Multiple base DN while adding LDAP server

Similar Messages

• Error while adding essbase server(V9.3.1)

  Hi All,
  I have installed all essbase related products and configured everything thru configuration utility successfully.But while adding essbase server through ADMINISTARTION SERVICES CONSOLE,I got the following error.
  ============================================>
  Error: -1 com.essbase.eas.net.remote.RemoteStartException: Unable to connect to server LENOVO-91845925. Reason: Connection timed out: connect
  The server might not be running.
  LENOVO-91845925 com.essbase.eas.essbase.defs.ServerCommands.Connect July 27, 2008 9:32:06 PM PDT Failed : 1051293 Login fails due to invalid login credentials
  Error: 1051293 Login fails due to invalid login credentials
  Essbase Server: LENOVO-91845925 com.essbase.eas.essbase.defs.ServerCommands.Connect July 27, 2008 9:32:06 PM PDT
  Error: 1051293: Login fails due to invalid login credentials ------------------------------------------------------------------------------------------------------->
  I am sure that I am giving correct credentials as I did it couple of times.I just added the essbase server as LOCALHOST and username as ADMIN and password as PASSWORD and confirm password as PASSWORD.I am not sure where I am making mistake.or Do I need to configure anything after adding the ADMINISTARTION SERVER through CONSOLE.
  Please let me know if you have any idea on this.
  Thanks in Advance..

  Hi Sandeep,
  Yes,While configuring essbase server,it has asked me to provide userid and password twice.
  First time:
  By default it came with userid as hypuser.But i changed it to essadmin(This is the user which i have created in database specifcally for essbase).
  Second Time:
  After the above step is completed ,when i click next,It was asking the for userid.By default it came with admin.I left it as it is and provided password as password.
  After this it took several mins to configure and finally came out successfully.
  Now my doubt is that Do I need to provide essadmin(which i have given while configuring essbase server) while adding essbase server through CONSOLE?.
  Thanks.

• Error while adding LDAP group

  Hi, I configured LDAP authentication on BOXI R2 SP3 on IIS. The settings are as given below.
  To change a setting, click on the value to start the LDAP Configuration Wizard.  I have replaced few entries with XXXX and YYYY due to security.
  LDAP Hosts: nccXXX.XXX.YYYY.XX.YY:636
  LDAP Server Type: Novell eDirectory
  Base LDAP Distinguished Name: ou=XXXXX,dc=YY
  LDAP Server Administration Distinguished Name: cn=XXX,o=YYYYY
  LDAP Referral Distinguished Name: ""
  Maximum Referral Hops: 0
  SSL Type: Server Authentication
  Server Side SSL Strength: Always accept server certificate
  Single Sign On Type: None
  When I add any new group then its not added and I get below error message in the Logging directory  for WCA.
  Error: 2009-08-24 14:56:30, Thread:161, WriteData::_Flush catch unexcepted exception, source: System.Web, message: Specified argument was out of the range of valid values.
  Parameter name: offset, stack:    at System.Web.HttpResponseStream.Write(Byte[] buffer, Int32 offset, Int32 count)
     at BusinessObjects.Enterprise.WebComponentAdapter.WriteData._Flush(IntPtr handle)
  Can anyone help to find if LDAP is configured correctly before adding group?
  Thanks,

  Resolved. It was due to wrong LDAP group given to me.
  Thanks,

• "untrusted server cert chain" exception while connecting LDAP server

  While connecting to LDAP server using JNDI over JSSE ..This is happening when trying to get the initial context
  using
  InitialDirContext initContext = new InitialDirContext(env);
  where env is a hash table set with the default parametes.The certificate used for is a Novell CA certificate converted to X509 format and the key store is initialized with this

  This got resolved when in the code the following
  System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
  where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
  in X509 format

• Adding LDAP-server (OID) to Cloud Control

  Hi ,
  we have installed the LDAP-server (Oracle Fusion Middleware) on a host without the WebLogic - therefore it's just the LDAP-server running on that host.
  Now we would like to add the LDAP-server as a target to the Cloud Control - but haven't found a way to do that through the GUI (when using the GUI you always need to add informations about the WebLogic, e.g. Domain, ...).
  Is it possible just to add the LDAP-server to the Cloud Control?
  Any help will be appreciated!
  Rgds
  Jan

  HI VivaLaVida,
  Please take a look at the following EM12c documentation:
  http://docs.oracle.com/cd/E24628_01/doc.121/e24473/security.htm#BABGAGIJ
  You can connect EM12c with the following authentication systems:
  •Oracle Access Manager (OAM) SSO
  •Repository-Based Authentication
  •SSO-Based Authentication
  •Enterprise User Security Based Authentication
  •LDAP Authentication Options: Oracle Internet Directory and Microsoft Active Directory
  for OID there are non-GUI configuration methods:
  http://docs.oracle.com/cd/E24628_01/doc.121/e24473/security.htm#autoId12

• Error while adding the server in Redwood CPS

  Hi All,
  Iam getting the following error when addiing the SAP server in Redwood CPS.
  "SAP System XXXXXAn isolated SAP system can't be created in the GLOBAL partition"
  Can any
  Regards
  Kiran

  Hello,
  As per the installation guide you should create an Isolation group first and then create the SAP system when connected in that Isolation group. See also forum entry [here|Re: Create SAP Sytem in Cronacel]
  Regards Gerben

• JavaScript Error when adding the Server Behaviors for insert Record in php_mysql

  Hi guys,
  I am using Adobe DreamWeaver CS4.
  Here is the Scenerio, i am doing  php mysql driven website.
  While adding the server behavior for insert record i got following error
  Plz help me..
  Thanks in Advance
  RafelNash

  Have you found a fix to this??

• An error occurred while contacting the LDAP server.

  An error occurred while contacting the LDAP server.
  (No such object)
  The server could not locate the entry. If adding a new entry, be sure that the parent of the entry you are trying to add exists. If you received this error while searching or viewing an entry, it indicates that the entry which was being searched for does not exist.

  I did the silly thing, i gave Base DN as o=domainname.com,which is supposed to give like dc=domainname, dc=com and restarted the server. LDAP works fine.

• Why do I get error "The LDAP server is unavailable" while connecting to external domain via sync connection in SharePoint UPSA ?

  Hello,
  I am trying to connect to external domain via UPS Account having "Replicate Directory changes" permission on external domain while creating sync connection in UPSA.
  I have checked below URLS :
  http://social.technet.microsoft.com/Forums/en-US/1912bf88-8fec-4b5d-9d1e-a42db8318e33/ldap-server-is-unavailable-sharepoint-2010-user-synchronization?forum=sharepointadminprevious
  http://social.technet.microsoft.com/Forums/en-US/6525d3aa-9197-42a2-aea0-190b84ac8356/the-ldap-server-is-unavailable?forum=sharepointadminprevious
  And looks like its network connectivity issue - and hence I have verified that port 389 is open by infra team.
  Note : I am able to connect to local AD , does it make sense that port is not open for external domain ? 
  Can anyone please let me know what can be the issue ? 
  Your help will be highly appreciated as I am struggling to fix this issue since  quite long time but no luck yet.
  Thank you in advance.
  Kind regards,
  Dipti Chhatrapati

  Hi Dipti,
  If you have Two-Way trust relationship then not sure if you have tried below:
  Create a folder on the SharePoint server
  Go to Folder properties - Security tab
  Try adding user of the external domain on the folder
  Please let us know if you are able to add the user or not. If you are able to add then it means that the connection and trust is proper and you should be able to create sync connection in UPA without any issues or else there is some issue with the connectivity
  or the trust which is configured.
  Please also make sure that you have given permissions to sync account as per below TechNet:
  http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
  Replicate Directory changes permissions are also required on cn=configuration container, below are the steps:
  Grant Replicate Directory Changes permission on the cn=configuration container
  Use this procedure to grant Replicate Directory Changes permission on the cn=configuration container to an account.
  To grant Replicate Directory Changes permission on the cn=configuration container
  On the domain controller, click Start, click Run, type adsiedit.msc, and then click OK.
  If the Configuration node is not already present, do the following:
  In the navigation pane, click ADSI Edit.
  On the Action menu, click Connect to.
  In the Connection Point area of the Connection Settings dialog box, click Select
  a well know Naming Context, select Configuration from the drop-down list, and then click OK.
  Expand the Configuration node, right-click the CN=Configuration... node, and then click Properties.
  In the Properties dialog box, click the Security tab.
  In the Group or user names section, click Add.
  Type the name of the synchronization account, and then click OK.
  In the Group or user names section, select the synchronization account.
  In the Permissions section, select the Allow check box next to the Replicating
  Directory Changes (Replicate Directory Changes on Windows Server 2003) permission, and then click OK.
  Kind regards,
  Bhavik K Jain
  Please ensure that you mark a question as Answered once you receive a satisfactory response.

• Secure LDAP with Multiple DPS's on Single Physical Server

  I am having an issue connecting to the directory server over SSL via the directory proxy server. I have enabled SSL and tested successfully in some situations, however this situation is unique.
  DPS 5.2 patch 4
  Directory Server patch 4
  I have applied the neccessary hotfixes from sun to resolve the SSL issues.
  There are 3 physical servers. 2 of those servers each have 2 instances of directory proxy server running. The 3rd server has 2 separate Directory Server instances running (1 for enterprise authentication, 1 for Access Manager). Each physical proxy server has 1 instance running for each Directory server instance (1 enterprise LDAP, 1 AM LDAP). All 4 proxy instances can connect successfully to the Directory Masters over the unsecure ports (389 for enterprise LDAP, 55389 for AM LDAP). On the proxy servers, only the initial proxy instance can connect to the secure port successfully. For instance, on server 1 first the DPS for enterprise LDAP was installed then a DPS for AM LDAP was added. Only the enterprise proxy instance can connect successfully over SSL. On server 2 initially the AM LDAP instance was installed and then an enterprise LDAP instance was added. In this case only the AM LDAP instance can connect successfully.
  For both instances of the proxy the appropriate certificates have been installed and verified. I can use the dps-instance-cert8.db for the working and non working DPS instances and successfully connect to the Directory Master using ldapsearch from the directory proxy server.
  When I do ldapsearch I receive the following error on the second instances:
  ldap_simple_bind: Can't contact LDAP server
  SSL error -12271 (SSL peer cannot verify your certificate.)
  Certificates:
  bash-2.05$ /jes/ds52/shared/bin/certutil -L -d /jes/ds52/alias -P dps-instance1-
  LDAP Development Pu,u,u
  CMS SUN CERTIFICATE AUTH 2023 CT,,
  bash-2.05$ /jes/ds52/shared/bin/certutil -L -d /jes/ds52/alias -P dps-instance2-
  LDAP Development Pu,u,u
  CMS SUN CERTIFICATE AUTH 2023 CT,,
  Each use the same server cert, the host is �*.test.com�, using the asterisk so the hostname shouldn�t matter.
  DPS INSTANCE 1 � Success
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385609] TCP_NODELAY was set on socket 3
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   310200] Success with enabling socket 16 for blocking
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   323705] ( xxx.xx.xxx.xx+ 636) syncConnection success.
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385609] TCP_NODELAY was set on socket 16
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [TRACE] [   520503] Connection established to condo101.cms.hhs.gov
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300771] Promoting socket 16 via socket 1.
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300751] Socket 16, success with SSL_HANDSHAKE_AS_CLIENT
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385701] Success with sessionPromote to SSL for socket 16.
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385704] Success with setting SSL_AuthCertificateHook callback
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385705] Success with setting SSL_BadCertHook callback
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385706] Success with setting SSL_HandshakeCallBack
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   302019] Success with SSL_SetPKCS11PinArg (socket 16)
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385748] SSL_SetURL skipped on socket 16 (null url)
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385803] Success with SSL_ResetHandshake as client (socket 16)
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385739] Certificate possesses valid times on socket 16
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385745] For socket 16, pinArg does possess a value.
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   302024] Success with CERT_VerifyCertNow (checking signature, usage: "certUsageSSLServer").
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385725] Certificate accepted on socket 16
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300754] Success with handshake on socket 16
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385746] SSL_ForceHandshake success on socket 16
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [TRACE] [   171210] [client(       xxx.xxx.xxx.xxx,   3)] [server(  xxx.xx.xxx.xx+  636,  16)] Connection via SSL session
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [STAT/CONN] [   171211] [client(       xxx.xxx.xxx.xxx,   3)] Accepting connection via network-group-1
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   310200] Success with enabling socket 3 for blocking
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300771] Promoting socket 3 via socket 0.
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300750] Socket 3, success with SSL_HANDSHAKE_AS_SERVER
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385701] Success with sessionPromote to SSL for socket 3.
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385704] Success with setting SSL_AuthCertificateHook callback
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385705] Success with setting SSL_BadCertHook callback
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385706] Success with setting SSL_HandshakeCallBack
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300801] Success with setting SSL_REQUEST_CERTIFICATE (1)
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300802] Success with setting SSL_REQUIRE_CERTIFICATE (0)
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300405] Success with SSL configuration on socket 3
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385803] Success with SSL_ResetHandshake as server (socket 3)
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300406] Success with SSL promotion on socket 3
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [TRACE] [   390307] [client(       xxx.xxx.xxx.xxx,   3)] [server(  xxx.xx.xxx.xx+  636,  16)] Success with OnSSLEstablished rule... continuing
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300754] Success with handshake on socket 3
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385713] Read on socket 3. Received 42 byte(s)
  May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385716] ber_get_next (socket 3) returned complete PDU
  DPS INSTANCE 2 � FAILING
  ldapsearch -h server123 -p 55636 -P /<serverroot>/alias/dps-server123-cert8.db -D "cn=directory manager" -s base -w adminjes -b dc=cms,dc=hhs,dc=gov objectclass=*
  ldap_simple_bind: Can't contact LDAP server
  SSL error -12271 (SSL peer cannot verify your certificate.)
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   300901] Successful match of xxx.xxx.xxx.xxx+36383 against ALL
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   110999] In permit_connection_from_ip(), The counter for IP:xxx.xxx.xxx.xxx is now 2 and the limit is 0
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385609] TCP_NODELAY was set on socket 15
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   310200] Success with enabling socket 16 for blocking
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   323705] ( xxx.xx.xxx.xx+55636) syncConnection success.
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385609] TCP_NODELAY was set on socket 16
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   520503] Connection established to condo101.cms.hhs.gov
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300771] Promoting socket 16 via socket 1.
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300751] Socket 16, success with SSL_HANDSHAKE_AS_CLIENT
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385701] Success with sessionPromote to SSL for socket 16.
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385704] Success with setting SSL_AuthCertificateHook callback
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385705] Success with setting SSL_BadCertHook callback
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385706] Success with setting SSL_HandshakeCallBack
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   302019] Success with SSL_SetPKCS11PinArg (socket 16)
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385748] SSL_SetURL skipped on socket 16 (null url)
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385803] Success with SSL_ResetHandshake as client (socket 16)
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385739] Certificate possesses valid times on socket 16
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385745] For socket 16, pinArg does possess a value.
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   302024] Success with CERT_VerifyCertNow (checking signature, usage: "certUsageSSLServer").
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385725] Certificate accepted on socket 16
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300754] Success with handshake on socket 16
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385746] SSL_ForceHandshake success on socket 16
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   171210] [client(       xxx.xxx.xxx.xxx,  15)] [server(  xxx.xx.xxx.xx+55636,  16)] Connection via SSL session
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   310200] Success with enabling socket 15 for blocking
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300771] Promoting socket 15 via socket 0.
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300750] Socket 15, success with SSL_HANDSHAKE_AS_SERVER
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385701] Success with sessionPromote to SSL for socket 15.
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385704] Success with setting SSL_AuthCertificateHook callback
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385705] Success with setting SSL_BadCertHook callback
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385706] Success with setting SSL_HandshakeCallBack
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300801] Success with setting SSL_REQUEST_CERTIFICATE (1)
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300802] Success with setting SSL_REQUIRE_CERTIFICATE (1)
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300405] Success with SSL configuration on socket 15
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385803] Success with SSL_ResetHandshake as server (socket 15)
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300406] Success with SSL promotion on socket 15
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   390307] [client(       xxx.xxx.xxx.xxx,  15)] [server(  xxx.xx.xxx.xx+55636,  16)] Success with OnSSLEstablished rule... continuing
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [NOTICE] [   385721] Read on socket 15 failed.
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [NOTICE] [   385721] SSL_ERROR_BASE + 3, NSPR error: -12285 (0xffffd003). Native errno is: 11
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385714] ber_get_next (socket 15) returned LBER_DEFAULT
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385714] SSL_ERROR_BASE + 3, NSPR error: -12285 (0xffffd003). Native errno is: 11
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [EXCEPTION] [   301006] Unexpected error on socket 15. (Error: -12285).
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   190401] [server(  xxx.xx.xxx.xx+55636,  16)] Input was not a BER encoding or connection closed: source( xxx.xxx.xxx.xxx, 15)
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   190401] [server(  xxx.xx.xxx.xx+55636,  16)] SSL_ERROR_BASE + 3, NSPR error: -12285 (0xffffd003). Native errno is: 11
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   171505] [server(  xxx.xx.xxx.xx+55636,  16)] Entering recycle_inner_connection
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   301201] Closing connection to: xxx.xx.xxx.xx+55636 (socket 16)
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   301201] Closing connection to: xxx.xxx.xxx.xxx (socket 15)
  May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   110998] In done_connection_from_ip(), The counter for IP:xxx.xxx.xxx.xxx is now 1 and the limit is 0

  In these situations it's important to separate SSL level issues from LDAP issues. I've had good results using "openssl s_client" to investigate and debug SSL/TLS level issues. I point it at the LDAP server and it sets up a connection handling the SSL layers and giving lots of diagnostics about SSL and the X.509 certificates in use.
  Try looking for things like whether the SubjectAltName and/or Issuer's CN contain the same hostname you are using to connect.
  After giving you the diagnostics it will be waiting with your stdin/stdout connected to the application via SSL (which could make you think it's hanging). Since you're probably not going to be typing the LDAP protocol by hand you want to abort s_client at this point (or type something that Directory Server will reject as a LDAP protocol error).
  You can get openssl from the usual places: blastwave.org & sunfreeware.com.
  Hopefuly this will help,
  -Scott-

• Multiple IT Resources for LDAP Server?

  All,
  I have a client with several Sun Java System Directory Server (SJSDS) instances, each containing separate user repositories. The schemas for each SJSDS instance have been customised - uid is not the user identifier attribute, nor is inetorgperson the user objectClass.
  I have imported the SJSDS connector and am stuck at how I can represent these multiple real-world SJSDS instances in OIM. I understand that I can create separate IT Resources for each SJSDS instance, complete with their individual hostnames and IP addresses; this makes sense. However, according to the "Extending the Functionality" guide (http://download.oracle.com/docs/cd/E11223_01/doc.904/e10446/custom.htm#CIHDDEGA), the user identifier attribute and objectClass seem to be defined at the connector level through the Lookup.iPlanet.Configuration Lookup Definition? Am I correct in therefore assuming that this means all of my LDAP Server IT Resources have to share the same user identifier attribute and objectClass?
  Can anyone suggest how I might be able to define unique settings for attributes such as the user identifier attribute and objectClass for each LDAP Server IT Resource? What is the standard approach?
  Also, I read that there is a one-to-one relationship between a process task and its adapter. Does this therefore mean that I should create separate "Create User" adapters for the Process Definition associated with each IT Resource implemented?
  Any guidance / clarification would be greatly appreciated :-)
  Damian

  See this is the underlying assumption for multiple instances creation in OIM for any target system:
  - Create multiple IT Resources of same IT Resource type. Each one will have individual connection parameters specified in it. You know that.
  - Now while provisioning, you just select anyone of this IT Resource as required, so your request is directed towards the required target.
  Note
  - It considers that you are always provisioning same attributes to all those targets because you will always see same process form for all targets.
  - You have same objectClass for all.
  - You have same 'Unique Attribute' and 'Key Fields' for reconciliation.
  - Although you can modify the IT Resource for providing different attribute list for prov and recon based on your target system by providing different values for look up's in place of- AttrName.Prov.Map.iPlanet and AttrName.Recon.Map.iPlanet. But since RO, Process Form etc all are same so no such real usage.
  Note - Lookup - 'AttrName.Prov.Map.iPlanet' has got one attribute objectclass. See if modifying it works. But in OIM process form, attributes will always be same
  Work-Around if above doesn't work
  The only thing you can do is replicate one instance of SJSDS multiple times within OIM for every OIM object. Say if you want 5 different instances of SJSDS then like following:
  - Create 5 identical RO, Process Form, rules, Process Definition, Lookup's etc within xml for every OIM object that you thing will change for all these 5 instances. If anything is common then let all the 5 refer to it. Do it by copying + renaming xml.
  - Now import everything in OIM. So now you can see 5 different RO like SJSDS1, SJSDS2 ,SJSDS3 .. etc for all these 5 instances and they will behave differently with no overlapping and you can configure these individually.
  - But this is very critical procedure. You need to take proper care while replicating.
  Hope it helps.
  Thanks
  Sunny
  Edited by: rajsunny

• Error Message while adding Item in Item Master Data- [Microsoft][SQL Server Native Client 10.0][SQL Server]Conversion failed when converting the nvarchar value 's008 01' to data type int. (CINF)

  Dear Experts
  I am getting the following error message while adding item in Item Master data. I have modified the following SBO_SP_transactionNotification in SQL server after that could not able to add the item
  ALTER proc [dbo].[SBO_SP_TransactionNotification]
  @object_type nvarchar(20),                      -- SBO Object Type
  @transaction_type nchar(1),               -- [A]dd, [U]pdate, [D]elete, [C]ancel, C[L]ose
  @num_of_cols_in_key int,
  @list_of_key_cols_tab_del nvarchar(255),
  @list_of_cols_val_tab_del nvarchar(255)
  AS
  begin
  -- Return values
  declare @error  int                       -- Result (0 for no error)
  declare @error_message nvarchar (200)           -- Error string to be displayed
  select @error = 0
  select @error_message = N'Ok'
  --    IF @OBJECT_TYPE = '59' AND (@TRANSACTION_TYPE = 'A' or @TRANSACTION_TYPE = 'U')
    BEGIN
     IF EXISTS(
      SELECT T0.Price FROM IGN1 T0
      where  IsNull(T0.Price, '0') = '0' and T0.DocEntry = @list_of_cols_val_tab_del)
     BEGIN
      SELECT @ERROR=1,@ERROR_MESSAGE='Please insert the price !'
    END
  end
  -- Select the return values
  select @error, @error_message
  end

  Hi Rathna,
  Just put the SP like this, without the -- before the IF. A -- marks the line as a command therefore you need to uncomment and it will work.
  IF @OBJECT_TYPE = '59' AND (@TRANSACTION_TYPE = 'A' or @TRANSACTION_TYPE = 'U')
    BEGIN
     IF EXISTS(
      SELECT T0.Price FROM IGN1 T0
      where  IsNull(T0.Price, '0') = '0' and T0.DocEntry = @list_of_cols_val_tab_del)
     BEGIN
      SELECT @ERROR=1,@ERROR_MESSAGE='Please insert the price !'
    END
  end
  Hope it helps

• Is it possible to create multiple LDAP server in the same bi11g application

  Hi,
  they are 8 location users are acessing my report.now i am trying to implementing LDAP server for the user security in my obiee11g application. is it possible to configure/implement multiple LDAP server in the same BI server.
  Thanks
  Deva

  YES. refer http://total-bi.com/2011/07/multiple-ldap-authentication-providers-in-obiee-11-1-1-5/

• Server 3.1.2: Unable to locate search base: -1 Can't contact LDAP server

  Hello all—
  I've been getting repeated errors below in my system.log.  I'm running OS X 10.9.3 with Server version 3.1.2.  I've replaced my actual server name with "my.servername.net" in the log entries. Thanks for any advice!  —michael
  May 30 17:47:03 leo com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 7 seconds
  May 30 17:47:04 my.servername.net PasswordService[1345]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
  May 30 17:47:04 leo com.apple.launchd[1] (com.apple.PasswordService[1345]): Exited with code: 1
  May 30 17:47:04 leo com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
  May 30 17:47:06 my.servername.net xscertd-helper[1351]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting
  May 30 17:47:06 leo com.apple.launchd[1] (com.apple.xscertd-helper[1351]): Exited with code: 1
  May 30 17:47:06 leo com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds
  May 30 17:47:09 my.servername.net xscertd[335]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.)
  May 30 17:47:14 my.servername.net PasswordService[1363]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  May 30 17:47:14 my.servername.net PasswordService[1363]: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
  May 30 17:47:14 my.servername.net PasswordService[1363]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  May 30 17:47:14 my.servername.net PasswordService[1363]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
  May 30 17:47:14 leo com.apple.launchd[1] (org.openldap.slapd[1359]): Exited with code: 1
  May 30 17:47:14 leo com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 7 seconds
  May 30 17:47:14 my.servername.net PasswordService[1363]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
  May 30 17:47:14 leo com.apple.launchd[1] (com.apple.PasswordService[1363]): Exited with code: 1
  May 30 17:47:14 leo com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
  May 30 17:47:16 my.servername.net xscertd-helper[1365]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting
  May 30 17:47:16 leo com.apple.launchd[1] (com.apple.xscertd-helper[1365]): Exited with code: 1
  May 30 17:47:16 leo com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds
  May 30 17:47:20 my.servername.net xscertd[335]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.)
  May 30 17:47:24 my.servername.net PasswordService[1375]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  May 30 17:47:24 my.servername.net PasswordService[1375]: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
  May 30 17:47:24 my.servername.net PasswordService[1375]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  May 30 17:47:24 my.servername.net PasswordService[1375]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
  May 30 17:47:25 leo com.apple.launchd[1] (org.openldap.slapd[1371]): Exited with code: 1
  May 30 17:47:25 leo com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 7 seconds
  May 30 17:47:25 my.servername.net PasswordService[1375]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
  May 30 17:47:25 leo com.apple.launchd[1] (com.apple.PasswordService[1375]): Exited with code: 1
  May 30 17:47:25 leo com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
  May 30 17:47:26 my.servername.net xscertd-helper[1377]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting
  May 30 17:47:26 leo com.apple.launchd[1] (com.apple.xscertd-helper[1377]): Exited with code: 1
  May 30 17:47:26 leo com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds
  May 30 17:47:30 my.servername.net xscertd[335]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.)

  Unfortunately this problem wasn't solved this way.  After dragging the Server.app to the trash and then retrieving it ("Put Back") and launching it, and re-starting services, my problem still persists.
  Here are relevant system.log file entries. (Note the hostname is "leo"—I've changed the FQDN to leo.myservername.net):
  Jun  6 22:57:31 leo.myservername.net PasswordService[1011]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
  Jun  6 22:57:31 leo com.apple.launchd[1] (com.apple.PasswordService[1011]): Exited with code: 1
  Jun  6 22:57:31 leo com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
  Jun  6 22:57:32 leo.myservername.net xscertd-helper[1014]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting
  Jun  6 22:57:32 leo com.apple.launchd[1] (com.apple.xscertd-helper[1014]): Exited with code: 1
  Jun  6 22:57:32 leo com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds
  Jun  6 22:57:34 leo.myservername.net xscertd[333]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.)
  Jun  6 22:57:40 leo com.apple.launchd[1] (org.openldap.slapd[1016]): Exited with code: 1
  Jun  6 22:57:40 leo com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 7 seconds
  Jun  6 22:57:40 leo.myservername.net com.apple.SecurityServer[22]: Session 100004 created
  Jun  6 22:57:41 leo.myservername.net PasswordService[1024]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  Jun  6 22:57:41 leo.myservername.net PasswordService[1024]: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
  Jun  6 22:57:41 leo.myservername.net PasswordService[1024]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  Jun  6 22:57:41 leo.myservername.net PasswordService[1024]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
  Jun  6 22:57:41 leo.myservername.net PasswordService[1024]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
  Jun  6 22:57:41 leo com.apple.launchd[1] (com.apple.PasswordService[1024]): Exited with code: 1
  Jun  6 22:57:41 leo com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
  Jun  6 22:57:42 leo.myservername.net xscertd-helper[1028]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting
  Jun  6 22:57:42 leo com.apple.launchd[1] (com.apple.xscertd-helper[1028]): Exited with code: 1
  Jun  6 22:57:42 leo com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds
  Jun  6 22:57:45 leo.myservername.net xscertd[333]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.)
  Also, for what it's worth, "Open Directory" in the Server.app has no settings within it. Nor will it stay "on." I'm not using OD per se, and am happy to leave it off, but it's possible the errors above are preventing it from running.
  Thanks for any other solutions. —michael

• How to configura multiple ldap server to the sun access manager

  Hi,
  please help how to configure multiple ldap server to the sun access manager, for example access manager does't find the user in ldap1 then it should search in ldap2.
  Thanks
  Mouli

  There�s no need for deleting the default amSDK based datastore because it�s needed for some default accounts.
  You may try to create the datastore using the commandline (amadmin)
  Have a look /etc/opt/SUNWam/config/xml/idRepoService.xml
  You may also try to create amadmin account in the external ldap directory.
  (Un)fortunately i�ve never tried to remove the default datastore.
  -Bernhard