Querying LDAP Server

I would like to implement some Java Bean classes to query
LDAP Server by using JNDI. I already have some sample Java code to query LDAP
Server by using JNDI.
How can I use WebLogic Server and EJB or other technology to
query LDAP Server

Try the LDAP bean that comes with IP*Works! Java Edition http://www.nsoftware.com/
"weblogic" <[email protected]> wrote in message news:<3b0c2fbd$[email protected]>...
I would like to implement some Java Bean classes to query
LDAP Server by using JNDI. I already have some sample Java code to query LDAP
Server by using JNDI.
How can I use WebLogic Server and EJB or other technology to
query LDAP Server

Similar Messages

How to query LDAP server and get DB Service names?

Hi, before making a connection to an Oracle database, if i want to get list of Databases available,
i could use OracleClientFactory (and CreateDataSourceEnumerator and GetDataSources) to get list of tnsnames from the local tnsnames.ora file
Now, if i instead want to query the LDAP server with a given context and get the DB Service list,
how can i do that using ODP.NET?
I am using Visual Studio C# 2010 and ODP.NET 11.2
Thanks,
-srinivas yelamanchili

The oracle client has an ldap.ora file, how can I use ODP.NET to read the ldap.ora file and get list of oracle instances available?
Thanks,
-sri

Querying LDAP based on a timestamp

How do I query ldap server for entries that are modified after a particular interval. The >= <= usage in filter expression is giving a syntax error. Should I use extensible matching rules ?
Thanks,
Ravi

Yes but you modifytimestamp must be indexed and it is not the case by default in oracle.........
You must run a unix shell script to recreate index.
Fred

Get A nonfatal JIT error querying a ldap server

I wrote a java program to query a ldap server based on last name. Basically my code does a search for any entry with sn equal to the passed argument. It works fine when it returns a small set of records, but when I try to query sn = * or even sn = l* (which should return a few hundred people) the code bombs with the following:
A nonfatal internal JIT (3.10.107(x)) error 'chgTarg: Conditional' has occured in :
'com/sun/jndi/ldap/Connection.readReadOnly (Lcom/sun/jndi/ldap/LdapRequest;)Lcom/sun/jndi/ldap/BerDecoder;': Interpreting method.
Please report this error in detail to http://java.sun.com/cgi-bin/bugreport.cgi
The above come out of stderr. Stadnard output will have 'current thread not owner' after the above error message.
I doubt I am the only person who is doing something like this. If anyone knows what is happening with the above message, please give me a hint.
thanks a bunch.

Not knowing what the underlying problem is, I decided to use the Netscape directory SDK instead of the jndi solution with Sun's ldap service provider. I was able to retrieve 2000 entries and it is actually a lot faster than the jndi method.
I hope this helps others who are trying to connect to a ldap server.

What are attributes we can use in LDAP query in server derivation rules

Q: What are attributes we can use in LDAP query in server derivation rules
A: Server derivation rules can be defined for an LDAP server in the same way as that for a Radius server. As opposed to a Radius server, where the list of attributes that are defined for a server are standard, for an LDAP server, the attributes depend on the type of the server.
The following table contains the list of attributes that are available for an Active Directory implementation. The server may maintain only a subset of these attributes, depending on how the user entries have been configured.
Attribute Name:
==============
sAMAccountname
userPrincipalName
givenName
sn
initials
description
physicalDeliveryOfficeName
telephoneNumber
mail
wwwHomePage
url
logonHours
logonWorkstation
userAccountControl
pwdLastSet
userAccountControl
accountExpires
streetAddress
postOfficeBox
postalCode
memberOf
primaryGroupID
title
department
company
manager
directReports
profilePath
scriptPath
homeDrive
homeDirectory
HomeDirDrive
telephoneNumber
otherTelephone
pager
pagerOther
mobile
otherMobile
fascimileTelephoneNumber
otherFascimileTelephoneNumber
ipPhone
otherIpPhone

>
praveen.tecnics wrote:
> hi experts
>
> what are mapping rules in sap xi/pi ? how we can use this rules for special charters mapping .
to map special characters you need to use an element called CDATA in your mapping
a special character causes an error....as XI wont be able to read it (as it is not in a proper XML format)...so to parse this character through XI without causing an eror use the CDATA....just make a search on SDN and you will find the proper use of it....
For your info: http://www.w3schools.com/XML/xml_cdata.asp
Regards,
Abhishek.
Edited by: abhishek salvi on May 20, 2009 8:52 AM

CIFS cannot connect to AD LDAP server or DC

Hello. I am a fairly new NetApp admin, and have very little formal training on NetApps. I was thrown into the job, and I'm trying to learn as much as possible. We have multiple NetApps in a WAN. One the of filers I have from out of state is not behaving well. I can't access the CIFS share on the filer, and when I putty into the filer, it starts throwing errors. There are two domain controllers in the same rack as the filer, so it should be able to connect with no issue. I ran a "cifs domaininfo" query, and this was my response:XXXFSG01> cifs domaininfoTue Jul 30 14:08:38 GMT [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for C2.ACC.AF.SMIL.MIL.Tue Jul 30 14:08:38 GMT [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 2 AD LDAP server addresses from CIFS PREFDC command.Tue Jul 30 14:08:38 GMT [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 4 AD LDAP server addresses using generic DNS query.Tue Jul 30 14:08:39 GMT [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for C2.ACC.AF.SMIL.MIL complete. 5 unique addresses found.Tue Jul 30 14:08:40 GMT [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a18) Invalid password.Tue Jul 30 14:08:41 GMT last message repeated 2 timesTue Jul 30 14:08:41 GMT [cifs.trace.GSS:error]: AUTH: Could not obtain filer credentials.Tue Jul 30 14:08:41 GMT [auth.dc.trace.DCConnection.errorMsg:error]: AUTH: Domain Controller error: NetLogon error 0xc0000001: operation with DC failed, see previous messages.Tue Jul 30 14:09:01 GMT [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a18) Invalid password.NetBios Domain: XX-XXXWindows 2000 Domain Name: DOMAIN.COMType: Windows 2000Filer AD Site: noneNot currently connected to any DCsPreferred Addresses: NoneFavored Addresses: NoneOther Addresses: NoneNot currently connected to any AD LDAP serverPreferred Addresses: XXX.XXX.142.15 BROKEN XXXDCG02.domain.com XXX.XXX.142.16 BROKEN XXXDCG03.domain.comFavored Addresses: NoneOther Addresses: XXX.XXX.200.2 BROKEN zzzdcg02.domain.com XXX.XXX.10.212 BROKEN zzzdcg02.domain.com XXX.XXX.10.211 BROKEN zzzdcg01.domain.comXXXFSG01> Tue Jul 30 14:09:41 GMT last message repeated 2 timesTue Jul 30 14:09:41 GMT [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a18) Invalid password.Tue Jul 30 14:09:41 GMT [cifs.trace.GSS:error]: AUTH: Could not obtain filer credentials.Tue Jul 30 14:09:41 GMT [auth.dc.trace.DCConnection.errorMsg:error]: AUTH: Domain Controller error: NetLogon error 0xc0000001: operation with DC failed, see previous messages.I have checked out my AD structure, and there are no issues that I can find. I also ran a dcdiag on the domain controllers, and there were no errors. I even tried deleting the filer from Active Directory and recreating it, but that didn't help. I keep getting the message that there is an invalid password, but I have no idea what password it is referring to. The time is also good between the NetApp and the DCs. Obviously, the NetApp thinks there is something wrong with the AD, but I have no idea where to go from here. None of my other NetApps is having this issue. Any help will be much appreciated.Tracy

As previously said network is a possible cause.Other things could be time on filer is too far off time on DC.AD object for filer has been deleted or change by a Windows admin.If all users are experiencing a problem, you may need to rebind it to AD - run CIFS setup at command prompt

Still LDAP server not responding when add to authentication search path ...

Howdy All,
I still have an OS X Server 10.5.6 (running Open Directory with its own Master directory) that when configured to connect to a corporate LDAP server indicates the server is responding fine, but when I add the server to the authentication search path, the server is no-longer responding.
I suspect this may mean the LDAP server is choosing to no-longer respond? Is it possible that the LDAP server could have my machine / IP address "black-listed" in some way? I have asked corporate IT but they didn't seem to think so (although I was queried before about repeated connect attempts).
Somewhat strangely I can configure a laptop client (OS X 10.5.6) to connect to the same LDAP server from an Ethernet port on the same LAN and it works fine. However, when I connect this laptop to the LAN through my server (WiFi NAT) I get the same issue as described above.
I don't have the firewall on the server turned on, I have played around with some certificates on the server, but have set "TLS_REQCERT never" in the ldap.conf file on the server (and client) as suggested by corporate IT. I have Kerberos running on the server and all else seems fine on the server.
Can anyone suggest what may be causing this? Or how I can debug the problem?
Thanks in advance.
Cheers,
Ashley.

Hi Jeff,
Thanks for your post. That said, I'm not sure how you got the impression that I wish to go to Maine I'm happy here in Perth, Western Australia.
Jeff Kelleher wrote:
Connecting a Mac to an LDAP server is a far cry from connecting a OS X Server to an existing LDAP server. Not that I could necessarily help, but asking how to connect an OS X Server to an LDAP server is a bit like asking "guess where I am now, how do I get to Maine?"
You need to provide as much info as you can.
Seriously though, I'm not sure of the difference. I am using Directory Utility to allow this OS X Server to get authentication information from an LDAP server just like an OS X Client would.
I have Open Directory in Server Admin just setup to connect to a directory system (i.e. the organisation LDAP server), not a master or replica.
My final goal is to allow access to an OS X TeamsServer Wiki by users who are authenticated against the LDAP server (rather than having to have separate accounts, logins, on the OSXS.)
I am hoping that I can use a group from the LDAP server to define the team, but perhaps I will have to run a standalone OD. I hope then I can add LDAP users to the OD group.
What other information would help?
Thanks,
Ashley.
OS X Server 10.5.6

How to resolve "Connection to LDAP server failed." error?

Hello,
I have installed Coldfusion8 on one of my server that was having ColdFusionMX earlier.
The ColdFusionMX admin settings are automatically transferred to the new Coldfusion8 admin page after installation.
Also I have configured all my websites at the time of installation.
After all when I am trying to login into one of my website system is throwing the below error.
"Connection to LDAP server failed."
Prevously it was working well with coldfusionMX. After installed Coldfusion8 I am facing this problem.
Is there anything to do more with cf admin settings page or is this problem is with the code? (Infact I havent modified my cfm code)
Please find the piece of code that I am using.
<cfldap action="QUERY" server="#application.LDAPServer#" port="#application.LDAPPort#" start="#application.LDAPBase#" name="search" attributes="alias, dn, uid, technicalCareerLevel, locationorgunit, givenName, sn" filter="#filter#" scope="SUBTREE" maxRows="2">
Anybody can assist me on this?
Thanks in advance.
Manoz.

I have fixed this problem successfully.
The problem was with the referral attribute of the cfldap tag.
After adding this (referral="yes") attribute to my code I am able to login into my website.
<cfldap action="QUERY" server="#application.LDAPServer#" port="#application.LDAPPort#" start="#application.LDAPBase#" name="search" attributes="alias, dn, uid, technicalCareerLevel, locationorgunit, givenName, sn" filter="#filter#" scope="SUBTREE" maxRows="2" referral="yes">
Any way thanks for your assistance!!!!!

Finding LDAP server names by DNS lookup.

Hi,
I'm very new with JNDI and DNS
We are hardcoding the ldap server name in our configuration to connect to the Active directory, but the requirement is to know the ldap server name dynmaically by querying the DNS server.
The input given to us are below.
Dns domain : indbank.is.
SRV RRecord : ldap.tcp.
Query dns : ldap.tcp.indbank.is.
The domain controller should be found by a DNS lookup for the domain, then a DNS for Domain controllers that advertise the service, then try to see if the domain controllers areanswering, and if so choose the one with the fastest answer time (to avoid choosing a domain controller over WAN).
Kindly help me.I am beginner and some code sample and tip will be welcome. :)
Thanks in advance.
Hiubert

Thanks a lot to All.
My code is as follows...
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
public class dns1
     public static void main(String[] args)     {
          try {
               Hashtable env = new Hashtable();
               env.put("java.naming.factory.initial","com.sun.jndi.dns.DnsContextFactory");
               env.put("java.naming.provider.url", "dns://indbank.is");
               DirContext ctx = new InitialDirContext(env);
               System.out.println("Intial context created...");
               Attributes attrs = ctx.getAttributes("_ldap._tcp.indbank.is",new String[] {"SRV"});
               System.out.println("Attributes are been retrieved...");
               for (NamingEnumeration ae = attrs.getAll();ae.hasMoreElements();)
                    Attribute attr = (Attribute)ae.next();
                    String attrId = attr.getID();
                    System.out.println("Attribute ID retrieved is" + attrId);
                    for (Enumeration vals = attr.getAll();vals.hasMoreElements(); System.out.println(attrId + ": " + vals.nextElement()));
               ctx.close();
          catch(Exception e)
               System.err.println("Problem querying DNS: " + e);
               e.printStackTrace();
The code runs fine and I get the output as follows
0 100 389 ib500ad1.indbank.in
0 100 389 ib500ad2.indbank.in
I have following questions
1) Do these servers which are returned are the domain controllers or the ldap servers.?(or both domaincontrollers and ldap server are same)
2) how to extract the server name alone from this string.
3) If these two server names are domain controllers then how can I query for a DNS for Domain controllers that advertise the service, then try to see if the domain controllers are answering, and if so choose the one with the fastest answer time (to avoid choosing a domain controller over WAN).
Thanks in advance.
-Hiubert

Query LDAP to XML

I am having trouble using the Query Multiple LDAP to XML component. I have it configured right(?) in the workflow. I am trying to retrieve a couple of attributes about the user who is logged in. For now, I have a text box with an invoke button on my form to simulate the action of getting the logged in user.
In my process, if I hardcode a user in or if I invoke the process via the Components label it runs fine and returns the correct XML. If I try to invoke the web service via my form, I receive an "error attempting to read from file".
I have never queried the LDAP before and I am a little confused. Could anyone offer some help?

I have actually disabled the security for that service. I am thinking the problem is that the LDAP server has some sort of block on web service calls. Could that be the issue? All of my other web services (configured the same exact way) function just fine, and running the query in LiveCycle Workbench works fine. That leads me to believe that something is stopping the WSDL connection.

Getting LDAP server name?

How can I find the LDAP server name and port?
I presume that the first 2 values are LDAP server name and port?
InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx("host", "port", "orcladmin", "pwd");
Please help.
Thanks

Logon to Portal schema and run the below query:
select wwsec_oid.get_oid_host "LDAP Host",wwsec_oid.get_oid_port "LDAP Port" from dual;

Rc.local script to bind and add ldap server

Greetings All,
For the past few years, I've used the script below to bind and add authentication servers to my client machines. The process is simple enough, copy the rc.local script (ref'd below) to /etc/ as root and reboot the client. The problem now, is I don't know if this will work in 10.6. As I read this script, I realized there have been enough changes in location of files and file names between 10.5 and 10.6 that this script isn't going to work.
My question to you guys is this: Is anyone else taking care of their binding/auth services in a similar manner? If so, would you mind sharing the script you're using?
Thanks,
-dave
Here's mine:
#!/bin/sh
# WARNING -- REMEMBER TO UNCOMMENT THE SELF-DELETING LINE!
#Site and/or District-specific Variables
#Local Admin in Image
LOCADMIN="tech" # Local admin user in your image
LOCPASSWD="techpwd" # Local admin password in your image
#Open Directory
ODSITESERVER="odr1.mydomain.edu" # FQDN of the Open Directory Server
ODADMIN="diradmin" # Directory Admin for Open Directory
ODPASSWD="diradminpwd" #Password for OD Directory Admin
### DO NOT EDIT BELOW THIS LINE!
OSMAJORVER=`sw_vers | grep ProductVersion | awk '{print $2}' | cut -c 1-4`
ENETADDRESS=`ifconfig en0 | grep ether | awk '{print $2}'`
#Give the network time to come online
logger "Sleeping 30 seconds"
sleep 30
#Set Date and Time
case $OSMAJORVER in
10.3) date > /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
10.4) date > /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
10.5) date > /Library/Logs/binder.log 2>&1
/usr/sbin/systemsetup -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/usr/sbin/systemsetup -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
esac
#Set Bonjour and Computer Names
# logger "Setting Bonjour and Computer Names"
# SERIALNUMBER=`ioreg -l |grep IOPlatformSerialNumber | awk '{print $4}' | cut -d \" -f 2`
# SECONDOCTET=`ifconfig -a | grep inet | grep -v inet6 | awk '{print $2}' | grep ^10\. | head -n 1 | awk 'BEGIN {FS="."}; { printf "%03d", $2 }'`
# COMPUTERID="A""$SECONDOCTET""$SERIALNUMBER"
# logger "Computer name is $COMPUTERID"
# scutil --set LocalHostName "$COMPUTERID"
# scutil --set ComputerName "$COMPUTERID"
# sleep 3
#Set the Open Directory Server we are binding to based on the second octet of the IP address received from the DHCP lease
# case $SECONDOCTET in
# 002|005|047|110|112|115|119|121|123|128|133|153|241|247|250|251|253) ODSITESERVER="a941wgm.austinisd.org" ; RING="A1N";;
# 009|045|046|052|053|107|109|117|131|132|138|144|151|154|155|179) ODSITESERVER="a117wgm.austinisd.org" ; RING="B1N";;
# 004|006|010|048|055|056|102|106|118|129|141|149|152|157|159|161|163|164|165|178 |189|244|249) ODSITESERVER="a006wgm.austinisd.org" ; RING="C1N";;
# 003|012|015|044|051|105|108|111|116|122|124|125|126|127|139|142|145|150|245) ODSITESERVER="a044wgm.austinisd.org" ; RING="D1N";;
# 007|043|049|058|103|104|114|140|146|160|162|168|171|174|175|176|185|190|246|101 ) ODSITESERVER="a007wgm.austinisd.org" ; RING="B1S";;
# 101) ODSITESERVER="a007wgm.austinisd.org" ; RING="B2S";;
# 008|013|017|054|059|061|120|130|136|147|156|166|172|173|182|184) ODSITESERVER="a008wgm.austinisd.org" ; RING="C1S";;
# 057|060|113|143|148|158|170|180|181|183|248) ODSITESERVER="a008wgm.austinisd.org" ; RING="C2S";;
# *) ODSITESERVER="a000wgm.austinisd.org" ; RING="A0N";;
# esac
#Remove Existing Directory Services Config
logger "Removing existing DS Config"
rm -R /Library/Preferences/DirectoryService/ActiveDirectory*
rm -R /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig*
rm -R /Library/Preferences/DirectoryService/SearchNode*
rm -R /Library/Preferences/DirectoryService/ContactsNode*
rm -R /Library/Preferences/edu.mit.*
rm -R /etc/krb5.keytab
#Enable and disable appropriate plugins
case $OSMAJORVER in
10.3) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
10.4) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
10.5) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1 ;;
esac
#Copy in updated ldap.conf file for Leopard machines, which disables the verification of SSL certs used for LDAP Authentication
case $OSMAJORVER in
10.5) cp /etc/ldap.conf-leopard /etc/openldap/ldap.conf ;;
esac
#Kill Directory Services and respawn to return to DS Defaults
logger "Respawning DS"
killall -9 DirectoryService
#Running "id" triggers a DS Respawn
id "$LOCADMIN" >> /Library/Logs/binder.log 2>&1
sleep 3
#Fix SearchNode plist
case $OSMAJORVER in
10.3) logger "Disabling LDAP via DHCP"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
sleep 3 ;;
10.4) logger "Disabling LDAP via DHCP"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
sleep 3 ;;
esac
#Configure LDAPv3 Plugin -- fix with site-specific data
logger "Configuring LDAPv3 Plugin"
case $OSMAJORVER in
10.4) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
10.5) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
esac
sleep 3
#Make sure we init DS and confirm connectivity to each LDAP directory
logger "Checking OD Node Connectivity"
date >> /Library/Logs/binder.log
echo "Checking OD Node Connectivity" >> /Library/Logs/binder.log
dscl localhost -list /LDAPv3/$ODSITESERVER/Groups >> /Library/Logs/binder.log 2>&1
#Configure Search Path
logger "Configuring Search Nodes"
date >> /Library/Logs/binder.log
echo "Configuring Search Nodes" >> /Library/Logs/binder.log
dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
case $OSMAJORVER in
10.3) defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/LDAPv3/$ODSITESERVER"
killall -9 DirectoryService ;;
10.4) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
10.5) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
esac
date >> /Library/Logs/binder.log
echo "Confirming Search Nodes" >> /Library/Logs/binder.log
dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
#Remove any stale computer records from Open Directory
logger "Removing stale computer records from OD"
dscl /LDAPv3/"$ODSITESERVER" -search Computers ENetAddress "$ENETADDRESS" | awk 'BEGIN {FS="\t\t"}; { print $1 }' | while read COMPNAME
do
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -delete Computers/"$COMPNAME" >> /Library/Logs/binder.log 2>&1
done
#Add computer record to Open Directory
logger "Adding new Computer Record to OD"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/`scutil --get LocalHostName` ENetAddress "$ENETADDRESS" >> /Library/Logs/binder.log 2>&1
#Add to designated computer list - this is ONLY for 10.4 server. This will need to be replaced for 10.5 server.
COMPUTERGROUP="Unprovisioned" # Computer List
logger "Adding to Computer List: $COMPUTERLIST"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/"$COMPUTERID" ENetAddress "$ENETADDRESS"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -append ComputerLists/"$COMPUTERGROUP" Computers "$COMPUTERID"
#Refresh the MCX Cache
logger "Refeshing the MCX Cache"
case $OSMAJORVER in
10.3) /System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher -f >> /Library/Logs/binder.log 2>&1
/System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
10.4) /System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher -f >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
esac
#Disable automatic login on the client
defaults write /Library/Preferences/.GlobalPreferences com.apple.userspref.DisableAutoLogin -bool TRUE
#Enable login hooks on the client
case $OSMAJORVER in
10.4|10.5) defaults write /var/root/Library/Preferences/com.apple.loginwindow EnableMCXLoginScripts -bool true
defaults write /var/root/Library/Preferences/com.apple.loginwindow MCXScriptTrust Anonymous ;;
esac
#Enable Directory Services Status by default on loginwindow
# case $OSMAJORVER in
# 10.4|10.5) defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus ;;
#esac
#Modify the binder log so that only admin viewers may access the file
chmod u=rw,go= /Library/Logs/binder.log
sleep 5
#killall loginwindow
sleep 5
#Comment the lines below, until shutdown if you do not want the script to replace itself with a 30 second delay on startup to ensure the client receives a DHCP lease before loginwindow appears
case $OSMAJORVER in
10.3|10.4) echo sleep 30 > /etc/rc.local ;;
*) srm /etc/rc.local ;;
esac
shutdown -r now
#Exit
exit 0

The first thing I would verify is if you can connect and traverse your Active Directory/Domain Controller using Softerra's free ldap browser.
1. Softerra ldap browser link
http://download.softerra.com/files/ldapbrowser26.msi
Put in the IP/hostname of the domain controller, use the same BASE DN, and user credentials that you used on the IronPort appliance.
I would highly recommend that you create a separate account for the IronPort. (i.e. ironportldap). Do this so that you don't have to worry about accidentially resetting the password and then forgetting to update the IronPort appliance.
2. Once you've verified that you can connect and see your tree, use the same settings from Softerra ldap browser and put them in the IronPort ldap interface.
Try this for your Accept query string
(|(mail={a})(proxyAddresses=smtp:{a}))
3. If it still fails, enable the ldap debug log if you haven't already and paste in the error.
We are trying to add an LDAP Server Profile but everytime we try to test the Accept Query we get an
"Error - Error: configuration error" message.
We are using AD, top of the tree for base DN. dc=domain, dc=local.
We tried communicating with 2 different servers via telnet on ports 389, 3268, both are open.
Tried port 389 and 3268, no SSL, Anynomous and User Password authentication methods.
The error left us clueless since we followed the instructions on the user manual.
For the accept query we tried this query string: (proxyAddresses=smtp:{a})
Any ideas or pointers to what could be causing this are very appriciated.
Thanks.
Ed.

Connection to LDAP server ..ERROR

Hello ,
I am new to coding and I am trying to initiate a connection with the LDAP server but I am not able to get going with the connection..The DBMS_LDAP package is available in the SYS schema in toad.And I am trying to accesss it from the APPS schema.So this is the code that I had written and the errors are mentioned below.So can anyone pls help in this regard...
DECLARE
     ldap_host          VARCHAR2(256);
     ldap_port           PLS_INTEGER;
     l_session          SYS.DBMS_LDAP.session;
BEGIN
     ldap_host := 'entro-dev.cisco.com';
     ldap_port := 389;
     l_session := SYS.DBMS_LDAP.init(ldap_host,ldap_port);
END;
ERRORS...
The following error has occurred:
ORA-04068: existing state of packages has been discarded
ORA-04067: not executed, package body "SYS.DBMS_LDAP" does not exist
ORA-06508: PL/SQL: could not find program unit being called
ORA-06512: at line 8
Thanks,
AK

I have fixed this problem successfully.
The problem was with the referral attribute of the cfldap tag.
After adding this (referral="yes") attribute to my code I am able to login into my website.
<cfldap action="QUERY" server="#application.LDAPServer#" port="#application.LDAPPort#" start="#application.LDAPBase#" name="search" attributes="alias, dn, uid, technicalCareerLevel, locationorgunit, givenName, sn" filter="#filter#" scope="SUBTREE" maxRows="2" referral="yes">
Any way thanks for your assistance!!!!!

Connection to LDAP Server failed

OK, I have an application that has been working for years.
Yesterday it stopped working and my error trapping started sending
me messages with the cfcatch.message of " Connection to LDAP Server
failed" The code hasn't been touch in over three years. Any ideas
what is going on? I have attached the code but changed some
information for security reasons.

CF_contractor wrote:
> OK, I have an application that has been working for
years. Yesterday it
> stopped working and my error trapping started sending me
messages with the
> cfcatch.message of " Connection to LDAP Server failed"
The code hasn't been
> touch in over three years. Any ideas what is going on? I
have attached the
> code but changed some information for security reasons.
>
> <cfldap
> action="QUERY"
> name="qryResults"
> attributes="distinguishedname"
> start=""
> scope="SUBTREE"
> filter = "(cn=#txtxNO#)"
> username="testuser"
> password="test"
> server="server.com"
> >
>
An LDAP administrator change the password for or removed the
'testuser'
account? Happened to me last week.

SOLVED Setting up LDAP server.

Arch is boring because everything runs too smooth . So for a challenge, I tried to set up an LDAP server and I can't getting it to work. I even have a book in front of me!!
I keep getting this error: ldap_result: Can't contact LDAP server (-1)
This is my query: ldapsearch -x '(objectclass=*)' -W -D "cn=admin, dc=example, dc=com"
This is my slapd.conf:
include /etc/openldap/schema/core.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
access to *
by self write
by users read
by anonymous auth
database bdb
suffix "dc=exemple,dc=com"
rootdn "cn=admin,dc=exemple,dc=com"
rootpw secret
directory /var/lib/openldap/openldap-data
index objectClass eq
And this is my ldap.conf:
BASE dc=exemple,dc=com
URI ldap://localhost
nmap localhost shows : 389/tcp open ldap so I guess the server is running
Can someone give me some hint??
EDIT:
hosts.allow damn it.
slapd:ALL:ALLOW.
I did not see any mention whatsoever in Mastering OpenLDAP book from Packt Publishing
Last edited by marxav (2007-09-30 22:46:47)

That is correct. I was indeed able to use the app server (10g) to give the LDAP user permission to access the objects, then used sql commands to register the objects inside the LDAP.
However, I am finding NOTHING about actually creating a unique connection factory that can be registered in the LDAP. I find reference to registering Queues/Topics/Factories inside the LDAP, but nothing about actually creating the factories.
In fact, here
http://download.oracle.com/docs/cd/B28359_01/server.111/b28420/aq_envir.htm#sthref409
it's listed that you cannot use sql to create a connectionfactory... not to mention the create java commands for factories look strikingly similar to the queue/topic GET commands, and not the create commands. You can add an alias for that factory using sql, but can't actually create the factory using sql... ???

Querying LDAP Server

Similar Messages

Maybe you are looking for