Openldap server appears to be broke.

Similar Messages

• Connecting to a remote OpenLDAP server over SSL.

  I've been trying for several weeks now to get a remote OpenLDAP server up and running; configured in such a way that it only allows SSL and requires certificate validation.
  I've created a CA with a self-signed certificate.
  I used that CA to create a server and client certificate.
  The server certificate is in /etc/ssl/certs, has a link by the name of its hash.0 pointing to it; permissions are all correct and /etc/ssl/slapd.conf point to it and the CA certificate.
  The client certificate is on my MacBook Pro in /etc/ssl/certs along with the CA certificate; each of which also has its hash linked to it. /etc/ssl/ldap.conf is set up properly, the permissions are correct, and the following test command ran as my user produces a successful result:
  ldapsearch -v -x -H ldaps://ldap.foo.org -b "dc=foo,dc=org" -d -1
  Now the problem part. I open Directory Utility; go to Services with Advanced Settings enabled. After unlocking it, I click the LDAPv3 and the pencil icon.
  I hit New... in the window that pops up and use ldap.foo.org as servername, SSL box ticked. I hit Continue, and behold; nothing happens.
  It is to say; Directory Utility hangs for a while; after which it goes back to the box I clicked Continue in without any error or warning popping up; but obviously hasn't advanced.
  The server logs indicate my Mac had actually connected; received the server certificate; but didn't send a client certificate at which point the TLS connection got aborted for some reason and the session ended.
  My Mac Console shows something even more bizare, though:
  11/09/08 23:09:22 com.apple.DirectoryServices[97123] Assertion failed: (ld != NULL), function ldapsearchext, file search.c, line 76.
  My suspicion is that Directory Utility can't verify the server certificate and aborts the TLS connection. I expect it also uses /etc/openldap/ldap.conf? How can I diagnose the root of this problem?
  Thanks a lot for your assistance; I just can't figure this out and any hint or pointer would be greatly appreciated. It now just looks like OSX does not support a secure LDAP over SSL configuration.
  Though it currently isn't set up to be that way, I'd like to have my client also provide a certificate (CN=lhunath.foo.org) and have the server validate that. For now I've got the server set to:
  TLSVerifyClient never
  (And of course, the client:)
  TLS_REQCERT demand
  Message was edited by: lhunath

  By the way; about the assertion error I get in Console; here's the relevant source of ldap.c. Looks like ld is not set; probably something going wrong before that with setting up the TLS connection, perhaps? Or not?
  * ldapsearchext - initiate an ldap search operation.
  * Parameters:
  * ld LDAP descriptor
  int
  ldapsearchext(
  LDAP *ld,
  assert( ld != NULL );

• How can I modify datas on one OpenLDAP server

  Hello, I am testing Leopard server 10.5.2 ; we have one open ldap server on our network with more than 700 users and I can access to it on the workgroup manager. Unfortunately I can't modify the datas which are on the open ldap server (only with Workgroup manager) but I have no authentification problem using Safari and a php module (cn=admin.....+ password). Is it normal ? Can I import the accounts on my OD Server. This one is setup as a OD Master. As we have a lot of people on the Openldap server I don't want to recreate them manualy.
  Thank you.

  Hi
  Yes you should be able to do this. Passwords will probably not be transferred over. However once transferred you can specify a password policy for all users to change their passwords at next log in.
  You don't say which existing LDAP server you have. It may be advisable to you use a 3rd-Party application to transfer Users etc over. I've heard that Excel can be used although I have always used Passenger.
  Tony

• 'our IMAP server appears to be temporarily out of service' - help !!

  When logging in I get this error message on my e-mail:
  'your IMAP server appears to be temporarily out of service'
  Any assistance please? Much appreciated.....

  Call your ISP or whoever hosts your mail server and ask them if something is going on...

• The server error encountered was: your IMAP server appears to be temporaril

  The server error encountered was: your IMAP server appears to be temporarily out of service
  on one mac account but not the other why?

  k finally my account is receiving mail. But it was out of service for over 15 hours. And on only one of my .mac email accounts don't know how or why. Yet I even deleted my account from my mail and re-entered it but that didn't help, only time did. So strange and discerning for a paid mail account service. Great when it works. But it might be nice to have an auto forward feature for when the accounts go down so that emails may still be sent and received at one of my free email providers that has not ever had any issues. Good luck

• Native ldap client doesn't work with an openldap Server : No root DSE data

  Hello!
  My configuration :
  - an openldap 2.2.23 server (linux debian) (server name = serv_annu)
  - a ldap client (solaris 10) (server name = client_annu)
  I want to configure my client by using Solaris Native ldap and I follow the excellent doc of gary tay (http://web.singnet.com.sg/~garyttt)
  I use TLS and I had generated a certificate by using Mozilla . TLS works because ldapsearch from my solaris client works:
  FROM CLIENT_ANNU:
  +# ldapsearch -h server_annu -p 636 -b"dc=mydomain,dc=fr" -s base -Z -P /var/ldap/cert8.db "objectclass=*"+
  version: 1
  dn: dc=mydomain,dc=fr
  dc: mydomain
  objectClass: top
  objectClass: dcObject
  objectClass: organization
  objectClass: nisDomainObject
  nisDomain: mydomain.fr
  o: mydomain
  LOG FROM SERVER_ANNU:
  Apr 2 09:52:40 server_annu slapd[17068]: conn=267 fd=10 ACCEPT from IP=172.30.69.216:36020 (IP=0.0.0.0:636)
  Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=0 SRCH base="dc=mydomain,dc=fr" scope=0 deref=0 filter="(objectClass=*)"
  Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
  Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=1 UNBIND
  Apr 2 09:52:40 server_annu slapd[17068]: conn=267 fd=10 closed
  1) I add DUAConfigProfile.schema and solaris.schema on my openldap server.
  2) I add a nisDomainObject at the root DN (see the result of the ldapsearch above)
  3) I Add ACL in slapd.conf to allow reading of rootDSE.
  access to dn.base="" by ssf=128 * read
  4) I launch on my solaris client
  crle -u -s /usr/lib/mps
  crle -64 -u -s /usr/lib/mps/64
  5) I can't apply result.c patch on my openldap server (production server!) then I can't create /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred by using ldapclient command. Then I create manually /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred : the syntax is correct because the "ldapclient list" command works :
  +# ldapclient list+
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_BINDDN= uid=toto,ou=People,dc=people1,dc=mydomain,dc=fr
  +NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411+
  NS_LDAP_SERVERS= server_annu
  NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=fr
  NS_LDAP_AUTH= tls:simple
  NS_LDAP_CREDENTIAL_LEVEL= anonymous
  NOTE : I've had to add NS_LDAP_BINDDN and NS_LDAP_BINDPASSWD even if I use anonymous credential level because I get an error when I launch ldap client process.
  Then here, everything is apparently OK but when I enable ldap client process the cachemgr process is running about 30s then it crashes:
  FROM CLIENT_ANNU:
  svcadm disable /network/ldap/client;svcadm enable /network/ldap/client
  +/etc/init.d/nscd stop;/etc/init.d/nscd start+
  LOG FROM SERVER_ANNU:
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 fd=10 ACCEPT from IP=172.30.69.216:36021 (IP=0.0.0.0:389)
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SRCH attr=supportedControl supportedsaslmechanisms
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=1 UNBIND
  Apr 2 09:54:59 server_annu slapd[17068]: conn=268 fd=10 closed
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 fd=10 ACCEPT from IP=172.30.69.216:36022 (IP=0.0.0.0:389)
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SRCH attr=supportedControl supportedsaslmechanisms
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=1 UNBIND
  Apr 2 09:54:59 server_annu slapd[17068]: conn=269 fd=10 closed...
  FROM CLIENT ANNU :
  +# /usr/lib/ldap/ldap_cachemgr -g+
  cachemgr configuration:
  server debug level 0
  server log file "/var/ldap/cachemgr.log"
  number of calls to ldapcachemgr 2
  cachemgr cache data statistics:
  Configuration refresh information:
  Previous refresh time: 2008/04/02 09:58:12
  Next refresh time: 2008/04/02 21:58:12
  Server information:
  Previous refresh time: 2008/04/02 09:58:32
  Next refresh time: 2008/04/02 09:58:33
  server: server_annu, status: ERROR
  error message: No root DSE data returned.*
  Cache data information:
  Maximum cache entries: 256
  Number of cache entries: 0
  My problem is why I get the following error message : No root DSE data returned.
  Thanks in advance for your help!

  Hi
  Is your OpenLDAP server configured to allow anonymous read of the rootDSE attributes ?
  Regards,
  Ludovic.

• Mail server appears to lockup

  Hello, I have OSX Server 10.2.8 and it has been running fine for the past 3 years but now all of a sudden I have problems logging in to POP and IMAP accounts or even sending mail through it? The server appears to be unresponsive but then works again like it is processing to much work and then when it is done it will respond again like it should. I feel like it's under a DOS attack or something.
  My mail error logs are littered with messages such as below:
  May 14 2006 08:21:14 TCP connect error (22) Invalid argument.
  May 14 2006 08:21:14 TCP connect error (61) Connection refused.
  May 14 2006 08:21:14 TCP connect error (61) Connection refused.
  May 14 2006 08:21:15 TCP connect error (61) Connection refused.
  May 14 2006 08:22:31 TCP connect error (22) Invalid argument.
  May 14 2006 08:29:35 TCP connect error (22) Invalid argument.
  May 14 2006 09:02:23 TCP connect error (22) Invalid argument.
  May 14 2006 09:02:24 TCP connect error (61) Connection refused.
  May 14 2006 09:03:39 TCP connect error (22) Invalid argument.
  May 14 2006 09:03:39 TCP connect error (61) Connection refused.
  May 14 2006 09:03:39 TCP connect error (61) Connection refused.
  May 14 2006 09:03:41 TCP connect error (61) Connection refused.
  May 14 2006 09:04:56 TCP connect error (22) Invalid argument.
  Its running on an old B&W with a 1G G3 upgrade and 512MB ram. I have all the latest updates and security patches installed.
  Thanks for any help.
  Tom

  I apologize if I truncated an important part of the log in my effort for brevity. Here's what I think is the full section.
  ==========================
  Dec 13 19:44:08 icoserver postfix/qmgr[25691]: 01A2568A82: removed
  Dec 13 19:44:08 icoserver postfix/pipe[26262]: A5B7368AA0: to=<[email protected]>, relay=cyrus, delay=0, status=sent (mail.icocorp.com)
  Dec 13 19:44:08 icoserver postfix/qmgr[25691]: A5B7368AA0: removed
  Dec 13 19:49:17 icoserver postfix/smtpd[26298]: connect from smtp110.sbc.mail.re2.yahoo.com[68.142.229.95]
  Dec 13 19:49:17 icoserver postfix/smtpd[26298]: CD79368AB1: client=smtp110.sbc.mail.re2.yahoo.com[68.142.229.95]
  Dec 13 19:49:17 icoserver postfix/cleanup[26300]: CD79368AB1: message-id=<[email protected]>
  Dec 13 19:49:19 icoserver postfix/qmgr[25691]: CD79368AB1: from=<[email protected]>, size=397919, nrcpt=1 (queue active)
  Dec 13 19:49:19 icoserver postfix/smtpd[26298]: disconnect from smtp110.sbc.mail.re2.yahoo.com[68.142.229.95]
  Dec 13 19:49:22 icoserver postfix/smtpd[26304]: connect from localhost[127.0.0.1]
  Dec 13 19:49:22 icoserver postfix/smtpd[26304]: 0EC2168B04: client=localhost[127.0.0.1]
  Dec 13 19:49:22 icoserver postfix/cleanup[26300]: 0EC2168B04: message-id=<[email protected]>
  Dec 13 19:49:22 icoserver postfix/qmgr[25691]: 0EC2168B04: from=<[email protected]>, size=398365, nrcpt=1 (queue active)
  Dec 13 19:49:22 icoserver postfix/smtpd[26304]: disconnect from localhost[127.0.0.1]
  Dec 13 19:49:22 icoserver postfix/smtp[26301]: CD79368AB1: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=5, status=sent (250 2.6.0 Ok, id=25705-05, from MTA: 250 Ok: queued as 0EC2168B04)
  ==========================

• My Server appears to have many connections to the router?

  When I look at a map of the network on my router, the server appears to have two IP Addresses and many, many connections.
  Most things are working okay, but there is a problem resolving domain names. I can RDP to the server with the IP address but not the name on some clients, and likewise I can access folders with 192.168.1.XXX\Folder but not SERVERNAME\Folder.
  I have a public static IP address, and the server adapter has a static IPv4 address (I have left IPv6 alone).
  any suggestions?

  Not necessarily.
  Essentials does not setup the internal DNS the same way sbs standard does.
  So, using domain.remotewebaccess.com, will always resolve to an external IP.
  Then it is up to the firewall in the router, whether it will permit a NAT loopback.
  You could add a DNS zone for domain.remotewebaccess.com in DNS on the Essentials Server, but im not sure that would be a good idea.
  There may be a setting you can change inside your router to allow the traffic to work.
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• Solaris 10 automount against OpenLDAP server

  Hi ya'll,
  Another Solaris question that I'm searching around about...
  I'm using Solaris's native LDAP client on Soalris 10 6/06. My LDAP server is an OpenLDAP server under Fedora Core 5. The Solaris client can talk to the server fine, everything is cool except for the fact that automounting isn't working. I'm guessing it's a schema issue but I'm not sure where to go... I'll post a few examples of my config and maybe someone can see something wrong:
  From /etc/nsswitch.conf:
  automount: files ldap
  /etc/auto_master:
  /projects auto.projects
  /home auto.home
  /- auto.direct -rw,hard,intr
  from nis.schema file on OpenLDAP server:
  attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
  SUP name )
  attributetype ( 1.3.6.1.1.1.1.27 NAME 'NisMapEntry'
  EQUALITY caseExactIA5Match
  SUBSTR caseExactIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
  objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
  DESC 'A generic abstraction of a NIS map'
  MUST nisMapName
  MAY description )
  objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
  DESC 'An entry in a NIS map'
  MUST ( cn $ NisMapEntry $ nisMapName )
  MAY description )
  On the LDAP server the automounts are listed as "nisMapName=auto.home" etc.
  I read somewhere that in the nis.schema file, all references to "nisMapEntry" need to be changed to all lowercase, ie "nismapentry", but I tried that and restarted the LDAP server, restarted autofs on the client, still nothing. Does anyone know what schema changes need to be made? Or maybe changes that need to be made to something else that I'm not aware of? Or do I need to make any other schema changes to my Solaris 10 native LDAP client as well?
  This is a clip from the OpenLDAP log on the OpenLDAP server. It seems like the automount information request is getting through, but maybe the data it returns to Solaris is in an unrecognizable format or something?
  do_search
  ber_scanf fmt (miiiib) ber:
  dnPrettyNormal: <nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu><<< dnPrettyNormal: <nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu>, <nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu>ber_scanf fmt ({mm) ber:
  ber_scanf fmt ({mm}) ber:
  ber_scanf fmt ({M}}) ber:
  ==> limits_get: conn=35 op=0 dn="[anonymous]"
  => bdb_search
  bdb_dn2entry("nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu")
  search_candidates: base="nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu" (0x0000070d) scope=1
  => bdb_equality_candidates (objectClass)
  => key_read
  <= bdb_index_read: failed (-30989)
  <= bdb_equality_candidates: id=0, first=0, last=0
  => bdb_dn2idl("nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu")
  <= bdb_dn2idl: id=111 first=1806 last=1916
  => bdb_equality_candidates (objectClass)
  => key_read
  <= bdb_index_read: failed (-30989)
  <= bdb_equality_candidates: id=0, first=0, last=0
  bdb_search_candidates: id=0 first=1806 last=0
  bdb_search: no candidates
  send_ldap_result: conn=35 op=0 p=3
  send_ldap_response: msgid=1 tag=101 err=0
  ber_flush: 14 bytes to sd 18
  daemon: activity on 1 descriptor
  daemon: activity on: 18r
  daemon: read active on 18
  connection_get(18): got connid=35
  connection_read(18): checking for input on id=35
  ber_get_next
  ber_get_next: tag 0x30 len 5 contents:
  ber_get_next
  ber_get_next on fd 18 failed errno=0 (Success)
  connection_read(18): input error=-2 id=35, closing.
  connection_closing: readying conn=35 sd=18 for close
  connection_close: deferring conn=35 sd=18
  daemon: select: listen=7 active_threads=0 tvp=NULL
  daemon: select: listen=8 active_threads=0 tvp=NULL
  daemon: select: listen=9 active_threads=0 tvp=NULL
  daemon: select: listen=10 active_threads=0 tvp=NULL
  daemon: activity on 1 descriptor
  daemon: activity on:
  daemon: select: listen=7 active_threads=0 tvp=NULL
  daemon: select: listen=8 active_threads=0 tvp=NULL
  daemon: select: listen=9 active_threads=0 tvp=NULL
  daemon: select: listen=10 active_threads=0 tvp=NULL
  do_unbind
  Linux clients work out of the box without any config changes (but then again these linux clients come stock with an openldap client so I'm not surprised they would communicate with one of their own kind).
  Thanks in advance for any insight!!!
  ciao, erich

  Hi Gary,
  i've got the automounter working with OpenLDAP, but not the SSD
  here are my results:
  $ ldaplist auto_master
  dn: cn=/home,ou=NFSMounts,dc=m-x
  dn: cn=/data,ou=NFSMounts,dc=m-x
  $ ldaplist auto_home
  dn: automountMapName=auto_home,uid=bill,ou=People,dc=m-x
  $ ldaplist auto_data
  dn: automountMapName=auto_data,uid=bill,ou=People,dc=m-x
  $ ls -l /home
  total 2
  dr-xr-xr-x 1 root root 1 Nov 16 11:13 billdata
  dr-xr-xr-x 1 root root 1 Nov 16 11:13 billhome
  $ ls -l /data
  total 2
  dr-xr-xr-x 1 root root 1 Nov 16 11:13 billdata
  dr-xr-xr-x 1 root root 1 Nov 16 11:13 billhome
  and here are my configs:
  /var/ldap/ldap_client_file:
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_SERVERS= xxx
  NS_LDAP_SEARCH_BASEDN= dc=m-x
  NS_LDAP_AUTH= simple
  NS_LDAP_SEARCH_SCOPE= sub
  NS_LDAP_CACHETTL= 3600
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=m-x
  NS_LDAP_SERVICE_SEARCH_DESC= group:ou=Group,dc=m-x
  NS_LDAP_SERVICE_SEARCH_DESC= auto_master:ou=NFSMounts,dc=m-x
  NS_LDAP_SERVICE_SEARCH_DESC= auto_data:ou=People,dc=m-x?sub?nisMapName=auto_data
  NS_LDAP_SERVICE_SEARCH_DESC= auto_home:ou=People,dc=m-x?sub?nisMapName=auto_home
  NS_LDAP_ATTRIBUTEMAP= automount:automountKey=cn
  NS_LDAP_ATTRIBUTEMAP= automount:automountInformation=nisMapEntry
  NS_LDAP_ATTRIBUTEMAP= automount:automountMapName=nisMapName
  NS_LDAP_ATTRIBUTEMAP= passwd:gecos=cn
  NS_LDAP_OBJECTCLASSMAP= automount:automount=nisObject
  NS_LDAP_OBJECTCLASSMAP= automount:automountMap=nisMap
  ldif entries:
  dn: nisMapName=auto_home,uid=bill,ou=People,dc=m-x
  objectClass: top
  objectClass: nisObject
  nisMapEntry: host1:/export/home/bill
  nisMapName: auto_home
  cn: billhome
  dn: nisMapName=auto_data,uid=bill,ou=People,dc=m-x
  objectClass: top
  objectClass: nisObject
  cn: billdata
  nisMapEntry: host1:/export/data/bill
  nisMapName: auto_data
  snooping the network, i see that the calls from ldaplist include the nisMapName=auto_* filter, while the calls made by the automounter don't
  is there a way to get the automounter to respect the SSD?
  thank you,
  Billy

• Address Book - self signed LDAPS certifiate on openldap server

  I'm fairly new to the Mac, but I'm not new to FreeBSD or *NIX type boxes.
  I'm trying to get Address Book to contact my openldap server that runs on OpenBSD. I have it working well with thunderbird, horde + (l)imp, dovecot, and various other openldap client based pieces of software. I use a self signed certificate on the server as most do. The key with the openldap client libraries normally is changing /etc/openldap/ldap.conf to not require a valid certificate from the server with the following setting:
  TLS_REQCERT never
  This setting is present in my version of OS X by default. On other *NIX machines i've had to set that manually.
  If there is any chrooting involved by the client, clearly another copy of /etc/openldap/ldap.conf is necessary in the chrooted area. Does anyone know if Address Book chroots itself? Or why it isn't paying attention to the /etc/openldap/ldap.conf? I get a clear message on the server that the client is rejecting the self signed certificate.
  Thanks much for your time,
  Geff
  Mac Book   Mac OS X (10.4.8)  

  Where's the button for "Yes, I answered my own question." ???? Okay ... <rant on> I guess Apple is no different from everything else: openbsd, linux, windows, open source, closed source, etc. always answering our own questions. I feel like the software isn't even tested. A FIX or some more information would be nice. </rant off>
  Okay here's the deal. I don't have a cert signed by an approved CA so I'm not sure if one would have to jump through fewer hoops to get it to work with a "proper" (non-self signed) cert. Turns out if you are using AddressBook to attempt to go to an LDAP server and you want SSL with a self signed cert, it seems that AddressBook won't properly attach to the LDAP server on port 636. Even tho that's what happens to the PORT setting when you CLICK THE BUTTON (bitter, am I ranting again? ). So what you do is click the button for "SSL" and then REVERT THE PORT back MANUALLY to 389. (more bitter) This causes addressbook to ... well ... uhm ... WORK. What ends up happening is that it makes a non-ssl connection initially and then upgrades the connection via "STARTTLS" to an encrypted connection. There one setting that you should have in slapd.conf (or like file) before doing this.
  # Sample security restrictions
  # Require integrity protection (prevent hijacking)
  # Require 112-bit (3DES or better) encryption for updates
  # Require 63-bit encryption for simple bind
  # security ssf=1 update_ssf=112 simple_bind=64
  security simple_bind=64
  This requires the connection to have at least the minimum amount of encryption before the bind (authenticate) process. Keep in mind if you add this setting, anything that previously attempted to bind clear text (even on localhost) will fail. However you should never be sending a password in the clear.
  Geff

• HELP!  Rouge Server Appears & Contains Computer Contents?

  Normally the Network section of the Finder Window is empty, until recently! Now when I log onto the net (Yes, still on dial-up, but read on!) a server appears on the Network section of Finder and contains the entire contents of the computer, including Applications, System, Library, etc.
  When I attempt to "Trash" this server, I'm told that I "don't have privledges" to remove this. When I click on more info, I get Kind: Alias; Where: /automount/Servers; Server: nfs://automount%20-fstab%20%5B269]. The last digits change each time I log on The Server Name in Finder also changes containing things like... "dialup-4.88.56. ... .level3.net" or "1cust2913.an2. ... .uu.net" (I can give complete name if that helps?)
  This appears to have started after I backed up my pictures and documents on a new Western Digital My Book external drive in preparation for switching to DSL and upgrading to Leopard. Both actions are on hold until I can get rid of the rouge Server! I don't know if it's a "craplet" that WD gave me to push some online backup service? Can't get an response from WD!! Or is this something more dangerous???
  Please help? Anyone know what this is AND HOW CAN I GET RID OF IT?? Thanks a bunch, Addie

  meandrik wrote:
  Hey!!!! I found something. Attached image - someone from PI 41.138.183.186 trying to connect to the server
  IP ADDRESS INFORMATION
  IP Address41.138.183.186
  Hostname41.138.183.186
  NetworkAfrican Network Information Center
  Country NG - NIGERIA
  Region05
  CityLagos
  Latitude6.4531
  Longitude3.3958
  IP Range41.138.170.0 - 41.138.191.255
  IP NetworkAmerican Registry for Internet Numbers (ARIN)
  ABUSE
  HandleGENER11-ARIN
  NameGeneric POC
  Phone+230 4666616
  [email protected]

• Mount homedir autofs with openldap server

  I'm having trouble mounting home directories on mac clients running leopard from a linux openldap server. The login/password auth works fine, but somehow the autofs is not working correctly with the openldap server.
  I need some help in troubleshooting. From what I've read on the web, autofs is now suppose to work in leopard.
  Thanks,
  Yasi

  Sounds like something you should be posting to the server or linux forums.

• OpenLDAP Server have Problems with the automounter of Mac OSX 10.5.5 client

  Hi,
  we are using OpenLDAP Server on a Debian OS base. I had connect the LDAP Server with the MACMini with Mac OSX 10.5.5. The LDAP Server is based on OpenLDAP running on Debian Linux.
  The Users can login on the Mac Computers and they do have the right goups. I have a problem with the autompunterMaps because the homes and volumes are not mounted in the Mac environment. So the users have a different home directory at each computer and no volumes to work with.
  The LDIF I use for the automounter is following:
  dn: ou=automaster_directlinx86, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Bielefe
  ld,dc=DE
  ou: automaster_directlinx86
  objectClass: top
  objectClass: automountMap
  dn: cn=\/homes, ou=automaster_directlinx86, ou=autofs, ou=ai,
  dc=TechFak,dc
  =Uni-Bielefeld,dc=DE
  objectClass: automount
  automountInformation:
  ldap:ldap.TechFak.Uni-Bielefeld.DE:ou=auto_homes,ou=aut
  ofs,ou=ai,dc=TechFak,dc=Uni-Bielefeld,dc=DE -nosuid,nobrowse
  cn: /homes
  dn: cn=\/vol, ou=automaster_directlinx86, ou=autofs, ou=ai,
  dc=TechFak,dc=U
  ni-Bielefeld,dc=DE
  objectClass: automount
  automountInformation:
  ldap:ldap.TechFak.Uni-Bielefeld.DE:ou=autovollinx86,o
  u=autofs,ou=ai,dc=TechFak,dc=Uni-Bielefeld,dc=DE
  cn: /vol
  dn: ou=autovollinx86, ou=autofs, ou=ai, dc=TechFak,dc=Uni-Bielefeld,dc=DE
  ou: autovollinx86
  objectClass: automountMap
  dn: cn=ai, ou=autovollinx86, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Bielefeld,
  dc=DE
  objectClass: automount
  automountInformation: -rw,intr,nolock thor:/export/ai/external/vol/&
  cn: ai
  dn: cn=airobots, ou=autovollinx86, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Biel
  efeld,dc=DE
  objectClass: automount
  automountInformation: -rw,intr,nolock thor:/export/ai/external/vol/&
  cn: airobots
  dn: cn=mobirob, ou=autovollinx86, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Biele
  feld,dc=DE
  objectClass: automount
  automountInformation: -rw,intr,nolock thor:/export/ai/external/vol/&
  cn: mobirob
  dn: ou=auto_homes, ou=autofs, ou=ai, dc=TechFak,dc=Uni-Bielefeld,dc=DE
  ou: auto_homes
  objectClass: automountMap
  dn: cn=efrese, ou=auto_homes, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Bielefeld,d
  c=DE
  objectClass: automount
  automountInformation: thor:/export/ai/external/homes/staff/&
  cn: efrese
  dn: cn=fsiepman, ou=auto_homes, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Bielefeld
  ,dc=DE
  objectClass: automount
  automountInformation: thor:/export/ai/external/homes/staff/&
  cn: fsiepman
  dn: cn=fyuan, ou=auto_homes, ou=autofs, ou=ai,
  dc=TechFak,dc=Uni-Bielefeld,dc
  =DE
  objectClass: automount
  automountInformation: thor:/export/ai/external/homes/staff/&
  cn: fyuan
  In the /etc/auto_master I added the line
  SRC base="ou=ai, dc=TechFak,dc=Uni-Bielefeld,dc=DE" scope=ALL
  filter="(&(|(objectClass=automount))"
  to mount the /volumes but just the volume /vol and /homes are mounted to the Mac OS System.
  Thanks.

  Hi.
  Have a look at http://www.afp548.com/article.php?story=20061126220622764
  and there is very good information in Apple's training texts for 10.5 server.
  You can buy the print book or purchase an account with Safari Books in order to read it online,
  see
  http://my.safaribooksonline.com/9780321591067
  Chpt 3 is on working with 3rd-party OpenLDAP servers

• How to Configure  Oracle Management Server (OMS) with  Dataguard Broker

  Dear Experts,
  i have a production DB (192.168.200.9) 9.2.0.1.0 on Server 2003
  i have a standby DB (192.168.200.19) 9.2.0.1.0 on Server 2003
  Archive logs are shipped to standby database and applied there. *(Datagauard is configured).*
  Now i want that Graphically i want to see that archivelogs are shipping to standby database and applied there ( i want to configure Dataguard Broker in graphical mode (*dataguard manager*) isnt it ( bcz i anm bit confused with this).............?
  *1.* For this purpose to achieve i take some seperate machine install on it Server 2003.
  *2.* and then Install oracle db 9.2.0.1.0 ( here i will install FULL DATABASE, CUSTOM installation ( then createsome repository).
  *3*. can i configure this repository for OMS on my already running production or standby DB............?
  *4.* After this OMS is configured or not..........?
  *5.* how i will configure datagauard broker
  what i know regarding this is on primary and standby db *( DG_BROKER_START = TRUE)* and after
  this we have to create some configuration wizards but how
  i think i have to go with this sequence if somebody has different sequence tellm e
  wait for replies
  thanks in advance
  regards rehan
  faisalabad pakistan

  Does anybody dont know anything about this.................?

• Open Directory Server appears as /LDAPv3/127.0.0.1, not as /LDAPv3/FQDN

  I am running Mac OS X Server 10.4.7 and when I setup my Open Directory Master it shows in Directory Access Utility and Workgroup Manager as /LDAPv3/127.0.0.1.
  This not make sense since a nslookup anwers correctly for IP address and Hostname. So, I think it would shows as /LDAPv3/FQDN
  If I change the field "Server Name or IP Address" in LDAPv3 section of Directory Access Utility to the FDQN, Workgroup Manager shows /LDAPv3/FQDN and works perfectly, but if I try to create an Open Directory Replica in another server, I receive a message "Unable to Authenticate on Server as Directory Admin"

  Thanks for your answer Ralph!
  Really I get my other server promoted to an OD Replica when my OD Master appears as /LDAPv3/127.0.0.1, but I was in doubt about this when I go to the Replica's WGM Sharing pane to set User's folder as an Automount Point in /LDAPv3 Directory because it shows as /LDAPv3/127.0.0.1
  Maybe I am wrong, but in the Replica's server this will point to the localhost directory. This assumption is correct?