PasswordPolicyControl support in Directory Server 5.2

Hi,
Does the SunOne Directory Server 5.2 support Password Policy Control (OID 1.3.6.1.4.1.42.2.27.8.5.1)?
Thanks,
~AA
Message was edited by:
ambhaikar123

No, this control will be supported in Directory Server 6.0.
Regards,
Ludovic

Similar Messages

Alias support in directory server 5

Hi,
Is alias dereferencing supported in Directory Server 5? (It is
mentioned in this article that 4.1 did not support it:
http://java.sun.com/products/jndi/tutorial/ldap/misc/aliases.html).
I am trying to do a search using an alias and it does not seem to be
working. I keep getting the alias entry rather than the referred
entry. I tried setting the DEREF option to DEREF_ALWAYS but this does
not seem to help (code fragment below). Do I need to do something to
enable alias dereferencing on the server? Could it be the version of
LDAP SDK for Java that I am using?
LDAPConnection conn = new LDAPConnection();
conn.connect( "XX.XX.XX.XX", 389 );
conn.setOption( LDAPv2.DEREF, new Integer( LDAPv2.DEREF_ALWAYS )
LDAPSearchResults results;
String filter = "(cn=adminalias)";
try {
results = conn.search( "o=aliases,c=com",
LDAPConnection.SCOPE_ONE, filter, null, false );
while( results.hasMoreElements() )
System.out.println( results.next() );
Thanks,
Len Takeuchi
SalesCentrix.com

Len Takeuchi wrote:
Hi,
Is alias dereferencing supported in Directory Server 5?No.
(It is
mentioned in this article that 4.1 did not support it:
http://java.sun.com/products/jndi/tutorial/ldap/misc/aliases.html).
I am trying to do a search using an alias and it does not seem to be
working. I keep getting the alias entry rather than the referred
entry. I tried setting the DEREF option to DEREF_ALWAYS but this does
not seem to help (code fragment below). Do I need to do something to
enable alias dereferencing on the server? Could it be the version of
LDAP SDK for Java that I am using?
LDAPConnection conn = new LDAPConnection();
conn.connect( "XX.XX.XX.XX", 389 );
conn.setOption( LDAPv2.DEREF, new Integer( LDAPv2.DEREF_ALWAYS )
LDAPSearchResults results;
String filter = "(cn=adminalias)";
try {
results = conn.search( "o=aliases,c=com",
LDAPConnection.SCOPE_ONE, filter, null, false );
while( results.hasMoreElements() )
System.out.println( results.next() );
Thanks,
Len Takeuchi
SalesCentrix.com

JNDI Support in Directory Server 5.1 and 5.2

Does anyone know where I can find documentation on whether Directory Server supports - JNDI -(java naming directory interface), and whether this is an industry standard that is outlined in an RFC somewhere?
Thanks

JNDI support is documented in Chapter 35 of the DSRK guide at http://docs.sun.com/source/816-6400-10/jndi.html
JNDI is a part of J2SE, a Java Community Process specification. See http://www.jcp.org
--Stephen

When will Directory Server support RFC 4511?

I would like to know when Sun plans to support the new LDAP v3 suite of RFCs, including RFC 4511?

Thanks Ludovic.
So if a client wants to support the password policies that are currently implemented on Directory Server 5.2, and also the policies that will be implemented in 6.0, then the client needs to support both the "vchu" and "behera" Internet Drafts, correct? Just to make sure I understand the "vchu" draft, the client is NOT required to send a password policy request control to the server in order to get password policy information returned, correct? ALL the policy information comes either in the error string associated with the LDAPResult OR in the 2 new controls defined in "vchu" (for expiring and already-expired passwords). Is all that correct?
Is that the extent of what the client would need to do for support of 5.2? Or are there other password policy issues the client would need to code for in addition to what's in "vchu"?
Also, does the "behera" draft define the extent of Directory Server 6.0 support for password policies, or will there be additional things the client will have to be aware of and code for?
Thanks,
gil
I'm also confused about the relationship between the shadowAccount object class attributes defined in RFC 2307 vs. the password policy supported by Directory Server 5.2 (and 6.0). Are these attributes needed in support of either the "old" or the "new" password policies? Are they obsoleted by either password policy? Do the shadowAccount and password policy attributes operate independently from each other? If so, what do the shadowAccount attributes do for you that the password policy attributes don't? I'm having a hard time sorting out whether I need both types of attributes or only one...
Thanks,
gil
Message was edited by: Gil Geiman
ggeiman

How do I extend the schema with a new auxiliary objectclass in Directory Server 4.11?

There seems to be no way to mark a new objectclass as AUXILIARY from the Netscape Console with Directory Server 4.11. Likewise, there is no mention of auxiliary objectclasses in the Administrator's Guide or Deployment Guide. When I simply mark the new objectclass with a superior of 'top', I get an Object class violation error when I try to add the objectclass and new attributes to an existing entry.
So my questions are:
1. Are auxiliary objectclasses supported in Directory Server 4.x?
2. If so, how do I add them with the Netscape Console or directory in the configuration files?
3. If not, is there a workaround that mimics the behavior of auxiliary objectclasses?
Thanks.

Even if 4.x supports marking objectclasses as Auxiliary (which I don't think it does. iDS 5.x does), the Directory Server ignores the flags when it comes to schema checking, ie you can mimic behavior of auxiliary objectclasses without tagging the objectclass as Auxialiry in the schema.
Regards,
Ludovic

End of support dates for Directory Server

does anyone know where I can find an end of support matrix for Directory Server ? We are still running 5.1sp4.....Thanks

Is this information publicly available? I am interested in this as well...
Thanks

Directory Server & RedHat AS support

Good day,
We are using Directory Server 5.2P4 on RHEL 3.
We want to install another copy (which replicates with/to the others) on our Messaging 6.3 server, this server however runs on RHEL 4.
Is this possible and/or supported ?
(and if not which versions are supported on RHEL 4 and/or 5)
I've tried to find this information on the Sun website but have found it difficult to find for RedHat.
Much obliged and kind regards,
Jeffrey

Is 5.2P4 on RHEL 3 is supported? I guess it is :) I think your question is this.. you run 5.2P4 on RHEL 3 and you want to run 5.2P4 on RHEL 4 which is also supported, and replicate between them. Thats fine shouldnt be a problem. I had 5.2P4 on windows 2000 replicating to DS 6.3 on RHEL 4. Sorry I know a few of you just threw up a little in your mouth :)

Sun Directory Server role support?

I would like to set up roles in the sun directory and use the identity manager in the future. Does identity manager support the role mechanism used by Sun directory server 5.2 and above? Are there any inconsistencies that I should be aware of?
Also, AFIAK Active Directory does not support multi-valued DN's as attribute values. If I use identity manager to sync Sun DS with AD will user entries with multiple Sun DS roles become a problem?

We are in intial stages of design. Yes that was the goal to take the roles from Sun DS and use them in AD by way of identity manager. I am new to identity manager, so there may be a mapping instead of a direct push.
The Sun DS roles are operational attributes and I am not sure how identity manager sees them or supports them. I guess if it can see tham then it can map them to anything.

Sun Directory Server 5.2 installation problem on AIX 5.2

Hi,
Am newbie to sun ds5.2 and I got stuck during installation for last 2 days. Could you pls guide to resolve this issue. Please error msg below
Checking disk space...
The following items for the product Directory Server will be installed:
Product: Directory Server
Location: /Sun/mps
Space Required: 141.70 MB
Sun ONE Directory Suite
Sun ONE Directory Server
Sun ONE Directory Console Support
Sun ONE Administration Services
Sun ONE Administration Server
Sun ONE Administration Console
Sun ONE Server Console
Sun ONE Server Console Core
Java Runtime Environment
Sun ONE Server Basic Libraries
Ready to Install
1. Install Now
2. Start Over
3. Exit Installation
What would you like to do [1] {"<" goes back, "!" exits}? 1
Installing Directory Server
|-1%--------------25%-----------------50%-----------------75%--------------100%|
[slapd-bmpdev4]: starting up server ...
error:server:The server could not be started due to invalid command syntax or
operating system resource limits.
system_errno:2
Configuration of the Directory Server failed.
Warning creating dbswitch.conf
Warning creating ssusers.conf
Error Directory Server configuration failure
Checking connection to the Configuration Directory Server... failed.
The Admininistration Server cannot be configured.
Error Administration Server configuration failure
Error Configuration of the server(s) failed.
Installation Details:
Product Result More Information
1. Directory Server Partially Installed. Refer to "Details..." for more
information. Available
2. Done
Enter the number corresponding to the desired selection for more
information, or enter 2 to continue [2] {"!" exits}: 2
thanks
Bala

You are correct. Dir 5.2 is not certified for AIX 5.2. It does install though. Like a previous reponse stated. Check the permissions for the user you are installing with and the file system you are installing to. Make certain you have enough disk space. My install took 150 MB of disk space. Finally, Dir 5.2 creates the file "/var/adm/sw/productregistry" during install. If you do not have permissions to /var/adm/sw, you may have troubles.
Tim
Computer Systems Engineer
Komatsu Canada Limited

H/w requirements for DIrectory server for 200,000 users

Hi,
I would like to implement Directory services for 200,000 users. How can I know whether iPlanet Directory 5.1 will support this many users or not? If supports, Which h/w I have to use?
If any one can let me know the formula to calculate users and h/w
Thanks

The directory server can handle many more users than 200K. The hardware requirements calculations are amply explained in the book "Solaris and LDAP Naming Services" by Bialaski. If you have iPlanet support contract they can provide you tuning information which includes this info.
You should remember the possibility of growth and load in terms of number of clients and peak requests per second. With your needs, my gut feeling is that even a Netra can host it. However, if it's an enterprise service you may want to go with at least 220 machines in a replicated configuration for load balancing and availability.
DISCLAIMER: Use these opinions at your own risk. You must do your own analysis and calculations to design a suitable physical/logical architecture.

Configuring a Directory Server for Digital IDs and Certificates

My company is moving toward using electronic signatures for internal documents. All of the users are on XP machines and have Acrobat Professional 8.0 installed. So far, I've been manually adding trusted IDs for each person who will be receiving signed documents that need to be validated. I'd like to make this a little easier by storing everyone's certificates on a server (Windows 2003) so that people can just go out there and add them all as one .fdf file. What I'm wondering is, what is the difference between doing it this way versus going through Acrobat and configuring a directory server? Will it work either way?
Thanks!
Anita

Hi,
Sorry for the late reply, regarding the error message: The DHCP services could not Contact Active Directory,
please check the below KB article to see if it could help here:
You are unable to authorize DHCP Server in Active Directory
http://support.microsoft.com/kb/303317/en-us
Reference for error ID 1059, and
error ID 10020.
For The specified server are already present in the directory services,
please take a look into the below Blog:
Active Directory DHCP authorisation issues
The method mentioned in the blog above is trying to move the old information that stored in AD, and then take an action of re-authorisation of the DHCP server.
Hope this may help
Best regards
Michael
If you have any feedback on our support, please click
here.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Which directory server for naming?

We are currently using OID for our Oracle naming resolution. We are not running Identity Management, Portal, or any of the myriad of other middleware products that rely on directory server.
I need to migrate the OID to new hosts. I've been flailing about with ODSEE, not realizing that Oracle has 3 different directory servers -- OID, OUD, and ODSEE. Which one of these would be the best to use for this purpose? Also, which one would leave me in the best position if we do adopt one of these other products?

OUD is the best option as it supports TNS Names and EUS like OID does. I don't think ODSEE is an option here.
Have a look at Frankie goes to Hollywood: Oracle Unified Directory 11.1.2.1.0: TNS and EUS - Part 1: TNS Resolving
Sylvain

Using Linux/Red Hat/Intel for Sun ONE/Java Directory Server

Anybody have any experience of this? We're looking to get off AIX, and Total Cost of Ownership for using Solaris/Sparc versus Linux/Intel is very similar.
The decider will be if no-one is using Linux as a platform for Sun ONE/Java Directory Server....
Any feedback would be appreciated....

We run Directory 5.1 in production on Solaris/Sparc, but I've tried it with sucess on Red Hat 7.2 on Intel. We have not been able to get it to work on Red Hat Enterprise 2.1 or 3.0. The main problem has been that the administration server fails on startup. Obvious the lack of support for the latest enterprise class Linux is a huge drawback. At this point I've decided to stay on Solaris/Sparc until Red Hat comes out with its own release of Netscape's Directory. When that happens we're going to evaluate whether to move the whole environment to Red Hat. The Sun and Netscape servers are almost identical in terms of features and performance, but having an open source version that can run on less expensive hardware would be a terrific win for us.

Open directory server crashing every 30 days / clients unable to connect to calendar, contacts server

Hello everyone,
I am running an up to date Mavericks Server which serves exclusively as a calendar and contacts server for about two dozens devices. The server is reachable via DynDNS, however, the public IP hardly ever changes (only once or twice a year maybe). Tried setting the OS X DNS Server to serve "all clients" and "some clients".
For about 6 months (i.e. also under Mountain Lion), I am having a very strange problem. Roughly every 20-30 days, clients will not be able to connect to the server, instead getting a "wrong password" dialog. Restarting the open directory server will help for the next 30 days.
I have tried repairing the database as detailed here, however, the issue persists.
Any help would be highly appreciated!
I would have tried setting up a clean server installation, migrating calendars/contacts manually and re-adding all users by hand, however, I am not aware of an easy way to do so. The terminal command for calendar backup is broken under mavericks (might work with this workaround) and re-adding users manually would apparently involve correcting user UUIDs afterwards in order to match the migrated calendar data. Do you know of a better approach?
Thanks a lot!
DPSG-Scout

Hi Linc,
This looks the most relevant to me:
opendirectory.log
2014-03-11 11:13:09.460675 CET - 333.2628758.2628759 - Client: Python, UID: 93, EUID: 93, GID: 93, EGID: 93
2014-03-11 11:13:09.460675 CET - 333.2628758.2628759, Node: /Local/Default, Module: PlistFile - predicates with 'AND' are not supported
2014-03-11 12:09:00.296514 CET - State information (some requests have been active for extended period):
          Sessions: {
              28 -- opendirectoryd:
                          Session ID: 7BFBA6FE-A968-4399-A129-E3A5945E2A81
                          Refs: singleton
                          Type: Default
                          Target: localhost
          Nodes: {
              43 -- authd:
                          Node ID: 6D0E236D-6DBD-4E8C-BC01-B3F50C2C2D8E
                          Nodename: /LDAPv3/127.0.0.1
                          Session ID: <Default>
                          Refs: 1
                          Internal Use: X
an many more similar ones…
Thanks for your effort!

Access read-only LDAP for username/password, Directory Server LDAP for rest

Hello! I keep trying to find documentation on the above, but thus far I have been unable to find something that explains this well (and my attempts at figuring out thus far have failed).
I have a read-only LDAP that is used University wide, and I am not allowed to change how it currently operates. It uses double-bind authentication in that you search for a user to get their DN, then bind to that DN with the users password to see if it was correct.
I'd like to use the above setup to verify a user's credential as well as return some basic information about them (name, email, etc). After this, I'd like to use another freshly installed Directory Server LDAP to manage the roles that seem to be needed for Portal Server (as I cannot write to the original LDAP).
Any help or advice on the above would be appreciated! Thank you.

The authentication you described is the default way LDAP authentication works.
AM Ldap auth-module allows you to 'pull' attributes from the LDAP server you're using for authentication and store it in it's 'amSDK' Directory Server - which is leveraged by Portal Server (if you're talking about Sun's Portal Server).
However this is only done if the profile is created (set 'dynamic profile generation' in auth - service).
As Portal Server does not support the new 'identity repsoistory API' of AM you have to stick to AM's legacy mode when using Portal Server.
To keep the the data in sync (if needed) you have to write a post-auth class.
-Bernhard

PasswordPolicyControl support in Directory Server 5.2

Similar Messages

Maybe you are looking for