Integrating Sun Java Directory Server with Sun Java Application Server 7
Hi,
My basic goal is to implement Single Sign On within the network i,e if the user is inside the company's network and tries to access any application, then he should not be required for Username/password again becuase he is in the network.
My question is Is this possible with Sun Java System DIrectory server. If yes how can we integrate Directory Server with Sun Java System Application Server 7 2004Q2.
Please help.
Thanks
Directory Server in itself doesn't provide any kind of SSO functions. Basically it is a high performing data repository accessible via LDAP and DSML. It is, however, a key component used by SSO applications like Access Manager. If your applications are web applications then take a look at Access Manager for your SSO needs.
Regards,
Scott
Similar Messages
-
APEX application integration into Java application
Hello,
I'm working on a new APEX application and I would like to integrate that application into an existing Java application.
The integration should be invisible for the end-users. Our application will have the same look and feel as the Java application.
The existing menu of the Java app will be extended with a new link. This link will then call our application.
Visually I was thinking about using an Iframe to display the content of the APEX application inside the Java generated xHTML.
This is however not the biggest issue.
We are working in a secure context and we thus need to make sure that our APEX application doesn't create a backdoor on the
security mechanism provided by the Java app.
Some options have come to mind, but the one that look best is this:
We keep the java application as the single point of entry for our end-users and make sure that the apex application is "hidden".
We could do this by means of some re-routing code in the java application so that the incomming requests there are send to the correct server (java or apex).
Then we will need to capture the response of the APEX application and place it inside the Java generated xHTML. The combined content is then send to the client.
Or we could place a reverse proxy server that does this for us.
The goal is thus that we can rely on the existing java application to cover the security and the navigation structure.
Any ideas on this ?
How-to's or other options ?
thanks & regards
KarelIn a project I am currently working on we do it using iframes and passsing parameters over a http link.
Denes Kubicek
http://deneskubicek.blogspot.com/
http://www.opal-consulting.de/training
http://apex.oracle.com/pls/otn/f?p=31517:1
------------------------------------------------------------------- -
Integrating a Java application in Forms
Hello,
I've developped a 3-tier Java application and i'd like to make it plugable with a Forms Application.
I searched and read a lot of docs about the iView Interface but I'm asking myself some questions :
What I am supposed to do with my java code ? put it in a jar ? import in Forms ?
I'm using eclipse and isn't used to javaBeans, J2EE, war and so on... I don't know how to get started
thanks for any helpHello,
What do you mean by "plugable" ?
Do you want to handle its methods from the Forms module ?
Look at the Forms FBean internal package that provides built-ins to invoke the public methods stored in your Java program.
All you have to do is to copy the jar file in the /forms/java directory and add the name of this jar file to your archive or jinit_archive tag of the /forms/server/formsweb.cfg file.
Francois -
Integrating two Java application
I need to integrate two Java applications.
Can you recommend any articles or share your experience in this field.
Thanks.Thanks for the response.
Unfortunately database solution is not acceptable, that's why I am looking for Java solution, I was thinking about SOAP or other XML based solutions, but I need more info or maybe a comparison of different solutions, their pros and cons. -
OVD - Integration with Sun Java system Directory Server
Hi All,
I have the following iusse, i'm trying to configure OVD 11.1.1.3 with Sun Java System Directory Server adapter for enterprise user security but when I import Oracle ldif schema file (iPlanetSchema.ldif) I have the following error:
add attributetypes:
+( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckSyntax' EQUALITY integerMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )+
modifying entry cn=schema
ldap_modify: Type or value exists
ldap_modify: additional info: attribute type pwdCheckSyntax: Does not match the OID "1.3.6.1.4.1.42.2.27.8.1.5". Another attribute type is already using the name or OID.
In the default Sun DS schema there is attribute with the same OID:
+../config/schema/00ds6pwp.ldif:+
attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' DESC 'Level of required quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-DS-USE 'internal' SINGLE-VALUE X-ORIGIN 'Password Policy for LDAP Directories Internet Draft' )
Is it possible?
I'm reading the following document:
http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10046/adv_integrate.htm#CACIIIEG
Thanks in advance,
ZaicThank you very much. The name of the file is actually C:\WINDOWS\system32\productregistry.
I renamed that to productregistry BACKUP and I can now install the LDAP. Man, I should have posted this a week and a half ago when I first started having this issue. It would have prevented a few forehead dents from banging my head on the keyboard.
thanks again -
RSA Certificate Manager with Sun Java Directory Server
Has anyone integrated Sun Java Directory Server with RSA Certificate Manager
we have the Key Managment System in our DSEE 6.3 through a proxy. We had to enable some OIDs for it to work.
-
Sun java DIRECTORY SERVER 6.0 WITH SUN OPENSSO 8
Hi all,
I have install the sun java directory server 6.0.
Now I have install the sun openssl ( I could had installed the sun java access manager but i wanna use the sun opensso 8 for SSO).
when created the directory i.e. by using command from directory preparation tool, the directory server stop starting.
It do not start and is asking me the error as follows,
bash-3.00# /var/opt/SUNWdsee/dsins1/start-slapd
[20/Feb/2009:14:44:30 +0500] - ERROR<4131> - Bootstrap config - conn=-1 op=-1 msgId=-1 - System error The entry cn=schema in file /var/opt/SUNWdsee/dsins1/config/schema/99user.ldif is invalid (error 20: Type or value exists) - attribute type sunIdentityServerDiscoEntries: Does not match the OID "1.3.6.1.4.1.42.2.27.9.1.821". Another attribute type is already using the name or OID..
[20/Feb/2009:14:44:30 +0500] - ERROR<4129> - Bootstrap config - conn=-1 op=-1 msgId=-1 - Configuration error Please edit the configuration file to correct the reported problems and then restart the server. Server exiting.
Server not running!! Failed to start ns-slapd process.
Note: while preparing the directory (sun java directory preparation tool) I mentioned the schema 2 i.e. ACCESS MANAGER, because sun opensso 8 is the latest version for Sun java access manager ?
Any help??????????????
Regards
AdeelLooks like the attribute sunIdentityServerDiscoEntries is defined twice in the schema. Run the following and see where it is defined for the second time.
# cd /var/opt/SUNWdsee/dsins1/config/schema
# grep -w sunIdentityServerDiscoEntries *.ldif | grep -iv objectclasses
Edited by: etst123 on Mar 3, 2009 1:28 PM -
Using Linux/Red Hat/Intel for Sun ONE/Java Directory Server
Anybody have any experience of this? We're looking to get off AIX, and Total Cost of Ownership for using Solaris/Sparc versus Linux/Intel is very similar.
The decider will be if no-one is using Linux as a platform for Sun ONE/Java Directory Server....
Any feedback would be appreciated....We run Directory 5.1 in production on Solaris/Sparc, but I've tried it with sucess on Red Hat 7.2 on Intel. We have not been able to get it to work on Red Hat Enterprise 2.1 or 3.0. The main problem has been that the administration server fails on startup. Obvious the lack of support for the latest enterprise class Linux is a huge drawback. At this point I've decided to stay on Solaris/Sparc until Red Hat comes out with its own release of Netscape's Directory. When that happens we're going to evaluate whether to move the whole environment to Red Hat. The Sun and Netscape servers are almost identical in terms of features and performance, but having an open source version that can run on less expensive hardware would be a terrific win for us.
-
Can JRE for Sun One Java Directory Server 5.2 be upgraded to JRE 6.0 Update
I am trying to upgrade jre installed with Sun One Java DS 5.2 from 1.5.0 to JRE 6.0 Updat 16. Is this possible?
I never received any feedback on my question.
I am attempting to upgrade our JRE version (installed with Sun One Directory Sever 5.2) from 1.4 to 1.6. I've installed JRE 1.6 Update 16 and set the JAVA_HOME environment variable to d:\programs\java\jre6 and don't know how to configure the directory server to run the 1.6 java version. Any help would be greatly appreciated.
Edited by: CDRA on Feb 2, 2010 6:17 PM -
Sun Java Directory Server 5.2 x86 download
I'm trying to find a copy of the x86 version of the Sun Java Directory Server compressed archive for Solaris. I'm trying to build out a test system for some old software, and I only have a copy of the Sparc version of ldap. I've tried using the current DSEE version available on the Oracle e-delivery cloud, but the software is too old to work with it...it needs the 5.2 version, specifically. Is anyone aware of where I can find a copy?
Thanks for any assistance.Nope
This is part of the Oracle Lifetime Support policy:
http://www.oracle.com/us/support/lifetime-support/index.html
'OLD' products can/may still be supported under *SPECIAL* support contracts. So if you're entitled to its support, you can access it. Otherwise, I'm afraid the answer is no.
HTH,
Marco -
Sun Java System Directory Server 5.2
Hi,
We were informed by a third party that we can download Sun Java System Directory Server 5.2 SP 1 from the Sun downloads area. However, we couldn't find 5.2 Service Pack 1. We did find that Directory Server 5 2005Q4 (5.2 patch 4) is the only one available for download.
Is 5.2 patch 4 equivalent to 5.2 Service Pack 4?
Is there such thing as Directory Server 5.2 Service Pack 1?
We saw that 5.1 had multiple Service Packs available for download, will the 5.2 Service Packs be made available for downloading?
Cheers,
CateSun has changed the terminology for micro releases from Service Packs (5.1 release) to patched versions (5.2 release).
Therefore Directory Server 5.2 patch4 is the latest update of Directory Server 5.2 release (would have been called Service Pack with the former terminology).
Only the most recent version is available for download from the Sun Downloads site..
But we've never released 5.2patch1, as far as I remember. -
Synchronization between AD and Sun Java Directory Server
I would like to build an environment as below, kindly let me know whether it is possible or not.
My Enterprise Directory is Active Directory and i have Policy Server which directs the sso users to get authenticated with that server. I would like to synchronize the user data from Active Directory to Sun Java Directory Server (existing version is 5.2 Service Pack 4) including the passwords and i would like to know with which hashing algorithm these passwords are stored in the sun directory server. Because i want to synchronize the same attributes from sun java directory server to Oracle Internet Directory and is it possible to get my sso users to get authenticated at OID even?
Kindly let me know whether this approach is feasible or not?
Any suggestion to this approach is greatly appreciated...
Thanks in advance...
Regards,
Kishore Repakula.i would like to know with which hashing algorithm these
passwords are stored in the sun directory server.Like most other directory servers, SunDS offers a few choices here.
The most secure is SSHA, which you'd probably want to use unless you have apps with dependencies on other hashes (e.g., CRYPT for backward compatibility with UNIX password field).
I would like to synchronize the user data from Active Directory
to Sun Java Directory Server (existing version is 5.2
Service Pack 4) including the passwords...Sun has a "Identity Synchronization for Windows" product which might work for you.
http://www.sun.com/software/products/directory_srvr_ee/identity_synch/
Unfortunately, the big trick with AD passwords is that they are stored in a proprietary one-way hash, so you can't just sync them directly over to another directory. Likewise, you can't import password hashes from other sources into AD and expect them to work. -
Sun java directory server and Active Directory
We are using two different directory servers Sun java directory server and active directory.
My question is how we can have password synchronization between these two directory servers.
I have checked Sun Java[TM] System Identity Synchronization for Windows 1 2004Q3
http://www.sun.com/download/products.xml?id=41537425
It seems that it's supported platforms is only for solaris and windows , but I have installed my Sun java directory server on linux and obviously it doesn't work for me.
I would be grateful if anyone can suggest a solution to work around this situation.
I have checked identity manager , I would like to know that if I can do this using this product.
http://www.sun.com/software/products/identity_mgr/specs.jsp
--regards.
SaraYes RHEL 4 is a supported OS with DSEE 6.0.
Identity Synchronization for Windows is a part of DSEE that allows synchronization of users, passwords and groups between Sun Directory Server and Active Directory bi-directionally without altering the users environments, ie it does not require that users change their current habits.
Identity Manager is a complete identity management solution that is targetting enterprise work flow when it comes to user provisioning and de-provisioning, but also allows to build authentication and password change forms that will provision the passwords to many different systems including Sun Directory Server and Active Directory but also IBM mainframes, legacy applications, databases...
If you are implementing a complete identity management solution, then go with Identity Manager. If you need a lightweight and fast solution for just synchronizing users and passwords between Sun DS and MS AD, Identity Synchronization for Windows should be your choice.
Regards,
Ludovic. -
Sun Java Directory Server Linux RHEL 5 Installation
Hello,
As Linux RHEL ES/AS 5 is not officially listed in the operating system requirements.
Has somebody been succesful in the installation ?
- With which Linux RHEL 5 update.
- Are the package depencies the same (compat-C/C++ libraries)
- Which Edition of Sun Java Directory Server (5.2Q6, 6.0, 6.3) and which packages (Native/ZIP)
Tips would be useful as I have been successful in Linux RHEL 4 update 4 with Sun Java Directory Server 5.x
in the past but customer requirements have changed and I did not find any Information and do not have testing Time.
Thanks,
FabI just installed a consumer replica on CentOS (same thing as RHEL) 5.2 . It's working fine. Here's my kickstart file so that you can see what packages I installed:
# Kickstart file automatically generated by anaconda.
install
cdrom
lang en_US.UTF-8
keyboard us
xconfig --startxonboot
network --device eth0 --bootproto dhcp
rootpw --iscrypted <removed>
firewall --disabled
authconfig --enableshadow --enablemd5
selinux --disabled
timezone --utc America/Chicago
bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --linux
part /boot --fstype ext3 --size=128 --asprimary
part swap --size=1024 --asprimary
part pv.100000 --size=100 --grow
volgroup vgmain --pesize=32768 pv.100000
logvol /var --fstype ext3 --name=varlv --vgname=vgmain --size=512
logvol /var/log --fstype ext3 --name=varloglv --vgname=vgmain --size=512
logvol /usr --fstype ext3 --name=usrlv --vgname=vgmain --size=3072
logvol /usr/local --fstype ext3 --name=usrlocallv --vgname=vgmain --size=4096
logvol / --fstype ext3 --name=rootlv --vgname=vgmain --size=512
logvol /home --fstype ext3 --name=homelv --vgname=vgmain --size=1024
logvol /tmp --fstype ext3 --name=tmplv --vgname=vgmain --size=512
%packages
@development-libs
@editors
@system-tools
@text-internet
@legacy-network-server
@gnome-desktop
@core
@base
@legacy-software-development
@base-x
@web-server
@smb-server
@server-cfg
@admin-tools
@development-tools
@graphical-internet
audit
net-snmp-utils
lynx
kexec-tools
device-mapper-multipath
xorg-x11-server-Xnest
xorg-x11-server-Xvfb
system-config-boot
imake
-bluez-hcidump
-bluez-gnome
-slrn
-gnome-user-docs
-gnome-themes
-gedit
-gnome-power-manager
-gnome-backgrounds
-gok
-gnome-audio
-esc
-gnome-user-share
-gimp-print-utils
-desktop-printing
-file-roller
-gnome-screensaver
-gnome-pilot
-krb5-workstation
-ipsec-tools
-sysreport
-irda-utils
-bluez-utils
-synaptics
-krb5-auth-dialog
-linuxwacom
-system-config-nfs
-evolution
-nspluginwrapper
-gnome-themes
-evolution-webcal
-ekiga
-evolution-connectorI installed DSEE 6.3 from the ZIP distribution. -
Sun Java Directory server 6.3.1
Hello,
Anyone with knowledge to configure mail aliases in LDAP especially in Sun java directory server 6.x? I have already created the container ou=aliases
The problem is i get the below error when I install LDAP client on a server:
+Apr 23 18:32:00 Server1 sendmail[10032]: [ID 801593 mail.crit] n3NHW0HC010032: SYSERR(root): ldap_init/ldap_bind failed to localhost in map aliases.ldap: Can't connect to the LDAP server+
I found that I dont have aliases not configured in LDAP, the mail host sits on a different server. Other than this my client works perfectly over SSL
Thanks in advance
sysSys
SOrry but this looks to me like you have serveral problems. Most of them are Sendmail related. Maybe it would be a better idea to ask in a sendmail forum instead of a Directory server forum. Since you have not posted any configs I can not more than speculate. Here are my guesses:
Apr 29 11:58:21 server1 sendmail[3138]: [ID 801593 mail.info] n3TAwKaC003138: n3TAwKaD003138: return to sender: Host unknown (Name server: mailhost.xxxx.com: host not found)if mailhost.xxxx.com is an existing host then I guess you have a problem with DNS resolution. Are you able to resolve hosts other than those related to this case or infrastructure (eg. can you resolve www.google.com)? If not then you should have a look at /etc/resolv.conf. There shold be a series of nameserver lines followed by the IP-Addresses of the nameservers (Important: IPs . not names). Another source of error could be found in the "hosts:" line in /etc/nsswitch.conf (it ususally reads "hosts: files dns").
Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.crit] n3TB4Muk003218: SYSERR(root): ldap_init/ldap_bind failed to localhost in map aliases.ldap: Can't connect to the LDAP serverNow this means your sendmail is trying to connect to an LDAP Directory on the same host to resolve aliases. If the port is correct you might find in the <instance_root>/logs/access file further details about what the sendmail server tried and why it failed. If there is no entry in the access log this would mean that there is no LDAP-Server listening on the port sendmail connects to. Fact is that somewhere you "told" sendmail to connect to the ldap server and it is failing to do so.
Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.alert] n3TB4Muk003219: Losing ./qfn3TB4Muk003219: savemail panic
Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.crit] n3TB4Muk003219: SYSERR(root): savemail: cannot save rejected email anywhereNow this errormessage is normal if alias resolution does not work. An errormessage would be generated which is sent by the user MAILER-DEAMON. In sendmail default config MAILER-DEAMON is an alias for postmaster which is again an alias for root. But if teher is no aliases there is no "account" MAILER-DEAMON. This errormessage will most likely disapear as soon as you resolved the alias issue.
So much for the errormessages. Unfortunately you are not very specific on your environment. I try to guess what I have understood and try to formulate queries which might help you to find the problem.
- There is a host A running solaris 10 and an Sun Directory Server 6.3.1
-- On what port is the server listening and what information can you get at its current configuration with an anonymous bind (eg. ldapsearch without username or password)
-- You have setup a suffix on this server and created an ou=aliases
-- Have you inserted the standard aliases (such as MAILER-DEAMON or postmaster)?
- There is a host B which is the mailhost.
-- B i trying to connect to localhost (so host B not A) to get informations from an LDAP. Is LDAP running on localhost yes or no? You are not clear on this topic.
-- what did you (or anyone else) do to get the server to obtain aliases from an LDAP (this is not standard config - You need to modify settings to do this)
-- it is definitely a good idea to define a global bunch of settings in confLDAP_DEFAULT_SPEC (especially the options -d -P -b -h should be set in your case most likely)
If these hints do not solve your problems I definitely recommend posting in an sendmail forum and read the sendmail documentation (eg. https://www.sendmail.org/doc/sendmail-current/cf/README). As far as I know LDAP in sendmail is pretty new in std sendmail and you have to expect that documentation on this topic is still poor.
Regards
Martin
Maybe you are looking for
-
How do I get an album from Itunes that I have already downloaded to show the complete album again. After the last update it only shows one song. I tried to re purchase the whole album but it will not let me cause I already purchased it. Pease help
-
Hi everybody. Question. I am using the AFD to record changes to investment data. On First Consolidation the trading partner field is available for input and the validation check is fine. On an activity (any activity other than first consolidations) t
-
"nice" command denied in terminal even as root user
Hello, I am trying to run the "nice" command in terminal as an admin (me): nice -n -19 /Users/Michael/Desktop/Minecraft.app It failed with this error: nice: /Users/Michael/Desktop/Minecraft.app: Permission denied So I logged in a the root user and tr
-
SCOM 2012 Reporting is missing a source
Hi, I have installed the reporting services. When I run a report there is missing a source parameter. The source field is grayed out -> see picture. How can I getting the reporting run?? Greeting Katharina
-
ITunes is extremely slow and I cannot make a secure connection
When I connect to iTunes my computer is extremely slow, and when I try to connect to the iTunes store I get the error message cannot make a secure connection. I have internet access and I have ran the iTunes diagnostics test and all the tests passed