Rc.local script to bind and add ldap server

Greetings All,
For the past few years, I've used the script below to bind and add authentication servers to my client machines. The process is simple enough, copy the rc.local script (ref'd below) to /etc/ as root and reboot the client. The problem now, is I don't know if this will work in 10.6. As I read this script, I realized there have been enough changes in location of files and file names between 10.5 and 10.6 that this script isn't going to work.
My question to you guys is this: Is anyone else taking care of their binding/auth services in a similar manner? If so, would you mind sharing the script you're using?
Thanks,
-dave
Here's mine:
#!/bin/sh
# WARNING -- REMEMBER TO UNCOMMENT THE SELF-DELETING LINE!
#Site and/or District-specific Variables
#Local Admin in Image
LOCADMIN="tech" # Local admin user in your image
LOCPASSWD="techpwd" # Local admin password in your image
#Open Directory
ODSITESERVER="odr1.mydomain.edu" # FQDN of the Open Directory Server
ODADMIN="diradmin" # Directory Admin for Open Directory
ODPASSWD="diradminpwd" #Password for OD Directory Admin
### DO NOT EDIT BELOW THIS LINE!
OSMAJORVER=`sw_vers | grep ProductVersion | awk '{print $2}' | cut -c 1-4`
ENETADDRESS=`ifconfig en0 | grep ether | awk '{print $2}'`
#Give the network time to come online
logger "Sleeping 30 seconds"
sleep 30
#Set Date and Time
case $OSMAJORVER in
10.3) date > /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
10.4) date > /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
10.5) date > /Library/Logs/binder.log 2>&1
/usr/sbin/systemsetup -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/usr/sbin/systemsetup -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
esac
#Set Bonjour and Computer Names
# logger "Setting Bonjour and Computer Names"
# SERIALNUMBER=`ioreg -l |grep IOPlatformSerialNumber | awk '{print $4}' | cut -d \" -f 2`
# SECONDOCTET=`ifconfig -a | grep inet | grep -v inet6 | awk '{print $2}' | grep ^10\. | head -n 1 | awk 'BEGIN {FS="."}; { printf "%03d", $2 }'`
# COMPUTERID="A""$SECONDOCTET""$SERIALNUMBER"
# logger "Computer name is $COMPUTERID"
# scutil --set LocalHostName "$COMPUTERID"
# scutil --set ComputerName "$COMPUTERID"
# sleep 3
#Set the Open Directory Server we are binding to based on the second octet of the IP address received from the DHCP lease
# case $SECONDOCTET in
# 002|005|047|110|112|115|119|121|123|128|133|153|241|247|250|251|253) ODSITESERVER="a941wgm.austinisd.org" ; RING="A1N";;
# 009|045|046|052|053|107|109|117|131|132|138|144|151|154|155|179) ODSITESERVER="a117wgm.austinisd.org" ; RING="B1N";;
# 004|006|010|048|055|056|102|106|118|129|141|149|152|157|159|161|163|164|165|178 |189|244|249) ODSITESERVER="a006wgm.austinisd.org" ; RING="C1N";;
# 003|012|015|044|051|105|108|111|116|122|124|125|126|127|139|142|145|150|245) ODSITESERVER="a044wgm.austinisd.org" ; RING="D1N";;
# 007|043|049|058|103|104|114|140|146|160|162|168|171|174|175|176|185|190|246|101 ) ODSITESERVER="a007wgm.austinisd.org" ; RING="B1S";;
# 101) ODSITESERVER="a007wgm.austinisd.org" ; RING="B2S";;
# 008|013|017|054|059|061|120|130|136|147|156|166|172|173|182|184) ODSITESERVER="a008wgm.austinisd.org" ; RING="C1S";;
# 057|060|113|143|148|158|170|180|181|183|248) ODSITESERVER="a008wgm.austinisd.org" ; RING="C2S";;
# *) ODSITESERVER="a000wgm.austinisd.org" ; RING="A0N";;
# esac
#Remove Existing Directory Services Config
logger "Removing existing DS Config"
rm -R /Library/Preferences/DirectoryService/ActiveDirectory*
rm -R /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig*
rm -R /Library/Preferences/DirectoryService/SearchNode*
rm -R /Library/Preferences/DirectoryService/ContactsNode*
rm -R /Library/Preferences/edu.mit.*
rm -R /etc/krb5.keytab
#Enable and disable appropriate plugins
case $OSMAJORVER in
10.3) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
10.4) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
10.5) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1 ;;
esac
#Copy in updated ldap.conf file for Leopard machines, which disables the verification of SSL certs used for LDAP Authentication
case $OSMAJORVER in
10.5) cp /etc/ldap.conf-leopard /etc/openldap/ldap.conf ;;
esac
#Kill Directory Services and respawn to return to DS Defaults
logger "Respawning DS"
killall -9 DirectoryService
#Running "id" triggers a DS Respawn
id "$LOCADMIN" >> /Library/Logs/binder.log 2>&1
sleep 3
#Fix SearchNode plist
case $OSMAJORVER in
10.3) logger "Disabling LDAP via DHCP"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
sleep 3 ;;
10.4) logger "Disabling LDAP via DHCP"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
sleep 3 ;;
esac
#Configure LDAPv3 Plugin -- fix with site-specific data
logger "Configuring LDAPv3 Plugin"
case $OSMAJORVER in
10.4) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
10.5) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
esac
sleep 3
#Make sure we init DS and confirm connectivity to each LDAP directory
logger "Checking OD Node Connectivity"
date >> /Library/Logs/binder.log
echo "Checking OD Node Connectivity" >> /Library/Logs/binder.log
dscl localhost -list /LDAPv3/$ODSITESERVER/Groups >> /Library/Logs/binder.log 2>&1
#Configure Search Path
logger "Configuring Search Nodes"
date >> /Library/Logs/binder.log
echo "Configuring Search Nodes" >> /Library/Logs/binder.log
dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
case $OSMAJORVER in
10.3) defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/LDAPv3/$ODSITESERVER"
killall -9 DirectoryService ;;
10.4) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
10.5) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
esac
date >> /Library/Logs/binder.log
echo "Confirming Search Nodes" >> /Library/Logs/binder.log
dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
#Remove any stale computer records from Open Directory
logger "Removing stale computer records from OD"
dscl /LDAPv3/"$ODSITESERVER" -search Computers ENetAddress "$ENETADDRESS" | awk 'BEGIN {FS="\t\t"}; { print $1 }' | while read COMPNAME
do
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -delete Computers/"$COMPNAME" >> /Library/Logs/binder.log 2>&1
done
#Add computer record to Open Directory
logger "Adding new Computer Record to OD"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/`scutil --get LocalHostName` ENetAddress "$ENETADDRESS" >> /Library/Logs/binder.log 2>&1
#Add to designated computer list - this is ONLY for 10.4 server. This will need to be replaced for 10.5 server.
COMPUTERGROUP="Unprovisioned" # Computer List
logger "Adding to Computer List: $COMPUTERLIST"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/"$COMPUTERID" ENetAddress "$ENETADDRESS"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -append ComputerLists/"$COMPUTERGROUP" Computers "$COMPUTERID"
#Refresh the MCX Cache
logger "Refeshing the MCX Cache"
case $OSMAJORVER in
10.3) /System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher -f >> /Library/Logs/binder.log 2>&1
/System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
10.4) /System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher -f >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
esac
#Disable automatic login on the client
defaults write /Library/Preferences/.GlobalPreferences com.apple.userspref.DisableAutoLogin -bool TRUE
#Enable login hooks on the client
case $OSMAJORVER in
10.4|10.5) defaults write /var/root/Library/Preferences/com.apple.loginwindow EnableMCXLoginScripts -bool true
defaults write /var/root/Library/Preferences/com.apple.loginwindow MCXScriptTrust Anonymous ;;
esac
#Enable Directory Services Status by default on loginwindow
# case $OSMAJORVER in
# 10.4|10.5) defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus ;;
#esac
#Modify the binder log so that only admin viewers may access the file
chmod u=rw,go= /Library/Logs/binder.log
sleep 5
#killall loginwindow
sleep 5
#Comment the lines below, until shutdown if you do not want the script to replace itself with a 30 second delay on startup to ensure the client receives a DHCP lease before loginwindow appears
case $OSMAJORVER in
10.3|10.4) echo sleep 30 > /etc/rc.local ;;
*) srm /etc/rc.local ;;
esac
shutdown -r now
#Exit
exit 0

The first thing I would verify is if you can connect and traverse your Active Directory/Domain Controller using Softerra's free ldap browser.
1. Softerra ldap browser link
http://download.softerra.com/files/ldapbrowser26.msi
Put in the IP/hostname of the domain controller, use the same BASE DN, and user credentials that you used on the IronPort appliance.
I would highly recommend that you create a separate account for the IronPort. (i.e. ironportldap). Do this so that you don't have to worry about accidentially resetting the password and then forgetting to update the IronPort appliance.
2. Once you've verified that you can connect and see your tree, use the same settings from Softerra ldap browser and put them in the IronPort ldap interface.
Try this for your Accept query string
(|(mail={a})(proxyAddresses=smtp:{a}))
3. If it still fails, enable the ldap debug log if you haven't already and paste in the error.
We are trying to add an LDAP Server Profile but everytime we try to test the Accept Query we get an
"Error - Error: configuration error" message.
We are using AD, top of the tree for base DN. dc=domain, dc=local.
We tried communicating with 2 different servers via telnet on ports 389, 3268, both are open.
Tried port 389 and 3268, no SSL, Anynomous and User Password authentication methods.
The error left us clueless since we followed the instructions on the user manual.
For the accept query we tried this query string: (proxyAddresses=smtp:{a})
Any ideas or pointers to what could be causing this are very appriciated.
Thanks.
Ed.

Similar Messages

  • Steps for portal and Microsoft LDAP server integration

    Hi,
    Could any one guide me steps for portal and Microsoft LDAP server integration. Need it urgently.
    Thanks in advance.
    Regards,
    Niraj

    Please don't cross post in multiple forums..

  • Powershell Script to Remove and Add the user with same permission

    Hi,
    I need to remove all users within all site collection of a web application and add them back with same permission level. We have a siteminder based custom trusted identity token issuer configured in our farm. The name of the issuer will be changed
    due to some architectural decissions , hence all users which are there before will be unidentified, hence need to be removed and added again.
    Currently each user looks like :                       c:0ǹ.t|Identity Token Issuer1|user1
    Post the change the user will look like:          c:0ǹ.t|Identity Token Issuer New|user1
    I am looking for a powershell script which can handle this operation.
    Thanks, Bivsworld

    Bivsworld,
    Below link should give you a start.
    http://www.sptechlearn.com/2014/10/delete-users-from-user-information-list.html

  • Portal and Netscape LDAP server integration

    Hi,
    I am trying to integrate Netscape LDAP server (6.0) with portal server 7, but
    having lots of trouble doing that.
    I've followed the instructions in the developer guide and completed the following
    steps:
    1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServer in config.xml
    and modified the entries to fit my environment.
    2. Deployed ldapprofile.jar and customized the env variables.
    After these two steps, nothing happened. Then I did the third step:
    3. added a iPlanet Authenticator to the realm CompatibilityRealm, which is my
    default realm for the server.
    However, after step 3, I wasn't able to boot weblogic server. Please note I have
    create two users, system and weblogic in my LDAP server.
    I copied the stack trace below. Any suggestions will be greatly appreciated.
    Weiguo
    C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java" -hotspot
    -Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
    -Dweblogic.Name=portalDemoServer
    -Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
    assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
    lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
    weblogic.Server
    <Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting boot identity
    from user.>
    Enter username to boot WebLogic server:weblogic
    Enter password to boot WebLogic server:
    Starting WebLogic Server...
    <Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loading configuration
    C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configuration data
    was found on server portalDemoServer for realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Security initializing
    using realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Server failed
    during initialization. Exception:java.lang.SecurityException: Authentication for
    user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied at
    weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    >
    <Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342> <Unable to
    in
    itialize the server: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    >
    The WebLogic Server did not start up properly.
    Exception raised:
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    Reason: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)

    Thanks a lot Scott. I followed your instructions and got it working to a certain
    degree. I am pretty happy about the results.
    There are still a few issues:
    1. I had to create groups and users in my directory server in order to boot up
    and logon to the server. This is expected, but is it possible to export these
    user/group settings from the embedded LDAP server so that I can import them into
    my directory server? Currently, the only way is manual and it's error prone. A
    lot of trial and error has to happen to get there.
    2. It seems that using Netscape LDAP server only allows read-only access. This
    means we have to create new users/groups outside of the portal server and one
    other side effect is self-registration is impossible, unless we use custom security
    providers. Is this assessment correct? Since LDAP integration is so important,
    wouldn't it be nice if BEA have that built-in and all we need to do is to switch
    to and configure it?
    3. I got duplicate users and groups in compatibility security. Obviously, one
    set is from my LDAP server and the other is from the embedded one. I tried to
    remove to embedded LDAP authenticator, but the duplicates are still there. How
    can I get rid of the duplicates - I only want the ones from my LDAP server?
    Thanks again Scott.
    Weiguo
    Scott Dunbar <[email protected]> wrote:
    Weiguo,
    WLP 7.0 uses a compatibility realm only and will not work with the
    custom realm that you created for the Netscape directory server.
    Configuring an LDAP compatibility realm isn't too bad and its
    configuration is much like 4.0. However, it can be hard to configure
    initially from the console. One way is to shut your server down and
    modify config.xml directly - but make sure you make a backup copy first!
    Then add something like:
    <CachingRealm BasicRealm="myRealm" CacheCaseSensitive="true"
    Name="wlcsCachingRealm"/>
    <CustomRealm
    ConfigurationData="user.filter=(&(uid=%u)(objectclass=person));
    user.dn=ou=people,dc=beasys,dc=com;
    server.principal=uid=dirmanager,ou=people,dc=beasys,dc=com;
    membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
    group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
    server.host=somehost.beasys.com;
    group.dn=ou=groups,dc=beasys,dc=com"
    Name="myRealm" Password="your_password_here"
    RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
    will enable your LDAP server. After this is setup it will be much
    easier to configure via the console. Obviously you'll need to update
    the parameters above for your configuration.
    Weiguo Wang wrote:
    Hi,
    I am trying to integrate Netscape LDAP server (6.0) with portal server7, but
    having lots of trouble doing that.
    I've followed the instructions in the developer guide and completedthe following
    steps:
    1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServerin config.xml
    and modified the entries to fit my environment.
    2. Deployed ldapprofile.jar and customized the env variables.
    After these two steps, nothing happened. Then I did the third step:
    3. added a iPlanet Authenticator to the realm CompatibilityRealm, whichis my
    default realm for the server.
    However, after step 3, I wasn't able to boot weblogic server. Pleasenote I have
    create two users, system and weblogic in my LDAP server.
    I copied the stack trace below. Any suggestions will be greatly appreciated.
    Weiguo
    C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java"-hotspot
    -Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
    -Dweblogic.Name=portalDemoServer
    -Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
    assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
    lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
    weblogic.Server
    <Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting bootidentity
    from user.>
    Enter username to boot WebLogic server:weblogic
    Enter password to boot WebLogic server:
    Starting WebLogic Server...
    <Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loadingconfiguration
    C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configurationdata
    was found on server portalDemoServer for realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Securityinitializing
    using realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Serverfailed
    during initialization. Exception:java.lang.SecurityException: Authenticationfor
    user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic deniedat
    weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    <Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342><Unable to
    in
    itialize the server: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    The WebLogic Server did not start up properly.
    Exception raised:
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    Reason: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    scott dunbar bea systems,
    inc.
    [email protected] boulder, co
    303 998 2125 usa

  • Are there any rough processes for Solaris administrator to setup Sun LDAP as nameing server at Sun sparc host? like: 1st: modify /etc/nfsswitch.nfs 2nd: add LDAP server in /etc/hosts. 3rd: ......

    Besides, can we install the LDAP server in sparc hosts as nameing system? Can we use Sun LDAP server or iPlanet Directory Server? or need BIND DNS server too?

    There is a nice book from Michael Haines and Tom Bialaski: "Solaris and LDAP Naming Services" which contains all you need to configure Directory Server, LDAP, Naming Switch...
    Ludovic.

  • Unable to see local (LAN)_share drive and pc on server 2012

    Hello, 
    we have windows server 2012 and almost everything is working well. 
    we have installed AD and domain controllers but we do not use domain controllers.  we use mostly for RDP connection.
    What we are trying to do is that other users on the same network can see the share folder setup on windows 2012 but no sucess
    they see all other network devices but not windows 2012.... they even see our old 2003 server.
    I am banging my head for almost 1 week to fix this issue.
    and also, the w2012 server does not see any others local share device
    the firewall is disable and sharing is on for pubic on w2012.
    is there a gpo that is blocking it or something else
    the fact that is not is on the same workgroup (but 2003 is on different workgroup and other people can see the see that server )
    any guide or indices because i am out of idea and i am nearly to throw my server  because of that :(
    Thank you

    Sorry for my English and for misunderstanding.
    We have 2 servers only : one 2003 and other 2012 
    2003 is running but rarely used.
    2012 is a new server : AD, RDP Licensing Server and file share server are on the same OS (same machine)
    You also have another server (2) that's running windows 2003 and is not joined to the domain (workgroup only).
    No, it is configured as domain too but not same as 2012.
    Users are bringing in their own devices, plugging it into a LAN network (that's on the same subnet as the servers) and are not able to see the 2012R2 file server but they can see and connect to 2003 server.
    Correct
    Thank you

  • Portal 7 and embedded LDAP server

    I searched for this on support but nothing much came up on Portal 7, so here
    goes:
    We're thinking of moving to LDAP for user authentication. LDAP 2 is
    supported by the current Portal. What LDAP version is supported by the
    embedded LDAP server that comes with WLS? Can I convert sooner or later?
    Do I have to wait on something?
    Should I put off putting my users into LDAP 2 (OpenLDAP) or wait and use the
    embedded LDAP?
    Thanks,
    Steve

    Ture,
    Can use LDAP for UUP without using it for authentication/authorization? If so,
    how, or at least can you kindly point to a document that descrips how?
    Thanks
    Ture Hoefner <[email protected]> wrote:
    Hello Steve,
    I think you may be confusing the LDAP v2 specification with the WLS
    6.x, 7.x
    V2 LdapRealm. The "V2" in "V2 LdapRealm" does not have anything to do
    with the
    LDAP v2 spec. It is just version 2 of the LdapRealm (
    http://e-docs.bea.com/wls/docs70/secmanage/security6.html#1071872 )
    Portal
    doesn't really care which LDAP server you are using (and it works with
    both the
    original LdapRealm and the V2 LdapRealm).
    When using Portal with LDAP, there are three things you can use it
    for:
    1) authentication/authorization, using WLS security framework, and/or
    2) read-only Unified User Profile (UUP) via LdapPropertyManager in
    ldapprofile.jar to get user properties from LDAP, and/or
    3) read/write UUP via your own custom EntityPropertyManager to get/set
    user
    properties from LDAP.
    If you are using LDAP for authentication/authorization, then just follow
    instructions from WLS for configuring it. Your Portal app is a J2EE
    app that
    will use this service from your WLS app server.
    If you are using LDAP for a UUP then it doesn't really matter which LDAP
    server
    you use, as long as it really follows the LDAP spec. Portal just uses
    JNDI to
    search for attributes in the LDAP server and provides them to you as
    user
    properties.
    Steve Lewis wrote:
    I searched for this on support but nothing much came up on Portal 7,so here
    goes:
    We're thinking of moving to LDAP for user authentication. LDAP 2 is
    supported by the current Portal. What LDAP version is supported bythe
    embedded LDAP server that comes with WLS? Can I convert sooner orlater?
    Do I have to wait on something?
    Should I put off putting my users into LDAP 2 (OpenLDAP) or wait anduse the
    embedded LDAP?
    Thanks,
    Steve--
    Ture Hoefner
    BEA Systems, Inc.
    4001 Discovery Drive
    Suite 340
    Boulder, CO 80303
    www.bea.com

  • How to excute a power shell script to remote machine using power shell script folder path and script name

    Hi,
    Let say, I have 3 parameters.
    1. Script FolderPath (Remote path for e.g \\RD101\ScriptSharedFolder     Here RD101 is one server)
    2. Script Name(StopAllService.ps1)
    3. Server Name (RD45)
    I want to execute a powershell scritp in my local machine(Test1)  and in that script I want to pass the above three parameters.Now I want to excute the StopAllService.ps1 script into RD45 server. But the script is available in RD101 machine.
    So What I want to here How can we do this ? I have script name and script folder path and target execution server name.
    Pls giude me or give me the script.
    By
    A Path Finder..
    JoSwa 
    If a post answers your question, please click &quot;Mark As Answer&quot; on that post and &quot;Mark as Helpful&quot;
    Best Online Journal

    Hi,
    You got 2 solutions for your problem:
    1- If you have permission to run scripts in the remote computer without specifying your credential,
    then, the first reply solve your problem.
    2- If you have permission to run scripts in the remote computer
    having to specify your credential, l then,
    my solution solves your problem.
    If the remote computer requires signed scripts only, you need signed script. Period. Or are you trying to break remote computer security?
    If you need signed script, there's no psdrive that'll circumvent such requirement.
    The problem is that the execution policy is set to "RemoteSigned". Using the URL explicitly tags that script as being from a remote source, and the policy blocks it.  The PSDrive provides a local reference for the script.  It does not
    sign the script but the local drive reference may prevent it from being blocked for being from a remote source. I'll test that later.
    Script signing is not and should never be considered a security measure. It is easily circumvented by running the script using powershell.exe, and using the -ExecutionPolicy parameter to override whatever the local execution policy setting is. 
    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

  • How can i config WLS7 and iPlanet LDAP

    How can i config WLS7 and iPlanet LDAP?
    failed during initialization. Exception:java.lang.SecurityException: Authenticat
    ion for user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:978)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1116)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
    at weblogic.Server.main(Server.java:31)
    >

    Yos:
    Series of steps to get WLS working with some external LDAP server follows:
    I. create a new domain /mydomain
    II. start server
    III. open WebLogic console in a browser
    IV. in left frame, go to
    security->realms->myrealm->providers->AuthenticationProviders and click
    V. in right frame, click on “Configure a new iPlanet Authenticator”
    VI. In the new screen, under General, make sure the Control Flag is set to Required,
    select a name for this authenticator, and click Create.
    VII. Select iPlanet LDAP tab and fill in values for Host, Port, Principal where
    these values reflect the settings for your LDAP server. (Note: the default
    principal for an iPlanet LDAP server is uid=admin, ou=Administrators,
    ou=TopologyManagement, o=NetscapeRoot). Click Apply.
    VIII. Click on Credential: Change. At the new screen, enter the credential
    associated with the Principal that you entered in step VII in both boxes. This will
    be the password that is used to do a bind to your LDAP server with the principal.
    Click Apply.
    IX. Select Users tab and make sure these properties accurately reflect the structure
    of your LDAP server. Most of the time the only property that needs to be changed is
    the User Base DN property, from ou=people,o=example.com to
    ou=people,o=myCompany.com. Click Apply.
    X. Select Groups tab and make sure these properties accurately reflect the structure
    of your LDAP server. Most of the time the only property that needs to be changed is
    the Groups Base DN property, from ou=people,o=example.com to
    ou=groups,o=myCompany.com. Click Apply.
    XI. Now, the boot identity of your server absolutely must be a user that exists on
    your LDAP server. You must also have an “Administrators” group on your LDAP server,
    and the boot identity must be a user that exists in this “Administrators” group, or
    the server will not start. So open your LDAP console (this will be a console that
    is specific to the LDAP server you are using) and use the management tools to create
    the “Administrators” group and a user that you place in the “Administrators” group
    that is the boot identity that you use to start WebLogic.
    XII. Make these changes and restart the server.
    XIII. You can verify that the LDAP setup is correct by doing a thread dump. You
    should see a thread like:
    “LDAPConnThread localhost:389" daemon prio=5 tid=0x8d9b308 nid=0x8f8 runnable
    [0x9e2f000..0x9e2fdbc]
    at java.net.SocketInputStream.socketRead(Native Method)
    at java.net.SocketInputStream.read(SocketInputStream.java:86)
    at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
    at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
    - locked <3281d98> (a java.io.BufferedInputStream)
    at netscape.ldap.ber.stream.BERElement.getElement(BERElement.java:101)
    at netscape.ldap.LDAPConnThread.run(LDAPConnThread.java:420)
    where “localhost:389” is the server name and port of your LDAP
    server. This means that your Authenticator has been set up correctly.
    XIV. Now you can delete your default authenticator. Open the WebLogic console and
    go to security->realms->myrealm->providers->AuthenticationProviders in the left
    frame, and click
    XV. In the right frame, look for DefaultAuthenticator and click on the trash can to
    the far right. Say “Yes” when it asks if you are sure, then click Continue.
    XVI. Restart the WebLogic server. If the server boots correctly, you’re done.
    Everything is working correctly.
    Please note that the "default authenticator" refers to the embedded LDAP server that
    ships with WebLogic.
    Hope this helps.
    Joe Jerry
    Yos wrote:
    How can i config WLS7 and iPlanet LDAP?
    failed during initialization. Exception:java.lang.SecurityException: Authenticat
    ion for user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:978)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1116)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
    at weblogic.Server.main(Server.java:31)
    >

  • Integrating existing staff database and LDAP server - where to start?

    Hi,
    I really hope you guys can help me out here. Basically I have an Oracle based staff database and an LDAP server for global intranet application authentication. Now I've been tasked with implementing Oracle Portal for a local Intranet site, adding the usual static HR info, but also writing an editor for the staff database, some reports on other databases, and some simple workflows to authorise page updates, etc. I'm kind of stumped on where to start in integrating everything together. What's the best approach? Can I simply rewrite the views used by the portal to look at my staff tables, or do I need to refresh into the portal somehow? That being the case, how do I prevent users editing their data (as it'll be overwritten) Is it easy to authenticate against a third party LDAP server? If so, how? Plug-in in OID? Can I change the views in the portal to look at the data in my existing staff DB instead of the local portal tables? Many questions, I know, but Oracle's documentation is like diet food - lots of bulk with very little by way of calories. Getting very disillusioned with the whole thing to be honest, so some motivational success stories would be nice too!
    Regards,
    G Walker
    PS/ So far all I'm struck with is the number of bugs I've come across, and that's without doing anything fancy...

    Here is a link to a tutorial regarding AS2/PHP/MySQL that might be helpful.  You may need to search for database-specific tutorials as well.
    http://www.gotoandlearn.com/play.php?id=20

  • Can I use LDAP server's authentication mechanism rather than comparing password ?

    Hi All,
    The weblogic security and adminguide says that the user authencation can be of
    the following 3 types:
    1. Bind specifies that the LDAP security realm
    retrieves user data, including the password for
    the LDAP server, and checks the password in
    WebLogic Server.
    2. External specifies that the LDAP security
    realm authenticates a User by attempting to
    bind to the LDAP server with the username
    and password supplied by theWebLogic
    Server client. If you choose the External
    setting, you must also use the SSL protocol.
    3. Local specifies that the LDAP security realm
    authenticates a User by looking up the
    UserPassword property in the LDAP directory
    and checking it against the passwords in
    WebLogic Server.
    But say I want that my users should be authenticated by the LDAP server rather
    than picking up the password from LDAP and comparing at weblogic end. Then what
    should I do ?
    Because no. 2 is applicable only for ssl certificates, no.1 and no.3 picks up
    password using the login dn and password provided at the time of configuration
    of realm and compare with password given by user.
    And once gain there some issues on having picking up password and comparing it:
    1. Netscape directory server can store the password in oneway hashed form(and
    that is preferred , too). So when userpassword attribute is read , it's in one
    way hashed form. So how the comparison will go on ?
    2. Creating a user who has the access to user data along with userpassword attribute
    itself is a security threat, as if someone can crack that user's dn and password
    then he/she can do anything as userdata can be read.
    Any suggestion is welcome.
    TIA,
    Sudarson

    Thanks a lot Jerry.
    I got these stuff from weblogic 6.1 docs sets security.pdf and adminguide.pdf.
    I have another question, if that is the case (in Case of BIND), then why do we
    a require a dn of user and password who has the access to read the entire directory
    And at the same time, u specified this for Bind, what are the cases for other
    two-local and external ? And then what is actually difference between Bind and
    Local ?
    Pls help me.
    Thanks,
    Sudarson
    Jerry <[email protected]> wrote:
    Hi Sudarson,
    Whatever doc you were reading is at least partially incorrect, unfortunately...
    I know for sure that when you specify BIND, weblogic sends the username/password
    to your
    LDAP server in an attempt to bind to it.
    If the bind is successful, WLS determines that the username/password
    pair were correct.
    If the bind was unsuccessful, WLS determines that the username/password
    pairing is not
    valid.
    At all times, WebLogic is letting the LDAP server do the actual compare
    of
    username/password. WLS does not, at any time, retrieve a password from
    the LDAP server.
    I hope this helps,
    Joe Jerry
    sudarson wrote:
    Hi All,
    The weblogic security and adminguide says that the user authencationcan be of
    the following 3 types:
    1. Bind specifies that the LDAP security realm
    retrieves user data, including the password for
    the LDAP server, and checks the password in
    WebLogic Server.
    2. External specifies that the LDAP security
    realm authenticates a User by attempting to
    bind to the LDAP server with the username
    and password supplied by theWebLogic
    Server client. If you choose the External
    setting, you must also use the SSL protocol.
    3. Local specifies that the LDAP security realm
    authenticates a User by looking up the
    UserPassword property in the LDAP directory
    and checking it against the passwords in
    WebLogic Server.
    But say I want that my users should be authenticated by the LDAP serverrather
    than picking up the password from LDAP and comparing at weblogic end.Then what
    should I do ?
    Because no. 2 is applicable only for ssl certificates, no.1 and no.3picks up
    password using the login dn and password provided at the time of configuration
    of realm and compare with password given by user.
    And once gain there some issues on having picking up password and comparingit:
    1. Netscape directory server can store the password in oneway hashedform(and
    that is preferred , too). So when userpassword attribute is read ,it's in one
    way hashed form. So how the comparison will go on ?
    2. Creating a user who has the access to user data along with userpasswordattribute
    itself is a security threat, as if someone can crack that user's dnand password
    then he/she can do anything as userdata can be read.
    Any suggestion is welcome.
    TIA,
    Sudarson

  • LDAP server on Windows2000

    Hi,
    I am trying to bind objects to LDAP server running on Windows 2000 locally.I found LDAP server for other OS s and Windows NT,but not for Win 2000.Can anybody suggest where we can download LDAP server for Win 2000.Or, how can we create an account on free LDAP servers on line and use.
    Thanks in advance
    Gopal

    I don't see how "Find me a free LDAP server that runs on Windows 2000" qualifies as a Java programming question. And it took me less than a minute to find one via Google. So STFW.

  • Solaris 10 client - ldap_search: Can't connect to LDAP server

    Hello
    I have following configuration:
    - openLDAP server in Solaris 10 zone called ldap
    - native LDAP client in different Solaris 10 zone called mail on the same SPARC machine
    I can't get ldapsearch results after ldapclient initialization.
    [root@mail ~]# ldapsearch -b dc=pov,dc=pl objectclass=*
    ldap_search: Can't connect to the LDAP server - Connection refused
    But I am able to get data from LDAP server if address of the server is specified:
    [root@mail ~]# ldapsearch -b dc=pov,dc=pl -h 192.168.1.40 objectclass=*
    version: 1
    dn: ou=users,dc=pov,dc=pl
    objectClass: organizationalUnit
    ou: Users
    Here is ldapclient config:
    [root@mail ~]# ldapclient list
    NS_LDAP_FILE_VERSION= 2.0
    NS_LDAP_SERVERS= 192.168.1.40
    NS_LDAP_SEARCH_BASEDN= dc=pov,dc=pl
    NS_LDAP_AUTH= none
    NS_LDAP_CACHETTL= 0
    What am I missing?

    Hi, I'm no exprert but I will try to help you. Are you still working on this?
    This what my stuff looks like:
    # ldapclient list
    NS_LDAP_FILE_VERSION= 2.0
    NS_LDAP_BINDDN= uid=proxyagent,ou=People,dc=deathnote,dc=net
    NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411
    NS_LDAP_SERVERS= 10.0.1.21:389
    NS_LDAP_SEARCH_BASEDN= dc=deathnote,dc=net
    NS_LDAP_AUTH= none
    NS_LDAP_CACHETTL= 0
    NS_LDAP_CREDENTIAL_LEVEL= proxy
    NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=deathnote,dc=net
    NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=deathnote,dc=net
    NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=deathnote,dc=net
    NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple
    [root@light migration]# cat user00.ldif
    dn: uid=user00,ou=People,dc=deathnote,dc=net
    uid: user00
    cn: user00
    objectClass: account
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: top
    loginShell: /bin/bash
    uidNumber: 805
    gidNumber: 501
    homeDirectory: /home/user00
    gecos: ldap user
    Also update you hosts file and add your server to the domain.
    I hope this helps.
    Edited by: CyberNinja on Oct 22, 2011 12:37 PM

  • Usage of external LDAP server with Portal

    Hi All,
    We are in a situation to use external LDAP server with WLP 8.1. These are the
    constraints we have to deal with:
    1. Only read is allowed from this LDAP server.
    2. This would be used for authentication purpose
    If thats the case, how can we use Visitor Entitlements/Delegated Admin and Group
    creation using Portal Admin tool since this will write to the configured LDAP
    server.
    Can somebody answer my question:
    1. Can we use external LDAP server - just for authetication (I know this is possible
    by using JAAS LoginModule, but I just want to get confirmed on this ) and
    2. Use default and embedded LDAP server for all others like Group/Visitor Entitlements/DAs.
    Any relevant pointers are also welcome.
    TIA,
    Prashanth Bhat.

    Thanks for th ereply. Some of your answers are not clear. Can you pls eloborate
    on this?? Pls see my comments below.
    "Johnson" <[email protected]> wrote:
    >
    Phil,
    Can I use embedded LDAP for production?
    Thanks
    Lawrence
    "Phil Griffin" <BEA> wrote:
    "Prashanth " <[email protected]> wrote in message
    news:[email protected]..
    Hi All,
    We are in a situation to use external LDAP server with WLP 8.1. Theseare
    the
    constraints we have to deal with:
    1. Only read is allowed from this LDAP server.
    2. This would be used for authentication purpose
    If thats the case, how can we use Visitor Entitlements/Delegated Adminand
    Group
    creation using Portal Admin tool since this will write to the configuredLDAP
    server.
    Can somebody answer my question:
    1. Can we use external LDAP server - just for authetication (I knowthis
    is possible
    by using JAAS LoginModule, but I just want to get confirmed on this) and
    >
    You can add the external LDAP server just for authentication, but in
    versions through
    8.1 SP2 WLP will want to verify the user exists (via the UserReaderMBean)
    during
    the login process (this check has been removed in SP3). A work around
    is to
    duplicate
    the user in a provider that does impl UserReaderMBean.
    Prashanth : You mean to say we have to duplicate the User in embedded LDAP server
    also??
    >>
    2. Use default and embedded LDAP server for all others like Group/VisitorEntitlements/DAs.
    >
    Yes, the default/embedded LDAP can still be used for DA/visitor
    entitlements. In the current
    release, the Portal Admin Tools can only be configured to use a single
    authentication provider
    while forming entitlements. In SP3, all configured providers are
    listed/usable by the tools.Prashanth : How can we configure Portal Admin tool to use authentication provider
    for entitlements??
    >>
    Any relevant pointers are also welcome.
    TIA,
    Prashanth Bhat.

  • Failover ldap server

    I've two ldap server and replication.
    messaging server v6.0 show error messages after start the start-msg command.
    What is the below error message mean ?
    Could you suggest me how to start the messaging server without error messages.
    1. run configutil -o local.ugldaphost -v "mail.domain.com ldap2.domain.com"
    2. run configutil -o local.ugldapuselocal -v yes
    3. run configutil -o local.ldaphost -v "mail.domain.com ldap2.domain.com"
    error messages
    # start-msg
    [21/Mar/2004:12:03:32 +0700] mail [12167]: General Warning: could not get server configuration in ldap, using cached configuration information
    [21/Mar/2004:12:03:32 +0700] mail [12168]: General Warning: could not get server configuration in ldap, using cached configuration information
    Connecting to watcher ...
    Launching watcher ...
    ens is running already
    store is running already
    imap is running already
    pop is running already
    http is running already
    sched is running already
    dispatcher is running already
    Starting job_controller server ....[21/Mar/2004:12:03:32 +0700] mail [12170]: General Warning: could not get server configuration in ldap, using cached configuration information
    12170

    Your error indicates that your step 3 was not the correct thing to do.
    local.ldaphost
    is for the "configuration" ldap server. If you've not replicated/duplicated the o=NetscapeRoot tree from your originally installed LDAP server, then the server is rightly complaining that it can't get its' config information from the failed over ldap server.

Maybe you are looking for

  • Javascript editor in Joomla not working on OS X server (X.4.8)

    Hello! I'm recently begun to retool my school's web presence from static pages to a CMS. We're using Joomla. To get started, I installed the MAMP Apache/MySQL/PHP environment on my iMac and started building. Happy with the results, I decided to start

  • Problem with N95 8Gb Gallery

    I have a quite annoying problem with my N95 8Gb Gallery. Since last week, when I open the gallery it appears a lot of system files that shouldn't be there instead of only showing my videos and photos. It makes the phone a lot slower and it crashes. I

  • Regarding generic delta numeric pointer

    Hello gurus, I have done changes in RS02 --> vbak table on field VBELN > using numeric pointer>new status of changed records. I have set changes for Delta pointer too e.g 50000 in ROOSGENDLM . I have entered sales data in VA02 transaction. Say docume

  • Creating objects in a second instance

    I have created a second instance through the console of a directory server, which has been configured with the same rootdn as the original. When I open up the console why in the new instance does it show the rootdn on the config tab but the original

  • What is the best way to change to color of the first word in a paragraph?

    I have a lot of paragraphs where I want the first word to keep the same font, size, type - but I want to change just the color of the lettering.