Importing LTPA key in Sun Java Directory Server

Similar Messages

• Synchronization between AD and Sun Java Directory Server

  I would like to build an environment as below, kindly let me know whether it is possible or not.
  My Enterprise Directory is Active Directory and i have Policy Server which directs the sso users to get authenticated with that server. I would like to synchronize the user data from Active Directory to Sun Java Directory Server (existing version is 5.2 Service Pack 4) including the passwords and i would like to know with which hashing algorithm these passwords are stored in the sun directory server. Because i want to synchronize the same attributes from sun java directory server to Oracle Internet Directory and is it possible to get my sso users to get authenticated at OID even?
  Kindly let me know whether this approach is feasible or not?
  Any suggestion to this approach is greatly appreciated...
  Thanks in advance...
  Regards,
  Kishore Repakula.

  i would like to know with which hashing algorithm these
  passwords are stored in the sun directory server.Like most other directory servers, SunDS offers a few choices here.
  The most secure is SSHA, which you'd probably want to use unless you have apps with dependencies on other hashes (e.g., CRYPT for backward compatibility with UNIX password field).
  I would like to synchronize the user data from Active Directory
  to Sun Java Directory Server (existing version is 5.2
  Service Pack 4) including the passwords...Sun has a "Identity Synchronization for Windows" product which might work for you.
  http://www.sun.com/software/products/directory_srvr_ee/identity_synch/
  Unfortunately, the big trick with AD passwords is that they are stored in a proprietary one-way hash, so you can't just sync them directly over to another directory. Likewise, you can't import password hashes from other sources into AD and expect them to work.

• RSA Certificate Manager with Sun Java Directory Server

  Has anyone integrated Sun Java Directory Server with RSA Certificate Manager

  we have the Key Managment System in our DSEE 6.3 through a proxy. We had to enable some OIDs for it to work.

• Sun Java Directory server 6.3.1

  Hello,
  Anyone with knowledge to configure mail aliases in LDAP especially in Sun java directory server 6.x? I have already created the container ou=aliases
  The problem is i get the below error when I install LDAP client on a server:
  +Apr 23 18:32:00 Server1 sendmail[10032]: [ID 801593 mail.crit] n3NHW0HC010032: SYSERR(root): ldap_init/ldap_bind failed to localhost in map aliases.ldap: Can't connect to the LDAP server+
  I found that I dont have aliases not configured in LDAP, the mail host sits on a different server. Other than this my client works perfectly over SSL
  Thanks in advance
  sys

  Sys
  SOrry but this looks to me like you have serveral problems. Most of them are Sendmail related. Maybe it would be a better idea to ask in a sendmail forum instead of a Directory server forum. Since you have not posted any configs I can not more than speculate. Here are my guesses:
  Apr 29 11:58:21 server1 sendmail[3138]: [ID 801593 mail.info] n3TAwKaC003138: n3TAwKaD003138: return to sender: Host unknown (Name server: mailhost.xxxx.com: host not found)if mailhost.xxxx.com is an existing host then I guess you have a problem with DNS resolution. Are you able to resolve hosts other than those related to this case or infrastructure (eg. can you resolve www.google.com)? If not then you should have a look at /etc/resolv.conf. There shold be a series of nameserver lines followed by the IP-Addresses of the nameservers (Important: IPs . not names). Another source of error could be found in the "hosts:" line in /etc/nsswitch.conf (it ususally reads "hosts: files dns").
  Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.crit] n3TB4Muk003218: SYSERR(root): ldap_init/ldap_bind failed to localhost in map aliases.ldap: Can't connect to the LDAP serverNow this means your sendmail is trying to connect to an LDAP Directory on the same host to resolve aliases. If the port is correct you might find in the <instance_root>/logs/access file further details about what the sendmail server tried and why it failed. If there is no entry in the access log this would mean that there is no LDAP-Server listening on the port sendmail connects to. Fact is that somewhere you "told" sendmail to connect to the ldap server and it is failing to do so.
  Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.alert] n3TB4Muk003219: Losing ./qfn3TB4Muk003219: savemail panic
  Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.crit] n3TB4Muk003219: SYSERR(root): savemail: cannot save rejected email anywhereNow this errormessage is normal if alias resolution does not work. An errormessage would be generated which is sent by the user MAILER-DEAMON. In sendmail default config MAILER-DEAMON is an alias for postmaster which is again an alias for root. But if teher is no aliases there is no "account" MAILER-DEAMON. This errormessage will most likely disapear as soon as you resolved the alias issue.
  So much for the errormessages. Unfortunately you are not very specific on your environment. I try to guess what I have understood and try to formulate queries which might help you to find the problem.
  - There is a host A running solaris 10 and an Sun Directory Server 6.3.1
  -- On what port is the server listening and what information can you get at its current configuration with an anonymous bind (eg. ldapsearch without username or password)
  -- You have setup a suffix on this server and created an ou=aliases
  -- Have you inserted the standard aliases (such as MAILER-DEAMON or postmaster)?
  - There is a host B which is the mailhost.
  -- B i trying to connect to localhost (so host B not A) to get informations from an LDAP. Is LDAP running on localhost yes or no? You are not clear on this topic.
  -- what did you (or anyone else) do to get the server to obtain aliases from an LDAP (this is not standard config - You need to modify settings to do this)
  -- it is definitely a good idea to define a global bunch of settings in confLDAP_DEFAULT_SPEC (especially the options -d -P -b -h should be set in your case most likely)
  If these hints do not solve your problems I definitely recommend posting in an sendmail forum and read the sendmail documentation (eg. https://www.sendmail.org/doc/sendmail-current/cf/README). As far as I know LDAP in sendmail is pretty new in std sendmail and you have to expect that documentation on this topic is still poor.
  Regards
  Martin

• Sun java DIRECTORY SERVER 6.0 WITH SUN OPENSSO 8

  Hi all,
  I have install the sun java directory server 6.0.
  Now I have install the sun openssl ( I could had installed the sun java access manager but i wanna use the sun opensso 8 for SSO).
  when created the directory i.e. by using command from directory preparation tool, the directory server stop starting.
  It do not start and is asking me the error as follows,
  bash-3.00# /var/opt/SUNWdsee/dsins1/start-slapd
  [20/Feb/2009:14:44:30 +0500] - ERROR<4131> - Bootstrap config - conn=-1 op=-1 msgId=-1 - System error The entry cn=schema in file /var/opt/SUNWdsee/dsins1/config/schema/99user.ldif is invalid (error 20: Type or value exists) - attribute type sunIdentityServerDiscoEntries: Does not match the OID "1.3.6.1.4.1.42.2.27.9.1.821". Another attribute type is already using the name or OID..
  [20/Feb/2009:14:44:30 +0500] - ERROR<4129> - Bootstrap config - conn=-1 op=-1 msgId=-1 - Configuration error Please edit the configuration file to correct the reported problems and then restart the server. Server exiting.
  Server not running!! Failed to start ns-slapd process.
  Note: while preparing the directory (sun java directory preparation tool) I mentioned the schema 2 i.e. ACCESS MANAGER, because sun opensso 8 is the latest version for Sun java access manager ?
  Any help??????????????
  Regards
  Adeel

  Looks like the attribute sunIdentityServerDiscoEntries is defined twice in the schema. Run the following and see where it is defined for the second time.
  # cd /var/opt/SUNWdsee/dsins1/config/schema
  # grep -w sunIdentityServerDiscoEntries *.ldif | grep -iv objectclasses
  Edited by: etst123 on Mar 3, 2009 1:28 PM

• Sun Java Directory Server 5.2 x86 download

  I'm trying to find a copy of the x86 version of the Sun Java Directory Server compressed archive for Solaris.  I'm trying to build out a test system for some old software, and I only have a copy of the Sparc version of ldap.  I've tried using the current DSEE version available on the Oracle e-delivery cloud, but the software is too old to work with it...it needs the 5.2 version, specifically.  Is anyone aware of where I can find a copy?
  Thanks for any assistance.      

  Nope
  This is part of the Oracle Lifetime Support policy:
  http://www.oracle.com/us/support/lifetime-support/index.html
  'OLD' products can/may still be supported under *SPECIAL* support contracts. So if you're entitled to its support, you can access it. Otherwise, I'm afraid the answer is no.
  HTH,
  Marco

• Radius server for Sun Java directory Server?

  I want to know what products does offer Sun for provide a radius server using the Sun Java Directory Server..
  I have only seen Sun Access Manager, but it is a complex/expensive product for use only the radius server
  Regards

  Nope
  This is part of the Oracle Lifetime Support policy:
  http://www.oracle.com/us/support/lifetime-support/index.html
  'OLD' products can/may still be supported under *SPECIAL* support contracts. So if you're entitled to its support, you can access it. Otherwise, I'm afraid the answer is no.
  HTH,
  Marco

• Sun java directory server and Active Directory

  We are using two different directory servers Sun java directory server and active directory.
  My question is how we can have password synchronization between these two directory servers.
  I have checked Sun Java[TM] System Identity Synchronization for Windows 1 2004Q3
  http://www.sun.com/download/products.xml?id=41537425
  It seems that it's supported platforms is only for solaris and windows , but I have installed my Sun java directory server on linux and obviously it doesn't work for me.
  I would be grateful if anyone can suggest a solution to work around this situation.
  I have checked identity manager , I would like to know that if I can do this using this product.
  http://www.sun.com/software/products/identity_mgr/specs.jsp
  --regards.
  Sara

  Yes RHEL 4 is a supported OS with DSEE 6.0.
  Identity Synchronization for Windows is a part of DSEE that allows synchronization of users, passwords and groups between Sun Directory Server and Active Directory bi-directionally without altering the users environments, ie it does not require that users change their current habits.
  Identity Manager is a complete identity management solution that is targetting enterprise work flow when it comes to user provisioning and de-provisioning, but also allows to build authentication and password change forms that will provision the passwords to many different systems including Sun Directory Server and Active Directory but also IBM mainframes, legacy applications, databases...
  If you are implementing a complete identity management solution, then go with Identity Manager. If you need a lightweight and fast solution for just synchronizing users and passwords between Sun DS and MS AD, Identity Synchronization for Windows should be your choice.
  Regards,
  Ludovic.

• Sun Java Directory Server Linux RHEL 5 Installation

  Hello,
  As Linux RHEL ES/AS 5 is not officially listed in the operating system requirements.
  Has somebody been succesful in the installation ?
  - With which Linux RHEL 5 update.
  - Are the package depencies the same (compat-C/C++ libraries)
  - Which Edition of Sun Java Directory Server (5.2Q6, 6.0, 6.3) and which packages (Native/ZIP)
  Tips would be useful as I have been successful in Linux RHEL 4 update 4 with Sun Java Directory Server 5.x
  in the past but customer requirements have changed and I did not find any Information and do not have testing Time.
  Thanks,
  Fab

  I just installed a consumer replica on CentOS (same thing as RHEL) 5.2 . It's working fine. Here's my kickstart file so that you can see what packages I installed:
  # Kickstart file automatically generated by anaconda.
  install
  cdrom
  lang en_US.UTF-8
  keyboard us
  xconfig --startxonboot
  network --device eth0 --bootproto dhcp
  rootpw --iscrypted <removed>
  firewall --disabled
  authconfig --enableshadow --enablemd5
  selinux --disabled
  timezone --utc America/Chicago
  bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
  # The following is the partition information you requested
  # Note that any partitions you deleted are not expressed
  # here so unless you clear all partitions first, this is
  # not guaranteed to work
  clearpart --linux
  part /boot --fstype ext3 --size=128 --asprimary
  part swap --size=1024 --asprimary
  part pv.100000 --size=100 --grow
  volgroup vgmain --pesize=32768 pv.100000
  logvol /var --fstype ext3 --name=varlv --vgname=vgmain --size=512
  logvol /var/log --fstype ext3 --name=varloglv --vgname=vgmain --size=512
  logvol /usr --fstype ext3 --name=usrlv --vgname=vgmain --size=3072
  logvol /usr/local --fstype ext3 --name=usrlocallv --vgname=vgmain --size=4096
  logvol / --fstype ext3 --name=rootlv --vgname=vgmain --size=512
  logvol /home --fstype ext3 --name=homelv --vgname=vgmain --size=1024
  logvol /tmp --fstype ext3 --name=tmplv --vgname=vgmain --size=512
  %packages
  @development-libs
  @editors
  @system-tools
  @text-internet
  @legacy-network-server
  @gnome-desktop
  @core
  @base
  @legacy-software-development
  @base-x
  @web-server
  @smb-server
  @server-cfg
  @admin-tools
  @development-tools
  @graphical-internet
  audit
  net-snmp-utils
  lynx
  kexec-tools
  device-mapper-multipath
  xorg-x11-server-Xnest
  xorg-x11-server-Xvfb
  system-config-boot
  imake
  -bluez-hcidump
  -bluez-gnome
  -slrn
  -gnome-user-docs
  -gnome-themes
  -gedit
  -gnome-power-manager
  -gnome-backgrounds
  -gok
  -gnome-audio
  -esc
  -gnome-user-share
  -gimp-print-utils
  -desktop-printing
  -file-roller
  -gnome-screensaver
  -gnome-pilot
  -krb5-workstation
  -ipsec-tools
  -sysreport
  -irda-utils
  -bluez-utils
  -synaptics
  -krb5-auth-dialog
  -linuxwacom
  -system-config-nfs
  -evolution
  -nspluginwrapper
  -gnome-themes
  -evolution-webcal
  -ekiga
  -evolution-connectorI installed DSEE 6.3 from the ZIP distribution.

• Sun Java Directory Server 6.3 supports nCipher HSM?

  Hi,
  We want to do the replication in Master - Master configuration on SSL. Does anyone has an idea whether it is possible to store the SSL Certificate Keys used for replication in nCipher netHSM.
  If yes, can anyone provide us the URL on how can it be done or how to go about it?
  Thanks and Regards

  Hi,
  Thanks for the reply. The URL that you mentioned has "Sun Java System Web Server" integration with nCipher HSM.
  We have a requirement where we want to do replication between two "Sun Java Directory Servers" on SSL and the keys used are in HSM. We are not using Web Servers in our setup.
  If you have any info on integration with Directory Servers, it would be of great help.
  Thanks and Regards.

• How can I import Openldap schema into sun one directory server?

  Hello All
  I have a schema which was written for openldap, and I want to import this schema into sun directory server. I found that some attribute syntaxes, like "NumericString", are not exist in sun directory server and some attribute definitions are also different. For example, the "internationaliSDNNumber" in sun directory is defined in "IA5String" syntax, but it is "NumericString" in openldap. Is there any effect on querying data from two different ldap server? How can I solve this problem?
  Thank you!

  http://directory.fedora.redhat.com/wiki/Howto:OpenLDAP
  Migration
  GaryThanks! But after I use some of scripts in that page, I got
  "Unknown attribute syntax OID "1.3.6.1.4.1.1466.115.121.1.36"
  It seems those scripts only transform schema file format, not the gap between different type(attribute syntax). Is it possible to import or add new type(attribute syntax) in sun one directory server?
  Thanks.

• Error in installing sun java directory server

  dear ,
  i am trying to install sun java directiry server from sun java enterprise server using command line ( ./installer ), but this error reported to me when i issue the installer command .
  # ./installer
  Error occurred during initialization of VM java/lang/NoClassDefFoundError: java/lang/Object
  Error occurred during initialization of VM
  java/lang/NoClassDefFoundError: java/lang/Object
  Thanks in Advance,
  Basem

  Sorry for the delay in response.
  It could be a patch issue. Have you read http://docs.sun.com/app/docs/doc/820-2210/gduwe?a=view
  Have you checked if the problem exists in Web Server 7.0 update 3 as well?
  Can you send more details like :
  isainfo -v
  file /home/sjws7.0/lib/libadminsecurity.so
  ldd /home/sjws7.0/lib/libadminsecurity.so

• Integrating Sun Java Directory Server with Sun Java Application Server 7

  Hi,
  My basic goal is to implement Single Sign On within the network i,e if the user is inside the company's network and tries to access any application, then he should not be required for Username/password again becuase he is in the network.
  My question is Is this possible with Sun Java System DIrectory server. If yes how can we integrate Directory Server with Sun Java System Application Server 7 2004Q2.
  Please help.
  Thanks

  Directory Server in itself doesn't provide any kind of SSO functions. Basically it is a high performing data repository accessible via LDAP and DSML. It is, however, a key component used by SSO applications like Access Manager. If your applications are web applications then take a look at Access Manager for your SSO needs.
  Regards,
  Scott

• Looking for infos about error code in Sun Java Directory Server 6.3.1.1.1

  Hi,
  I'm using Sun-Java(tm)-System-Directory/6.3.1.1.1 on Solaris 9 with two server configured in multi-master replication
  For a few time I receive those warning in the error logfile :
  [14/May/2012:06:18:40 +0200] - WARNING<5384> - Entry - conn=-1 op=-1 msgId=-1 - Entry error Convert LDIF entry into LDAP entry, fast method. Error: non-contiguous deleted attribute type for "myPasswordRetryCount"in entry dn="uid=nabcdycn, ou=People, dc=example,dc=com"
  [14/May/2012:06:18:40 +0200] - WARNING<5384> - Entry - conn=-1 op=-1 msgId=-1 - Entry error Convert LDIF entry into LDAP entry, fast method. Error: non-contiguous deleted attribute type for "myPasswordRetryCount"in entry dn="uid=nabcdycn, ou=People, dc=example,dc=com"
  [14/May/2012:06:19:11 +0200] - WARNING<5384> - Entry - conn=-1 op=-1 msgId=-1 - Entry error Convert LDIF entry into LDAP entry, fast method. Error: non-contiguous deleted attribute type for "myPasswordRetryCount"in entry dn="uid=nefghzer, ou=People, dc=example,dc=com"
  [14/May/2012:06:19:11 +0200] - WARNING<5384> - Entry - conn=-1 op=-1 msgId=-1 - Entry error Convert LDIF entry into LDAP entry, fast method. Error: non-contiguous deleted attribute type for "myPasswordRetryCount"in entry dn="uid=nefghzer, ou=People, dc=example,dc=com"
  [14/May/2012:06:20:44 +0200] - WARNING<5384> - Entry - conn=-1 op=-1 msgId=-1 - Entry error Convert LDIF entry into LDAP entry, fast method. Error: non-contiguous deleted attribute type for "myPasswordRetryCount"in entry dn="uid=nijklkkh, ou=People, dc=example,dc=com"
  [14/May/2012:06:20:44 +0200] - WARNING<5384> - Entry - conn=-1 op=-1 msgId=-1 - Entry error Convert LDIF entry into LDAP entry, fast method. Error: non-contiguous deleted attribute type for "myPasswordRetryCount"in entry dn="uid=nijklkkh, ou=People, dc=example,dc=com"
  and I would like to know what's going up and what I should do, so in case somebody have some infos about it, I would be very interrested.
  I'm trying to find a way of veryfing fragmentation of the backend, but not sure about this.
  TIA

  Looks like the attribute sunIdentityServerDiscoEntries is defined twice in the schema. Run the following and see where it is defined for the second time.
  # cd /var/opt/SUNWdsee/dsins1/config/schema
  # grep -w sunIdentityServerDiscoEntries *.ldif | grep -iv objectclasses
  Edited by: etst123 on Mar 3, 2009 1:28 PM

• SingleSign on with Sun Java Directory Server

  Hi,
  I wanted to know if there is any way to integrate the sun java server for the Single sign on of the App Server 10g(10.1.3.1.0).
  Any help is appreciated..

  Hi,
  What exactly do you want? If you want SSO for your oc4j containers see see: [http://download-west.oracle.com/docs/cd/B32110_01/web.1013/b28957/javasso.htm#BABDCCGB]
  If you want authentication and authorisation against Sun LDAP you need to configure the separate components of soa suite to use your sun ldap. See [http://download.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/service_config.htm#BABHBEGH] on how to configure e.g. bpel.
  Kind regards,
  Andre