Limit ldap connections
Hi,
I have a Directory server 5.2 SP4 installed on a solaris machine which is used by more than 1000 Linus/Solaris clients for user authentication. Some clients do a multiple LDAP connections which is more than 900 connections per min, which is hitting the performance of the Directory. Is it possible to limit the # of connections which a client can create. Say any client should can only create 50 connections per minute.
Thanks
Srikanth
Sun Directory Server does not have the ability to throttle clients connections (based on IP addresses).
Regards,
Ludovic.
Similar Messages
-
Issue with LDAP Connection becuase of Network issue
Hello All,
We have some network issues going on which is causing the NIC (Network interface card) to failover to another NIC. Due to this failover SUN access manager's LDAP connection pool fills up and we see errors in logs "Directory is down". We have to restart the Access manager to resolve this issue which refresh the connection pool of LDAP.
Now we have set the setting as recommended in admin guide/tuning guide. Like
1. Set event connection idle timeout to less that firewall or loadbalancer idle timeout value.
2. event connection retry count and interval on perticular error code.
Despite of above settings its not working out. Is there other way to get all the stale connections back to the LDAP pool without restarting the server?
Or something which handles the network failover or failback?
Regards
Chetan KulshresthaThe user search name is the value you should be looking at in the LDAP attributes, that's the one that it will send to LDAP on a logon attempt. If you changed this value after mapping a group, I'm not sure but you may have to remap the group to get the change.
So on the LDAP side verify the user search attribute = the username you expect to login with (i.e. cn, samaccountname, uid, etc)
Regards,
Tim -
How to disable SSLv3 and keep only TLS for LDAP connection.
Hi,
I'm planning to keep only TLSv1.2 for LDAP connections.
I tried to set LDAP_OPT_SSL_INFO in LDAP Session Options using a SecPkgContext_ConnectionInfo Structure with dwProtocol SP_PROT_TLS1_2_CLIENT(as described here - https://social.msdn.microsoft.com/Forums/en-US/7544226d-97e1-4dae-a377-e382c2281e91/how-to-set-up-tls-in-ldap-connection?forum=vcgeneral),
but it returns LDAP_PARAM_ERROR.
I tried to call this function directly after ldap_sslinit/ldap_init and before ldap_connect() - without success, I tried to use other parameters with default values, I tried to initialize them by 0/other possible values - and also no success.
How I can do this?
Thanks for your advices.LDAP_PARAM_ERROR
https://msdn.microsoft.com/en-us/library/aa367026(v=vs.85).aspx -
We are using the Sun jndi 1.2.1 files from a Java client to
access the IBM SecureWay Directory 3.2 server. Our test case is
retrieving entries using the ctx.getAttributes (String, String[])
method. Occasionally we are receiving the following error.
java.lang.NullPointerException
at com.sun.jndi.ldap.Connection.run(Connection.java:525)
at java.lang.Thread.run(Thread.java:481)
The java.lang.NullPointerException is coming from the Sun JNDI file.
Our program is not catching this exception.
Has anyone seen this problem before and have any ideas on how this can be resolved?Download and use LDAP 1.2.3 or JDK 1.3.1.
The problem should go away. -
LDAP connections with multiple proxy instances
After configuring LDAP connectivity through the Admin application on a machine with multiple proxy instances I end up with:
number of proxy instances x LDAPConnPool times number of connections to the LDAP server.
Question: Is it possible to prevent some of the proxy instances from opening LDAP connections?Hi
Increase the IDLE timeout value on the LDAP server. Of course, this just extends the inevitable. Check if there is a way to disable IDLE timeout on LDAP server.
Regards,
Nagendra HK -
LDAP connectivity in web Dynpro
How to do LDAP connectivity in web dynpro to make use of UME
After installing the LDAP go to configtool UME
Select the option from the dropdown
then
Provide the server name : The server in which you have installed the LDAP
port :389/636
username=cn=<the username>,o=<context name>
password=<the passsword provided by you while installing>
browse to find the data for the path below
userpath
grouppath
After this the UME in portal can be configured in the LDAP -
LDAP Connection exception: unable to retreive the specified realm(s).
I am using Embedded OC4J and I have a web form based authentication (j_security _check) and configured my orion-application.xml to use LDAP connection in this way:
<?xml version = '1.0' encoding = 'windows-1252'?>
<orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd">
<jazn provider="LDAP" location="ldap://192.168.1.114:389"
default-realm="cn" jaas-mode="doAsPrivileged"/>
<jazn-loginconfig>
<application>
<name>ceads</name>
<login-modules>
<login-module>
<class>oracle.security.jazn.login.module.LDAPLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>oracle.security.jaas.ldap.connect.pool.prefsize</name>
<value>10</value>
</option>
....... other LDAp parameters ...
When I try to log in, is always failed and I get this exception. I have no Idea what to do.
javax.security.auth.login.LoginException: oracle.security.jazn.JAZNException: The system is unable to retreive the specified realm(s).
at oracle.security.jazn.spi.ldap.LDAPRealmManager.searchRealms(LDAPRealmManager.java:1194)
at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealm(LDAPRealmManager.java:238)
at oracle.security.jazn.login.module.RealmLoginModule.getRealmFromUsername(RealmLoginModule.java:247)
at oracle.security.jazn.login.module.RealmLoginModule.getRealm(RealmLoginModule.java:219)
at oracle.security.jazn.login.module.RealmLoginModule.getRealmUser(RealmLoginModule.java:198)
at oracle.security.jazn.login.module.RealmLoginModule.authenticate(RealmLoginModule.java:111)
at oracle.security.jazn.login.module.RealmLoginModule.authenticate(RealmLoginModule.java:86)
at oracle.security.jazn.login.module.AbstractLoginModule.login(AbstractLoginModule.java:265)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
at oracle.security.jazn.oc4j.GenericUser$1.run(JAZNUserManager.java:818)
at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
at oracle.security.jazn.oc4j.GenericUser.authenticate(JAZNUserManager.java:814)
at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
at com.evermind.server.http.EvermindHttpServletRequest.checkAndSetRemoteUser(EvermindHttpServletRequest.java:3760)
at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipalInternal(EvermindHttpServletRequest.java:3727)
at com.evermind.server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6350)
at com.evermind.server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3030)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:738)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234)
at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29)
at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.IllegalStateException: LDAP properties not properly defined. Please check your JAZN configuration.
at oracle.security.jazn.spi.ldap.LDAPContext.getDirContext(LDAPContext.java:476)
at oracle.security.jazn.spi.ldap.LDAPContext.getDefaultDirContext(LDAPContext.java:246)
at oracle.security.jazn.spi.ldap.LDAPContext.getOrclRootCtxDN(LDAPContext.java:187)
at oracle.security.jazn.spi.ldap.LDAPContext.getSiteJAZNCtxDN(LDAPContext.java:222)
at oracle.security.jazn.spi.ldap.LDAPRealmManager.searchRealms(LDAPRealmManager.java:1087)
... 37 more
Edited by: user6112181 on 15-oct-2010 19:30
Edited by: user6112181 on 15-oct-2010 19:31Hi,
Can you access the URL using a browser? Does it work with the credentials used for the RunAs account?
Strange error message though - are the account you are running the console with, present in the SCSM CMDB?
Regards
//Anders
Anders Asp | Lumagate | www.lumagate.com | Sweden | My blog: www.scsm.se -
LDAP Connection - users in more than one group
Hallo.
I set up an appl. with ldap connection (Novell eDirectory 8 / Novell 6.5).
Working fine for users in an specified container.
Using (Based on a pre-configured scheme from the gallery
; Show Login Page and Use LDAP Directory Credentials)
LDAP DN STRING=
cn=%LDAP_USER%,o=los
only users in container los can connect,
Using
LDAPDN=
cn=%LDAP_USER%,ou=amt10,o=los
now menbers of amt10 can connect but no one else
Is there an hint to get it work recursive ? (like mod_auth_ldap in apache does ?) So all users in any conainer under o=los will able to connect
I have nearly 1000 Users in ~50 Containers, what sould I do best? What is misconfigured?
RalfI'm using a nifty little application call iCalPublish. Check it out at http://www.buddy.com/ical/
sb -
WLS 9.2.1 keeping huge no of opn Embedded LDAP connections
Hello All,
While using Embedded LDAP, we see a huge no of open LDAP connections through Admin console.
We checked the following options:
GroupMembershipSearching=limited
MaxGroupMembershipSearchLevel=5
But still the same issue persists.
Any idea?
/edAre all these sockets actually listening or are they waiting to be closed? You can use netstat -a to find the status of these LDAP sockets.
May be they are not being closed properly. -
Hi,
We are developing a Webcenter portal application using Webcenter 11g along with UCM 11g.
We have integrated the Weblogic with external LDAP(i.e) we r not using the default LDAP comes with Weblogic
We have also integrated the whole set up with OAM. We are using RIDC APi to check-in/update/fetch the content from UCM. We are facing following issue,
1. We are able to login to UCM Admin console and check-in the content. But we are unable search and check-out the content via UCM Admin cosole . We are getting the below exception,
Caused by: oracle.stellent.ridc.protocol.ServiceException: Unable to retrieve search results. Unable to execute service method 'getPreferredLanguage'. oracle.security.idm.IMException: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 1 : No LDAP connection available to process request for DN: cn=orcladmin.. oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 1 : No LDAP connection available to process request for DN: cn=orcladmin.. oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 1 : No LDAP connection available to process request for DN: cn=orcladmin.. javax.naming.NamingException: No LDAP connection available to process request for DN: cn=orcladmin..
2. Also we are getting the same exception when we try to check-in/update/fetch the content from the portal application via RIDC.
Is there any config is missing or else as external LDAP is configured is there any configuration required at UCM end as well as in RIDC end
Thanks in advanceHi ,
I am getting the same exception.Have you got the solution for this.
Regards;
Vinay -
Problem when specifying LDAP connection
Hello,
i have a problem when creating a new LDAP connection.
After selecting LDAP server from drop-down list (value "192.168.121.3:389" without quotes), the error message appears.
Status : Failure -String index out of range: -1
This LDAP server is probably taken from local configuration, which works well with SQLPLUS.
Screenshot can be seen here :
http://img254.imageshack.us/my.php?image=ldaptestso1.png
SQL Developer version is fresh download of Oracle SQL Developer 1.5 (1.5.0.53.38) [Released 23 April 2008], version for Windows with the JDK1.5.0_06 in zip archive.Even I have the same question... where is the problem? Looks like you have missed out the real part.
Annie. -
Exchange 2010 EvenID 2070, LDAP connects to demoted AD server
Running Exchange 14.3.224.4002 on Server 2008R2 SP1.
Every 20 minutes i see this Event appearing in my application logs:
Process MSExchangeMailboxReplication.exe () (PID=4116). Exchange Active Directory Provider lost contact with domain controller <demoted.domain.controller> Error was 0x51 (ServerDown) (Active directory response: The LDAP server is unavailable.).
Exchange Active Directory Provider will attempt to reconnect with this domain controller when it is reachable
Demoted this server as documented with DCPROMO. All DNS records from this server are removed a long time ago and Exchange was restarted several times. Performed a succesvol DCDIAG /test:dns. Even
did the rename trick on C:\Users\<username>\appdata\roaming\microsoft\mmc\Echange Management Console. Can someone please shine some light on this?Hi,
This error indicates that the DC was closing the LDAP connection. I suggest to set the following registry value to 2 in order to increase the logging level on the DC for discovering this issue.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\16 LDAP Interface Events
After this step, DC will start generating other events every time it disconnected Exchange. Please collect and post these events for troubleshooting.
Refer to this blog for more information
http://blogs.technet.com/b/bill_long/archive/2014/03/19/ldap-send-queue-limits-cause-event-2070-and-2084.aspx
Best Regards.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Lynn-Li
TechNet Community Support -
Limit open connections per each database session in Oracle 11
Hi for All,
Please, I would like to know what the limit of connections per session in Oracle 11. This issue is relevant to the use of UTL_TCP for connections with ATMs. Also, someone would have some other approach or suggestion of communication architecture with Automated Teller Machine?
Regards,
Edited by: user11118871 on 04/02/2010 07:30I suspect Spotlight is showing you the PGA plus the entire mapped portion of shared memory or the total of all shared memory pages visited. On HP-UX these are the kind of numbers you would get from ps, which may be Spotlight's source for the data.
The glance utility of HP-UX is a more useful way to obtain detailed information on process memory usage.
Regards,
Jeremiah Wilton
ORA-600 Consulting
http://www.ora-600.net -
Hello MDM guru's,
Happy New Year
Could anyone guide me how to achive MDM -LDAP connectivity. can any one please share their document used for above said connectivity in their company or steps how to perform it.
Thanks in Advance
cheers
Srihari ReddyIf you check the MDM Console reference guide here :
https://websmp105.sap-ag.de/~sapidb/011000358700006291622006E
You will find that there is a complete appendix regarding how MDM and LDAP is working and how to implement it.
regards
Mark -
I'm interested in setting up connection pooling for LDAP. Our J2EE app is running on JBoss, and the database connections are already pooled through JCA using the provided JDBC resource adapter.
So, I have investigated JCA a bit to see if that is the way to go to implement connection pooling for LDAP, but I haven't come to a conclusion yet. If I was to use JCA, it looks like I would need to create a resource adapter for LDAP, which does not seem to be a trivial task. Or is there already a resource adapter out there for the Sun Directory Server?
For what I am trying to accomplish (connection pooling) is JCA overkill? If so, what would be the best course of action to take?
Thanks,
JeffI guess you are talking about Context Pooling ...... The new version of JNDI ( not sure from when...) has
context pooling in-built.... all you got to do is set the env property for pooling 'on'.....
env.put("com.sun.jndi.ldap.connect.pool", "true");
for further details
http://java.sun.com/products/jndi/tutorial/ldap/connect/pool.html
Maybe you are looking for
-
How do I share purchased movies with family members?
Can I share a purchased movie or TV show with other family members NOT using Home Sharing? Can I transfer the purchase (like a gift) to someone else?
-
Creation of RMS ID for Dispute management system
Hi All, I have went into Create RMS ID IMG config and selected S_AREA_CMG. Under RMS_ID node, i can see UDM_DISPUTE RMS ID. How can i copy this RMS ID and create a custom RMS id for my client. Any help in this regard will be highly appreciated. Thank
-
Problem in pre populated adapter in OIM 11 g R2
hii i have followed following steps regarding the pre populated adapter ,but no luck. java code : package com.oracle.demo.iam.prepop.plugin; import java.io.Serializable; import oracle.iam.request.plugins.PrePopulationAdapter; import oracle.iam.reques
-
OnPremise SSAS and Online SharePoint (Office365)
Hi, I am new to office 365. My current assignment requires to connect on-premise SSAS and display dashboards,scorecards, KPI etc., on online sharepoint (Office 365). Please somebody provide me insights whether it is possible to connect on premise SQL
-
Workflow for Parked Document (FV60)
Hi, Can anyone tell me which workflow to be used for Parked Documents. The tcode is FV60. And I want to know what are all the settings have to be done in SPRO tcode. Can anyone provide me step by step procedure?? I think there are some 5 workflows