MTA Direct LDAP Lookup Configuration

Does the MTA Direct LDAP Lookup permit the use of the short login under a multiple domaine configuration ???

Selim:
Direct LDAP only applies to the "MTA" portion of Messaing Server. Means SMTP processing.
Usually, "short form login" is talking about logging in to get messages, via IMAP, POP, or HTTP.
To get "short form", or login without domain portion of User_ID, you need to use the MMP, as it can provide the long form to the mail store.

Similar Messages

Error after setting up direct LDAP

Running iMS 5.2 and LDAP 4.1.6
after making the changes to set up direct LDAP lookup I started getting the following error:
4.0.0 temporary error returned by alias expansion
While making the changes to set the server back to dirsync mode I noticed that the databases:
aliasesdb.db and reversedb.db had been recreated but were significanly smaller than the originals.
After changing the imta.cnf, option.dat,job_controller.cnf and mappings files back and replacing my db files I ran a imsimta cnbuild and a full dirsync and everything functioned normal again.
Any ideas?
Don

Hi Roger and Jay,
I followed the instructions exactly. I have restored my backups of the config files a couple times and started over again. I did catch the error that Roger pointed out and my line read exactly like his example (with my domain of course)
This is my old mailserver. I have a new one working right now. I am trying to get the updates all working on this one before I mess up the production machine so there is no problem with it being down while I work the bugs out.
Here is a clip from the ldap access log
the last line shows an error 11 that I assume is the problem.
[14/Dec/2004:15:44:29 -0700] conn=46 op=1 SRCH base="dc=sturgeon,dc=ab,dc=ca,o=Internet" scope=0 filter="(|(objectclass=inetDomain)(objectclass=inetdomainalias))"
[14/Dec/2004:15:44:29 -0700] conn=46 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=2 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(&(objectclass=groupOfUniqueNames)(objectclass=inetMailAdministrator))"
[14/Dec/2004:15:44:29 -0700] conn=46 op=2 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=3 SRCH base="cn=Domain Administrators,ou=Groups,o=sturgeon.ab.ca,o=ab.ca" scope=0 filter="(objectclass=*)"
[14/Dec/2004:15:44:29 -0700] conn=46 op=3 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=4 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(uid=carlgren)"
[14/Dec/2004:15:44:29 -0700] conn=46 op=4 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=47 fd=54 slot=54 connection from 192.168.0.12 to 192.168.0.12
[14/Dec/2004:15:44:29 -0700] conn=47 op=0 BIND dn="uid=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca" method=128 version=3
[14/Dec/2004:15:44:29 -0700] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=5 SRCH base="cn=Service Administrators,ou=Groups,o=ab.ca" scope=0 filter="(objectclass=groupOfUniqueNames)"
[14/Dec/2004:15:44:30 -0700] conn=46 op=5 RESULT err=0 tag=101 nentries=1 etime=1
[14/Dec/2004:15:44:30 -0700] conn=46 op=6 SRCH base="uid=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca" scope=0 filter="(objectclass=*)"
[14/Dec/2004:15:44:30 -0700] conn=46 op=6 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 fd=55 slot=55 connection from 192.168.0.12 to 192.168.0.12
[14/Dec/2004:15:44:31 -0700] conn=48 op=0 BIND dn="uid=msg-admin-1,ou=People,o=sturgeon.ab.ca,o=ab.ca" method=128 version=3
[14/Dec/2004:15:44:31 -0700] conn=48 op=0 RESULT err=0 tag=97 nentries=0 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 op=1 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(|(cn=*)(ou=*))"
[14/Dec/2004:15:44:31 -0700] conn=48 op=1 RESULT err=0 tag=101 nentries=40 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 op=2 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(|(objectclass=pab)(objectclass=pabgroup))"
[14/Dec/2004:15:44:31 -0700] conn=48 op=2 RESULT err=0 tag=101 nentries=2 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 op=3 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(memberofpab=AddressBook271b6af)"
[14/Dec/2004:15:44:31 -0700] conn=48 op=3 RESULT err=0 tag=101 nentries=37 etime=0
[14/Dec/2004:15:44:42 -0700] conn=38 op=3 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(|([email protected])([email protected])([email protected]))"
[14/Dec/2004:15:44:49 -0700] conn=38 op=3 RESULT err=11 tag=101 nentries=1 etime=7 notes=U
If I put the machine back into dirsync mode then everything works fine. I must be missing something.
In the morning I'll try again.
Thanks for the help,
Don

Aliases, mailforwardaddress,direct ldap, seeking clarification

Howdy,
We're running iMS 5.2p1 with IDS. We're still in dirsync mode and simply want to switch to direct ldap. The instructions are clear but I'm hesitating as I look into our aliases file and how to proceed. My questions are as follows -
1) yes or no: In direct ldap mode, the msg-instance/db/aliases file is NOT used ever?
2) if the answer to #1 is YES, then is the "solution" to create an ldap entry for a simple mail-id with a mailforwardaddress: attribute? Or if distributing to multiple users from a single mail-id, create a group/distribution list?
3) Is it possible to be in direct ldap mode AND still use an alias database?
We're not in the extreme on alias usage, maybe a few hundred. However when I start looking at adding a few hundred LDAP entries and then managing mailforwardaddresses: for something I used to do in one line in an alias file it becomes overkill. Perchance an ou=alias ldap entry could be thrown into the next version or maybe even gasp use the alias entry for all our Solaris servers which is already stored in LDAP?
It may be a case where performance vs. scalability vs. simplicity and I can accept that as a sound reason. Man alive though I love iMS and my aliases file! <smile>
Thanks for any feedback,
Doug

Actually, I'd like to correct that.
) yes or no: In direct ldap mode, the
msg-instance/db/aliases file is NOT used ever?
The aliasesdb.db is referred to, in the case that
direct ldap lookup does not find anything (this is
what the "alias magic" setting in option.dat does).
2) if the answer to #1 is YES, then is the "solution"
to create an ldap entry for a simple mail-id with a
mailforwardaddress: attribute? Or if distributing to
multiple users from a single mail-id, create a
group/distribution list?
I"m not at all sure what you're trying to achieve.
We normally recommend REMOVING the old aliasesdb.db,
, unless there are things there you need to keep, or
are willing to maintain.
If you need a few aliases, there is a separate
aliases file. If you need alternate addresses, put
'em in the user's mailalternateaddress or
mailequivalentaddress attributes.This makes sense, I'll summarize more below.
>
3) Is it possible to be in direct ldap mode AND still
use an alias database?
Again, yes, but why would you want to do that? You'd
have to create the database, and maintain it. Bad
Idea.
We're not in the extreme on alias usage, maybe a few
hundred. However when I start looking at adding a few
hundred LDAP entries and then managing
mailforwardaddresses: for something I used to do in
one line in an alias file it becomes overkill.
Why forwarding addresses? This really doesn't make
sense.Sure it does, in my mind <smile> here's the situation. We're a college where students, staff and faculty will either graduate, move to another college nearby or move across country. When they do so, maintaining an entry in a file such as -
jsmith: [email protected]
Is pretty simple. This file can also be shared with other Sun servers or placed into the LDAP/NIS Alias entry. So the functionality extends beyond iMS a bit.
With a graduating class of say 400, with an email forwarding policy of 12 months after departure, these would accumulate in the LDAP database with no other iMS information than a mailforwardaddress needed. As we know, LDAP requires a tad more information to accept a record. Hence the perception on my part of the alias file. (I'm just afraid of change, bear with me!)
>
How do you do it NOW? What is it you're doing?We run in dirsync mode and rebuild the alias database. I also think I'm using the terms alias *file* and alias *database* interchangeably. I do understand that the DB gets built from the file.
>
>
Perchance an ou=alias ldap entry could be thrown into
the next version or maybe even *gasp* use the alias
entry for all our Solaris servers which is already
stored in LDAP?
It may be a case where performance vs. scalability
vs. simplicity and I can accept that as a sound
reason. Man alive though I love iMS *and* my aliases
file! <smile>
Again, what is it exactly that you want to do? Most
likely there's an easy way to do it.
Thanks for any feedback,Thank you, I appreciate the additional information. We also use the alias file to add quick addresses like for a department which only wants mail sent from one email address to many. No other functionality needed. For example -
summerconference2003: user1, user2, user3
A simple and quick "one to several" email address. Granted, for iMS I'd have to add the domain but the concept is the same.
Thanks again,
Doug

Direct Ldap configuration mismatch....

I am running directory server 5.1 and messaging server 5.2.
I have one message store (msA.example.com) for users to retriew mail and it queries directory master server (dsA.exaple.com) with direct ldap configured.
I am configuring another messaging server (msB.example.com) with smtp authentication for same users to send mail through that and it queries another ldap consumer server (dsB.example.com).
dsB is replicated by dsA immediatly after any modification done to dsA. My present setup works fine if msB is configured on dirsync mode, but I want to configure it to use direct ldap from dsB.
When I try to send email via msB (with direct ldap enabled) it waits a long time after (smtp) authentication and then terminated with "server unexpectedly terminated the connection" message on outlook client. I can not see any message on mail.log_current.
All my direct ldap settings are correct and compiled properly.
Later I found that when I comment the
" $* $E$F$U%$[email protected]$V$H " line on imta.cnf file it works fine, ie. without any delay message is delivered.
(But this has to be uncomment with direct ldap mode according to the sun documentation)
Can anyone clarify this? I could see even without uncommenting the above line direct ldap works fine!

Thanks for replys...
But I tried with the way that you mentioned, but still the problem persists.
No any message on DEBUG logs.
But I have some more thing to tell....
When I first install the messaging server (msB), I used the dsA as the ldap server. So after installation I got gelow results with configutil.
local.ugldaphost = dsA.example.com
local.ldaphost = dsA.example.com
local.service.pab.ldaphost = dsA.example.com
Since I want to use ldap queries from dsB, I change user lookups to dsB
Then the output was,
local.ugldaphost = dsB.example.com
local.ldaphost = dsA.example.com
local.service.pab.ldaphost = dsB.example.com
Do you think this cause thye error?
I can not use dsB for local.ldaphost since it causes the msB not usable. What I only need here is to get the user lookups from dsB.

IMS52 (with Direct LDAP Mode) Directory Failover

I would like to configure all components of iMS5.2 for Directory Server failover. That should include (Direct LDAP) MTA, Messaging Express, authentication, Personal Address Book, Delegated Administration, etc.
What are all the settings I need to configure for any of these components to failover to an alternate directory server?
Thanks,
Fred

./configutil -o local.ugldaphost -v "host.domain,host.domain,host.domain"
See the 5.2 Reference Manual, Chapter 4 for all of the configutil variables.

JMX example LDAP lookup not working

Hi,
Section 4.4 of JMX tutorial has several examples of Server.java using LDAP lookup services. I'm trying to run the RMI connector over JRMP without an external directory. Here are the command and its results (with additional tracing):
$ java -classpath . -Xdebug -Ddebug=true -Dagent.name=test-server-a
-Durl="service:jmx:rmi://" -Djava.naming.provider.url="$provider" -Djava.naming.security.principal="$principal" -Djava
.naming.security.credentials="$credentials" jndi.Server
Creating MBeanServer...
Creating Connector: service:jmx:rmi://
In rmi()
Context.SECURITY_CREDENTIALS is: java.naming.security.credentials
Entry: java.naming.security.authentication simple
Entry: java.naming.provider.url ldap://localhost:389/dc=Test
Entry: java.naming.security.principal cn=Manager,dc=test
Entry: jmx.remote.jndi.rebind true
Entry: java.naming.security.credentials secret
Creating RMI Connector: service:jmx:rmi://
In start()
In getRootContext()
java.naming.provider.url=ldap://localhost:389/dc=Test
java.naming.security.principal=cn=Manager,dc=test
java.naming.security.credentials=******
In register()
dn: cn=test-server-a
Unexpected exception caught in main: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - objec
tClass: value #1 invalid per syntax]; remaining name 'cn=test-server-a'
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - objectClass: value #1 invalid per syntax];
remaining name 'cn=test-server-a'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2998)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:770)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
at jndi.Server.register(Server.java:238)
at jndi.Server.start(Server.java:396)
at jndi.Server.rmi(Server.java:364)
at jndi.Server.main(Server.java:492)
I'm using OpenLDAP (with Cygwin) on a Windows XP machine. I have also rmiregistry running in the background. Since I'm executing slapd -d -1, OpenLDAP shows that it is encountering the error here:
conn=0 op=3 ADD dn="cn=test-server-a,dc=Test"
send_ldap_result: conn=0 op=3 p=3
send_ldap_result: err=21 matched="" text="objectClass: value #1 invalid per syntax"
send_ldap_response: msgid=4 tag=105 err=21
ber_flush: 54 bytes to sd 8
0000: 30 34 02 01 04 69 2f 0a 01 15 04 00 04 28 6f 62 04...i/......(ob
0010: 6a 65 63 74 43 6c 61 73 73 3a 20 76 61 6c 75 65 jectClass: value
0020: 20 23 31 20 69 6e 76 61 6c 69 64 20 70 65 72 20 #1 invalid per
0030: 73 79 6e 74 61 78 syntax
ldap_write: want=54, written=54
0000: 30 34 02 01 04 69 2f 0a 01 15 04 00 04 28 6f 62 04...i/......(ob
0010: 6a 65 63 74 43 6c 61 73 73 3a 20 76 61 6c 75 65 jectClass: value
0020: 20 23 31 20 69 6e 76 61 6c 69 64 20 70 65 72 20 #1 invalid per
0030: 73 79 6e 74 61 78 syntax
conn=0 op=3 RESULT tag=105 err=21 text=objectClass: value #1 invalid per syntax
Does this mean there is a configuration problem with OpenLDAP (something missing in the schema)? Or does the problem lie elsewhere? Your guidance will be highly appreciated. Thanks!

Hello,
I am using example at http://www.cris.com/~adhawan/tutorial/ with OpenLDAP on WinXP.
I am getting following error message when I execute the MakeRoot java class
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 � objectClass: value #0 invalid per syntax]; remaining name 'o=jndiTest'
Please help.
Regards,
Atul Mathur

GAL LDAP Lookup

I was wondering if anyone could comment whether the following is possible. We are one of many sub-organizations within a parent organization. Each sub-organization is completely independent with separate LDAP forests and E-mail servers.
The parent has a central LDAP server that is used for E-mail address lookups for all sub-organizations. Within Exchange 2013 is it possible to create a separate GAL that points to the central LDAP server via LDAP query. Ideally what we are looking
to do is have one GAL that only contains the contacts in our sub-organization and second GAL that queries the parent organization LDAP server that contains all sub-organization's contacts.
I know that in Outlook, we can configure a second address book that does do an LDAP lookup, however I have not found a way to configure this via GPO, other than pushing out reg settings. Also this does not allow access to the parent organization GAL
via OWA.
Any help is appreciated

Hi,
We can try to use Address Book Policy to create different GAL for the Parent organization and sub-organizations.
Address book policies (ABPs) in Exchange allow you to segment users into specific groups to provide customized views of your organization’s global address list (GAL). You can apply the ABP to mailbox users, providing them with access
to a customized GAL in Outlook and Outlook Web App.
For more information about Address Book Policies, please refer to:
http://technet.microsoft.com/en-us/library/jj657455(v=exchg.150).aspx
Regards,
Winnie Liang
TechNet Community Support

Optimizing Mailing Lists with Direct LDAP

Hey all,
I've noticed performance issues with iMS 5.2p1 (with iDS 5.1) with respect to direct LDAP look up's, especially for large mailing lists. Even a 28 user list takes 10 minutes, where as with MS 4.1.5 it was practaically instance. We also have a dynamic group with everyone (4000 people or so) and it simply pegs the LDAP server @100% CPU and sits there for a day. It seems that there are a ton of ways to optimize the caches and LDAP lookups. Where should I start or what should I do? What settings should I look to fix on the LDAP server, IMTA, etc. to speed things up?
Thanks!
Chris

This was an LDAP server optimization issue. I increased the memory for both the slapd cache and the database cache. I then added indexes for all the common items search for by the IMTA. I was watching the slapd access logs and saw that the IMTA searchs for a lot of imortant items that are not indexed by default. I added indexes for:
inetUserStatus
mailUserStatus
inetMailGroupStatus
mailEquivalentAddress
mailRoutingAddress
mailMsgMaxBlocks
mailQuota
mailMsgQuota
mailProgramDeliveryInfo
mailDeliveryFileURL
maildeliveryfile
mailConversionTag
mailDeliveryOption
vacationStartDate
vacationEndDate
mailForwardingAddress
memberURL
rfc822mailmember
mailAccessDomain
mailMessageStore
preferredLanguage
mailAllowedServiceAccess
Now a message to everyone that took 24 hours and never went through takes just over a minute to get to 4000 users on my little test server. Smaller dynamic lists are even faster. General performance of message delivery is also faster, as is SMTP response from the client prespective.

NAC Appliance and LDAP Lookup

Hello,
I have two CAM in HA and two CAS in HA.
I configure the LDAP Lookup for create rule to role allocation.
In this configuration are only one windows server to make find the user properties.
There are one problem when this Windows servers is down. There are any configuration to mitigation when the server is not there.
Thank you all.

The LDAP lookup server configs state it uses the LDAP Authentication Provider. The LDAP Authentication Provider says you can have multiple entries in the single field
LDAP
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_auth.html#wp1158614
You can add redundancy for LDAP Authentication servers by entering multiple LDAP URLs in the Server URL field separated by a space, for example:
ldap://ldap1.abc.com ldap://ldap2.abc.com ldap://ldap3.abc.com

Direct LDAP in 5.2

Hi, I am testing out features in 5.2 after an upgrade from NMS 4.15. I couldnt find any benefits of using Dirsync so I switched to direct LDAP mode. The main reason was that if I make a change in the directory I want the mail server to pick it up right away, just like it does in 4.15.
I have noticed that, even in direct LDAP mode, things like changing a users forwarding address or vacation message take about 15 minutes for the mail server to pick up. It does not seem like a direct lookup at all, there must be some type of caching. Has anyone else experienced this, or can someone explain it ?
Thanks,
Mark

I have the same problem.
Did you get any answer for it ?
Vincent

Some things no longer work after switch to direct LDAP mode

Hi,
today i have tried switching to direct ldap mode following the documentation
now i can no longer send mail directed to hosts as
[email protected]
i always get a 5.1.1 unknown or illegal alias:
whereas email@{subdomain}.domain.com is ok, as long as the subdomain is known to the MTA, ie it is an alias object in the DC tree
also, some aliases defined in the file "aliases" are no longer recognized,
for convenience, i had some default forward lines likes
*@domain.com: @otherrelay:*@domain.com
which effectively acted like a smarthost, ie mail to addresses not known in domain.com were forwarded to "otherrelay"
now, probably i could solve the second problem either using a smarthost in the DC tree 's domain config
the first problem, however, puzzles me...it look like if it doesn't find a matching address, and the host is not known as a domain, then further rewrite rules are not applied ?

i found the problem,
in option.dat, DOMAIN_UPLEVEL must be set to 0, in order to have the old behaviour (wildcards in aliasfile, and possibility to send mails directly to specified hosts)
i had set it to 1, in the hope the MTA would be more tolerant to find users (if [email protected] is not found, then maybe it exists at [email protected], so use this instead) as some of our users have quite problems addressing other users in the correct subdomain.

Problem OIM OID Ldap Sync Configuration in 11g.

Hi Team,
I am doing OIM and OID LDAP Sync configuration There It is failed in "Configuration Process" Step.
and also in weblogic OIM Maganaged server in ADMIN mode not in running mode.
please find the both logs.
*********************************Weblogic Logs**********************************************
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<28-Sep-2012 14:07:44 o'clock BST> <Info> <Management> <BEA-141107> <Version: We
bLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
<28-Sep-2012 14:07:47 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:07:47 o'clock BST> <Info> <WorkManager> <BEA-002900> <Initializi
ng self-tuning thread pool>
<28-Sep-2012 14:07:48 o'clock BST> <Notice> <Log Management> <BEA-170019> <The s
erver log file E:\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim
server1\logs\oimserver1.log is opened. All server side log events will be writ
ten to this file.>
28-Sep-2012 14:07:56 oracle.security.am.common.nap.util.NAPLogger log
SEVERE: Failed to communicate with any of configured Access Server, ensure that
it is up and running.
<28-Sep-2012 14:07:57 o'clock BST> <Notice> <Security> <BEA-090082> <Security in
itializing using security realm myrealm.>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STANDBY>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:08:20 o'clock BST> <Warning> <oracle.jps.upgrade> <JPS-06003> <C
annot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason oracle.s
ecurity.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The c
redential with map ADF and key anonymous#oimBpelCredKey already exists..>
<28-Sep-2012 14:08:21 o'clock BST> <Warning> <oracle.adf.share.ADFContext> <BEA-
000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic initializati
on is performed improperly.
This message may be avoided by performing initADFContext before using getCurrent
To see the stack trace for thread that is initializing this, set the logging lev
el of oracle.adf.share.ADFContext to FINEST>
<28-Sep-2012 14:08:24 o'clock BST> <Error> <Deployer> <BEA-149205> <Failed to in
itialize the application 'oim [Version=11.1.1.3.0]' due to error oracle.iam.plat
form.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
Caused By: oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\Oracle_IDM1\server\apps\spml-xsd.ear/META-INF/application.xml
. A version attribute is required, but this version of the Weblogic Server will
assume that the JEE5 is used. Future versions of the Weblogic Server will reject
descriptors that do not specify the JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim_server1\tmp\_WL_
user\spml-xsd\s8d2b9/META-INF/application.xml. A version attribute is required,
but this version of the Weblogic Server will assume that the JEE5 is used. Futur
e versions of the Weblogic Server will reject descriptors that do not specify th
e JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Emergency> <Deployer> <BEA-149259> <Server '
oim_server1' in cluster 'OIM_Cluster' is being brought up in administration stat
e due to failed deployments.>
Loading xalan.jar for XPathAPI.
14:08:30 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] -
----------------- NEXAWEB SERVER LICENSE ------------------
- Customer ID : 122
- License type : Enterprise
- Max unique IPs : unlimited
- Max XUL sessions : unlimited
- Max CPUs/server : unlimited
- Clustering allowed : true
- Expiration date : none
Nexaweb Technologies Inc.(C)2000-2004. All Rights Reserved.
Nexaweb Technologies Inc.
10 Canal Park
Cambridge, MA 02141
Tel: 617.577.8100. Email: [email protected]
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Clustering is OFF.
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet Engine: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PD
T 2011 1398638 Oracle WebLogic Server Module Dependencies 10.3 Thu Mar 3 14:37:5
2 PST 2011 Oracle WebLogic Server on JRockit Virtual Edition Module Dependencies
10.3 Thu Feb 3 16:30:47 EST 2011
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet API Version: 2.5
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server Info = Nexaweb Server 3.3.1072
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server initialized successfully.
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Log Management> <BEA-170027> <The S
erver has established connection with the Domain level Diagnostic Service succes
sfully.>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000197> <Listening fo
r announcements from cluster using unicast cluster messaging>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000133> <Waiting to s
ynchronize with other running members of OIM_Cluster.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[2]" is now listening on 127.0.0.1:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[3]" is now listening on 0:0:0:0:0:0:0:1:14000 for protocols iiop, t3, CLUSTE
R-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[1]" is now listening on fe80:0:0:0:0:5efe:a2f:f22a:14000 for protocols iiop,
t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Warning> <Server> <BEA-002611> <Hostname "UK
SHWTOAP03A.skandia.co.uk", maps to multiple IP addresses: 10.47.242.42, 0:0:0:0:
0:0:0:1>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult" is now listening on 10.47.242.42:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000330> <Start
ed WebLogic Managed Server "oim_server1" for domain "IAM_domain" running in Prod
uction Mode>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to ADMIN>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000360> <Serve
r started in ADMIN mode>
**********************************OIM OID Ldap Sync Configuration Logs****************************
[2012-09-28T14:49:11.171+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Updating Ldap Sync Configuration
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] ENTRY
[2012-09-28T14:49:11.171+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] Create the Database connection
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: createDBConnection] ENTRY
[2012-09-28T14:49:11.296+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] isLIBOVD:true
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] ENTRY
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
Updated LDAP Server Details in mds schema
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.812+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [OIM_CONFIG] Updated LDAPContainerRules.xml.
[2012-09-28T14:49:11.812+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: mdsMetadata] [SRC_METHOD: loadEventhandler] RETURN
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Created jobs using seedSchedulerData. Log location C:\Program Files\Oracle\Inventory\logs
[2012-09-28T14:49:14.687+01:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] File not found[[
java.io.FileNotFoundException: File not found
     at java.util.zip.ZipFile.open(Native Method)
     at java.util.zip.ZipFile.<init>(ZipFile.java:117)
     at java.util.jar.JarFile.<init>(JarFile.java:135)
     at java.util.jar.JarFile.<init>(JarFile.java:72)
     at oracle.as.install.oim.config.util.RoleSODJarUtil.updateFile(RoleSODJarUtil.java:32)
     at oracle.as.install.oim.config.OIMConfigManager.configureOIM(OIMConfigManager.java:783)
     at oracle.as.install.oim.config.OIMConfigManager.doExecute(OIMConfigManager.java:538)
     at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:335)
     at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:87)
     at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:104)
     at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
     at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:63)
     at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:158)
     at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
     at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:83)
     at java.lang.Thread.run(Thread.java:662)
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Failed configuration step Configure OIM Server
[2012-09-28T14:49:14.702+01:00] [as] [ERROR] [] [oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] One or More configurations failed. Exiting
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:CONFIG
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INTERVIEW
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INSTALL
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:COPY
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:LINK
[2012-09-28T14:49:14.765+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:21.461+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:27.914+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
Regards,
Ravi.

Your log files too give some hint... Please verify whether following files like .xldatabasekey are present in your environment:-
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
I doubt whether OIM is properly installed in your environment otherwise .xldatabasekey would have been present in <DOMAIN_HOME>/config/fmwconfig..
Also, as far as Weblogic starting in ADMIN mode is concerned, you may try to do the following...
ps -eaf| grep AdminServer
Kill the process
Then remove the lok file. i.e. Lock files...
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/oim_server1/tmp/*oim_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/soa_server1/tmp/*soa_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/AdminServer/tmp/*AdminServer.lok*
After that
Take the backup of /home/oracle/Oracle/Middleware/user_projects/domains/<DOMAIN_HOME>/servers/AdminServer/data/ldap/ldapfiles (I mean CUT this folder and save it in Backup folder..
Share the result with us....

Open LDAP Authenticator Configuration on WLSSP5

I have problems in the open LDAP authenticator configuration on Weblogic Server with Service Pack 5. I have users on OpenLDAP Server that do not belong to any group. My LDIF file contents are as given below.
dn: dc=my-domain,dc=com
dc: my-domain
objectClass: dcObject
objectClass: organization
o: MYABC, Inc
dn: cn=Manager, dc=my-domain,dc=com
userPassword:: c2VjcmV0
objectClass: person
sn: Manager
cn: Manager
dn: cn=myabcsystem, dc=my-domain,dc=com
userPassword:: dmVuZGF2b3N5c3RlbQ==
objectClass: person
sn: myabcsystem
cn: myabcsystem
dn: cn=Philippe, dc=my-domain,dc=com
userPassword:: UGhpbGlwcGU=
objectClass: person
sn: Philippe
cn: Philippe
dn: cn=mlrick, dc=my-domain,dc=com
userPassword:: bWxyaWNr
objectClass: person
sn: mlrick
cn: mlrick
All these users appear in the Users tab after configuration on the console only if LDAP Server is up. While I select group tab, I get errors indicating BAD SEARCH Filter.
Inspite of me not having any groups in the ldap as indicated in ldif contents.
While I try to login t the application with this LDAP configuration, I do not get any errors. LDAP authentication is not happening with just the LDAP authenticator in place. Even if I stop the LDAP server, I do nto get any exceptions while trying ot login. The config params for the Open LADP are as given below
<weblogic.security.providers.authentication.OpenLDAPAuthenticator
AllGroupsFilter="objectclass=*"
Credential="{3DES}rGCpYmhaIorI99BjZ2u6Fg=="
GroupBaseDN="dc=my-domain,dc=com"
GroupFromNameFilter="(cn=%u)"
Name="Security:Name=MYABCAuthenticationOpenLDAPAuthenticator"
Principal="cn=myabcsystem,dc=my-domain,dc=com"
Realm="Security:Name=MYABCAuthentication"
StaticGroupDNsfromMemberDNFilter=""
StaticGroupNameAttribute="" StaticGroupObjectClass=""
StaticMemberDNAttribute="" UserBaseDN="dc=my-domain, dc=com"/>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <LDAP ATN LoginModule initialized>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <LDAP Atn Login>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <LDAP Atn Login username: bob>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <getConnection return conn:LDAPConnection { ldapVersion:2 bindDN:""}>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <authenticate user:bob>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <getDNForUser search("ou=people,ou=MYABCAuthentication,dc=myabc", "(&(uid=bob)(objectclass=person))", base DN & below)>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <returnConnection conn:LDAPConnection { ldapVersion:2 bindDN:""}>
CAN ANYONE HELP ME IDENTIFY WHAT IS THE ISSUE. Why is the authentication not happening?

Hi Amol,
I've seen this happen at least two times in 11.1.1.1 installs. You can safely restart and then add the service back again. Suggest you reboot after you re-add the service back or cycle all the Hyperion services.
I was not aware you could install the service with that command.
I used the below command instead:
sc create OpenLDAP-slapd start= auto binPath= "D:\Hyperion\...\slapd.exe service" DisplayName= "Hyperion Shared Services OpenLAP"
Regards,
-John

Secure LDAP lookup with 2005Q4 Outlook Connector 7 not working

Hello all,
I have Sun Java(TM) System Directory Server/5.2_Patch_4 B2005.230.0041 (64-bit) installed and the latest 2005Q4 Calendar, Messaging and UWC Server. When testing the Outlook Connector, I can get the 2005Q1 version 7 connector to work just fine with all features. I uninstalled the 2005Q1 connector and installed the 2005Q4 connector into a new profile and everyting works expect if I try to make the LDAP lookups secure for the global address list. Changing the port to 636 for ldap causes Outlook to timeout on the lookup. I checked the directory server logs and noticed that the secure connection is being made without errors, but after a minute an ABANDON operation takes place on the secure connection and Outlook gives up. When using port 389 for lookups, the Connector has no issues.

Jay,
I think I found the fix. I upgraded the 2005Q1 -> 2005Q4 Sun Java Connectory Deployment Tool. After I uninstalled the deployment tool and then reinstalled the 2005Q4 I was able to create and .exe and create an Outlook profile that did not have any LDAP over SSL problems.

Problem with Direct LDAP

Hi Jay,
I am having a problem with the switch to Direct LDAP. I am finally doing it on my production server. Using ldap 4.16 currently. Once I get this working I am upgrading to 5.2
We have a server that holds messages until a user releases them. This server is called ewall.mydomain.com.
They get a message in their inbox that allows them to click on a link to send the ewall server a message to release the held mail.
the link would look like this:
[email protected]
(all on one line)
This worked just fine in dirsync mode but after switching to Direct Ldap I get an 5.1.1 unknown or illegal alias when the user tries to send the message. If I switch back to dirsync mode it works fine again. Everything else is working fine.
Any ideas?
Thanks
Don

Well, it means that for some reason, your [email protected]
user isn't being picked up in the direct ldap.
It could be that your domain is "mydomain.com", and the user is in "ewall.mydomain.com". dirsync assumes that subdomains are part of an overall domain
direct ldap doesn't, unless you set
domain_uplevel=3 in your option.dat, and recompile

MTA Direct LDAP Lookup Configuration

Similar Messages

Maybe you are looking for