Portal and Netscape LDAP server integration

Similar Messages

• Steps for portal and Microsoft LDAP server integration

  Hi,
  Could any one guide me steps for portal and Microsoft LDAP server integration. Need it urgently.
  Thanks in advance.
  Regards,
  Niraj

  Please don't cross post in multiple forums..

• How can a Visual Basic Application be used to read a Netscape LDAP server?

  I would Like to know if Visual Basic (ON AN NT WORKSTATION) can be used to access a Netscape LDAP Server (ON UNIX). And If so, will any API calls be necessary? Is there any documentation on using Visual Basic with LDAP?

  Hi Ryan,
  yes you can use VB with the nsldap32v30.dll or nsldap32v30.dll. You can get this from the iplanet page . The dll is inside the LDAP C SDK. Then, there's a 3 or 4 year old vb sdk with the declarations of the LDAP functions; but this seems not to be available in the web.
  Please send me a mail, I'll send you the doc and a sample vb prog.
  remove the nospam.
  [email protected]

• An unexpected exception has been detected + Netscape ldap server V6

  Hi,
  An unexpected exception has been detected during running an application on Netscape ldap server V6. Actually some extended operation is done on ldap server but after some request server crashes and error reported is :
  (psdk) xdspa1 JPSDKAgent.cc 143 ERROR Child error: Received unknown command: 'nexpected Signal : 11 occurred at PC=0xC1F19F40
  Function=_shlInit
  Library=/opt/java1.4/jre/lib/PA_RISC/server/libjvm.sl
  Current Java thread:
  "main" prio=7 tid=4000eca8 nid=1 lwp_id=7064320 runnable [0x77ff2000..0x77ff1ec0]
       at com.tertio.tome.Tome.MwLogErr_Write0(Native Method)
       at com.tertio.tome.Tome.error(Tome.java:171)
       at com.tertio.provident.sdk.SdkBase.error(SdkBase.java:214)
       - locked <71802780> (a java.lang.Object)
       at com.h3g.provisioningagent.xds.agent.XDSProvisioningAgent.error(XDSProvisioningAgent.java:444)
       at com.tertio.provident.sdk.ProvisioningAgentLink.handleEptReceived(ProvisioningAgentLink.java:166)
       at com.tertio.provident.sdk.ProvisioningAgentLink.handleMessage(ProvisioningAgentLink.java:100)
       at com.tertio.provident.sdk.SdkBase.mainLoop(SdkBase.java:180)
       at com.tertio.provident.sdk.SdkBase.main(SdkBase.java:47)
  Dynamic libraries:
  /opt/java1.4/bin/PA_RISC/java
       text:0x00001000-0x00011b8c data:0x40001000-0x40002ee0
  /opt/java1.4/jre/lib/PA_RISC/server/libjvm.sl
       text:0xc1800000-0xc22d8000 data:0x77e12000-0x77fcd000
  /usr/lib/libpthread.1
       text:0xc0030000-0xc0047000 data:0x77dea000-0x77ded000
  /usr/lib/libm.2
       text:0xc0090000-0xc00b6000 data:0x77ded000-0x77df3000
  /usr/lib/librt.2
       text:0xc00b8000-0xc00bc000 data:0x77df3000-0x77df4000
  /usr/lib/libcl.2
       text:0xc03c0000-0xc04a8000 data:0x77df7000-0x77e05000
  /usr/lib/libisamstub.1
       text:0xc002f000-0xc0030000 data:0x77df4000-0x77df5000
  /usr/lib/libCsup.2
       text:0xc0310000-0xc032c000 data:0x77e05000-0x77e08000
  /usr/lib/libc.2
       text:0xc0100000-0xc024e000 data:0x77fd2000-0x77fe5000
  /usr/lib/libdld.2
       text:0xc0006000-0xc0009000 data:0x77fcd000-0x77fce000
  /opt/graphics/OpenGL/lib/libogltls.sl
       text:0xc0004000-0xc0006000 data:0x77fe9000-0x77fea000
  /opt/java1.4/jre/lib/PA_RISC/native_threads/libhpi.sl
       text:0xc0500000-0xc0513000 data:0x77de7000-0x77de8000
  /opt/java1.4/jre/lib/PA_RISC/libverify.sl
       text:0xc0520000-0xc0530000 data:0x77d65000-0x77d66000
  /opt/java1.4/jre/lib/PA_RISC/libjava.sl
       text:0xc0530000-0xc055b000 data:0x77d63000-0x77d65000
  /opt/java1.4/jre/lib/PA_RISC/libzip.sl
       text:0xc0560000-0xc0574000 data:0x77d5f000-0x77d61000
  /home/sandeepk/h3guk/live/prov/lib/libjtome.sl
       text:0xc06a5000-0xc06a8000 data:0x77c66000-0x77c67000
  /home/sandeepk/h3guk/live/prov/lib/libtome.sl
       text:0xc0890000-0xc08c0000 data:0x77c4f000-0x77c65000
  /home/sandeepk/h3guk/live/prov/lib/libtome_ev.sl
       text:0xc066e000-0xc0670000 data:0x77c65000-0x77c66000
  /opt/java1.4/jre/lib/PA_RISC/libnet.sl
       text:0xc08c0000-0xc08d1000 data:0x77c4e000-0x77c4f000
  /usr/lib/libnm.sl
       text:0xc28f4000-0xc28fb000 data:0x77c4d000-0x77c4e000
  /usr/lib/libnss_dns.1
       text:0xc00bc000-0x'
  Please help in this regard ASAP. Awaiting your suggestions/ further information.
  Regards,
  Sandeep

  I'm not sure we can do anything to help you. It looks like some problem wit Oracle?
  We're dedicated to Messaging Server in this forum. I doubt anybody knows much about Java or Oracle, here. You might try the right forum.

• Differences between SunONE, iPlanet and Netscape Directory Server

  What are the differences between SunONE, iPlanet and Netscape Directory Server?
  When I go to docs.sun.com - Products Categories, I saw that they've documentation regarding with SunONE, iPlanet, Netscape Directory Server listed under Directory Server.
  I know that they're all different directory server, but is it one newer than other? If I'm not wrong, I assumed that Netscape transformed into iPlanet, and then from iPlanet, it transformed to SunONE. If that is the case, is that mean that all of it's console and how it works should be very similar?
  Thanks!

  That is exactly what I thought.
  so when people refer SunONE Directory Server 5.1, then that's mean iPlanet Directory Server 5.1, right?
  Because I'm looking at Solaris 9's specification and it mentioned that it bundled with SunONE Directory Server 5.1.
  Thanks for answering my question! :)

• Portal 7 and embedded LDAP server

  I searched for this on support but nothing much came up on Portal 7, so here
  goes:
  We're thinking of moving to LDAP for user authentication. LDAP 2 is
  supported by the current Portal. What LDAP version is supported by the
  embedded LDAP server that comes with WLS? Can I convert sooner or later?
  Do I have to wait on something?
  Should I put off putting my users into LDAP 2 (OpenLDAP) or wait and use the
  embedded LDAP?
  Thanks,
  Steve

  Ture,
  Can use LDAP for UUP without using it for authentication/authorization? If so,
  how, or at least can you kindly point to a document that descrips how?
  Thanks
  Ture Hoefner <[email protected]> wrote:
  Hello Steve,
  I think you may be confusing the LDAP v2 specification with the WLS
  6.x, 7.x
  V2 LdapRealm. The "V2" in "V2 LdapRealm" does not have anything to do
  with the
  LDAP v2 spec. It is just version 2 of the LdapRealm (
  http://e-docs.bea.com/wls/docs70/secmanage/security6.html#1071872 )
  Portal
  doesn't really care which LDAP server you are using (and it works with
  both the
  original LdapRealm and the V2 LdapRealm).
  When using Portal with LDAP, there are three things you can use it
  for:
  1) authentication/authorization, using WLS security framework, and/or
  2) read-only Unified User Profile (UUP) via LdapPropertyManager in
  ldapprofile.jar to get user properties from LDAP, and/or
  3) read/write UUP via your own custom EntityPropertyManager to get/set
  user
  properties from LDAP.
  If you are using LDAP for authentication/authorization, then just follow
  instructions from WLS for configuring it. Your Portal app is a J2EE
  app that
  will use this service from your WLS app server.
  If you are using LDAP for a UUP then it doesn't really matter which LDAP
  server
  you use, as long as it really follows the LDAP spec. Portal just uses
  JNDI to
  search for attributes in the LDAP server and provides them to you as
  user
  properties.
  Steve Lewis wrote:
  I searched for this on support but nothing much came up on Portal 7,so here
  goes:
  We're thinking of moving to LDAP for user authentication. LDAP 2 is
  supported by the current Portal. What LDAP version is supported bythe
  embedded LDAP server that comes with WLS? Can I convert sooner orlater?
  Do I have to wait on something?
  Should I put off putting my users into LDAP 2 (OpenLDAP) or wait anduse the
  embedded LDAP?
  Thanks,
  Steve--
  Ture Hoefner
  BEA Systems, Inc.
  4001 Discovery Drive
  Suite 340
  Boulder, CO 80303
  www.bea.com

• SAP HR to LDAP Server Integration

  Dear Experts,
  We are trying to integrate HR data from SAP ECC to an LDAP server using the built in LDAP connector settings in ECC.
  It is working well with the exception that the KEY field from HR is being populated into one of the spare fields on Activie Directory. Is there anyway to prevent this. It is required in the LDAP Mapping synchronization but is not required in LDAP server.
  We have tried the various combinations of import and export parameters but nothing works.
  Many thanks in advance.
  Mark

  Hello Mark,
  Check this link
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/06187a32-0a01-0010-709b-e664a61eab08?QuickLink=index&overridelayout=true
  Also have a look at OSS notes
  - 718383 - NetWeaver: Supported UME Data Sources and Change.
  - 352295 - Microsoft Windows Single Sign-On options
  regards,

• Storing Portal Roles in LDAP server

  Hi,
    I want to use an LDAP server for user authentication to my portal. The documents I got from help.sap.com says about keeping an LDAP server for storing normal user attributes and the portal db for storing roles. Is there any way to store thr portal roles also in the LDAP server and retreive them for authentication. Please help
  Thanks,
  Ranjith

  Hi Ranjith,
     There is no way to store the roles in the LDAP. They are kept in the portal DB. Also, portal roles aren't used for authentication like roles are in R/3. They are used mainly for determining what a user can see in the portal. 
  The authentication in the portal is based on the user id and password.  when you log on to the portal.  You will be assigned a role(s) for what you can see in the portal.  The actual authentication to application come from the back end systems.  For example, even if you have a portal role that lets you have access to a transaction in R/3, if you don't have the back end authorization you won't be able to get at the data.
  I hope this helps
  John

• Server side redirect with 4.5.1 and Netscape Enterprise Server

            Is it possible to have a servlet running under WL 4.5.1 to perform a server
            side redirect ala CGI?
            Here's my config:
            web server: Netscape Enterprise Server 3.6 on solaris, with weblogic
            plugin
            servlet runner: WL 4.5.1 on different host from ES.
            Here's what I want to happen:
            1) HTTP GET from browser to enterprise server
            2) forwarded by plugin to servlet
            3) servlet logs some activity to an application log file, and sends a
            server side redirect to enterprise server
            4) Enterprise server returns the file identified by the rediect directly
            to the client.
            This is possible with enterprise server and CGI, because the ES CGI code
            checks the return stream from the CGI program for "Location: <some url>". If
            it see's that, it tries to locally resolve that URL as the client had asked
            directly for that URL. I think this would only be possible with WL if the WL
            NSAPI plug in supported a server side redirect feature. Anyone know status
            of that? Or might ES support something like this depending on the order of
            the objects in obj.conf?
            Here's what I've tried in the servlet:
            res.setHeader("Location:", location);
            res.setContentType("magnus-internal/redirect");
            res.setStatus(302);
            This just sends an HTTP tempoary new location to the client for a client
            side redirect. Client side redirect is not desirable because it doubles the
            HTTP traffic.
            Another option would be to read the file I want to redirect to from inside
            the servlet and return it from the servlet, but that is not desirable
            because I want to have ES serve the file - thats it's job, it caches, less
            network traffic (between our servers), etc.
            Server side redirect is very useful feature and not that uncommon for web
            applications, so if WL does not support it now, I will probably put in a new
            feature request.
            Thanks for your help
            Mark Johnson.
            

  Why not just use the proxy servlet to redirect to your netscape server? That
            does it on the server side!
            -russell
            Mark Johnson wrote:
            > I belive that sendRedirect performs a client side rediret, not a server
            > side redirect.
            >
            > Guy Tal <[email protected]> wrote in message
            > news:[email protected]...
            > > public void doGet(HttpServletRequest req, HttpServletResponse res) ...
            > > ...
            > > res.sendRedirect("http://destination");
            > > ...
            > >
            > > Guy
            > >
            > > Mark Johnson <[email protected]> wrote:
            > >
            > > > Is it possible to have a servlet running under WL 4.5.1 to perform a
            > server
            > > > side redirect ala CGI?
            > >
            > > > Here's my config:
            > > > web server: Netscape Enterprise Server 3.6 on solaris, with weblogic
            > > > plugin
            > > > servlet runner: WL 4.5.1 on different host from ES.
            > >
            > > > Here's what I want to happen:
            > > > 1) HTTP GET from browser to enterprise server
            > > > 2) forwarded by plugin to servlet
            > > > 3) servlet logs some activity to an application log file, and sends
            > a
            > > > server side redirect to enterprise server
            > > > 4) Enterprise server returns the file identified by the rediect
            > directly
            > > > to the client.
            > >
            > > > This is possible with enterprise server and CGI, because the ES CGI code
            > > > checks the return stream from the CGI program for "Location: <some
            > url>". If
            > > > it see's that, it tries to locally resolve that URL as the client had
            > asked
            > > > directly for that URL. I think this would only be possible with WL if
            > the WL
            > > > NSAPI plug in supported a server side redirect feature. Anyone know
            > status
            > > > of that? Or might ES support something like this depending on the order
            > of
            > > > the objects in obj.conf?
            > >
            > > > Here's what I've tried in the servlet:
            > > > res.setHeader("Location:", location);
            > > > res.setContentType("magnus-internal/redirect");
            > > > res.setStatus(302);
            > >
            > > > This just sends an HTTP tempoary new location to the client for a client
            > > > side redirect. Client side redirect is not desirable because it doubles
            > the
            > > > HTTP traffic.
            > >
            > > > Another option would be to read the file I want to redirect to from
            > inside
            > > > the servlet and return it from the servlet, but that is not desirable
            > > > because I want to have ES serve the file - thats it's job, it caches,
            > less
            > > > network traffic (between our servers), etc.
            > >
            > > > Server side redirect is very useful feature and not that uncommon for
            > web
            > > > applications, so if WL does not support it now, I will probably put in a
            > new
            > > > feature request.
            > >
            > >
            > > > Thanks for your help
            > >
            > > > Mark Johnson.
            > >
            > >
            > >
            > >
            > >
            > >
            > >
            > >
            Russell Castagnaro
            Chief Mentor
            SyncTank Solutions
            http://www.synctank.com
            Earth is the cradle of mankind; one does not remain in the cradle forever
            -Tsiolkovsky
            

• Rc.local script to bind and add ldap server

  Greetings All,
  For the past few years, I've used the script below to bind and add authentication servers to my client machines. The process is simple enough, copy the rc.local script (ref'd below) to /etc/ as root and reboot the client. The problem now, is I don't know if this will work in 10.6. As I read this script, I realized there have been enough changes in location of files and file names between 10.5 and 10.6 that this script isn't going to work.
  My question to you guys is this: Is anyone else taking care of their binding/auth services in a similar manner? If so, would you mind sharing the script you're using?
  Thanks,
  -dave
  Here's mine:
  #!/bin/sh
  # WARNING -- REMEMBER TO UNCOMMENT THE SELF-DELETING LINE!
  #Site and/or District-specific Variables
  #Local Admin in Image
  LOCADMIN="tech" # Local admin user in your image
  LOCPASSWD="techpwd" # Local admin password in your image
  #Open Directory
  ODSITESERVER="odr1.mydomain.edu" # FQDN of the Open Directory Server
  ODADMIN="diradmin" # Directory Admin for Open Directory
  ODPASSWD="diradminpwd" #Password for OD Directory Admin
  ### DO NOT EDIT BELOW THIS LINE!
  OSMAJORVER=`sw_vers | grep ProductVersion | awk '{print $2}' | cut -c 1-4`
  ENETADDRESS=`ifconfig en0 | grep ether | awk '{print $2}'`
  #Give the network time to come online
  logger "Sleeping 30 seconds"
  sleep 30
  #Set Date and Time
  case $OSMAJORVER in
  10.3) date > /Library/Logs/binder.log 2>&1
  /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
  /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
  date >> /Library/Logs/binder.log 2>&1 ;;
  10.4) date > /Library/Logs/binder.log 2>&1
  /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
  /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
  date >> /Library/Logs/binder.log 2>&1 ;;
  10.5) date > /Library/Logs/binder.log 2>&1
  /usr/sbin/systemsetup -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
  /usr/sbin/systemsetup -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
  date >> /Library/Logs/binder.log 2>&1 ;;
  esac
  #Set Bonjour and Computer Names
  # logger "Setting Bonjour and Computer Names"
  # SERIALNUMBER=`ioreg -l |grep IOPlatformSerialNumber | awk '{print $4}' | cut -d \" -f 2`
  # SECONDOCTET=`ifconfig -a | grep inet | grep -v inet6 | awk '{print $2}' | grep ^10\. | head -n 1 | awk 'BEGIN {FS="."}; { printf "%03d", $2 }'`
  # COMPUTERID="A""$SECONDOCTET""$SERIALNUMBER"
  # logger "Computer name is $COMPUTERID"
  # scutil --set LocalHostName "$COMPUTERID"
  # scutil --set ComputerName "$COMPUTERID"
  # sleep 3
  #Set the Open Directory Server we are binding to based on the second octet of the IP address received from the DHCP lease
  # case $SECONDOCTET in
  # 002|005|047|110|112|115|119|121|123|128|133|153|241|247|250|251|253) ODSITESERVER="a941wgm.austinisd.org" ; RING="A1N";;
  # 009|045|046|052|053|107|109|117|131|132|138|144|151|154|155|179) ODSITESERVER="a117wgm.austinisd.org" ; RING="B1N";;
  # 004|006|010|048|055|056|102|106|118|129|141|149|152|157|159|161|163|164|165|178 |189|244|249) ODSITESERVER="a006wgm.austinisd.org" ; RING="C1N";;
  # 003|012|015|044|051|105|108|111|116|122|124|125|126|127|139|142|145|150|245) ODSITESERVER="a044wgm.austinisd.org" ; RING="D1N";;
  # 007|043|049|058|103|104|114|140|146|160|162|168|171|174|175|176|185|190|246|101 ) ODSITESERVER="a007wgm.austinisd.org" ; RING="B1S";;
  # 101) ODSITESERVER="a007wgm.austinisd.org" ; RING="B2S";;
  # 008|013|017|054|059|061|120|130|136|147|156|166|172|173|182|184) ODSITESERVER="a008wgm.austinisd.org" ; RING="C1S";;
  # 057|060|113|143|148|158|170|180|181|183|248) ODSITESERVER="a008wgm.austinisd.org" ; RING="C2S";;
  # *) ODSITESERVER="a000wgm.austinisd.org" ; RING="A0N";;
  # esac
  #Remove Existing Directory Services Config
  logger "Removing existing DS Config"
  rm -R /Library/Preferences/DirectoryService/ActiveDirectory*
  rm -R /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig*
  rm -R /Library/Preferences/DirectoryService/SearchNode*
  rm -R /Library/Preferences/DirectoryService/ContactsNode*
  rm -R /Library/Preferences/edu.mit.*
  rm -R /etc/krb5.keytab
  #Enable and disable appropriate plugins
  case $OSMAJORVER in
  10.3) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
  plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
  10.4) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
  plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
  10.5) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1 ;;
  esac
  #Copy in updated ldap.conf file for Leopard machines, which disables the verification of SSL certs used for LDAP Authentication
  case $OSMAJORVER in
  10.5) cp /etc/ldap.conf-leopard /etc/openldap/ldap.conf ;;
  esac
  #Kill Directory Services and respawn to return to DS Defaults
  logger "Respawning DS"
  killall -9 DirectoryService
  #Running "id" triggers a DS Respawn
  id "$LOCADMIN" >> /Library/Logs/binder.log 2>&1
  sleep 3
  #Fix SearchNode plist
  case $OSMAJORVER in
  10.3) logger "Disabling LDAP via DHCP"
  defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
  plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
  killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
  sleep 3 ;;
  10.4) logger "Disabling LDAP via DHCP"
  defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
  plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
  killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
  sleep 3 ;;
  esac
  #Configure LDAPv3 Plugin -- fix with site-specific data
  logger "Configuring LDAPv3 Plugin"
  case $OSMAJORVER in
  10.4) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
  10.5) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
  esac
  sleep 3
  #Make sure we init DS and confirm connectivity to each LDAP directory
  logger "Checking OD Node Connectivity"
  date >> /Library/Logs/binder.log
  echo "Checking OD Node Connectivity" >> /Library/Logs/binder.log
  dscl localhost -list /LDAPv3/$ODSITESERVER/Groups >> /Library/Logs/binder.log 2>&1
  #Configure Search Path
  logger "Configuring Search Nodes"
  date >> /Library/Logs/binder.log
  echo "Configuring Search Nodes" >> /Library/Logs/binder.log
  dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
  case $OSMAJORVER in
  10.3) defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
  defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/LDAPv3/$ODSITESERVER"
  killall -9 DirectoryService ;;
  10.4) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
  dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
  10.5) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
  dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
  esac
  date >> /Library/Logs/binder.log
  echo "Confirming Search Nodes" >> /Library/Logs/binder.log
  dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
  #Remove any stale computer records from Open Directory
  logger "Removing stale computer records from OD"
  dscl /LDAPv3/"$ODSITESERVER" -search Computers ENetAddress "$ENETADDRESS" | awk 'BEGIN {FS="\t\t"}; { print $1 }' | while read COMPNAME
  do
  dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -delete Computers/"$COMPNAME" >> /Library/Logs/binder.log 2>&1
  done
  #Add computer record to Open Directory
  logger "Adding new Computer Record to OD"
  dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/`scutil --get LocalHostName` ENetAddress "$ENETADDRESS" >> /Library/Logs/binder.log 2>&1
  #Add to designated computer list - this is ONLY for 10.4 server. This will need to be replaced for 10.5 server.
  COMPUTERGROUP="Unprovisioned" # Computer List
  logger "Adding to Computer List: $COMPUTERLIST"
  dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/"$COMPUTERID" ENetAddress "$ENETADDRESS"
  dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -append ComputerLists/"$COMPUTERGROUP" Computers "$COMPUTERID"
  #Refresh the MCX Cache
  logger "Refeshing the MCX Cache"
  case $OSMAJORVER in
  10.3) /System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher -f >> /Library/Logs/binder.log 2>&1
  /System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
  10.4) /System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher -f >> /Library/Logs/binder.log 2>&1
  /System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
  esac
  #Disable automatic login on the client
  defaults write /Library/Preferences/.GlobalPreferences com.apple.userspref.DisableAutoLogin -bool TRUE
  #Enable login hooks on the client
  case $OSMAJORVER in
  10.4|10.5) defaults write /var/root/Library/Preferences/com.apple.loginwindow EnableMCXLoginScripts -bool true
  defaults write /var/root/Library/Preferences/com.apple.loginwindow MCXScriptTrust Anonymous ;;
  esac
  #Enable Directory Services Status by default on loginwindow
  # case $OSMAJORVER in
  # 10.4|10.5) defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus ;;
  #esac
  #Modify the binder log so that only admin viewers may access the file
  chmod u=rw,go= /Library/Logs/binder.log
  sleep 5
  #killall loginwindow
  sleep 5
  #Comment the lines below, until shutdown if you do not want the script to replace itself with a 30 second delay on startup to ensure the client receives a DHCP lease before loginwindow appears
  case $OSMAJORVER in
  10.3|10.4) echo sleep 30 > /etc/rc.local ;;
  *) srm /etc/rc.local ;;
  esac
  shutdown -r now
  #Exit
  exit 0

  The first thing I would verify is if you can connect and traverse your Active Directory/Domain Controller using Softerra's free ldap browser.
  1. Softerra ldap browser link
  http://download.softerra.com/files/ldapbrowser26.msi
  Put in the IP/hostname of the domain controller, use the same BASE DN, and user credentials that you used on the IronPort appliance.
  I would highly recommend that you create a separate account for the IronPort. (i.e. ironportldap). Do this so that you don't have to worry about accidentially resetting the password and then forgetting to update the IronPort appliance.
  2. Once you've verified that you can connect and see your tree, use the same settings from Softerra ldap browser and put them in the IronPort ldap interface.
  Try this for your Accept query string
  (|(mail={a})(proxyAddresses=smtp:{a}))
  3. If it still fails, enable the ldap debug log if you haven't already and paste in the error.
  We are trying to add an LDAP Server Profile but everytime we try to test the Accept Query we get an
  "Error - Error: configuration error" message.
  We are using AD, top of the tree for base DN. dc=domain, dc=local.
  We tried communicating with 2 different servers via telnet on ports 389, 3268, both are open.
  Tried port 389 and 3268, no SSL, Anynomous and User Password authentication methods.
  The error left us clueless since we followed the instructions on the user manual.
  For the accept query we tried this query string: (proxyAddresses=smtp:{a})
  Any ideas or pointers to what could be causing this are very appriciated.
  Thanks.
  Ed.

• Mail.app and Netscape Messaging Server v3.6

  We are trying to track down performance issues with Mail.app in both Tiger and Panther. Issues include how long it takes to download large attachments (PDFs upwards of 10MB), how long it takes to synchronize and cache, and other things that appear in Mail's activity window and never go away. Downloading large attachments puts a large CPU load on our mail server. We are looking at all variables -- switches, network configs, local client settings, etc. We are on a switched network with a mix of Gig and 100BT to the desktops. But my question here is: What might be the advantage of upgrading to a newer mail server? Our Netscape 3.6 software is very old, but the Sun hardware it lives on had a CPU upgrade last year. Even though the IMAP protocol itself has been pretty stable for years, would we find newer platforms more efficient with modern needs such as large attachments and inboxes that receive dozens of messages a day?

  Wow, this is dusting off the cobwebs. NS 3.X has a different format for mail message, the IMAP data is contained in the first 400 bytes (or so) of the message file. So sending them through the deliver program is not an option, unless you strip the bytes off.
  When you ran upgrade on an individual user, did you first remove the 4.15 mailbox with mboxutil -d?

• CRM 5.0 and microsoft exchange server integration

  Hi,
  I'm facing problem in setting up email integration in SAP CRM.
  What I woul like to achieve is that an email sent to the call center should be see the email in this way:
  from: customer email
  to: [email protected]
  The exchange server responsible says that it is not possible to do this but exchange has to change the "to" domain before sending the email and so the call center agent should see in the inbox an email like this:
  from: customer email
  to: [email protected]
  Is it right? Any hint?
  Can you help me?
  Thanks in advance.
  Roberto

  Hello Roberto,
  E-Mail rerouting is possible with an Exchange server. We use an adress [email protected] provided from the Exchangeserver. The mail is then forwarded to [email protected] to be retrieved by our CRM System for further processing. Please ask your Exchange admin again. I think he has to get wome more information about configuration possibilities.
  Regards
  Gregor

• Prime and ACS View Server Integration

  Can anyone point me in the right direction for a good doc on implenting Prime (1.3) with an ACS View Server (5.1)?

  Hello,
  I went throuh your query and found certain steps which may help you out in solving your query.
  Configuring ACS View Servers
  To facilitate communication  between Prime Infrastructure and the ACS View Server and to access the  ACS View Server tab, you must add a view server with credentials.
  Note Prime Infrastructure only supports  ACS View Server 5.1 or later.
  To configure the ACS View  Server Credentials, follow these steps:
  Step 1 Choose Design > External  Management > ACS View Servers.
  Step 2 Enter the port number of the ACS  View Server you are adding. (Some ACS View Servers do not allow you to  change the port on which HTTPS runs.)
  Step 3 Enter the password that was  established on the ACS View Server. Confirm the password.
  Step 4 Specify the time in seconds after  which the authentication request times out and a retransmission is  attempted by the controller.
  Step 5 Specify the number of retries to be  attempted.
  Step 6 Click Save.
  Configuring TFTP or FTP Servers
  Step 1 Choose Design > External  Management > TFTP/FTP Servers.
  Step 2 From the Select a command drop-down  list, choose Add TFTP/FTP Server.
  Step 3 From the Server Type drop-down list,  choose TFTP, FTP, or Both.
  Step 4 Enter a TFTP/FTP server name. This  is a user-defined name for the server.
  Step 5 Enter the IP address of the TFTP/FTP  server.
  Step 6 Click Save.
  Next Steps
  Now that you have completed  the basic setup steps, you might want to do the following tasks:
  Table 2-3  Next Steps after   Completing Setup Tasks
  Task
  GUI   Path
  Documentation   Reference
  Set up  additional users
  Administration  > Users, Roles   & AAA, then click Users
  Controlling    User Access
  Add additional  virtual domains
  Administration   > Virtual Domains
  Setting    Up Virtual Domains
  Refine your  sites
  Design >  Site Map Design
  Designing    Sites
  Create  additional port groups and   change existing port groups
  Design >  Port Grouping
  Changing    Port Groups
  Start monitoring  and responding to   alarms
  Operate >  Alarms & Events
  Monitoring    Alarms

• CRM and Microsoft Project Server Integration

  Hello,
  Can anyone explain what solutions are available that can help in integrating SAP CRM with Microsoft Project Server? Is there any documentation available on this? Thanks.

  Hello Roberto,
  E-Mail rerouting is possible with an Exchange server. We use an adress [email protected] provided from the Exchangeserver. The mail is then forwarded to [email protected] to be retrieved by our CRM System for further processing. Please ask your Exchange admin again. I think he has to get wome more information about configuration possibilities.
  Regards
  Gregor

• Implementation of CISCO IVR – with 2nd Level of SMS Authentication and Backend SQL Server Integration

  Hi All,
  All i need is to write a script in UCCX premium with below requirement.
  We do offer services to our customers through the IVR, the aim is to ask the Customer to register with our company, and then will be allowed to use the services from us. We want to ask the customer for second level of authentication when he is on our IVR in terms that we will send him the activation code on his registered mobile number and verification of Voice Signature by Voice Biometric System. Then he will be prompted for the services. In addition, once he has logged in then he can order new services for which we will record him request in the Database and then send him an SMS Notifications.
  Is this possible in the scripting?

  Hi,
  First customer calls in to the trigger, their will be a menu to select the language (English,Arabic,French,bla). After the language selection,
  customer will be prompted to login using their credentials (press 1),
  and if you are new user register your detail (Press 2).
  If customer press 1 , then there will a menu mentioning some company services, and customer can order those services by using his account. After successful order, sms gateway sends a notification to customer's mobile number.
  If the customer press 2 , then the registration process starts , after successful registration in the database we query the details and then send the activation code to customer's mobile number. Using the activation code he should be able to activate his account and select the services.
  Finally, this IVR should play only in the office hours. Non-working hours there will be different prompt.
  Hope you are clear about this call flow. If you have any queries please let me know.
  Thanks in advance
  Regards
  Kajen