LDAP client binding failure stops TimerTask thread

Hi There,
I try to schedule a TimerTask once ldap binding fails, but the binding failure prevents the TimerTask thread to start. Any idea? or any work around?
Thanks.
try{
ctx = new InitialLdapContext(envs[ctx_idx], null);
}catch(NamingException ne){
START();
public static void start() {
timer = new Timer();
timer.schedule(new TimerTask() {
public void run(){
System.out.println(".... Visit moniter ....");
}, 10, 1000) ;
} // end of start
...

Problem Fixed. Windows XP client did not have WINS server IP address is TCP/IP properties.

Similar Messages

Windows Client Binding Failure in a different subnet - Snow Leopard Server

hi all,
We are running SL 10.6.6 mini mac on a subnetted domain - The svr subnet is 10.20.10.xxx
Clients (mac & win xp) are in subnets 10.20.12.xxx & 10.20.13.xxx
Linux Firewalls separate the subnets although for the purposes of this topic and setup i have set the default policy to accept with no drop rules prior.
The issue is that a win xp client cannot see the SL server. The win XP client does a NETLOGON broadcast i.e. (10.20.13.255 UDP 137) which does not make it to the netlogon service being advertised by the SL Server.
If i put the win xp client in the 10.20.10.xxx (the SL Svr subnet) all works fine and the win xp client authenticates correctly.
Is anyone out there running a similar setup (different subnets with Win XP Clients) I'm interested in how you got the binding/auth process working.
Some side info on the SL Svr - Its a PDC domain master which has 2 replica's attached. All instructions appear to have been followed correctly as per 10.6 OD admin guide. I have all the Mac OS server essentials book and have been trolling through them for answers.
I have setup SMB and configured it as per a previous thread http://discussions.apple.com/thread.jspa?threadID=2014572&tstart=0
Any help/thoughts/ pearls of wisdom would be appreciated.
Cheers
Cowan

Problem Fixed. Windows XP client did not have WINS server IP address is TCP/IP properties.

LDAP Bind Failure: Can't contact LDAP server in Presentation Server

I have configured LDAP configuration in the RPD and am able to connect to the LDAP from the BI server. Its returning the information i need when i test through the admin tool. But when i try to log in from the PS using the same network id and password, it gives me the below error:
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused. [53003] LDAP bind failure: Can't contact LDAP server. (08004).
I know for sure, the network connectivity is working as i get my results back from the BI Server. Please advise, if i need to change other configurations on the Presentation end. As my network folks have run out of ideas. Thx!

user9125812 wrote:
Yes, i am pinging from OBIEE Server through the RPD and i am successful.Pinging the OBIEE Server through the RPD? Ping is a DOS command, how can oyu "ping through the RPD".
Can you go to the server, open a CMD windows and do "ping nsldap.companyname.com" and see if it works. If it works it could be that the LDAP port is blocked by a firewall or OBIEE is not able to make a connection. Make sure you are using the correct port as well. Install an LDAP client in your OBIEE Server and test that you can connect to your LDAP server from your OBIEE Server, not from the RPD. You can use this:
http://jxplorer.org/

LDAP Bind Failure

Hi All,
We are facing the issue "LDAP bind failure:Cant contact LDAP server".
We are facing for now and then....Can you guys tell me the corrective action to correct this?
Our LDAP server is Novel e-directory.
RMD

Try referring http://rnm1978.wordpress.com/2010/12/02/troubleshooting-obiee-ldap-adsi-authentication/
Hope it helps

Proxy agent in solaris ldap client

Since ldap service provides naming service, that is supposed to be accessed by anyone who needs it, I don't know why we need a proxy agent when we set up solaris ldap client. The anoymous credential level is enough.
Also in order to use proxy agent, this agent needs to have at least read access to all naming entries, including userPassword, encrypted or clear-text. This adds some sort of in-security. While service authentication method "simple" will simply bind to the ldap server using provided password. Of course, you can still add another layer of security by using TLS.
So, can anyone explain this design a little more?
Thanks.

My input on this subject may seem a bit paranoid, but that's what I get paid for, so take this with a gain of salt 8-)
The proxy agent does not need to have read access to the userPassword attribute if you configure your clients to use pam_ldap instead of pam_unix. pam_unix retrieves the userPassword attribute by making a call to getspnam. With pam_ldap, the user dn and password are sent to the directory server in an auth structure, and the directory server will return success or failure to the client for that login attempt. More info on this can be found at http://docs.sun.com, or in the book "LDAP in the Solaris Operating Environment, Deploying Secure Directory Services" by Michael Hains and Tom Bialaski (ISBN 0-13-145693-8) pgs 177-179.
Use of the proxy agent can actually increase the level of security for your directory server. With the proper ACI's in place not allowing anonymous binds to view the data in the tree (or only view a small subset of the tree), you can prevent anyone from dropping a laptop or other device on your network and data mining your LDAP tree for information (ie vendors, guests, etc). That won't stop those same people from snooping the traffic on your network, so the use of secure protocols are the other side of that, but implementing tls:simple authentication for the directory server and clients is not that difficult, and should be considered for any deployment of LDAP for use as a naming server.
I do agree with your assessment that in an environment where anonymous binds are accecptable the use of the proxyagent is probably not warrented, but in my experience having the proxyagent has allowed me to tighten the security of my directory implementation .

Solaris ldap client problem (tls:simple + anonymous)

Hi All,
I've installed Directory Server 6.3.1 and it works just fine,
but I have a problem regarding connecting Solaris 10 ldap client to it through SSL using anonymous credential level.
Both SSL with proxy credential level or anonymous without SSL work fine but as you know these configurations are not pretty secure.
More detail.
Profile:
dn: cn=sslnoproxyuser,ou=profile,dc=domain,dc=com
authenticationmethod: tls:simple
bindtimelimit: 10
cn: sslnoproxyuser
credentiallevel: anonymous
defaultsearchbase: dc=domain,dc=com
defaultsearchscope: one
defaultserverlist: servername.domain.com
followreferrals: TRUE
objectclass: top
objectclass: DUAConfigProfile
preferredserverlist: servername.domain.com
profilettl: 43200
searchtimelimit: 30
Ldapclient output:
bash-3.00# ldapclient init -v -a profileName=sslnoproxyuser servername.domain.com
Parsing profileName=sslnoproxyuser
Arguments parsed:
profileName: sslnoproxyuser
defaultServerList: servername.domain.com
Handling init option
About to configure machine by downloading a profile
findBaseDN: begins
findBaseDN: ldap not running
findBaseDN: calling __ns_ldap_default_config()
found 2 namingcontexts
findBaseDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject)(nisdomain=domain.com))"
rootDN[0] dc=domain,dc=com
found baseDN dc=domain,dc=com for domain domain.com
Proxy DN: NULL
Proxy password: NULL
Credential level: 0
Authentication method: 3
No proxyDN/proxyPassword required
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: system/filesystem/autofs:default... success
ldap not running
nisd not running
nis(yp) not running
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "domain.com"
file_backup: stat(/var/yp/binding/domain.com)=-1
file_backup: No /var/yp/binding/domain.com directory.
file_backup: stat(/var/ldap/ldap_client_file)=-1
file_backup: No /var/ldap/ldap_client_file file.
Starting network services
start: /usr/bin/domainname domain.com... success
start: sleep 100000 microseconds
start: network/ldap/client:default... maintenance
start: sleep 100000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: sleep 200000 microseconds
restart: milestone/name-services:default... success
Error resetting system.
Recovering old system settings.
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: system/filesystem/autofs:default... success
Stopping ldap
stop: network/ldap/client:default... restoring from maintenance state
stop: sleep 100000 microseconds
stop: network/ldap/client:default... success
nisd not running
nis(yp) not running
recover: stat(/var/ldap/restore/defaultdomain)=0
recover: open(/var/ldap/restore/defaultdomain)
recover: read(/var/ldap/restore/defaultdomain)
recover: old domainname "domain.com"
recover: stat(/var/ldap/restore/ldap_client_file)=-1
recover: stat(/var/ldap/restore/ldap_client_cred)=-1
recover: stat(/var/ldap/restore/NIS_COLD_START)=-1
recover: stat(/var/ldap/restore/domain.com)=-1
recover: stat(/var/ldap/restore/nsswitch.conf)=0
recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0
recover: stat(/var/ldap/restore/defaultdomain)=0
recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0
Starting network services
start: /usr/bin/domainname domain.com... success
start: sleep 100000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
*/var/ldap/cachemgr.log*
Tue Jun 30 10:50:51.4330 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log
Tue Jun 30 10:50:51.4355 Error: Unable to read '/var/ldap/ldap_client_file': Configuration Error: No entry for 'NS_LDAP_BINDDN' found
Tue Jun 30 10:50:51.4368 detachfromtty(): child failed (rc = 255).
Any ideas?
Edited by: ffffffffff356dfd on 30 ???? 2009 12:07
Edited by: ffffffffff356dfd on 30 ???? 2009 12:07

Hi ,
yes I use it.
Here is my pam.conf:
# Authentication management
# login service (explicit because of pam_dial_auth)
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_dial_auth.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1
# rlogin service (explicit because of pam_rhost_auth)
# rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
# rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
rsh auth binding pam_unix_auth.so.1 server_policy
rsh auth required pam_ldap.so.1
# PPP service (explicit because of pam_dial_auth)
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1
# passwd command (explicit because of a different authentication module)
passwd auth binding pam_passwd_auth.so.1 server_policy
passwd auth required pam_ldap.so.1
# cron service (explicit because of non-usage of pam_roles.so.1)
cron account required pam_unix_account.so.1
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
other account requisite pam_roles.so.1
other account binding pam_unix_account.so.1
other account required pam_ldap.so.1
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
other session required pam_unix_session.so.1
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1 server_policy
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#

Native ldap client doesn't work with an openldap Server : No root DSE data

Hello!
My configuration :
- an openldap 2.2.23 server (linux debian) (server name = serv_annu)
- a ldap client (solaris 10) (server name = client_annu)
I want to configure my client by using Solaris Native ldap and I follow the excellent doc of gary tay (http://web.singnet.com.sg/~garyttt)
I use TLS and I had generated a certificate by using Mozilla . TLS works because ldapsearch from my solaris client works:
FROM CLIENT_ANNU:
+# ldapsearch -h server_annu -p 636 -b"dc=mydomain,dc=fr" -s base -Z -P /var/ldap/cert8.db "objectclass=*"+
version: 1
dn: dc=mydomain,dc=fr
dc: mydomain
objectClass: top
objectClass: dcObject
objectClass: organization
objectClass: nisDomainObject
nisDomain: mydomain.fr
o: mydomain
LOG FROM SERVER_ANNU:
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 fd=10 ACCEPT from IP=172.30.69.216:36020 (IP=0.0.0.0:636)
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=0 SRCH base="dc=mydomain,dc=fr" scope=0 deref=0 filter="(objectClass=*)"
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=1 UNBIND
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 fd=10 closed
1) I add DUAConfigProfile.schema and solaris.schema on my openldap server.
2) I add a nisDomainObject at the root DN (see the result of the ldapsearch above)
3) I Add ACL in slapd.conf to allow reading of rootDSE.
access to dn.base="" by ssf=128 * read
4) I launch on my solaris client
crle -u -s /usr/lib/mps
crle -64 -u -s /usr/lib/mps/64
5) I can't apply result.c patch on my openldap server (production server!) then I can't create /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred by using ldapclient command. Then I create manually /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred : the syntax is correct because the "ldapclient list" command works :
+# ldapclient list+
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= uid=toto,ou=People,dc=people1,dc=mydomain,dc=fr
+NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411+
NS_LDAP_SERVERS= server_annu
NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=fr
NS_LDAP_AUTH= tls:simple
NS_LDAP_CREDENTIAL_LEVEL= anonymous
NOTE : I've had to add NS_LDAP_BINDDN and NS_LDAP_BINDPASSWD even if I use anonymous credential level because I get an error when I launch ldap client process.
Then here, everything is apparently OK but when I enable ldap client process the cachemgr process is running about 30s then it crashes:
FROM CLIENT_ANNU:
svcadm disable /network/ldap/client;svcadm enable /network/ldap/client
+/etc/init.d/nscd stop;/etc/init.d/nscd start+
LOG FROM SERVER_ANNU:
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 fd=10 ACCEPT from IP=172.30.69.216:36021 (IP=0.0.0.0:389)
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SRCH attr=supportedControl supportedsaslmechanisms
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=1 UNBIND
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 fd=10 closed
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 fd=10 ACCEPT from IP=172.30.69.216:36022 (IP=0.0.0.0:389)
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SRCH attr=supportedControl supportedsaslmechanisms
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=1 UNBIND
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 fd=10 closed...
FROM CLIENT ANNU :
+# /usr/lib/ldap/ldap_cachemgr -g+
cachemgr configuration:
server debug level 0
server log file "/var/ldap/cachemgr.log"
number of calls to ldapcachemgr 2
cachemgr cache data statistics:
Configuration refresh information:
Previous refresh time: 2008/04/02 09:58:12
Next refresh time: 2008/04/02 21:58:12
Server information:
Previous refresh time: 2008/04/02 09:58:32
Next refresh time: 2008/04/02 09:58:33
server: server_annu, status: ERROR
error message: No root DSE data returned.*
Cache data information:
Maximum cache entries: 256
Number of cache entries: 0
My problem is why I get the following error message : No root DSE data returned.
Thanks in advance for your help!

Hi
Is your OpenLDAP server configured to allow anonymous read of the rootDSE attributes ?
Regards,
Ludovic.

Help with setting up LDAP Client on Oracle Linux 6.4

Hi,
I'm having problems getting my Oracle Linux server setup as a ldap client and hoping someone can find where I'm going wrong. We have Oracle/Sun Directory Server 7 with Solaris ldap clients already setup with ssl. We are also using crypt for storing passwords. Here are the steps I have done on the Linux server.
yum install -y openldap openldap-clients nss-pam-ldapd pam_ldap
Edited the line FORCELEGACY=no to yes in /etc/sysconfig/authconfig
Copied the CA certs to /etc/openldap/cacerts
Ran: authconfig updateall enableldap enableldapauth ldapserver=zldap1.<domain> ldapbasedn="o=<domain>,o=isp" enableldaptls --enableldapstarttls
Changed pam_password md5 to crypt in /etc/pam_ldap.conf
Restarted /etc/init.d/nslcd and also tried rebooting.
I'm seeing the following errors in messages:
May 21 08:50:01 ryolinux nslcd[1261]: [c79ea8] ldap_start_tls_s() failed: Connect error (uri="ldap://zldap1.<domain>/")
May 21 08:50:01 ryolinux nslcd[1261]: [c79ea8] failed to bind to LDAP server ldap://zldap1.<domain>/: Connect error
May 21 08:50:01 ryolinux nslcd[1261]: [c79ea8] no available LDAP server found
Here is what my /etc/openldap/ldap.conf file looks like:
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
URI ldap://zldap1.<domain>/
BASE o=<domain>,o=isp
Any help would be appreciated.
Thanks

Copy cacerts to /etc/openldap/cacerts
yum install -y openldap ldap-clients nss-pam-ldapd pam_ldap authconfig sssd
authconfig enablesssd enablesssdauth enablelocauthorize update
authconfig updateall enableldap enableldapauth ldapserver=zldap1.<domain> ldapbasedn="o=<domain>,o=isp" enableldaptls --enableldapstarttls
Add line to /etc/sssd/sssd.conf "ldap_tls_reqcert = allow"
Change /etc/pam_ldap.conf line:
pam_password md5 --> pam_password crypt
service sssd restart

ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials

Hey Guys,
I have an application with LDAP authentication and a custom login page (pg 101). When I run this app, the login page displays first, logs me in and logs out fine. However, when I branch to this application from another application, the login page shows up with the following error:
ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials
Error ERR-1082 Error in executing authorization scheme code.
I looked at debug and this is happening because when this page is loaded, it goes to my authentication scheme and tries to authenticate me even though I havnt logged in and because no user exists at this point the error happens.
I have set the login page to 'Page is Public' and have also used the following code in the authentication scheme's Page Sentry Function:
IF APEX_CUSTOM_AUTH.CURRENT_PAGE_IS_PUBLIC = TRUE THEN;
RETURN TRUE;
ELSE
RETURN FALSE;
END IF;
Any ideas of how I can stop my login page from being authenticated? Or where I am going wrong
Thanks
-Mark

Jes,
I could get it work !!!! my complete code
DECLARE
l_attributes wwv_flow_global.vc_arr2;
l_attribute_values wwv_flow_global.vc_arr2;
l_msg dbms_ldap.message;
l_entry DBMS_LDAP.message;
l_session DBMS_LDAP.session;
l_ber_element DBMS_LDAP.ber_element;
l_attr dbms_ldap.string_collection;
l_attr_name VARCHAR2(256);
l_vals DBMS_LDAP.string_collection;
retval PLS_INTEGER;
BEGIN
l_session := DBMS_LDAP.init('server', '389');
retval := DBMS_LDAP.simple_bind_s(l_session,'cn=myid,cn=na', 'mypwd');
dbms_output.put_line('Retval -> ' || retval);
l_attr(1) := '*'; -- retrieve all attributes
retval := DBMS_LDAP.search_s(
ld => l_session,
base => 'ou=xx,o=xx',
scope => DBMS_LDAP.SCOPE_SUBTREE,
filter => 'uid=myid',
attrs => l_attr,
attronly => 0,
res => l_msg);
dbms_output.put_line('Retval 2 -> ' || retval);
dbms_output.put_line('msg : ' || l_msg);
IF DBMS_LDAP.count_entries(ld => l_session, msg => l_msg) > 0 THEN
-- Get all the entries returned by our search.
l_entry := DBMS_LDAP.first_entry(ld => l_session,
msg => l_msg);
<< entry_loop >>
WHILE l_entry IS NOT NULL LOOP
-- Get all the attributes for this entry.
DBMS_OUTPUT.PUT_LINE('---------------------------------------');
l_attr_name := DBMS_LDAP.first_attribute(ld => l_session,
ldapentry => l_entry,
ber_elem => l_ber_element);
<< attributes_loop >>
WHILE l_attr_name IS NOT NULL LOOP
-- Get all the values for this attribute.
l_vals := DBMS_LDAP.get_values (ld => l_session,
ldapentry => l_entry,
attr => l_attr_name);
<< values_loop >>
FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
DBMS_OUTPUT.PUT_LINE('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || SUBSTR(l_vals(i),1,200));
END LOOP values_loop;
l_attr_name := DBMS_LDAP.next_attribute(ld => l_session,
ldapentry => l_entry,
ber_elem => l_ber_element);
END LOOP attibutes_loop;
l_entry := DBMS_LDAP.next_entry(ld => l_session,
msg => l_entry);
END LOOP entry_loop;
END IF;
retval := DBMS_LDAP.unbind_s(l_session);
END;
thank you :D

Configure ldap client on linux

I have configure sun directory server 6.2 on Redhat Linux AS4 Update 4
Can anyone guide me , how to configure the ldap client (client is also RHAS4U4)
Do i need to install new packages or can i use openldap client?I have no idea .
Kindly reply.

Do i configure the nfs server and configure autfs on the client?Yes. Also need to config NFS Server on machine serving up home dirs, nsswitch.conf on client for automount to point to ldap, and automount entries on your LDAP server. I think I put details in thead reference to other forum post on this subject.
http://forum.java.sun.com/thread.jspa?threadID=5236185&messageID=10014704#10014704
Thanks for the update on how to config a LINUX client.

Patching solaris LDAP client

i will have to patch a solaris LDAP client box. What do I expect for that? Do I have to rel-initialize the client using ldapclient command after patching?
solaris 8 + LDAP server 5.2 unbundled version.
Thanks

From previous experience if your slapd is not running on your LDAP server then your clients will not boot if they are setup for ldap domain authentication. This is the same in NIS and NIS+. The only way to bring them up is to boot -s and change the nsswitch.conf file back to standalone i.e files and reboot machine.
In short if ldap server goes down clients are too, multi ldap servers are required to prevent single point failure.

Bug: dsee_directory should launch prior to ldap.client

Hello. Recently switched my directory from OpenLDAP to Sun. Works great, but I noticed today when the server had to be rebooted that the boot process stopped on the ldap.client init script. This was because the client is /etc/rc2.d/S71ldap.client, but the directory is at /etc/rc2.d/S72dsee_directory. I put it into single-user and moved dsee_directory from S72 to S70. Everything works great now, but this should be submitted as a bug affecting systems authenticating against their own LDAP server.

I had never had a problem with ldap.client connecting to an OpenLDAP server that was spawned prior to it. When I switched to dsee_directory, it just sat on the ldap client script trying to connect. The ordering did fix my boot issue. However, I had never heard Sun advises against LDAP client of themselves. This kind of baffles me since other operating systems typically do this (Linux, Active Directory, etc...). At any rate, it works great now, but I am curious as to why Sun would discourage this setup. BTW, this is DSEE 6 and Solaris 9/sparc.

LDAP Authenticated Bind

I have been looking for documentation on LDAP authenticated bind, except there is very little and the stuff that is there doesn't go into any detail. I was able to get authenticated binds to work properly but I wanted to ensure that it was all done correctly.
I found that the users that you are authenticating have to be in the same OU as the service account that you are using to perform the authenticated bind. For example you have an OU called Wireless. users1, user2 and a service account called WiSA are all in this OU. You can authenticate users1 and user2, but no users out of any other OU.
Is this really all there is? There appears to be no ability to do memberOf which really limits what you can do with this.
I am running 6.0.182.0. Any thoughts??

You can use users in another location for authenticated binding of LDAP, in that case while writing the the username you should mention entire path instead of username.
for eg: you should specify the username as cn=user,ou=cisco,ou=wireless,dc=com.
If both your client authentication username and bind username in same location then you can just specify the username controller will pick the path from the LDAP config.
I hope i answerd your question.

Making a Solaris 9 box a ldap client to 10.3 server

I have a 10.3 server running with all the updates and it a ODM with users/groups created within it's ldap domain, everything from the Mac end is working great.
What I now need to do....
We have a SunOS 9 box that is running some app that we need it to accept user/group information from the 10.3 domain for local file system rights.
For example if I have a group on the 10.3 domain called group1 and a dir on the Sun box called test, we want to be able to do (From the sun box):
chown -R :group1 test
And then set access permission based on the group.
What I was thinking was to bind the Sun box to the 10.3 domain to do this, but I'm running into the issue that I really don't know Solaris well and all the docs I find are about how to setup a client to bind to a Solaris domain and not how to setup a Solaris box as a client.
So I guess my two questions are:
1. Is what I'm thinking of doing the right way of getting this to work?
2. Any read me or help on setting up a Solaris box to be a ldap client to a 10.3 domain.
Thanks.

Have you tried walking across the building and asking Brooke?

How to stop the thread?

Hi,
How to stop the thread in java. This is my program.
import java.net.InetAddress;
public class ThreadPing extends Thread {
     ThreadPing(String pingIP)
          super(pingIP);
          start();
     public void run()
          try
          String pingIP = Thread.currentThread().getName();
          InetAddress inet = InetAddress.getByName(pingIP);
          Boolean get=inet.isReachable(1500);
          if(get==true)
               System.out.println(inet.getHostName());
          }catch(Exception e)
     public static void main(String args[])
          for(int i=1;i<=100;i++)
               String pingIP = "192.168.1."+i;
               ThreadPing tp = new ThreadPing(pingIP);
Thanks in advance.

The simplest way to stop all the thread is to make all thread daemons and exit the program when you want them to stop.

LDAP client binding failure stops TimerTask thread

Similar Messages

Maybe you are looking for