LDAP Schema for AD  ( ADAM )

Similar Messages

• X.509 PKI LDAP Schema for OID

  Hi,
  my question is about availability X.509 PKI LDAP Schema for OID. Does anyone know if it is possible to import already predefined schema into OID?
  Is it neccessary to folow RFC2587 and define the schema by hand?
  Any response and advice appreciated.
  Petr
  P.S.
  I am quite new in the area of OID so some my questions may seem incomrehensible.

  Hello Petr:
  You most certainly can load your own custom schema items into OiD. A few things to keep in mind when you do this.
  Make sure you load the attributes first.
  Then your objectclasses.
  Then your Catolog/indexes if you have any.
  Then load your directory entries.
  And last load any ACI's you may have.
  If you give me a few of your schema definitions I would be happy to give you an example of how to do this.
  There are many PKI venders out there and not all of them store certificates the same way. Some use standard schema attributes and others add their own custom attribute.

• LDAP schema for addressbook in Lion

  I am starting to setup an OpenLDAP server for the place where I work. So far everything has been good, but I need to add a couple more fields (attributes) than the one provided by the schema inteOrgPerson.
  I can add attributes to my accounts in LDAP all I want, but they do not show up in the addressbooks.
  Is there a schema that I could use to add something like the note field and have that show up in addressbooks connected to my LDAP server? Or even better, is it possible to add a "note" attribute and have that show up in the note field of addressbook?
  If such schema exist, please let me know where can I get it.
  If I am in the wrong forum to ask this question, please let me know where to post this.

  Anyways , I've created an LDIF for Active Directory with theses attributes and class objects.
  Don't really know if this is needed inside AD or not.
  If anyone wants these LDIFs for some reason, drop me a line. Keep in mind that they are a work in progress, so, if you find anything you dont like and would like to change it, please do let me know so I can update my versions aswell.
  If anyone got any idea regarding the last questions I posted, please do let me know aswell
  Rp

• LDAP Configuration for ECC 6.0 ( ABAP Stack only)

  Hi,
  Can any one guide me with the steps for the LDAP Configuration for ECC 6.0 ( Abap stack only).
  Some of my observations are....
  I can see the LDAP Support in the Installation master at the following path.
  1. Additional Software Life cycle Tasks --> Application Server --> LDAP Support.
  But the prerequisites for this task is given as "You must have extended the LDAP schema for the sap data types before.".
  When i am goint thru service market place i came across the following note.
  Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT.
  Thanks,
  Tanuj

  Dear All,
  We are trying to configure the LDAP using with active directory .  In the
  step of "Synchronization of SAP User Administration with LDAP
  Directory"when executing the report"RSLDAPSYNC_USER" we are facing one
  error.
  Please find the trace file and error screenshot in the attachment.Please help us on
  priority.
  Please find the Trace log in the below:
  RFC destination : LDAP_LDAPSE-01
  Tracelevel      :      8,704
  F5: Shutdown F6: Clear list F7: Dump status F8: Refresh list
  [Wed Jun 26 11:15:38 2013]
  Slot 0 (WIPROTECH): >>> ldap_initU(host="abg-mumabc-dc1.abgplanet.abg.com", port=389)
  [Wed Jun 26 11:15:39 2013]
  Slot 0 (WIPROTECH): <<< ldap_initU() == <NOT NULL> := connected
  Slot 0 (WIPROTECH): >>> ldap_set_option(version=3)
  Slot 0 (WIPROTECH): <<< ldap_set_option() == 0
  Slot 0 (WIPROTECH): >>> ldap_simple_bind_sU(dn="poornataad", password: not initial)
  [Wed Jun 26 11:15:40 2013]
  Slot 0 (WIPROTECH): <<< ldap_simple_bind_sU() == 0 := success
  [Wed Jun 26 11:15:43 2013]
  >>>>Required attributes table
  Line    0: "CREATETIMESTAMP" (length 15)
  Line    1: "MODIFYTIMESTAMP" (length 15)
  Line    2: "SAPUSERNAME" (length 11)
  <<<<Required attributes table
  Slot 0 (WIPROTECH): >>> ldap_search_sU(base="CN=poornataad,CN=Users,DN=abgplanet,DC=abg,DC=com", filter="(&(OBJECTCLASS=user)(SAPUSERNAME=*))", scope=2)
  Slot 0 (WIPROTECH): <<< ldap_search_sU() == 91
  >>> ldap_msgfree()
  <<< ldap_msgfree()
  Slot 0 (WIPROTECH): >>> ldap_unbind_s()
  Slot 0 (WIPROTECH): <<< ldap_unbind_s() == 0
  Please find the error screenshot in the below.
  Regards,
  Dilip Sampath.CH
  +91-9619735957.

• Help with extending schema for redhat ldap sudo integration.

  Hi all,
  I've done LDAP administration for a few years, but I'm new to Directory server and I'm a bit stuck. I want to apply a custom schema and allow sudoers in our CentOs (Redhat) Linux servers. They're authenticating correctly, but I can't get sudoers to work. I've followed this documentation to update my schema.
  http://kbase.redhat.com/faq/docs/DOC-2057
  I'm having issues with the step that creates the SUDOers group as the following.
  dn: ou=SUDOers,dc=example,dc=com
  objectClass: top
  objectClass: organizationalUnit
  ou: SUDOers
  I want to make administration easy via the Workgroup manager so I don't have to manually add users to this group via ldif files. When I create a sudoers group via the workgroup manager, I get this dn
  cn=sudoers,cn=groups,dc=spidertracks,dc=local
  As you can see, it's a cn, not an ou. Furthermore, how do I get the defaults in the sudoer's group so that redhat recognizes the setup, but users can be assigned via the workgroup manager?
  Thanks,
  Todd

  Anyways , I've created an LDIF for Active Directory with theses attributes and class objects.
  Don't really know if this is needed inside AD or not.
  If anyone wants these LDIFs for some reason, drop me a line. Keep in mind that they are a work in progress, so, if you find anything you dont like and would like to change it, please do let me know so I can update my versions aswell.
  If anyone got any idea regarding the last questions I posted, please do let me know aswell
  Rp

• UCCX 7.0.1SR5 to 8.0 upgrade while also adding LDAP integration for CUCM - what happens to agents and Historical Reporting data?

  Current State:
  •    I have a customer running CUCM 6.1 and UCCX 7.01SR5.  Currently their CUCM is *NOT* LDAP integrated and using local accounts only.  UCCX is AXL integrated to CUCM as usual and is pulling users from CUCM and using CUCM for login validation for CAD.
  •    The local user accounts in CUCM currently match the naming format in active directory (John Smith in CUCM is jsmith and John Smith is jsmith in AD)
  Goal:
  •    Upgrade software versions and migrate to new hardware for UCCX
  •    LDAP integrate the CUCM users
  Desired Future State and Proposed Upgrade Method
  Using the UCCX Pre Upgrade Tool (PUT), backup the current UCCX 7.01 server. 
  Then during a weekend maintenance window……
  •    Upgrade the CUCM cluster from 6.1 to 8.0 in 2 step process
  •    Integrate the CUCM cluster to corporate active directory (LDAP) - sync the same users that were present before, associate with physical phones, select the same ACD/UCCX line under the users settings as before
  •    Then build UCCX 8.0 server on new hardware and stop at the initial setup stage
  •    Restore the data from the UCCX PUT tool
  •    Continue setup per documentation
  At this point does UCCX see these agents as the same as they were before?
  Is the historical reporting data the same with regards to agent John Smith (local CUCM user) from last week and agent John Smith (LDAP imported CUCM user) from this week ?
  I have the feeling that UCCX will see the agents as different almost as if there is a unique identifier that's used in addition to the simple user name.
  We can simplify this question along these lines
  Starting at the beginning with CUCM 6.1 (local users) and UCCX 7.01.  Let's say the customer decided to LDAP integrate the CUCM users and not upgrade any software. 
  If I follow the same steps with re-associating the users to devices and selecting the ACD/UCCX extension, what happens? 
  I would guess that UCCX would see all the users it knew about get deleted (making them inactive agents) and the see a whole group of new agents get created.
  What would historical reporting show in this case?  A set of old agents and a set of new agents treated differently?
  Has anyone run into this before?
  Is my goal possible while keeping the agent configuration and HR data as it was before?

  I was doing some more research looking at the DB schema for UCCX 8.
  Looking at the Resource table in UCCX, it looks like there is primary key that represents each user.
  My question, is this key replicated from CUCM or created locally when the user is imported into UCCX?
  How does UCCX determine if user account jsmith in CUCM, when it’s a local account, is different than user account jsmith in CUCM that is LDAP imported?
  Would it be possible (with TAC's help most likely) to edit this field back to the previous values so that AQM and historical reporting would think the user accounts are the same?
  Database table name: Resource
  The Unified CCX system creates a new record in the Resource table when the Unified CCX system retrieves agent information from the Unified CM.
  A Resource record contains information about the resource (agent). One such record exists for each active and inactive resource. When a resource is deleted, the old record is flagged as inactive; when a resource is updated, a new record is created and the old one is flagged as inactive.

• Configuring the authentication scheme for a web application

  Hi all,
  We have a requirement to configure the authentication scheme for a web application where some set of users should access the application using basic LDAP (userid/password) authentication and some using digital certificate authentication.
  Since the deployment descriptor (web.xml) allows only one directive for auth-method in logic-config, we want to know if there is any other way to achieve this requirement. We are thinking of a custom login module approach. But we are not able to figure out how to configure the auth-method at runtime from the login servlet.
  Please let us know if there is any other approach to achieve this.
  I will be thankful if any body shares any specific solution to this issue.

  This forum is probably not the correct one to ask in. It's more related to the web container than Java Programming.
  Kaj

• Error while doing the Ldap sync for UDFs

  Hi All,
  I am doing LDAP sync for UDFs,
  Created users in OID.
  assigned to orclIDXPerson object modified the ldapconfig.props and created the input file.
  Now I am running the ldapsyncudf.sh then I getting the below error.
  Exception in thread "main" java.lang.NullPointerException
  at oracle.ods.virtualization.schema.AttributeTypeDefinition.getOID(AttributeTypeDefinition.java:117)
  at oracle.ods.virtualization.jndi.OVDSchemaContext.convertAttrDefnToJNDIAttrs(OVDSchemaContext.java:655)
  at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:137)
  at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:109)
  at oracle.iam.configservice.impl.LDAPUDFSyncImpl.isAttrExistsInLDAP(LDAPUDFSyncImpl.java:555)
  at oracle.iam.configservice.impl.LDAPUDFSyncImpl.validateOVDSchema(LDAPUDFSyncImpl.java:519)
  at oracle.iam.configservice.impl.LDAPUDFSyncImpl.addUDFwithLDAP(LDAPUDFSyncImpl.java:1082)
  at oracle.iam.configservice.api.LDAPUDFSyncEJB.addUDFwithLDAPx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
  at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy631.addUDFwithLDAPx(Unknown Source)
  can anyone please unblock me.
  Thanks,
  Valli

  Hi,
  Please see if these help (for 11gR2)
  Export the LDAPUser.xml file from MDS using weblogicExportMetatdata.bat. This xml contains the attributes mapping between OIM and OID for LDAP synchronization.
  Include the entry for OIM attribute (if entry does not exist for the attribute in the XML) under entity-attributes node. For e.g. use the following xml snippet to add the entry for ISD Code for Phone attribute
  <entity-attributes><attribute name=”ISD Code for Phone”> <type>string</type> <required>false</required> <attribute-group>Extended </attribute-group> <searchable>true</searchable> </attribute> </entity-attributes>
  Include the entry for OID attribute under target-fields node. For e.g. use the following xml snippet to add the entry for CountryCode
  <target-fields><field name=”CountryCode”><type>String</type> <required>false</required> </target-fields>
  Now map the OIM attribute with the OID attribute using the following xml snippet under attribute-maps node
  <attribute-maps><attribute-map> <entity-attribute> ISD Code for Phone </entity-attribute> <target-field>CountryCode</target-field> </attribute-map></attribute-maps>
  Save the changes and import the file back into MDS using WebLogic import utilities.

• Error Extending eDirectory Schema for Radius in iManager

  I am working on integrating eDirectory with FreeRADIUS on our OES 11 SP2 servers. I have been following all the steps in the "Integrating Novell eDirectory with FreeRADIUS" guide located here: https://www.netiq.com/documentation/edir_radius/. I did not have any problems installing FreeRADIUS or modifying its config files for LDAP authentication.
  I am now stuck trying to extend the eDirectory schema for radius. In iManager, I go to Roles and Tasks --> radius --> Extend Schema, and I keep getting the following error: "RADIUS plugin encountered an error. Click the Details button for more information." When I click "details" it shows the following:
  java.lang.NullPointerException\n at java.util.StringTokenizer.(StringTokenizer.java:88 )\n at java.util.StringTokenizer.(StringTokenizer.java:66 )\n at com.novell.ldap.LDAPConnection.connect(Unknown Source)\n at com.novell.nps.radius.NovellLDAPAuthenticator.logi n(NovellLDAPAuthenticator.java:155)\n at com.novell.nps.radius.ExtendRadiusSchema.showIniti alForm(ExtendRadiusSchema.java:178)\n at com.novell.nps.radius.ExtendRadiusSchema.execute(E xtendRadiusSchema.java:96)\n at com.novell.emframe.dev.Task.execute(Task.java:505) \n at com.novell.nps.gadgetManager.BaseGadgetInstance.pr ocessRequest(BaseGadgetInstance.java:858)\n at com.novell.nps.gadgetManager.GadgetManager.delegat eToGadget(GadgetManager.java:4256)\n at com.novell.nps.gadgetManager.LaunchService.onDeleg ateAction(LaunchService.java:86)\n at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)\n at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:60)\n at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:37)\n at java.lang.reflect.Method.invoke(Method.java:611)\n at com.novell.nps.gadgetManager.BaseGadgetInstance.ha ndleAction(BaseGadgetInstance.java:2371)\n at com.novell.nps.gadgetManager.GadgetManager.process InstanceRequest(GadgetManager.java:1609)\n at com.novell.nps.gadgetManager.GadgetManager.process ServiceRequest(GadgetManager.java:1062)\n at com.novell.nps.PortalServlet.handleFrameService(Po rtalServlet.java:509)\n at com.novell.nps.PortalServlet.processRequest(Portal Servlet.java:373)\n at com.novell.nps.PortalServlet.doPost(PortalServlet. java:279)\n at com.novell.nps.PortalServlet.doGet(PortalServlet.j ava:262)\n at javax.servlet.http.HttpServlet.service(HttpServlet .java:617)\n at com.novell.emframe.fw.servlet.AuthenticatorServlet .service(AuthenticatorServlet.java:332)\n at javax.servlet.http.HttpServlet.service(HttpServlet .java:717)\n at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:290)\n at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)\n at com.novell.emframe.fw.filter.CrossScriptingFilter. doFilter(CrossScriptingFilter.java:25)\n at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)\n at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)\n at com.novell.emframe.fw.filter.AntiCsrfServletFilter .doFilter(AntiCsrfServletFilter.java:275)\n at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)\n at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)\n at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:233)\n at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:191)\n at org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:530)\n at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:128)\n at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:102)\n at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:109)\n at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:286)\n at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyo teHandler.java:190)\n at org.apache.jk.common.HandlerRequest.invoke(Handler Request.java:291)\n at org.apache.jk.common.ChannelSocket.invoke(ChannelS ocket.java:769)\n at org.apache.jk.common.ChannelSocket.processConnecti on(ChannelSocket.java:698)\n at org.apache.jk.common.ChannelSocket$SocketConnectio n.runIt(ChannelSocket.java:891)\n at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:690)\n at java.lang.Thread.run(Thread.java:761)\n
  Can anyone give me an idea of what is going on here? Everything I've been able to dig up so far has dealt with schema conflict errors and ssl/tls connection issues. I don't think that is what's going on here. I am getting the same error on multiple servers with eDirectory and iManager installed. Any help is appreciated. Thank you.
  Scot

  Originally Posted by bjunker
  I am working on integrating eDirectory with FreeRADIUS on our OES 11 SP2 servers. I have been following all the steps in the "Integrating Novell eDirectory with FreeRADIUS" guide located here: https://www.netiq.com/documentation/edir_radius/. I did not have any problems installing FreeRADIUS or modifying its config files for LDAP authentication.
  I am now stuck trying to extend the eDirectory schema for radius. In iManager, I go to Roles and Tasks --> radius --> Extend Schema, and I keep getting the following error: "RADIUS plugin encountered an error. Click the Details button for more information." When I click "details" it shows the following:
  Can anyone give me an idea of what is going on here? Everything I've been able to dig up so far has dealt with schema conflict errors and ssl/tls connection issues. I don't think that is what's going on here. I am getting the same error on multiple servers with eDirectory and iManager installed. Any help is appreciated. Thank you.
  Scot
  Seems like there is a know bug for this issue, I suggest you to open a SR if you can?
  Thomas

• I need to extend the schema for iPlanet Dir. 5.0 and add custom objectclasses and atributes. I do this by adding entries in the 99user.ldif file. Its not working. Any ideas?

  Hi
  I need to extend the schema for iPlanet Dir. 5.0 and I do not want to do so from the console. As per the documentation, I need to either add entries in the 99user.ldif file or define my own custom [00-99]myname.ldif file. I tried this but its not working.
  I have made the assumption that there is no explicit import step for the 'user defined' schema files (as it is for user data ldif files). I assume that on start (or on opening the console), I'd be able to see the new schema after the server has read the schema file.
  I have verified that entering new objectclasses and attributes from the console adds entries into the 99user.ldif file. So why is the reverse process not working. Can anybody throw some light on this? Also in case my assumptions are faulty, please let me know.
  I did not change the aci entries in the existing ldif file. Is any modification needed there? I was logged in as the Directory Manager during this testing process.
  regards
  Sikka ([email protected])

  Hi Sikka,
  The server reads its schema configuration on startup. If you manually modify the schema files while the server is running, it will not have any effect. You have to restart the server.
  The console adds the new schema elements over LDAP (you could do that as well, you only have to modify the cn=schema entry), so the server is aware of the changes immediately and thus restarting is not needed.
  I hope this helps.
  Bertold

• Ldap schema extension to control which users / group are imported

  Hello,
  would like to have your opinion:
  would it be a good idea to implement ldap schema extensions to control
  which users / group are imported and controlled from ldap in a ldap
  mastered installation?
  e.g. we could implement the following schema extension for users:
  attributetype ( 1.3.6.1.4.1.<iana-org-id>.1.1 NAME ( 'BogusisBeehiveUser' )
       DESC ''
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  SINGLE-VALUE )
  # BogusinetOrgPerson
  # The BogusinetOrgPerson is derived from inetOrgPerson
  objectclass     ( 1.3.6.1.4.1.<iana-org-id>.1
  NAME 'BogusinetOrgPerson'
       DESC 'RFC2798: Internet Organizational Person, plus Bogus Extensions'
  SUP inetOrgPerson
  STRUCTURAL
       MAY (
            BogusisBeehiveUser )
  Then we could control the inclusion in beehive by simply switching
  BogusisBeehiveUser on or off.

  sure; that's pretty much what is talked about in the Install Guide for LDAP Integration under the "inclusion and exclusion" section, about here:
  http://download.oracle.com/docs/cd/E14897_01/bh.100/e14830/ldap.htm#CHDEFFJF
  that doesn't go into the specifics of how you might want to design your objectClass schemas, though, as beehive is agnostic to that.
  If you don't want to provision all users that match a certain existing rule (like everyone under dn=foo, or everyone where userType=employee), then adding a new attribute and building the profile inclusion rule around it is a valid thing to do.
  richard

• LDAP Schema Designer

  I am looking for a kind of LDAP Schema Designer , utility that can check consistency of my schema , detect redundancies ....
  Any suggestions?
  Thanks

  I don't know of any tool like that. The problem is actually not quite that simple, since LDAP does not implement a relational database per se, or have concepts about 1st, 2nd, 3rd, etc normal forms.
  If you want me to review and refine your schema for you, then you can hire me as a consultant. I have extensive experience in designing schema and modeling directory objects and DIT.
  Click my handle for my email address if interested.
  podzap

• What LDAP schema should I use with JMQ 2.0?

  I've just downloaded the JMS 2.0 beta for Solaris and trying to set up a admin objects store with LDAP server (NES 4.12). However I cannot find a LDAP schema file to import into the LDAP server in your release. Would it be possible to send me a copy?

  As far as I know, you don't need to import any LDAP schema into
  Netscape Directory Server 4.12 (I assume this is what you
  are using) to store the administered objects.
  Are you seeing "schema violation" errors when you use jmqobjmgr ?
  If that is the case, what lookup name are you using ? Does
  your lookup name have the form:
  "cn=myLookupName"
  In most cases (it can be overriden), LDAP servers require lookup names
  to have the above format.

• Free (java-based) LDAP server for Windows

  Hello,
  I am experimenting with JNDI. Can anyone tell me if there is a free LDAP server for Windows that I could use to run JNDI examples.
  Thanks in advance,
  Balteo.

  Attached is may slapd.conf file I used while I was working through the JNDI tutorial. You can find any comments in the original config file - I deleted them in the attachment.
  Do not forget to create the directory 'openldap-ldbm' manually in the apropriate place as defined in the config file.
  cu, Adrian
  slapd.conf
  # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
  # See slapd.conf(5) for details on configuration options.
  # This file should NOT be world readable.
  #include          %SYSCONFDIR%/schema/core.schema
  include          d:/OpenLDAP/schema/core.schema
  include          d:/OpenLDAP/schema/java.schema
  include          d:/OpenLDAP/schema/krb5-kdc.schema
  pidfile          d:/OpenLDAP/slapd.pid
  argsfile     d:/OpenLDAP/slapd.args
  database     ldbm
  suffix          "o=JNDITutorial"
  rootdn          "cn=Manager,o=JNDITutorial"
  rootpw          changeit
  #directory     %LOCALSTATEDIR%/openldap-ldbm
  directory     d:/OpenLDAP/openldap-ldbm
  index     objectClass     eq

• TF244069: An error occurred while checking the provisioning status of the reporting database schema for a PWA instance.

  The command TfsAdmin ProjectServer /RegisterPWA causes next error:
  TF244069: An error occurred while checking the provisioning status of the reporting database schema for a PWA instance.
  Project Server returned the following error: "Server was unable to process request. ---> The request failed with HTTP status 401: Unauthorized.".
   (type ProvisionException)
  Exception Stack Trace:    at Microsoft.TeamFoundation.Sync.Provisioning.ProvisionPwaDBSchema.HandleSoapException(SoapException soapException, String errorResourceString)
     at Microsoft.TeamFoundation.Sync.Provisioning.ProvisionPwaDBSchema.IsDBSchemaProvisioned()
     at Microsoft.TeamFoundation.Sync.Provisioning.ProvisionManager.Provision()
  I installed SharePoint 2013 and Project Server 2013 as farm and TFS 2012 and my account has permissions everywhere. I read article
  http://msdn.microsoft.com/en-us/library/gg412653.aspx and gave full permissions for TFS account to SQL and Project, Project app pool account to SQL, but still have an error.
  How can I find out what exactly permissions are not enough???

  The problem was in claims authentication. Changed to Windows and all worked out.