Rc.local script to bind and add ldap server
Greetings All,
For the past few years, I've used the script below to bind and add authentication servers to my client machines. The process is simple enough, copy the rc.local script (ref'd below) to /etc/ as root and reboot the client. The problem now, is I don't know if this will work in 10.6. As I read this script, I realized there have been enough changes in location of files and file names between 10.5 and 10.6 that this script isn't going to work.
My question to you guys is this: Is anyone else taking care of their binding/auth services in a similar manner? If so, would you mind sharing the script you're using?
Thanks,
-dave
Here's mine:
#!/bin/sh
# WARNING -- REMEMBER TO UNCOMMENT THE SELF-DELETING LINE!
#Site and/or District-specific Variables
#Local Admin in Image
LOCADMIN="tech" # Local admin user in your image
LOCPASSWD="techpwd" # Local admin password in your image
#Open Directory
ODSITESERVER="odr1.mydomain.edu" # FQDN of the Open Directory Server
ODADMIN="diradmin" # Directory Admin for Open Directory
ODPASSWD="diradminpwd" #Password for OD Directory Admin
### DO NOT EDIT BELOW THIS LINE!
OSMAJORVER=`sw_vers | grep ProductVersion | awk '{print $2}' | cut -c 1-4`
ENETADDRESS=`ifconfig en0 | grep ether | awk '{print $2}'`
#Give the network time to come online
logger "Sleeping 30 seconds"
sleep 30
#Set Date and Time
case $OSMAJORVER in
10.3) date > /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
10.4) date > /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
10.5) date > /Library/Logs/binder.log 2>&1
/usr/sbin/systemsetup -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/usr/sbin/systemsetup -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
esac
#Set Bonjour and Computer Names
# logger "Setting Bonjour and Computer Names"
# SERIALNUMBER=`ioreg -l |grep IOPlatformSerialNumber | awk '{print $4}' | cut -d \" -f 2`
# SECONDOCTET=`ifconfig -a | grep inet | grep -v inet6 | awk '{print $2}' | grep ^10\. | head -n 1 | awk 'BEGIN {FS="."}; { printf "%03d", $2 }'`
# COMPUTERID="A""$SECONDOCTET""$SERIALNUMBER"
# logger "Computer name is $COMPUTERID"
# scutil --set LocalHostName "$COMPUTERID"
# scutil --set ComputerName "$COMPUTERID"
# sleep 3
#Set the Open Directory Server we are binding to based on the second octet of the IP address received from the DHCP lease
# case $SECONDOCTET in
# 002|005|047|110|112|115|119|121|123|128|133|153|241|247|250|251|253) ODSITESERVER="a941wgm.austinisd.org" ; RING="A1N";;
# 009|045|046|052|053|107|109|117|131|132|138|144|151|154|155|179) ODSITESERVER="a117wgm.austinisd.org" ; RING="B1N";;
# 004|006|010|048|055|056|102|106|118|129|141|149|152|157|159|161|163|164|165|178 |189|244|249) ODSITESERVER="a006wgm.austinisd.org" ; RING="C1N";;
# 003|012|015|044|051|105|108|111|116|122|124|125|126|127|139|142|145|150|245) ODSITESERVER="a044wgm.austinisd.org" ; RING="D1N";;
# 007|043|049|058|103|104|114|140|146|160|162|168|171|174|175|176|185|190|246|101 ) ODSITESERVER="a007wgm.austinisd.org" ; RING="B1S";;
# 101) ODSITESERVER="a007wgm.austinisd.org" ; RING="B2S";;
# 008|013|017|054|059|061|120|130|136|147|156|166|172|173|182|184) ODSITESERVER="a008wgm.austinisd.org" ; RING="C1S";;
# 057|060|113|143|148|158|170|180|181|183|248) ODSITESERVER="a008wgm.austinisd.org" ; RING="C2S";;
# *) ODSITESERVER="a000wgm.austinisd.org" ; RING="A0N";;
# esac
#Remove Existing Directory Services Config
logger "Removing existing DS Config"
rm -R /Library/Preferences/DirectoryService/ActiveDirectory*
rm -R /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig*
rm -R /Library/Preferences/DirectoryService/SearchNode*
rm -R /Library/Preferences/DirectoryService/ContactsNode*
rm -R /Library/Preferences/edu.mit.*
rm -R /etc/krb5.keytab
#Enable and disable appropriate plugins
case $OSMAJORVER in
10.3) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
10.4) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
10.5) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1 ;;
esac
#Copy in updated ldap.conf file for Leopard machines, which disables the verification of SSL certs used for LDAP Authentication
case $OSMAJORVER in
10.5) cp /etc/ldap.conf-leopard /etc/openldap/ldap.conf ;;
esac
#Kill Directory Services and respawn to return to DS Defaults
logger "Respawning DS"
killall -9 DirectoryService
#Running "id" triggers a DS Respawn
id "$LOCADMIN" >> /Library/Logs/binder.log 2>&1
sleep 3
#Fix SearchNode plist
case $OSMAJORVER in
10.3) logger "Disabling LDAP via DHCP"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
sleep 3 ;;
10.4) logger "Disabling LDAP via DHCP"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
sleep 3 ;;
esac
#Configure LDAPv3 Plugin -- fix with site-specific data
logger "Configuring LDAPv3 Plugin"
case $OSMAJORVER in
10.4) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
10.5) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
esac
sleep 3
#Make sure we init DS and confirm connectivity to each LDAP directory
logger "Checking OD Node Connectivity"
date >> /Library/Logs/binder.log
echo "Checking OD Node Connectivity" >> /Library/Logs/binder.log
dscl localhost -list /LDAPv3/$ODSITESERVER/Groups >> /Library/Logs/binder.log 2>&1
#Configure Search Path
logger "Configuring Search Nodes"
date >> /Library/Logs/binder.log
echo "Configuring Search Nodes" >> /Library/Logs/binder.log
dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
case $OSMAJORVER in
10.3) defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/LDAPv3/$ODSITESERVER"
killall -9 DirectoryService ;;
10.4) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
10.5) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
esac
date >> /Library/Logs/binder.log
echo "Confirming Search Nodes" >> /Library/Logs/binder.log
dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
#Remove any stale computer records from Open Directory
logger "Removing stale computer records from OD"
dscl /LDAPv3/"$ODSITESERVER" -search Computers ENetAddress "$ENETADDRESS" | awk 'BEGIN {FS="\t\t"}; { print $1 }' | while read COMPNAME
do
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -delete Computers/"$COMPNAME" >> /Library/Logs/binder.log 2>&1
done
#Add computer record to Open Directory
logger "Adding new Computer Record to OD"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/`scutil --get LocalHostName` ENetAddress "$ENETADDRESS" >> /Library/Logs/binder.log 2>&1
#Add to designated computer list - this is ONLY for 10.4 server. This will need to be replaced for 10.5 server.
COMPUTERGROUP="Unprovisioned" # Computer List
logger "Adding to Computer List: $COMPUTERLIST"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/"$COMPUTERID" ENetAddress "$ENETADDRESS"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -append ComputerLists/"$COMPUTERGROUP" Computers "$COMPUTERID"
#Refresh the MCX Cache
logger "Refeshing the MCX Cache"
case $OSMAJORVER in
10.3) /System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher -f >> /Library/Logs/binder.log 2>&1
/System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
10.4) /System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher -f >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
esac
#Disable automatic login on the client
defaults write /Library/Preferences/.GlobalPreferences com.apple.userspref.DisableAutoLogin -bool TRUE
#Enable login hooks on the client
case $OSMAJORVER in
10.4|10.5) defaults write /var/root/Library/Preferences/com.apple.loginwindow EnableMCXLoginScripts -bool true
defaults write /var/root/Library/Preferences/com.apple.loginwindow MCXScriptTrust Anonymous ;;
esac
#Enable Directory Services Status by default on loginwindow
# case $OSMAJORVER in
# 10.4|10.5) defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus ;;
#esac
#Modify the binder log so that only admin viewers may access the file
chmod u=rw,go= /Library/Logs/binder.log
sleep 5
#killall loginwindow
sleep 5
#Comment the lines below, until shutdown if you do not want the script to replace itself with a 30 second delay on startup to ensure the client receives a DHCP lease before loginwindow appears
case $OSMAJORVER in
10.3|10.4) echo sleep 30 > /etc/rc.local ;;
*) srm /etc/rc.local ;;
esac
shutdown -r now
#Exit
exit 0
The first thing I would verify is if you can connect and traverse your Active Directory/Domain Controller using Softerra's free ldap browser.
1. Softerra ldap browser link
http://download.softerra.com/files/ldapbrowser26.msi
Put in the IP/hostname of the domain controller, use the same BASE DN, and user credentials that you used on the IronPort appliance.
I would highly recommend that you create a separate account for the IronPort. (i.e. ironportldap). Do this so that you don't have to worry about accidentially resetting the password and then forgetting to update the IronPort appliance.
2. Once you've verified that you can connect and see your tree, use the same settings from Softerra ldap browser and put them in the IronPort ldap interface.
Try this for your Accept query string
(|(mail={a})(proxyAddresses=smtp:{a}))
3. If it still fails, enable the ldap debug log if you haven't already and paste in the error.
We are trying to add an LDAP Server Profile but everytime we try to test the Accept Query we get an
"Error - Error: configuration error" message.
We are using AD, top of the tree for base DN. dc=domain, dc=local.
We tried communicating with 2 different servers via telnet on ports 389, 3268, both are open.
Tried port 389 and 3268, no SSL, Anynomous and User Password authentication methods.
The error left us clueless since we followed the instructions on the user manual.
For the accept query we tried this query string: (proxyAddresses=smtp:{a})
Any ideas or pointers to what could be causing this are very appriciated.
Thanks.
Ed.
Similar Messages
-
Steps for portal and Microsoft LDAP server integration
Hi,
Could any one guide me steps for portal and Microsoft LDAP server integration. Need it urgently.
Thanks in advance.
Regards,
NirajPlease don't cross post in multiple forums..
-
Powershell Script to Remove and Add the user with same permission
Hi,
I need to remove all users within all site collection of a web application and add them back with same permission level. We have a siteminder based custom trusted identity token issuer configured in our farm. The name of the issuer will be changed
due to some architectural decissions , hence all users which are there before will be unidentified, hence need to be removed and added again.
Currently each user looks like : c:0ǹ.t|Identity Token Issuer1|user1
Post the change the user will look like: c:0ǹ.t|Identity Token Issuer New|user1
I am looking for a powershell script which can handle this operation.
Thanks, BivsworldBivsworld,
Below link should give you a start.
http://www.sptechlearn.com/2014/10/delete-users-from-user-information-list.html -
Portal and Netscape LDAP server integration
Hi,
I am trying to integrate Netscape LDAP server (6.0) with portal server 7, but
having lots of trouble doing that.
I've followed the instructions in the developer guide and completed the following
steps:
1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServer in config.xml
and modified the entries to fit my environment.
2. Deployed ldapprofile.jar and customized the env variables.
After these two steps, nothing happened. Then I did the third step:
3. added a iPlanet Authenticator to the realm CompatibilityRealm, which is my
default realm for the server.
However, after step 3, I wasn't able to boot weblogic server. Please note I have
create two users, system and weblogic in my LDAP server.
I copied the stack trace below. Any suggestions will be greatly appreciated.
Weiguo
C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java" -hotspot
-Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
-Dweblogic.Name=portalDemoServer
-Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
weblogic.Server
<Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting boot identity
from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
Starting WebLogic Server...
<Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loading configuration
C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configuration data
was found on server portalDemoServer for realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Security initializing
using realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Server failed
during initialization. Exception:java.lang.SecurityException: Authentication for
user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied at
weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
<Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342> <Unable to
in
itialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)Thanks a lot Scott. I followed your instructions and got it working to a certain
degree. I am pretty happy about the results.
There are still a few issues:
1. I had to create groups and users in my directory server in order to boot up
and logon to the server. This is expected, but is it possible to export these
user/group settings from the embedded LDAP server so that I can import them into
my directory server? Currently, the only way is manual and it's error prone. A
lot of trial and error has to happen to get there.
2. It seems that using Netscape LDAP server only allows read-only access. This
means we have to create new users/groups outside of the portal server and one
other side effect is self-registration is impossible, unless we use custom security
providers. Is this assessment correct? Since LDAP integration is so important,
wouldn't it be nice if BEA have that built-in and all we need to do is to switch
to and configure it?
3. I got duplicate users and groups in compatibility security. Obviously, one
set is from my LDAP server and the other is from the embedded one. I tried to
remove to embedded LDAP authenticator, but the duplicates are still there. How
can I get rid of the duplicates - I only want the ones from my LDAP server?
Thanks again Scott.
Weiguo
Scott Dunbar <[email protected]> wrote:
Weiguo,
WLP 7.0 uses a compatibility realm only and will not work with the
custom realm that you created for the Netscape directory server.
Configuring an LDAP compatibility realm isn't too bad and its
configuration is much like 4.0. However, it can be hard to configure
initially from the console. One way is to shut your server down and
modify config.xml directly - but make sure you make a backup copy first!
Then add something like:
<CachingRealm BasicRealm="myRealm" CacheCaseSensitive="true"
Name="wlcsCachingRealm"/>
<CustomRealm
ConfigurationData="user.filter=(&(uid=%u)(objectclass=person));
user.dn=ou=people,dc=beasys,dc=com;
server.principal=uid=dirmanager,ou=people,dc=beasys,dc=com;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.host=somehost.beasys.com;
group.dn=ou=groups,dc=beasys,dc=com"
Name="myRealm" Password="your_password_here"
RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
will enable your LDAP server. After this is setup it will be much
easier to configure via the console. Obviously you'll need to update
the parameters above for your configuration.
Weiguo Wang wrote:
Hi,
I am trying to integrate Netscape LDAP server (6.0) with portal server7, but
having lots of trouble doing that.
I've followed the instructions in the developer guide and completedthe following
steps:
1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServerin config.xml
and modified the entries to fit my environment.
2. Deployed ldapprofile.jar and customized the env variables.
After these two steps, nothing happened. Then I did the third step:
3. added a iPlanet Authenticator to the realm CompatibilityRealm, whichis my
default realm for the server.
However, after step 3, I wasn't able to boot weblogic server. Pleasenote I have
create two users, system and weblogic in my LDAP server.
I copied the stack trace below. Any suggestions will be greatly appreciated.
Weiguo
C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java"-hotspot
-Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
-Dweblogic.Name=portalDemoServer
-Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
weblogic.Server
<Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting bootidentity
from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
Starting WebLogic Server...
<Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loadingconfiguration
C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configurationdata
was found on server portalDemoServer for realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Securityinitializing
using realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Serverfailed
during initialization. Exception:java.lang.SecurityException: Authenticationfor
user weblogic denied
java.lang.SecurityException: Authentication for user weblogic deniedat
weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
<Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342><Unable to
in
itialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
scott dunbar bea systems,
inc.
[email protected] boulder, co
303 998 2125 usa -
Besides, can we install the LDAP server in sparc hosts as nameing system? Can we use Sun LDAP server or iPlanet Directory Server? or need BIND DNS server too?
There is a nice book from Michael Haines and Tom Bialaski: "Solaris and LDAP Naming Services" which contains all you need to configure Directory Server, LDAP, Naming Switch...
Ludovic. -
Unable to see local (LAN)_share drive and pc on server 2012
Hello,
we have windows server 2012 and almost everything is working well.
we have installed AD and domain controllers but we do not use domain controllers. we use mostly for RDP connection.
What we are trying to do is that other users on the same network can see the share folder setup on windows 2012 but no sucess
they see all other network devices but not windows 2012.... they even see our old 2003 server.
I am banging my head for almost 1 week to fix this issue.
and also, the w2012 server does not see any others local share device
the firewall is disable and sharing is on for pubic on w2012.
is there a gpo that is blocking it or something else
the fact that is not is on the same workgroup (but 2003 is on different workgroup and other people can see the see that server )
any guide or indices because i am out of idea and i am nearly to throw my server because of that :(
Thank youSorry for my English and for misunderstanding.
We have 2 servers only : one 2003 and other 2012
2003 is running but rarely used.
2012 is a new server : AD, RDP Licensing Server and file share server are on the same OS (same machine)
You also have another server (2) that's running windows 2003 and is not joined to the domain (workgroup only).
No, it is configured as domain too but not same as 2012.
Users are bringing in their own devices, plugging it into a LAN network (that's on the same subnet as the servers) and are not able to see the 2012R2 file server but they can see and connect to 2003 server.
Correct
Thank you -
Portal 7 and embedded LDAP server
I searched for this on support but nothing much came up on Portal 7, so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported by the
embedded LDAP server that comes with WLS? Can I convert sooner or later?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait and use the
embedded LDAP?
Thanks,
SteveTure,
Can use LDAP for UUP without using it for authentication/authorization? If so,
how, or at least can you kindly point to a document that descrips how?
Thanks
Ture Hoefner <[email protected]> wrote:
Hello Steve,
I think you may be confusing the LDAP v2 specification with the WLS
6.x, 7.x
V2 LdapRealm. The "V2" in "V2 LdapRealm" does not have anything to do
with the
LDAP v2 spec. It is just version 2 of the LdapRealm (
http://e-docs.bea.com/wls/docs70/secmanage/security6.html#1071872 )
Portal
doesn't really care which LDAP server you are using (and it works with
both the
original LdapRealm and the V2 LdapRealm).
When using Portal with LDAP, there are three things you can use it
for:
1) authentication/authorization, using WLS security framework, and/or
2) read-only Unified User Profile (UUP) via LdapPropertyManager in
ldapprofile.jar to get user properties from LDAP, and/or
3) read/write UUP via your own custom EntityPropertyManager to get/set
user
properties from LDAP.
If you are using LDAP for authentication/authorization, then just follow
instructions from WLS for configuring it. Your Portal app is a J2EE
app that
will use this service from your WLS app server.
If you are using LDAP for a UUP then it doesn't really matter which LDAP
server
you use, as long as it really follows the LDAP spec. Portal just uses
JNDI to
search for attributes in the LDAP server and provides them to you as
user
properties.
Steve Lewis wrote:
I searched for this on support but nothing much came up on Portal 7,so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported bythe
embedded LDAP server that comes with WLS? Can I convert sooner orlater?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait anduse the
embedded LDAP?
Thanks,
Steve--
Ture Hoefner
BEA Systems, Inc.
4001 Discovery Drive
Suite 340
Boulder, CO 80303
www.bea.com -
Hi,
Let say, I have 3 parameters.
1. Script FolderPath (Remote path for e.g \\RD101\ScriptSharedFolder Here RD101 is one server)
2. Script Name(StopAllService.ps1)
3. Server Name (RD45)
I want to execute a powershell scritp in my local machine(Test1) and in that script I want to pass the above three parameters.Now I want to excute the StopAllService.ps1 script into RD45 server. But the script is available in RD101 machine.
So What I want to here How can we do this ? I have script name and script folder path and target execution server name.
Pls giude me or give me the script.
By
A Path Finder..
JoSwa
If a post answers your question, please click "Mark As Answer" on that post and "Mark as Helpful"
Best Online JournalHi,
You got 2 solutions for your problem:
1- If you have permission to run scripts in the remote computer without specifying your credential,
then, the first reply solve your problem.
2- If you have permission to run scripts in the remote computer
having to specify your credential, l then,
my solution solves your problem.
If the remote computer requires signed scripts only, you need signed script. Period. Or are you trying to break remote computer security?
If you need signed script, there's no psdrive that'll circumvent such requirement.
The problem is that the execution policy is set to "RemoteSigned". Using the URL explicitly tags that script as being from a remote source, and the policy blocks it. The PSDrive provides a local reference for the script. It does not
sign the script but the local drive reference may prevent it from being blocked for being from a remote source. I'll test that later.
Script signing is not and should never be considered a security measure. It is easily circumvented by running the script using powershell.exe, and using the -ExecutionPolicy parameter to override whatever the local execution policy setting is.
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " " -
How can i config WLS7 and iPlanet LDAP
How can i config WLS7 and iPlanet LDAP?
failed during initialization. Exception:java.lang.SecurityException: Authenticat
ion for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>Yos:
Series of steps to get WLS working with some external LDAP server follows:
I. create a new domain /mydomain
II. start server
III. open WebLogic console in a browser
IV. in left frame, go to
security->realms->myrealm->providers->AuthenticationProviders and click
V. in right frame, click on “Configure a new iPlanet Authenticator”
VI. In the new screen, under General, make sure the Control Flag is set to Required,
select a name for this authenticator, and click Create.
VII. Select iPlanet LDAP tab and fill in values for Host, Port, Principal where
these values reflect the settings for your LDAP server. (Note: the default
principal for an iPlanet LDAP server is uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot). Click Apply.
VIII. Click on Credential: Change. At the new screen, enter the credential
associated with the Principal that you entered in step VII in both boxes. This will
be the password that is used to do a bind to your LDAP server with the principal.
Click Apply.
IX. Select Users tab and make sure these properties accurately reflect the structure
of your LDAP server. Most of the time the only property that needs to be changed is
the User Base DN property, from ou=people,o=example.com to
ou=people,o=myCompany.com. Click Apply.
X. Select Groups tab and make sure these properties accurately reflect the structure
of your LDAP server. Most of the time the only property that needs to be changed is
the Groups Base DN property, from ou=people,o=example.com to
ou=groups,o=myCompany.com. Click Apply.
XI. Now, the boot identity of your server absolutely must be a user that exists on
your LDAP server. You must also have an “Administrators” group on your LDAP server,
and the boot identity must be a user that exists in this “Administrators” group, or
the server will not start. So open your LDAP console (this will be a console that
is specific to the LDAP server you are using) and use the management tools to create
the “Administrators” group and a user that you place in the “Administrators” group
that is the boot identity that you use to start WebLogic.
XII. Make these changes and restart the server.
XIII. You can verify that the LDAP setup is correct by doing a thread dump. You
should see a thread like:
“LDAPConnThread localhost:389" daemon prio=5 tid=0x8d9b308 nid=0x8f8 runnable
[0x9e2f000..0x9e2fdbc]
at java.net.SocketInputStream.socketRead(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:86)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
- locked <3281d98> (a java.io.BufferedInputStream)
at netscape.ldap.ber.stream.BERElement.getElement(BERElement.java:101)
at netscape.ldap.LDAPConnThread.run(LDAPConnThread.java:420)
where “localhost:389” is the server name and port of your LDAP
server. This means that your Authenticator has been set up correctly.
XIV. Now you can delete your default authenticator. Open the WebLogic console and
go to security->realms->myrealm->providers->AuthenticationProviders in the left
frame, and click
XV. In the right frame, look for DefaultAuthenticator and click on the trash can to
the far right. Say “Yes” when it asks if you are sure, then click Continue.
XVI. Restart the WebLogic server. If the server boots correctly, you’re done.
Everything is working correctly.
Please note that the "default authenticator" refers to the embedded LDAP server that
ships with WebLogic.
Hope this helps.
Joe Jerry
Yos wrote:
How can i config WLS7 and iPlanet LDAP?
failed during initialization. Exception:java.lang.SecurityException: Authenticat
ion for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
> -
Integrating existing staff database and LDAP server - where to start?
Hi,
I really hope you guys can help me out here. Basically I have an Oracle based staff database and an LDAP server for global intranet application authentication. Now I've been tasked with implementing Oracle Portal for a local Intranet site, adding the usual static HR info, but also writing an editor for the staff database, some reports on other databases, and some simple workflows to authorise page updates, etc. I'm kind of stumped on where to start in integrating everything together. What's the best approach? Can I simply rewrite the views used by the portal to look at my staff tables, or do I need to refresh into the portal somehow? That being the case, how do I prevent users editing their data (as it'll be overwritten) Is it easy to authenticate against a third party LDAP server? If so, how? Plug-in in OID? Can I change the views in the portal to look at the data in my existing staff DB instead of the local portal tables? Many questions, I know, but Oracle's documentation is like diet food - lots of bulk with very little by way of calories. Getting very disillusioned with the whole thing to be honest, so some motivational success stories would be nice too!
Regards,
G Walker
PS/ So far all I'm struck with is the number of bugs I've come across, and that's without doing anything fancy...Here is a link to a tutorial regarding AS2/PHP/MySQL that might be helpful. You may need to search for database-specific tutorials as well.
http://www.gotoandlearn.com/play.php?id=20 -
Can I use LDAP server's authentication mechanism rather than comparing password ?
Hi All,
The weblogic security and adminguide says that the user authencation can be of
the following 3 types:
1. Bind specifies that the LDAP security realm
retrieves user data, including the password for
the LDAP server, and checks the password in
WebLogic Server.
2. External specifies that the LDAP security
realm authenticates a User by attempting to
bind to the LDAP server with the username
and password supplied by theWebLogic
Server client. If you choose the External
setting, you must also use the SSL protocol.
3. Local specifies that the LDAP security realm
authenticates a User by looking up the
UserPassword property in the LDAP directory
and checking it against the passwords in
WebLogic Server.
But say I want that my users should be authenticated by the LDAP server rather
than picking up the password from LDAP and comparing at weblogic end. Then what
should I do ?
Because no. 2 is applicable only for ssl certificates, no.1 and no.3 picks up
password using the login dn and password provided at the time of configuration
of realm and compare with password given by user.
And once gain there some issues on having picking up password and comparing it:
1. Netscape directory server can store the password in oneway hashed form(and
that is preferred , too). So when userpassword attribute is read , it's in one
way hashed form. So how the comparison will go on ?
2. Creating a user who has the access to user data along with userpassword attribute
itself is a security threat, as if someone can crack that user's dn and password
then he/she can do anything as userdata can be read.
Any suggestion is welcome.
TIA,
SudarsonThanks a lot Jerry.
I got these stuff from weblogic 6.1 docs sets security.pdf and adminguide.pdf.
I have another question, if that is the case (in Case of BIND), then why do we
a require a dn of user and password who has the access to read the entire directory
And at the same time, u specified this for Bind, what are the cases for other
two-local and external ? And then what is actually difference between Bind and
Local ?
Pls help me.
Thanks,
Sudarson
Jerry <[email protected]> wrote:
Hi Sudarson,
Whatever doc you were reading is at least partially incorrect, unfortunately...
I know for sure that when you specify BIND, weblogic sends the username/password
to your
LDAP server in an attempt to bind to it.
If the bind is successful, WLS determines that the username/password
pair were correct.
If the bind was unsuccessful, WLS determines that the username/password
pairing is not
valid.
At all times, WebLogic is letting the LDAP server do the actual compare
of
username/password. WLS does not, at any time, retrieve a password from
the LDAP server.
I hope this helps,
Joe Jerry
sudarson wrote:
Hi All,
The weblogic security and adminguide says that the user authencationcan be of
the following 3 types:
1. Bind specifies that the LDAP security realm
retrieves user data, including the password for
the LDAP server, and checks the password in
WebLogic Server.
2. External specifies that the LDAP security
realm authenticates a User by attempting to
bind to the LDAP server with the username
and password supplied by theWebLogic
Server client. If you choose the External
setting, you must also use the SSL protocol.
3. Local specifies that the LDAP security realm
authenticates a User by looking up the
UserPassword property in the LDAP directory
and checking it against the passwords in
WebLogic Server.
But say I want that my users should be authenticated by the LDAP serverrather
than picking up the password from LDAP and comparing at weblogic end.Then what
should I do ?
Because no. 2 is applicable only for ssl certificates, no.1 and no.3picks up
password using the login dn and password provided at the time of configuration
of realm and compare with password given by user.
And once gain there some issues on having picking up password and comparingit:
1. Netscape directory server can store the password in oneway hashedform(and
that is preferred , too). So when userpassword attribute is read ,it's in one
way hashed form. So how the comparison will go on ?
2. Creating a user who has the access to user data along with userpasswordattribute
itself is a security threat, as if someone can crack that user's dnand password
then he/she can do anything as userdata can be read.
Any suggestion is welcome.
TIA,
Sudarson -
Hi,
I am trying to bind objects to LDAP server running on Windows 2000 locally.I found LDAP server for other OS s and Windows NT,but not for Win 2000.Can anybody suggest where we can download LDAP server for Win 2000.Or, how can we create an account on free LDAP servers on line and use.
Thanks in advance
GopalI don't see how "Find me a free LDAP server that runs on Windows 2000" qualifies as a Java programming question. And it took me less than a minute to find one via Google. So STFW.
-
Solaris 10 client - ldap_search: Can't connect to LDAP server
Hello
I have following configuration:
- openLDAP server in Solaris 10 zone called ldap
- native LDAP client in different Solaris 10 zone called mail on the same SPARC machine
I can't get ldapsearch results after ldapclient initialization.
[root@mail ~]# ldapsearch -b dc=pov,dc=pl objectclass=*
ldap_search: Can't connect to the LDAP server - Connection refused
But I am able to get data from LDAP server if address of the server is specified:
[root@mail ~]# ldapsearch -b dc=pov,dc=pl -h 192.168.1.40 objectclass=*
version: 1
dn: ou=users,dc=pov,dc=pl
objectClass: organizationalUnit
ou: Users
Here is ldapclient config:
[root@mail ~]# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 192.168.1.40
NS_LDAP_SEARCH_BASEDN= dc=pov,dc=pl
NS_LDAP_AUTH= none
NS_LDAP_CACHETTL= 0
What am I missing?Hi, I'm no exprert but I will try to help you. Are you still working on this?
This what my stuff looks like:
# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= uid=proxyagent,ou=People,dc=deathnote,dc=net
NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411
NS_LDAP_SERVERS= 10.0.1.21:389
NS_LDAP_SEARCH_BASEDN= dc=deathnote,dc=net
NS_LDAP_AUTH= none
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=deathnote,dc=net
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=deathnote,dc=net
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=deathnote,dc=net
NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple
[root@light migration]# cat user00.ldif
dn: uid=user00,ou=People,dc=deathnote,dc=net
uid: user00
cn: user00
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 805
gidNumber: 501
homeDirectory: /home/user00
gecos: ldap user
Also update you hosts file and add your server to the domain.
I hope this helps.
Edited by: CyberNinja on Oct 22, 2011 12:37 PM -
Usage of external LDAP server with Portal
Hi All,
We are in a situation to use external LDAP server with WLP 8.1. These are the
constraints we have to deal with:
1. Only read is allowed from this LDAP server.
2. This would be used for authentication purpose
If thats the case, how can we use Visitor Entitlements/Delegated Admin and Group
creation using Portal Admin tool since this will write to the configured LDAP
server.
Can somebody answer my question:
1. Can we use external LDAP server - just for authetication (I know this is possible
by using JAAS LoginModule, but I just want to get confirmed on this ) and
2. Use default and embedded LDAP server for all others like Group/Visitor Entitlements/DAs.
Any relevant pointers are also welcome.
TIA,
Prashanth Bhat.Thanks for th ereply. Some of your answers are not clear. Can you pls eloborate
on this?? Pls see my comments below.
"Johnson" <[email protected]> wrote:
>
Phil,
Can I use embedded LDAP for production?
Thanks
Lawrence
"Phil Griffin" <BEA> wrote:
"Prashanth " <[email protected]> wrote in message
news:[email protected]..
Hi All,
We are in a situation to use external LDAP server with WLP 8.1. Theseare
the
constraints we have to deal with:
1. Only read is allowed from this LDAP server.
2. This would be used for authentication purpose
If thats the case, how can we use Visitor Entitlements/Delegated Adminand
Group
creation using Portal Admin tool since this will write to the configuredLDAP
server.
Can somebody answer my question:
1. Can we use external LDAP server - just for authetication (I knowthis
is possible
by using JAAS LoginModule, but I just want to get confirmed on this) and
>
You can add the external LDAP server just for authentication, but in
versions through
8.1 SP2 WLP will want to verify the user exists (via the UserReaderMBean)
during
the login process (this check has been removed in SP3). A work around
is to
duplicate
the user in a provider that does impl UserReaderMBean.
Prashanth : You mean to say we have to duplicate the User in embedded LDAP server
also??
>>
2. Use default and embedded LDAP server for all others like Group/VisitorEntitlements/DAs.
>
Yes, the default/embedded LDAP can still be used for DA/visitor
entitlements. In the current
release, the Portal Admin Tools can only be configured to use a single
authentication provider
while forming entitlements. In SP3, all configured providers are
listed/usable by the tools.Prashanth : How can we configure Portal Admin tool to use authentication provider
for entitlements??
>>
Any relevant pointers are also welcome.
TIA,
Prashanth Bhat. -
I've two ldap server and replication.
messaging server v6.0 show error messages after start the start-msg command.
What is the below error message mean ?
Could you suggest me how to start the messaging server without error messages.
1. run configutil -o local.ugldaphost -v "mail.domain.com ldap2.domain.com"
2. run configutil -o local.ugldapuselocal -v yes
3. run configutil -o local.ldaphost -v "mail.domain.com ldap2.domain.com"
error messages
# start-msg
[21/Mar/2004:12:03:32 +0700] mail [12167]: General Warning: could not get server configuration in ldap, using cached configuration information
[21/Mar/2004:12:03:32 +0700] mail [12168]: General Warning: could not get server configuration in ldap, using cached configuration information
Connecting to watcher ...
Launching watcher ...
ens is running already
store is running already
imap is running already
pop is running already
http is running already
sched is running already
dispatcher is running already
Starting job_controller server ....[21/Mar/2004:12:03:32 +0700] mail [12170]: General Warning: could not get server configuration in ldap, using cached configuration information
12170Your error indicates that your step 3 was not the correct thing to do.
local.ldaphost
is for the "configuration" ldap server. If you've not replicated/duplicated the o=NetscapeRoot tree from your originally installed LDAP server, then the server is rightly complaining that it can't get its' config information from the failed over ldap server.
Maybe you are looking for
-
Javascript editor in Joomla not working on OS X server (X.4.8)
Hello! I'm recently begun to retool my school's web presence from static pages to a CMS. We're using Joomla. To get started, I installed the MAMP Apache/MySQL/PHP environment on my iMac and started building. Happy with the results, I decided to start
-
I have a quite annoying problem with my N95 8Gb Gallery. Since last week, when I open the gallery it appears a lot of system files that shouldn't be there instead of only showing my videos and photos. It makes the phone a lot slower and it crashes. I
-
Regarding generic delta numeric pointer
Hello gurus, I have done changes in RS02 --> vbak table on field VBELN > using numeric pointer>new status of changed records. I have set changes for Delta pointer too e.g 50000 in ROOSGENDLM . I have entered sales data in VA02 transaction. Say docume
-
Creating objects in a second instance
I have created a second instance through the console of a directory server, which has been configured with the same rootdn as the original. When I open up the console why in the new instance does it show the rootdn on the config tab but the original
-
What is the best way to change to color of the first word in a paragraph?
I have a lot of paragraphs where I want the first word to keep the same font, size, type - but I want to change just the color of the lettering.