OSX 10.9 Maverick add a LDAP server via script

I use applescript to add a LDAP sever on 10.8, but after the 10.9 released, I found the script cannot use any more.
Seems is the new Mail app doesn't support LDAP sever , it is integrated to Internet Accounts
However the SAMPLE script is still the same. ( /Library/Scripts/Mail\ Scripts/Create\ New\ LDAP\ Server.scpt )
Does any one know how to config internet accounts via script (BASH script is OK too)?
the new mail app does not understand
make new ldap server with properties {name:theName, host name:theAddress, search base:theSearchBase, Çclass ldpoÈ:thePort, scope:theScope}
any more.

I'd first read the subject and thought this involved creating an entire LDAP server via script and thought... whoa, that's some script.
But you're seeking to reference a remote resource or some automated way to configure your client mail, and that's currently using LDAP, right? If so, then Apple has shifted over to Profiles and away from LDAP and MCX and related. Profiles would be the approach I'd follow here, either with OS X Server and its profile manager or some other MDM service.
If you have access to the Apple WWDC13 session videos, there's a session on the Profile Manager that might be worth your time.

Similar Messages

How to access a specific tab in collaboration server - via scripting

So, I want to be able to show a link in a portlet to a user such that when the link is clicked it takes the user to collaboration server and automatically sets them on the discussion tab...any ideas? do transformer tags work in this case? any other ways?
Thanks

QuickKeys may work, or you can look on http://www.versiontracker.com or http://www.macupdate.com for other alternatives.
Another option is to create aliases to those folders and store the aliases in a local folder which you can place on your Dock, the Finder window sidebar or toolbar.

Request a .jpg image from Indesign server via script?

hello,
I have a scenario in which I am switching from using QuarkXpress Server to Indesign Server. With Quark Server I am able to request a jpg image from a quark Document. Basically, by providing the right parameters, I can get a JPG preview of what a picture box or text box looks like in the Quark Document.
I need to do something like this with InDesign Server. Is it possible to write a script specifying an Indesign Document and maybe a TextFrameID or PictureFrame ID and get a JPG rendering of it?
I know I can export the whole document as a PDF but I need to be able to get images of single textframes/pictureframes or grouped frames.
Does anyone know if this is possible or how to do this?
thanks in advance!!!
-Lloyd

Or maybe the only way to achieve this (hopefully not, though) is to export the whole document as a JPG, and then find a way to programmatically crop the part I need based on the coordinates of the textframe/pictureframe (or grouped framed) that I need?
thanks in advance,
Lloyd

Rc.local script to bind and add ldap server

Greetings All,
For the past few years, I've used the script below to bind and add authentication servers to my client machines. The process is simple enough, copy the rc.local script (ref'd below) to /etc/ as root and reboot the client. The problem now, is I don't know if this will work in 10.6. As I read this script, I realized there have been enough changes in location of files and file names between 10.5 and 10.6 that this script isn't going to work.
My question to you guys is this: Is anyone else taking care of their binding/auth services in a similar manner? If so, would you mind sharing the script you're using?
Thanks,
-dave
Here's mine:
#!/bin/sh
# WARNING -- REMEMBER TO UNCOMMENT THE SELF-DELETING LINE!
#Site and/or District-specific Variables
#Local Admin in Image
LOCADMIN="tech" # Local admin user in your image
LOCPASSWD="techpwd" # Local admin password in your image
#Open Directory
ODSITESERVER="odr1.mydomain.edu" # FQDN of the Open Directory Server
ODADMIN="diradmin" # Directory Admin for Open Directory
ODPASSWD="diradminpwd" #Password for OD Directory Admin
### DO NOT EDIT BELOW THIS LINE!
OSMAJORVER=`sw_vers | grep ProductVersion | awk '{print $2}' | cut -c 1-4`
ENETADDRESS=`ifconfig en0 | grep ether | awk '{print $2}'`
#Give the network time to come online
logger "Sleeping 30 seconds"
sleep 30
#Set Date and Time
case $OSMAJORVER in
10.3) date > /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
10.4) date > /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
10.5) date > /Library/Logs/binder.log 2>&1
/usr/sbin/systemsetup -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/usr/sbin/systemsetup -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
esac
#Set Bonjour and Computer Names
# logger "Setting Bonjour and Computer Names"
# SERIALNUMBER=`ioreg -l |grep IOPlatformSerialNumber | awk '{print $4}' | cut -d \" -f 2`
# SECONDOCTET=`ifconfig -a | grep inet | grep -v inet6 | awk '{print $2}' | grep ^10\. | head -n 1 | awk 'BEGIN {FS="."}; { printf "%03d", $2 }'`
# COMPUTERID="A""$SECONDOCTET""$SERIALNUMBER"
# logger "Computer name is $COMPUTERID"
# scutil --set LocalHostName "$COMPUTERID"
# scutil --set ComputerName "$COMPUTERID"
# sleep 3
#Set the Open Directory Server we are binding to based on the second octet of the IP address received from the DHCP lease
# case $SECONDOCTET in
# 002|005|047|110|112|115|119|121|123|128|133|153|241|247|250|251|253) ODSITESERVER="a941wgm.austinisd.org" ; RING="A1N";;
# 009|045|046|052|053|107|109|117|131|132|138|144|151|154|155|179) ODSITESERVER="a117wgm.austinisd.org" ; RING="B1N";;
# 004|006|010|048|055|056|102|106|118|129|141|149|152|157|159|161|163|164|165|178 |189|244|249) ODSITESERVER="a006wgm.austinisd.org" ; RING="C1N";;
# 003|012|015|044|051|105|108|111|116|122|124|125|126|127|139|142|145|150|245) ODSITESERVER="a044wgm.austinisd.org" ; RING="D1N";;
# 007|043|049|058|103|104|114|140|146|160|162|168|171|174|175|176|185|190|246|101 ) ODSITESERVER="a007wgm.austinisd.org" ; RING="B1S";;
# 101) ODSITESERVER="a007wgm.austinisd.org" ; RING="B2S";;
# 008|013|017|054|059|061|120|130|136|147|156|166|172|173|182|184) ODSITESERVER="a008wgm.austinisd.org" ; RING="C1S";;
# 057|060|113|143|148|158|170|180|181|183|248) ODSITESERVER="a008wgm.austinisd.org" ; RING="C2S";;
# *) ODSITESERVER="a000wgm.austinisd.org" ; RING="A0N";;
# esac
#Remove Existing Directory Services Config
logger "Removing existing DS Config"
rm -R /Library/Preferences/DirectoryService/ActiveDirectory*
rm -R /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig*
rm -R /Library/Preferences/DirectoryService/SearchNode*
rm -R /Library/Preferences/DirectoryService/ContactsNode*
rm -R /Library/Preferences/edu.mit.*
rm -R /etc/krb5.keytab
#Enable and disable appropriate plugins
case $OSMAJORVER in
10.3) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
10.4) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
10.5) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1 ;;
esac
#Copy in updated ldap.conf file for Leopard machines, which disables the verification of SSL certs used for LDAP Authentication
case $OSMAJORVER in
10.5) cp /etc/ldap.conf-leopard /etc/openldap/ldap.conf ;;
esac
#Kill Directory Services and respawn to return to DS Defaults
logger "Respawning DS"
killall -9 DirectoryService
#Running "id" triggers a DS Respawn
id "$LOCADMIN" >> /Library/Logs/binder.log 2>&1
sleep 3
#Fix SearchNode plist
case $OSMAJORVER in
10.3) logger "Disabling LDAP via DHCP"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
sleep 3 ;;
10.4) logger "Disabling LDAP via DHCP"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
sleep 3 ;;
esac
#Configure LDAPv3 Plugin -- fix with site-specific data
logger "Configuring LDAPv3 Plugin"
case $OSMAJORVER in
10.4) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
10.5) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
esac
sleep 3
#Make sure we init DS and confirm connectivity to each LDAP directory
logger "Checking OD Node Connectivity"
date >> /Library/Logs/binder.log
echo "Checking OD Node Connectivity" >> /Library/Logs/binder.log
dscl localhost -list /LDAPv3/$ODSITESERVER/Groups >> /Library/Logs/binder.log 2>&1
#Configure Search Path
logger "Configuring Search Nodes"
date >> /Library/Logs/binder.log
echo "Configuring Search Nodes" >> /Library/Logs/binder.log
dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
case $OSMAJORVER in
10.3) defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/LDAPv3/$ODSITESERVER"
killall -9 DirectoryService ;;
10.4) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
10.5) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
esac
date >> /Library/Logs/binder.log
echo "Confirming Search Nodes" >> /Library/Logs/binder.log
dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
#Remove any stale computer records from Open Directory
logger "Removing stale computer records from OD"
dscl /LDAPv3/"$ODSITESERVER" -search Computers ENetAddress "$ENETADDRESS" | awk 'BEGIN {FS="\t\t"}; { print $1 }' | while read COMPNAME
do
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -delete Computers/"$COMPNAME" >> /Library/Logs/binder.log 2>&1
done
#Add computer record to Open Directory
logger "Adding new Computer Record to OD"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/`scutil --get LocalHostName` ENetAddress "$ENETADDRESS" >> /Library/Logs/binder.log 2>&1
#Add to designated computer list - this is ONLY for 10.4 server. This will need to be replaced for 10.5 server.
COMPUTERGROUP="Unprovisioned" # Computer List
logger "Adding to Computer List: $COMPUTERLIST"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/"$COMPUTERID" ENetAddress "$ENETADDRESS"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -append ComputerLists/"$COMPUTERGROUP" Computers "$COMPUTERID"
#Refresh the MCX Cache
logger "Refeshing the MCX Cache"
case $OSMAJORVER in
10.3) /System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher -f >> /Library/Logs/binder.log 2>&1
/System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
10.4) /System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher -f >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
esac
#Disable automatic login on the client
defaults write /Library/Preferences/.GlobalPreferences com.apple.userspref.DisableAutoLogin -bool TRUE
#Enable login hooks on the client
case $OSMAJORVER in
10.4|10.5) defaults write /var/root/Library/Preferences/com.apple.loginwindow EnableMCXLoginScripts -bool true
defaults write /var/root/Library/Preferences/com.apple.loginwindow MCXScriptTrust Anonymous ;;
esac
#Enable Directory Services Status by default on loginwindow
# case $OSMAJORVER in
# 10.4|10.5) defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus ;;
#esac
#Modify the binder log so that only admin viewers may access the file
chmod u=rw,go= /Library/Logs/binder.log
sleep 5
#killall loginwindow
sleep 5
#Comment the lines below, until shutdown if you do not want the script to replace itself with a 30 second delay on startup to ensure the client receives a DHCP lease before loginwindow appears
case $OSMAJORVER in
10.3|10.4) echo sleep 30 > /etc/rc.local ;;
*) srm /etc/rc.local ;;
esac
shutdown -r now
#Exit
exit 0

The first thing I would verify is if you can connect and traverse your Active Directory/Domain Controller using Softerra's free ldap browser.
1. Softerra ldap browser link
http://download.softerra.com/files/ldapbrowser26.msi
Put in the IP/hostname of the domain controller, use the same BASE DN, and user credentials that you used on the IronPort appliance.
I would highly recommend that you create a separate account for the IronPort. (i.e. ironportldap). Do this so that you don't have to worry about accidentially resetting the password and then forgetting to update the IronPort appliance.
2. Once you've verified that you can connect and see your tree, use the same settings from Softerra ldap browser and put them in the IronPort ldap interface.
Try this for your Accept query string
(|(mail={a})(proxyAddresses=smtp:{a}))
3. If it still fails, enable the ldap debug log if you haven't already and paste in the error.
We are trying to add an LDAP Server Profile but everytime we try to test the Accept Query we get an
"Error - Error: configuration error" message.
We are using AD, top of the tree for base DN. dc=domain, dc=local.
We tried communicating with 2 different servers via telnet on ports 389, 3268, both are open.
Tried port 389 and 3268, no SSL, Anynomous and User Password authentication methods.
The error left us clueless since we followed the instructions on the user manual.
For the accept query we tried this query string: (proxyAddresses=smtp:{a})
Any ideas or pointers to what could be causing this are very appriciated.
Thanks.
Ed.

Address Book write LDAP server command via terminal or remote desktop

Hi folks.
I was wondering if anyone has had any experience issuing an 'address book' setting command, to ADD an LDAP entry, via terminal or remote desktop?
In particular, I want to "ADD" a new "LDAP" entry for a specific server, on 40 workstations, using terminal or remote desktop, so that I don't have to leave my desk
I recall that you can issue commands from the terminal, starting with "write"... to add such preferences.
Any thoughts, ideas, or inspiration?
Many thanks,
Derek

Hi,
As far as I know, We couldn't use Command Shell as you list to establish a Remote Desktop. You can use
mstsc /? command to view all mstsc.exe command parameter. We can use the command
mstsc [<connection file>] to establish a Remote Desktop Connection.
However, why did you want use command shell to establish a Remote Desktop? It would be more convenient using
mstsc [<connection file>] command to establish a Remote Desktop.
If you need further assistance on this particular issue or any other Windows related issue, let us know and we will be glad to assist you.
Roger Lu
TechNet Community Support

Adding LDAP-server (OID) to Cloud Control

Hi ,
we have installed the LDAP-server (Oracle Fusion Middleware) on a host without the WebLogic - therefore it's just the LDAP-server running on that host.
Now we would like to add the LDAP-server as a target to the Cloud Control - but haven't found a way to do that through the GUI (when using the GUI you always need to add informations about the WebLogic, e.g. Domain, ...).
Is it possible just to add the LDAP-server to the Cloud Control?
Any help will be appreciated!
Rgds
Jan

HI VivaLaVida,
Please take a look at the following EM12c documentation:
http://docs.oracle.com/cd/E24628_01/doc.121/e24473/security.htm#BABGAGIJ
You can connect EM12c with the following authentication systems:
•Oracle Access Manager (OAM) SSO
•Repository-Based Authentication
•SSO-Based Authentication
•Enterprise User Security Based Authentication
•LDAP Authentication Options: Oracle Internet Directory and Microsoft Active Directory
for OID there are non-GUI configuration methods:
http://docs.oracle.com/cd/E24628_01/doc.121/e24473/security.htm#autoId12

Still LDAP server not responding when add to authentication search path ...

Howdy All,
I still have an OS X Server 10.5.6 (running Open Directory with its own Master directory) that when configured to connect to a corporate LDAP server indicates the server is responding fine, but when I add the server to the authentication search path, the server is no-longer responding.
I suspect this may mean the LDAP server is choosing to no-longer respond? Is it possible that the LDAP server could have my machine / IP address "black-listed" in some way? I have asked corporate IT but they didn't seem to think so (although I was queried before about repeated connect attempts).
Somewhat strangely I can configure a laptop client (OS X 10.5.6) to connect to the same LDAP server from an Ethernet port on the same LAN and it works fine. However, when I connect this laptop to the LAN through my server (WiFi NAT) I get the same issue as described above.
I don't have the firewall on the server turned on, I have played around with some certificates on the server, but have set "TLS_REQCERT never" in the ldap.conf file on the server (and client) as suggested by corporate IT. I have Kerberos running on the server and all else seems fine on the server.
Can anyone suggest what may be causing this? Or how I can debug the problem?
Thanks in advance.
Cheers,
Ashley.

Hi Jeff,
Thanks for your post. That said, I'm not sure how you got the impression that I wish to go to Maine I'm happy here in Perth, Western Australia.
Jeff Kelleher wrote:
Connecting a Mac to an LDAP server is a far cry from connecting a OS X Server to an existing LDAP server. Not that I could necessarily help, but asking how to connect an OS X Server to an LDAP server is a bit like asking "guess where I am now, how do I get to Maine?"
You need to provide as much info as you can.
Seriously though, I'm not sure of the difference. I am using Directory Utility to allow this OS X Server to get authentication information from an LDAP server just like an OS X Client would.
I have Open Directory in Server Admin just setup to connect to a directory system (i.e. the organisation LDAP server), not a master or replica.
My final goal is to allow access to an OS X TeamsServer Wiki by users who are authenticated against the LDAP server (rather than having to have separate accounts, logins, on the OSXS.)
I am hoping that I can use a group from the LDAP server to define the team, but perhaps I will have to run a standalone OD. I hope then I can add LDAP users to the OD group.
What other information would help?
Thanks,
Ashley.
OS X Server 10.5.6

How do I add an objectclass to existing LDAP server entry using an ldif file?

I am trying to fix an LDAP server that has been operating with schema check off. I need to add an objectclass to the groups so that some attributes that have been added to the groups will be "legal." From the documentation, the changetype: modify will allow the changing/adding of attributes that are already a part of the schema objects that define the entry. It does not look like I can add an objectclass with the modify operation.
If this is the case, then how do I add an objectclass to an existing entry? Using the GUI is not possible since the directory server in question is not being managed with an admin server. Please tell me that I do not have to delete the groups and import them again with an LDIF file that has the new objectclass added.
Kent

See this post:
http://softwareforum.sun.com/servlet/ProcessRequest?RHIVEID=181&RPAGEID=135&HOID=50B500000008000000636B0000&USEARCHCONTEXT_CATEGORY_0=_21_%24_7_&USEARCHCONTEXT_CATEGORY_S=0&UCATEGORY_0=_21_%24_7_&UCATEGORY_S=0

Cannot add new LDAP Group Members in Sun Java Server 7.0

Hello!
I've got Sun Java™ System Web Server 7.0 installed and Apache Directory Server as LDAP server.
So, the task is -to create/add users to a group (just created or already existent).
When I try to do that, I got only "An error has occured" message and that's all.
What really happens, I cannot understand even from server logs:
here is the screenshot - http://tinyurl.com/34xuw42
and the log:
[08/Dec/2010:16:44:03] info ( 8504): for host 127.0.0.1 trying to POST /admingui/admingui/editGroupDialog, service-j2ee reports:
java.lang.NullPointerException
     at com.sun.web.admin.configlib.LdapDatabase.isUserGroupMgmtSupported(LdapDatabase.java:161)
     at com.sun.web.admin.mbeans.UserGroupMBean.isUserGroupMgmtSupported(UserGroupMBean.java:244)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.sun.web.admin.mbeans.BaseAdminMBean.invoke(BaseAdminMBean.java:49)
     at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
     at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
     at com.sun.web.admin.gui.util.MBeanUtil.invoke(MBeanUtil.java:139)
     at com.sun.web.admin.gui.util.MBeanUtil.invoke(MBeanUtil.java:39)
     at com.sun.web.admin.gui.handlers.CommonHandlers.invokeMBean(CommonHandlers.java:66)
     at com.sun.web.admin.gui.handlers.CommonHandlers.invokeWizardMBean(CommonHandlers.java:170)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.sun.enterprise.tools.guiframework.view.DescriptorViewHelper.invokeHandler(DescriptorViewHelper.java:938)
     at com.sun.enterprise.tools.guiframework.view.DescriptorViewHelper.invokeHandlers(DescriptorViewHelper.java:875)
     at com.sun.enterprise.tools.guiframework.view.DescriptorViewHelper.dispatchEvent(DescriptorViewHelper.java:841)
     at com.sun.enterprise.tools.guiframework.view.DescriptorViewHelper.beginChildDisplay(DescriptorViewHelper.java:477)
     at com.sun.enterprise.tools.guiframework.view.DescriptorViewBeanBase.beginChildDisplay(DescriptorViewBeanBase.java:168)
     at com.iplanet.jato.taglib.TagBase.fireBeginDisplayEvent(TagBase.java:133)
     at com.sun.web.ui.taglib.common.CCTagBase.fireBeginDisplayEvent(CCTagBase.java:149)
     at com.sun.web.ui.taglib.common.CCTagBase.doEndTag(CCTagBase.java:108)
     at org.apache.jsp.jsp.addGroupMembers_jsp._jspx_meth_cc_propertysheet_0(addGroupMembers_jsp.java:347)
     at org.apache.jsp.jsp.addGroupMembers_jsp._jspx_meth_cc_pagetitle_0(addGroupMembers_jsp.java:317)
     at org.apache.jsp.jsp.addGroupMembers_jsp._jspx_meth_cc_form_0(addGroupMembers_jsp.java:201)
     at org.apache.jsp.jsp.addGroupMembers_jsp._jspx_meth_cc_header_0(addGroupMembers_jsp.java:154)
     at org.apache.jsp.jsp.addGroupMembers_jsp._jspService(addGroupMembers_jsp.java:99)
     at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:80)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
     at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:373)
     at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:457)
     at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:351)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
     at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
     at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:792)
     at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:472)
     at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:353)
     at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
     at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
     at com.sun.enterprise.tools.guiframework.view.DescriptorViewHelper.execute(DescriptorViewHelper.java:338)
     at com.sun.enterprise.tools.guiframework.view.DescriptorViewBeanBase.execute(DescriptorViewBeanBase.java:210)
     at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
What I am doing wrong?
Please, help.

You can configure a LDAP authentication database. Once you have configured it, you will be able to see users and groups contained in the configured ldap store.
Select a web instance configuration and select the Access Control tab. Under the Authentication Database sub tab create a new Authentication Database and select as database type LDAP Server. Make sure you provide as a bind dn a user that has sufficient permissions to read user and group entries.
Once that is done and you applied the changes, you will be able to select your LDAP server as an Authentication Database under the Users and Groups sub tabs.

Update defualtprofile to add a 2nd ldap server ip to defaultServerList

Hello,
How to update the defaultprofile to add another direcotry server ip to the default server list?
In other words, how to have the existing ldap client to recongnise the newly setup replica server
i have these two ldap servers:
10.0.0.1 the master ldap
10.0.0.2 the second master ldap
jrc1client122# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=citco,dc=com
NS_LDAP_BINDPASSWD= {NS1}3dab16e843 111 1fb5
NS_LDAP_SERVERS= 10.0.0.1
NS_LDAP_SEARCH_BASEDN= dc= example ,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_BIND_TIME= 10
j
rc1client122# ldapclient mod -a defaultServerList=10.0.0.02
System successfully configured
jrc1client122# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=citco,dc=com
NS_LDAP_BINDPASSWD= {NS1}3dab16e843111fb5
NS_LDAP_SERVERS= 10.0.0.1
NS_LDAP_SEARCH_BASEDN= dc= example ,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_BIND_TIME= 10
ldap_client_file
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 10.0.0.1
NS_LDAP_SEARCH_BASEDN= dc=citco,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_BIND_TIME= 10
thx a bunch.
Ray

Hi Stephan,
I have not tried this but I think "doesn't seem to work" is not the best error description you could provide.
Does slapd still start up?
Do you get errors?
Have you tried starting the server with
sudo slapd -d config
This wil print some information to stdout about the processing of the configuration file.
HTH
Regards
Martin

Are there any rough processes for Solaris administrator to setup Sun LDAP as nameing server at Sun sparc host? like: 1st: modify /etc/nfsswitch.nfs 2nd: add LDAP server in /etc/hosts. 3rd: ......

Besides, can we install the LDAP server in sparc hosts as nameing system? Can we use Sun LDAP server or iPlanet Directory Server? or need BIND DNS server too?

There is a nice book from Michael Haines and Tom Bialaski: "Solaris and LDAP Naming Services" which contains all you need to configure Directory Server, LDAP, Naming Switch...
Ludovic.

Messenger Express: How do I add the Directory Server to the address book search tool?

In Messenger Express (ME) how do I add the Directory Server (DS) to the address book
search tool?
<P>
Edit the globals.pl file. Look for a line similar to: <BR>
@dirservers = ('MyCompany::phonebook.foo.com::o=FooCorp.,c=US','Four11 Directory::ldap.four11.com::');
<P>
Add an entry to the list. The list is comma delimited and each entry is a
string. The string contains three fields, delimited by a double colon (::). The
first field is the name you want to appear in the User Interface (UI). The second is
the hostname of the DS and the third is the Distinguished Name (DN) to use when searching.
<P>
Please note, Messenger Express is part of the Messaging Server. For more
information on Messenger Express, please see the release notes at
http://home.netscape.com/eng/server/MExpress/relnotes.htm

You can't add a new contact to specific group and there is no app for this. 3rd party apps don't have access to private iPhone APIs with security concerns being a primary reason, which such a function would require.

Can an LDAP server be it's own client?

In short yes, why would you want to do this? Many reasons, but mine is to be able to use ldap on laptops running Solaris and have them log into the machine with ldap credentials off the network. When we plug them back onto the network, I have a master server send any new data via one-way replication. I will give 2 separate ways to accomplish this. One is, to put it bluntly, a dirty hack to get it working. The second is much more elegant and it's the one I have stressed tested to verify that it works.
Disclaimer: I have only used these methods on Solaris10 update 3 with Trusted Extensions using directory server 5.2 as well as the administration server. I have used a few different kinds of machines (all x86) and have not had a problem with it. I do not know if it will work on any other version or hardware. I haven't even looked at the source code, all assumptions made here are from observing the systems behavior while making minor changes.
Now, the reasons why normally you can't be your own client (at least as far as I can tell) is because of the way the system boots and the dependencies that the ldap/client service needs to start up. If you boot a machine that is it's own client and ldap/client runs before the directory server starts, of course it will fail. The system boots the services first, then legacy init scripts. Directory Server 5.2 uses init scripts. Correct me if I am wrong, but that is the only real hurdle in your way.
So the first way to get it 'working' (dirty hack) is to delay the ldap/client smf service from starting until the directory server is started. After you become a client of yourself (in this case the global zone) disable the ldap/client serrvice.
svcadm disable ldap/clientThen enable it temporarily with the -t option
svcadm enable -t ldap/clientWell if you were to reboot now it would not work because the service would not start at boot because it is set to be administratively down. Edit the S72directory script in /etc/rc2.d and after the start commands just add the svcadm enable -t ldap/client command and it will load right after directory server starts. Will this work? Yes, is it a clean way to do it? NO. I used this method just for testing the theory that the only reason I could not be my own client was because of the booting issue.
Now the best way that I can see to accomplish this is to create your own smf services for the directory server and admin server. That way all you have to do is add a dependency to the ldap/client xml file to wait until the new directory server service is started before it starts. So in /var/svc/manifest/site create a folder called ldap (I put this in site because I didn't want to run into any issues of patching). In /var/svc/manifest/site/ldap/ create two xml files named:
quick note: These are the first services I have created. There may be a much better way to make them. If you can re-code it better, please let me know so I can look at them. Also there is no restart command in here (actually I just noticed that) so adding one of those would be wise.
ds_admin.xml and directory_server.xml.
ds_admin.xml contains<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<service_bundle type='manifest' name='SUNWdsadmin:dsadmin'>
<service
     name='site/ldap/ds_admin'
     type='service'
     version='1'>
     <create_default_instance enabled='false' />
     <single_instance />
     <dependency
         name='fs'
         grouping='require_all'
         restart_on='none'
         type='service'>
          <service_fmri value='svc:/system/filesystem/minimal' />
     </dependency>
     <dependency
         name='net'
         grouping='require_all'
         restart_on='none'
         type='service'>
          <service_fmri value='svc:/network/initial' />
     </dependency>
     <exec_method
         type='method'
         name='start'
         exec='/lib/svc/method/ds_admin start'
         timeout_seconds='120' >
          <method_context>
               <method_credential user='root' group='sys' />
          </method_context>
     </exec_method>
     <exec_method
         type='method'
         name='stop'
         exec='/lib/svc/method/ds_admin stop'
         timeout_seconds='60' >
          <method_context>
               <method_credential user='root' group='sys' />
          </method_context>
     </exec_method>
     <stability value='Unstable' />
     <template>
          <common_name>
               <loctext xml:lang='C'>
               LDAP Admin server
               </loctext>
          </common_name>
          <description>
               <loctext xml:lang='C'>
LDAP admin server
Information Service lookups
               </loctext>
          </description>
     </template>
</service>
</service_bundle>and directory_server.xml contains:
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<service_bundle type='manifest' name='SUNWds:ds'>
<service
     name='site/ldap/directory_server'
     type='service'
     version='1'>
     <create_default_instance enabled='false' />
     <single_instance />
     <dependency
         name='usr'
         grouping='require_all'
         restart_on='none'
         type='service'>
          <service_fmri value='svc:/system/filesystem/minimal' />
     </dependency>
     <dependency
         name='net'
         grouping='require_all'
         restart_on='none'
         type='service'>
          <service_fmri value='svc:/network/initial' />
     </dependency>
<dependency
            name='ds_admin'
            grouping='require_all'
            restart_on='none'
            type='service'>
                <service_fmri
                    value='svc:/site/ldap/ds_admin' />
     </dependency>
     <exec_method
         type='method'
         name='start'
         exec='/lib/svc/method/directory_server start'
         timeout_seconds='120' >
          <method_context>
               <method_credential user='root' group='sys' />
          </method_context>
     </exec_method>
     <exec_method
         type='method'
         name='stop'
         exec='/lib/svc/method/directory_server stop'
         timeout_seconds='60' >
          <method_context>
               <method_credential user='root' group='sys' />
          </method_context>
     </exec_method>
     <stability value='Unstable' />
     <template>
          <common_name>
               <loctext xml:lang='C'>
               LDAP directory server
               </loctext>
          </common_name>
          <description>
               <loctext xml:lang='C'>
LDAP directory server
Information Service lookups
               </loctext>
          </description>
     </template>
</service>
</service_bundle>Now the start/stop scripts will be located in /lib/svc/method and are as followed:
ds_admin
#!/sbin/sh
case "$1" in
     start)
          /usr/sbin/directoryserver start-admin
     stop)
          /usr/sbin/directoryserver stop-admin
          echo "Usage: $0 { start | stop }"
          exit 1
esac
exit 0simple yes.
directory_server
#!/sbin/sh
HOST_NAME=`hostname`
SERVER_ROOT=/var/opt/mps/serverroot
DIRECTORY_SERVER_INSTANCE=slapd-${HOST_NAME}
case "$1" in
     start)
          ${SERVER_ROOT}/${DIRECTORY_SERVER_INSTANCE}/start-slapd
     stop)
          ${SERVER_ROOT}/${DIRECTORY_SERVER_INSTANCE}/stop-slapd
          echo "Usage: $0 { start | stop }"
          exit 1
esac
exit 0The only thing left to do is modify the ldap/client smf file to wait until the directory server starts before it loads.
So edit /var/svc/manifest/network/ldap/client.xml and right before the dependency for for /var/ldap/ldap_client_file add this
<dependency
            name='directory_server'
            grouping='require_all'
            restart_on='none'
            type='service'>
                <service_fmri
                        value='svc:/site/ldap/directory_server' />
        </dependency>
Any changes made to the /ldap/client xml file must be made after ALL zones have been installed. If this file is copied to a zone it will never work as the directory_server service is not loaded in the zones.
Now what? You must remove the legacy init scripts in /etc/rc2.d. Those would be S72directory and S73mpsadm. No need to keep them around, alternatively, you can just change the capital 'S' to lower case and they want start.
You can now either use svccfg to validate and import the new services or you can reboot. Typically, I reboot and use the '-m verbose' option on boot to watch the services for any errors. I haven't had any lately but on different systems I always watch to see if it behaves different.
That's it. I have rebooted all the machines many, many times without error. This of course does not address loading the directory server or adding users, tnrhdb file, etc... We have scripted most of loading out and once we get some error correction coded in I will post them.
Also, if you find any errors or even a better way to accomplish this, please post it.

This restriction is only in terms of implementing the Solaris support for LDAP as a naming service. If the Solaris OS is configured to use LDAP as a naming service, it can't use a LDAP server running on the same host.
The reason is that the LDAP server makes naming service calls before it gets fully started up. If the OS wants to use the LDAP server for the naming service, then a deadlock happens, where the LDAP server's gethostbyname() call can't complete because the LDAP server isn't up.
It is possible to configure the Solaris naming resolution to avoid this problem. I've got a system set up this way myself. Regardless, the official support channels won't support a system set up this way, so if you do this you do it at your own risk.

Sample connecting to LDAP Server in Java

Hi,
I am trying to establishing SSL from Java Application(via Netscape Directory SDK 4.0 - Java version) to the Directory Server(ADS) in a secure manner - i.e. LDAP over SSL.
I am trying to run this code...
LDAPConnection ld = null;
LDAPModificationSet attrs = new LDAPModificationSet();
attrs.add(LDAPModification.REPLACE,new LDAPAttribute("unicodePwd", "testpassword"));
try
LDAPSSLSocketFactory ssl = new LDAPSSLSocketFactory();
ld = new LDAPConnection( ssl );
/* Connect to server */
ld.connect("10.10.10.7",636);
/* Authenticate to the server as directory manager */
ld.authenticate(adminDN,password);
/* Now modify the entry in the directory */
ld.modify( userDN, attrs );
catch(Exception e)
But I don't know where my program reads the Cert. info... I don't know
if I have to import my internal CA via keytool or I have missed some
special configuration ..
When I run this code, the following error appears:
netscape.ldap.LDAPException: Failed to create SSL socket (91); Cannot connect to the LDAP server
at netscape.ldap.LDAPSSLSocketFactory.makeSocket(LDAPSSLSocketFactory.java:309)
at edu.umassmed.chcf.security.ldap.LDAPHelper.setLDAPPassword(LDAPHelper.java:742)
at edu.umassmed.chcf.security.administration.userhandler.UserHandlerBean.changePassword(User HandlerBean.java:628)
at edu.umassmed.chcf.security.administration.userhandler.UserHandlerBean_37ncs1_ELOImpl.chan
gePassword(UserHandlerBean_37ncs1_ELOImpl.java:409)
at edu.umassmed.chcf.security.administration.userfacade.UserManagerBean.changePassword(UserM
anagerBean.java:174)
at edu.umassmed.chcf.security.administration.userfacade.UserManagerBean_3chmth_EOImpl.change
Password(UserManagerBean_3chmth_EOImpl.java:501)
at edu.umassmed.chcf.sbb.action.ChangePasswordAction.perform(ChangePasswordAction.java:114)
at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1787)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1586)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:24
95)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
LDAPHelper - authenticateUser() - expLDAP.toString() netscape.ldap.LDAPException: Failed to create S
SL socket (91); Cannot connect to the LDAP server
Is this possible? If so, what hints can you give me to get started (any sample code would be greatly appreciated).
Thanks in advance.
With Regards,
Gokul.

hey guys .. i was struggling with the same thing - finally found this solution -
use:
import netscape.ldap.*;
import netscape.ldap.factory.JSSESocketFactory;
JSSESocketFactory fact = new JSSESocketFactory(null);
//unless u wanna specify any specific ciphers in the constructor
log("Factory created");
LDAPConnection ld = new LDAPConnection(fact);
log("Connection initialised");
ld.connect(MY_HOST, MY_PORT);
log("Connected");
ld.authenticate(user, pwd);
log("Authenticated!");
Before running this, i used the "keytool" command line utility to import the SSL client certificate into my default trustStore .. as a trusted cert. Dont know if thats required.. but it worked :) Hope this helps.

Why do I get error "The LDAP server is unavailable" while connecting to external domain via sync connection in SharePoint UPSA ?

Hello,
I am trying to connect to external domain via UPS Account having "Replicate Directory changes" permission on external domain while creating sync connection in UPSA.
I have checked below URLS :
http://social.technet.microsoft.com/Forums/en-US/1912bf88-8fec-4b5d-9d1e-a42db8318e33/ldap-server-is-unavailable-sharepoint-2010-user-synchronization?forum=sharepointadminprevious
http://social.technet.microsoft.com/Forums/en-US/6525d3aa-9197-42a2-aea0-190b84ac8356/the-ldap-server-is-unavailable?forum=sharepointadminprevious
And looks like its network connectivity issue - and hence I have verified that port 389 is open by infra team.
Note : I am able to connect to local AD , does it make sense that port is not open for external domain ?
Can anyone please let me know what can be the issue ?
Your help will be highly appreciated as I am struggling to fix this issue since quite long time but no luck yet.
Thank you in advance.
Kind regards,
Dipti Chhatrapati

Hi Dipti,
If you have Two-Way trust relationship then not sure if you have tried below:
Create a folder on the SharePoint server
Go to Folder properties - Security tab
Try adding user of the external domain on the folder
Please let us know if you are able to add the user or not. If you are able to add then it means that the connection and trust is proper and you should be able to create sync connection in UPA without any issues or else there is some issue with the connectivity
or the trust which is configured.
Please also make sure that you have given permissions to sync account as per below TechNet:
http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
Replicate Directory changes permissions are also required on cn=configuration container, below are the steps:
Grant Replicate Directory Changes permission on the cn=configuration container
Use this procedure to grant Replicate Directory Changes permission on the cn=configuration container to an account.
To grant Replicate Directory Changes permission on the cn=configuration container
On the domain controller, click Start, click Run, type adsiedit.msc, and then click OK.
If the Configuration node is not already present, do the following:
In the navigation pane, click ADSI Edit.
On the Action menu, click Connect to.
In the Connection Point area of the Connection Settings dialog box, click Select
a well know Naming Context, select Configuration from the drop-down list, and then click OK.
Expand the Configuration node, right-click the CN=Configuration... node, and then click Properties.
In the Properties dialog box, click the Security tab.
In the Group or user names section, click Add.
Type the name of the synchronization account, and then click OK.
In the Group or user names section, select the synchronization account.
In the Permissions section, select the Allow check box next to the Replicating
Directory Changes (Replicate Directory Changes on Windows Server 2003) permission, and then click OK.
Kind regards,
Bhavik K Jain
Please ensure that you mark a question as Answered once you receive a satisfactory response.

OSX 10.9 Maverick add a LDAP server via script

Similar Messages

Maybe you are looking for