Ldap client with directory server 6.0 on solaris 9 systems
I have a directory server 6.0 running on a solaris 9 system. I have set up idsconfig, vlvindex and certificate database on the server side. The client ldap I am trying to set up is also solaris 9 system. I have set the certificate database on this ldap client using the Resource Kit certutil and import the server certificate to client certificate database. It seems the TLS secure connection did work between LDAP server and client. (I use the Resource Kit ldapsearch command to test it) I use 'ldapclient -v init ...' command using 'profileName=tlsprofile' to initialize the LDAP client and the information returned from that command said LDAP client configed sucsessfully. But when I run ldapaddent command to import /etc/passwd. I got error:
Passwd container does not exist.
The ldapaddent command I ran like this:
ldapaddent -v -f <passwd file> -D "cn=Directory Manager" passwd
Then I tried to use 'ldapclient -v manual ....' command to set up LDAP client. That command finishes succefully. But I still can not import /etc/passwd using ldapaddent with same error.
What is wrong with my set-up?
Thanks,
--xinhuan
I looked into the /var/adm/messages, and I have the following error:
ldap_cachemgr[1640]: [ID 605618 daemon.error] libldap: CERT_VerifyCertName: cert server name 'directory server' does not match 'hostname.mycompany.com': SSL connection denied
It seems I have problem with SSL certificate set-up. I did generate the server side 'hostname.mycompany.com' certificate then use the Resource Kit certutil import that certificate to the client side. Is that right way to do?
Thanks,
--xinhuan
Similar Messages
-
Performance concern with directory server implementation
performance concern with directory server implementation
I first posted this at metalink forum, and was suggested to post it here instead.
Hi,
I'd like to get any feedback regarding performance of oracle directory server implementation. Below is what I copy&patested from 9i Net Services Administrator's Guide, I found no 'directory server vendor documentation', so anything regarding this is welcome too.
Performance
Connect identifiers are stored in a directory server for all clients to access.
Depending on the number of clients, there can be a significant load on a directory
server.
During a connect identifier lookup, a name is searched under a specific Oracle
Context. Because of the scope of the lookup, you probably want users to experience
relatively quick performance so that the database connect time is not affected. Users
may begin to notice slow connect times if lookups takes more than one second.
You can resolve performance problems changing the network topology or
implementing replication.
See Also: Directory server vendor documentation for details on
resolving performance issues
Thanks.
ShannonShannon,
you can find some tuning advises in the following
a) OiD Capacity Planning Considerations
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96574/cap_plan.htm#1030019
b) Tuning Considerations
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96574/tuning.htm#999468
c) oracle net services
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96579/products.htm#1005697
you should start with a) to get an overview what to be aware of
--Olaf -
Flash or imaging solaris with directory server
Hi,
I don;t know weather it is "doable" or not and im not sure weather this question belong to directory server or solaris OS question.
This is about OS imaging, but with directory server. Reason, i have to build 10 servers with directory server in it.
Did anybody install directory server on a solaris machine and image that server?
can i use the same image to create rest of the servers?
Appriciate any thoughts / suggestions
-S-Don't ask me exactly how but flash/flar/imaging is exactly that a complete system image. So you could do this but you will end up with 10 identical - i.e. hostname, IP , nodename - servers.
If it's worth the effort I'd suggest putting the JES components that you need, with SILENT install templates etc, into a jumpstart configuration. Then jumpstart/install each server and run the silent installs with appropriate hostname configurations, I've seen this entirely automated but it takes some work
If this is the only time you're EVER going to do this I'd say you're on the verge of the time worth it versus not stage, if you see the need to do this again in future I'd say it is worth the time investment.
You may consider just using jumpstart with appropriate installation bits to get each server OS going and manually install the Directory.
C -
Critical problem with directory server--please help!
We are having issues with some applications and the root cause seems to be the directory server. We see the following errors in the directory server log.
[03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
some other stuff in the log file:
[03/Oct/2008:11:48:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
[03/Oct/2008:11:50:26 -0600] - WARNING<20805> - Backend Database - conn=2361383 op=1 msgId=2 - search is not indexed
[03/Oct/2008:11:50:27 -0600] - WARNING<20805> - Backend Database - conn=2361384 op=1 msgId=2 - search is not indexed
[03/Oct/2008:11:50:28 -0600] - WARNING<20805> - Backend Database - conn=2361385 op=1 msgId=2 - search is not indexed
[03/Oct/2008:11:53:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
[03/Oct/2008:11:57:27 -0600] - WARNING<20805> - Backend Database - conn=2197806 op=82101 msgId=686205 - search is not indexed
[03/Oct/2008:11:57:57 -0600] - ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry "uid=s0224025,ou=People,dc=lethbridgecollege,dc=ab,dc=ca", attribute "pabURI" is not allowed
[03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
[03/Oct/2008:12:03:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
top shows the following: but cpu many times maxes out and runs 100%. Do i need to perform some indexing somewhere or is there other issues?
load averages: 3.04, 3.15, 3.55 12:11:26
224 processes: 222 sleeping, 1 running, 1 on cpu
CPU states: 37.7% idle, 40.2% user, 22.1% kernel, 0.0% iowait, 0.0% swap
Memory: 2048M real, 36M free, 2429M swap in use, 2979M swap free
PID USERNAME LWP PRI NICE SIZE RES STATE TIME CPU COMMAND
10828 mwadmin 129 59 0 0K 0K run 148.1H 24.83% ns-slapd
9466 mwadmin 70 59 0 151M 65M sleep 743:06 1.98% ns-httpd
10738 root 1 59 0 4240K 1032K sleep 34.3H 1.73% top
26298 root 1 0 0 4096K 1696K cpu 0:00 1.51% top
5759 root 9 59 0 14M 96K sleep 851:54 0.77% cctransport
13378 ward 1 59 0 0K 0K sleep 1:23 0.57% prstat
25284 root 1 59 0 68M 27M sleep 561:22 0.50% mixer_applet2
10005 mwadmin 1 59 0 68M 27M sleep 604:43 0.49% mixer_applet2
10003 mwadmin 1 59 0 69M 2600K sleep 306:12 0.25% gnome-netstatus
25282 root 1 59 0 69M 2664K sleep 274:36 0.23% gnome-netstatus
9881 mwadmin 1 59 0 17M 11M sleep 241:04 0.21% Xvnc
9896 root 1 59 0 17M 6856K sleep 245:53 0.19% Xvnc
9911 root 1 59 0 15M 5512K sleep 159:38 0.13% gconfd-2
9901 mwadmin 1 59 0 15M 5576K sleep 157:18 0.13% gconfd-2
7962 mwadmin 45 59 0 0K 0K sleep 749:45 0.10% ns-slapd
any advice would be great.
DarrenDarren,
For this error:
[03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
some other stuff in the log file:
[03/Oct/2008:11:48:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
Solution/Notes:_
The below errors are "informational" in nature.
This is not an issue with the directory server, but with a connection to the directory server and whatever(device,script, or application) is attempting this connection.
These informational errors you are seeing in the logs are typically related to incoming connections from a load balancer or switch.
It is usually some device,script or application doing monitoring of the LDAP server,port or connection.
It is found that one of the biggest culprits to be the Cisco Content Switch or load balancer.
Generally the cause of this error is a "sticky bit" setting within the Cisco Content Services Switch that is causing these errors.
These load balancers periodically ping the servers (every five seconds) to verify that they are alive.
After turning off the "sticky bit" setting, which disables the ping to the server every 5 seconds, the errors will no longer show up.
The best course of action is to find the client doing this kind of monitoring and change it's behavior.You can look at the directory server's access log for B1 errors (the same client causing the PR accept errors in the errors log will cause B1 errors in the access log) at the same time you see these errors in the errors log. Then back track the connection in the access log to find the connectiing IP address of the clienton the first BIND.
If you can not determine the client causing these errors and are concerned about your errors logs filling up then you can either turn off this error logging.
This can be done dynamically on the server with a ldapmodify command:
cd /install-root/shared/bin or cd /var/opt/mps/serverroot/shared/bin
./ldapmodify -p port -h hostname -D "cn=Directory Manager" -w password
dn: cn=config
changetype: modify
replace: nsslapd-infolog-area
nsslapd-infolog-area: 0
If you don't want to do that then you can try and modify this attribute.
"nsslapd-nagle
When the value of this attribute is off, the TCP_NODELAY option is set so that LDAP responses
(such as entries or result messages) are sent back to a client immediately.
When the attribute is turned on, default TCP behavior applies.
That is, the sending of data is delayed, in the hope that this will enable additional data to be grouped into
one packet of the underlying network MTU size (typically 1500 bytes for Ethernet)."
This will require you to stop and restart the server.
NOTE: Below is the suggested fix, however, please apply this at your own discretion as this may or may not fix the issue. It depends on the client making these connections.
1. Stop the directory server
2. Edit the dse.ldif configuration file
3. In the "cn=config
" entry, add the attribute "nsslapd-nagle" with a value of "on".
4. Start the directory server. -
11 instances with Directory server Enterprise 6.3
Hi all, I plan to install the Directory Enterprise server 6.3 with 11 instances. only 1 on the instances will be updated/modified, the rest of the instances are for Querying onl. the directory server will be running on a sun server with 4 CPUs and 4 GB of RAM. Each instance will hold an average of 55,000 entries.
In your oponion, is a setup like this possibe?
Thanks for your timeThanks for the reply Chris. This is something I inherited.
there is data for a year on each instance. and each instance is running on a seperate port. so slapd-server-1 is running on port 1999, because it has the archived data from 1999, slapd-server-2 is running on port 2000 because it has the archived data from the year 2000. Here is what the instances look like.
bash-3.00# ps -ef|grep slapd
ldap 16690 12518 0 12:24:01 ? 2:15 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-7 -i /opt/e
ldap 16672 12518 0 12:23:27 ? 1:36 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-5 -i /opt/e
ldap 13281 12518 0 Jul 21 ? 4:12 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/var/dscc6/dcc/ads -i /opt/elds/var/d
ldap 13264 12518 0 Jul 21 ? 4:09 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd10 -i /opt/
ldap 16652 12518 0 12:20:33 ? 1:24 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-3 -i /opt/e
ldap 16699 12518 0 12:24:19 ? 2:29 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-8 -i /opt/e
ldap 13242 12518 0 Jul 21 ? 7:26 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-9 -i /opt/e
ldap 16681 12518 0 12:23:50 ? 1:49 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd--6 -i /opt/e
ldap 13096 12518 0 Jul 21 ? 11:23 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-2 -i /opt/e
ldap 16663 12518 0 12:23:16 ? 1:30 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-4 -i /opt/e
ldap 17188 12518 0 13:48:02 ? 0:10 /opt/elds/ds6/lib/64/ns-slapd -D /opt/elds/ds6/slapd-server-1 -i /opt/e
I actually had to disable theDCSS console because of memory issues. Question, i have not finished with this setup yet, is it best to get another server and split up the instances?
thanks -
Migration Users with MD5 Passwords to Directory Server 6.1 on Solaris 10
Hi,
We are currently in a requirement of migrating some users to a application database to inside LDAP. Currently Application maintained the passwords in the MD5 hash form. Typical 32 digit Hex value - 41da76f0fc3ec62a6939e634bfb6a342
Is there a way we can migrate these Users password to directory Server as-is so that they don't end up facing the prospect of resetting post migration.
I have done some of the initial ground work but seems to be missing other critical info if at all it's possible.
I believe it's possible to have CRYPT password policy (which directory server uses from underlying OS) as one of the plug-ins to configure in a way that underlying CRYPT utility starts to process/provide/support MD5 hashes. I got it to work, my using the below command on DSEE instance:
dsconf set-plugin-prop -p 389 CRYPT argument:'$md5$'
But for some reasons the MD5 hash (Sun MD5 library) provides does not match with the original hash value. It's 22 char long (as I have not specified any salt length) so I am assuming it's Base64 encoded. I have a perl script which converts the original 32-digit hex values to a base64 encoded representation (which I have also verified with other open source tools)
Is there a way I can tweak CRYPT utility or something so that it understands typical standard MD5 hashes. (Confused between Sun MD5 and BSD (Linux) MD5 - none of them seems to match standard MD5 generated value).
Any leads on this would be really helpful ?Just to reclarify or throw more information:
a password - cleartext value - testuser1 has 32-digit HEX value as - 41da76f0fc3ec62a6939e634bfb6a342
Same password when converted to Base64 pattern becomes - Qdp28Pw+xippOeY0v7ajQg==
But when I use pwdhash utility in DSE after configuring CRYPT to use MD5 hashes it becomes -
{crypt}$md5$$LiB/H70zXr3xfQPoXVuUQ1
I used below command :
pwdhash -D /opt/SUNWdsee/dsee6/ds6/slapd-oha-dev -s CRYPT testuser1
Actual hash value of pwdhash is -LiB/H70zXr3xfQPoXVuUQ1 with rest of the prefix is to meet RFC standard and salt and algo name separator.
I am wondering if Sun MD5 default uses any salt even when I haven't used or DS does it. Or if any other MD5 option is there which can be used.
Thanks,
Gaurav -
LDAP gurus
I'm having problems to setup LDAP client to use TLS:SIMPLE. SIMPLE and SASL/DIGEST-MD5 are working fine (with or without Proxy).
For some reason, a self-certified certification is not acceptable by the client (TLS certificate verification: Error, self signed certificate).
Certificate is located at /var/ldap/cert8.db
Client is Sun LDAP Native.
[SunOS 5.10/bash] root@wgls01:/root
# /usr/local/bin/ldapsearch -Z -H ldaps://wgtsinf01:1636 -v -d 65535
ldap_initialize( ldaps://wgtsinf01:1636 )
ldap_create
ldap_url_parse_ext(ldaps://wgtsinf01:1636)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP wgtsinf01:1636
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 10.64.47.50:1636
ldap_connect_timeout: fd: 4 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
tls_write: want=124, written=124
0000: 80 7a 01 03 01 00 51 00 00 00 20 00 00 39 00 00 .z....Q... ..9..
0010: 38 00 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 8..5............
0020: 00 00 33 00 00 32 00 00 2f 00 00 07 05 00 80 03 ..3..2../.......
0030: 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 ................
0040: 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 ......@.........
0050: 00 00 06 04 00 80 00 00 03 02 00 80 5b ca 46 06 ............[.F.
0060: 60 e0 bc 9e a2 af 25 a2 55 0a 53 e7 f0 1a fc 6e `.....%.U.S....n
0070: c6 7b de f1 79 7e b1 ce 15 14 1a 8e .{..y~......
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
0000: 16 03 01 03 b3 02 00 .......
tls_read: want=945, got=945
0000: 00 46 03 01 46 b2 73 ba 42 d1 b3 35 54 a1 26 f8 .F..F.s.B..5T.&.
0010: 76 87 77 90 c1 92 c3 e4 88 a0 47 bc cc 52 01 bb v.w.......G..R..
0020: 34 85 b1 2d 20 46 b2 73 ba cd 16 16 a6 e6 9a a3 4..- F.s........
0030: c2 af 1b 60 ed e7 0d ad 32 69 0d c3 41 64 31 4e ...`....2i..Ad1N
0040: 3e ff bd c4 0a 00 16 00 0b 00 01 ae 00 01 ab 00 >...............
0050: 01 a8 30 82 01 a4 30 82 01 0d 02 04 46 ad 48 df ..0...0.....F.H.
0060: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 0...*.H........0
0070: 19 31 17 30 15 06 03 55 04 03 13 0e 77 67 74 73 .1.0...U....wgts
0080: 69 6e 66 30 31 3a 31 33 38 39 30 1e 17 0d 30 37 inf01:13890...07
0090: 30 37 33 30 30 32 31 31 34 33 5a 17 0d 30 39 30 0730021143Z..090
00a0: 37 32 39 30 32 31 31 34 33 5a 30 19 31 17 30 15 729021143Z0.1.0.
00b0: 06 03 55 04 03 13 0e 77 67 74 73 69 6e 66 30 31 ..U....wgtsinf01
00c0: 3a 31 33 38 39 30 81 9f 30 0d 06 09 2a 86 48 86 :13890..0...*.H.
00d0: f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 ...........0....
00e0: 81 00 a9 f7 de 93 85 50 13 6b a1 18 96 3d 00 2d .......P.k...=.-
00f0: 64 5d a9 65 72 33 c3 44 b6 1e 0e 6b b8 4b e0 a4 d].er3.D...k.K..
0100: 0a 6b 7f 4f 1a ae f3 d7 8e ed 8e fd c7 d0 48 b1 .k.O..........H.
0110: f0 45 2d 74 52 a9 d1 fd d4 89 ad 64 d9 82 6b e9 .E-tR......d..k.
0120: 73 b1 55 cb 38 20 06 e6 4f a3 d3 f2 0b a1 5b 2e s.U.8 ..O.....[.
0130: b4 43 bc 9a 93 e6 b7 47 dd 58 f2 cb 59 17 8a c0 .C.....G.X..Y...
0140: 13 aa 8a 5f ef 11 33 c7 02 53 d8 b1 20 e3 5b 6d ..._..3..S.. .[m
0150: 4f ea 4f a6 9d 02 d2 39 69 ed e0 b9 70 d9 51 50 O.O....9i...p.QP
0160: 4e 2b 02 03 01 00 01 30 0d 06 09 2a 86 48 86 f7 N+.....0...*.H..
0170: 0d 01 01 04 05 00 03 81 81 00 02 d6 e1 3d f7 41 .............=.A
0180: 64 69 c5 f3 b7 77 93 99 10 80 4d aa b9 1f 7a 28 di...w....M...z(
0190: c2 33 4e 42 d2 47 7c 53 00 6e 7d 13 3b e3 56 19 .3NB.G|S.n}.;.V.
01a0: 35 93 4b 6d cd 4c 52 57 aa ba e2 f6 e0 46 a4 f2 5.Km.LRW.....F..
01b0: 5c a7 be be b2 40 6f 9a 33 f0 dc b5 de 55 3c 8e \[email protected]<.
01c0: 2a 19 15 eb 6c 6f 03 ef a5 c1 01 e3 d6 10 b7 64 *...lo.........d
01d0: 7d dd 24 87 60 a7 e3 5f 24 a1 ea 0a 66 fa d4 49 }.$.`.._$...f..I
01e0: 71 65 21 53 94 ad be 0c b9 52 b6 78 67 87 b8 38 qe!S.....R.xg..8
01f0: 11 59 b2 47 b6 c9 23 f8 d8 cc 0c 00 01 89 00 80 .Y.G..#.........
0200: f4 88 fd 58 4e 49 db cd 20 b4 9d e4 91 07 36 6b ...XNI.. .....6k
0210: 33 6c 38 0d 45 1d 0f 7c 88 b3 1c 7c 5b 2d 8e f6 3l8.E..|...|[-..
0220: f3 c9 23 c0 43 f0 a5 5b 18 8d 8e bb 55 8c b8 5d ..#.C..[....U..]
0230: 38 d3 34 fd 7c 17 57 43 a3 1d 18 6c de 33 21 2c 8.4.|.WC...l.3!,
0240: b5 2a ff 3c e1 b1 29 40 18 11 8d 7c 84 a7 0a 72 .*.<..)@...|...r
0250: d6 86 c4 03 19 c8 07 29 7a ca 95 0c d9 96 9f ab .......)z.......
0260: d0 0a 50 9b 02 46 d3 08 3d 66 a4 5d 41 9f 9c 7c ..P..F..=f.]A..|
0270: bd 89 4b 22 19 26 ba ab a2 5e c3 55 e9 2f 78 c7 ..K".&...^.U./x.
0280: 00 01 02 00 80 7c 11 c6 db 8a 23 1b 2d a3 e3 5d .....|....#.-..]
0290: f0 30 4c 20 35 c1 95 fc 71 eb c2 92 00 02 a9 05 .0L 5...q.......
02a0: c5 10 4e 75 ef ca 35 aa bb 38 14 fa 38 c3 71 e4 ..Nu..5..8..8.q.
02b0: 16 a4 87 d5 2f e7 a5 7c b4 b8 a0 ee cf 53 ab c2 ..../..|.....S..
02c0: 6b f4 79 59 d5 f9 07 70 77 97 89 eb b6 c6 74 df k.yY...pw.....t.
02d0: 26 57 5c 42 1a 95 13 e3 c5 28 b7 6c c2 6f 2e 65 &W\B.....(.l.o.e
02e0: 5d c3 c8 a9 cf 8e 09 cc aa 42 eb f7 a7 3b c3 5d ]........B...;.]
02f0: be cd e3 71 2b 46 a2 80 72 a3 48 ae 52 b4 ce c2 ...q+F..r.H.R...
0300: 69 1f 40 e7 94 00 80 03 b2 a4 66 2f 34 c1 60 46 [email protected]/4.`F
0310: 05 9d 83 7f f9 75 29 07 36 60 8b b0 ae 1c ce e8 .....u).6`......
0320: 5f b4 0e 26 54 1c 31 b7 94 e2 58 6e 33 76 ce 19 _..&T.1...Xn3v..
0330: e0 07 f5 ca cc a9 d3 53 d5 22 4a 3a 31 15 f4 7e .......S."J:1..~
0340: 34 ba 3b 92 c0 ec 75 8e 0f d8 e4 44 23 91 70 cb 4.;...u....D#.p.
0350: d9 f9 40 ac 7c 0e 97 27 1d 24 b5 ff f2 13 bd 64 ..@.|..'.$.....d
0360: aa 10 40 1c 68 6f b2 87 14 c2 ef 88 bb 9c 88 24 [email protected].........$
0370: 5f 6b 9e c5 2b fb c2 d1 b3 ce 6e 8d b7 57 bf 88 _k..+.....n..W..
0380: ee b9 fd d6 f3 a0 f3 0d 00 00 22 02 01 02 00 1d ..........".....
0390: 00 1b 30 19 31 17 30 15 06 03 55 04 03 13 0e 77 ..0.1.0...U....w
03a0: 67 74 73 69 6e 66 30 31 3a 31 33 38 39 0e 00 00 gtsinf01:1389...
03b0: 00 .
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 18, subject: /CN=wgtsinf01:1389, issuer: /CN=wgtsinf01:1389
TLS certificate verification: Error, self signed certificate
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_start_tls: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_build_search_req ATTRS:
supportedSASLMechanisms
ldap_send_initial_request
ldap_send_server_request
ldap_perror
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedAny ideas?
AndreasHello David,
Let's follow your suggestion and try to put Solaris 10 use TLS:SIMPLE now. Sorry for the extreme long log entries but I tried to capture everything during the authentication process.
My client has an IP address of 10.64.47.11 and the DS server is using the IP address of 10.64.47.50.
a) Sun native LDAP configurations:
[SunOS 5.10/bash] root@wgls01:/var/ldap
# ls -la *db
-rw-r--r-- 1 root root 65536 Aug 8 14:46 cert8.db
-rw-r--r-- 1 root root 32768 Aug 8 14:46 key3.db
-rw------- 1 root root 32768 Aug 2 16:56 secmod.db
[SunOS 5.10/bash] root@wgls01:/var/ldap
# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=nz,dc=thenational,dc=com
NS_LDAP_BINDPASSWD= {NS1}41fa88f3a945c411
NS_LDAP_SERVERS= wgtsinf01.nz.thenational.com
NS_LDAP_SEARCH_BASEDN= dc=nz,dc=thenational,dc=com
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SERVER_PREF= wgtsinf01.nz.thenational.com
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= anonymous
NS_LDAP_SERVICE_SEARCH_DESC= netgroup:ou=netgroup,dc=nz,dc=thenational,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=nz,dc=thenational,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=nz,dc=thenational,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=group,dc=nz,dc=thenational,dc=com?one
NS_LDAP_BIND_TIME= 30
b) Output from DSEE6.1 error log file:
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=Hosts,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=ipHost)(ipHostNumber=10.64.47.58))" attrs="cn ipHostNumber"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0xb
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2002
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=Hosts,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=ipHost)(ipHostNumber=10.64.47.58))" attrs="cn ipHostNumber"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0xb
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2002
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=group,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixGroup)(memberUid=p642929))" attrs="cn gidNumber userPassword memberUid"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x1000
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2002
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="" scope=0 deref=0 sizelimit=0 timelimit=5 attrsonly=0 filter="(|(objectClass=*)(objectClass=ldapSubEntry))" attrs="1.1"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=shadowAccount)(uid=p642929))" attrs="uid userPassword shadowFlag"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=shadowAccount)(uid=p642929))" attrs="uid userPassword shadowFlag"
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=shadowAccount)(uid=p642929))" attrs="uid userPassword shadowFlag"
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs=ALL
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - cos_cache_vattr_types: failed to get class of service reference
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="" scope=0 deref=0 sizelimit=0 timelimit=30 attrsonly=0 filter="(objectClass=*)" attrs="supportedControl supportedSASLMechanisms"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=shadowAccount)(uid=p642929))" attrs="uid userPassword shadowFlag"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=shadowAccount)(uid=p642929))" attrs="uid userPassword shadowFlag"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs=ALL
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - cos_cache_vattr_types: failed to get class of service reference
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:56 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="" scope=0 deref=0 sizelimit=0 timelimit=30 attrsonly=0 filter="(objectClass=*)" attrs="supportedControl supportedSASLMechanisms"
[13/Aug/2007:12:00:56 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:56 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:56 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:56 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13 -
Can't synchronize with Directory Server
I am using IdM 8.0.0.1 and Sun Directory Server EE 6.3.
I have created a server instance and suffix in DS and enabled Retro Changelog plug-in.
In IdM I have created a LDAP resource for the DS. The synchronization policy uses the same base context as the suffix and the changenumber attribute.
My problem is that when starting synchronization, IdM looks for changenumbers larger than the the last changenumber in the changelog suffix.
If I create a user in IdM and assigns the DS resource, the user is created in DS. Changes to e.g. the name in DS is shown in IdM but a sync results in an error in the sync log: java.util.ArrayList cannot be cast to java.lang.String.
I hope all this makes some sort of sense and even more, I hope someone can help me make this work.
Thank you in advance.
StefanI don't see any references in the error, and I only changed the name attribute so I don't think that is the problem.
I tried something else: I used Load from Resource to do the first import of users from DS to IdM. This worked as expected so now I have some users to play with. But when I create a new user in DS and starts a Sync, nothing happens. I would expect the new user to be sync'ed into IdM?
And IdM still uses the last changenumber+1 as start point - This explains why nothing is sync'ed, but I don't understand why IdM behaves like that or where the start point comes from?
If anyone can point me to a few tutorials on synchronization, I would appreciate it very much.
Stefan -
Instant Client with SQL Server - HELP!!
G'day all...
My goal is to connect to a server using Oracle Database version 8.1.7.4, from a server which does not have either Oracle Database or the full Oracle Client, preferrably using SQL Server DTS packages.
With that said, I have installed instant client basic and instant client ODBC suppliment on our first development server using the instructions at the following link without any difficulties, although I do admit that I only have a tnsnames.ora file and not a sqlnet.ora file:
http://www.oracle.com/technology/tech/oci/instantclient/instantclient.html
The trouble is, when I attempt to deploy it on any of our other servers it fails. When I attempt to connect using Microsoft ODBC Driver for Oracle in a DTS package in SQL Server I get the following error message:
HResult of 0x8004005 (-2147467259) returned Unexpected error occurred. An error result was returned without an error message.
(Note: This is seen on all other servers I've tried this on except for the first one).
I have also tried setting up a System ODBC connection using the Instant Client driver but it returned this error message:
Unable to connect
SQLState=S1000
[Oracle][ODBC][Ora]ORA-12705: invalid or unknown NLS parameter value specified
In desperation I have also tried installing the Oracle RDB Driver and the Oracle 8.1.7.8.1.0 ODBC driver. Both appear to install successfully yet nothing seems to work.
As far as I can tell,l these are the differences between the first server and the other servers:
- First server is MS SQL Server 2000 version: 8.00.760, rest are 8.00.818
- First server is running MS SQL Server Analysis services, rest are not
- First server is MS Windows 2000 Advanced Server, rest are MS Windows 2000 Server
So my first question: Does anyone know if the Instant Client tool works with SQL Server version: 8.00.818?
My second question: Can anyone else suggest something that I haven't tried yet, short of installing the Full Oracle Client on this server? Not that I'm opposed to doing that, it's just that it's a last resort idea as of now...
Please help - need to roll this into production soon...Kent, I see that many others have reported that error (doing
a google search), but I see no ready answers. I saw something that
reminded me of a connection string value that I've seen answer some
problems. May be worth a shot for you: try adding this string to
the connection string (in "advanced options") for your datasource:
AuthenticationMethod=Type2
If it doesn't solve it, remove it. But keep it handy in case
it ever may help with some other problem.
Here's one other possible answer for you:
http://www.webmasterkb.com/Uwe/Forum.aspx/coldfusion-server/3206/SQL-Server-2000-Windows-A uth
Sorry I can't be more clear for you. -
Syclo : Error in connecting Work Manager Client with Agentry Server
Hi,
Can somebody please shed some light on work manager client-server connections? I have downloaded the "SAP_WORK_MANAGER_BY_SYCLO_5.2" package from market place and set up the Work Manager server. It can successfully connect to the SAP back-end. Environment variables are correctly set too. However, I'm failing to connect to the Work Manager server from the Work Manager clients. I have tried from the Win32 & Android clients both.
For Win32 client, the error I'm getting is:
For Android, I can't even see the server instance, although it's running (it shows up while attempting to connect from Win32). Error:
When I attempt to connect from Work Manager client to the server, it asks for username/password and for Android client it asks for Agentry user id and password. Aren't these username/password of the server where my Work Manager (Agentry) server is installed?
Also, the "Agentry Development Server" which has been set to run as a service runs with Administrative privileges.
I followed this: http://wiki.scn.sap.com/wiki/display/SAPMOB/Agentry+error+Client+Receiving+RFC+ERROR+LOGON+FAILURE+incomplete+logon+Data+when+connecting+to+server
It didn't help. Please let me know where I'm going wrong?
Tags edited by: Michael ApplebyHi Michael,
I can login to SAP backend using the credentials mentioned in JavaBE.ini file.
Please take a look at the JavaBE.ini:
[HOST]
server=<SAP server host name>
; mobile application name configured in sap like SMART_WORK_MANAGER_51, SMART_CUSTOMER_SERVICE_10, SMART_ISU_WORK_MANAGER_10...etc
APPNAME=SMART_WORK_MANAGER_52
[CONFIG]
; Used to get the SAP Configutaions from SAP if source=SAP or from JavaBE ini file
; SAP Configurations are [ENABLE_TABLE], [TABLE_CHECK], [TABLE_REFRESH], [BAPI_WRAPPER],
; [SAPOBJECT], [CT_SAPOBJECT], [CT_BAPI_WRAPPER], [CT_RETURN_TABLE], [CT_DELETE_TABLE].....etc
source=SAP
[TEST_LOGON]
UID=
UPASSWORD=
UGUID=
SERVERSERIALNUM=
; Service login user is used to get the SAP Configutaions from SAP if source=SAP
; Set ENABLED=true if source=SAP or ENABLED=false if source=INI
; If ENABLED=true, set the UID, UPASSWORD and SERVERSERIALNUM
; SERVERSERIALNUM is the Agentry server serial number
[SERVICE_LOGON]
ENABLED=true
UID=<SAP backend username>
UPASSWORD=<SAP backend password>
UPASSWORDENCODED=false
SERVERSERIALNUM=AVKNN@NILKGGBTLD
[PUSH_LOGON]
ENABLED=false
UID=
UPASSWORD=
UPASSWORDENCODED=false
SHAREDCONNECTION=10
[CLIENT_NUM]
CLIENT=720
;CLIENT=010
[SYSTEM_NUM]
;SYSNUM=33
SYSNUM=00
[LANGUAGE]
LANG=EN
[LOGGING]
;1=Fatal, 2=Error, 3=Warning, 4=Info, 5=debug, 6=trace
Level=4
[LOGON_METHOD]
; USER_AUTH if standard UID/Password authentication is used
; USER_AUTH_GLOBAL if pooled connections using single UID/Password is used
; USER_AUTH_GROUP if UID/Password authentication with SAP Message Server
; (load balancing) is used
LOGON_METHOD=USER_AUTH
[GLOBAL_LOGON]
; referenced when LOGON_METHOD=USER_AUTH_GLOBAL
; uses a pool of connections to the SAP backend all utilizing a single
; UID/password
UID=
UPASSWORD=
SHAREDCONNECTION=100
[GROUP_LOGON]
; referenced when LOGON_METHOD=USER_AUTH_GROUP
; individual user authentication using an SAP Message Server which distributes
; client connections among a "group" of SAP application servers based on load
; balancing criteria
; host name or IP address of SAP Message Server
MESSAGE_SERVER=
GROUP_NAME=
SYSTEM_ID=
CLIENT=
[REQUIRED_BAPI_WRAPPER]
com.syclo.sap.bapi.LoginCheckBAPI=/SYCLO/CORE_SUSR_LOGIN_CHECK
com.syclo.sap.bapi.RemoteUserCreateBAPI=/SYCLO/CORE_MDW_SESSION1_CRT
com.syclo.sap.bapi.RemoteParameterGetBAPI=/SYCLO/CORE_MDW_PARAMETER_GET
com.syclo.sap.bapi.SystemInfoBAPI=/SYCLO/CORE_SYSTINFO_GET
com.syclo.sap.bapi.ChangePasswordBAPI=/SYCLO/CORE_SUSR_CHANGE_PASSWD
com.syclo.sap.bapi.CTConfirmationBAPI=/SYCLO/CORE_OUTB_MSG_STAT_UPD
com.syclo.sap.bapi.DTBAPI=/SYCLO/CORE_DT_GET
com.syclo.sap.bapi.GetEmployeeDataBAPI=/SYCLO/HR_EMPLOYEE_DATA_GET
com.syclo.sap.bapi.GetUserDetailBAPI=/SYCLO/CORE_USER_GET_DETAIL
com.syclo.sap.bapi.GetUserProfileDataBAPI=/SYCLO/CORE_USER_PROFILE_GET
com.syclo.sap.bapi.PushStatusUpdateBAPI=/SYCLO/CORE_PUSH_STAT_UPD
com.syclo.sap.bapi.RemoteObjectCreateBAPI=/SYCLO/CORE_MDW_USR_OBJ_CRT
com.syclo.sap.bapi.RemoteObjectDeleteBAPI=/SYCLO/CORE_MDW_USR_OBJ_DEL
com.syclo.sap.bapi.RemoteObjectGetBAPI=/SYCLO/CORE_MDW_SESSION_GET
com.syclo.sap.bapi.RemoteObjectUpdateBAPI=/SYCLO/CORE_MDW_SESSION_UPD
com.syclo.sap.bapi.RemoteReferenceCreateBAPI=/SYCLO/CORE_MDW_USR_KEYMAP_CRT
com.syclo.sap.bapi.RemoteReferenceDeleteBAPI=/SYCLO/CORE_MDW_USR_KEYMAP_DEL
com.syclo.sap.bapi.RemoteReferenceGetBAPI=/SYCLO/CORE_MDW_SESSION_GET
com.syclo.sap.bapi.RemoteReferenceUpdateBAPI=/SYCLO/CORE_MDW_SESSION_UPD
com.syclo.sap.bapi.RemoteSessionDeleteBAPI=/SYCLO/CORE_MDW_SESSION1_DEL
com.syclo.sap.bapi.RemoteUserDeleteBAPI=/SYCLO/CORE_MDW_SESSION1_DEL
com.syclo.sap.bapi.RemoteUserUpdateBAPI=/SYCLO/CORE_MDW_SESSION_UPD
com.syclo.sap.bapi.TransactionCommitBAPI=WFD_TRANSACTION_COMMIT
com.syclo.sap.bapi.SignatureCaptureBAPI=/SYCLO/CS_DOBDSDOCUMENT_CRT
I haven't yet installed ATE and tested out any application. I just want my connections to be perfect, first.
I have a question. Are the credentials used to connect Work Manager client to the server, same as the SAP backend credentials or are they the credentials of the host on which the Work Manager server is installed?
I have tried logging in using the SAP credentials also. But that results in error too.
These credentials are valid for SAP backend and successfully logs onto it and also responds correctly to connectTest.bat. However, I think this error is logical because these are the credentials for SAP backend and not the server where Work Manager server is hosted. -
Unable to synchronise the client with the server
Hi Everyone,
I get the folllowing error while trying to sync my MI client for the first time.
Synchronization started.
Connection set up (without proxy) to: http://idesec7:50000/meSync/servlet/meSync?~sysid=ice&
Successfully connected with server.
Processing of inbound data began.
Internal server error; contact your system administrator.
any thoughts.....
Thanks in advance,
himaAfter synchronising with the server i am not able to start the MIclient it gives the error as <b>"start failed"</b>. But before synchronising, MIclient was working fine.This error has occured when i tried to download and start the aplication as an end user.in the webconsole the status is displayed as <u>"delete with next synchronisation"</u>.will this status in the webconsole matter.
the detailed information is as follows:
DEPLID E7D34F0264E5F64BBD740CCECB688CE0
INSTALLATION_IMAGE NO
JAVA_VERSION 1.4.2_06
JVM_VENDOR Sun Microsystems Inc.
MI_FULLNAME MI 25 SP 09 Patch 00 Build 200409101427
OSARCHITECTURE x86
OSNAME Windows XP
OSVERSION 5.1
PROCESSOR pentium i486 i386
RUNTIME TOMCAT
USERS_ON_DEVICE MISYNC-00; TEST; MI_ADMIN; MI_USER
USER_TIMEZONE Asia/Calcutta
can anybody help me in this.. -
Can I install Portal server 6.1 with Directory server 5.2
Hi,
Can I install Sun ONE Portal Server 6.1 with Sun ONE Directory Server 5.2 that is an existing installation? I have checked iPS 6.1 installation guide that mentioned iDS version should be 5.1.
Thanks a lot,
Yu MaoIdentity server 6.0 SPx has not been certified/tested on DS 5.2.
IS 6.1 will support DS 5.2. -
Outlook clients with SL server and ICAL/Addressbook server
Hi!
I have a customer intrested in replacing their old SSB 2003 server with an SL server. I wonder if this combo can accommodate their calendaring needs.
- They need to view eachothers calendars side by side in outlook
- They need to have shared calendars with read/write access
- Central store for contacts
They want the experience to closely reassemble Outlook/Exchange, but are prepared to make some changes in working methods if nessecary.
Is this even possible or are they forced to move to a new SBS 2008 server instead? They are only 7 in the office, so doing witout an expensive SBS 2008 server would save them around 5000$ in investments.
/HasseCan't I just set up Exchange as one of my calendars in ical?
Only if you're running Snow Leopard and your employer will allow access (different than iPhone/mobile device access, so most likely not), but not needed - keep reading.
Is it really true that I have to choose between syncing Exchange with work server OR syncing iCal with personal Macbook?
No. It was true, but with the v3.0 software that changed - you can now sync your Exchange contacts and calendar over the air, and your Address Book and iCal via iTunes over the docking cable.
What is the best work around for this?
None needed. When you set up the exchange account, and choose to turn on syncing of contacts and calendars, you will be prompted to remove all other data, or keep it on the iPhone. Choose the keep option. Note that in that case, your personal data will not be uploaded to the Exchange server - the iPhone keeps them separate (although you can choose to view them in a merged fashion).
I have this set up on my phone (Exchange calendar along side personal and other calendars from iCal). Same for contacts. Works great. -
ICal client with iCal server. Bug with delegation of calendars with plenty
Hi,
I have a working setup with an iCal server on OSX 10.5.2 that is also an OD master. I have several users with calendars hosted on the server. Only Mac clients so far. Everything seems to work when managing your own calendars. The problem I see is when I delegate my calendar to another user. None or just a few of the entries show up in the other users view of my calendar.
I experimented a little and found out that it probably has to do with the number of items in the calendar. I have a calendar that contains several years of historic entries and when I start to delete entries everything eventually start to work. My calendar shows up OK in the other users view.
I am not completely sure if it is the number of items in the calendar or if it is some specific entry that cause the problem but I can recreate the problem over and over again if I import the exported calendar, delegate and refresh as the other user.
If I start to edit away entries in the exported iCal file I finally get a working setup.
If somebody at Apple is interested I can provide the exported iCal file and it should be quite easy to recreate the bug.Hi,
I have a working setup with an iCal server on OSX 10.5.2 that is also an OD master. I have several users with calendars hosted on the server. Only Mac clients so far. Everything seems to work when managing your own calendars. The problem I see is when I delegate my calendar to another user. None or just a few of the entries show up in the other users view of my calendar.
I experimented a little and found out that it probably has to do with the number of items in the calendar. I have a calendar that contains several years of historic entries and when I start to delete entries everything eventually start to work. My calendar shows up OK in the other users view.
I am not completely sure if it is the number of items in the calendar or if it is some specific entry that cause the problem but I can recreate the problem over and over again if I import the exported calendar, delegate and refresh as the other user.
If I start to edit away entries in the exported iCal file I finally get a working setup.
If somebody at Apple is interested I can provide the exported iCal file and it should be quite easy to recreate the bug. -
Solaris 10 NFS client with FreeBSD server
Hello,
I have an issue about Solaris 10 and a FreeBSD server (currently running 5.4-STABLE). This server exports several NFS shares (3TB each) to various machines including Linux (which works fine) and Solaris (which worked fine on 9 but not 10).
The last progress was that if you link .sunw in the /home/$USER
directory to /tmp on Solaris 10, you can then use applications and ssh out from the server. It looks to me like a pure Solaris issue but i still have failed to find a way to fix it.
The mount options i currently have on solaris are :
rw,bg,nosuid,nfsver=3,tcp,intr,-w=32768,-r=32768
Also modified /etc/default/nfs to force NFS3 thinking it might have been the issue : NFS_CLIENT_VERSMAX=3
I have searched forums and search engines hoping to find an answer but have failed to see anything yet. As far as i can tell, it is a Solaris 10 issue but have no idea how to fix it.
Thanks for any help,
StephI also have this problem with FreeBSD 6.2 and Solaris 10 (was OK with Solaris 7 and 9).
The file system shared is about 30GB, and is FreeBSD on Sparc64.
Maybe you are looking for
-
My MacBook Pro 13" (2012) is running Windows 7 on Bootcamp and there is an issue with the headset I'm using. I use a cheap Logitech Stereo Headset H130, but since there is only on audio plugin on the computer, I purchased a 3.5 mm 4-pin smartphone au
-
Finding a printer shared from 10.3.9 on 10.5.6
i have seen the support page at _http://support.apple.com/kb/HT2275_ that suggests using cupsctl to configure the cupsd.conf to search for my printer being shared by my PPC-based mac running 10.3.9 on my other macs running 10.5. unfortunately, upon t
-
Export Screensaver (Processing-Screensaver)
Hey there, Before proceeding to my question, I am aware that is not the 'right' forum to post my concern, but I thought maybe someone may already know something to help. We have developed a little project in Processing and we would like to export/sav
-
I have Windows 7, 32-bit OS. I have Adobe Reader X. This problem was intermittent over the last month, and from day before it has stopped responding. 1. When I click the program icon or a PDF document, the cursor becomes busy, but no response. 2. Whe
-
Hi, Is there a way to embed all the ressource image files from a directory at compile time? Embedding a bitmap looks like: [Bindable] [Embed(source="./v3/R4.png")] private var artClassR4:Class; public var artR4:BitmapAsset; But it becomes really pain