LDAP Client busted after 10.6.5 update...

Similar Messages

• Apple VPN Client fails after 10.4.7 update

  I have three different remote computers that cannot connect over VPN remotely to our xServe running 10.3.9. After installing 10.4.7 update recently, all three remote computers fail to even hit the server logs (ie. no connection, no denial, no nothing on the server end). I had one machine that was running 10.4.6 tonight. VPN connection worked fine. Ran the software update, restarted, now that computer fails to make a connection.
  It has nothing to do with the firewall on the xServe. I have turned that off with no success.
  Any ideas? I appreciate the help.

  to uninstall the client:
  http://docs.info.apple.com/article.html?artnum=108021
  you can create a client installer with the admin
  under File, Create Client Installer...
  Thanks for this. I will look into it further. The document you refer to states that 10.4 Clients should only be stopped rather than uninstalled, this concerns me a little. As I have tried simply stopping the service I will escalate to uninstalling the client and then see if reinstalling resolves the issue. Many thanks for your response.

• After 10.5.4 update, mac osx system proxy client (HTTPS) does not work!!!

  after 10.5.4 update (some minutes ago) i can't go on https web pages with browser safari and the other applications that uses the system proxy client (for example google notifier). i'm connecting to internet trough my macbook pro cable lan adapter into a LAN with a proxy server (before the update the mac osx system proxy client does work right).
  Help me!!!

  Hello Robert:
  I am sorry to be simplistic, but Apple cannot possibly be responsible for Safari (or any other software product) working in every possible environment. In my business life I used several methods to seamlessly link with my corporate servers from home or on the road. In each case, it was possible, but not without the help of my excellent IT people.
  Barry

• Disabled/Asleep LDAP clients

  10.5.5 server/10.4.11 LDAP clients
  In Server Admin, I have starting to get 10.4.11 clients showing up as "disabled/asleep" which is problematic due to their being logged out but the server still thinks they are logged in. Is there a setting to change to rid this "disabled/asleep" connectivity?

  When you log in in a MacOS X 10.4.11 server with a client then the client will be showed up in the Servers Admin AFP-Connections screen.
  When the client logs out (disconnect), his name / status/address will be removed again.
  This is the way the system manager can track how many clients are connected to the server.
  Unfortunately this is only true for clients until version 10.5.5 of MacOS X.
  When a client is updated to MacOS X 10.5.6, the client will after disconnection only be removed from the list when he did log in on the server ONLY WITH ONE shared volume. If he was connected with MORE THEN ONE shared volumes at the same time, the client will stay in the list even after disconnecting or shutting down the computer (after some time of course as Disabled /Asleep).
  (It has nothing to do with the kind of computer that is used (MacBookPro). It was only the coincidence that the MacBookPro's are used to login on the server only with one shared volume.)

• IPad2 Issues after iOS 8.1 update

  iPad2 64g wifi + cellular -   very slow and non-responsive since iOS 8.1 update.  nonstandard Apps seem to be working fine.. it’s the standard item like photos and safari that don't  respond. 
  photos -  (which I use daily to show clients examples)  will freeze and kick me out back to the home page when trying to do anything from open a photo for viewing to trying to delete a photo. Edit.. forget it.   better off using an alternate app to edit a photo as it locks up and crashes every time.   I really need to be able to view the photos  on my iPad2
  safari -   good luck using any hyper link…. It doesn’t respond.   Even at Apple’s website.   Sometimes it crashes but most of the time it just ignores me like I haven’t touched the screen
  Overall - the touch screen is glitchy since the iOS 8.1 update.  It was slow after the iOS 8.0 update  but has become almost unusable after the 8.1 update.
  I cannot afford to purchase a new iPad.  And I really need to find a way to make this one work.
  I did read about how to restore to an older iOS version.   The only problems are all of my laptop is Windows based and the instructions assumed you had a Mac.   I did a backup to iTunes prior to the 8.0 update but I have also done backups since.   So I am not sure I have a “clean” iOS 7 backup.
  Any ideas would be appreciated   Thank you in advance for your help
    Deborah

  zooga wrote:
  safari -   good luck using any hyper link…. It doesn’t respond.   Even at Apple’s website.   Sometimes it crashes but most of the time it just ignores me like I haven’t touched the screen
  For the touch issues in Safari, does scrolling or zooming the page before you try to tap a link make it work again?  I've read a few posts that this may be a workaround for that issue.

• AnyConnect client reconnects after 1 minute

  AnyConnect client reconnects after 1 minute; WHY
  version 3.1.02026
  ASA:asa911-k8.bin
  [25-4-2013 8:16:11] Establishing VPN session...
  [25-4-2013 8:16:11] Checking for profile updates...
  [25-4-2013 8:16:11] Checking for product updates...
  [25-4-2013 8:16:11] Checking for customization updates...
  [25-4-2013 8:16:11] Performing any required updates...
  [25-4-2013 8:16:12] Establishing VPN session...
  [25-4-2013 8:16:12] Establishing VPN - Initiating connection...
  [25-4-2013 8:16:12] Establishing VPN - Examining system...
  [25-4-2013 8:16:12] Establishing VPN - Activating VPN adapter...
  [25-4-2013 8:16:15] Establishing VPN - Configuring system...
  [25-4-2013 8:16:16] Establishing VPN...
  [25-4-2013 8:16:16] Connected to my.vpn.com.
  [25-4-2013 8:16:16] Connected to my.vpn.com.
  [25-4-2013 8:17:19] Reconnecting to my.vpn.com...
  [25-4-2013 8:17:19] Establishing VPN - Examining system...
  [25-4-2013 8:17:24] Establishing VPN - Activating VPN adapter...
  [25-4-2013 8:17:25] Establishing VPN - Configuring system...
  [25-4-2013 8:17:25] Establishing VPN...
  [25-4-2013 8:17:25] Connected to my.vpn.com.
  [25-4-2013 8:17:25] Reconnecting to my.vpn.com...
  [25-4-2013 8:17:25] Establishing VPN - Examining system...
  [25-4-2013 8:17:25] Establishing VPN - Activating VPN adapter...
  [25-4-2013 8:17:25] Establishing VPN - Configuring system...
  [25-4-2013 8:17:25] Establishing VPN...
  [25-4-2013 8:17:25] Connected to my.vpn.com.
  [25-4-2013 8:16:11] Establishing VPN session...
  [25-4-2013 8:16:11] Checking for profile updates...
  [25-4-2013 8:16:11] Checking for product updates...
  [25-4-2013 8:16:11] Checking for customization updates...
  [25-4-2013 8:16:11] Performing any required updates...
  [25-4-2013 8:16:12] Establishing VPN session...
  [25-4-2013 8:16:12] Establishing VPN - Initiating connection...
  [25-4-2013 8:16:12] Establishing VPN - Examining system...
  [25-4-2013 8:16:12] Establishing VPN - Activating VPN adapter...
  [25-4-2013 8:16:15] Establishing VPN - Configuring system...
  [25-4-2013 8:16:16] Establishing VPN...
  [25-4-2013 8:16:16] Connected to my.vpn.com.
  [25-4-2013 8:16:16] Connected to my.vpn.com.
  [25-4-2013 8:17:19] Reconnecting to my.vpn.com...
  [25-4-2013 8:17:19] Establishing VPN - Examining system...
  [25-4-2013 8:17:24] Establishing VPN - Activating VPN adapter...
  [25-4-2013 8:17:25] Establishing VPN - Configuring system...
  [25-4-2013 8:17:25] Establishing VPN...
  [25-4-2013 8:17:25] Connected to my.vpn.com.
  [25-4-2013 8:17:25] Reconnecting to my.vpn.com...
  [25-4-2013 8:17:25] Establishing VPN - Examining system...
  [25-4-2013 8:17:25] Establishing VPN - Activating VPN adapter...
  [25-4-2013 8:17:25] Establishing VPN - Configuring system...
  [25-4-2013 8:17:25] Establishing VPN...
  [25-4-2013 8:17:25] Connected to my.vpn.com.

  Hello Michael,
  The problem here is because we cannot succesfully establish a DTLS tunnel. This could happen because:
  - DTLS is blocked somewhere in the path
  - A non-default DTLS port is being used
  If DTLS is blocked in the middle the issue is because as of ASA Release 9.x and AnyConnect Release 3.x, an optimization has been introduced in the form of distinct Maximum Transition Units (MTUs) that are negotiated for TLS/DTLS between the client/ASA. Previously, the client derived a rough estimate MTU which covered both TLS/DTLS and was obviously less than optimal. Now, the ASA computes the encapsulation overhead for both TLS/DTLS and derives the MTU values accordingly.
  As long as DTLS is enabled, the client applies the DTLS MTU (in this case 1418) on the VPN adapter (which is enabled before the DTLS tunnel is established and is needed for routes/filters enforcement), to ensure optimum performance. If the DTLS tunnel cannot be established or it is dropped at some point, the client fails over to TLS and adjusts the MTU on the virtual adapter (VA) to the TLS MTU value (this requires a session level reconnect).
  In order to eliminate this visible transition of DTLS > TLS,  you can configure a separate tunnel group for TLS only access for users that have trouble with the establishment of the DTLS tunnel (such as due to firewall restrictions).
  1. The best option is to set the AnyConnect MTU value to be lower than the TLS MTU, which is then negotiated.
  group-policy ac_users_group attributes
  webvpn
    anyconnect mtu 1300
  This makes TLS and DTLS MTU values equal. Reconnections are not seen in this case.
  2. The second option is to allow fragmentation.
  group-policy ac_users_group attributes
  webvpn
    anyconnect ssl df-bit-ignore enable
  With fragmentation, large packets (whose size exceeds the MTU value) can be fragmented and sent through the TLS tunnel.
  3. The third option is to set the Maximum Segment Size (MSS) to 1460 as follows:
  sysopt conn tcpmss 1460
  In this case, the TLS MTU will be 1427 (RC4/SHA1) which is larger than the DTLS MTU 1418 (AES/SHA1/LZS). This should resolve the issue with TCP from the ASA to the AnyConnect client (thanks to MSS), but large UDP traffic from the ASA to the AnyConnect client might suffer from this as it will be dropped by the AnyConnect client due to the lower AnyConnect client MTU 1418. If sysopt conn tcpmss is modified, it might affect other features such as LAN-to-LAN (L2L) IPSec VPN tunnels.
  If DTLS is not blocked in the middle another potential cause for the DTLS failure that DTLS is configured on a non-default port after the WebVPN is enabled (for example, when the webvpn enable outside command is entered). This is due to Cisco bug ID CSCuh61321 and has been seen in Release 9.x where the ASA pushes the non-default port to the client, but continues to listen to the default port. Consequently, the DTLS is not built and AnyConnect reconnects.
  The workaround for this problem is:
  Disable the WebVPN.
  Enter the DTLS port.
  Enable the WebVPN.
  Regards,
  -Gustavo Medina

• Solaris 10 LDAP Client: libsldap: Status: 4

  Hi everybody.
  I changed the configuration in Solaris 10 to restrict the LDAP users who can login to the system.
  What I have done is changed the value:
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=people,dc=sis,dc=personal,dc=net,dc=py?sub?host=<hostname>
  Where <hostname> is the respective hostname.
  After that, everything works as I expect, but I get a lot of these messages:
  sshd[28495] libsldap: Status: 4 Mesg: Service search descriptor for service 'passwd' contains filter, which can not be used for service 'user_attr'.
  Should I ignore the messages? This is the nsswitch.conf file:
  /etc/nsswitch.conf
  # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
  # Use is subject to license terms.
  # ident "@(#)nsswitch.files 1.14 06/05/03 SMI"
  # /etc/nsswitch.files:
  # An example file that could be copied over to /etc/nsswitch.conf; it
  # does not use any naming service.
  # "hosts:" and "services:" in this file are used only if the
  # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
  passwd: files ldap
  group: files ldap
  hosts: cluster files dns
  ipnodes: files dns
  networks: files
  protocols: files
  rpc: files
  ethers: files
  netmasks: cluster files
  bootparams: files
  publickey: files
  netgroup: files
  automount: files
  aliases: files
  services: files
  printers: user files
  auth_attr: files
  prof_attr: files
  project: files
  tnrhtp: files
  tnrhdb: files
  user_attr: files
  I added user_attr to nsswitch.conf pointing to files only, refreshed ssh, but the message still appears.
  Any suggestions?

  What would I do without google?
  http://prefetch.net/blog/index.php/2005/01/
  I setup several Solaris systems to authenticate via LDAP last year, and periodically get the following error message in /var/adm/messages:
  Dec 21 08:44:17 sparky nscd[1174]: [ID 293258 user.error] libsldap: Status: 4 Mesg: Service search
  descriptor for service �passwd� contains filter, which can not be used for service �user_attr�.
  We use SSDs (service search descriptors) to tailor the search string that is sent to the directory server. This allows us to tailor who can and cannot login to our Solaris systems. After doing some digging, it looks like the following search descriptors are required to make libsldap.so happy:
  NS_LDAP_SERVICE_SEARCH_DESC= user_attr:ou=people,dc=daemons,dc=net?one?&(acctActive=yes)
  NS_LDAP_SERVICE_SEARCH_DESC= audit_user:ou=people,dc=daemons,dc=net?one?&(acctACtive=yes)
  Since we use sudo instead of RBAC, I am still researching why the secure LDAP client queries the directory server for the user_attr information. Hopefully I can find an answer in RFC 2307 ( An approach to using LDAP as a network information service), or the documentation on docs.sun.com.

• OEL ldap client setup with SSL against OID using either ldaps or starttls

  Hi, I've got OID 11.1.1.1.0 running with SSL enabled on port 3132. It's running in mode 2, SSL Server Authentication mode (orclsslauthentication is set to 32). I'd like to setup my OEL 5.3 and Solaris 10 ldap clients to connect to OID using SSL for user authentication. I have everything already working on the non-SSL port (3060), but I need to switch over to SSL. So far I can't get it to work on either OEL or Solaris. Does anyone out there know how to configure the client to use SSL?
  Here's my /etc/ldap.conf file on OEL 5.3.
  timelimit 120
  bind_timelimit 120
  idle_timelimit 3600
  nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
  URI ldaps://FQDN:3132/
  port 3132
  ssl yes
  host FQDN
  base dc=DOMAIN,dc=com
  pam_password clear
  tls_cacertdir /etc/oracle-certs
  tls_cacertfile /etc/oracle-certs/oid-test-ca.pem
  tls_ciphers SSLv3
  # filter to AND with uid=%s
  pam_filter objectclass=posixaccount
  #The search scope
  scope sub
  I have /etc/nsswitch.conf set to check for files first, then ldap
  passwd: files ldap
  shadow: files ldap
  group: files ldap
  Here's my /etc/openldap/ldap.conf file
  URI ldaps://FQDN:3132/
  BASE dc=DOMAIN,dc=com
  TLS_CACERT /etc/openldap/cacerts/oid-test-ca.pem
  TLS_CACERTDIR /etc/openldap/cacerts
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  The oid-test-ca.pem is a self-signed cert from the OID server. I also have the hash file configured.
  4224de9f.0 -> oid-test-ca.pem
  I can run ldapsearch using ldaps and it works fine.
  ldapsearch -v -d 1 -x -H ldaps://FQDN:3132 -b "dc=DOMAIN,dc=com" -D "cn=user,cn=users,dc=DOMAIN,dc=com" -w somepass -s sub objectclass=* | more
  But when I run the 'getent passwd' command, it only shows me my local user accounts and none of my ldap accounts. I also can't SSH in using a ldap account.
  Solaris 10 is actually a whole other beast...I'm using the native Solaris ldap client (not PADL based) and I don't think it even works with SSL unless you're using the default ports (389/636).
  Does anyone out there know how to setup the client-side for ldap authentication using SSL? Any tips, howto docs, or advice are appreciated. Thanks!

  Hello again...
  after some research and work together with Oracle Support I found out how to get it to work:
  1. You have to create your own ConfigSet in OID using
  SSL-Server-Authentication
  (OpenSSL seems not to support SSL-encryption-only).
  The following link shows on how to do that:
  http://otn.oracle.com/products/oid/oidhtml/oidqs/html_masters/a_port01.htm
  2. Add the following lines to your $HOME/ldaprc
  TLS_CACERT /home/frank/oid-caroot.pem
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  ssl on
  tls_checkpeer no
  oid-caroot.pem is the CA-Root Certificate you got
  during step 1
  3. you should now be able to use ldapsearch using SSL
  If you still can't connect using SSL you may have run into another issue with OpenSSL which affects systems using OpenSSL version 0.9.6d and above. The problem seems to be caused by an security fix which may not be compliant with the SSL implementation of Oracle.
  I opened an Bug for that problem with RedHat. This Bug Description also includes an proposal for an Patch which solves the problem (but may introduce some security risks). See the Bug at RedHat:
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123849
  Bye
  Frank Berger

• Help with setting up LDAP Client on Oracle Linux 6.4

  Hi,
  I'm having problems getting my Oracle Linux server setup as a ldap client and hoping someone can find where I'm going wrong. We have Oracle/Sun Directory Server 7 with Solaris ldap clients already setup with ssl. We are also using crypt for storing passwords. Here are the steps I have done on the Linux server.
  yum install -y openldap openldap-clients nss-pam-ldapd pam_ldap
  Edited the line FORCELEGACY=no to yes in /etc/sysconfig/authconfig
  Copied the CA certs to /etc/openldap/cacerts
  Ran: authconfig updateall enableldap enableldapauth ldapserver=zldap1.<domain> ldapbasedn="o=<domain>,o=isp" enableldaptls --enableldapstarttls
  Changed pam_password md5 to crypt in /etc/pam_ldap.conf
  Restarted /etc/init.d/nslcd and also tried rebooting.
  I'm seeing the following errors in messages:
  May 21 08:50:01 ryolinux nslcd[1261]: [c79ea8] ldap_start_tls_s() failed: Connect error (uri="ldap://zldap1.<domain>/")
  May 21 08:50:01 ryolinux nslcd[1261]: [c79ea8] failed to bind to LDAP server ldap://zldap1.<domain>/: Connect error
  May 21 08:50:01 ryolinux nslcd[1261]: [c79ea8] no available LDAP server found
  Here is what my /etc/openldap/ldap.conf file looks like:
  TLS_CACERTDIR /etc/openldap/cacerts
  TLS_REQCERT allow
  URI ldap://zldap1.<domain>/
  BASE o=<domain>,o=isp
  Any help would be appreciated.
  Thanks

  Copy cacerts to /etc/openldap/cacerts
  yum install -y openldap ldap-clients nss-pam-ldapd pam_ldap authconfig sssd
  authconfig enablesssd enablesssdauth enablelocauthorize update
  authconfig updateall enableldap enableldapauth ldapserver=zldap1.<domain> ldapbasedn="o=<domain>,o=isp" enableldaptls --enableldapstarttls
  Add line to /etc/sssd/sssd.conf "ldap_tls_reqcert = allow"
  Change /etc/pam_ldap.conf line:
  pam_password md5 --> pam_password crypt
  service sssd restart

• HELP! I can't use SKYPE after the 7.0 update!!

  After my SKYPE automatically updated to the latest version (7.0 i guess, because i already uninstall it), signed in but the message windows can't be seen... I only can see the incoming message notification on my PC's taskbar... Need help right now! I got a lot works to do with SKYPE... Need to reply my clients message...
  Solved!
  Go to Solution.

  Stop Skype from running on your computer. Quit or use Windows task manager to kill any Skype.exe processes.
  Go to Windows Start and in the Search box type %appdata%\skype and press Enter. Find now a folder with the name of your Skype account. Open this folder. You will find there a file named config.xml. You may see only config but with XML Document in the Type column. Delete this file. Restart Skype.

• Configure ldap client on linux

  I have configure sun directory server 6.2 on Redhat Linux AS4 Update 4
  Can anyone guide me , how to configure the ldap client (client is also RHAS4U4)
  Do i need to install new packages or can i use openldap client?I have no idea .
  Kindly reply.

  Do i configure the nfs server and configure autfs on the client?Yes. Also need to config NFS Server on machine serving up home dirs, nsswitch.conf on client for automount to point to ldap, and automount entries on your LDAP server. I think I put details in thead reference to other forum post on this subject.
  http://forum.java.sun.com/thread.jspa?threadID=5236185&messageID=10014704#10014704
  Thanks for the update on how to config a LINUX client.

• Patching solaris LDAP client

  i will have to patch a solaris LDAP client box. What do I expect for that? Do I have to rel-initialize the client using ldapclient command after patching?
  solaris 8 + LDAP server 5.2 unbundled version.
  Thanks

  From previous experience if your slapd is not running on your LDAP server then your clients will not boot if they are setup for ldap domain authentication. This is the same in NIS and NIS+. The only way to bring them up is to boot -s and change the nsswitch.conf file back to standalone i.e files and reboot machine.
  In short if ldap server goes down clients are too, multi ldap servers are required to prevent single point failure.

• Searching problem after 10.5.6 Update

  Hello everyone, we are having a problem with searching shares mounted on clients from a server.
  Prior to 10.5.6 we could search an entire share as well as folders in the share. After 10.5.6 we can't search the share and we can only search folders in the share.
  The server is currently running 10.4.11.
  I guess what I'm wondering is... are there people with server 10.5 that are also seeing this problem or would upgrading the server fix this search issue?
  Thanks
  Mike

  Searching problem after 10.5.6 Update
  Posted on: 8-jan-2009 18:32, by user: mike allen2 -- Relevance: 100% -- Show all results within this thread
  Hello everyone, we are having a problem with searching shares mounted on clients from a server.
  Prior to 10.5.6 we could search an entire share as well as folders in the share. After 10.5.6 we can't search the share and we can only search folders in the share.
  10.5 that are also seeing this problem or would upgrading the server fix this search issue
  Re: 10.5.6 disables spotlight from searching shared volumes
  Posted on: 18-dec-2008 15:49, by user: jshock -- Relevance: 89% -- Show all results within this thread
  on the other machines that didn't update to 10.5.6. They are able to search all shares. My 10.5.6 machine can only search localhost and Jukebox ...I ran mdutil on the 10.5.6 machine, here are the results:
  $ mdutil -s /Volumes/*
  Indexing disabled.
  /Volumes/Jukebox:
  Server search enabled.
  Re: 10.5.6 Update-DOES NOT SEARCH ANYMORE
  Posted on: 9-jan-2009 20:43, by user: Difhockey_68 -- Relevance: 89% -- Show all results within this thread
  Same problem here, upgraded to 10.5.6 and cannot search our apple server running tiger. Windows shares on 2003 server works fine. Will an upgrade of our Apple server to Leopard solve this issue? Is there an easy way to "uninstall" 10.5.6 without reinstalling the computer
  Since upgrading to 10.5.6 I can't search my network servers
  Posted on: 14-jan-2009 22:24, by user: gridout1959 -- Relevance: 84% -- Show all results within this thread
  Hi all...
  I recently installed the 10.5.6 OS upgrade and I've encountered a problem. I can no longer search my network attached servers - there is no search activity of any kind when I type in search terms. My local search works fine...I just can't search anything on my network ... windows servers. Is there a compatibilty issue between OS X 10.5.6 and Extreme Z-IP? Any helpful tips
  Updated to 10.5.6, no longer able to search through networked shares
  Posted on: 30-dec-2008 16:46, by user: Sigops -- Relevance: 84% -- Show all results within this thread
  One of our users was able to search through our network shares(extreemeZ-ip) just fine yesterday morning, mid morning he updated to 10.5.6 and is no longer able to use finder to perform searches on those shares
  Mac OS 10.5.6 clients can no longer search Mac OS 10.4.11 share points
  Posted on: 8-jan-2009 18:52, by user: rayvid -- Relevance: 71% -- Show all results within this thread
  After upgrading our workstations from Mac OS 10.5.5 to 10.5.6, we no longer receive Finder search results from our file server that runs Mac OS X Server v.10.4.11.
  Are there any other solutions available other than rolling the workstations back to 10.5.5 or upgrading the file server to 10.5.6

• Ldap client in Solaris  using TLS

  I have installed an OpenLap server (version 2.2.13-2) in a Red Hat ES 4.
  My LDAP clients are
  - Linux (redhat and mandriva)
  - Solaris 8 (with the last recommended path and 10893-62 path for ldapv2)
  - Tru64 (5.1B)
  If a use simple authentification all works fine (search in LDAP,
  authentification and automount).
  However, when I use TLS the Solaris LDAP client doesn't seem to work.
  When I run the LDAP client the process freeze
  With my Linux and Tru64 clients all work fine using LS.
  I have downloaded the certificates from my LDAP server using Netscape browser.
  I have copied cert7.db and key3.db in the "/var/ldap/directory" with a
  "chmod 644" in this files.
  I can do a "ldapsearch -x -ZZ objectclass=*" and this returns data.
  The last logs of the ldap_cachemgr are:
  Mon Nov 20 09:34:46.4425 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log
  If I do a truss when I launch the client the
  result was this:
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  door_return(0x00000000, 0, 0x00000000, 0) (sleeping...)
  lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
  This is my ldap_client_file:
  # Do not edit this file manually; your changes will be lost.Please use
  ldapclient (1M) instead.
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_SERVERS= srvldap
  NS_LDAP_SEARCH_BASEDN= dc=example,dc=com
  NS_LDAP_AUTH= tls:simple
  NS_LDAP_SEARCH_REF= FALSE
  NS_LDAP_SEARCH_SCOPE= sub
  NS_LDAP_SEARCH_TIME= 30
  NS_LDAP_CACHETTL= 3600
  NS_LDAP_PROFILE= tls_profile
  NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=Users,dc=example,dc=com?one
  NS_LDAP_SERVICE_SEARCH_DESC= group: ou=Groups,dc=example,dc=com?one
  NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=Users,dc=example,dc=com?one
  NS_LDAP_SERVICE_SEARCH_DESC= auto_home:
  automountMapName=auto_home,ou=Sun,ou=AutoFS,dc=example,dc=com?one
  NS_LDAP_SERVICE_SEARCH_DESC= auto_master:
  automountMapName=auto_master,ou=Sun,ou=AutoFS,dc=example,dc=com?one
  NS_LDAP_SERVICE_SEARCH_DESC= auto.home:
  nisMapName=auto.home,ou=Sun,ou=AutoFS,dc=example,dc=com?one
  NS_LDAP_SERVICE_SEARCH_DESC= auto.master:
  nisMapName=auto.master,ou=Sun,ou=AutoFS,dc=example,dc=com?one
  NS_LDAP_BIND_TIME= 10
  I have launched ethereal so see network communications with my Solaris 8 client and the LDAP server.
  And with this configuration the Solaris box only communicates with the LDAP server using LDAP port 389 and not LDAPS port 636.
  I have done the same test with a linux and tru64 box and they use LDAPS port 636 to communicate with my LDAP server.
  Does anyone have an idea on getting Solaris using TLS/SSL?
  Thanks.

  LDAP Setup and Configuration Guide
  Solaris 8 2/04 Update Collection > LDAP Setup and Configuration Guide > 1. Overview > Solaris Name Services
  [http://docs.sun.com/app/docs/doc/806-5580/6jej518ou?l=en&a=view&q=solaris+8+ldap]
  Download this book in PDF (557 KB)
  [http://dlc.sun.com/pdf/806-5580/806-5580.pdf]

• How to inform the client when the jar files is updated?

  I have a question about jar file updatation by web start, please help me.
  If a client's jar file is updated in Web server and automatically downloaded to local cache, how the client know which jar file is updated?. If I want to do some special operation after updating a appointed jar file, how can I do?

  Contrary to common popular belief, this forum is not a free 'I will look up/abstract the documentation on your behalf' forum.
  You can look up sqlnet.expire_time on http://tahiti.oracle.com or may be even Google will work.
  Please do not abuse this forum by asking doc questions.
  Sybrand Bakker
  Senior Oracle DBA