Lion Server problem - Computer is already a network directory server

So I purchased Lion Server to trial it at home and it is not going well. Initially I was having issues connecting to the web interfaces for profile manager, etc. The server was not responding and so I uninstalled server and reinstalled it from the Mac Store (FYI: Apple has charged me for the OS and the server app as a result of this for some reason!!!)
With Server reinstalled I went to set up the server as a network directory and am shown this message every time I try to set up the directory admin account: "Computer is already a network directory server - This computer is already configured to manage network accounts. It cannot be configured again."
This leaves me unable to set up any profile or device management, I have tried the following solutions:
Uninstall and reinstall server
Deleted ServerVersion plist
Reinstalled Lion
Reinstalled Lion with format of HDD (although I did recover from a Time Machine Backup which included settings)
Any help would be appreciated.

Sorry I copied the wrong log.
What is happening is the Open Directory Assistant attempts to create and Open Directory Master but fails claiming there was a configuration error and to view the configuration log which I have copied below.
2011-07-28 19:57:45 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2011-07-28 19:57:45 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2011-07-28 19:57:45 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2011-07-28 19:57:45 +0000 command: /usr/sbin/mkpassdb -o -u diradmin -p -q
2011-07-28 19:57:46 +0000
2011-07-28 19:57:48 +0000 command: /usr/sbin/mkpassdb -setadmin 0xdc9dacf8b95311e0b494d49a20d93acc 0
2011-07-28 19:57:48 +0000 Admin's entry UUID is: 9134bc0a-a748-4161-b6b2-53c136b933b9
2011-07-28 19:57:48 +0000 Setting SASL realm to <SERVER.FREEMAN.PRIVATE>
2011-07-28 19:57:48 +0000 command: /usr/sbin/mkpassdb -setrealm SERVER.FREEMAN.PRIVATE
2011-07-28 19:57:48 +0000 command: /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.PasswordService.plist
2011-07-28 19:57:49 +0000 Stopping LDAP server (slapd)
2011-07-28 19:57:52 +0000 Starting LDAP server (slapd)
2011-07-28 19:57:52 +0000 Waiting for slapd to start
2011-07-28 19:57:52 +0000 ...
2011-07-28 19:57:54 +0000 Configuring Kerberos server, realm is SERVER.FREEMAN.PRIVATE
2011-07-28 19:57:54 +0000 command: /usr/sbin/kdcsetup -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -w -a diradmin -p **** -v 1 SERVER.FREEMAN.PRIVATE
2011-07-28 19:58:18 +0000 Contacting the Directory Server
Authenticating to the Directory Server
Creating Kerberos directory
Creating KDC Config File
Creating Kerberos Database
Creating new random master key
Creating Kerberos Admin user
Creating ACL file
Adding kerberos auth authority to admin user
Starting kdc & kadmind
Adding the new KDC into the KerberosClient config record
Finished
2011-07-28 19:58:18 +0000 command: /usr/sbin/kdcsetup -e
2011-07-28 19:58:18 +0000 command: /usr/sbin/sso_util configure -x -r SERVER.FREEMAN.PRIVATE -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all
2011-07-28 19:58:19 +0000 command: /usr/sbin/mkpassdb -kerberize
2011-07-28 19:58:19 +0000 Updating user records and principals
2011-07-28 19:58:34 +0000 Asking OpenDirectoryConfig to bind to server: 127.0.0.1
2011-07-28 19:58:38 +0000 Attempting to open /LDAPv3/127.0.0.1 node
2011-07-28 19:58:38 +0000 Verified /LDAPv3/127.0.0.1 node is available
2011-07-28 19:58:40 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/127.0.0.1 -p
2011-07-28 19:58:40 +0000 Creating Root CA
2011-07-28 19:58:41 +0000 ***Error creating domain CA. Error - The specified item already exists in the keychain.
2011-07-28 19:58:41 +0000 Root CA creation failed with error - -25299
2011-07-28 19:58:41 +0000 Destroying OD master as CA creation failed with error 75
2011-07-28 19:58:41 +0000 Logging slapd container data to /var/run/slapconfig_error_1311883121
2011-07-28 19:58:41 +0000 Stopping LDAP server (slapd)
2011-07-28 19:58:44 +0000 command: /usr/sbin/slapcat -l /var/run/slapconfig_error_1311883121/user.ldif
2011-07-28 19:58:44 +0000 command: /usr/sbin/slapcat -b cn=authdata -l /var/run/slapconfig_error_1311883121/authdata.ldif
2011-07-28 19:58:45 +0000 Error retrieving kerberos realm
2011-07-28 19:58:45 +0000 CopyReplicaArray: ldap_search_ext_s failed
2011-07-28 19:58:45 +0000 Error retrieving replica array
2011-07-28 19:58:45 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.opendirectorybackup.plist
2011-07-28 19:58:45 +0000 Deleting Cert Authority related data
2011-07-28 19:58:45 +0000 No intCAIdentity, not removing int CA from keychain
2011-07-28 19:58:45 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2011-07-28 19:58:45 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2011-07-28 19:58:45 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2011-07-28 19:58:45 +0000 _destroyLDAPServer: Failed to find computer record named server.freeman.private$: 2100 Connection failed to the directory server.
2011-07-28 19:58:45 +0000 Updating ldapreplicas on primary master
2011-07-28 19:58:45 +0000 Unable to locate primary master
2011-07-28 19:58:45 +0000 Primary master node is nil!
2011-07-28 19:58:45 +0000 Unable to locate ldapreplicas record: 0 (null)
2011-07-28 19:58:45 +0000 Error setting read ldap replicas array: 0 (null)
2011-07-28 19:58:45 +0000 Error setting write ldap replicas array: 0 (null)
2011-07-28 19:58:45 +0000 Could not retrieve xmlplist from ldapreplicas: 0 (null)
2011-07-28 19:58:45 +0000 Error synchronizing ldapreplicas: 0 (null)
2011-07-28 19:58:45 +0000 Removing self from the database
2011-07-28 19:58:45 +0000 Warning: An error occurred while re-enabling GSSAPI.
2011-07-28 19:58:45 +0000 Stopping LDAP server (slapd)
2011-07-28 19:58:46 +0000 cleanKeytab: unable to retrieve default realm

Similar Messages

Problem in Publishing the certificate to directory server

I am having problem regarding the publishing the certificate.I am using iPlanet CMS 4.7 and iPlanet directory server 5.1
In the CMS >certificate manager > publishing module > mapper
It provides(manuals) two options to enable the publishing to directory server, i.e
1)create entry automatically(default plug -in)
2)Manual entry in directory and mapper to map it.
I tried both way.When automatically create option is selected it fires an error:
Failed to create the CA entry.There may be entries in the directory hierachy which do not exist.Please create them manually.
I am not able to figure out the problem,even if I create certificate hierachy in the directory server it gives the same error.Can anyone figure out the problem so i can publish certificate.Pleae mail me the solution if anybody knows.Thank you

Hi,
1. Please open the original project in Captivate 3. i.e. the .cp file in Captivate 3
2. Go to menu "Audio > Audio Settings"
3. Change the bitrate to 96kbps or 64kbps
4. Change the Encoding ferwquency to 44Khz
5. Save and close the project
6. Now open the same project in Captivate 5
7. publish the project
Audio should play correctly now..
Hope this helps.
Regards,
mukul

SUN ONE Directory Server installation Problem on Win XP

Can some one look at the installation error on WIndows XP
ERROR: Ldap authentication failed for url ldap://santoshlaptop.cook.com:51303/o=NetscapeRoot user id admin (151:Unknown error.)
Fatal Slapd Did not add Directory Server information to Configuration Server.
Configuration of the Directory Server failed.
Error Directory Server configuration failure
Checking connection to the Configuration Directory Server... failed.
The Admininistration Server cannot be configured.
Error Administration Server configuration failure
Error Configuration of the server(s) failed
Thanks a lot
Santosh

HI everyone,
I tried installing directory server 5.2 p4 on WIN XP Professional machine and got the following error:
[slapd-Teja]: starting up server ...
[slapd-Teja]: [22/Sep/2006:13:25:52 -0400] - Sun Java(TM) System Directory Server/5.2_Patch_4 B2005.230.0301 (32-bit) starting up
[slapd-Teja]: [22/Sep/2006:13:25:54 -0400] - Listening on all interfaces port 30145 for LDAP requests
[slapd-Teja]: [22/Sep/2006:13:25:54 -0400] - slapd started.
Your new directory server has been started.
Created new Directory Server
Start Slapd Starting Slapd server configuration.
ERROR: Ldap authentication failed for url ldap://ldapteja.hcs.com:30145/o=NetscapeRoot user id admin (151:Unknown error.)
Fatal Slapd Did not add Directory Server information to Configuration Server.
Configuration of the Directory Server failed.
Error Directory Server configuration failure
Checking connection to the Configuration Directory Server... done.
Registering Administration Server with Configuration Directory Server... done.
Loading Administration Server tasks... done.
Loading global Administration Server configuration... done.
Generating configuration files ... done.
Writing Administration Server keys to the Windows registry... done.
Configuration of the Administration Server succeeded.
Administration server started properly.
Error Configuration of the server(s) failed.
Click Next to continue.
In fact I did install 5.2 before on my machine but I think it was 5.2 p2. I then installed 5.1 on the same machine.. as the machine was running slow I uninstalled both 5.1 and 5.2 as well.. but from then on I cannot install 5.2 on my lasptop .. can please suggest me some thing that can fix this problem..
I had this in my host file
192.168.1.107 Teja.hcs.com..
Any help is reatly appreciated ..

Critical problem with directory server--please help!

We are having issues with some applications and the root cause seems to be the directory server. We see the following errors in the directory server log.
[03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
some other stuff in the log file:
[03/Oct/2008:11:48:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
[03/Oct/2008:11:50:26 -0600] - WARNING<20805> - Backend Database - conn=2361383 op=1 msgId=2 - search is not indexed
[03/Oct/2008:11:50:27 -0600] - WARNING<20805> - Backend Database - conn=2361384 op=1 msgId=2 - search is not indexed
[03/Oct/2008:11:50:28 -0600] - WARNING<20805> - Backend Database - conn=2361385 op=1 msgId=2 - search is not indexed
[03/Oct/2008:11:53:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
[03/Oct/2008:11:57:27 -0600] - WARNING<20805> - Backend Database - conn=2197806 op=82101 msgId=686205 - search is not indexed
[03/Oct/2008:11:57:57 -0600] - ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry "uid=s0224025,ou=People,dc=lethbridgecollege,dc=ab,dc=ca", attribute "pabURI" is not allowed
[03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
[03/Oct/2008:12:03:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
top shows the following: but cpu many times maxes out and runs 100%. Do i need to perform some indexing somewhere or is there other issues?
load averages: 3.04, 3.15, 3.55 12:11:26
224 processes: 222 sleeping, 1 running, 1 on cpu
CPU states: 37.7% idle, 40.2% user, 22.1% kernel, 0.0% iowait, 0.0% swap
Memory: 2048M real, 36M free, 2429M swap in use, 2979M swap free
PID USERNAME LWP PRI NICE SIZE RES STATE TIME CPU COMMAND
10828 mwadmin 129 59 0 0K 0K run 148.1H 24.83% ns-slapd
9466 mwadmin 70 59 0 151M 65M sleep 743:06 1.98% ns-httpd
10738 root 1 59 0 4240K 1032K sleep 34.3H 1.73% top
26298 root 1 0 0 4096K 1696K cpu 0:00 1.51% top
5759 root 9 59 0 14M 96K sleep 851:54 0.77% cctransport
13378 ward 1 59 0 0K 0K sleep 1:23 0.57% prstat
25284 root 1 59 0 68M 27M sleep 561:22 0.50% mixer_applet2
10005 mwadmin 1 59 0 68M 27M sleep 604:43 0.49% mixer_applet2
10003 mwadmin 1 59 0 69M 2600K sleep 306:12 0.25% gnome-netstatus
25282 root 1 59 0 69M 2664K sleep 274:36 0.23% gnome-netstatus
9881 mwadmin 1 59 0 17M 11M sleep 241:04 0.21% Xvnc
9896 root 1 59 0 17M 6856K sleep 245:53 0.19% Xvnc
9911 root 1 59 0 15M 5512K sleep 159:38 0.13% gconfd-2
9901 mwadmin 1 59 0 15M 5576K sleep 157:18 0.13% gconfd-2
7962 mwadmin 45 59 0 0K 0K sleep 749:45 0.10% ns-slapd
any advice would be great.
Darren

Darren,
For this error:
[03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
some other stuff in the log file:
[03/Oct/2008:11:48:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
Solution/Notes:_
The below errors are "informational" in nature.
This is not an issue with the directory server, but with a connection to the directory server and whatever(device,script, or application) is attempting this connection.
These informational errors you are seeing in the logs are typically related to incoming connections from a load balancer or switch.
It is usually some device,script or application doing monitoring of the LDAP server,port or connection.
It is found that one of the biggest culprits to be the Cisco Content Switch or load balancer.
Generally the cause of this error is a "sticky bit" setting within the Cisco Content Services Switch that is causing these errors.
These load balancers periodically ping the servers (every five seconds) to verify that they are alive.
After turning off the "sticky bit" setting, which disables the ping to the server every 5 seconds, the errors will no longer show up.
The best course of action is to find the client doing this kind of monitoring and change it's behavior.You can look at the directory server's access log for B1 errors (the same client causing the PR accept errors in the errors log will cause B1 errors in the access log) at the same time you see these errors in the errors log. Then back track the connection in the access log to find the connectiing IP address of the clienton the first BIND.
If you can not determine the client causing these errors and are concerned about your errors logs filling up then you can either turn off this error logging.
This can be done dynamically on the server with a ldapmodify command:
cd /install-root/shared/bin or cd /var/opt/mps/serverroot/shared/bin
./ldapmodify -p port -h hostname -D "cn=Directory Manager" -w password
dn: cn=config
changetype: modify
replace: nsslapd-infolog-area
nsslapd-infolog-area: 0
If you don't want to do that then you can try and modify this attribute.
"nsslapd-nagle
When the value of this attribute is off, the TCP_NODELAY option is set so that LDAP responses
(such as entries or result messages) are sent back to a client immediately.
When the attribute is turned on, default TCP behavior applies.
That is, the sending of data is delayed, in the hope that this will enable additional data to be grouped into
one packet of the underlying network MTU size (typically 1500 bytes for Ethernet)."
This will require you to stop and restart the server.
NOTE: Below is the suggested fix, however, please apply this at your own discretion as this may or may not fix the issue. It depends on the client making these connections.
1. Stop the directory server
2. Edit the dse.ldif configuration file
3. In the "cn=config
" entry, add the attribute "nsslapd-nagle" with a value of "on".
4. Start the directory server.

Directory server 4.12 and 4.15 problem with Solaris 8

Hi there,
I have been having an ongoing problem with my read/write master
directory server. It
occasionally stops responding to bind attempts and queries. The current
setup as is running
on a Sunfire 280R with Solaris 8. Up until a few days ago I was running
4.12, I upgraded this
to 4.15 to see of the problem would go away. I am running several 4.13
replicas on other
Solaris 8 machines with no problems.
The biggest problem is that this master directory server is needed for
our Iplanet messaging
server 5.1 implementation. Every time the directory fails you cannot log
in to the messaging
server. (there doesn't appear to be anyway of sending authentication to
a read only server).
Anyway I was just wanting to see if anyone else had the same problem or
had fixed it and could
provide some insight into how to fix it. Also any pointers on what to
look for in the directory
server error logs would be useful.
I had an idea that it might have been running out of available
connections so I set it to close idle
connections after 300 seconds. Is there any docs on tuning the resources
for the server or for
identifying if you have a resource problem?
Any help or ideas would be appreciated. Please contact me directly as
well as to the newsgroup
if possible.
Thanks,
Scott.
Scott Lawson
Systems Manager
Department Of Information Services
St. George's Hospital Medical School
Tooting
London SW17 0RE
UK
P: 44 (0)208 725 2896
F: 44 (0)208 725 3583
mailto:[email protected]
http://www.sghms.ac.uk
Your mouse has moved.
Windows must be restarted for the change to take effect.
Reboot now? [OK]
__________________________________________________________________

Scott Lawson <[email protected]> wrote in news:3BCAA419.E322F958
@sghms.ac.uk:
>
I had an idea that it might have been running out of available
connections so I set it to close idle
connections after 300 seconds. Is there any docs on tuning the resources
for the server or for
identifying if you have a resource problem?4.15 hotfix solves a problem with FDs running out (apparently .... we are
still testing0.
/* Christopher Burke - Spam Mail to [email protected]
|*
\* Real mail to cburke(at)craznar(dot)com

SMTP requests cause the directory server to allocate all processor resource

Using JES 2005Q1.
The problem started when adding mass number of users. When running the commadmin for a long time, the system will hang. We tuned the directory server by increasing the database, initialization and entry cache. I changed many other parameters to tune parameters. It was worthless.
I shifted to ldif and used ldapmodify to create those users.
The users were created successfully. But when the smtp traffic was directed to the server, the nslapd process will allocate 95% of the CPU in 5 minutes.
The problem is in the way the directory server is searched when it accepts an smtp request.
Knowing that the server is currently used only for Messaging Server, any suggestions on how to improve the performance of the directory?
Thanks in advance.

The "lookthroughlimit" is set to -1.
I sent from a local user on the server to the same user and the log was this :
"[04/Oct/2005:10:26:02 -0300] conn=1407 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:02 -0300] conn=1406 op=-1 msgId=-1 - closing - T1
[04/Oct/2005:10:26:02 -0300] conn=1406 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:26:02 -0300] conn=1407 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
[04/Oct/2005:10:26:02 -0300] conn=1407 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
[04/Oct/2005:10:26:02 -0300] conn=1407 op=1 msgId=2 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=marmara.terra.net.lb)(sunPreferredDomain=marmara.terra.net.lb)))" attrs=ALL
[04/Oct/2005:10:26:02 -0300] conn=1408 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:02 -0300] conn=1408 op=0 msgId=141 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:26:02 -0300] conn=1408 op=0 msgId=141 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:26:02 -0300] conn=1407 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
[04/Oct/2005:10:26:16 -0300] conn=1407 op=2 msgId=3 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=terra.net.lb)(sunPreferredDomain=terra.net.lb)))" attrs=ALL
[04/Oct/2005:10:26:16 -0300] conn=1407 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:16 -0300] conn=1407 op=3 msgId=4 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(&(uid=dede1)(objectClass=inetmailuser))" attrs="uid inetUserStatus mailUserStatus mailAllowedServiceAccess inetsubscriberstatus inetauthorizedservices nsmsgDisallowAccess mailAccessDomain mailHost mailMessageStore preferredLanguage mail mailQuota mailMsgQuota aclGroupAddr pabURI maxPabEntries preferredLocale"
[04/Oct/2005:10:26:16 -0300] conn=1407 op=3 msgId=4 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:16 -0300] conn=1409 op=-1 msgId=-1 - fd=41 slot=41 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:16 -0300] conn=1409 op=0 msgId=1 - BIND dn="uid=dede1,ou=People,o=terra.net.lb,o=isp" method=128 version=3
[04/Oct/2005:10:26:16 -0300] conn=1409 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=dede1,ou=people,o=terra.net.lb,o=isp"
[04/Oct/2005:10:26:17 -0300] conn=1407 op=4 msgId=5 - SRCH base="uid=dede1,ou=people,o=terra.net.lb,o=isp" scope=0 filter="(objectClass=*)" attrs="cn cn;lang-en givenName givenName;lang-en mail mailAlternateAddress mailAutoReplyMode mailAutoReplySubject mailAutoReplySubject;lang-en mailAutoReplyText mailAutoReplyText;lang-en mailAutoReplyTextInternal mailAutoReplyTextInternal;lang-en mailAutoReplyTimeout mailDeliveryOption mailForwardingAddress mailQuota mailMsgQuota preferredLanguage sn sn;lang-en uid vacationEndDate vacationStartDate mailHost mailSieveRuleSource sunUCDateFormat sunUCDateDelimiter sunUCTimeFormat nswmExtendedUserPrefs"
[04/Oct/2005:10:26:17 -0300] conn=1407 op=4 msgId=5 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:18 -0300] conn=1410 op=-1 msgId=-1 - fd=42 slot=42 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:18 -0300] conn=1410 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
[04/Oct/2005:10:26:18 -0300] conn=1410 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
[04/Oct/2005:10:26:18 -0300] conn=1410 op=1 msgId=2 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(|(cn=*)(ou=*))" attrs=ALL
[04/Oct/2005:10:26:18 -0300] conn=1410 op=1 msgId=2 - RESULT err=0 tag=101 nentries=2 etime=0
[04/Oct/2005:10:26:18 -0300] conn=1410 op=2 msgId=3 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(|(objectClass=pab)(objectClass=pabgroup))" attrs=ALL
[04/Oct/2005:10:26:18 -0300] conn=1410 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:18 -0300] conn=1410 op=3 msgId=4 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(memberOfPAB=AddressBookabbe53c)" attrs="un cn sn givenName mail description telephoneNumber homePhone memberOfPAB memberOfPABGroup objectClass"
[04/Oct/2005:10:26:18 -0300] conn=1410 op=3 msgId=4 - RESULT err=0 tag=101 nentries=0 etime=0
[04/Oct/2005:10:26:47 -0300] conn=1411 op=-1 msgId=-1 - fd=49 slot=49 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:47 -0300] conn=1411 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
[04/Oct/2005:10:26:47 -0300] conn=1411 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
[04/Oct/2005:10:26:47 -0300] conn=1411 op=1 msgId=2 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=terra.net.lb)(sunPreferredDomain=terra.net.lb)))" attrs=ALL
[04/Oct/2005:10:26:47 -0300] conn=1411 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:47 -0300] conn=1411 op=2 msgId=3 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(|([email protected])([email protected])([email protected]))" attrs="preferredLanguage mail mailEquivalentAddress"
[04/Oct/2005:10:26:47 -0300] conn=1411 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:47 -0300] conn=1411 op=3 msgId=4 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(|([email protected])([email protected])([email protected]))" attrs="objectClass inetUserStatus mailUserStatus inetMailGroupStatus uid preferredLanguage mailRoutingAddress mailDeliveryOption mail mailAlternateAddress mailEquivalentAddress vacationStartDate vacationEndDate mailConversionTag mailMsgMaxBlocks mailHost mailQuota mailMsgQuota mailProgramDeliveryInfo mailDeliveryFileURL maildeliveryfile mailAutoReplyMode mailAutoReplySubject mailAutoReplyText mailAutoReplyTextInternal mailAutoReplyTimeout mailSieveRuleSource mailForwardingAddress mailDeferProcessing mgrpMsgRejectAction mgrprejecttext mgrpMsgRejectText mgrpBroadcasterPolicy mgrpDisallowedBroadcaster mgrpAllowedBroadcaster mgrpDisallowedDomain mgrpAllowedDomain mgrpMsgMaxsize mgrpAuthPassword mgrpModerator mgrpDeliverTo memberURL uniqueMember mgrpRFC822MailMember rfc822mailmember mgrpErrorsTo mgrpAddHeader mgrpRemoveHeader mgrpMsgPrefixText mgrpMsgSuffixText mgmanMemberVisibility expandable"
[04/Oct/2005:10:26:47 -0300] conn=1411 op=3 msgId=4 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:47 -0300] conn=1411 op=4 msgId=5 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=ims-ms-daemon)(sunPreferredDomain=ims-ms-daemon)))" attrs=ALL
[04/Oct/2005:10:26:48 -0300] conn=1411 op=4 msgId=5 - RESULT err=0 tag=101 nentries=0 etime=1
[04/Oct/2005:10:26:48 -0300] conn=1412 op=-1 msgId=-1 - fd=50 slot=50 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:48 -0300] conn=1412 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
[04/Oct/2005:10:26:48 -0300] conn=1412 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:26:48 -0300] conn=1412 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
[04/Oct/2005:10:26:48 -0300] conn=1412 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1418 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:32:56 -0300] conn=1415 op=-1 msgId=-1 - closing - T1
[04/Oct/2005:10:32:56 -0300] conn=1415 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:32:56 -0300] conn=1418 op=0 msgId=1 - BIND dn="cn=admin-serv-marmara, cn=Administration Server, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=3
[04/Oct/2005:10:32:56 -0300] conn=1418 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:32:56 -0300] conn=1418 op=1 msgId=2 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:32:56 -0300] conn=1418 op=1 msgId=2 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:32:56 -0300] conn=1418 op=2 msgId=3 - UNBIND
[04/Oct/2005:10:32:56 -0300] conn=1418 op=2 msgId=-1 - closing - U1
[04/Oct/2005:10:32:56 -0300] conn=1419 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:32:56 -0300] conn=1418 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:32:56 -0300] conn=1419 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:32:56 -0300] conn=1419 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=1 msgId=2 - SRCH base="cn=statusping,cn=operation,cn=tasks,cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=0 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=2 msgId=3 - SRCH base="cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=2 msgId=3 - RESULT err=0 tag=101 nentries=22 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=3 msgId=4 - SRCH base="cn=slapd-marmara,cn=sun one directory server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=3 msgId=4 - RESULT err=0 tag=101 nentries=9 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=4 msgId=5 - SRCH base="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=4 msgId=5 - RESULT err=0 tag=101 nentries=16 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=5 msgId=6 - SRCH base="cn=sun one directory server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=5 msgId=6 - RESULT err=0 tag=101 nentries=13 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=6 msgId=7 - SRCH base="cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=6 msgId=7 - RESULT err=0 tag=101 nentries=22 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=7 msgId=8 - SRCH base="cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=7 msgId=8 - RESULT err=0 tag=101 nentries=17 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=8 msgId=9 - UNBIND
[04/Oct/2005:10:32:56 -0300] conn=1419 op=8 msgId=-1 - closing - U1
[04/Oct/2005:10:32:57 -0300] conn=1419 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:33:02 -0300] conn=1420 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:33:02 -0300] conn=1420 op=0 msgId=143 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:33:02 -0300] conn=1420 op=0 msgId=143 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:35:00 -0300] conn=1420 op=-1 msgId=-1 - closing - T1
[04/Oct/2005:10:35:00 -0300] conn=1420 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:35:00 -0300] conn=1421 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
[04/Oct/2005:10:35:00 -0300] conn=1421 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:35:00 -0300] conn=1421 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
[04/Oct/2005:10:35:00 -0300] conn=1421 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
[04/Oct/2005:10:35:00 -0300] conn=1422 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:35:00 -0300] conn=1422 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
[04/Oct/2005:10:35:00 -0300] conn=1422 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:35:00 -0300] conn=1422 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
[04/Oct/2005:10:35:00 -0300] conn=1422 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
[04/Oct/2005:10:35:00 -0300] conn=1422 op=2 msgId=3 - UNBIND
[04/Oct/2005:10:35:00 -0300] conn=1422 op=2 msgId=-1 - closing - U1
[04/Oct/2005:10:35:00 -0300] conn=1422 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - closing - B1
[04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:35:02 -0300] conn=1423 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:35:02 -0300] conn=1423 op=0 msgId=144 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:35:02 -0300] conn=1423 op=0 msgId=144 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:35:31 -0300] conn=1424 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 127.0.0.1 to 127.0.0.1
[04/Oct/2005:10:35:31 -0300] conn=1424 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:35:31 -0300] conn=1424 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:35:31 -0300] conn=1424 op=1 msgId=3 - UNBIND
[04/Oct/2005:10:35:31 -0300] conn=1424 op=1 msgId=-1 - closing - U1
[04/Oct/2005:10:35:31 -0300] conn=1424 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.21 to 212.98.130.20
[04/Oct/2005:10:37:05 -0300] conn=1423 op=-1 msgId=-1 - closing - T1
[04/Oct/2005:10:37:05 -0300] conn=1423 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:37:05 -0300] conn=1425 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=coral.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
[04/Oct/2005:10:37:05 -0300] conn=1425 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:37:05 -0300] conn=1425 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
[04/Oct/2005:10:37:05 -0300] conn=1425 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
[04/Oct/2005:10:37:05 -0300] conn=1426 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.21 to 212.98.130.20
[04/Oct/2005:10:37:05 -0300] conn=1426 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=coral.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
[04/Oct/2005:10:37:05 -0300] conn=1426 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:37:05 -0300] conn=1426 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
[04/Oct/2005:10:37:05 -0300] conn=1426 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
[04/Oct/2005:10:37:05 -0300] conn=1426 op=2 msgId=3 - UNBIND
[04/Oct/2005:10:37:05 -0300] conn=1426 op=2 msgId=-1 - closing - U1
[04/Oct/2005:10:37:05 -0300] conn=1426 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - closing - B1
[04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:37:17 -0300] conn=1427 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:37:17 -0300] conn=1427 op=0 msgId=145 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:37:17 -0300] conn=1427 op=0 msgId=145 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
This log was generated when the message was sent and recieved.
Thanks for the help.

Account on LDAP Directory Server.

Folks,
I am trying to provision user using 'Anonymous Login' concept on Lighthouse as well as on
Directory Server, i am having IDM 7.1, Directory Server is already configured in my IDM.
Just wanted to know which all WorkFlow / UserForms do i need to customize to achieve this ?
Anticipatring help from folks.
Randhir Singh

Never mind, I found the solution myself - I had to reinitialize the LDAP administrator.

Unable to Start/Stop Directory server from console

We have two Directory Server 5.2 installations with both running as masters with replication between them. One of them was installed with the admin server and the other without. On the one that was installed without the admin server we added it afterwards.
We now find that on the one that had the admin server installed after the directory server that we cannot start/stop the directory server from the server console nor can we view or access backups or logs from the console. The system does however create the log and backup files and we can start/stop it from the command line.
I read in a post somewhere that the admin server can be created with a different user from the directory server or with the same username but a different domain and wondered if that was the problem but have looked through the configuration files on both machines and haven't managed to spot a discrepancy.
Does anyone have any ideas where and what to check?
Thanks in advance.
Peter

Ah, I wouldn't have recognized this scenario if you didn't report the scrozzled user name. The "access denied" error happens for the simple reason that 'IAyjcJlYKL' is not a valid user in your domain. Fancy that. If you look in your config.xml for the "node-manager-username" element, you may find the value is encrypted, and probably is 'IAyjcJlYKL'.
It might be best if you filed a support case for this. I can make some guesses about what you should do, but it's just a guess. In any case, if you try fixing something, make a backup of the file first.
The two things you can try doing are (backup the files and shut down everything first):
* Edit the nm_password.properties file, replacing the one "hashed" line with two lines, setting the "username" property and the "password" property, both in cleartext. When the nodemanager starts up, it will replace those two lines with the "hashed" value.
* Edit the config.xml file, replacing the values in the "node-manager-username" and "node-manager-password-encrypted" elements with their cleartext versions.
Then start up the nodemanager and server.
I'm familiar with this because I saw this happen, and I'm trying to remember the strange thing we had to do. I worked this out with BEA support a while ago. If it helps, my case number was #796710.

IDS 5.x: Is a separate configuration directory server instance even needed?

Because iDS 5.x supports multiple database instances, why is there a need to suggest installing the directory server with a separate configuration directory server instance (on say port 390)?
In large multi-tiered iDS 4.x directory server implementations, using a single master configuration directory server is very cumbersome, so many implementations are using a local configuration directory server instance, on port 390 with the data instance on the usual port 389.
With the iDS 5.x release, we will be implementing local directory server instances, all on port 389, on all of our tiered LDAP servers. There will be no separate configuration directory server instance, as it is not needed.
At this point, I am questioning the "best practices" suggested by the SunOne documentation to use a separate configuration directory server instance. It does not need to be on a separate port now with iDS 5.x supporting multiple databases.
And I note that the present "/usr/sbin/directoryserver setup" script will not allow for a directory instance to be installed on port 390.
Adam

Yes, with iDS 5.X, it's much safer to have the o=NetscapeRoot tree served by the same instance as your corp/user tree. The separation approach was created to avoid the pitfalls when importing LDIF, but the -n argument to ldif2db lets you avoid such problems.

Unable to use SSL between Access Manager and Directory Server

I am trying to set up Access Manager to use SSL when communicating with Directory Server. Access Manager 7 is running under Sun Web Server 6.1. I have configured Directory Server to use SSL using a Self-Signed CA and have imported the CA certificate into the certificate database for Web Server. When I change the Access Manager configuration as specified in the Admin Guide to use SSL and restart the Web Server, Access Manager fails with the message
(among many others)
netscape.ldap.LDAPException: SSL connection to
eauth1.arc.nasa.gov:636, SSL_ForceHandshake failed: (-8157) Certificate extension not found. (91); Cannot
connect to the LDAP server
I am able to connect to the Directory Server instanc with JXplorer using SSL (with a complaint about an unknown CA). Can someone explain the error message so that I can fix the problem or work around it?
Thanks

in the initial part of AMConfig.properties, you'll find an entry similar to trustSSLCerts . This, by default, is set to false. Trying setting it to true (AM web server instance will need a restart). This lets AM continue with SSL handshaking inspite of errors. Am not sure if this affects AM to DS connectivity as well. It sure affects AM to AM communication (in a multiple server configuration).
Naturally, it is not recommended that you use this feature when you are ready for production, but atleast it'll let you be sure that apart from the cert issue, everything else is okay.
Hope this helps.

Domino R6 Sun ONE Directory Server 5.2 SSL Integration

We are trying to integrate Lotus Domino R6 server with the third party Sun ONE Directory Server 5.2.
We were successful in the integration without SSL.
Next we are trying to enable SSL communication between the two. We have configured the Certificates on both the servers. We get the following error on the Directory server (access logs).
[18/Jan/2005:16:57:14 +051800] conn=12903 op=-1 msgId=-1 - fd=161 slot=161 LDAPS
connection from 172.xx.xx.xxx to 172.xx.x.xx
[18/Jan/2005:16:57:14 +051800] conn=12903 op=-1 msgId=-1 - SSL error -8101 (Cert
ificate type not approved for application.); unauthenticated client CN=sun-dwc.xxxxxxxx
.com, OU=TCS, O=PGS, L=Bangalore, ST=Karnataka, C=IN; issuer CN=beTRUSTed M
achine CA - RSA Implementation, OU=beTRUSTed CAs, O=beTRUSTed
[18/Jan/2005:16:57:14 +051800] conn=12903 op=-1 msgId=-1 - closing - B1
[18/Jan/2005:16:57:14 +051800] conn=12903 op=-1 msgId=-1 - closed.
Can someone please help. Thanks.

Hi
We had the same exact problem.
The thing is that Domino uses SASL to authenticate against the LDAP directory as soon as the option "make this domain available to notes client & internet authentication" is checked in directory assistance.
A workaround is to disable client authentication on the encryption tab of the sun directory server, but this is not what we want.
Did you find another solution ?
Thanks
Yann

Directory server 6 failover

I plan to have failover capability between two directory servers, they both are java system directory server 6 enterprise edition. I am not sure if the replication is the right solution for failover. How does the failover work? All my systems are solaris 9 systems and I already have one directory server 6 as ldap server and one native solaris ldap client as a test client.
thanks,
--xinhuan

Thanks for your information.
I still don't understand what the proxy server will be doing. If I put two directory server ips on the client side configuration file, will the client connect to the other server in case one server is down automatically, given that I am using native Solaris ldap client. Why it is necessary to put a proxy server in front of the two master servers? I actually don't need the load balancing but indeed, I need the failover feature. If I don't use the proxy server, does the failover happen automatically or by human intervention?
thanks,
--xinhuan

Evaluation Install of Directory Server

Hi,
This is a real beginner's question. I'm trying to evaluate iPlanet as a web server running on Windows 2000. I'm trying to test basic authentication, and so I installed iPlanet Directory server after installing the Web Server. When I logged into the administration server for the Web Server, and went to the Users and Groups tab, when I went to create a new user, I was told that I didn't have the right permissions to add a user on hitting the Create button. I figured that the problem was that I had installed Directory Server with a separate user name and password from the one to administer the web server. So I then uninstalled Directory Server and tried to reinstall it so that the passwords would match. But even though I've completely uninstalled Directory Server, I can't reinstall it. The installer runs, but it always tells me that it can't write to the LDAP directory after all the files are copied -- even though I've completely uninstalled and deleted the iPlanet folder.
Any ideas? All I really want to do is a very minimal working install of the web and directory server so I can test authentication and other functionality...
Thanks,
--John

Figured this one out on my own. Here's a note to all you Windows users. Don't try to install DS on a Windows 2000 box via a terminal session or a Remote Desktop Connection. You have to be logged directly onto the physical box in order for the DS installer to run.

Single directory Server for Messaging and Portal

We are trying to unify our directory services.
At present, there two directory servers, one for iPlanet messaging 5.2 and another for Portal server 6.0.
Messaging's Directory server is v5.1 and Portal's Directory server is v5.2. Their BaseDN is same.
Now, What we are planning to do is as below.
1. LDIF everything from Msgr Directory and import into Portal's Directory.
2. Point Msg Server to the Portal's directory.
But, we are not sure what to export or how to tell messaging server to look at the Portal's Directory. Any help will be greatly appreciated!!!
Thanks
Srini

What you are trying to do is non-trivial.
Setting the ldap server for user and groups on the mail server is easy enough -- look at the output of configutil and you will find the values of local.ugldap*
define the values you need to change.
e.g.:
local.ugldapbasedn
local.ugldapbindcred
local.ugldapbinddn
local.ugldaphost
local.ugldapport
etc.
These are all listed in the messaging reference manual.
You need to ensure that the schemas of the two apps. match. For example, if you are using schema 1 for mail and schema 2 for the portal (quite likely), there will be a lot more work to do on the directory than simply moving the user entries accross and merging them.
Unless you have done this sort of thing before, or feel very comfortable and knowlegable about how the messaging server in partuicular works with LDAP, I would suggest that you seriously consider getting help from Sun Professonal Services.

Issue w/ Case Differences Using the IBM Directory Server MA

We have the following issue using the IBM Directory Server MA using FIM 2010 R2 (Version 4.1.3479.0).
We provision a new object, e.g., uid=jdoe,ou=users,o=contoso, into an instance of IBM Directory Server
The object is created in IBM Directory Server as uid=jdoe,ou=users,o=contoso
A Full Import on the IBM Directory Server MA runs and confirms the export
Subsequent imports, sync, and exports run successfully
<Time passes>
A Full Import on the IBM Directory Server MA runs, and this object shows up as a staging-error (uid=jdoe,ou=Users,o=contoso)
Subsequent imports and syncs report errors on this object (staging-error)
Note that we do not manipulate the anchor (DN) of this object once it is created in IBM Directory Server. Other attributes are synchronized, but the object is never renamed/moved. This case change does not happen with all of the objects brought
in during the Full Import, but the number of instances do increase periodically. At this point, it does look like the import is changing from a lowercase "u" to an uppercase "U" but not vice versa.
I found a related
TechNet article containing the following remark:
"IBM Directory Server does not guarantee that the case of a DN component will match in all instances. On a synchronization or import from IBM Directory Server, this can manifest itself as an unexpected update. For example, if you create
O=TEST, and then create the user cn=MikeDan,O=TEST, this might be imported from IBM Directory Server as
cn=MikeDan,O=test. Because of the case difference, FIM treats this as an update on subsequent full imports."
Unfortunately, the article does not propose a resolution.
Has anyone encountered this issue? More importantly has anyone resolved this or found an acceptable workaround?
Note that deleting the connector space is not an acceptable workaround. :)

I remember experiencing this issue when we were on 5.0, and I believe it persists through 5.1 as well.
There is a comment in the 5.2 release notes that something similar was fixed:
Changing case sensitive attribute values failed in MMR. (4624693)
If I had to take a wild guess, I would say that the server does some internal checking to see if the value has changed, possibly based on the attribute syntax, to avoid replicating "changes" that really don't change anything except case. I doubt that all your custom attributes are case-sensitive, though. Enabling replication probably "turns on" this behavior, which doesn't go away even if replication is disabled.
In any case, you're probably out of luck unless/until you upgrade to 5.2.

Lion Server problem - Computer is already a network directory server

Similar Messages

Maybe you are looking for