Replace in Directory server

Similar Messages

• Replace directory server by another stand alone instance on a diffrenet box

  I have JES4 componenets all installed on a sinlge box. I'd like to replace the existing directory server(5.2 sp4) with another directory server instance on a different box. After replacing, I would need to bringdown the existing directory server. What steps do I need to follow for this? Are there any tools to support this kind of replacement strategy? Any poniters in this regard are highly appreciated.
  Thanks in Advance,
  Lakshmi

  I have some questions! I think, there are some attributes for the LDAP instance name and port in some of the services such as:
  iPlanetAMAuthCertService
  iPlanetAMAuthLDAPService
  iPlanetAMAuthMembershipService
  iPlanetAMPolicyConfigService...etc.
  Also these attributes (LDAPinstance name and port) are present in AMConfig.properties,PSConfig.properties and server.xml.
  Since I need to bringdown the existing LDAP server, do I need to manually update each of these attributes in the newly created LDAP isnatnce and the above mentioned files?
  Are there any other properties files or xmls that I need to modify for this?
  Thanks,
  --lakshmi                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• 10.3.9 clients not working with 10.4.9 open directory server

  I have a 10.4.9 server running open directory and managing about 20 10.4.9 clients. I am trying to have it manage our remaining 10.3.9 clients, but for whatever reason, I cannot seem to get the 10.3 clients to "attach" to the server.
  I have the 10.3 clients set up in a computer list on the server, and in directory access I have it set to "get ldap mappings from server". At one point, it was suggested to me that I have the clients "get ldap mappings from open directory server". I tried this, and manually set the search base suffix. My search base suffix was "dc=example,dc=local". I even tried doing "cn=config,dc=example,dc=local" (where in both cases example.local was replaced with my real DNS name). Any suggestions on what else I could try to get this to work?

  That's the odd thing though. I've done this with 10.4 no problem. Settings always worked. For some reason though, even though the clients are able to login using a network user, none of the preference settings sync.
  For example - I always put a loginwindow message on as a sort of "test" to see if preferences are being set. If that works, then I rarely have a problem. No matter what I do, though, I cannot get the loginwindow message to display on the 10.3 clients. It works really well on 10.4, but not at all on 10.3. I've tried this on multiple 10.3 machines, as well, (and they're both based on different system images) but it still doesn't work. When I get back to work on Friday, I'll have to see if preferences will work for network users; that's the one thing I haven't tried.
  Other than dumping the directoryaccess preferences, is there another preference setting that could be dumped on the client that may make it grab prefs from the server?

• Unable to Start/Stop Directory server from console

  We have two Directory Server 5.2 installations with both running as masters with replication between them. One of them was installed with the admin server and the other without. On the one that was installed without the admin server we added it afterwards.
  We now find that on the one that had the admin server installed after the directory server that we cannot start/stop the directory server from the server console nor can we view or access backups or logs from the console. The system does however create the log and backup files and we can start/stop it from the command line.
  I read in a post somewhere that the admin server can be created with a different user from the directory server or with the same username but a different domain and wondered if that was the problem but have looked through the configuration files on both machines and haven't managed to spot a discrepancy.
  Does anyone have any ideas where and what to check?
  Thanks in advance.
  Peter

  Ah, I wouldn't have recognized this scenario if you didn't report the scrozzled user name. The "access denied" error happens for the simple reason that 'IAyjcJlYKL' is not a valid user in your domain. Fancy that. If you look in your config.xml for the "node-manager-username" element, you may find the value is encrypted, and probably is 'IAyjcJlYKL'.
  It might be best if you filed a support case for this. I can make some guesses about what you should do, but it's just a guess. In any case, if you try fixing something, make a backup of the file first.
  The two things you can try doing are (backup the files and shut down everything first):
  * Edit the nm_password.properties file, replacing the one "hashed" line with two lines, setting the "username" property and the "password" property, both in cleartext. When the nodemanager starts up, it will replace those two lines with the "hashed" value.
  * Edit the config.xml file, replacing the values in the "node-manager-username" and "node-manager-password-encrypted" elements with their cleartext versions.
  Then start up the nodemanager and server.
  I'm familiar with this because I saw this happen, and I'm trying to remember the strange thing we had to do. I worked this out with BEA support a while ago. If it helps, my case number was #796710.

• Active Directory - Server 2008 R2 and 2012 R2 (Server Formatting or not productive

  Hello guys, I come here to try to clarify a great doubts regarding Server Operating Systems, I will attempt to detail the most of my scenario.
  Suppose I have a Server 2008 R2 in production, and this is my Active Directory server (meudominio.local) and am managing through Group Policy settings my workstations that are around 60-70 computers, guys my doubts the thing is, if I need some time to format
  and perform a fresh installation of my server as it will be my Active Directory? Of course I will have lost my domain controller and I have to accomplish the placement of each workstation again that enters my domain one by one.
  I know there is the option of AD replication, so we call the Active Directory, even for another version of the Operating System, prátia already realized this, but it most often comes not functioning properly, done without replication problems Server 2003 to
  2008 R2.
  Guys like to know a solution to not having to put my plants in my domain network again one by one, is there any way to backup so that when I reinstalled the system and the AD again in my server stations return to "see" again that server as your domain
  controller, even me installing AD with the same domain name before this formatting stations do not respond to this driver in this case do the Network ID or add the station to the area again, so she creates a new user profile for example (Max.meudominio) while
  your old profile "guy" still remains on the machine, I adopted the practice of editing the record of this newly created profile and pointing him well for the old user folder which contains all data and settings, eg edit my key "ProfileImagePath"
  regedit logged in with the newly created profile (Max.meudominio) ->
  (switch "ProfileImagePath" C:\Users\Max.meudominio) thus pointing to the folder before replacing in the field again this season after formatted server, thus ->
  (Switch "ProfileImagePath" C:\Users\Max), detail that we give permission for all such user "C:\Users\Max" folder, after that restart the computer and he comes back with the user profile and all your settings.
  I wonder if there is another method to perform this procedure, do not know even a backup AD to not have to replace all the seasons again "meudominio.local".
  Thank you for your attention!
  Translation with Google translator! Sorry.
  Matias Duarte Coordenador de Suporte Dual Solucoes® | Soluções em tecnologia da informação

  As the practice of replication I know her mostly said she has some flaws when I do the replication of my domain to another server but it works correctly, so having a server "master" and the other ServidorBKP as "slave", in redundancy,
  the problem is when I say, and put the "ServidorBKP" being my primary domain controller and disabling my main controller, to disable or turn off my main controller the stations themselves are unable to login because it does not communicate with the
  my ServidorBKP "slave" even I put it as the main driver of course.
  Regarding the System State as far as I know this option existed in Server 2003.
  I also got some information, confer on the links below.
  http://msdn.microsoft.com/en-us/library/bb727048.aspx
  http://technet.microsoft.com/pt-br/library/cc758435(v=ws.10).aspx
  http://technet.microsoft.com/en-us/library/cc961934.aspx
  I'm still researching other ways, getting communicate any news to everyone. (Google Translate)
  Matias Duarte Coordenador de T.I. Dual Solucoes® | Soluções em tecnologia da informação http://www.matiasduarte.com.br

• Sun Directory Server as Primary Domain Controller.

  Hello,
  I've recently installed Sun Directory Server, Access Manager, and DSEE Identity Manager, on CentOS 5.2, with success, but my question is:
  Can I use this directory as a primary domain controller for my network, I want to know if it is possible to integrate this directory in the same way that Active Directory works, I mean connecting Windows computers to the DC with some kind of connector (because windows won't connect to another directory than AD natively). I know that there are some MSGina replacements, like pgina, but I'm looking for some serious solution, especially for computers running Windows Vista.
  Thanks in advance.

  Hi,
  thanks for your answer, but.. there is a way to configure the DSEE to be like a native 2000/2003 Active Directory?, I mean, connecting directly to the DSEE without using Samba, I know that is possible to use that solution, but you lose some functionality.
  I've been trying to do some research about the topic, like modifying the bind DNS to act like a AD DNS, and it works at a certain grade, windows xp detects the SVR records but when it tries to connect to the directory it fails giving me an error telling that the DC isn't available. It will be great to make such environment, Windows XP / Vista connected to DSEE without third party software.
  Any comment would be greatly appreciated.
  Thanks.

• Error installing OAM against Sun Directory Server 6.3: No such object (32)

  Hi folks,
  I'm getting error installing OAM 10.1.4.3.0 (Linux, 64 bit) against Sun Directory Server 6.3. I've followed Oracle troubleshooting doc (http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12493/trouble.htm#BABBAAFH), and replaced every occurrence of cn=userRoot with cn=my_company_name inside iPlanet5_oblix_index_add.ldif. I still get the same error "ldapmodify: No such object (32)" for every entry in the file. Has someone managed to get it to work?
  Thank you, Roman

  Hi folks,
  I got it to work, here're the steps:
  1. After loading the schema file, follow the article (http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12493/trouble.htm#BABBAAFH, not the doc 552157.1 as it states incorrect info, sorry
  Notoriuos) to edit the index file (iPlanet5_oblix_index_add.ldif) and replace all occurrences of "userRoot" with "your_company_name" (which is your ldap suffix without the c=us part as in
  o=your_company_name, c=us) using vi command:
  :%s/userRoot/your_company_name/g
  2. run ldapadd (not ldapmodify! as all but the one last object listed on the dn: line might already exist under cn=config), here's example:
  $ ldapadd -x -h your_ldap_host -p your_port -c -f IdentityServer_install_dir/identity/oblix/data.ldap/common/iPlanet5_oblix_index_add.ldif -D "cn=directory manager" -w directory_manager_passwd
  3. If done right, you should see smth like this:
  adding new entry "cn=obactionname,............... per every entry in the index file
  HTH
  Roman

• Installation steps of Directory Server 6.3 in Windows 2003

  Hi All,
  I am completely new to SunOne Directory Server.
  Can anyone please tell me how to install "*Directory Server 6.3*" in Windows 2003.
  Have downloaded the file from sun's site named "*DSEE.6.3.Windows-X86-full*".
  Thanks.
  Edited by: kirti_603 on Sep 1, 2008 7:40 AM

  Hi etst123,
  Thanks a lot for ur reply.
  I have already gone through the site you have given and performed the following steps, pls correct me if I am wrong:-
  1.) Downloaded the patch for Windows - (126753-04)
  2.) After downloading the patch i got the following folders
       a) DSEE_Directory_Editor
       b) DSEE_Identity_Synchronization_for_Windows
       c) DSEE_ZIP_Distribution
       d) Legal
  3) I am trying to install in "To Install Directory Server Enterprise Edition 6.3 From Zip Distribution"
  4) After this i ran - "dsee_deploy install -i install-path options" in "c:\dsee" folder
  Its installing without any error telling
  "You can now start your Directory Server Instances
  You can now start your Directory Proxy Server Instances"
  To start Directory Server Instance have followed the below steps:-
  1) C:\tmp\dsee63\DSEE_ZIP_Distribution>cd \tmp\ds63
  2) C:\tmp\ds63> set PATH=c:\tmp\ds63\ds6\bin;c:\tmp\ds63\dsrk6\bin;%PATH%
  3) C:\tmp\ds63>dsadm create /tmp/instance
  4) C:\tmp\ds63>dsadm start /tmp/instance
  -Modify the ds-start-tls-enabled attribute that is stored in the directory server configuration.
  5). Create a file, say c:\tmp\modify.ldif which looks like:
  dn: cn=config
  changetype: modify
  replace: ds-start-tls-enabled
  ds-start-tls-enabled: on
  6). Issue an ldapmodify command something like this:
  C:\tmp>ldapmodify -h localhost -p 1389 -D "cn=Directory Manager" -w password < c:\tmp\modify.ldif
  7). Confirm modification via ldapsearch command:
  C:\tmp>ldapsearch -b "cn=config" -h localhost -p 1389 -D "cn=Directory Manager" -w password "cn=config" ds-start-tls-enabled
  8). Stop and restart the directory server instance
  C:\tmp\ds63>dsadm stop /tmp/instance
  C:\tmp\ds63>dsadm start /tmp/instance
  9). Try creating a suffix with the standard port (1389): (This is where i am gettin error)
  C:\tmp\ds63>dsconf create-suffix -h localhost -p 1389 dc=example1,dc=com
  Error= The "create-suffix" operation failed on "localhost:1389"
  Please help....
  Edited by: kirti_603 on Sep 2, 2008 12:43 AM

• Connect Directory Server to retrieve User-defined ojbClass & attributes with ADSI

  Has anyone ever had to connect to a iPlanet Directory Server 5.0 with ADSI?
  I can retrieve the entries(user's information), but I can't add the
  user-defined objClass and attributes to entries(user).
  If you know, please kindly to give me some hints about this.
  Many Thanks,
  Kat

  It looks like you want to find out which groups the logged in user is a member of.
  There are a couple of posts that will help you, first of all the post titled "JNDI, Active Directory and Group Memberships" at
  http://forum.java.sun.com/thread.jspa?threadID=581444&tstart=150
  In that post there is also a reference to the constructed attribute called tokenGroups. In the post http://forum.java.sun.com/thread.jspa?threadID=580113&tstart=60 you will find some sample code that illustrates the use of the tokenGroups attribute.
  Also in your sample code, there is a slight mistake, you need to replace
  String searchFilter = "(&(objectClass=group)(member=CN=mycompany//chong256))";with something like
  String searchFilter = "(&(objectClass=group)(member=CN=chong256,cn=users,DC=mycompany,Dc=com))";the member attribute of a group always contains the full distinguished names of the members.

• Roles in iPlanet Directory Server v5.0 und JNDI.

  Hi!
  I have the following problem:
  How can I find and change the Role object in iPlanet Directory Server v5.0 via JNDI? It's possible ?
  Regards,
  Andriy

  Hi,
  It is not necessary to go in such a way for going and adding the corresponding roles.
  For eg
  Here is an LDIF file which plays an important role in making the attributes.
  Here is an sample fedup.ldif file
  dn: uid=timb,ou=Customers,o=fedup.com
  objectclass: customer
  objectclass: inetorgperson
  objectclass: organizationalPerson
  objectclass: person
  objectclass: top
  cn: Tim Briggs
  uid: timb
  givenname: Tim
  customerid: timb
  sn: Briggs
  facsimiletelephonenumber: 4101
  telephonenumber: 4145
  creatorsname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
  createtimestamp: 20000401084012Z
  aci: (target="ldap:///uid=timb,ou=Customers,o=fedup.com")(targetattr="*")(version 3.0; acl "unknown"; allow (all) userdn = "ldap:///anyone": )
  ou: Customers
  mail: [email protected]
  userpassword: bakru
  modifiersname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
  modifytimeStamp: 20000502084001Z
  Here I have sepecified userid as timb and password as bakru and with corresponding roles in aci.
  After making the LDIF file you have to import it in Directory server.
  For that you have to Iplanet Console menu, from there click on Import for the ldif file to get imported.
  Or else you can go for ldapadd, ldapmodify commands.
  Also if you are going to add new attributes which is not known by Directory server, Please follow these process.
  Creation of our own USER SCHEMA Files:-
  It is necessary for adding the attributes which are not defined in the
  Netscape directory server. In the above, customerid which is defined in ldif
  file is not existing in the directory server.
  Here is the Schema file for attributes:(ie for defining for eg customer id).
  The name of the file is slapd.user_at.conf:-
  attribute customerid customerid-oid cis single
  attribute packageid packageid-oid cis single
  attribute receivedate receivedate-oid cis single
  attribute shipdate shipdate-oid cis single
  attribute shipperid shipperid-oid dn single
  attribute receiveid receiveid-oid dn single
  #Java Attributes
  # Schema for storing java objects and java object references
  attribute javaClassName 1.3.6.1.4.1.42.2.27.4.1.1 ces single
  attribute javaCodebase 1.3.6.1.4.1.42.2.27.4.1.6 ces
  attribute javaSerializedData 1.3.6.1.4.1.42.2.27.4.1.7 bin single
  attribute javaRemoteLocation 1.3.6.1.4.1.42.2.27.4.1.8 ces single
  attribute javaFactory 1.3.6.1.4.1.42.2.27.4.1.4 ces single
  attribute javaReferenceAddress 1.3.6.1.4.1.42.2.27.4.1.3 ces
  Here is Schema file for your own object classes:-
  The name of the file is Slapd.user_oc.conf:-
  In the similar way we assume that there are no "customer" class in the object classes
  defined in the LDAP, so we will have to create our own "customer" Object class.
  Also it extends inetOrgPerson to add some new attributes such as "customerid".
  The object class of an entry specifies what attributes are required and what
  attributes are allowed in a particular entry.
  Also for eg, Package classes in the object class is created.
  Here is the sample file for creating the above:-
  objectclass package
  oid package-oid
  superior top
  requires
  packageid,
  receiveid,
  shipdate,
  shipperid
  allows
  description,
  ou,
  receivedate
  objectclass customer
  oid customer-oid
  superior inetorgperson
  requires
  customerid
  allows
  c
  #JAVA Schema
  # Schema for storing java objects and java object references
  objectclass javaContainer
  oid 1.3.6.1.4.1.42.2.27.4.2.1
  superior top
  requires
  cn
  objectclass javaObject
  oid 1.3.6.1.4.1.42.2.27.4.2.4
  superior top
  requires
  javaClassName
  allows
  javaCodebase
  objectclass javaSerializedObject
  oid 1.3.6.1.4.1.42.2.27.4.2.5
  superior javaObject
  requires
  javaSerializedData
  objectclass javaRemoteObject
  oid 1.3.6.1.4.1.42.2.27.4.2.6
  superior javaObject
  requires
  javaRemoteLocation
  objectclass javaNamingReference
  oid 1.3.6.1.4.1.42.2.27.4.2.7
  superior javaObject
  requires
  javaReferenceAddress,
  javaFactory
  STEP 4: Loading the USER SCHEMA files in Directory Server:-
  All the attributes created above should be added to the corresponding directory server,
  in order to make it as a common attribute.
  Steps for adding the User Schema files to the Directory Server:-
  1. Copy the above user schema files to the appropriate instance of Netscape Directory Server
  created above so that the existing LDIF file which is used in the Netscape directory
  server is not appended or overwritten.
  2. For eg, put it in "NetscapeServer/slapd-HostName/config" to replace the empty
  files "slapd.user_at.conf" and "slapd.user_oc.conf" by default.
  3. Then restart the Directory Server.
  I hope this will help you.
  Thanks
  Bakrudeen
  Technical Support Engineer
  Sun MicroSystems Inc, India

• Directory Server & NDA: modifications or permission problem?

  My predecessor replaced the "change password" page in the IDA. The original page is still at the original location, so I wonder if it was changed in a servlet or config-file (searched, but didn't find it).
  Accessing the original page (/nda/change.htm) doesn't work . I'm not sure if it's because I access it without logging in on the "normal" login page(but I have to enter my login info to change the password), or if it's because of permissions in ldap (to change your own password), but I didn't find such restrictions.
  Versions:
  Sun-One Directory Server 5.2
  iPlanet Messaging Server 5.2
  iDA Version (in setup.inf): 1.2P1

  Hi Gary,
  I believe this is a known issue when starting Directory Server after a reboot as the check of PID does not verify that the process is in fact ns-slapd.
  The work-around is to delete the pid file. And then restart the server.
  regards,
  Ludovic.

• Critical problem with directory server--please help!

  We are having issues with some applications and the root cause seems to be the directory server. We see the following errors in the directory server log.
  [03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
  some other stuff in the log file:
  [03/Oct/2008:11:48:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
  [03/Oct/2008:11:50:26 -0600] - WARNING<20805> - Backend Database - conn=2361383 op=1 msgId=2 - search is not indexed
  [03/Oct/2008:11:50:27 -0600] - WARNING<20805> - Backend Database - conn=2361384 op=1 msgId=2 - search is not indexed
  [03/Oct/2008:11:50:28 -0600] - WARNING<20805> - Backend Database - conn=2361385 op=1 msgId=2 - search is not indexed
  [03/Oct/2008:11:53:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
  [03/Oct/2008:11:57:27 -0600] - WARNING<20805> - Backend Database - conn=2197806 op=82101 msgId=686205 - search is not indexed
  [03/Oct/2008:11:57:57 -0600] - ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry "uid=s0224025,ou=People,dc=lethbridgecollege,dc=ab,dc=ca", attribute "pabURI" is not allowed
  [03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
  [03/Oct/2008:12:03:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
  top shows the following: but cpu many times maxes out and runs 100%. Do i need to perform some indexing somewhere or is there other issues?
  load averages: 3.04, 3.15, 3.55 12:11:26
  224 processes: 222 sleeping, 1 running, 1 on cpu
  CPU states: 37.7% idle, 40.2% user, 22.1% kernel, 0.0% iowait, 0.0% swap
  Memory: 2048M real, 36M free, 2429M swap in use, 2979M swap free
  PID USERNAME LWP PRI NICE SIZE RES STATE TIME CPU COMMAND
  10828 mwadmin 129 59 0 0K 0K run 148.1H 24.83% ns-slapd
  9466 mwadmin 70 59 0 151M 65M sleep 743:06 1.98% ns-httpd
  10738 root 1 59 0 4240K 1032K sleep 34.3H 1.73% top
  26298 root 1 0 0 4096K 1696K cpu 0:00 1.51% top
  5759 root 9 59 0 14M 96K sleep 851:54 0.77% cctransport
  13378 ward 1 59 0 0K 0K sleep 1:23 0.57% prstat
  25284 root 1 59 0 68M 27M sleep 561:22 0.50% mixer_applet2
  10005 mwadmin 1 59 0 68M 27M sleep 604:43 0.49% mixer_applet2
  10003 mwadmin 1 59 0 69M 2600K sleep 306:12 0.25% gnome-netstatus
  25282 root 1 59 0 69M 2664K sleep 274:36 0.23% gnome-netstatus
  9881 mwadmin 1 59 0 17M 11M sleep 241:04 0.21% Xvnc
  9896 root 1 59 0 17M 6856K sleep 245:53 0.19% Xvnc
  9911 root 1 59 0 15M 5512K sleep 159:38 0.13% gconfd-2
  9901 mwadmin 1 59 0 15M 5576K sleep 157:18 0.13% gconfd-2
  7962 mwadmin 45 59 0 0K 0K sleep 749:45 0.10% ns-slapd
  any advice would be great.
  Darren

  Darren,
  For this error:
  [03/Oct/2008:11:58:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
  some other stuff in the log file:
  [03/Oct/2008:11:48:25 -0600] - DEBUG - conn=-1 op=-1 msgId=-1 - PR_SetSocketOption(PR_SockOpt_NoDelay) failed, error -5962 (The value requested is too large to be stored in the data buffer provided.)
  Solution/Notes:_
  The below errors are "informational" in nature.
  This is not an issue with the directory server, but with a connection to the directory server and whatever(device,script, or application) is attempting this connection.
  These informational errors you are seeing in the logs are typically related to incoming connections from a load balancer or switch.
  It is usually some device,script or application doing monitoring of the LDAP server,port or connection.
  It is found that one of the biggest culprits to be the Cisco Content Switch or load balancer.
  Generally the cause of this error is a "sticky bit" setting within the Cisco Content Services Switch that is causing these errors.
  These load balancers periodically ping the servers (every five seconds) to verify that they are alive.
  After turning off the "sticky bit" setting, which disables the ping to the server every 5 seconds, the errors will no longer show up.
  The best course of action is to find the client doing this kind of monitoring and change it's behavior.You can look at the directory server's access log for B1 errors (the same client causing the PR accept errors in the errors log will cause B1 errors in the access log) at the same time you see these errors in the errors log. Then back track the connection in the access log to find the connectiing IP address of the clienton the first BIND.
  If you can not determine the client causing these errors and are concerned about your errors logs filling up then you can either turn off this error logging.
  This can be done dynamically on the server with a ldapmodify command:
  cd /install-root/shared/bin or cd /var/opt/mps/serverroot/shared/bin
  ./ldapmodify -p port -h hostname -D "cn=Directory Manager" -w password
  dn: cn=config
  changetype: modify
  replace: nsslapd-infolog-area
  nsslapd-infolog-area: 0
  If you don't want to do that then you can try and modify this attribute.
  "nsslapd-nagle
  When the value of this attribute is off, the TCP_NODELAY option is set so that LDAP responses
  (such as entries or result messages) are sent back to a client immediately.
  When the attribute is turned on, default TCP behavior applies.
  That is, the sending of data is delayed, in the hope that this will enable additional data to be grouped into
  one packet of the underlying network MTU size (typically 1500 bytes for Ethernet)."
  This will require you to stop and restart the server.
  NOTE: Below is the suggested fix, however, please apply this at your own discretion as this may or may not fix the issue. It depends on the client making these connections.
  1. Stop the directory server
  2. Edit the dse.ldif configuration file
  3. In the "cn=config
  " entry, add the attribute "nsslapd-nagle" with a value of "on".
  4. Start the directory server.

• Directory Server and windows clients

  Is it possible for a MS windows client to join a Domain on a Directory Server ver 5.2?

  Hello,
  with GPO you can't, there is no special setting for this. Adding the scheduled task is the way to do it. But the scheduled task can be added with startup scripts.
  Create shutdown.cmd for example with the following content:
  ;Create the scheduled task on remote workstation's
  if not exist %systemroot%\tasks\at1.job at 17:30 /every:m,t,w,th,f,s,su shutdown.exe /r /t 120 /c "This computer will shutdown and restart automatically, please close your open applications. Your Administrator." /f
  :Copy the shutdown.exe to remote workstation
  if not exist %systemroot%\system32\shutdown.exe copy "\\domainname\netlogon\shutdown.exe" "%systemroot%\system32\shutdown.exe"
  Keep in mind to replace domainname with your ones and to copy the shutdown.exe to the
  \\yourdomainname\netlogon folder.
  Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Replacing a DS server?

  Replacing server with new Sun platform.

  If you want to change your Directory Server to new Hardware, stop all the services, do a tar, ftp to the new machine, change the hostname and the IP address of the new machine to be the same has the old one, extract the tar to the same place in the new machine, start your directory and admin server.
  PS. I believe the site admins here don't charge you by the word, you could use some more words to explain your problems :)))
  Cheers

• Directory Server Instances

  We are running Sun Directory Server 5 as part of our messageing server on RHEL 4. These systems are in development as a replacement for Netscape 4.X messageing servers that are being used onboard NOAA's research vessel fleet.
  Is there any way to configure mutilple instances of Directory Server on a single Linux platform (without virtualization)?
  Our email systems that are operated aborad reseach vessels may, or may not, have a internet connection while underway; even if they do the bandwith is typically limited to 128KBS per vessel (no directory replication possible).
  As a result we have a requirement to host one directory for the local users on the ship and a second instance that holds the addresses of all
  non local users in the enterprise mail system (Basically a lookup directiry). We periodicly overwrite the second instance (lookup directory) by importing an LDIF file from our shore based systems. Both instances of the Netscape Directory Server run on a single host, using port 389 and port 390.
  Can we configure Sun Directory Server is a similar manner?
  Note:
  We use a custom MTA system to transport the email messages between ship and shore via cell phone, sat phones Inmarsat or sattelitte based WAN connectivity, dependant upon the ship's communications equipment suite. The MTA system provides ship to shore email services as long as one communications system is available.

  Yes you can have multiple intances running.
  You can either start each instance on different port, or
  setup an interface alias (ifconfig eth0:1 IP netmask NETMASK)
  and start the second instance on that IP only.
  I agree with the_dude to go for DS 6.3.
  On 6.3 you can specify the listening interface/ports by using the commands
  dsconf set-server-prop listen-address:127.0.0.1
  dsconf set-server-prop listen-address+:192.168.1.1
  dsconf set-server-prop secure-listen-address:127.0.0.1
  dsconf set-server-prop secure-listen-address+:192.168.1.1
  dsconf set-server-prop ldap-port:389
  dsconf set-server-prop ldap-secure-port:636
  hope it helps,
  Giannis