OAM - Identity Server Cache Flush to Access Server

Similar Messages

• OAM Identity Server user search is very slow after upgrading to 10.1.4.2

  We recently upgraded Identity-Server from 7.0.4 to 10.1.4.2 + BP10. The new webpass (version 10.1.4.2) is on iPlanet webserver, which does not have any bundled patch available. After this upgrade, we found the user search is very slow. It is taking double the time compare to version 7.0.4. The search performance for NetPoint admin users is fine.
  The new version is connecting to the same LDAP (Sun 5.2) as the old one. The 7.0.4 version was well tuned (like Ldap connections, caching, etc) for the performance. The migration suppose to carryover those performance configuration to the new version. Is there any new parameter (related to performance) I should look for in version 10 ? Anybody have faced these issues after migration and found a fix for it ?
  Thanks!
  Kabi

  More in this thread - Re: OAM- "You do not have sufficient access rights" message with Master Adm
  -Vinod

• Starting Identity Server

  Hi,
  I have installed (windows) OAM Identity Server (on port 6022). And I also installed an OHS Web Pass. OAM installer says that I need to access Identity Server(?) on http://machine:port/identity/oblix to configure it. I tried with both the machines... web pass as well as identity server, but see a blank page (using both port 80 and 6022). I restarted the identity server service and ensure that it is up. Please help me to access the identity server console.
  Thanks

  Jeremy,
  What is the version of IDM you are trying to install/run? Also, what is "Web Server 6.0SP5"? Is that the Sun Web server?
  You may want to check if the version of IDM you are trying to install is supported on the version of web server you are installing on.
  ~Suvesh

• Getting error in starting identity server and access server in OAM

  Hi all,
  Am new to OAM . now am try to do sso for two different resources . i completed installations but now the error is the while starting the identity server the error is "*oracle access manager identity server services on local computer started and then stopped .some services stop automatically if they have no work to do , for example, the performance logs and alters service* ". and while starting access server the error is "*could not start the oracle access manager access server service on local computer. error 1067: the process terminated unexpectedly* " any one please give me solution for this error

  Hi Pokuri,
  Perhaps the Identity Server's oblog.log file has some helpful information in it. One possibility: is the ldap server that the Identity Server uses up and running (and visible on the network)?
  Regards,
  Colin

• WebPass communication to access server and identity server failing

  I have Identity server installed on Windows and WebPass on IIS web server. When I go to http://hostname:port/identity/oblix/ and http://hostname:port/access/oblix/the default page shows up. But when I click on the Identity System Console link, it Hangs. This behaviour has occured today although the things were working fine prior for a long time. I have checked the webpass logs but nothing specific to the problem is coming.

  Hi Colin,
  There is an activity on the server,as the processing goes on after entering credentials and there is no blank page. I have put on HTTP Headers
  and there result is
  POST /identity/oblix/apps/admin/bin/front_page_admin.cgi?pluginName=front_pageadmin&program=commonLogin&returnUrl=..%2F..%2F..%2F..%2F..%2Faccess%2Foblix%2Fapps%2Fadmin%2Fbin%2Ffront_page_admin.cgi%3FloginTry%3D1%26pluginName%3Dfrontpage_admin&backUrl=..%2F..%2F..%2F..%2F..%2Faccess%2Foblix%2Fapps%2Fadmin%2Fbin%2Ffront_page_admin.cgi HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, */*
  Referer: http://10.1.9.4/identity/oblix/apps/admin/bin/front_page_admin.cgi?program=commonLogin&returnUrl=..%2F..%2F..%2F..%2F..%2Faccess%2Foblix%2Fapps%2Fadmin%2Fbin%2Ffront_page_admin.cgi%3FloginTry%3D1%26pluginName%3Dfrontpage_admin&backUrl=..%2F..%2F..%2F..%2F..%2Faccess%2Foblix%2Fapps%2Fadmin%2Fbin%2Ffront_page_admin.cgi
  Accept-Language: en-us
  Content-Type: application/x-www-form-urlencoded
  UA-CPU: x86
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; FDM; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  Host: 10.1.9.4
  Content-Length: 104
  Connection: Keep-Alive
  Cache-Control: no-cache
  I have tried to access from different browsers and different machines,but the prblem remains same.

• OAM : Which identity server is used by Password Policy?

  Hi,
  The OAM setup has two identity servers (ois1, ois2), two webpass (wp1, wp2) on two web servers. wp1 is pointing to ois1 only and wp2 is pointing to ois2.
  We have two sets of Policy manager, Access server and WebGate. wg1 is pointing to aaa1 and wg2 is pointing to aaa2.
  Now, when a user tries to access a OAM webgate protected page and the password policy gets applied, do the identity server comes into picture? if yes, which identity server is used here, ois1 or ois2?
  I want to use ois1 for all the requests coming to webserver with wg1. How do I do it?
  Thanks in advance.

  Hi Colin,
  Thanks for your reply.
  The reason I put this question was - in a scenario when I dont have Access Server (any access component), then also Password Polices work. So, I understand identity server is used here. When we have access side components, what makes OAM not to use identity server at all. Or is it the feature of OAM - when the accessed resource is ptotected by WebGate the Password policies are taken care of by Access Server, otherwise by identity server or is it because of the 'obReadPasswdMode' and 'obWritePasswdMode' in the authentication scheme?
  I stopped my identity server and I saw the password policy working - so I know the behavior; still asking the above question for my better understanding of OAM.
  Thanks for your help!

• Page Not Found error when accessing the Identity server console

  Hi,
  I have installed the Sun One Portal Server.
  when i access the URL for Identity server, i am getting Page not Found exception.
  Any suggestions, why this problem could occur.
  Regards,
  Mukta

  First the obvious: Restart the Webserver/Application Server
  Did you choose "Configure Later"?
  Is amconsole/amserver/... really deployed? You can see this in the Admin web interface of the server.
  Do you see anything in the logfiles?
  Chris

• Page not found error while accessing Identity server console(Error Code:50)

  Hi Guys,
  Whenever I am trying to access the admin console of Identity server I am getting Page not found error. I believe some configuration must be missing for which I am getting this error. I am accessing the URL through following URL
  http://<Portal Server Fully Qualified Domain Name>/amconsole
  Please Help me if anybody has come across this problem

  Hi,
  First of all,check your install logs.
  Most likely you should find errors like the following
  "cannot access /usr/jdk/ent2se "
  "/usr/jdk/bin/jar" not found etc.
  In these cases the problem is the JDK version.
  Install the latest version of JDK and make sure that
  /usr/bin/java points to the installed JDK version.
  HTH,
  Ramnath

• Identity Server - orcladmin access rights

  Hi,
  I have created the identity server which points to the directory server and have marked orcladmin as the master administrator. When I login into the Identity Server using the orcladmin user and try to create users, the message Insufficient Access Rights is displayed in red. Any idea why this might be happening.
  TIA
  Rgds..VJ

  Thanks..Working now
  Just one basic question - Are these workflows configured as per the role given e.g. create user basic profile is tagged to the identity administrator role ? So can we configure only a predefined set of workflows which automatically get mapped to the roles available ?
  Tks...VJ

• PasswordGenerator for a user after Self Registration in Identity Server-OAM

  Hi,
  I want to have a logic such that, when a user is created through a self registration page, the userPassword attribute should be automatically generated for him and it should be sent as a mail notification to him.
  Please provide some solution that whether this can be done in Identity Server or not and how to do it ?
  Regards.

  Reading the documentation, it sounds to me like if you have either an Accessgate, or a webpass protected by a webgate, then yes, this can be done.

• URGENT: OAM 10g server and webgate certificates query

  Hi experts,
  There is an OAM 10g environment. OAM Access Server and Identity Server is installed and up and running. OAM servers are in CERT mode. So to install webgates residing in different machines from OAM servers, can we use the same OAM Access Server certificates for WebGate certificate while installing WebGate?
  Thanks
  IDM Team.
  Edited by: 898990 on Mar 13, 2013 1:38 PM

  Figured it out. The OAM proxy (AccessServerConfigProxy @port 5575) for 10g webgates was configured to listen in cert mode. I had to switch it to open mode. Not sure how it got switched, but got the webgate install going for now. Thanks.

• Error in OAM Identity and Access Servers login pages

  Hi All,
  I am trying to install OAM I completed all installations . But now am getting error as invalid "*Invalid credential*". IS there any process to know what the userid and password for the both Identity and Access Servers . Please tell me if there is any process. It very helpful to me .
  Thank u & Regards
  Pokuri

  Hi Pokuri,
  Could be that the searchbase is wrong, so that OAM is not finding the user whose credentials you are entering. Or, maybe OAM is using a different attribute as the login attribute (for example, you could be entering the cn when OAM is expecting the uid).
  Try binding to ldap with another utility (such as ldapbind or ldapsearch) to see if this gives any indications. You may need to reconfigure the Identity Server to verify/correct the searchbase (for this, follow note 730376.1) and to check which attribute has the "Login" semantic type in OAM.
  Regards,
  Colin

• Identity Server Cookie not found

  Hi all.
  Iam getting a cookie related error message when trying to access a protected web application;
  sequence :
  When i type in the url of my web application, as obvious, i was redirected to my identity login page.
  I also get the this error message ;) in my amAgent log :
  "2003-07-31 12:22:13.832 Warning 7048:d1168 PolicyAgent: Identity Server Cookie not found"
  To add something to this cookie issue:
  when i get authernticated from my identity server, i was successfuly redirected to my web application; but if i invoke any web resource or link, buttons .... - trigger any event, i was thrown way to the login page of the web application - if i login again in my web app, i go to the last page that i was accessing;
  I guess all this funny thing happens because of the cookie, which is missing.
  anyone have an idea, what this cookie is? and what should be done to fix it?
  regards
  Kumar

  Sorr for so many people faced the sam or similar issues. I just joined this support a short while. If you think any old problem which is still critical to you, please repost. We shall try our best to give you assistance. Jerry
  Here are some of tips for debugging Web agent.
  From the AMAgent.properties, are both IIS and AM are in the same domain? If they are not, then you need to use CDSSO. Also please check in AM, under "Service Configuration-> Platform -> Cookie Domains" , whether cookie is set for the entire domain which includes AM and IIS ("test.com") or just the AM machine name.
  Also check whether correct value for "Agent-Identity Server Shared Secret" is entered. This should be your internal ldap password (amldapuser). In the AMAgent.properties for the below property the password will be encrypted and assigned: "com.sun.am.policy.am.password".
  Could you also check if the Identity servver and the IIS web server are time synchronized. The problem may be that agent requests policy decisions and the response from server may be timed out due to non-syncrhonized clock.
  Don't forget to restart the whole IIS service using internet
  management console after making agent changes.
  Some of the common error codes:
  20: Application authentication failed. This occurs when Agent cannot sucessfully authenticate with Identity Server. This is mainly due to incorrect password for agent entered during agent installation. Please refer to another faq describing how to change password.
  7: Policy not found. This error occurs typically if there are no policies defined on Identity server for the given web server URL. Otherwise, there may be time skew between Identity Server and Agent. So, polices fetched from Identity Server is instantly flushed by Agent and attempted to refetch over and over again. This can be solved by running rdate or similar command to synchronize time between the two machines. It is recommended to run NNTP server syncrhonize times between your Identity systems.

• Custom Authentication Module on Identity Server

  Hi,
  I have a custom authentication module which I am trying to access through the policy agent.
  I have set the following property in AMAgent.properties file
  com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login?module=CustomLoginModule.
  My login module code is something like this:
  package com.iplanet.am.samples.authentication.providers;
  import java.util.*;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.Callback;
  import javax.security.auth.callback.NameCallback;
  import javax.security.auth.callback.PasswordCallback;
  import javax.security.auth.login.LoginException;
  import com.sun.identity.authentication.spi.AMLoginModule;
  import com.sun.identity.authentication.spi.AuthLoginException;
  import java.rmi.RemoteException;
  import java.io.FileInputStream;
  import java.util.Properties;
  public class LoginModule1 extends AMLoginModule
  private String userName;
  private String userTokenId;
  private HashMap usersMap;
  private java.security.Principal userPrincipal = null;
  public LoginModule1() throws LoginException
  public void init(Subject subject, Map sharedState, Map options)
            System.out.println("LoginModule1 initialization");
            usersMap = new HashMap();
            ResourceBundle bundle = ResourceBundle.getBundle("users");
            Enumeration users = bundle.getKeys();
            while (users.hasMoreElements())
                 String user = (String)users.nextElement();
                 String password = bundle.getString(user.trim());
                 usersMap.put(user, password);
  public int process(Callback[] callbacks, int state) throws AuthLoginException
            int currentState = state;
            if (currentState == 1)
                 userName = ((NameCallback) callbacks[0]).getName().trim();
                 char[] passwd = ((PasswordCallback) callbacks[1]).getPassword();
                 String passwdString = new String (passwd);
                 if (userName.equals(""))
                      throw new AuthLoginException("names must not be empty");
                 if (userName.equals("testuser") && passwdString.equals("testuser"))
                      userTokenId = userName;
                      return -1;
                 if (usersMap.containsKey(userName))
                      if (usersMap.get(userName).equals(new String(passwd)))
                           userTokenId = userName;
                           return -1;
                 return 0;
       public java.security.Principal getPrincipal()
            if (userPrincipal != null)
                 return userPrincipal;
            else
            if (userTokenId != null)
                 userPrincipal = new SamplePrincipal("testuser");
                 return userPrincipal;
            else
                 return null;
  So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication does not succeed and I get the following error message in the agent log file.
  2004-08-09 15:24:08.640 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:09.030 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:23.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
  2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:29.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
  2004-08-09 15:24:29.499 128 2712:24fda5e8 RemoteLog: User unknown was denied access to http://ps0391.persistent.co.in:80/test/index.html.
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
  2004-08-09 15:24:29.499 -1 2712:24fda5e8 PolicyAgent: validate_session_policy() access denied to unknown user
  The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
  Thanks
  Srinivas

  Does the principal "testuser" exist in your realm? If I understand your module correctly, it looks like it always returns "testuser".
  I am guessing that Access Manager is not finding your principal. Typically if access manager cannot associate the principal returned by the custom AMLoginModule it will fail the authentication.
  I am wondering if this is related to a seperate problem I have seen with custom login modules. Try chaning the code to return an LDAP style principal it may work:
  so return "uid=testuser,ou=People,dc=yourdomain,dc=com" for example. In theory this should not be necessary but it solved some problems for me, though I am not sure why.

• Identity Server has not been configured for this new user/group suffix

  Hi all
  I am having a problem trying to configure the Directory Server (5.2) for Messaging Server.
  My configuration is as follows:
  SJES Q12005
  Server 1 - Directory Server 5.2
  Server 1 - Access Manager (formerly Identity Server)
  Server 1 - Web Server 6.1
  I have successfully installed the above and can login to Access Manager.
  I next installed Calendar & Messengar Server on "Server 1". Upon running "comm_dssetup.pl" from /opt/SUNWcomds/sbin, I get the following error:
  "Identity Server has not been configured for this new user/group suffix"
  Copy and paste of what I entered:
  bash-2.05# perl comm_dssetup.pl
  Welcome to the Directory Server preparation tool for
  Sun Java(tm) System communication services.
  (Version 6.3 Revision 1.0)
  This tool prepares your directory server for use by the
  communications services which include Messaging, Calendar and their components.
  The logfile is /var/tmp/dssetup_20050830165940.log.
  Do you want to continue [y]:
  Please enter the full path to the directory where the Sun ONE
  Directory Server was installed.
  Directory server root [var/opt/mps/serverroot] : /opt/mps/serverroot
  Please select a directory server instance from the following list:
  [1] slapd-sunldap
  Which instance do you want [1]:
  Please enter the directory manager DN [cn=Directory Manager]: cn=DirMan
  Password:
  Detected DS version 5.2
  Will this directory server be used for users/groups [Yes]:
  Please enter the Users/Groups base suffix [dc=samplecompany-dev,dc=co,dc=uk] : ou=infrastructure,o=sampletown,dc=samplecompany-dev,dc=co,dc=uk
  There are 3 possible schema types:
  1 - schema 1 for systems with iMS 5.x data
  1.5 - schema 2 compatibility for systems with iMS 5.x data
  that has been converted with commdirmig
  2 - schema 2 native for systems using Identity Server
  Please enter the Schema Type (1, 1.5, 2) [1]: 2
  Identity Server has not been configured for this new user/group suffix
  You can opt to continue, but you will not be able to use
  features that depend on Identity Server
  Are you sure you want this schema type? [n]:
  I have entered my user group suffix exactly as specified during the Access Manager install (hence I am able to login as "amadmin").
  Looking at the LDAP logs to try and figure out whats going wrong I see its not getting hits on all searches it is performing:
  [30/Aug/2005:16:41:18 +0100] conn=299 op=159 msgId=161 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
  dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(obj
  ectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscape
  Resource)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:18 +0100] conn=299 op=159 msgId=161 - RESULT err=4 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:18 +0100] conn=299 op=160 msgId=162 - ABANDON targetop=NOTFOUND msgid=161
  [30/Aug/2005:16:41:18 +0100] conn=299 op=161 msgId=163 - SRCH base="ou=people,ou=infrastructure,o=northampton,dc=dataforce-de
  v,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(objec
  tClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscapeRe
  source)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:18 +0100] conn=299 op=161 msgId=163 - RESULT err=0 tag=101 nentries=0 etime=0
  [30/Aug/2005:16:41:18 +0100] conn=299 op=162 msgId=164 - SRCH base="ou=clientdata,ou=infrastructure,o=northampton,dc=dataforc
  e-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(o
  bjectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netsca
  peResource)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:18 +0100] conn=299 op=162 msgId=164 - RESULT err=0 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:18 +0100] conn=299 op=163 msgId=165 - ABANDON targetop=NOTFOUND msgid=164
  [30/Aug/2005:16:41:20 +0100] conn=299 op=164 msgId=166 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
  dev,dc=co,dc=uk" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates ref aci"
  [30/Aug/2005:16:41:20 +0100] conn=299 op=164 msgId=166 - RESULT err=0 tag=101 nentries=41 etime=0
  [30/Aug/2005:16:41:28 +0100] conn=299 op=165 msgId=167 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
  dev,dc=co,dc=uk" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates ref aci"
  [30/Aug/2005:16:41:28 +0100] conn=299 op=165 msgId=167 - RESULT err=0 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:28 +0100] conn=299 op=166 msgId=168 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
  dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(obj
  ectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscape
  Resource)(objectClass=domain))" attrs="objectClass numSubordinates ref aci"
  [30/Aug/2005:16:41:29 +0100] conn=299 op=166 msgId=168 - RESULT err=0 tag=101 nentries=41 etime=1
  [30/Aug/2005:16:41:29 +0100] conn=299 op=167 msgId=169 - SRCH base="ou=iplanetamauthservice,ou=services,ou=infrastructure,o=n
  orthampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectC
  lass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServ
  er)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:29 +0100] conn=299 op=167 msgId=169 - RESULT err=0 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:29 +0100] conn=299 op=168 msgId=170 - ABANDON targetop=NOTFOUND msgid=169
  [30/Aug/2005:16:41:29 +0100] conn=299 op=169 msgId=171 - SRCH base="ou=iplanetamauthldapservice,ou=services,ou=infrastructure
  ,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(obj
  ectClass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscape
  Server)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:29 +0100] conn=299 op=169 msgId=171 - RESULT err=0 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:29 +0100] conn=299 op=170 msgId=172 - ABANDON targetop=NOTFOUND msgid=171
  [30/Aug/2005:16:41:29 +0100] conn=299 op=171 msgId=173 - SRCH base="ou=iplanetampolicyconfigservice,ou=services,ou=infrastruc
  ture,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)
  (objectClass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=nets
  capeServer)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:29 +0100] conn=299 op=171 msgId=173 - RESULT err=0 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:29 +0100] conn=299 op=172 msgId=174 - ABANDON targetop=NOTFOUND msgid=173
  [30/Aug/2005:16:41:29 +0100] conn=299 op=173 msgId=175 - SRCH base="ou=iplanetamauthenticationdomainconfigservice,ou=services
  ,ou=infrastructure,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(
  --More--(83%)
  The list goes on.
  Can anyone give me any pointers?
  Thanks

  Hi
  Thanks for your reply!
  I did mis-type, my mistake - sorry about that.
  If I dont over-ride the default it works, I've pretty much got the whole setup working now but I'm not particularly over the moon about the way the ldap tree is setup, I'd like finer granuality as we are going to attempt to get syncronization working with AD.
  I have an idea about how I'd like to set up our Mail/Calendar/LDAP infrastructure the 2nd time around (I'm just testing at the mo) - so I might have a question or two for you if you dont mind taking a look when you have a minute?
  Thanks Jay