IPlanet Directory Service Integration

Hello all,
I (newbie) need to configure WebLogic 6.1's security Realm using iPlanet Directory
Service (I am using 4.0, but I guess tips for 5.0 should work too).
I have read through the WLS administration guide (http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html)
and ran through the steps. I think what I am missing is what users and groups do
I need to create in iPlanet Directory Service before the Realm would work.
Any help or pointers would be greatly appreciated!

Hi.
You might have better luck posting this on the security newsgroup.
Regards,
Michael
Paul Lee wrote:
Hello all,
I (newbie) need to configure WebLogic 6.1's security Realm using iPlanet Directory
Service (I am using 4.0, but I guess tips for 5.0 should work too).
I have read through the WLS administration guide (http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html)
and ran through the steps. I think what I am missing is what users and groups do
I need to create in iPlanet Directory Service before the Realm would work.
Any help or pointers would be greatly appreciated!--
Michael Young
Developer Relations Engineer
BEA Support

Similar Messages

What is the architecture of iplanet Directory Server Integration Edition tool?

hi,
There is no separate architecture for iDSIE.
iPlanet Directory Server Integration Edition is an integrated solution that provides meta-directory services combined with secure, highly available directory services.Further details visit this link
http://docs.iplanet.com/docs/manuals/dsie/50/intro/dsie-ina.htm#15695

Directory service integration - get no mapping working

Hello,
We are running SGD 4.3 and are using UNIX and LDAP login profiles. Login
works fine (I can see LDAP address of the users in the detailed info page).
But we do not get the Directory service integration working. Up till now I was
thinking that this is due to wrong mappings on either SDG or/and our LDAP
server. But now I added a filter to show the webtop server content mappings
(server/webtop) and find the following discrepancy:
Log file for server/webtop/moreinfo says:
2007/01/24 17:36:49.946 (pid 21954) server/webtop/moreinfo #1169656609946
The LDAP Webtop generator did not match the following apps
user: uid=ttfguest,ou=People,ou=ttf,dc=desy,dc=de
o=organization/cn=ddd but I do see the application named "ddd" (for which I limited the visibility via DSI to
certain groups) on ttfguest webtop.
Do I completely misunderstood something here - or is there some error in our
configuration/setup whatsoever?
Any help/tip is greatly welcome!

This I do not understand. To be more precise:
We allow two login profiles:
UNIX profile
LDAP profile
Even if I remove all links from the UNIX profile, the users still see the ddd application.
For the ddd application I constrained the visibility via DSI to certain LDAP users. This
seems really to work (for me understanding) judging from the log message (see my
first entry).
So to my understanding nothing is overriding the constrain from the DSI but still the
application is visible to all users.
I up till now did not manage to get any application hidden by use of DSI (even
though the logs give exactly what I expect - which makes me believe that the LDAP
interoperability is fine like this).
My general impression is that something still overrides all DSI constrains!?
So still any tip/help would be very welcome!

Can any boby send me a snippet of code telling mw how to "store serialized java object in iplanet directory services

You will find everything you need to know including code samples in the JNDI Tutorial :
http://java.sun.com/products/jndi/tutorial/objects/index.html
Regards,
Ludovic.

Meeting Place 8.5.3.4 - Change Directory Service Configuration

Hi Support Community
We have 3 CUCM clusters version 8.6.2
We have 1 Meeting Place 8.5.3.4 cluster with a primary and standby server
Meeting Place has directory service integration with 1 of the CUCM clusters and performs all user sync and authentication via AXL / LDAP
We now need to change the Meeting Place configuration for AXL server, used for authentication and sync, to another CUCM cluster, this will use exactly the same LDAP search base so all users and details will remain the same in CUCM and therefore we want nothing to change in Meeting Place so all users should remain the same with the same configuration and all meetings should remain the same.
It looks straight forward to change the AXL URL but then we discovered the below from the Meeting Place configuration guide :
" user updates, imports, and deletions are not supported from a redundant Cisco Unified Communications Manager, even if it is integrated with the same LDAP directory as the primary Cisco Unified Communications Manager. This is because Directory Service user updates are tied to a field that is unique to each Cisco Unified Communications Manager server."
So we need to know how we go about changing the directory service configuration to point to another CUCM cluster for authentication and synchronization whilst keeping Meeting Place users and meetings in the Database unchanged.
Any help will be greatly appreciated.
Thanks, Carl Ratcliffe

Hi Carl,
I've just received a final update. If you want to point your Directory Integration to a different CUCM server that is holding the same user database and runs AXL service, you should be able to just change the AXL URL on MP and point to this new server. After this change is made and saved, we recommend restarting services on MeetingPlace (SSH to the server with mpxadmin account, changing to 'root', and running 'mpx_sys restart' command). Once the services are restarted and system comes back up, go to User Configuration > Directory Service > Directory Service Configuration and perform a Full Sync (make sure that Profile Number setting under Profile Number Configuration section is set to New users only in order to avoid any profile # change if any of the user profiles in CUCM was updated in the meantime)
Please, let me know of any questions you might have.
Thank you.
-Dejan

Storage Integration with Active Directory Services Part 2

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
Having your storage device join Active Directory Services can be relatively straightforward. What do do if the JOIN button fails? This demo goes through a basic checklist from network to server. Demo covers integration between the NSS2000/3000/4000/6000 platform and Microsoft ADS Server 2003.
Part 1 - Network Overview
Part 2 - NSS Configuration
Part 3 - Connecting a share
Part 4 - Server 2003 Administration
Note: Some artistic license was used to make the test environment more easy to illustrate but the principles are the same in a live network.

Hi Angus,
Policy Server does not require a specific LDAP schema. During configuration you simply map the LDAP attributes of your schema to the ones that Policy Server supports (e.g., common name, email address, etc).
If you are configuring Policy Server to use an LDAP, it will use the LDAP to authenticate the user (Policy Server does not store the password itself in this case).
If passwords are stored outside of the LDAP (e.g., in a database), it is possible to write a custom authentication provider to authenticate against this source.
Hope this helps,
-Bill

Storage Integration with Active Directory Services Part 4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
Having your storage device join Active Directory Services can be relatively straightforward. What do do if the JOIN button fails? This demo goes through a basic checklist from network to server. Demo covers integration between the NSS2000/3000/4000/6000 platform and Microsoft ADS Server 2003.
Part 1 - Network Overview
Part 2 - NSS Configuration
Part 3 - Connecting a share
Part 4 - Server 2003 Administration
Note: Some artistic license was used to make the test environment more easy to illustrate but the principles are the same in a live network.

Hi Angus,
Policy Server does not require a specific LDAP schema. During configuration you simply map the LDAP attributes of your schema to the ones that Policy Server supports (e.g., common name, email address, etc).
If you are configuring Policy Server to use an LDAP, it will use the LDAP to authenticate the user (Policy Server does not store the password itself in this case).
If passwords are stored outside of the LDAP (e.g., in a database), it is possible to write a custom authentication provider to authenticate against this source.
Hope this helps,
-Bill

Problem in configuring MS Win2003 AD as a Directory Service

I am trying to configure MS Windows Server 2003 Active Directory as a Directory Service for Sun ONE Web Server 6.1
I have made the following configuration at the Global Settings Page of the Administration Server :
Directory Service ID : default
Host Name : myhost.mydomain.mycountry
Port : 389
Use Secure
Sockets Layer (SSL)
for connections? : No
Base DN : DC=mydomain,DC=mycountry
Bind DN : CN=myuser,CN=Users,DC=mydomain,DC=mycountry
Bind Password : mypassword
Whatever I am trying to do at the Users and Groups Page of the Administration Server I am getting the following message :
An error occurred while contacting the LDAP server.
(Can't connect to the LDAP server)
A connection to the directory server could not be opened. Contact your directory server administrator for assistance.
The user myuser is member of the Administrators Group.
I log on to the Sun ONE Web Server 6.1 as myuser.
I know that Base DN and Bind DN are correct because I use them with Microsoft's LDP Tool. I don't know if the user lacks any privilege (although he is a member of the Administrators) or if I have to configure something else from the Administration Server.
Any help on this problem would be appreciated very much.
Thanks in advance

Hi
Are you able to use ACL (ACE's) in iPlanet after integrating ADS?. userId field is empty. How are you actually using this iPlanet integration with ADS in your application/in your company.?
Thanks!
GV
[email protected]

Error while installing iplanet directory server 5.0

Hi I am trying to install iPlanet directory server 5.0 on my local machine.My computer name doesnot contain any domain name.it is simply like "ERT3210".
While installing Directory server it is asking for the computer name and if i give the computer name without domain it is not accepting.And i am unable to rename my computer name suffixing domain name as it is not contained in any domain..Now How can i give the computer name to install directory server?.Its very urgent for me.It will be great help if any one give reply.

Start/Stop Directory Server and Start/Stop Admin Server are usually present in My Computer/Manage/Services, just start or stop the service.
Assuming the install root directory is %LDAP_ROOT%
You could always create program icons for
1) start/stop dirrectory server
%LDAP_ROOT%\slapd-%COMPUTERNAME%\start-slapd.exe
%LDAP_ROOT%\slapd-%COMPUTERNAME%\stop-slapd.exe
2) start/stop admin server
%LDAP_ROOT%\start-admin.exe
%LDAP_ROOT%\stop-admin.exe
3) SUN ONE Console (iPlanet Console)
%LDAP_ROOT%\startconsole.exe
Gary

Active Directory Services Can't Connect to Domain

I removed Active Directory services form a server running 2012. I then went to reinstall and reconfigure it, but I keep running into issues. When I launch active directory admin center it gives me an error that it can't connect to any domain, and I can't
make any changes. The local server has already been promoted to the domain controller. Here is the output from dcdiag:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = ACSSVR
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ACSSVR
Starting test: Connectivity
......................... ACSSVR passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ACSSVR
Starting test: Advertising
Fatal Error:DsGetDcName (ACSSVR) call failed, error 1355
The Locator could not find the server.
......................... ACSSVR failed test Advertising
Starting test: FrsEvent
......................... ACSSVR passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ACSSVR failed test DFSREvent
Starting test: SysVolCheck
......................... ACSSVR passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 03/02/2015 12:00:00
Event String:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification)
and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
A warning event occurred. EventID: 0x80000734
Time Generated: 03/02/2015 12:00:37
Event String:
The local domain controller could not connect with the following domain controller hosting the following directory partition to resolve distinguished names.
......................... ACSSVR passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ACSSVR passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ACSSVR passed test MachineAccount
Starting test: NCSecDesc
......................... ACSSVR passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\ACSSVR\netlogon)
[ACSSVR] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... ACSSVR failed test NetLogons
Starting test: ObjectsReplicated
......................... ACSSVR passed test ObjectsReplicated
Starting test: Replications
......................... ACSSVR passed test Replications
Starting test: RidManager
......................... ACSSVR passed test RidManager
Starting test: Services
......................... ACSSVR passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/02/2015 11:21:34
Event String:
Name resolution for the name teredo.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000727A5
Time Generated: 03/02/2015 11:21:58
Event String:
The WinRM service is not listening for WS-Management requests.
An error event occurred. EventID: 0xC0001B58
Time Generated: 03/02/2015 11:26:01
Event String:
The Vstor2 Virtual Storage Driver service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 03/02/2015 11:26:01
Event String:
The Vstor2 MntApi 2.0 Driver (shared) service failed to start due to the following error:
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/02/2015 11:26:16
Event String:
Name resolution for the name teredo.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0x0000002E
Time Generated: 03/02/2015 11:34:32
Event String:
The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
An error event occurred. EventID: 0xC0001B6F
Time Generated: 03/02/2015 11:34:32
Event String:
The Windows Time service terminated with the following error:
A warning event occurred. EventID: 0x000727A5
Time Generated: 03/02/2015 11:35:01
Event String:
The WinRM service is not listening for WS-Management requests.
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/02/2015 11:39:08
Event String:
Name resolution for the name _ldap._tcp.dc._msdcs.ACS.local. timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0xC0001B58
Time Generated: 03/02/2015 11:39:27
Event String:
The Vstor2 Virtual Storage Driver service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 03/02/2015 11:39:27
Event String:
The Vstor2 MntApi 2.0 Driver (shared) service failed to start due to the following error:
A warning event occurred. EventID: 0x000727AA
Time Generated: 03/02/2015 11:39:40
Event String:
The WinRM service failed to create the following SPNs: WSMAN/ACSSVR.ACS.local; WSMAN/ACSSVR.
A warning event occurred. EventID: 0x0000000C
Time Generated: 03/02/2015 11:39:39
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in
the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the
authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
A warning event occurred. EventID: 0xC000042B
Time Generated: 03/02/2015 11:42:01
Event String:
The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
An error event occurred. EventID: 0x00000469
Time Generated: 03/02/2015 11:44:31
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00000469
Time Generated: 03/02/2015 11:45:05
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x0000168F
Time Generated: 03/02/2015 11:55:22
Event String:
The dynamic deletion of the DNS record 'ACS.acsolutionsinc.net. 600 IN A 192.168.56.1' failed on the following DNS server:
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/02/2015 11:55:22
Event String:
Name resolution for the name acsolutionsinc.net timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0x0000168F
Time Generated: 03/02/2015 11:55:47
Event String:
The dynamic deletion of the DNS record '_ldap._tcp.ACS.acsolutionsinc.net. 600 IN SRV 0 100 389 ACSSVR.ACS.acsolutionsinc.net.' failed on the following DNS server:
A warning event occurred. EventID: 0x000727A5
Time Generated: 03/02/2015 11:55:53
Event String:
The WinRM service is not listening for WS-Management requests.
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/02/2015 11:55:53
Event String:
Name resolution for the name _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ACS.local. timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/02/2015 11:59:53
Event String:
Name resolution for the name _ldap._tcp.dc._msdcs.ACS.local. timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0xC0001B58
Time Generated: 03/02/2015 12:00:13
Event String:
The Vstor2 Virtual Storage Driver service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 03/02/2015 12:00:13
Event String:
The Vstor2 MntApi 2.0 Driver (shared) service failed to start due to the following error:
A warning event occurred. EventID: 0x000727AA
Time Generated: 03/02/2015 12:00:25
Event String:
The WinRM service failed to create the following SPNs: WSMAN/ACSSVR.ACS.local; WSMAN/ACSSVR.
A warning event occurred. EventID: 0x0000000C
Time Generated: 03/02/2015 12:00:25
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in
the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the
authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
A warning event occurred. EventID: 0xC000042B
Time Generated: 03/02/2015 12:02:47
Event String:
The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
An error event occurred. EventID: 0x00000469
Time Generated: 03/02/2015 12:05:17
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00000469
Time Generated: 03/02/2015 12:05:17
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
......................... ACSSVR failed test SystemLog
Starting test: VerifyReferences
......................... ACSSVR passed test VerifyReferences
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ACS
Starting test: CheckSDRefDom
......................... ACS passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ACS passed test CrossRefValidation
Running enterprise tests on : ACS.local
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... ACS.local failed test LocatorCheck
Starting test: Intersite
......................... ACS.local passed test Intersite
I've been trying to debug errors one at a time, but I'm having a hard time finding any information that pertains to this issue as a whole. Anything you can tell me about this would be great, thank you for reading.

It was the only server in the network, the only dc in the old forest. When I re-installed ad ds I gave the new forest different name, but I guess the old settings are still in the system somewhere conflicting with the new setup? Is there a way to
purge the old setup entirely and start over with ad ds, or am I going to have to re-install the whole OS? Thanks again for the help.
Honestly, the best way to handle this is to rebuild the server. There are many things that are "left behind" when you remove the Domain / Forest from a Domain Controller. In fact many articles will say after using ADMT (active directory migration
tool) you should decommission the original Domain Controller (aka reinstall the OS).
While you could spend more time trying to get that domain controller working, it absolutely is going to be 1) More reliable 2) faster to reinstall the OS on the old domain controller. If you are still leveraging storage, or services on that domain controller,
you will want to back them up, or have a transition plan before reinstalling everything on the server. I have a feeling if you choose to keep troubleshooting this, you will run into more issues down the road.
Entrepreneur, Strategic Technical Advisor, and Sr. Consulting Engineer - Strategic Services and Solutions Check out my book - Powershell 3.0 - WMI: http://amzn.to/1BnjOmo | Mastering PowerShell Coming in April 2015!

Internal vs. external directory services best practices

Hello everyone,
We have two distinct directory services here where I work, one that supports 'internal' needs, and one that is used for external clients, the people who use our web-facing applications. We are limited by the separation of the directory services. E.g., our internal users cannot use the external directory service to look up email addresses.
I have been asked to look into design options and best practises. Is it common to have distinct services like this? Or are those external users usually part of the same service as the internal users? Is my online banking account information in the same directory service (assuming it is in a directory service at all) as the employees at my bank? Does it make sense to run separate services like this? What are some alternatives?
Part of the integration problem is AD vs. Sun Directory Server. The external service is in Sun Directory Server and predates AD. The AD service is obviously here for the Windows environment. Some organizations I have worked with in the past used Sun LDAP as the authoritative source of data, and synced in one way or another into AD.
Any feedback is appreciated,
Mark

No, what I am looking for is architectural input regarding the use of AD and a separate LDAP server. In my case I am talking about AD and the SJS Directory Server, but this would apply to any environment that has AD plus some other LDAP server.
I need to be able to reasonably answer the general question: Why should we keep the SJS Directory Server, when we could just put all our LDAP data into AD?
I also need to answer the more specific question: Given our LDAP data is external users only (customer, partners), does it make sense to keep them there? Again, why not just put these "external" entities into AD?
I'm not trying to figure out how to get AD and LDAP to work together. I'm trying to figure out why I have two directories, and why I should or should not keep two directories. I've found nothing online dealing with what should be a very common scenario.
Mark

Store Print & File Server on iPlanet Directory Server?

I've a NT 4.0 server which I'm using as both a Print & File Server. Would I be able to use iPlanet Directory Server to do the same thing?
If I can, please explain how? or direct me to where I can know how?
If it can't be done, is there any other way(s) I can do it?
Thanks!

I don't understand. iDS is not a file and print server, it is a user data and user authentication server. Do you want to use iDS for your user authentication for file and print services instead of NT 4 domains? I don't think this is possible. What is possible is using iDS as your primary data store, and using iPlanet Meta Directory to sync changes from iDS to the NT 4 domain.

Installation Error with iPlanet Directory Server 5.1 SP1 and Windows 2000

Hello,
I'm having real trouble getting iPlanet Directory Server installed on a Windows 200 Server machine. Every time I install it, no matter what options I choose, I get this series of popup boxes at the end:
- Setup is unable to store configuration data in the LDAP directory
- Unable to create Administration Server configuration
- Could not authenticate ldap connection, "Unknown error"
- Unable to set ACI in Configuration Directory Server
But searching on this forum, I have found a lot of post. I have tested the different solution proposed :
* Add on the host file the short name and the long name of my machine with it's IP adress
* When the installation process crash, uninstall the software, reboot the machine and then restart the installation
With all this solution, the problem is always here.
Could you help me ?
Boris MANCHETTE

Are you using Terminal Services. iPlanet DS will not install properly over Terminal Services. You have to install from the direct attached console.
Ted

Linux version of iPlanet Directory Server 5.0 planned?

I'm wondering if there are plans to release a Linux version of iPlanet
Directory Server 5.0?
If so, any estimation on when it might be released?
Jon

I asked the same question and was told .....
Subject: Re: iDS 5.0 is officially released
Date: Tue, 15 May 2001 06:00:09 -0600
From: Richard Megginson <[email protected]>
To: [email protected]
All I can say at the moment about Linux support is that we are
currently
evaluating our options.
Peter Allmaker wrote:
Swell. And the Linux version will release when???------------------
Jonathan Eric Miller wrote:
>
I'm wondering if there are plans to release a Linux version of iPlanet
Directory Server 5.0?
If so, any estimation on when it might be released?
Jon--
Peter Allmaker
MCLA Computer Science 413-662-5592
Computer Support Services 413-662-5510

Sun Directory Service Control Center error

Hi Everyone,
I an having some issues when setting up the Sun Directory Service Control Center..
I am deploying on Red Het Enterprise Linux 5.4 and have followed the Sun Directory Server installation guide and am deploying the dscc7.war file on the Sun Java Systems Web Server, after I fillow the steps in the installation guide I deploy the war file to the web server but when I test the connection from the browser I get the following error:, does anyone know what I may have missed??
I have also found that the docs say to add the following to the magnus.conf file in the http server:
type=magnus-internal/parsed-html exts=shtml
However I get the following message from the web server when I restart the instance:
type=magnus-internal/parsed-html directive ignored
Thanks
Mike
An unexpected error occurred while checking the status of Sun Directory Service Control Center.
Show Details
Hide Details
Install Error Code: 3
Stack:
com.sun.directory.common.slapx.AdmCmdErrorException: /opt/sun/dsee7/bin/dsadm info all separator = /opt/sun/dsee7/var/dcc/ads [exitCode=60]
com.sun.directory.common.slapx.AdmCmd.run(AdmCmd.java:94)
com.sun.directory.common.slapx.AdmCmd.run(AdmCmd.java:56)
com.sun.directory.common.slapx.AdmCmd.runInfo(AdmCmd.java:174)
com.sun.directory.common.slapx.SlapxCmd.runInfo(SlapxCmd.java:83)
com.sun.directory.dcc.ads.ADSInstall.getSlapxInfo(ADSInstall.java:450)
com.sun.directory.dcc.ads.ADSInstall.isRunning(ADSInstall.java:384)
com.sun.web.admin.directory.dcc.InitSequenceViewBean.getInstallException(InitSequenceViewBean.java:81)
com.sun.web.admin.directory.dcc.ADSInstallExceptionViewBean.createChild(ADSInstallExceptionViewBean.java:73)
com.iplanet.jato.view.ContainerViewBase.ensureChild(ContainerViewBase.java:187)
com.iplanet.jato.view.ContainerViewBase.getChild(ContainerViewBase.java:541)
com.iplanet.jato.view.ContainerViewBase.beginChildDisplay(ContainerViewBase.java:819)
com.iplanet.jato.taglib.TagBase.fireBeginDisplayEvent(TagBase.java:133)
com.sun.web.ui.taglib.common.CCTagBase.fireBeginDisplayEvent(CCTagBase.java:149)
com.sun.web.ui.taglib.common.CCTagBase.doEndTag(CCTagBase.java:108)
org.apache.jsp.jsp.ADSInstallException_jsp._jspx_meth_cc_text_2(ADSInstallException_jsp.java:363)
org.apache.jsp.jsp.ADSInstallException_jsp._jspx_meth_cc_pagetitle_0(ADSInstallException_jsp.java:204)
org.apache.jsp.jsp.ADSInstallException_jsp._jspx_meth_cc_header_0(ADSInstallException_jsp.java:131)
org.apache.jsp.jsp.ADSInstallException_jsp._jspService(ADSInstallException_jsp.java:71)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:80)
javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:373)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:457)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:351)
javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:792)
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:472)
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:353)
com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
com.sun.web.admin.directory.dcc.DCCViewBean.beginDisplay(DCCViewBean.java:186)
com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
org.apache.jsp.jsp.DCC_jsp._jspService(DCC_jsp.java:60)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:80)
javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:373)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:457)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:351)
javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:792)
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:472)
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:353)
com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
javax.servlet.http.HttpServlet.service(HttpServlet.java:796)
javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
com.sun.web.admin.directory.dcc.solo.DCCSoloSessionManagerFilter.doFilter(DCCSoloSessionManagerFilter.java:151)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)
Edited by: mikejhathaway78 on Jan 27, 2010 1:16 PM

Hi,
I have the same problem, too.
I installed DSEE7 on Solaris 10 SPARC. The installation went smoothly and there was no error occur.
I cd to the folder /opt/SUNWdsee7/bin, login as root user, and the run the command ./dsccsetup initialize.
After that I login Weblogic 10 server console as the weblogic user and installed the dscc7.war file. The installation also went smoothly and no error at all. I got the following error when I tried to open the page http://host:port/dscc7:
An unexpected error occurred while checking the status of Sun Directory Service Control Center.
Show Details
Hide Details
Install Error Code: 3
Stack:
com.sun.directory.common.slapx.AdmCmdErrorException: /opt/SUNWdsee7/bin/dsadm info all separator = /var/opt/SUNWdsee7/dcc/ads [exitCode=60]
com.sun.directory.common.slapx.AdmCmd.run(AdmCmd.java:94)
com.sun.directory.common.slapx.AdmCmd.run(AdmCmd.java:56)
com.sun.directory.common.slapx.AdmCmd.runInfo(AdmCmd.java:174)
com.sun.directory.common.slapx.SlapxCmd.runInfo(SlapxCmd.java:83)
com.sun.directory.dcc.ads.ADSInstall.getSlapxInfo(ADSInstall.java:450)
com.sun.directory.dcc.ads.ADSInstall.isRunning(ADSInstall.java:384)
com.sun.web.admin.directory.dcc.InitSequenceViewBean.getInstallException(InitSequenceViewBean.java:81)
com.sun.web.admin.directory.dcc.ADSInstallExceptionViewBean.createChild(ADSInstallExceptionViewBean.java:73)
com.iplanet.jato.view.ContainerViewBase.ensureChild(ContainerViewBase.java:187)
com.iplanet.jato.view.ContainerViewBase.getChild(ContainerViewBase.java:541)
com.iplanet.jato.view.ContainerViewBase.beginChildDisplay(ContainerViewBase.java:819)
com.iplanet.jato.taglib.TagBase.fireBeginDisplayEvent(TagBase.java:133)
com.sun.web.ui.taglib.common.CCTagBase.fireBeginDisplayEvent(CCTagBase.java:149)
com.sun.web.ui.taglib.common.CCTagBase.doEndTag(CCTagBase.java:108)
jsp_servlet._jsp.__adsinstallexception._jsp__tag8(__adsinstallexception.java:512)
jsp_servlet._jsp.__adsinstallexception._jsp__tag3(__adsinstallexception.java:289)
jsp_servlet._jsp.__adsinstallexception._jsp__tag1(__adsinstallexception.java:189)
jsp_servlet._jsp.__adsinstallexception._jspService(__adsinstallexception.java:129)
weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:502)
weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:251)
com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
com.sun.web.admin.directory.dcc.DCCViewBean.beginDisplay(DCCViewBean.java:186)
com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
jsp_servlet._jsp.__dcc._jspService(__dcc.java:94)
weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:502)
weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:251)
com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
com.sun.web.admin.directory.dcc.solo.DCCSoloSessionManagerFilter.doFilter(DCCSoloSessionManagerFilter.java:151)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
weblogic.security.service.SecurityManager.runAs(Unknown Source)
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
I've tried all the solutions that I found in the Sun forum, but it didn't work. Please help me if you can.
Note: I cannot run the weblogic server as root account.
Many thanks,
Anthony Ton

IPlanet Directory Service Integration

Similar Messages

Maybe you are looking for