Netscape Directory Server closes LDAPS connection during SSL handshake

I'm trying to bind to a NDS 6.2 LDAP server over SSL using the 1.4.2_03 JNDI LDAP provider,
but I can't get past the initial TSL handshake: it throws a "Remote host closed connection
during handshake" exception. The JSSE FAQ mentions this as likely a problem with
protocol incompatibilities (e.g. SSL3 vs. TLS1), but I can't seem to force the LDAP provider
to use an older protocol to investigate this further.
Here are the environment parameters I'm passing
  java.naming.provider.url=ldap://ldaphost:636/o=foo,ou=bar 
  java.naming.security.principal=cn=foobar
  java.naming.security.credentials=password
  java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
  java.naming.security.authentication=simple
  java.naming.security.protocol=ssland the associated JSSE debug trace follows.
Any ideas? Do I need to create some custom socket factory to mess with protocols?
pch
================
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: C:\tools\jdk1.4.2\jre\lib\security\jssecacerts
trustStore type is : jks
init truststore
adding as trusted cert:
  Subject: [email protected], CN=Petes Bait and Tackle Class Z CA, O=Petes Bait and Tackle, L=Falls Church, ST=Virginia, C=US
  Issuer:  [email protected], CN=Petes Bait and Tackle Class Z CA, O=Petes Bait and Tackle, L=Falls Church, ST=Virginia, C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Thu Jun 24 13:24:27 EDT 2004 until Fri Jun 24 13:24:27 EDT 2005
init context
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1071325469 bytes = { 1, 25, 191, 168, 187, 165, 118, 46, 45, 64, 183, 165, 131, 120, 155, 107, 208, 170, 19, 80, 74, 234, 177, 118, 51, 83, 194, 158 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
[write] MD5 and SHA1 hashes:  len = 73
0000: 01 00 00 45 03 01 40 DB   21 1D 01 19 BF A8 BB A5  ...E..@.!.......
0010: 76 2E 2D 40 B7 A5 83 78   9B 6B D0 AA 13 50 4A EA  [email protected].
0020: B1 76 33 53 C2 9E 00 00   1E 00 04 00 05 00 2F 00  .v3S........../.
0030: 33 00 32 00 0A 00 16 00   13 00 09 00 15 00 12 00  3.2.............
0040: 03 00 08 00 14 00 11 01   00                       .........
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes:  len = 98
0000: 01 03 01 00 39 00 00 00   20 00 00 04 01 00 80 00  ....9... .......
0010: 00 05 00 00 2F 00 00 33   00 00 32 00 00 0A 07 00  ..../..3..2.....
0020: C0 00 00 16 00 00 13 00   00 09 06 00 40 00 00 15  ............@...
0030: 00 00 12 00 00 03 02 00   80 00 00 08 00 00 14 00  ................
0040: 00 11 40 DB 21 1D 01 19   BF A8 BB A5 76 2E 2D 40  ..@.!.......v.-@
0050: B7 A5 83 78 9B 6B D0 AA   13 50 4A EA B1 76 33 53  ...x.k...PJ..v3S
0060: C2 9E                                              ..
main, WRITE: SSLv2 client hello message, length = 98
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT:  fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()

My first suggestion is to find an log on de NDS server (maybe it states a reason for the closing the connection)
Otherwise use Ethereal to examen the trafic between the to machines. Maybe that helps.
Or check if the NDS wants 2-way authentication and is trying to get your certificate as wel.

Similar Messages

  • Weblogic server 5.1.0 with sp8 does not work with LDAP (Netscape Directory Server 4.12)

    I have weblogic server 5.1.0 with the sp8 running on Windows NT server 4.0.
    The weblogic server is configured to use LDAP realm (Netscape directory
    server 4.12).
    When I try to run weblogic server and I am getting the following errors:
    The WebLogic Server did not start up properly.
    Exception raised: java.lang.reflect.InvocationTargetException
    java.lang.reflect.InvocationTargetException: java.lang.ExceptionInInitialize
    or: weblogic.security.ldaprealm.LDAPRealmException: cannot connect to ldapse
    without a principal to authenticate as
    at weblogic.security.ldaprealm.LDAPDelegate.setupProperties(LDAPDele
    .java, Compiled Code)
    at weblogic.security.ldaprealm.LDAPDelegate.<clinit>(LDAPDelegate.ja
    83)
    at weblogic.security.ldaprealm.LDAPRealm.<init>(LDAPRealm.java:34)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Class.java:241)
    at weblogic.security.acl.Realm.getRealm(Realm.java:78)
    at weblogic.security.acl.Realm.getRealm(Realm.java:56)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1756)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    java.lang.ExceptionInInitializerError: weblogic.security.ldaprealm.LDAPRealm
    ption: cannot connect to ldapserver without a principal to authenticate as
    at weblogic.security.ldaprealm.LDAPDelegate.setupProperties(LDAPDele
    .java, Compiled Code)
    at weblogic.security.ldaprealm.LDAPDelegate.<clinit>(LDAPDelegate.ja
    83)
    at weblogic.security.ldaprealm.LDAPRealm.<init>(LDAPRealm.java:34)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Class.java:241)
    at weblogic.security.acl.Realm.getRealm(Realm.java:78)
    at weblogic.security.acl.Realm.getRealm(Realm.java:56)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1756)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    And here is the my ldaprealm.properties file
    netscape.server.host=localhost
    netscape.server.port=389
    netscape.server.ssl=false
    netscape.server.principal=uid=admin, ou=Administrators,
    ou=TopologyManagement, o=NetscapeRoot
    netscape.server.credential=password
    netscape.user.dn=ou=People, o=towers.com
    netscape.user.filter=(&(uid=%u)(objectclass=person))
    netscape.group.dn=ou=Groups, o=towers.com
    netscape.group.filter=(&(cn=%g)(objectclass=groupofuniquenames))
    netscape.membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquename
    s))
    By looking at the error message, it seems like the "server.principal" and
    "server.credential" info is not correct.
    But I was able to use the same Netscape Directory server with Welogic 5.1.0
    with sp4, although the ldaprealm.properties file has somewhat different
    format.
    Did anyone have similar problems with sp8?
    Thanks in advance for any suggestions.

    BEA support just gave me the solution.
    They told me to uncomment out the line
    server.alias=netscape
    in the ldaprealm.properties file
    And I am able to start weblogic with my NIS
    Thanks
    "Enrique" <[email protected]> wrote in message
    news:[email protected]...
    >
    Hi,
    Have you try to remove the "system" user on the LDAP server?
    Regards.
    "Honghai Zhang" <[email protected]> wrote:
    I have weblogic server 5.1.0 with the sp8 running on Windows NT server
    4.0.
    The weblogic server is configured to use LDAP realm (Netscape directory
    server 4.12).
    When I try to run weblogic server and I am getting the following errors:***************************************************************************
    The WebLogic Server did not start up properly.
    Exception raised: java.lang.reflect.InvocationTargetException
    java.lang.reflect.InvocationTargetException:
    java.lang.ExceptionInInitialize
    or: weblogic.security.ldaprealm.LDAPRealmException: cannot connect toldapse
    without a principal to authenticate as
    atweblogic.security.ldaprealm.LDAPDelegate.setupProperties(LDAPDele
    ..java, Compiled Code)
    atweblogic.security.ldaprealm.LDAPDelegate.<clinit>(LDAPDelegate.ja
    83)
    atweblogic.security.ldaprealm.LDAPRealm.<init>(LDAPRealm.java:34)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Class.java:241)
    at weblogic.security.acl.Realm.getRealm(Realm.java:78)
    at weblogic.security.acl.Realm.getRealm(Realm.java:56)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1756)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    java.lang.ExceptionInInitializerError:weblogic.security.ldaprealm.LDAPRealm
    ption: cannot connect to ldapserver without a principal to authenticate
    as
    atweblogic.security.ldaprealm.LDAPDelegate.setupProperties(LDAPDele
    ..java, Compiled Code)
    atweblogic.security.ldaprealm.LDAPDelegate.<clinit>(LDAPDelegate.ja
    83)
    atweblogic.security.ldaprealm.LDAPRealm.<init>(LDAPRealm.java:34)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Class.java:241)
    at weblogic.security.acl.Realm.getRealm(Realm.java:78)
    at weblogic.security.acl.Realm.getRealm(Realm.java:56)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1756)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)***************************************************************************
    And here is the my ldaprealm.properties file////////////////////////////////////////////////////////////////////////////
    netscape.server.host=localhost
    netscape.server.port=389
    netscape.server.ssl=false
    netscape.server.principal=uid=admin, ou=Administrators,
    ou=TopologyManagement, o=NetscapeRoot
    netscape.server.credential=password
    netscape.user.dn=ou=People, o=towers.com
    netscape.user.filter=(&(uid=%u)(objectclass=person))
    netscape.group.dn=ou=Groups, o=towers.com
    netscape.group.filter=(&(cn=%g)(objectclass=groupofuniquenames))
    netscape.membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquename
    s))////////////////////////////////////////////////////////////////////////////
    By looking at the error message, it seems like the "server.principal" and
    "server.credential" info is not correct.
    But I was able to use the same Netscape Directory server with Welogic5.1.0
    with sp4, although the ldaprealm.properties file has somewhat different
    format.
    Did anyone have similar problems with sp8?
    Thanks in advance for any suggestions.

  • Setup connection factory and topic in Netscape Directory Server

    I'm using Netscape Directory Server(NDS) and WLS5.1.
    What should I setup in the NDS in order to lookup the connection
    factory and topic in WLS?
    Thanks

    My first suggestion is to find an log on de NDS server (maybe it states a reason for the closing the connection)
    Otherwise use Ethereal to examen the trafic between the to machines. Maybe that helps.
    Or check if the NDS wants 2-way authentication and is trying to get your certificate as wel.

  • Weblogic server 10.3.5 error during SSL handshake

    Please some one help to figure the issue with following logs.
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33092690>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33095418>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33092490 SSL Version data invalid>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
    <16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
         at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
         at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    >
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33092690>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33095215 SSL Version data invalid>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
    <16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
         at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
         at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    >
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
    <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33095418>
    I just created domain with http and https ports. I installed an web app. When I am trying to access the app from browser through https the above error is occurring.
    Please somebody help me.
    Thanks in advance.
    SK

    This message indicates that the SSL connection is closed successfully. It is a warning message and normal to see in the logs when you enable the SSL debug flags. This is an expected behavior. If you see alerts when SSL debug is NOT ENABLED then it is a real alert and we need to take care of those issues. Also, it is not a real alert, it is a caught and handled exception from the certicom code which is not harmful and should be ignored, just because you have enabled the SSL debug flag. Once you turn it off, you won't see it in the logs.
    Edited by: sharmela on Jan 22, 2013 4:55 AM

  • Where to download "netscape directory server 4.11 or later"

    Hi, there,
    I just want to test some ldap functions on windows 2000. I find some guys said Netscape Directory Server 4.11 is a good choice. Where can I download a evaluation version? I can't find it on Netscape.
    Thanks.

    Just go to www.iplanet.com

  • Unable to use a custom security realm with Netscape Directory Server in WebLogic 7

    I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
    Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
    on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
    using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
    WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
    Admin Console again and clicked the Users node under my custom realm, I saw this
    message in the right-hand pane: "There are no Authentication providers available
    that support the creation of Users". Also, I don't see my custom realm in the
    dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
    What did I do wrong? Also, where does WebLogic store the custom security realm
    info? It is definitely not in config.xml.
    Thanks,
    Eric Ma

    Thanks for the info.
    I wonder when they will fix it.
    Jakub
    U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
    news:[email protected]..
    >
    According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
    displying users and groups defined in Netscape Directory Server.
    Eric Ma
    "Jakub Wroniszewski" <[email protected]> wrote:
    I have the same problem.
    Any new ideas?
    Rgds,
    Jakub
    U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
    news:[email protected]..
    Now I doubt my custom security realm is actually using the NetscapeDirectory Server
    as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
    the Users node displays all users in the LDAP server, in WebLogic 7I keep
    getting
    the message "There are no Authentication providers available that
    support
    the
    creation of Users." Any suggestions?
    "Eric Ma" <[email protected]> wrote:
    Never mind. I tried again by following the steps outlined at
    http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
    l
    oper.interest.security&item=8463&utag=
    and it seemed to have worked for me.
    "Eric Ma" <[email protected]> wrote:
    I have all users and groups stored in a Netscape LDAP server (version
    4.1.6 on
    Solaris 8), so I want to create a custom security realm in WebLogic7
    (also run
    on Solaris 8) which uses my LDAP server as the Authenticator. I
    tried
    this by
    using the Admin Console and followed exactly the steps in Chapter3
    of
    the "Managing
    WebLogic Security" doc. However, when I rebooted WebLogic and logged
    into the
    Admin Console again and clicked the Users node under my custom realm,
    I saw this
    message in the right-hand pane: "There are no Authentication
    providers
    available
    that support the creation of Users". Also, I don't see my customrealm
    in the
    dropdown list under mydomain -> Security tab -> General tab ->
    Default
    Realm.
    What did I do wrong? Also, where does WebLogic store the customsecurity
    realm
    info? It is definitely not in config.xml.
    Thanks,
    Eric Ma

  • EAP-TLS or PEAP authentication failed during SSL handshake to the ACS serve

    We are running the LWAPP (2006 wlc's and 1242 AP's) and using the ACS 4.0 for authentication. Our users are
    experiencing an issue, where they are successfully authenticated the first time, however as the number of them is increasing, they're starting to drop the connections and being prompted to re-authenticate. At this point, they are not being able to authenticate again.
    We're using PEAP for the authentication and Win XP SP2 clients as the supplicants. The error message that we are seeing on the ACS for that controller is "EAP-TLS or PEAP authentication failed during SSL handshake to the ACS server"...Not sure if this error msg is relevant since we have other WLC's that are working OK and still generating the same error msg on the ACS...
    Thanks..

    Here are some configs you can try:
    config advanced eap identity-request-timeout 120
    config advanced eap identity-request-retries 20
    config advanced eap request-timeout 120
    config advanced eap request-retries 20
    save config

  • Migrating Netscape Directory Server 4.1 to a new server

    Hi,
    In the current production environment, we are using Netscape Directory Server 4.1 as the authentication with Siebel CRM system. The server hardware is old and there is a need to refresh the server. As Netscape Directory Server is the only supported/ certified LDAP with embedded functionalities in Siebel Financial Services 6.0.2.300, we are planning to upgrade only the server hardware and migrate all the user information from old server and the new one, with Netscape Directory Server 4.1 remained.
    I have studied the Netscape Directory Server 4.1 Deployment Guide and gone through the migration procedures, looks like the procedures are only applicable for migrating Netscape Directory Server to a newer version. There are no specific procedures mentioned for migrating Netscape Directory Server to the new server hardware with the same directory server version.
    I am seeking for detailed procedures of migrating Netscape Directory Server 4.1 to a new server hardware with the same directory server. Anyone has done this migration before? I thank you in advance for your valuable feedback.
    Sincerely,
    Julie

    Luckily, I have the technical documentation in hand, which contains all the configuration of the current server. So I need to use "db2ldif" to export the data. I am currently testing on the migration by following these steps:
    1. Install the new server.
    2. Stop the Netscape Directory Server and Netscape Administration Server services in old server.
    3. Copy the slapd-<server_name> folder from old server to a temp location of new server.
    4. Take the old server offline.
    5. Configure new server to have the exact configuration as the old server.
    6. Backup the existing slapd-<server_name> folder in new server, copy the slapd-<server_name> folder from the temp location to C:\Netscape\Server4 directory of new server.
    7. Start the Netscape Directory Server and Netscape Administration Server services in new server.
    Will try out your suggested method. Thank you so much for your feedback.
    Regards,
    Julie

  • Directory server and ldap TLS on windows platform

    Any body, tested "sun directory server" and "ldap tls" on windows platform"??? cause I tried it, and I cant established a secure connection. On other platform, and I speack about solaris 9, evry thing is ok. Some comments??

    It's a rather unusual way to use attribute subtypes. You may be able to do something with the mapping engine in DPS - I'll wait for Sylvain or someone else who knows DPS really well to answer that. But from the perspective of the information model, I have some doubts about this approach. For instance, what happens if you have multiple subtypes on a single-valued attribute?
    Usually, for example, if there is a "preferred" common name as opposed to some other common names, it would be modeled in an entirely different attribute type, such as "preferredName". The subtypes are almost exclusively used for language specification nowadays. That's another question - what happens if you ever need to store multiple languages in your Directory?
    Do you know of anyone else who is using this kind of information model in their Directory?

  • Weblogic Integration with Netscape Directory Server - Help URGENT

     

    Prashant,
    Yes, I did. Did you copy the ldaprealm.properties to the same place as where
    your weblogic.properties is located by default. The original sample file is
    located in examples/....directory. After your changes are made copy the file
    to c:/weblogic directory.
    Hope this helps.
    -Sunil .K
    Prashanth <[email protected]> wrote in message
    news:[email protected]...
    Hi,
    Can anyone who's tried using the LDAPRealm to talk to Netscape Directory
    Server 4.1tell me exactly what are the steps that one needs to follow toset
    this up:
    1. Changes in the ldaprealm.properties file
    2. Changes in the weblogic.properties file
    3. Changes on NDS side, if any
    Erorr I am getting:
    Thu Jun 29 10:24:53 EDT 2000:<I> <System Props> weblogic.class.path =
    d:\weblogi
    c\lib\weblogic510sp3.jar;d:\weblogic\license;d:\weblogic\classes;d:\weblogic
    \mys
    erver\serverclasses;d:\weblogic\lib\weblogicaux.jar
    Thu Jun 29 10:24:53 EDT 2000:<I> <System Props> weblogic.system.home =
    d:\weblog
    ic
    Thu Jun 29 10:24:53 EDT 2000:<I> <WebLogicServer> Loaded License :
    D:/weblogic/l
    icense/WebLogicLicense.xml
    Thu Jun 29 10:24:53 EDT 2000:<I> <WebLogicServer> Server loading from
    weblogic.c
    lass.path. EJB redeployment enabled.
    java.io.FileNotFoundException: ldaprealm.properties (The system cannotfind
    the
    file specified)
    at java.io.FileInputStream.open(Native Method)
    at java.io.FileInputStream.<init>(FileInputStream.java, Compiled
    Code)
    at
    weblogic.security.internal.RealmProperties.getProperties(RealmPropert
    ies.java:37)
    at
    weblogic.security.internal.RealmProperties.<init>(RealmProperties.jav
    a:20)
    at
    weblogic.security.ldaprealm.LDAPDelegate.configureProps(LDAPDelegate.
    java:78)
    at
    weblogic.security.ldaprealm.LDAPDelegate.<init>(LDAPDelegate.java:198
    at weblogic.security.ldaprealm.LDAPRealm.<init>(LDAPRealm.java:35)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Class.java:241)
    at weblogic.security.acl.Realm.getRealm(Realm.java:79)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1744)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:825)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    --------------- nested within: ------------------
    weblogic.security.ldaprealm.LDAPException: ldaprealm.properties notfound -
    with
    nested exception:
    [java.io.FileNotFoundException: ldaprealm.properties (The system cannot
    find> the>  file specified)
    at
    weblogic.security.ldaprealm.LDAPDelegate.configureProps(LDAPDelegate.
    java:82)
    at
    weblogic.security.ldaprealm.LDAPDelegate.<init>(LDAPDelegate.java:198
    at weblogic.security.ldaprealm.LDAPRealm.<init>(LDAPRealm.java:35)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Class.java:241)
    at weblogic.security.acl.Realm.getRealm(Realm.java:79)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1744)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:825)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    The WebLogic Server did not start up properly.
    Exception raised: java.lang.reflect.InvocationTargetException
    java.lang.reflect.InvocationTargetException: java.lang.IllegalAccessError:
    weblo
    gic.security.ldaprealm.LDAPException: ldaprealm.properties not found -with
    nest
    ed exception:
    [java.io.FileNotFoundException: ldaprealm.properties (The system cannot
    find> the>  file specified)
    at weblogic.security.acl.Realm.getRealm(Realm.java:86)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1744)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:825)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    java.lang.IllegalAccessError: weblogic.security.ldaprealm.LDAPException:
    ldaprea
    lm.properties not found - with nested exception:
    [java.io.FileNotFoundException: ldaprealm.properties (The system cannot
    find> the>  file specified)
    at weblogic.security.acl.Realm.getRealm(Realm.java:86)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1744)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:825)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    WebLogic Server terminated with an abnormal condition of 1
    Hit return to continue...>>>>>>>>>

  • Differences between SunONE, iPlanet and Netscape Directory Server

    What are the differences between SunONE, iPlanet and Netscape Directory Server?
    When I go to docs.sun.com - Products Categories, I saw that they've documentation regarding with SunONE, iPlanet, Netscape Directory Server listed under Directory Server.
    I know that they're all different directory server, but is it one newer than other? If I'm not wrong, I assumed that Netscape transformed into iPlanet, and then from iPlanet, it transformed to SunONE. If that is the case, is that mean that all of it's console and how it works should be very similar?
    Thanks!

    That is exactly what I thought.
    so when people refer SunONE Directory Server 5.1, then that's mean iPlanet Directory Server 5.1, right?
    Because I'm looking at Solaris 9's specification and it mentioned that it bundled with SunONE Directory Server 5.1.
    Thanks for answering my question! :)

  • Getting Server Admin to connect over SSL

    According to the help provided with Server Admin:
    "By default, Server Admin treats all communications with remote servers as encrypted
    using SSL. This uses a self-signed 128-bit certificate installed in /etc/servermgrd/ssl.crt
    when you install the server. Communications use HTTPS (port 311). If this option isn’t
    possible, HTTP (port 687) is used and clear text is sent between Server Admin and the
    remote server."
    How do I know that Server Admin is connecting using SSL. I have port 311 open on my router and the server firewall, but when I connect to the server using the localhost name of the server, it saves the password in the keychain as "http://myserver.local".

    um... interesting
    sudo lsof -i -P
    should show you that servermgr is talking, who to, and on which port.
    however on my 10.5.1 server, it does not show as connected. I checked on 10.4 servers and it works as expected.

  • EAP-TLS or PEAP authentication failed during SSL handshake

    Hi Pros,
                   I am a newbie in the ACS 4.2 and EAP-TLS implementation, with that being said. I face an issue during a EAP-TLS implementation. My search shows that this kind of error message is already certificate issue;However, I have deleted and recreated the certificate in both ACS and the client with the same result. I have deleted and re-install the certchain as well.
    When I check my log in the failed attemps, there is what I found:
    Date
    Time
    Message-Type
    User-Name
    Group-Name
    Caller-ID
    Network Access Profile Name
    Authen-Failure-Code
    Author-Failure-Code
    Author-Data
    NAS-Port
    NAS-IP-Address
    Filter Information
    PEAP/EAP-FAST-Clear-Name
    EAP Type
    EAP Type Name
    Reason
    Access Device
    Network Device Group
    06/23/2010
    17:39:51
    Authen failed
    000e.9b6e.e834
    Default Group
    000e.9b6e.e834
    (Default)
    EAP-TLS or PEAP authentication failed during SSL handshake
    1101
    10.111.22.24
    25
    MS-PEAP
    wbr-1121-zozo-test
    Office Networ
    06/23/2010
    17:39:50
    Authen failed
    [email protected]
    Default Group
    000e.9b6e.e834
    (Default)
    EAP-TLS or PEAP authentication failed during SSL handshake
    1098
    10.111.22.24
    25
    MS-PEAP
    wbr-1121-zozo-test
    Office Network
    [email protected] = my windows active directory name
    1. Why under EAP-TYPE it shows MS-PEAP not EAP-TLS? I did configure EAP-TLS....
    2. Why sometimes it just shows the MAC of the client for username?
    3. Why  it puts me in DEFAULT-GROUP even though i belongs to a group well definy in the acs?
    2. Secondly, When I check in pass authentications... there is what i saw
    Date
    Time
    Message-Type
    User-Name
    Group-Name
    Caller-ID
    NAS-Port
    NAS-IP-Address
    Network Access Profile Name
    Shared RAC
    Downloadable ACL
    System-Posture-Token
    Application-Posture-Token
    Reason
    EAP Type
    EAP Type Name
    PEAP/EAP-FAST-Clear-Name
    Access Device
    Network Device Group
    06/23/2010
    17:30:49
    Authen OK
    groszozo
    NOC Tier 2
    10.11.10.105
    1
    10.111.22.24
    (Default)
    wbr-1121-zozo-test
    Office Network
    06/23/2010
    17:29:27
    Authen OK
    groszozo
    NOC Tier 2
    10.11.10.105
    1
    10.111.22.24
    (Default)
    wbr-1121-zozo-test
    Office Network
    In the output below, it says that the user is authenticate and it puts the user in the right group with the right username, but the user never really authenticate. Maybe for the first few seconds when I initiate the connection.
    Before I forget, the suppliant is using WIN XP and 802.1x is enable. I even uncheck not verify the server and the ACS under External User Databases, I did  check ENABLE EAP-TLS machine authentication.
    Thanks in advance for your help,
    Crazy---

    Any ideas on this guys?? In my end, i've been reading some docs... Things started to make sens to me, but I still cannot authenticate, still the same errors. One more thing that catch my  attention now is the time it takes to open a telnet session to cisco device which has the ACS for auth server.
    My AD(Active Direct) and the ACS server are local same subnet(server subnet). Ping to the ACS from my desktop which is in different subnet is only take 1ms. To confirm that the issue is the ACS server, I decided to use another server in remote location, the telnet connection is way faster than the local ACS.
    Let's brain storm together to figure out this guys.
    Thanks in advance,
    ----Paul

  • EAP-TLS or PEAP authentication failed during SSL handshake error

    I have 2 Windows 2003 ACS 3.2 servers. I am in the process of upgrading them to ACS 4.0. I am using them for WPA2/PEAP wireless authentication in a WDS environment. I recently upgraded one to ACS 4.0 and ever since that time some (not all) of my Windows XP clients have started to not be authenticated and logging the error "EAP-TLS or PEAP authentication failed during SSL handshake" on the ACS 4.0 server. During the upgrade (which was successful) I did change the Certificate since the current one was going to expire November 2007.
    The clients that do not authenticate on the ACS 4.0 server I can point to the ACS 3.2 server and they successfully authenticate there. I am able to resolve the issue by recreating the Windows XP PEAP profile for the wireless network and by getting a new client Cert. But, I have a couple of questions:
    Is the "EAP-TLS or PEAP authentication failed during SSL handshake" error due to the upgrade to ACS 4.0 or to the fact that I changed the Certificate, or both?
    Can this error ("EAP-TLS or PEAP authentication failed during SSL handshake") be resolved without me touching every Windows XP client (we have over 250+)?
    Thanks for the help

    My experience suggests that the problem is the certificate.
    I'm running ACS 3.3.
    I received the same error message when my clients copied the certificate to the wrong location, or otherwise did not correctly follow the provided instructions.
    Correctly following the instructions led to a successful connection and no more error message.

  • Error during SSL handshake

    Hi,
    I am getting the "Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" error during SSL handshake.
    I am implementing SSL authentication in custom JCA adapter. I have the keypairs in the DEFAULT view in keystorage and the public key of server in services_ssl view. I am able to access the certificated by doing a looklup. Below is the implementation
    KeystoreManager manager = (KeystoreManager)ctx.lookup("keystore");
    trustKeyStore = manager.getKeystore("service_ssl");
    keyStore = manager.getKeystore("DEFAULT);
    KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
    KeyManagerFactory.getDefaultAlgorithm());
    kmfactory.init(keyStore, null);
    KeyManager[] kmanager= kmfactory.getKeyManagers();
    TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
    TrustManagerFactory.getDefaultAlgorithm());
    tmfactory.init(trustKeyStore);
    TrustManager[] trustmanagers = tmfactory.getTrustManagers();
    SSLContext sslcontext = SSLContext.getInstance("SSL");
    sslcontext.init(keymanagers, trustManagers, null);
    I am able to get the contents of DEFAULT view and services_ssl view. When i try to connect to the server using httpClient.executeMethod() i am getting the below.
    Is this the correct way to initialize the SSL context? Any info on this will be really helpful.
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
         at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:618)
         at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:502)
         at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
         at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
         at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:395)
         at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
         at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
         at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
         ... 10 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
         at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
         at sun.security.validator.Validator.validate(Validator.java:203)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
         at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
         ... 27 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
         at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
         at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
    Thanks

    You need to re-add the host using the mkhost command, that will rewrite the wallet for you.
    Thanks
    Rich

Maybe you are looking for

  • In our application we have CV Builder and after submit we want to show in  pdf format.

    In our application we have CV Builder and after submit we want to show in  pdf format. this is html page and we want to create pdf after click on Submit. Please provide Solution as soon as possible.

  • Inappropriate mouse event coordinates in the WebKit of HTMLLoader/StageWebView

    Hi, We have a desktp application which incorporates an HTMLRichTextEditor (implemented in HTML/JS and loaded into AIR). We have run into a big problem with text selection though. It seems that the both the HTMLLoader and the StageWebView are passing

  • One Temp Tablespace vs 2 Temp Tablespaces in a Group

    I run a massive group by that generally takes up about 325GB of temp and on the system that it works on I have 1 tablespace this size that it works on, but I'm building a new system that has my Temp tablespaces on much faster disks, but I was trying

  • How do get back to 7.2 from 7.3.1

    Hi all,First time post. I as well hate the new 7.3.1 they way the albums are listed is horrible. I want to go back to the world of 7.2. I wish I had read the posts before i updated. I tried to convert. I went to my H.D. Library/and moved I tunes to t

  • Help with Security Scenario

    Hi, I have a security scenario I am hoping someone can me help with. Right now a user is authorized to "Sales Office" 100 only.  In the below scenario I need the user to be able to: 1. See Transactions where the "Sales Office" is 100 2. See Transacti