Regarding sunone directory server

Similar Messages

• JAAS LoginModule for SunOne Directory Server?

  I have a customer who is using SunOne Directory Server for LDAP.
  I have test code that uses the JAAS's com.sun.security.auth.module.JndiLoginModule to do authentication against an OpenLDAP test server.
  The test code won't work at the customer site because they need to use a special userid/pw along with the subject userid/pw in order to do an authentication. I assume this is LDAP v3 stuff, but the customer is unsure. Unfortunately I have no direct access to the customer's LDAP admin folk. Typical bureaucracy stuff.
  The customer was able to write java code that authenticates to his LDAP server using example code from http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html which uses the JNDI API and specifies the access userid/pw using Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS.
  So thats great, however my application uses JAAS, and therfore only indirectly uses JNDI. The JndiLoginModule provided by JAAS does not appear to support the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS parameters.
  A custom JAAS LoginModule could be written which interfaces to the JNDI LDAP stuff, however considering that JAAS and the SunOne Directory server are both Sun products, I thought perhaps SunOne Directory comes with a JAAS compatible LoginModule that my customer does not know about? I've looked at online docs, but haven't found any such thing yet.

  Hey dav,
  Sorry that I am not posting to give you a solution - it is more to ask for some guidance.
  I am implementing a client-server arch system which has a lot of 'privileged' actions to be managed. I have thus succesfully integrated the basics of JAAS in to the system... but I am now desparately looking for away to have client-side policies distributed at runtime from the server.
  I do not want to get involved with any web/application server stuff more than I need to; unfortunately one of the system requirements is for client-server comms to be facilitated by SOAP over HTTP, and thus probably JAX-RPC - but it is no problem. I have a developed a database backed Policy and (JAAS) Config which constitute parts of the server component. Now it is just a case of getting the policy to the client at client start-up and subsequently the configuration forJAAS authentication. The aim is that this data will be transfered once during login, and anytime that the the policy is requested to be refreshed.
  Since reading you post, I'm wondering what services LDAP or JNDI can offer me?
  Also, is JNDI an appropriate option for data persistence? is it better to go with JDO or some other object store abstraction.
  Kind regards,
  Darren B

• Change the User ID running the SunOne Directory Server 6.3 on Windows 2003

  Hi Experts,
  I have an install of SunOne Directory Server Enterprise edition 6.3 running on Windows 2003 server. It was installed using the Zip distribution and is running as a user ID in the Active Directory the server is part of. We are trying to change the user ID to a service account (not the current ID which belongs to a person), so that the Sun DS can run as a service within Windows 2003 server. Need help in doing this without having to re-install the Directory server. Has anyone done this and is it possible to do?

  Thank you very much for the insights and the responses sharmy28.
  Appreciate it very much.
  All I had to do was change the setting in this file only:
  Open the file dsee6/cacao_2/etc/cacao/instances/default/private/cacao.properties and change the below line with new id...
  # Define username and groupname for cacao process
  process.username=sunadmin
  process.groupname=sungroup
  As this is Windows 2003 and the installs are all default values, I had to reboot the server for the change to take effect.
  The file dsee6/cacao_2/usr/lib/cacao/lib/tools/scripts/globals.cfg does not exist. However the same file exists under the perl directory as globals.pl and the settings you specified are present there. In our case these were commented out and so I left them as is.
  Thanks once again for your responses which helped me solve the issue we had.
  Thanks.

• How to create users with i18n characters in SunONE directory server?

  Was trying to create users and groups with i18n characters in SunONE directory server
  1. Started LDAP console using -l option
  2. Chaged the Locale to Japanese
  3. Entered few japanese character as username (meaning internationalization user name)
  4. However, I could not able to type the password using the "soft keyboard" that comes with Japanese Locale
  5. to overcome with #4, for now, I typed english chars as the password
  6. Click OK to save the above username/pwd
  7. It says "netscape.ldap.LDAPException: error result (19); value of attribute "uid" contains extended (8-bit) characters"
  Has anyone ever created i18n user names in SunONE Directory Provider? Please help...

  Hi LostLad,
  Soryy for my ignorance...Could you please be elaborate on how to remove "uid attribute from 7-bit ASCII plugin?
  Thanks in advance..

• First time configuring Sol9 built-in SunONE Directory Server

  Hi!
  I'm using Solaris 9 Sparc and I'm trying to configure the SunONE Directory Server included with Sol9.
  When I type :
  directoryserver startconsole , it asks for :
  UserID
  Password
  Administration URL
  but how can I specify these info if it's a first time configuration ?

  Because I have it on a Netra T1 AC200 without video card and I can't find the Directoryserver binary...

• How to enable FIPS on sunone directory server 6.3?

  Hi all,
  My product needs FIPS certification.
  As part of that we will be connecting to sunone directory server and use it as user store.
  For that i need the steps to enable FIPS on sunone directory server 6.3.
  Has any one done this before?
  Please help me in this.
  Thanks in advance.
  Usha.

  To enable the TLS Encryption Cipher
  1. Check out the ssl-supported-ciphers property of the server.
  $ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
  $ dsconf get-server-prop -h host -p port ssl-supported-ciphers
    ssl-supported-ciphers :     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    ...Hope this helps,
  -Shankar

• SunOne Directory server on AIX 5.3

  Hello members,
  I have a question for the technical team. I am tasked to install SunOne
  directory server on AIX 5.3.
  We have already installed SunOne on AIX 5.2 and it is proven that it works fine in our live environement however it is not yet tested on AIX 5.3.
  I would like to know if SunOne 5.2 is supported by AIX 5.3 and if I should be aware any potential problems during installation.
  Thanks,
  G.S.

  Hello,
  Thanks Ludovic, I really appreciate info that you have provided.
  I have now managed to install SunOne on AIX 5.3 and tried to create new instance from server group through SUNOne server console GUI.
  But this gives me an error like below:
  createSIE failed for ssDN=test.example.co.uk
  The return code is:155Here is the sieEntry:
  objectclass: netscapeserver,nsDirectoryServer,nsConfig
  Has anybody ever delt with such an error?
  Thanks,
  G

• Help me, please. Can't Install SunONE Directory Server 5.2 Beta 3 on Solari

  I try to install DS on SUN ULTRA 10 with Solaris 9. We don't use internal DNS server but external one.
  Cannot start console. Always I have an error:
  starting up server ...
  ERROR<38917> -Startup -conn=-1 msgId=-1 - Configuration error Can't find localhost name.
  error:Server not running!! Failed to start ns-slapd process.
  system_errno:2
  Configuration of Directory Server succeededConfiguratin of the admin server Failed
  The configuration is folowing:
  /etc/hosts:
  127.0.0.1 localhost
  192.168.1.105 iplanet iplanet.mydomain.nam
  /etc/resolv.conf:
  search mydomain.nam
  nameserver xxx.xxx.xxx.xxx
  nameserver yyy.yyy.yyy.zzz
  /etc/nsswitch.conf:
  hosts: files dns
  /etc/defaultrouter:
  192.168.1.1
  /etc/hostname.hme0:
  iplanet
  /etc/nodenam:
  iplanet
  /etc/netmasks:
  192.168.1.0 255.255.255.0
  Does anybody knows what's goin on?
  Thanks in advance.
  Marat.

  It is not possible to obtain the Sun ONE Directory Server 5.2 BETA Software. There are various reasons, one is the BETA program has been closed for sometime now. The RR of the Sun ONE Directory Server 5.2 should be available at the end of May.
  Regards
  -Michael
  Sun Microsystems, Inc.

• SunONE Directory server fails to install on RHEL 3 U6

  Hello
  we are trying to deploy a Sun Directory server 5.2 on a machine that runs RHEL3 Update 6. It comes back with the following error message:
  ERROR : Red Hat Enterprise Linux ES release 3 (Taroon Update 6) is not recognized by idsktune as a supported platform for Sun Java System Directory Server or Directory Proxy Server. Ensure you are running the version of idsktune provided with your product, or you can run idsktune in client mode (-c) if server support is not required
  I know that the product is compatible with RHEL 3 U4, but we are unable to deploy this version of RHEL because of the new hardware of the server.
  Please could anyone advise on how to resolve the problem. Thank you.

  Hi,
  idsktune should not prevent you from installing the product.
  Which version of Directory Server are you trying to install ? What command are you executing ?
  Regards,
  Ludovic

• Unable to create new instance of SunOne directory server.

  I am trying to create a new instance of LDAP server however I am getting following error
  CreateSIE failed for ssDN=dc=example.com machinename=home.example.com*
  The return code is: 155*
  Any idea?

  I am seeing this same error message. Have you been able to discover the cause?
  Thank you,
  Darren

• How failover works with SunONE Directory Server?

  Assume that I setup 2 masters using the multimaster scheme.
  When 1 master fails/down, how do the client knows or get routed to the other master?

  For full redundancy:
  At the application level:
  -redundant storage (raid, san,nas)
  -multiple connectors to this storage (fiber,ethernet...)
  -multiple LDAP servers (multimaster, replica's)
  -multiple LDAP proxy servers
  -redundant switches/routers (vrrp, ...)
  -loadbalanced by redundant interconnected loadbalancers (level7)
  All this helps in non persistant connections, if application are using connection pooling (for performance reasons), you have to verify the behaviour. Some applications only create this pool at start, but if the pool connections brake, it should reconnect.

• Differences between SunONE, iPlanet and Netscape Directory Server

  What are the differences between SunONE, iPlanet and Netscape Directory Server?
  When I go to docs.sun.com - Products Categories, I saw that they've documentation regarding with SunONE, iPlanet, Netscape Directory Server listed under Directory Server.
  I know that they're all different directory server, but is it one newer than other? If I'm not wrong, I assumed that Netscape transformed into iPlanet, and then from iPlanet, it transformed to SunONE. If that is the case, is that mean that all of it's console and how it works should be very similar?
  Thanks!

  That is exactly what I thought.
  so when people refer SunONE Directory Server 5.1, then that's mean iPlanet Directory Server 5.1, right?
  Because I'm looking at Solaris 9's specification and it mentioned that it bundled with SunONE Directory Server 5.1.
  Thanks for answering my question! :)

• Activity on my DIRECTORY Server

  Hello
  I use SUNONE Directory server for authentication with COGNOS product.
  I would like to know the activity on my Directory server especially who accessing to the server (ip ? host ? name ? application ? ....
  On the admin console, in log item, we have actived 3 files "access", "audit" "error" but information is very simple
  Are there any way to log detailed information ?
  Are there any log level ?
  Thanks in advance.

  Detailed information can be obtained in access log. You can configure some properties regarding access log in DSCC or dsconf.
  There you'll see the IP addresses of the clients. You also might take a look on the logconv tool included in the product.
  Given the fact that you're using a product that uses LDAP, I infer that your main client would be your product and the final actual clients would connect to the product itself, not directly to ldap, therefore you'll see in the logs only activity of the cognos app.
  Regards

• PasswordPolicyControl support in Directory Server 5.2

  Hi,
  Does the SunOne Directory Server 5.2 support Password Policy Control (OID 1.3.6.1.4.1.42.2.27.8.5.1)?
  Thanks,
  ~AA
  Message was edited by:
  ambhaikar123

  No, this control will be supported in Directory Server 6.0.
  Regards,
  Ludovic

• Errors during SUNOne Direcory Server 5.1 installation

  I am trying to install SUNOne Directory Server 5.1 SP2 on a Windows 2000 Server system.
  I have done is a number of times before, so far without any problems. However, this time, when installing the server, I get the following error messages every time:
  - Setup is unable to store configuration data in the LDAP directory
  - Unable to create Administration Server configuration
  - Could not authenticate ldap connection, "Unknown error"
  - Unable to set ACI in Configuration Directory Server
  I know these errors are usually caused by DNS naming problems, and I have configured naming in the following way:
  - Host name: dg-sv10
  - DNS suffix: geodelft.nl
  - 3 valid and working DNS servers configured
  - added the following line to the machine's hosts file:
  <ip address> dg-sv10.geodelft.nl dg-sv10
  I have tried the things that are usually suggested (finishing installation, uninstalling, rebooting, reinstalling), but this doesn't offer any solution.
  I am getting rather desparate here, so I am looking forward to any suggestions that might help me get this thing to work.
  Thank you and regards,
  Rutger van Bergen

  To Reinstall the iPlanet
  Follow the Following Steps
  1) Uninstall the Previous Installation.
  2) Re-Start the System
  3) Run the Following command from the run Window Services.msc
  4) Stop the Following Services
  5) a) OracleOAS1013 ProcessManager
  b) WWWPublishServices
  c) any DB started should be stopped
  6) Install the iPlanet With Server option
  7) Check and Run all the Above Services and the Following Services also
  8) iPlanet Administration Server 5.1 and iPlanet Directory Server 5
  9) Login with the user id : admin and Pwd and Url ( here Port number is : 389 for directory server by default ) and check for the system generated one as example: http:// xxx.xyz.xyz123.com:28808..(xxx - is the machine name and xyz is the id and the xyz123 is the domain extension:28808.
  Now it should work....
  Edited by: BharatChakunta on Sep 8, 2008 8:51 AM
  Edited by: BharatChakunta on Sep 8, 2008 8:56 AM