Problem with iPlanet Directory server v5.1

Similar Messages

• Replication problem with iPlanet directory server 5.1 SP2 HF1

  If I make a apply a change to either of consumer servers for an entry that belongs to the large database, that change does get applied to the consumer targated but it can not refer the change to teh master. Neither the master, nor the other consumers get updated consequently. I did not have this problem with directory server 5.1 SP1. I only see this problem after I apply directory server 5.1 SP2 HF1.
  From the error log file, I see the following message:
  NSMMReplicationPlugin - repl_set_mtn_referrals: could not set referrals for replica

  I have a suggestion - try another means for administering your directory - use the console only for maintenance and tuning purposes. There are several products out there that are much better for day to day operations ...
  Otherwise - I think with 5.1 the view is based on the rdn of the entries - and I am not sure it is customizable. Additionally I know 5.2 solved your second issue - maybe the latest SP of 5.1 has solved it as well - though I don't really know ...
  -Chris Larivee

• Installation Error with iPlanet Directory Server 5.1 SP1 and Windows 2000

  Hello,
  I'm having real trouble getting iPlanet Directory Server installed on a Windows 200 Server machine. Every time I install it, no matter what options I choose, I get this series of popup boxes at the end:
  - Setup is unable to store configuration data in the LDAP directory
  - Unable to create Administration Server configuration
  - Could not authenticate ldap connection, "Unknown error"
  - Unable to set ACI in Configuration Directory Server
  But searching on this forum, I have found a lot of post. I have tested the different solution proposed :
  * Add on the host file the short name and the long name of my machine with it's IP adress
  * When the installation process crash, uninstall the software, reboot the machine and then restart the installation
  With all this solution, the problem is always here.
  Could you help me ?
  Boris MANCHETTE

  Are you using Terminal Services. iPlanet DS will not install properly over Terminal Services. You have to install from the direct attached console.
  Ted

• Are there any known issues concerning using DIGEST-MD5 SASL authentication with iPlanet Directory Server 5.0 on Windows NT 4.0?

  I am developing support for the DIGEST-MD5 sasl mechnism on a c-ldap client. I am using the evaluation version of the iPlanet Directory Server 5.0 which lists DIGEST-MD5 as a supported SASL mechanism. The server is running on NT 4.0 After installing the Directory Server with the test database, a changed the passwordStorageScheme from the default of SSHA to clear text. I then added my test user. When I run my test I always get back a resultCode of 49 (invalidCredentials). The digest-challenge I receive from the server and my digest-response are shown below. I have satisfied myself that the calculation of the response directive in the digest response is correct. Does anyone see any problems in the digest response or have any other suggestions? Is there a known problem with the iPlanet Directory Server 5.0?
  digest-challenge:
  realm="BGB2.ndp.provo.novell.com",nonce="Ed8UPLXsWaC6CN",qop="auth",algorithm=md5-sess,charset=utf-8
  digest-response:
  username="uid=bgbrown,ou=people,dc=siroe,dc=com",realm="BGB2.ndp.provo.novell.com",cnonce="A9IuPJKr30RiwL",nc=00000001,qop=auth,digest-uri="ldap/BGB2.ndp.provo.novell.com",response=97061205298e5ebaf206c8ac3598fdce,charset=utf-8,nonce="Ed8UPLXsWaC6CN"

  Found the answer. When the username is an LDAP DN it needs to be proceeded by "dn:".
  example: username="dn:uid=bgbrown,ou=people,dc=siroe,dc=com"
  The server also accepts a simple uid value.
  example: username="bgbrown"

• Instalation problem with iplanet direcory server

  when am trying to install iplanet directory server at the end of instaltion am getting the following problems
  1)setup is unable to store data in the LDAP directory
  2) unable to create administartion server configuration
  3)could ot authenticate ldap connection
  4) unable to set aci in configuration directory server
  after installation of iplanet server with some errors it is asking for
  administration url.
  let me know how to find this administartion url.
  plz send me the solution asap.

  Check out the below.
  Problem 4680491. CSS causes oserr=130 in iWS 6.0 logs.
  Workaround
  If you are using the Cisco Content Services Switch (CSS) with Sun ONE Web Server and have set the value of the sticky bit setting in CSS to on, the following error is logged periodically in the error logs:
  failure ( 2210): Error accepting connection -5928, oserr=130 (Connect aborted)
  This is caused not by a defect in Sun ONE Web Server but by the setting of the sticky bit in CSS. To avoid the error logging, set the value of the sticky bit in CSS to off.
  Which as been fixed in iWS 6.0 SP5.
  For more info check the below link.
  http://docs.sun.com/source/816-6434-10/rn60sp5.html
  Dakshin.

• Problem with iPlanet Web Server 6

  We are getting an intermittent problem with our web server, the users start to get problems connecting to the web site.
  I have found the following message in the error log -
  failure ( 2390): Error accepting connection -5928, oserr=130 (Connect aborted)
  can anybody help???

  Check out the below.
  Problem 4680491. CSS causes oserr=130 in iWS 6.0 logs.
  Workaround
  If you are using the Cisco Content Services Switch (CSS) with Sun ONE Web Server and have set the value of the sticky bit setting in CSS to on, the following error is logged periodically in the error logs:
  failure ( 2210): Error accepting connection -5928, oserr=130 (Connect aborted)
  This is caused not by a defect in Sun ONE Web Server but by the setting of the sticky bit in CSS. To avoid the error logging, set the value of the sticky bit in CSS to off.
  Which as been fixed in iWS 6.0 SP5.
  For more info check the below link.
  http://docs.sun.com/source/816-6434-10/rn60sp5.html
  Dakshin.

• Installation/Config Problem with Sun Directory Server Control Center (6.0)

  Hi All,
  I have recently attempted an installation of Sun Directory Server EE 6.0 on a x86 Solaris 10 machine.
  I have selected to install Core Directory Server and Sun Directory Server Control Center with my installation.
  After installation, if I check the status of the SUNDSCC, I receive the following message:
  bash-3.00# ./dsccsetup status
  DSCC Application is not installed
  DSCC Agent is registered in Cacao
  DSCC Registry has been created
  Path of DSCC registry is /var/opt/SUNWdsee/dscc6/dcc/ads
  Port of DSCC registry is 3998
  I have also tried to re-start the Sun Java Web Console using the /usr/sbin/smcwebserver start command but that does not do anything.
  If i try to initialize the SUNDSCC usin the ./dsccsetup initialize command, the registry got created, but it still displays as "application not installed".
  I do not understand. I have already installed this application using the JES installer.
  please help!
  Regards,
  Saahil Goel

  I had a similar issue. Here is how I fixed it.
  Run dsccsetup status with the -v option. it will show you where it is trying to find the DSCC Application. Then do a find on your system to see where it is actually installed. Then simply copy it over to where dsccsetup is looking for it. Then do dsccsetup initialize. Below is what it looked like on my system when I did it:
  # ./dsccsetup status -v
  ## /usr/sbin/smreg is present
  ## /usr/sbin/smcwebserver is present
  ## /opt/server/sun/dscc6/dccapp is MISSING
  DSCC Application is not installed
  ## /opt/sun/cacao/bin/cacaoadm is present
  ## /opt/server/sun/dscc6/lib/jar/nquickmodule.jar is present
  ## Running /opt/sun/cacao/bin/cacaoadm list-modules -r
  DSCC Agent is registered in Cacao
  ## Running /opt/sun/cacao/bin/cacaoadm status
  ## Running /opt/sun/cacao/bin/cacaoadm list-modules
  ## Running /opt/sun/cacao/bin/cacaoadm get-param network-bind-address
  ## Running /opt/sun/cacao/bin/cacaoadm get-param jmxmp-connector-port
  ## /opt/server/sun/ds6/bin/dsadm is present
  DSCC Registry has been created
  Path of DSCC registry is /var/opt/sun/dscc6/dcc/ads
  Port of DSCC registry is 3998
  # find / -name dccapp
  /opt/server/dscc6/dccapp
  # cp -R /opt/server/dscc6 /opt/server/sun
  # ./dsccsetup dismantle
  DSCC Application is not registered in Sun Java(TM) Web Console
  Unregistering DSCC Agent from Cacao...
  Deleting DSCC Registry...
  All server registrations will be definitively erased.
  Existing server instances will not be modified.
  Do you really want to delete the DSCC Registry ? [y/n]y
  Server stopped
  DSCC Registry has been deleted successfully
  # ./dsccsetup initialize
  Registering DSCC Application in Sun Java(TM) Web Console
  This operation is going to stop Sun Java(TM) Web Console.
  Do you want to continue ? [y,n] y
  Stopping Sun Java(TM) Web Console...
  Registration is on-going. Please wait...
  DSCC is registered in Sun Java(TM) Web Console
  Restarting Sun Java(TM) Web Console
  Please wait : this may take several seconds...
  Sun Java(TM) Web Console restarted successfully
  Registering DSCC Agent in Cacao...
  Checking Cacao status...
  Deploying DSCC agent in Cacao...
  DSCC agent has been successfully registered in Cacao.
  Choose password for Directory Service Manager:
  Confirm password for Directory Service Manager:
  Creating DSCC registry...
  DSCC Registry has been created successfully
  Hope this helps.

• Problem with Sun Directory Server 6.0 Console

  Hi,
  I posted same onto wrong forum earlier hope I am in correct place :).
  I have installed Sun Directory server on my Sparc box and now I am unable to start the management console. I followed some instruction on net and it say we have to refister the product using folowing command from dscc6/bin folder for installation
  System SnapShot_
  # ./dsccsetup initialize
  DSCC Application is already registered
  DSCC Agent is already registered
  Choose password for Directory Service Manager:
  Confirm password for Directory Service Manager:
  Creating DSCC registry...
  DSCC Registry has been created successfully
  *and it suppose to be started on https://Ip_address:6789 but its not. Can any one please tell me how to start the admn console to manage my directory server effectively.
  Note: I have already started the instance I have created during the installation using slapd-start script and its running successfully.
  Thanks,
  Sheeraz

  NOOOOO :( ..... Now i can see the login page.,.. Thanks mate.... Now when I am trying to log in using the UserName and Password I have supplied during the installation process (Sun Directory Server) it says Authentication failed.????
  This looks like a general webconsole... do I need to provide an specific URL for diretory server page ?????

• How can integrate Steel Belted Server with iPlanet Directory Server?

   

  Have you installed the connector software on the RDS Server?
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• Connect IPlanet Directory Server(5.0) with ADSI

  Has anyone ever had to connect to a iPlanet Directory Server 5.0 with ADSI?
  I can retrieve the entries(user's information), but I can't add the
  user-defined objClass and attributes to entries(user).
  If you know, please kindly to give me some hints about this.
  Many Thanks,
  Kat

  Make sure the user-defined schema is present on the server before you try to use it. Also you will need appropriate permissions for updating and will very likely need to bind before you try to update.

• Context lookup problem in iplanet application server 6.0 sp3?

  Hi all,
  I am writing codes in the following enviornment, iplanet application server 6.0 sp3 with iplanet web server 4.1 sp7 in Window 2000.
  When I tried to login to the system, error occured when i try to lookup context for my session bean.
  The error message is as follows:
  login_process.jsp: Home / Remote Error:String index out of range: -7
  [10/Apr/2002 18:09:10:5] error: Exception: SERVLET-execution_failed: Error in ex
  ecuting servlet JSPRunnerSticky: java.util.EmptyStackException
  Exception Stack Trace:
  java.util.EmptyStackException
  at java.util.Stack.peek(Stack.java:86)
  at java.util.Stack.pop(Stack.java:68)
  at com.netscape.server.deployment.AppComponentDescriptorUtil.popCurrentAppComponent(Unknown Source)
  at com.netscape.server.servlet.servletrunner.AppInfo.popWebAppDescriptor(Unknown Source)
  at com.netscape.server.servlet.servletrunner.ServletInfo.service(Unknown Source)
  at com.netscape.server.servlet.servletrunner.ServletRunner.execute(Unknown Source)
  at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
  at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at java.lang.Thread.run(Thread.java:479)
  could anyone suggest a method to solve the problem?
  Thx very much!

  There is a major security breach in authenticating
  iPlanet Web Server 6.0 SP3 and SP4 using Sun ONE
  Directory Server. Using a valid user id, any
  password except null string would allow user access
  the restricted resources. iPlanet Web Server 6.0 SP5
  and 4.1 SP12 worked fine with similar configuration.Did you get an answer for this?
  We are having the exact same problems with our iPlanet Web server 6.0 SP3.
  thank you.

• IPlanet directory server can't start in a user account - A bug?

  I installed iplanet directory server 5.1 in Solaris 9. I am using typical install mode. I set UserA/GroupA to represent the directoy server that means the directory server instance running in this user account. After I input the user name and group name, it gives a very strange message, say "suffix must have a valid dn. Press any key to continue" After I press any key, it continue to do other setup. Once instllation done, if I try to login as that user account and start-slapd, it just give an error message, " iplanet/servers/bin/slapd/server do not have permission". I checked this directory, UserA do not have even read access to the directory.
  So is this a bug in this verion of directory server/
  Thanks,
  Iris

  It's very likely that you gave an Invalid DN for the Suffix of your directory instance...
  The setup should have asked again the DN... It looks like a problem with the setup command.
  Ludovic

• Question re how iPlanet Directory Server applies the Look Through Limit.

  I have a question on how iPlanet Directory Server applies the lookthrough limit...
  I am running an LDAP search on a 4.13 directory. The search filter is:
       "(&(rtrdaMaturityDate>=20020128)(rtrdaMaturityDate<=20020130))"
  rtrdaMaturityDate is an int, and indexed with pres,eq,sub
  There are 244680 entries where rtrdamaturityDate>=20020128
  383005 entries where rtrdaMaturityDate<=20020130
  484 entries which satisfy both conditions
  When the query is run as Directory Manager it just hangs (presumably it would complete eventually).
  When run as another user it gives a size limit error. The size limit and lookthrough limit on the directory are both 5000 . As the matching number of entries doesn't exceed the size limit, I think perhaps it is the lookthrough limit causing the problem...
  It looks as if it treats each part of the filter separately, building an candidate list for each, giving an error if both reach the look through limit. i.e. it does not realise that both parts of the filter could be treated together.
  Is this correct ?
  This theory is born out by the fact that if I change the value so the filter would logically return only the highest few values, the search works (i.e. as if the <= filter condition hit LTL, but the >= did not).
  Also, if I add another condition to give "(&(rtrdaIssuerBgNid=4403)(rtrdamaturityDate>=20020128)(rtrdaMaturityDate<=20020130))" then the search eventually correctly returns a single entry. (IssuerBgNid=4403 on its own gives 1004 entries).
  Can I therefore assume that a seach will only work if at least one condition in the filter gives a candidate list with less entries than the look through limit?
  Any advice on how to implement a range search like this would also be much appreciated.
  Thanks,
  Dave.

  The lookthrough limit is reached when the resulting candidate list contains more entries than the limit...
  Lookthrough limit has been implemented specifically to for Range filters (and OR filters) to avoid consuming too many resources.
  For your particular problem, you can increase the lookthrough limit... but it will affect all users and searches.
  Note that iPlanet Directory Server 5.x does provide a per User LookThrough Limit (and other limits as well), therefore you could just increase the lookthrough limit for the specific users performing these searches.
  Regards,
  Ludovic.

• Roles in iPlanet Directory Server v5.0 und JNDI.

  Hi!
  I have the following problem:
  How can I find and change the Role object in iPlanet Directory Server v5.0 via JNDI? It's possible ?
  Regards,
  Andriy

  Hi,
  It is not necessary to go in such a way for going and adding the corresponding roles.
  For eg
  Here is an LDIF file which plays an important role in making the attributes.
  Here is an sample fedup.ldif file
  dn: uid=timb,ou=Customers,o=fedup.com
  objectclass: customer
  objectclass: inetorgperson
  objectclass: organizationalPerson
  objectclass: person
  objectclass: top
  cn: Tim Briggs
  uid: timb
  givenname: Tim
  customerid: timb
  sn: Briggs
  facsimiletelephonenumber: 4101
  telephonenumber: 4145
  creatorsname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
  createtimestamp: 20000401084012Z
  aci: (target="ldap:///uid=timb,ou=Customers,o=fedup.com")(targetattr="*")(version 3.0; acl "unknown"; allow (all) userdn = "ldap:///anyone": )
  ou: Customers
  mail: [email protected]
  userpassword: bakru
  modifiersname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
  modifytimeStamp: 20000502084001Z
  Here I have sepecified userid as timb and password as bakru and with corresponding roles in aci.
  After making the LDIF file you have to import it in Directory server.
  For that you have to Iplanet Console menu, from there click on Import for the ldif file to get imported.
  Or else you can go for ldapadd, ldapmodify commands.
  Also if you are going to add new attributes which is not known by Directory server, Please follow these process.
  Creation of our own USER SCHEMA Files:-
  It is necessary for adding the attributes which are not defined in the
  Netscape directory server. In the above, customerid which is defined in ldif
  file is not existing in the directory server.
  Here is the Schema file for attributes:(ie for defining for eg customer id).
  The name of the file is slapd.user_at.conf:-
  attribute customerid customerid-oid cis single
  attribute packageid packageid-oid cis single
  attribute receivedate receivedate-oid cis single
  attribute shipdate shipdate-oid cis single
  attribute shipperid shipperid-oid dn single
  attribute receiveid receiveid-oid dn single
  #Java Attributes
  # Schema for storing java objects and java object references
  attribute javaClassName 1.3.6.1.4.1.42.2.27.4.1.1 ces single
  attribute javaCodebase 1.3.6.1.4.1.42.2.27.4.1.6 ces
  attribute javaSerializedData 1.3.6.1.4.1.42.2.27.4.1.7 bin single
  attribute javaRemoteLocation 1.3.6.1.4.1.42.2.27.4.1.8 ces single
  attribute javaFactory 1.3.6.1.4.1.42.2.27.4.1.4 ces single
  attribute javaReferenceAddress 1.3.6.1.4.1.42.2.27.4.1.3 ces
  Here is Schema file for your own object classes:-
  The name of the file is Slapd.user_oc.conf:-
  In the similar way we assume that there are no "customer" class in the object classes
  defined in the LDAP, so we will have to create our own "customer" Object class.
  Also it extends inetOrgPerson to add some new attributes such as "customerid".
  The object class of an entry specifies what attributes are required and what
  attributes are allowed in a particular entry.
  Also for eg, Package classes in the object class is created.
  Here is the sample file for creating the above:-
  objectclass package
  oid package-oid
  superior top
  requires
  packageid,
  receiveid,
  shipdate,
  shipperid
  allows
  description,
  ou,
  receivedate
  objectclass customer
  oid customer-oid
  superior inetorgperson
  requires
  customerid
  allows
  c
  #JAVA Schema
  # Schema for storing java objects and java object references
  objectclass javaContainer
  oid 1.3.6.1.4.1.42.2.27.4.2.1
  superior top
  requires
  cn
  objectclass javaObject
  oid 1.3.6.1.4.1.42.2.27.4.2.4
  superior top
  requires
  javaClassName
  allows
  javaCodebase
  objectclass javaSerializedObject
  oid 1.3.6.1.4.1.42.2.27.4.2.5
  superior javaObject
  requires
  javaSerializedData
  objectclass javaRemoteObject
  oid 1.3.6.1.4.1.42.2.27.4.2.6
  superior javaObject
  requires
  javaRemoteLocation
  objectclass javaNamingReference
  oid 1.3.6.1.4.1.42.2.27.4.2.7
  superior javaObject
  requires
  javaReferenceAddress,
  javaFactory
  STEP 4: Loading the USER SCHEMA files in Directory Server:-
  All the attributes created above should be added to the corresponding directory server,
  in order to make it as a common attribute.
  Steps for adding the User Schema files to the Directory Server:-
  1. Copy the above user schema files to the appropriate instance of Netscape Directory Server
  created above so that the existing LDIF file which is used in the Netscape directory
  server is not appended or overwritten.
  2. For eg, put it in "NetscapeServer/slapd-HostName/config" to replace the empty
  files "slapd.user_at.conf" and "slapd.user_oc.conf" by default.
  3. Then restart the Directory Server.
  I hope this will help you.
  Thanks
  Bakrudeen
  Technical Support Engineer
  Sun MicroSystems Inc, India

• Solaris 8 and iPlanet Directory Server 5.1: Help

  Could anyone help with advice or where to find documentation of how to setup a Solaris 8 client machine to authenticate against iPlanet Directory Server 5.1? The only documentation (eg books, BluePrint articles) I can find cover iPlanet Directory 4.11 or 4.12 and a Solaris 8 client. Even the tools from the BluePrint Tools area at Sun only talk about using iPlanet Directory Server 4.11/12. Quite a lot seems to have change from iDS 4.12 to iDS5.1.
  Any help would be greatly appreciated.
  Thanks in advance,
  Stewart

  Hi Steven, I suppose that this question is identical to your other question: " Topic: solaris 8 client setup with solaris 9 ldap".
  So the answer will be the same.
  You may find what you are looking for in the following technical note: http://knowledgebase.iplanet.com/ikb/kb/articles/7966.html
  It is called: "Cookbook for Solaris 8 client with Directory Server 5.1/Solaris 9"
  Cheers / Damien.