Messaging server and external LDAP user store

Similar Messages

• Error while configuring external LDAP user store with weblogic

  Hi,
  I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
  To do this, I have configured authentication provider and provided all the required details to connect to ldap.
  For example:
  Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
  User DN: ou=People,dc=test,dc=com
  Group DN: ou=Groups,dc=test,dc=com
  This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
  In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
  password=xxxxxxx
  username=admin
  Now while starting the admin weblogic server, I am getting the below error:
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  Truncated. see log file for complete stacktrace
  >
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
  Regards,
  Neeraj Tati.

  Hi,
  Please refer the below content that I found for Oracle 11g in the docs.
  "If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
  By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
  The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
  If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
  Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
  The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
  When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
  Here not sure what to do.
  Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
  Regards,
  Neeraj Tati.

• External LDAP user only has search priviledge in UCM

  After I have configed external LDAP successfully in weblogic console, I can see all user from external LDAP. And external LDAP user can login UCM successfully, but these users only has search priviledge. I want external LDAP user has Admin priviledge as weblogic(Default in embed LDAP). How to solve it. Any help will be appreciated greatly! Otherwise, I refer to Oracle's ducument,
  51.1.14 LDAP Users Not Receiving Some Administrator Privileges
  UCM inspects for the group "Administrators" on each user's login to grant UCM roles. If a user should have access to the UCM admin server, the UCM server requires that the user be a member in a group named "Administrators."
  How to add external LDAP user to the group of Administrators.

  Hi ,
  You can use Credential Maps to be achieve the requirement:
  Steps for the same are :
  1. Login to UCM - Administration - Credential Maps .
  2. Create the map name and the following mapping :
  <ldap role> , admin
  3. Save the changes
  4. Navigate to <domain_home>/ucm/cs/data/providers/jpsuserprovider/provider.hda
  add the following variable there :
  ProviderCredentialsMap=<map name created in step 2>
  5. Save the changes and restart ucm server .
  After that login with the user who has the ldap role that is mapped in stpe 2 , this user will have the ucm admin role .
  Hope this helps .
  Thanks
  Srinath

• Microsoft Lync Server 2013, Backup Service user store backup module detected items having pool ownership conflict during import.

  Dear Team,
  I have two Enterprise lync 2013 pools, abcPool and abcpool1. abcPool1 has got two servers, Server1 and server2. and abcpool has one FE server named "Server 3". and they have pool pairing.
  Replication was fine between them when i had only one FE server in each pool, one day FE service broke on one of the FE server on abcpool1 and failed to start so i had to do failover to another pool, at that time i introduced one more FE in abcPool1, that
  why now 2 FEs in abcPool2. Server1 FE service was resolved by reinstalling the binaries. However after that im unable to get the backupservice state to normal, i tried the below articles with no luck,
  http://social.technet.microsoft.com/Forums/lync/en-US/0403621e-26b6-4cd0-bbca-8534a20de665/backup-service-pool-ownership-conflict-during-import?forum=lyncdeploy 
  http://msucmenow.blogspot.in/2013/05/troubleshooting-lync-2013-pool-pairing.html
  "Event on Server 1"
  Log Name:      Lync Server
  Source:        LS Backup Service
  Date:          1/21/2014 8:02:33 AM
  Event ID:      4073
  Task Category: (4000)
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:      ABC.net
  Description:
  Microsoft Lync Server 2013, Backup Service user store backup module detected items having pool ownership conflict during import.
  Items having pool ownership conflict: 
  ItemId: 1b3be172-b121-43cf-bd4e-b3d368eae6a9, DocId: 7972, DocName: urn:hcd:[email protected]
  ItemId: 1b3be172-b121-43cf-bd4e-b3d368eae6a9, DocId: 7973, DocName: urn:lcd:[email protected]
  ItemId: 1b3be172-b121-43cf-bd4e-b3d368eae6a9, DocId: 7974, DocName: urn:upc:[email protected]
  PS C:\Users\lyncadmin> Get-CsBackupServiceStatus -PoolFqdn pool1.net | fl
  ActiveMachineFqdn   : abc1.net
  OverallExportStatus : SteadyState
  OverallImportStatus : ErrorState
  BackupModules       : {UserServices.PresenceFocus:[SteadyState,ErrorState],
                        ConfServices.DataConf:[FinalState,NormalState],
                        CentralMgmt.CMSMaster:[FinalState,NotInitialized]}
  Following error in "Lync Server" logs on server3 on abcPool.
  Log Name:      Lync Server
  Source:        LS Backup Service
  Date:          1/21/2014 9:37:47 AM
  Event ID:      4069
  Task Category: (4000)
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:     SQL1.net
  Description:
  Microsoft Lync Server 2013, Backup Service user store backup module encountered an exception that was handled gracefully when importing document batch.
  Batch file: UserServices\PresenceFocus\1-UserServices-8\Data\488bc218-9954-4caf-a5da-89efdb7b85a7_0_1562.xml.
   Exception: System.Data.SqlClient.SqlException (0x80131904): Snapshot isolation transaction aborted due to update conflict. You cannot use snapshot isolation to access table 'dbo.Batch' directly or indirectly in database 'rtcxds' to update, delete, or
  insert the row that has been modified or deleted by another transaction. Retry the transaction or change the isolation level for the update/delete statement.
  Log Name:      Lync Server
  Source:        LS Backup Service
  Date:          1/21/2014 9:52:45 AM
  Event ID:      4064
  Task Category: (4000)
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:     SQL1.net
  Description:
  Microsoft Lync Server 2013, Backup Service user store backup module encountered an exception that was handled gracefully during export.
  Additional Message: 
   Exception: System.IO.IOException: The process cannot access the file '\\SQl1.net\LyncShare\1-BackupService-10\BackupStore\UserServices\PresenceFocus\Cookie\Cookie.zip' because it is being used by another process.
     at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
     at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath,
  Boolean checkHost)
     at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
  Praveen | MCSE Messaging 2003

  When you add a new FE in pool acdpool1, please check you have run the following:
  <system drive>\Program Files\Microsoft Lync Server 2013\Deployment\Bootstrapper.exe
  For the details, check
  http://technet.microsoft.com/en-us/library/jj204773.aspx
  Lisa Zheng
  TechNet Community Support

• Configure messaging server and MTA on different machine

  Is there anyways to install / configure messaging server and MTA on different machine? I am using Sun One Messaging server 6.0
  Thanks
  Haris

  Thanks for the reply, How MTA can be disabled on the
  messaging server? how can i disable the store on the
  MTA machine, Is there any documentation for it?Yes, the documentation helps you. You cannot totally disable the MTA. If you did, how would you get mail to the store?
  Also
  is it possible to use some another machine for
  webmail?Well, um, kind of. The webmail interface provided with Messaging Server interacts directly with the store, so you can't truly run that remotely, but .. .
  You can install the server on a remote box, and turn on "Messaging Express Multiplexor", a proxy for webmail. Users can then connect to the MEM box, and be forwarded to the store for their mails.
  It should be possible to use a third-party webmail product that uses something like IMAP to talk to the store, too. that would be unsupported, but possible. Most users find MEM to be very good.
  What problem are you trying to solve? Perhaps I can better help you if I know why you're asking these questions, and offer a better solution to you.
  >
  Thanks
  Haris

• Adding LDAP User store to UME

  We need to authenticate users against an LDAP server.  This works fine from the workbench where the UME ContentSource is database_only.  However, the central WebAs (Netweaver 2004) was installed with ContentSource of r3_rw.  According to the documentation, a prerequisite to adding an LDAP user store is: "You have installed a SAP Web Application Server Java where the UME is configured to use the database of the J2EE Engine as data source."  Since our WebAS Java is not configured this way, is there any way, short of re-installing the server, to add an LDAP user store?  TIA,
  Steve

  Hi Steve,
  Once you choose an ABAP data source, there is no going back.
  You can however synchronize the ABAP with the LDAP server. Have the ABAP user management periodically import users from the LDAP server.
  -Michael

• Unbale to start Message Server and Dispatcher

  Hi
  When i am trying to start j2ee engine, message server and dispatcher are not starting.I have checked in developer trace of message server i got the following error.....
  <b>
  [Thr 5076] Fri Nov 16 17:37:39 2007
  [Thr 5076] *** ERROR => MsSRead: NiBufReceive (rc=NIECONN_BROKEN) [msxxserv.c   9163]
  [Thr 5076] *** ERROR => MsSClientHandle: MsSRead C1 (sapep_QN7_00), MSEINTERN [msxxserv.c   3778]
  [Thr 5076] MsSExit: received SIGINT (2)
  [Thr 5076] ***LOG Q02=> MsSHalt, MSStop (Msg Server 5100) [msxxserv.c   5334]</b>
  and i checkd in default trace i got the following error
  <b>1.5#00111120E5260012000000020000147000043BBD4424E5AA#1191583984968#com.sap.engine.services.httpserver.dispatcher##com.sap.engine.services.httpserver.dispatcher#######OrderedChannel for p4 service##0#0#Error##Plain###Failure in session communication between current dispatcher and server with ID 9661150. Sending notification message for disconnected client failed.
  com.sap.engine.frame.cluster.message.DestinationNotAvailableException: Participant 9,661,150 is not available.
       at com.sap.engine.core.cluster.impl6.session.SessionConnectorImpl.send(SessionConnectorImpl.java:181)
       at com.sap.engine.core.cluster.impl6.ClusterManagerImpl.ss_send(ClusterManagerImpl.java:2502)
       at</b>
  Thanks & Regards
  Sowmya

  Hi
  When i am trying to start j2ee engine, message server and dispatcher are not starting.I have checked in developer trace of message server i got the following error.....
  <b>
  [Thr 5076] Fri Nov 16 17:37:39 2007
  [Thr 5076] *** ERROR => MsSRead: NiBufReceive (rc=NIECONN_BROKEN) [msxxserv.c   9163]
  [Thr 5076] *** ERROR => MsSClientHandle: MsSRead C1 (sapep_QN7_00), MSEINTERN [msxxserv.c   3778]
  [Thr 5076] MsSExit: received SIGINT (2)
  [Thr 5076] ***LOG Q02=> MsSHalt, MSStop (Msg Server 5100) [msxxserv.c   5334]</b>
  and i checkd in default trace i got the following error
  <b>1.5#00111120E5260012000000020000147000043BBD4424E5AA#1191583984968#com.sap.engine.services.httpserver.dispatcher##com.sap.engine.services.httpserver.dispatcher#######OrderedChannel for p4 service##0#0#Error##Plain###Failure in session communication between current dispatcher and server with ID 9661150. Sending notification message for disconnected client failed.
  com.sap.engine.frame.cluster.message.DestinationNotAvailableException: Participant 9,661,150 is not available.
       at com.sap.engine.core.cluster.impl6.session.SessionConnectorImpl.send(SessionConnectorImpl.java:181)
       at com.sap.engine.core.cluster.impl6.ClusterManagerImpl.ss_send(ClusterManagerImpl.java:2502)
       at</b>
  Thanks & Regards
  Sowmya

• Server App not seeing external LDAP users & groups

  I have a clean 10.8.2 + Server install set up with our standard external LDAP directory (Novell's eDirectory in our case) configuration that is known to support Lion & Mountain Lion client LDAP authentication. With this same configuration on OS X 10.8.2 Server both Directory Utility and WGM can see all the LDAP users and groups as expected.
  When I look for the external users & groups in the LDAP domain under the Server App "Accounts" heading I cannot see any entries in either users or groups lists. Should I be able to or is this a Server App quirk?
  I can add individual LDAP users to a local group and enable access to individual services. How can I give access to services to all LDAP users without having to build & maintain a massive "All LDAP Users" local group?
  Is there a published list of required LDAP attributes for users & groups for Mountain Lion Server? I suspect there are new requirements over and above those for 10.6 server but I have failed to find a good reference. I've noticed I get different behaviours for LDAP templates that includes a mapping for GeneratedUID to one which does not for example.
  This is all so much more opaque than our superbly reliable Snow Leopard servers!
  TIA

  Ok, and again:
  You want to see Users and Groups , which are stored in an third Party directory service like OpenLDAP, in your Server.app? This is what you have to do:
  Connect the third party ldap to your server
  Have all your external LDAP entries made so you can see them in the Workgroup Manager and are able to Login with them
  When you see your LDAP-entry in the Directory Manager, change it from "From Server" to "RFC2307"
  Edit the entry, add the following mapping to it:GeneratedUUID maps to apple-generateduuid
  To your group and user entries in the external LDAP add the follwing attribute:apple-generateduuid gets the value taken from the output of "uuidgen"
  Feel lucky
  And there ist ist; now you are able to use The accounts taken from an external LDAP.

• User Access for Messaging Server and Calendar Server

  This is the first time i have setup JES. What i did was install Messaging, Calendar, Directory and Administration server. I did a configure after install option and followed the post install instructions for all of those servers.
  I then started the administration console and added a user via the crete user option under "users and groups". Next i tried to logon as the user i just created via webmail and pop (exchange) and get an error message stating that the user does not exist. I did a search on the user via that admin server console and i did find the user and the "mail account" option was selected. I also verified the password was correct.
  My main question is what am i doing wrong?
  My goal is to create a email and calndar server using JES. I also want webmail.
  Do i need to configure Identity Manager to create users for mail / calendar? Or do i create the users using the directory server / administration console?
  Also i didnt setup delegated administrator. I didnt think i needed it becasue i will configure all of this using on administrator. If i dont need multiple administrators do i need delegated admin.
  Here is some background information.
  Sun W2100Z
  4GB RAM
  Solaris 10 01/06 x86
  JES 2005 Q4
  Thanks for any assistance.

  You can not use the Administration console for creating Messaging users. Look-up "provisioning users" in the Messaging admin guide. If you're using schema 1, use Delegated Administrator. If you're using schema 2, use commadmin.
  HTH,
  Roger S.

• Identity Server using external LDAP

  anyone have idea whether ID Server can use external an LDAP server for authentication, like the Policy Server in Portal Server 3 ?
  Wilson.

  You typically need to use our JNDI store. We strongly recommend this for
  performance reasons..
  You can use the JNDI To LDAP bridge which is available from the sun web
  site.
  Michael Girdley
  BEA Systems Inc
  "Jack Archer" <[email protected]> wrote in message
  news:[email protected]..
  I'm trying to find out if it is possible to re-direct JNDI calls to the WL
  server to an external LDAP server. I know you can install an external LDAP
  server for security purposes, but I would like to use an external LDAP
  server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
  Is this possible?

• ICal server and external invitations via 3rd party mail server

  Hi everyone,
  OS 10.6.5 Server:
  Services running
  AFP
  DNS
  iCal
  Open Directory
  Push Notification
  We are currently testing iCal server and have configured it to send out invites via our mail server (which is running on a different server) by creating the com.apple.calendarserver user on our mail server.
  Email notifications are then configured under the Enable Email Invitations tab in the iCal service of Server Admin as follows:
  IMAP
  Email address: [email protected]
  Incoming server: mail.mytest.com
  Port: 143 (not using SSL)
  Username: com.apple.calendarserver
  Password: secret
  SMTP: mail.mytest.com
  Port: 25 (not using SSL)
  Server requires authentication
  Username: com.apple.calendarserver
  Password: secret
  My test OD users are able to send out invites both internally to other iCal users and externally via email.
  So for example, I invite someone to a meeting and enter their gmail address ([email protected]), the invitation goes out correctly - when I log into gmail I see the invitation.
  When responding to the invitation (clicking Yes), the mail server receives the response from gmail and the iCal server collects the message via IMAP.
  However, the iCal server doesn't seem to parse the received email correctly as I get the following error in the iCal error logs:
  [twistedcaldav.extensions#info] Cannot authenticate proxy user 'com.apple.calendarserver' without X-Authorize-As header
  2011-03-03 17:44:03+1100 [-] [mailgateway] 2011-03-03 17:44:03+1100 [AuthorizedHTTPGetter,client] [twistedcaldav.mail#error] Mail gateway failed to inject message <[email protected]> (Reason: 400 Bad Request)
  2011-03-03 17:44:03+1100 [-] [mailgateway] 2011-03-03 17:44:03+1100 [AuthorizedHTTPGetter,client] [twistedcaldav.mail#debug] Failed calendar body: BEGIN:VCALENDAR
  2011-03-03 17:44:03+1100 [-] [mailgateway] VERSION:2.0
  2011-03-03 17:44:03+1100 [-] [mailgateway] CALSCALE:GREGORIAN
  2011-03-03 17:44:03+1100 [-] [mailgateway] METHOD:REPLY
  2011-03-03 17:44:03+1100 [-] [mailgateway] PRODID:-//Google Inc//Google Calendar 70.9054//EN
  2011-03-03 17:44:03+1100 [-] [mailgateway] BEGIN:VEVENT
  2011-03-03 17:44:03+1100 [-] [mailgateway] UID:43121576-1183-40C8-82D8-A052754AD1CE
  2011-03-03 17:44:03+1100 [-] [mailgateway] DTSTART:20110406T080000Z
  2011-03-03 17:44:03+1100 [-] [mailgateway] DTEND:20110406T090000Z
  2011-03-03 17:44:03+1100 [-] [mailgateway] ATTENDEE;[email protected];CUTYPE=INDIVIDUAL;PARTSTAT=DECLINED;RO
  2011-03-03 17:44:03+1100 [-] [mailgateway] LE=REQ-PARTICIPANT;X-NUM-GUESTS=0:mailto:[email protected]
  2011-03-03 17:44:03+1100 [-] [mailgateway] CREATED:20110303T062518Z
  2011-03-03 17:44:03+1100 [-] [mailgateway] DESCRIPTION:
  2011-03-03 17:44:03+1100 [-] [mailgateway] DTSTAMP:20110303T064335Z
  2011-03-03 17:44:03+1100 [-] [mailgateway] LAST-MODIFIED:20110303T064335Z
  2011-03-03 17:44:03+1100 [-] [mailgateway] LOCATION:
  2011-03-03 17:44:03+1100 [-] [mailgateway] ORGANIZER;CN=com.apple.calendarserver+07b1c044-9d98-4cdc-afe3-48139218ee35
  2011-03-03 17:44:03+1100 [-] [mailgateway] @mytest.com:urn:uuid:B72794FB-3242-48D7-AC22-A584D279B9F9
  2011-03-03 17:44:03+1100 [-] [mailgateway] SEQUENCE:3
  2011-03-03 17:44:03+1100 [-] [mailgateway] STATUS:CONFIRMED
  2011-03-03 17:44:03+1100 [-] [mailgateway] SUMMARY:one more test
  2011-03-03 17:44:03+1100 [-] [mailgateway] TRANSP:OPAQUE
  2011-03-03 17:44:03+1100 [-] [mailgateway] END:VEVENT
  2011-03-03 17:44:03+1100 [-] [mailgateway] END:VCALENDAR
  2011-03-03 17:44:03+1100 [-] [mailgateway]
  I have set a rule on our mail server to bypass any spam filtering for all messages sent to the [email protected] address, but this doesn't seem to make any difference.
  Does anyone else have this working ? Any ideas ?
  Many thanks
  Message was edited by: gen_bunty
  null

  The issue is not "user authorization". The issue is that the 3rd-party service does not accept all incoming relay requests unless there is authentication with a registered account (which we have). This protects the 3rd-party service from becoming the relaying host for the universe's spoofed and anonymous spam. My deduction is that there is no mechanism in UTL_MAIL to designate not only the 3rd-party ip-address:port (by-passing the local sendmail server) but also providing the username:password for the account there for authentication.
  Plan A: I have attempted to follow directions for client-side SMTP Authentication for Relaying on the sendmail.org site.
  I have not been successful in completing a simple mailx interactive test, much less completing a UTL_MAIL configuration.
  I am scouring the user universe for someone who has put all the pieces together successfully and can advise. . . .
  Edited by: StevenInTallyFl on Mar 26, 2010 3:50 PM
  to clarify that I cannot get from UTL_MAIL to 3rd-party IP directly

• Integrating Messaging Server and Identity Server

  I've got JES 2004Q2, and I'm trying to install the various components on different workstations to prove that a) the software works, and b) it's a viable alternative to Exchange (so please please help me get it working!)
  The problem I have is getting Messenger Server and Directory Server talking properly so that I can create users and then log in as those users. After days of frustrating searching for solutions to this problem (and also find people who have successfully done this), I decided to install the components onto one server.
  And it worked. Installing Messaging Server, Identity Server, Web Server (contained for Identity Server), Directory Server, and Admin Server all on the same box, configuring them all to use the same directory server for UG and preferences, running the various configuration tools that come with the software, and it all works together fine. Using "./commadmin domain modify .... -S mail", I get "OK". I can add users with the "-S mail" option, log in as those users, and send emails between those users. So this tells me that the software does work, albeit on one box.
  When I try to separate the services out to separate boxes, they don't seem to integrate properly. I thought that maybe the order in which you configured applications made a difference (ie. configuring Identity Server after Messenger Server means IS will pick up on the changes made to the directory by MS, and enable it). I also tried to see if using the same options directory server from different boxes helped, but nothing. I've even tried patching them using 116568-52 and 116585-10 but no luck.
  Therefore, I've found that installing all servers on one box works, but installing them on separate boxes doesn't (despite using the same directory servers). My conclusion in this is that one of two things must be the case:
  a) there's something in the install that has to be changed to reflect the fact that the services are running on different boxes
  b) the install of the services adds files to the system somewhere which other packages in JES pick up on (hence the reason why installing everything on one box works), and this isn't documented anywhere
  Unfortunately, the output of commadmin when it fails isn't that helpful (nothing against the developers, however it doesn't really help in the fault finding process). I do believe however that the problem is with Identity Server and its configuration, rather than Messaging Server.
  Here's some (possibly) useful info:
  kipling# ./imsimta version
  Sun Java(tm) System Messaging Server 6.1 HotFix 0.01 (built Jun 24 2004)
  libimta.so 6.1 HotFix 0.01 (built 12:52:04, Jun 24 2004)
  SunOS kipling 5.8 Generic_117350-02 sun4u sparc SUNW,Sun-Blade-1500
  kipling#
  (on UG server)
  # ./commadmin domain modify -D admin -w <password> -d uwe.ac.uk -n uwe.ac.uk -S mail -H kipling.uwe.ac.uk
  FAIL
  Unable to set attribute(s)
  (some verbose mode output)
  [Debug]: Contacting : http://bronte.uwe.ac.uk:10080/commcli/TaskManager
  [Debug]: To servlet: task=ModifyDomain&objecttype=Domain&domain=uwe.ac.uk&add_services=mail&add_preferredmailhost=kipling.uwe.ac.uk
  [Debug]: RECV: FAIL
  [Debug]: RECV: Unable to set attribute(s)
  [Debug]: CLITask: status returned =FAIL
  FAIL
  Unable to set attribute(s)
  [Debug]: DBG: doOne returned code=6
  [Debug]: Contacting : http://bronte.uwe.ac.uk:10080/commcli/logout
  [Debug]: Logout ...
  [Debug]: RECV: SSOToken id AQIC5wM2LY4SfcyW5hbVBGXqCdsYYDjVarSFRMd6HIxsGho=@AAJTSQACMDE=#
  [Debug]: RECV: destroyed
  Root suffix: dc=uwe,dc=ac,dc=uk (all "o=" references have been dropped)
  All services have their own local options directory server.
  Can anyone give me any suggestions? If I log a support call with Sun, what is the likely resolution time? My ultimate goal is to get the whole suite running together, then install Portal server. Once that's working, download the connectors for Outlook and get it all working with Outlook. As I said at the start, we're hoping to show this is a viable alternative to Exchange (certainly for the backend) so any help will be greatly appreciated!
  Iain

  slo_chewie wrote:
  Does the email recipient address change when the email is sent to gmail i.e. does an email sent to [email protected] become [email protected]?
  We've got google for domains setup, so users would retain a @domain.com address regardless if there mailbox was hosted on the internal server or hosted at google.You can make use of the mailRoutingAddress: user attribute and source routing to get the desired behaviour e.g.
  => Set the following value to the LDAP entry of the user who is hosted on the gmail server. The "[email protected]" address should match the users mail: address:
  mailRoutingAddress: @gmail.com:[email protected]=> Ensure the following option has been tcp_local channel in your imta.cnf file. This option strips off the "@gmail.com" value of the recipient address before sending the email to the gmail.com servers.
  dequeue_removerouteMake sure you run "./imsimta cnbuild;./imsimta restart" after modifying the imta.cnf file.
  Regards,
  Shane.

• Messaging Server and maildir

  Hi there,
  Can anyone tell me whether messaging server 6 supports maildir as a method of storing mail? If not, what formats does it support.
  I want to use the software to take advantage of the calendar with outlook connector but I am going to use an Exim frontend for mail delivery and SMTP (the JES SMTP server doesn't allow me to do all the things that I need to do).
  Thanks
  Josh

  OK.
  So now I've migrated the emails and I'm giving a
  reply. Maybe there's someone who may find it
  helpful...
  First: I've been thinking of migrating mailboxes as
  files, because I've got some very old emails, which
  I've tried to move from one IMAP account to another,
  and caused IMAP server to bounce with "Invalid
  headers" error, unwilling to continue. I was not able
  to find the reason, in the logs nor in the messages.
  After several hours, I've noticed that some (the
  buggy) emails begin with "From xxx" or ">From xxx"
  pseudo-headers, probably inserted years ago by MUA or
  procmail, I don't know. But this was the problem and
  after removing such crap, I was able to import my old
  e-mails using IMAP and drag and drop in the client.
  So there was no need to develop my command line
  solution anymore.Much better . . .
  The format is pretty strictly RFC822 file format. That includes the cr/lf at the end of each line.
  Since the mailstore was never intended to be used as you've done, we're pretty strict about the format of the messages.
  >
  But until I've got to this point, I've made several
  trials and errors attempting to understand the
  mailbox structure of SUNWmsgr. So, it seems that:
  0. Each user's folder is a directorytrue
  1. Each message is a text file named 01.msg ..
  99.msg.or higher. ..
  2. Each message is contained in "hash" directory. 00
  for first 100 emails (01.msg - 100.msg), 01 for
  second 100 emails (101.msg-200.msg) etc.Yes. after you get to the 99 directory, we roll back to 00 with the next message.
  3. Each message seem to (needs to) be saved in
  DOS-end of line encoding (CR LF). Any attempt to put
  a bare LF (unix end of line encoding) here will cause
  that the headers will not be gathered/displayed
  properly in the mail client. I've only checked with
  Mozilla Thunderbird though.Actually, it's NOT DOS format, but RFC822 format.
  Yes, it includes cr/lf
  4. I needed not only reconstruct the index, but to
  delete store.* files in the folder and reconstruct
  the index of the folder."reconstruct the index" reconstruct -r. You shouldn't have needed to remove the store.idx files. For a freshly created mailbox/folder, that's the only store.* file that I would expect to see there.
  >
  After I've realized that my emails have invalid
  headers and fixed (or deleted) them, importing from
  old IMAP account to new IMAP account (on SUNWmsgr)
  was pretty sufficient for me.Yeah, basically what MoveUser does.
  >
  Regards,
  Ivan

• Messaging Server and mix of local and remote server mailboxes?

  Admittedly I am a messaging server noob. Sun came in and installed our Sun JES Server for us.
  That server is our LDAP, mail, and IM server.
  We would like to start using gmail for domains for some of our users, but not all of them.
  We use Postini for spam filtering. Right now if someone from the Internet sends an email to our domain, the mail is filtered by postini and then proceeds onward to our mail server and then local delivery to the correct mailbox.
  With Postini we believe we can set it so after filtering, some email accounts can proceed to our server while others proceed onto the gmail servers.
  The problem I foresee though is when sending mail internally. When we send email in house, email doesn't go through Postini and just gets delivered locally.
  Is there a way in the messaging server to make it so some address continue to be delivered locally while others continue on to a remote server (i.e. either to Postini or gmail servers directly) ?

  slo_chewie wrote:
  Does the email recipient address change when the email is sent to gmail i.e. does an email sent to [email protected] become [email protected]?
  We've got google for domains setup, so users would retain a @domain.com address regardless if there mailbox was hosted on the internal server or hosted at google.You can make use of the mailRoutingAddress: user attribute and source routing to get the desired behaviour e.g.
  => Set the following value to the LDAP entry of the user who is hosted on the gmail server. The "[email protected]" address should match the users mail: address:
  mailRoutingAddress: @gmail.com:[email protected]=> Ensure the following option has been tcp_local channel in your imta.cnf file. This option strips off the "@gmail.com" value of the recipient address before sending the email to the gmail.com servers.
  dequeue_removerouteMake sure you run "./imsimta cnbuild;./imsimta restart" after modifying the imta.cnf file.
  Regards,
  Shane.

• Off and On LDAP User Authenticaton

  Before I get started describing my issue, I would like to warn everyone that I am new to solaris administration and solaris in general. So please pardon me if I mispeak or don't initially provide enough information.
  I am having trouble with LDAP user authentication. I am using ldapclient to perform the mapping of user information from our Win2k3 Domain Controllers (running SFU) to our Solaris 10 box. When I configure the system initiallty everything works fine. For example, I can run:
  getent passwd <AD_username>
  and get all the attributes that SFU provides and login via SSH with valid AD credentails. However, for some reason after a period of time (not sure if it is a fixed period of time or vvariable) LDAP authentication will stop working, denying everyone with valid AD credentials. I have tried looking in almost every log file I can think of (/var/adm/messages, /var/ldap/cache_mgr) and there are no error messages from ldapclient. Similarly on the domain controllers I do not see any failed security audits nor any failed ldap requests.
  Any ideas on what could be causing this sort of behavior?
  If it helps I followed the following guide when configuring AD Integration:
  http://blog.scottlowe.org/2007/04/25/solaris-10-ad-integration-version-3/
  Listed below is my ldap_client_file (sensative information removed):
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_SERVERS= <my_dc>
  NS_LDAP_SEARCH_BASEDN= dc=<my_domain>,dc=<extension>
  NS_LDAP_AUTH= simple
  NS_LDAP_CACHETTL= 0
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:dc=<my_domain>,dc=<extension>?sub
  NS_LDAP_SERVICE_SEARCH_DESC= group:dc=<my_domain>,dc=<extension>?sub
  NS_LDAP_ATTRIBUTEMAP= shadow:uid=msSFU30Name
  NS_LDAP_ATTRIBUTEMAP= shadow:userpassword=msSFU30Password
  NS_LDAP_ATTRIBUTEMAP= shadow:shadowflag=msSFU30ShadowFlag
  NS_LDAP_ATTRIBUTEMAP= passwd:loginshell=msSFU30LoginShell
  NS_LDAP_ATTRIBUTEMAP= passwd:homedirectory=msSFU30HomeDirectory
  NS_LDAP_ATTRIBUTEMAP= passwd:uid=msSFU30Name
  NS_LDAP_ATTRIBUTEMAP= passwd:uidnumber=msSFU30UidNumber
  NS_LDAP_ATTRIBUTEMAP= passwd:gidnumber=msSFU30GidNumber
  NS_LDAP_ATTRIBUTEMAP= passwd:gecos=displayName
  NS_LDAP_ATTRIBUTEMAP= group:gidnumber=msSFU30GidNumber
  NS_LDAP_ATTRIBUTEMAP= group:memberuid=msSFU30UidNumber
  NS_LDAP_ATTRIBUTEMAP= group:userpassword=msSFU30Password
  NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=user
  NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=user
  NS_LDAP_OBJECTCLASSMAP= group:posixGroup=group

  Here is the information that is present in /var/adm/messages:
  Jan 24 15:22:53 shiva.cs.uwec.edu sshd[9533]: [ID 800047 auth.crit] monitor fata
  l: login_init_entry: Cannot find user "thompstd"
  Jan 24 15:22:53 shiva.cs.uwec.edu sshd[9536]: [ID 800047 auth.crit] fatal: Monit
  or not responding
  Jan 24 15:25:43 shiva.cs.uwec.edu statd[280]: [ID 766906 daemon.warning] statd:
  cannot talk to statd at sgs2.uwec.edu, RPC: Timed out(5)
  Jan 24 15:25:47 shiva.cs.uwec.edu sshd[9508]: [ID 800047 auth.crit] monitor fata
  l: login_init_entry: Cannot find user "butallmj"
  Jan 24 15:25:47 shiva.cs.uwec.edu sshd[9511]: [ID 800047 auth.crit] fatal: Monit
  or not responding
  Jan 24 15:25:58 shiva.cs.uwec.edu statd[280]: [ID 766906 daemon.warning] statd:
  cannot talk to statd at sgs2.uwec.edu, RPC: Timed out(5)
  Jan 24 15:26:13 shiva.cs.uwec.edu statd[280]: [ID 766906 daemon.warning] statd:
  cannot talk to statd at sgs1.uwec.edu, RPC: Timed out(5)
  Jan 24 15:26:28 shiva.cs.uwec.edu last message repeated 1 timeThe statd warnings continue on and we see the two users (thompstd, butallmj) failing to authenticate. Right before the authentication errors I see the following:
  Jan 24 14:42:56 shiva.cs.uwec.edu ebus: [ID 521012 kern.info] su1 at ebus1: offs
  et 2,40
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] su1 is /ebus@1f
  ,464000/serial@2,40
  Jan 24 14:42:56 shiva.cs.uwec.edu ebus: [ID 521012 kern.info] epic0 at ebus1: of
  fset 3,0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] epic0 is /ebus@
  1f,464000/env-monitor@3,0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: f
  ssnap0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] fssnap0 is /pse
  udo/fssnap@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: r
  amdisk1024
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] ramdisk1024 is
  /pseudo/ramdisk@1024
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: w
  inlock0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] winlock0 is /ps
  eudo/winlock@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: d
  evinfo0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] devinfo0 is /ps
  eudo/devinfo@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: l
  lc10
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] llc10 is /pseud
  o/llc1@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: p
  m0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] pm0 is /pseudo/
  pm@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: t
  od0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] tod0 is /pseudo
  /tod@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: l
  ofi0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] lofi0 is /pseud
  o/lofi@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: f
  cp0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] fcp0 is /pseudo
  /fcp@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: f
  csm0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] fcsm0 is /pseud
  o/fcsm@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: r
  sm0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] rsm0 is /pseudo
  /rsm@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: t
  rapstat0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] trapstat0 is /p
  seudo/trapstat@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: r
  mcadm0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] rmcadm0 is /pse
  udo/rmcadm@0
  Jan 24 14:42:56 shiva.cs.uwec.edu mac: [ID 543131 kern.info] NOTICE: bge2/0 regi
  stered
  Jan 24 14:42:56 shiva.cs.uwec.edu mac: [ID 543131 kern.info] NOTICE: bge3/0 regi
  stered
  Jan 24 14:42:57 shiva.cs.uwec.edu scsi: [ID 193665 kern.info] sd3 at mpt0: targe
  t 1 lun 0
  Jan 24 14:42:57 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] sd3 is /pci@1e,