the article. 
  http://blogs.msdn.com/b/walzenbach/archive/2010/04/14/how-to-enable-remote-connections-in-sql-server-2008.aspx
  One step in the article describes how to enable TCP/IP in Configuration Manager.  Specifically it says that
  'SQL Server NETWORK Configuration' should have TCP/IP enabled.
  The issue I've encountered is that my Configuration Manager
  is different than what appears in the article. My Configuration Manager shows the following:
  SQL Server 2005 Services
  SQL Server 2005 Network Configuration (32 bit)
         - Protocols for SQLExpress
  SQL Native Client Configuration (32 bit)
         - Client protocols
         - Aliases
  Note that I see 'SQL Server 2005 Network Configuration'
  rather than that for 2008.  When 'Protocols for SQLExpress'
  is expanded, there is a TCP/IP setting, but it's disabled and I see an
  Access Denied message if I try to enable this. 
  I also see a TCP/IP setting under Client protocols and successfully enabled this.  This uses port 1433 and I configured my firewall to accomodate this port as suggested in the article. 
  I also followed the other steps in the article, but still don't have remote access to SQL Server 2008 R2.  (I can access it from the office.)  I'm wondering if this remote access issue is because SQL Server
  2008 Network Configuration does not appear in Configuration Manager
  and if so, I'm interested in how this might be resolved.  (I'm running Windows 7 - 64 bit.)
  I'd appreciate any ideas on this.  Thanks. 

  Hello,
  Please refer to the following resource.
  http://support.microsoft.com/kb/KbView/914277
  Hope this helps.
  Regards,
  Alberto Morillo
  SQLCoffee.com

• SunOne Directory server on AIX 5.3

  Hello members,
  I have a question for the technical team. I am tasked to install SunOne
  directory server on AIX 5.3.
  We have already installed SunOne on AIX 5.2 and it is proven that it works fine in our live environement however it is not yet tested on AIX 5.3.
  I would like to know if SunOne 5.2 is supported by AIX 5.3 and if I should be aware any potential problems during installation.
  Thanks,
  G.S.

  Hello,
  Thanks Ludovic, I really appreciate info that you have provided.
  I have now managed to install SunOne on AIX 5.3 and tried to create new instance from server group through SUNOne server console GUI.
  But this gives me an error like below:
  createSIE failed for ssDN=test.example.co.uk
  The return code is:155Here is the sieEntry:
  objectclass: netscapeserver,nsDirectoryServer,nsConfig
  Has anybody ever delt with such an error?
  Thanks,
  G

• Regarding sunone directory server

  Hi, i am posting this topic here cos i cudnot find any forum for directory server,
  my query is that do we have any limitaions in group memberships for sunone directory server, kindly reply soon cos its urgent.

  http://forum.java.sun.com/index.jspa?tab=es

• How to validate users with Novell Directory Server

  Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
  Directory Sever?
  Thanks

  Hi
  I believe iAS is designed to work with iDS which is bundled along
  with the SP3 download. Also the directory server which is working with
  iAS must be Nortel LDAP Schema compatible and I'm not sure if NDS(Novell
  Directory Server) is compatible. What I'm trying to understand is if you
  have already registered iAS with NDS and you are having trouble in
  accessing the users or if you are having trouble in the installation.
  Raj
  Josep Maria Camps Riba wrote:
  Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
  Directory Sever?
  Thanks

• SunONE Directory server fails to install on RHEL 3 U6

  Hello
  we are trying to deploy a Sun Directory server 5.2 on a machine that runs RHEL3 Update 6. It comes back with the following error message:
  ERROR : Red Hat Enterprise Linux ES release 3 (Taroon Update 6) is not recognized by idsktune as a supported platform for Sun Java System Directory Server or Directory Proxy Server. Ensure you are running the version of idsktune provided with your product, or you can run idsktune in client mode (-c) if server support is not required
  I know that the product is compatible with RHEL 3 U4, but we are unable to deploy this version of RHEL because of the new hardware of the server.
  Please could anyone advise on how to resolve the problem. Thank you.

  Hi,
  idsktune should not prevent you from installing the product.
  Which version of Directory Server are you trying to install ? What command are you executing ?
  Regards,
  Ludovic

• How to create first instance of directory server (Solaris 9).

  With solaris 9 installation also installs iplanet directory server in "/usr/iplanet/ds5". But there is no instance of the directory server available.
  How can I add the first instcance of the directory server.
  I can not use the admin server as it requires the userid to connect which is not known to me.

  Bharat,
  I have used a script like the following to add a DS instance, though not on Solaris 9. I believe it should work
  #!/bin/sh
  cd /usr/iplanet/ds51/servers/bin/slapd/admin/bin
  ./ds_create -f /setup_scripts/installDataDSD02.inf
  The .inf file is a silent install file which is well documented in the directory server installation documentation.
  Hope this helps
  -Pawan

• Help me, please. Can't Install SunONE Directory Server 5.2 Beta 3 on Solari

  I try to install DS on SUN ULTRA 10 with Solaris 9. We don't use internal DNS server but external one.
  Cannot start console. Always I have an error:
  starting up server ...
  ERROR<38917> -Startup -conn=-1 msgId=-1 - Configuration error Can't find localhost name.
  error:Server not running!! Failed to start ns-slapd process.
  system_errno:2
  Configuration of Directory Server succeededConfiguratin of the admin server Failed
  The configuration is folowing:
  /etc/hosts:
  127.0.0.1 localhost
  192.168.1.105 iplanet iplanet.mydomain.nam
  /etc/resolv.conf:
  search mydomain.nam
  nameserver xxx.xxx.xxx.xxx
  nameserver yyy.yyy.yyy.zzz
  /etc/nsswitch.conf:
  hosts: files dns
  /etc/defaultrouter:
  192.168.1.1
  /etc/hostname.hme0:
  iplanet
  /etc/nodenam:
  iplanet
  /etc/netmasks:
  192.168.1.0 255.255.255.0
  Does anybody knows what's goin on?
  Thanks in advance.
  Marat.

  It is not possible to obtain the Sun ONE Directory Server 5.2 BETA Software. There are various reasons, one is the BETA program has been closed for sometime now. The RR of the Sun ONE Directory Server 5.2 should be available at the end of May.
  Regards
  -Michael
  Sun Microsystems, Inc.

• How to disable nonsecure port in Directory Server 5.2

  We have recently upgraded from Directory Server 5.1 to 5.2. With version 5.1, you could set the non-secure LDAP port to be 0, and that would disable connections to the non-secure port. Version 5.2 doesn't allow you to do this. I tried from the console, and even changed it manually in the dse.ldif file, and neither method worked. Is there any way to disable the non-secure port for Directory Server 5.2?
  Thanks!

  I have found the simplest way is to lock the nonsecure port down to the localhost using
  listenhost: 127.0.0.1
  This means that it won't answer outside queries on that unsecured port, but it still has the advantage of allowing you to use it locally (which can save on the typing a bit).
  Note you can of course set this to any ip or range for example 24.24.*
  This also works for the secure port using securelistenhost: (I think that's the spelling but didn't check.)
  Ward

• How to check installation type of Directory server in 5.2.

  Dear All,
  I have DS 5.2 environment and here i want to know the installation method of the directory server 5.2 (i mean either it is native or ZIP ). Please revert ASAP it will be really helpful for me. Thanks!
  Karthik

  Hello,
  Try the following method:
  ldd ./ns-slapd | grep libnspr | awk '{print $3}'
  If the target file is a symbolic link, you are using a package/native install else this is a zip install.
  example:
  pc1234$ pwd
  /data/test/DS/Patch6/bin/slapd/server/64
  pc1234$ ldd ./ns-slapd | grep libnspr | awk '{print $3}'
  ../../../../lib/64/libnspr4.so
  if [ -h /data/test/DS/Patch6/bin/slapd/server/64/../../../../lib/64/libnspr4.so ]; then
  echo "Symlink. pkg"
  else
  echo "Not a symlink - zip install"
  fi
  Hope this helps
  Sylvain
  Edited by: Sylvain Duloutre on Sep 17, 2012 1:05 PM