JAAS LoginModule for SunOne Directory Server?

Similar Messages

• Regarding sunone directory server

  Hi, i am posting this topic here cos i cudnot find any forum for directory server,
  my query is that do we have any limitaions in group memberships for sunone directory server, kindly reply soon cos its urgent.

  http://forum.java.sun.com/index.jspa?tab=es

• Change the User ID running the SunOne Directory Server 6.3 on Windows 2003

  Hi Experts,
  I have an install of SunOne Directory Server Enterprise edition 6.3 running on Windows 2003 server. It was installed using the Zip distribution and is running as a user ID in the Active Directory the server is part of. We are trying to change the user ID to a service account (not the current ID which belongs to a person), so that the Sun DS can run as a service within Windows 2003 server. Need help in doing this without having to re-install the Directory server. Has anyone done this and is it possible to do?

  Thank you very much for the insights and the responses sharmy28.
  Appreciate it very much.
  All I had to do was change the setting in this file only:
  Open the file dsee6/cacao_2/etc/cacao/instances/default/private/cacao.properties and change the below line with new id...
  # Define username and groupname for cacao process
  process.username=sunadmin
  process.groupname=sungroup
  As this is Windows 2003 and the installs are all default values, I had to reboot the server for the change to take effect.
  The file dsee6/cacao_2/usr/lib/cacao/lib/tools/scripts/globals.cfg does not exist. However the same file exists under the perl directory as globals.pl and the settings you specified are present there. In our case these were commented out and so I left them as is.
  Thanks once again for your responses which helped me solve the issue we had.
  Thanks.

• How to create users with i18n characters in SunONE directory server?

  Was trying to create users and groups with i18n characters in SunONE directory server
  1. Started LDAP console using -l option
  2. Chaged the Locale to Japanese
  3. Entered few japanese character as username (meaning internationalization user name)
  4. However, I could not able to type the password using the "soft keyboard" that comes with Japanese Locale
  5. to overcome with #4, for now, I typed english chars as the password
  6. Click OK to save the above username/pwd
  7. It says "netscape.ldap.LDAPException: error result (19); value of attribute "uid" contains extended (8-bit) characters"
  Has anyone ever created i18n user names in SunONE Directory Provider? Please help...

  Hi LostLad,
  Soryy for my ignorance...Could you please be elaborate on how to remove "uid attribute from 7-bit ASCII plugin?
  Thanks in advance..

• First time configuring Sol9 built-in SunONE Directory Server

  Hi!
  I'm using Solaris 9 Sparc and I'm trying to configure the SunONE Directory Server included with Sol9.
  When I type :
  directoryserver startconsole , it asks for :
  UserID
  Password
  Administration URL
  but how can I specify these info if it's a first time configuration ?

  Because I have it on a Netra T1 AC200 without video card and I can't find the Directoryserver binary...

• How to enable FIPS on sunone directory server 6.3?

  Hi all,
  My product needs FIPS certification.
  As part of that we will be connecting to sunone directory server and use it as user store.
  For that i need the steps to enable FIPS on sunone directory server 6.3.
  Has any one done this before?
  Please help me in this.
  Thanks in advance.
  Usha.

  To enable the TLS Encryption Cipher
  1. Check out the ssl-supported-ciphers property of the server.
  $ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
  $ dsconf get-server-prop -h host -p port ssl-supported-ciphers
    ssl-supported-ciphers :     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    ...Hope this helps,
  -Shankar

• SunOne Directory server on AIX 5.3

  Hello members,
  I have a question for the technical team. I am tasked to install SunOne
  directory server on AIX 5.3.
  We have already installed SunOne on AIX 5.2 and it is proven that it works fine in our live environement however it is not yet tested on AIX 5.3.
  I would like to know if SunOne 5.2 is supported by AIX 5.3 and if I should be aware any potential problems during installation.
  Thanks,
  G.S.

  Hello,
  Thanks Ludovic, I really appreciate info that you have provided.
  I have now managed to install SunOne on AIX 5.3 and tried to create new instance from server group through SUNOne server console GUI.
  But this gives me an error like below:
  createSIE failed for ssDN=test.example.co.uk
  The return code is:155Here is the sieEntry:
  objectclass: netscapeserver,nsDirectoryServer,nsConfig
  Has anybody ever delt with such an error?
  Thanks,
  G

• How to get account expiry date for Oracle Directory Server?

  I need to get the account expiry date for Oracle Directory server. Which attribute stores this value? Please let me also know the attribute type and how to fetch it.
  Thanks,
  Subrat

  Hello,
  Yes you can use nsAccountLock directly (When nsAccountLock=true, the object is inactivated and the user cannot log in)
  This is documented in Modifying Directory Server’s NsAccountLockAttribute Directly (Sun Java System Directory Server Enterprise Edition 6.2 In…  (release number is old but it does not matter, Thats the first one Ive found)
  You can also use dsutil account-inactivate as described in dsutil - 11g Release 1 (11.1.1.7.0)
  Sylvain
  Please mark this response as correct or helpful when appropriate to make it easier for others to find it

• Generating Self Signed Certificate for iPlanet Directory Server for testing

  Hi Experts,
  I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
  Thanks in Advance,
  Kalyan

  Here's one I did earlier.
  Refers to Solaris 10
  SSL Security
  add a new certificate that lasts for ten years (120 months).
  stop the instance:
  dsadm stop <instance>
  Remove DS from smf control:
  dsadm disable-service <instance>
  Change Certificate Database Password:
  dsadm set-flags <instance> cert-pwd-prompt=on
       Choose the new certificate database password:
       Confirm the new certificate database password:
  Certificate database password successfully updated.
  Restart the instance from the dscc:
  DSCC -> start <instance>
  Now add a new Certificate which lasts for ten years (120 months; -v 120):
  `cd <instance_path>`
  `certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
       Enter Password or Pin for "NSS Certificate DB":
  Stop the Instance.
  On the DSCC Security -> Certificates tab:
       select option to "Do not Prompt for Password"
  Restart the instance.
  On the Security -> General tab, select the new certificate to use for ssl encryption
  Restart the instance
  Stop the instance
  Put DS back into smf control:
  dsadm enable-service <instance>
  Check the smf:
  svcs -a | grep ds
  # svcs -a|grep ds
  disabled Aug_16 svc:/application/sun/ds:default
  online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
  online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1

• C# client for SunOne Directory

  Is there an example of how to perform ldap authentication and/or lookup in SunOne Directory from a C# (.NET) client?

  Hey dav,
  Sorry that I am not posting to give you a solution - it is more to ask for some guidance.
  I am implementing a client-server arch system which has a lot of 'privileged' actions to be managed. I have thus succesfully integrated the basics of JAAS in to the system... but I am now desparately looking for away to have client-side policies distributed at runtime from the server.
  I do not want to get involved with any web/application server stuff more than I need to; unfortunately one of the system requirements is for client-server comms to be facilitated by SOAP over HTTP, and thus probably JAX-RPC - but it is no problem. I have a developed a database backed Policy and (JAAS) Config which constitute parts of the server component. Now it is just a case of getting the policy to the client at client start-up and subsequently the configuration forJAAS authentication. The aim is that this data will be transfered once during login, and anytime that the the policy is requested to be refreshed.
  Since reading you post, I'm wondering what services LDAP or JNDI can offer me?
  Also, is JNDI an appropriate option for data persistence? is it better to go with JDO or some other object store abstraction.
  Kind regards,
  Darren B

• Access Control for SunOne Web Server 6.0.5 vs. 6.0.4

  This question is about bypassing an appserver by specifying an alias without the appserver vitual host so as to download a class or jar file. With only the default ACL on the 6.0.4 version of the Sunone web server I found that .class and .jar files were not downloadable. However, on version 6.0.5 they are. For example, the URL:
  https://myhost/appserv/alias/path/file.jsp
  would return the html resulting from that file.jsp file being processed by my application server. But by contrast, the URL:
  https://myhost/alias/path/file.jsp
  will prompt the user as to where they want to save the file. Specifying the alias immediately after the hostname (omitting appserv) will allow free access to any files under that aliases target directory. This is a problem especially for .class and .jar files which contain server side programs. I have created an ACL as described in the administrators guide and this does solve the problem (thank goodness for that). My question is, why didn't I experience this problem before?

  To Disable directory listing : http://www.sun.com/bigadmin/features/hub_techtips/dir_list_web_srvr.jsp

• Help me, please. Can't Install SunONE Directory Server 5.2 Beta 3 on Solari

  I try to install DS on SUN ULTRA 10 with Solaris 9. We don't use internal DNS server but external one.
  Cannot start console. Always I have an error:
  starting up server ...
  ERROR<38917> -Startup -conn=-1 msgId=-1 - Configuration error Can't find localhost name.
  error:Server not running!! Failed to start ns-slapd process.
  system_errno:2
  Configuration of Directory Server succeededConfiguratin of the admin server Failed
  The configuration is folowing:
  /etc/hosts:
  127.0.0.1 localhost
  192.168.1.105 iplanet iplanet.mydomain.nam
  /etc/resolv.conf:
  search mydomain.nam
  nameserver xxx.xxx.xxx.xxx
  nameserver yyy.yyy.yyy.zzz
  /etc/nsswitch.conf:
  hosts: files dns
  /etc/defaultrouter:
  192.168.1.1
  /etc/hostname.hme0:
  iplanet
  /etc/nodenam:
  iplanet
  /etc/netmasks:
  192.168.1.0 255.255.255.0
  Does anybody knows what's goin on?
  Thanks in advance.
  Marat.

  It is not possible to obtain the Sun ONE Directory Server 5.2 BETA Software. There are various reasons, one is the BETA program has been closed for sometime now. The RR of the Sun ONE Directory Server 5.2 should be available at the end of May.
  Regards
  -Michael
  Sun Microsystems, Inc.

• SunONE Directory server fails to install on RHEL 3 U6

  Hello
  we are trying to deploy a Sun Directory server 5.2 on a machine that runs RHEL3 Update 6. It comes back with the following error message:
  ERROR : Red Hat Enterprise Linux ES release 3 (Taroon Update 6) is not recognized by idsktune as a supported platform for Sun Java System Directory Server or Directory Proxy Server. Ensure you are running the version of idsktune provided with your product, or you can run idsktune in client mode (-c) if server support is not required
  I know that the product is compatible with RHEL 3 U4, but we are unable to deploy this version of RHEL because of the new hardware of the server.
  Please could anyone advise on how to resolve the problem. Thank you.

  Hi,
  idsktune should not prevent you from installing the product.
  Which version of Directory Server are you trying to install ? What command are you executing ?
  Regards,
  Ludovic

• Problem running WebLogic as plugin for SunOne web server on Solaris

  I tried to set up WebLogic (8.1) as plugin for SunONE (iPlanet) web server. I followed instraction from http://e-docs.bea.com/wls/docs81/plugins/nsapi.html#110496. SunONE server start up successfully. But I have problem to connect my web application, and SunONE web server returns following error:
  "for host 172.23.54.5 trying to GET /arsys/home, wl-proxy reports: Neither 'WebLogicCluster' nor 'WebLogicHost' specified in parameters"
  I tried both SunOne (6.1 sp3) and iPlanet (6.0), I saw same problem.
  Can anyone help me on this?
  Thanks
  Charlie

  To configure sunone to work with WLS, you need to make entires in the magnus.conf and the obj.conf.From the error, it seems as if u missed the entries in the obj.conf.

• Is there any hardware requirement guideline for iPlanet Directory Server?

  I plan to set up the iPlanet Directory server. I need to select the appropriate hardware platform for the DS capacity. e.g what CPU model, ram & hard disk size if entries is around 10000 etc.

  The upper limit for iDS 5.0 is 2G of RAM but for 100K users, expect about 80-85MB ldif file which correlates to about 290-300Mb importCacheSize. This means that you will need 64Mb+300Mb minimum.
  As far as network, 100BaseT is adequate but GBit or multiple 100BaseTs are better.
  SSL hardware is recommended if running securely.
  As far as processors, an Ultra60 1x440Mhz or a Dell PowerEdge 2400 1x776Mhz will work. Attaching 2x18G disk should be enough. Go with scsi over ide if possible.
  pat