LDAP client config how to ?

Similar Messages

• Ldap client with directory server 6.0 on solaris 9 systems

  I have a directory server 6.0 running on a solaris 9 system. I have set up idsconfig, vlvindex and certificate database on the server side. The client ldap I am trying to set up is also solaris 9 system. I have set the certificate database on this ldap client using the Resource Kit certutil and import the server certificate to client certificate database. It seems the TLS secure connection did work between LDAP server and client. (I use the Resource Kit ldapsearch command to test it) I use 'ldapclient -v init ...' command using 'profileName=tlsprofile' to initialize the LDAP client and the information returned from that command said LDAP client configed sucsessfully. But when I run ldapaddent command to import /etc/passwd. I got error:
  Passwd container does not exist.
  The ldapaddent command I ran like this:
  ldapaddent -v -f <passwd file> -D "cn=Directory Manager" passwd
  Then I tried to use 'ldapclient -v manual ....' command to set up LDAP client. That command finishes succefully. But I still can not import /etc/passwd using ldapaddent with same error.
  What is wrong with my set-up?
  Thanks,
  --xinhuan                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

  I looked into the /var/adm/messages, and I have the following error:
  ldap_cachemgr[1640]: [ID 605618 daemon.error] libldap: CERT_VerifyCertName: cert server name 'directory server' does not match 'hostname.mycompany.com': SSL connection denied
  It seems I have problem with SSL certificate set-up. I did generate the server side 'hostname.mycompany.com' certificate then use the Resource Kit certutil import that certificate to the client side. Is that right way to do?
  Thanks,
  --xinhuan                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• DSEE 6.3: how to show detailed error messages to ldap clients?

  Is there any possibilty in DSEE 6.3 to send to ldap clients detailed error messages about - for example - missing required attributes in ldap add operation?
  I don't have access to ldap server's logs, so I loose a lot of time trying to figure out "which of 40 attributes I sent to server is bad?"...

  Thank you for reply.
  I know that I can view schema, but I need the functionality which is available in relational databases. When I try to store bad field value in database table, I get descriptive error message: "field XYZ has bad value". In DSEE I get "schema violation" or other cryptic message.
  It's very hard to track the problem if you operate on 30 or more attributes. Which one causes error?
  I see that this functionality is available in DSEE backend (error logs are descriptive). How to turn on this for clients?
  If it is not possible, I will try to write special software module which will double DSEE functionality and check attributes before storing them in DSEE.

• Configure ldap client on linux

  I have configure sun directory server 6.2 on Redhat Linux AS4 Update 4
  Can anyone guide me , how to configure the ldap client (client is also RHAS4U4)
  Do i need to install new packages or can i use openldap client?I have no idea .
  Kindly reply.

  Do i configure the nfs server and configure autfs on the client?Yes. Also need to config NFS Server on machine serving up home dirs, nsswitch.conf on client for automount to point to ldap, and automount entries on your LDAP server. I think I put details in thead reference to other forum post on this subject.
  http://forum.java.sun.com/thread.jspa?threadID=5236185&messageID=10014704#10014704
  Thanks for the update on how to config a LINUX client.

• JDeveloper 11.1.2.1.0 Can't edit subversion client config

  I'd like to change the subversion client config to enable auto-props but can't find an option to do this in JDeveloper. Tools->Preferences...->Versioning->Subversion->General only appears to have an option for modifying the server parameters. Anybody know how I can change the subversion client config through JDev?

  Makes sense. Editing the svn 'servers' file through JDev displays it's path at the top of editor:
  C:\Documents and Settings\BLACKADR\Application Data\JDeveloper\system11.1.2.1.38.60.81\o.jdeveloper.subversion
  and I can see that there is also a default 'config' file in this same folder so I guess this must be the one JDev will pick up. Will think about raising an enhancement request for an Edit "Client config" option in the JDev Preferences dialog. Thanks for your help.

• LDAP Client Configuration in Non Global Zone

  I have configured 3 non global zones (different ip addresses and different names from global zone), installed LDAP client 2 on each, which worked fine, until the zones were rebooted. The ldapcachemgr was running, but authentication does not work--have to reinstall ldapclient each time.
  Does anyone have any suggestions?

  Here are a few things to check:
  1. /var/ldap/ldap_client_file - Does it have the info you're expecting? If not, it could be the config profile in the Direcotry Server is incorrect.
  2. /etc/nsswitch.conf - Is it configured correctly?
  3. /etc/pam.conf - Is that configured correctly?
  4. If the above files appear OK, check the access logs on the Directory Server.
  HTH,
  Roger S.

• OEL ldap client setup with SSL against OID using either ldaps or starttls

  Hi, I've got OID 11.1.1.1.0 running with SSL enabled on port 3132. It's running in mode 2, SSL Server Authentication mode (orclsslauthentication is set to 32). I'd like to setup my OEL 5.3 and Solaris 10 ldap clients to connect to OID using SSL for user authentication. I have everything already working on the non-SSL port (3060), but I need to switch over to SSL. So far I can't get it to work on either OEL or Solaris. Does anyone out there know how to configure the client to use SSL?
  Here's my /etc/ldap.conf file on OEL 5.3.
  timelimit 120
  bind_timelimit 120
  idle_timelimit 3600
  nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
  URI ldaps://FQDN:3132/
  port 3132
  ssl yes
  host FQDN
  base dc=DOMAIN,dc=com
  pam_password clear
  tls_cacertdir /etc/oracle-certs
  tls_cacertfile /etc/oracle-certs/oid-test-ca.pem
  tls_ciphers SSLv3
  # filter to AND with uid=%s
  pam_filter objectclass=posixaccount
  #The search scope
  scope sub
  I have /etc/nsswitch.conf set to check for files first, then ldap
  passwd: files ldap
  shadow: files ldap
  group: files ldap
  Here's my /etc/openldap/ldap.conf file
  URI ldaps://FQDN:3132/
  BASE dc=DOMAIN,dc=com
  TLS_CACERT /etc/openldap/cacerts/oid-test-ca.pem
  TLS_CACERTDIR /etc/openldap/cacerts
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  The oid-test-ca.pem is a self-signed cert from the OID server. I also have the hash file configured.
  4224de9f.0 -> oid-test-ca.pem
  I can run ldapsearch using ldaps and it works fine.
  ldapsearch -v -d 1 -x -H ldaps://FQDN:3132 -b "dc=DOMAIN,dc=com" -D "cn=user,cn=users,dc=DOMAIN,dc=com" -w somepass -s sub objectclass=* | more
  But when I run the 'getent passwd' command, it only shows me my local user accounts and none of my ldap accounts. I also can't SSH in using a ldap account.
  Solaris 10 is actually a whole other beast...I'm using the native Solaris ldap client (not PADL based) and I don't think it even works with SSL unless you're using the default ports (389/636).
  Does anyone out there know how to setup the client-side for ldap authentication using SSL? Any tips, howto docs, or advice are appreciated. Thanks!

  Hello again...
  after some research and work together with Oracle Support I found out how to get it to work:
  1. You have to create your own ConfigSet in OID using
  SSL-Server-Authentication
  (OpenSSL seems not to support SSL-encryption-only).
  The following link shows on how to do that:
  http://otn.oracle.com/products/oid/oidhtml/oidqs/html_masters/a_port01.htm
  2. Add the following lines to your $HOME/ldaprc
  TLS_CACERT /home/frank/oid-caroot.pem
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  ssl on
  tls_checkpeer no
  oid-caroot.pem is the CA-Root Certificate you got
  during step 1
  3. you should now be able to use ldapsearch using SSL
  If you still can't connect using SSL you may have run into another issue with OpenSSL which affects systems using OpenSSL version 0.9.6d and above. The problem seems to be caused by an security fix which may not be compliant with the SSL implementation of Oracle.
  I opened an Bug for that problem with RedHat. This Bug Description also includes an proposal for an Patch which solves the problem (but may introduce some security risks). See the Bug at RedHat:
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123849
  Bye
  Frank Berger

• ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials

  Hey Guys,
  I have an application with LDAP authentication and a custom login page (pg 101). When I run this app, the login page displays first, logs me in and logs out fine. However, when I branch to this application from another application, the login page shows up with the following error:
  ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials
  Error ERR-1082 Error in executing authorization scheme code.
  I looked at debug and this is happening because when this page is loaded, it goes to my authentication scheme and tries to authenticate me even though I havnt logged in and because no user exists at this point the error happens.
  I have set the login page to 'Page is Public' and have also used the following code in the authentication scheme's Page Sentry Function:
  IF APEX_CUSTOM_AUTH.CURRENT_PAGE_IS_PUBLIC = TRUE THEN;
  RETURN TRUE;
  ELSE
  RETURN FALSE;
  END IF;
  Any ideas of how I can stop my login page from being authenticated? Or where I am going wrong
  Thanks
  -Mark

  Jes,
  I could get it work !!!! my complete code
  DECLARE
  l_attributes wwv_flow_global.vc_arr2;
  l_attribute_values wwv_flow_global.vc_arr2;
  l_msg dbms_ldap.message;
  l_entry DBMS_LDAP.message;
  l_session DBMS_LDAP.session;
  l_ber_element DBMS_LDAP.ber_element;
  l_attr dbms_ldap.string_collection;
  l_attr_name VARCHAR2(256);
  l_vals DBMS_LDAP.string_collection;
  retval PLS_INTEGER;
  BEGIN
  l_session := DBMS_LDAP.init('server', '389');
  retval := DBMS_LDAP.simple_bind_s(l_session,'cn=myid,cn=na', 'mypwd');
  dbms_output.put_line('Retval -> ' || retval);
  l_attr(1) := '*'; -- retrieve all attributes
  retval := DBMS_LDAP.search_s(
  ld => l_session,
  base => 'ou=xx,o=xx',
  scope => DBMS_LDAP.SCOPE_SUBTREE,
  filter => 'uid=myid',
  attrs => l_attr,
  attronly => 0,
  res => l_msg);
  dbms_output.put_line('Retval 2 -> ' || retval);
  dbms_output.put_line('msg : ' || l_msg);
  IF DBMS_LDAP.count_entries(ld => l_session, msg => l_msg) > 0 THEN
  -- Get all the entries returned by our search.
  l_entry := DBMS_LDAP.first_entry(ld => l_session,
  msg => l_msg);
  << entry_loop >>
  WHILE l_entry IS NOT NULL LOOP
  -- Get all the attributes for this entry.
  DBMS_OUTPUT.PUT_LINE('---------------------------------------');
  l_attr_name := DBMS_LDAP.first_attribute(ld => l_session,
  ldapentry => l_entry,
  ber_elem => l_ber_element);
  << attributes_loop >>
  WHILE l_attr_name IS NOT NULL LOOP
  -- Get all the values for this attribute.
  l_vals := DBMS_LDAP.get_values (ld => l_session,
  ldapentry => l_entry,
  attr => l_attr_name);
  << values_loop >>
  FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
  DBMS_OUTPUT.PUT_LINE('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || SUBSTR(l_vals(i),1,200));
  END LOOP values_loop;
  l_attr_name := DBMS_LDAP.next_attribute(ld => l_session,
  ldapentry => l_entry,
  ber_elem => l_ber_element);
  END LOOP attibutes_loop;
  l_entry := DBMS_LDAP.next_entry(ld => l_session,
  msg => l_entry);
  END LOOP entry_loop;
  END IF;
  retval := DBMS_LDAP.unbind_s(l_session);
  END;
  thank you :D

• Solaris 7 ldap client setup

  Hi,
  Please any one can help me in setting ldap client for solaris 7 guidelines or any website or docs help.
  Thanking you,
  Naren

  hi mukherjee,
  you can configure both solaris 8 and 9 as ldapclient to sunone 5.2 installed on solaris 9 box. make sure i think you cannot configure client on same maching on which directory server is installed.
  No my question is how to setup ldapclient on solaris 6 andsolaris 7. as both does not support ldap. like solaris 7 has no nsswitch.ldap. can you provide me details to configure solaris7 as ldap client
  PATEL

• Disabled/Asleep LDAP clients

  10.5.5 server/10.4.11 LDAP clients
  In Server Admin, I have starting to get 10.4.11 clients showing up as "disabled/asleep" which is problematic due to their being logged out but the server still thinks they are logged in. Is there a setting to change to rid this "disabled/asleep" connectivity?

  When you log in in a MacOS X 10.4.11 server with a client then the client will be showed up in the Servers Admin AFP-Connections screen.
  When the client logs out (disconnect), his name / status/address will be removed again.
  This is the way the system manager can track how many clients are connected to the server.
  Unfortunately this is only true for clients until version 10.5.5 of MacOS X.
  When a client is updated to MacOS X 10.5.6, the client will after disconnection only be removed from the list when he did log in on the server ONLY WITH ONE shared volume. If he was connected with MORE THEN ONE shared volumes at the same time, the client will stay in the list even after disconnecting or shutting down the computer (after some time of course as Disabled /Asleep).
  (It has nothing to do with the kind of computer that is used (MacBookPro). It was only the coincidence that the MacBookPro's are used to login on the server only with one shared volume.)

• Initalize ldap client

  I am new with the directory server and I am trying to initialize a LDAP client. I can't seem to get the syntax correct. Any suggestions? I did try ldapclient -i -n "dc=..." "ip address" and that seemed to try something, but I get an "Unable to refresh from profile:___default_config. (error=2)

  Have you run "idsconfig" at the DS5.2 server end?
  Are you able to "ldapsearch ..." from server at client?
  If you are using Solaris8, pls first apply latest kernel patch and LDAPv2 patch 108993 in Single User mode and reboot the client.
  You may follow my HOW-TOs, just ignore the TLS/SSL instructions, to begin with.
  http://web.singnet.com.sg/~garyttt/
  Gary

• Removing client-config.wsdd from axis.jar

  Hello
  I am working with websphere and under the WEB-INF/lib folder i have axis.jar. This jar contains client-config.wsdd file.
  This is causing some problems and now im told to remove client-config.wsdd file out of axis.jar and deploy it directly to <my_appName>.war/
  Does any one have experience with websphere? or how can i remove client-config.wsdd file from a jar file? do i have to unzip it to do that? where should i place client-config.wsdd file so it is in my .war/ for the application.
  Thanks

  Many questions leap to mind.
  1) Who told you that removing the JAR will remove that �problem, and why?
  2) Why is it so difficult to use WinZIP or any other tool to remove a file from a JAR?
  3) What has it to do with WSAS?
  4) Why don't you use the WSAS classpath settings to provide a file that overrides the one in AXIS?
  5) Who hired you?

• Dbus Daemon crashes during boot with ldap-client activ

  Hello,
  I just configured my ldap-client using this howto http://wiki.archlinux.org/index.php/HOW … entication. But when I restart the System, the dbus daemon hangs. It must have something to di with the /etc/nsswitch.conf. Wenn I change the settings to use ldap, I can't login anymore. As sone as I switch back to the old nsswitch.conf everything ist working. Can someone tell me how to get the ldap-client working together with dbus?
  EDIT
  I just looked in the logfile /var/log/daemon.log on the arch client. I found this:
  Jun  6 11:21:07 stkaw kdm_greet[5967]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
  I looked in /var/log/messages of the ldap server:
  Jun  6 11:21:07 fs1 slapd[6415]: conn=637 fd=34 ACCEPT from IP=192.168.123.3:58965 (IP=0.0.0.0:389)
  Jun  6 11:21:07 fs1 slapd[6415]: conn=637 fd=34 closed
  So the client seams to find the Server.
  Last edited by stka (2007-06-06 09:28:56)

  I found out what it is, but I don't understand it. The server is configured to use tls. All other clients use the clientoption "ssl start_tls" in /etc/nss_ldap.conf. On the new archlinux the ldapclient woun't work with tls. As sone as I deactrivate this option the client established the connection.:/

• Show lwapp client config

  In old IOS LAP, the command "show lwapp client config" showed the Static configuration of a LAP. Now in the last or new IOS this command is not availbale. How I can see the static configuration in the LAP ??
  New IOS:
  LAP1131#show lwapp client config
                          ^
  % Invalid input detected at '^' marker.
  Old IOS version:
  LAP#show lwapp ip config
  LWAPP Static IP Configuration
  IP Address         10.177.2.X
  IP netmask         255.255.255.224
  Default Gateway    10.177.2.X
  Primary Controller 172.166.1.X
  Thanks !

  What version are you running?  If its 5.2 or 6.0 the commands changed to CAPWAP (show capwap client config).

• Making a Solaris 9 box a ldap client to 10.3 server

  I have a 10.3 server running with all the updates and it a ODM with users/groups created within it's ldap domain, everything from the Mac end is working great.
  What I now need to do....
  We have a SunOS 9 box that is running some app that we need it to accept user/group information from the 10.3 domain for local file system rights.
  For example if I have a group on the 10.3 domain called group1 and a dir on the Sun box called test, we want to be able to do (From the sun box):
  chown -R :group1 test
  And then set access permission based on the group.
  What I was thinking was to bind the Sun box to the 10.3 domain to do this, but I'm running into the issue that I really don't know Solaris well and all the docs I find are about how to setup a client to bind to a Solaris domain and not how to setup a Solaris box as a client.
  So I guess my two questions are:
  1. Is what I'm thinking of doing the right way of getting this to work?
  2. Any read me or help on setting up a Solaris box to be a ldap client to a 10.3 domain.
  Thanks.

  Have you tried walking across the building and asking Brooke?