Publish Cert. to external Directory Server

Is there any easy way to publish certificates from CMS to Netscape Directory
Server without having to create the entry in the D.S. first? I can not find
any info about this!!

I encountered this issue now.
I create a self-signed server certificate for iPlanet Directory Server 5.1 using OpenSSL,
the error message "Either this certificate is for another server, or this certificate was not requested using this server." is reported when installing server cert.
iPlanet server must be a websit??
If you have any ideas, please offer them up. I'm in dire need here.
Message was edited by:
scui

Similar Messages

  • Problem in Publishing the certificate to directory server

    I am having problem regarding the publishing the certificate.I am using iPlanet CMS 4.7 and iPlanet directory server 5.1
    In the CMS >certificate manager > publishing module > mapper
    It provides(manuals) two options to enable the publishing to directory server, i.e
    1)create entry automatically(default plug -in)
    2)Manual entry in directory and mapper to map it.
    I tried both way.When automatically create option is selected it fires an error:
    Failed to create the CA entry.There may be entries in the directory hierachy which do not exist.Please create them manually.
    I am not able to figure out the problem,even if I create certificate hierachy in the directory server it gives the same error.Can anyone figure out the problem so i can publish certificate.Pleae mail me the solution if anybody knows.Thank you

    Hi,
    1. Please open the original project in Captivate 3. i.e. the .cp file in Captivate 3
    2. Go to menu "Audio > Audio Settings"
    3. Change the bitrate to 96kbps or 64kbps
    4. Change the Encoding ferwquency to 44Khz
    5. Save and close the project
    6. Now open the same project in Captivate 5
    7. publish the project
    Audio should play correctly now..
    Hope this helps.
    Regards,
    mukul

  • Can`t install CA in iPlanet Directory Server 5.0 ??

    Hi All,
    i try to install a self-signed CA-certifikate, under "CA-Certs" in
    iPlanet Directory Server 5.0.
    The certificate is generated using the tool "ssleay" or from an
    Windows2000-CA.
    Always i get "the certificate specified is not a valid CA certificate,
    installation aborted"
    thanks in advance
    S. Horn

    Hi Sven
    I'm having a similar problem. I generated my self-signed cert. using keytool. Did u find an answer to ur query? If so please inform.
    regards
    Sikka

  • Setting up Directory Server SSL

    I'm not sure if this goes here, but not sure where else to put it.
    At my university I'm trying to setup a Sun Directory Server(5.2) so that we can have a single login. While I have setup the server and I can connect to it, I need to do so securely.
    The server is running on RHEL which is also our RedHat Proxy server, so it already has a CA and server certs. The Server accepts the CA cert just fine, but it doesn't want to take the server cert. Says it wasn't requested by this server. So I use the console to make a request and used the rhn-ssl-tool to process the request using the CA cert and it makes a server cert, which the Directory Server still won't accept.
    My coworker is working on openldap and so is more comfortable with it, it is such a mess right now. But If I can't get Sun's Directory Server to run securely, thats what we'll be using.
    Any ideas?

    This is an OS forum, specific to the nuances of Solaris 10.
    The Java Enterprise System, which includes Directory Server, has its own separate forum.
    http://supportforum.sun.com/sjes/
    Directory Server has its own sub-forum inside there.
    (You may need to create a new login profile over there.)

  • Publishing Website to External Server

    Hello,
    I am used to creating websites in html code in a windows based program, So I have paid for a domain and server space.
    I now want to use a sub domain as a personal web page, But I want to use iWeb because it is quick, easy and i can do it on the go.
    Can I not publish to my external server from iWeb??

    You can't publish to your server directly from iWeb. First you have to publish to a folder (from iWeb File menu). Then you get what you're used to see: HTML files (and Folders,...). Upload those resulting files to your server as you're used to do: using an FTP application.
    You maybe want to have a look at this page as well:
    http://iwebfaq.org/site/iWebFolderFTP.html
    especially Chapter 3.1)
    Regards,
    Cédric
    +“I may receive some form of compensation, financial or otherwise, from my recommendation or link.”+

  • Directory Server setup issues.

    I recently installed the new OS X Server on my new iMac. I have two iPhones, two iPod touches, the iMac and an Air that I want to serve. I registered macserved.com and have a static IP. As far as I can tell, the domain and DNS is set up correctly (to serve internal DNS). I had a wordpress blog running for a while and can access it both internally and externally. MySQL was a pain in the butt to configure, but I figured it out. When I started the config for Profile and OD however, I get this error:
    An error occurred while configuring iMac as a directory server. Please check your network configuration and try again.
    So I first checked my hostname:
    Primary address     = 192.168.0.6
    Current HostName    = macserved.com
    DNS HostName        = macserved.com
    The names match. There is nothing to change.
    dirserv:success = "success"
    A little dig output:
    ; <<>> DiG 9.8.3-P1 <<>> macserved.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27076
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;macserved.com.                              IN          A
    ;; ANSWER SECTION:
    macserved.com.                    10800          IN          A          192.168.0.6
    ;; AUTHORITY SECTION:
    macserved.com.                    10800          IN          NS          macserved.com.
    ;; Query time: 2 msec
    ;; SERVER: 192.168.0.6#53(192.168.0.6)
    ;; WHEN: Fri Dec  7 19:24:36 2012
    ;; MSG SIZE  rcvd: 61
    I'm not certain it is a DNS issue, but I'm fairly new to DNS setup so I cannot rule it out.
    Where should I start looking? What should I be looking for in the logs? I'm cool with scraping everything and starting over as well. Right now I have zero invested in it (no files that need saved, etc) but I would PREFER not to reformat/reinstall OS X though.

    I figured it out! My certificates were hosed. I rm -rf the Authority in Library/ and recreated the certs after DNS was setup properly. Works great now aside from a few other website issues, but that is another thread :-)

  • An error occurred while configuring server as a directory server.  Please check your network configuration and try again.

    Hi there,
    My Mac OS X Server 8.2 got buggered after I did the following steps:
    Wiped Profile manager using "/Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeD B.sh"
    Clicking the Off button in the Profile Manager section of the Server.app
    Clicking the On button of the same
    Clicking on asks if I want to create a new directory master, but I know that one already exists.  Trying to continue confirms this.  So, I go and destroy it to start again, but afterward, I get the following error when trying to create the directory master:
    I've done this enough times while watching the system log to see the actual error thrown, which is:
    Nov 12 22:01:24 srv.domain.com Server[279]: An error occurred while configuring srv as a directory server:
        Error Domain=XSActionErrorDomain Code=-1 "A child action failed" UserInfo=0x7fee9516c0f0 {XSActionErrorActionsKey=(
            "Creating Open Directory master"
        ), NSLocalizedDescription=A child action failed}
    I have Googled the above and have discovered only a few entries here in these Apple communities, but have found no joy.
    Here's a similar threads: 
    https://discussions.apple.com/message/19237429#19237429
    Interestingly/confusingly, this server has been working just fine as a domain master using different domain names (on separate occasions/setups).  It was only after having clicked the OFF button in Profile Manager (after a wipe) that things stopped working.
    I could rebuild this server, as I have a backup image of it that I can restore, but I'd rather find out what's broken and fix it so as to hopefully be able to fix it if/when this ever happens to me again, learning something in the process.
    That said, I perform the following steps prior to running the Open Directory setup on a the server to try and clean it up as best possible.
    Clean up steps:
    Delete the DNS zone (and all entries).
    Turn off all server services
    Delete all file server sharepoints
    Change the host name at Hardware => SRV => Network tab.  This runs the Change Host Name program.
    Close Server.app
    Throw Server.app in the trash / Empty trash (I've also just trashed and put back with same result)
    Delete the /Library/Server directory
    Clear and recreate System keychain using "systemkeychain -vfcC" to clear out all the certs related to old host name.
    Delete all the entries in the Login keychain
    Reboot (probably don't have to)
    Re-download and install Server.app
    Run Server.app, which actually retains some settings from the last setup, though I don't know where to clean those.
    After Server setup, confirm that the host name from step 4 is what I want.
    Running "changeip -checkhostname" shows "Success".  I'm using an Internet domain name so pinging the "internal" zone (srv.domain.com) resolves with the correct internal IP, and pinging the "external" zone resolves to the correct external address on the Internet.
    It would seem like I'm all good to go, but when I try to turn on Open Directory and go through the setup prompts, I get the same "Confirm Settings" error as above.
    The *only* way that I've come close to "fixing" this is to cancel out of the Profile Manager.  Then, go destroy the open directory that already exists.  Then create the domain via the Profile Manager enabling process.  At present, this only seems work to for a "private" domain.  Neither of the two Internet domain names that I've used successfully in the past work with this (or any) method. 
    Any advice or clues you can throw my way would be most appreciated.
    Thanks,
    Kim

    Had the same problem found the answer here:
    https://discussions.apple.com/thread/3264944?start=0&tstart=0

  • Sun Directory Server 6.0 doesn't use client certificate

    Hi All,
    From a program, if I try to connect twice to a directory server 6.0 over SSL, first with simple anonymous bind and 2nd with client certificate, both the time it goes through, but 2nd time it doesn't use the client certificate. From the access log we get to know that it's not using the client certificate as it is expected for the 2nd attempt.
    Here is the sample code that I have -
    int main()
        int ret;
        char host[] = "xxx";
        int port = 1234;
        char path[] ="/home/xxx/certs";
        int version = LDAP_VERSION3;
        ret = ldapssl_client_init(path, NULL);
        if(ret) printf("ldapssl_client_init failed"), exit(1);
        LDAP *handle = ldapssl_init(host, port, 1);
        if(!handle) printf("ldapssl_init failed"), exit(1);
        ret = ldap_set_option( handle, LDAP_OPT_PROTOCOL_VERSION, &version);
        if(ret) printf("ldap_set_option failed"), exit(1);
        ret = ldap_simple_bind_s(handle, NULL, NULL);
        if(ret) printf("ldap_simple_bind_s failed"), exit(1);
        ret = ldap_unbind_s(handle);
        if(ret) printf("ldap_unbind_s failed"), exit(1);
        printf("1. Successfully connected and disconnected\n");
        ret = ldapssl_clientauth_init(path, NULL, 1, path, NULL);
        if(ret) printf("ldapssl_clientauth_init failed"), exit(1);
        LDAP *ldaph = NULL;
        ldaph = ldapssl_init(host, port, 1);
        if(!ldaph) printf("ldapssl_init failed"), exit(1);
        ret = ldap_set_option( ldaph, LDAP_OPT_PROTOCOL_VERSION, &version);
        if(ret) printf("ldap_set_option failed"), exit(1);
        ret = ldapssl_enable_clientauth(ldaph, (char*) "", (char*) "password", (char*) "nickname");
        if(ret) printf("ldapssl_enable_clientauth failed"), exit(1);
        struct berval* sc = NULL;
        ret = ldap_sasl_bind_s(ldaph, NULL, LDAP_SASL_EXTERNAL, NULL, NULL, NULL, &sc);
        if(ret) printf("ldap_sasl_bind_s failed"), exit(1);
        ret = ldap_unbind_s(ldaph);
        if(ret) printf("ldap_unbind_s failed"), exit(1);
        printf("2. Successfully connected and disconnected\n");
        return 0;
    }Any help/pointers in this regard will be highly appreciated.
    Thanks in advance.
    Regards,
    // Rahul

    The program works absolutely fine. Both the times it binds to the directory server. But the 2nd time it doesn't use the client certificate as we expect.
    Here is the output -
    1. Successfully connected and disconnected
    2. Successfully connected and disconnected
    and here is the access log contents -
    [13/Jul/2010:17:31:45 +0530] conn=1074 op=-1 msgId=-1 - fd=39 slot=39 LDAPS connection from 1.2.3.4:1234 to 1.2.3.4
    [13/Jul/2010:17:31:45 +0530] conn=1074 op=-1 msgId=-1 - SSL 128-bit RC4
    [13/Jul/2010:17:31:45 +0530] conn=1074 op=0 msgId=1 - BIND dn="" method=128 version=3
    [13/Jul/2010:17:31:45 +0530] conn=1074 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    [13/Jul/2010:17:31:45 +0530] conn=1074 op=1 msgId=2 - UNBIND
    [13/Jul/2010:17:31:45 +0530] conn=1074 op=1 msgId=-1 - closing from 1.2.3.4:1234 - U1 - Connection closed by unbind client -
    [13/Jul/2010:17:31:45 +0530] conn=1075 op=-1 msgId=-1 - fd=40 slot=40 LDAPS connection from 1.2.3.4:1234 to 1.2.3.4
    [13/Jul/2010:17:31:45 +0530] conn=1074 op=-1 msgId=-1 - closed.
    [13/Jul/2010:17:31:46 +0530] conn=1075 op=-1 msgId=-1 - SSL 128-bit RC4
    [13/Jul/2010:17:31:46 +0530] conn=1075 op=0 msgId=1 - BIND dn="" method=sasl version=3 mech=EXTERNAL
    [13/Jul/2010:17:31:46 +0530] conn=1075 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    [13/Jul/2010:17:31:46 +0530] conn=1075 op=1 msgId=2 - UNBIND
    [13/Jul/2010:17:31:46 +0530] conn=1075 op=1 msgId=-1 - closing from 1.2.3.4:1234 - U1 - Connection closed by unbind client -
    [13/Jul/2010:17:31:46 +0530] conn=1075 op=-1 msgId=-1 - closed.
    Thanks and Regards,
    // Rahul

  • Page size limitation on Sun ONE directory server 5.2

    Hi All,
    How do i know what is the Page size limitation on Sun ONE directory server 5.2?
    How do i cahnage it?
    Best Regards,
    Ayelet Regev
    [email protected]

    I enabled SSL in SUN ONE Directory Server 5.2, I use the following code to download the server certs,
         Hashtable env = new Hashtable(11);
         env.put(Context.INITIAL_CONTEXT_FACTORY,
         "com.sun.jndi.ldap.LdapCtxFactory");
         env.put(Context.PROVIDER_URL, "ldaps://bharatkumar.webm.webmethods.com:636/o=in");
         env.put(Context.SECURITY_AUTHENTICATION, "EXTERNAL");
         env.put(Context.SECURITY_PROTOCOL, "ssl");
         try {
         // Create initial context
         DirContext ctx = new InitialDirContext(env);
    System.out.println(ctx.lookup("ou=web"));
    ctx.close();
         } catch (NamingException e) {
         e.printStackTrace();
    But it throws the following error:
    javax.naming.CommunicationException: SASL bind failed: bharat.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.
    validator.ValidatorException: PKIX path building failed: sun.security.provider.c
    ertpath.SunCertPathBuilderException: unable to find valid certification path to
    requested target]
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:220)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
    How to rectify the above error?
    Kindly Help me.
    Thanks,
    Bharat

  • Directory Server 5.1 and CMS 4.2 SP2

    There's a similar question on 16 January that didn't get answered.
    I realise I can configure CMS to publish certificates to an "external" DS 5.1 LDAP directory. However, I'd like to know whether there is a realistic method to make CMS use DS 5.1 for it's internal database (port 38900). I don't want to build a complex mixed-version environment unless there will be no alternative for (say) the next 6-9 months.
    I have a production user directory that is being upgraded from DS 4.12 to 5.1. Our CMS system is also in production, and was upgraded to 4.2 SP2 about 6 months ago.
    Does anyone have any experiences in this area that can help me decide on an optimal way forward?

    I recommened that you read the Release Notes of DS5.2, there are some notes on Replication between 5.1 and 5.2.
    ===
    In Directory Server 5.2, the schema file 11rfc2307.ldif has been altered to conform to rfc2307. If replication is enabled between 5.2 servers and 5.1 servers, the rfc2307 schema MUST be corrected on the 5.1 servers, or replication will not work correctly.
    Workaround
    To ensure correct replication between Directory Server 5.2 and Directory Server 5.1, perform the following tasks:
    * For zip installations, remove the 10rfc2307.ldif file from the 5.1 schema directory and copy the 5.2 11rfc2307.ldif file to the 5.1 schema directory. (5.1 Directory Server Solaris packages already include this change.)
    * Copy the following files from the 5.2 schema directory into the 5.1 schema directory, overwriting the 5.1 copies of these files:
    11rfc2307.ldif, 50ns-msg.ldif, 30ns-common.ldif, 50ns-directory.ldif, 50ns-mail.ldif, 50ns-mlm.ldif, 50ns-admin.ldif, 50ns-certificate.ldif, 50ns-netshare.ldif, 50ns-legacy.ldif, and 20subscriber.ldif.
    * Restart the Directory Server 5.1 server.
    * In the Directory Server 5.2 server, set the nsslapd-schema-repl-useronly attribute under cn=config to on.
    * Configure replication on both servers.
    * Initialize the replicas.
    ===
    Also search for "migrate" or "repl" or "5.1" in Release Notes and read the relevant information.
    http://docs.sun.com/source/817-7611/index.html
    Another guide is "Installation and Migration Guide"
    http://docs.sun.com/app/docs/doc/817-7608
    HTH.
    Gary

  • Dbcon connection from sap db2 to external sql server

    Hi ,
    I am trying to connect from my sap server which is in unix platform with DB2 database to external SQL server using DBCON as  MSSQL_SERVER=<server_name> MSSQL_DBNAME=<db_name>. But while running ADBC_TEST_connection i am getting the error . When i check the error log it says
    Loading DB library '/usr/sap/DVL/SYS/exe/run/dbmssslib.so' ...
    M  *** ERROR => DlLoadLib()==DLENOACCESS - dlopen("/usr/sap/SID/SYS/exe/run/dbmssslib.so") FAILED
      "Unable to find library '/usr/sap/DVL/SYS/exe/run/dbmssslib.so'."  [dlux.c       445]
    M  {root-id=002655A9DCD21EE3B89D69F99DF39F0D}_{conn-id=00000000000000000000000000000000}_0
    B  *** ERROR => Couldn't load library '/usr/sap/SID/SYS/exe/run/dbmssslib.so'
    How to resolve this issue. As it was mentioned in few forum we need to download the dbsl library from kernel patches and to load in kernel path. As my  db is DB2  can  we download dbmssslib.so this library and load in kernel file? Is it will work?
    Regards,
    Rai

    Hi Rai,
    This error indicates that the ABAP stack could not find the SAP DBSL for SQL Server (dbmssslib.dll) in the kernel directory. If you encounter this error on a Unix - based server the root cause is clear: the DBSL does not exist for other platforms than Windows or Linux x84_64. In this case use a Windows-based or a Linux x86_64-based SAP Application Server to establish the connection. If your system does not contain a Windows-based or a Linux x86_64-based Application Server you need to setup a small one as workaround. If you encounter this error on a Windows Application Server or a Linux x86_64 based Application Server make sure that the DBSL is properly installed in the kernel directory as explained in the document below.
    For more details on configuration and troubleshooting refer to below SCN document
    How to access an external Microsoft SQL Server database
    Hope this helps.
    Regards,
    Deepak Kori

  • How to schedule Adapter to Pickup File on external FTP Server

    Any solution is very much appreciated for the following Problem.
    My Scenarios are  File to XI to FIle
    My problem is XI is picking up file on FTP Server while file is being written by Webservice ( This Webservice can not write .tmp file or movie file from one directory to another. So these options are ruled out )
    These are proposed steps:
    1. Job Scheduler creates Dummy File on XI File System
    2. XI Picks up File on XI File System and Invokes External Webservice and receives Response that a File "MadFile" has been written to external FTP Server.
    3. After XI receives response from webservice, XI should get "MadFile" from FTP Server
    How Can I implement step 3 above.
    ( Please do not suggest executing scripts as the the application where webservice running do not want to write it )

    ST,
    At times one has to take a stand and using a BPM like this is actually complicating things. Using the script option is the best solution!
    Menahwile, even BPM solution doesn't make sense to me as like you correctly told, your Second Receive Step can poll over the file and pick up the temporary file! Even if you can handle this using Adapter Scheduling, you would need Correlation and I am pretty sure that as you are using a dummy file, this also cannot be achieved!
    Would suggest that another option would be to ask the webservice to send a call directly to XI after writing the file. The moment XI receives the Webservice request,  XI can invoke a java proxy to collect the file ( polling using File adapter is not going to help ) and then pass this file to the integration engien and so on.
    Even my solution is not a very good one, but, if nothing works out, it is something atleast. But, I would ask you to push for the tmp folder plus script.
    Regards
    Bhavesh

  • Configure Sun Directory Server 6.3 with SSL in OIM 9.1.0.2

    Hi,
    I am using OIM 9.1.0.2. i want to Provision User to Directory Server 6.3 with SSL confiuration
    Can anyone tell me the steps for configuring the Certificate import, etc..
    followed SJSDS_904120 doc but there is no info for DSEE 6.3 in it.
    Regards,
    Praveen
    Edited by: Praveen on Feb 16, 2012 9:08 PM

    Well not sure about the exact clicks you need to do but the basic steps are that you export certificates from DS and then import it into the jdk which has OIM running. Look at the doc for SJDS6.3 about setting and exporting certs.
    -Bikash

  • Provisioning Sun directory Server to a User in OIM

    I am learning a OIM tool since 2 months, I could not able to do provisioning sun directory server to a user in OIM, the error is I am not getting the value for Organization DN. I am using ODSEE 11.1.1.5.0 and OIM 11.1.1.5.0. I have followed below steps
    1. Copy Connector and External Code Files.
    2. Configure Oracle Identity Manager Server.
    3. Import an Oracle Identity Manager Connector.
    4. Define an IT Resource.
    5. Create a User.
    6. Assign the Connector to a User.
    Please anyone suggest me solution for this problem.

    Hi,
    You need to run organization lookup reconciliation first then select value in the process form.
    If you are getting particular error, paste error messages from console?
    Regards,
    Raghav.

  • Help me, please. Can't Install SunONE Directory Server 5.2 Beta 3 on Solari

    I try to install DS on SUN ULTRA 10 with Solaris 9. We don't use internal DNS server but external one.
    Cannot start console. Always I have an error:
    starting up server ...
    ERROR<38917> -Startup -conn=-1 msgId=-1 - Configuration error Can't find localhost name.
    error:Server not running!! Failed to start ns-slapd process.
    system_errno:2
    Configuration of Directory Server succeededConfiguratin of the admin server Failed
    The configuration is folowing:
    /etc/hosts:
    127.0.0.1 localhost
    192.168.1.105 iplanet iplanet.mydomain.nam
    /etc/resolv.conf:
    search mydomain.nam
    nameserver xxx.xxx.xxx.xxx
    nameserver yyy.yyy.yyy.zzz
    /etc/nsswitch.conf:
    hosts: files dns
    /etc/defaultrouter:
    192.168.1.1
    /etc/hostname.hme0:
    iplanet
    /etc/nodenam:
    iplanet
    /etc/netmasks:
    192.168.1.0 255.255.255.0
    Does anybody knows what's goin on?
    Thanks in advance.
    Marat.

    It is not possible to obtain the Sun ONE Directory Server 5.2 BETA Software. There are various reasons, one is the BETA program has been closed for sometime now. The RR of the Sun ONE Directory Server 5.2 should be available at the end of May.
    Regards
    -Michael
    Sun Microsystems, Inc.

Maybe you are looking for