Role of nscd in 5.1 directory server

Hi,
Can somebody tell me the role of nscd in iplanet 5.1 directory server?
I assume this has to be disabled on directory server for better performance by adding enable-cache hosts no in /etc/nscd.conf file.
Can somebody validate this?? If possible with supporting urls.
Thanks in advance

I had the same problem. DS 5.1 sp2
in my case it is trying to allocate 4.2G virtual memory
ps

Similar Messages

  • Roles in Directory Server?

    Does access manager support the role mechanism used by Sun directory server 5.2 and above? Are there any inconsistencies that I should be aware of. I would like to set up roles in the directory and use access (and identity) manager in the future.

    Please check Access Manager Admin guide on page 87.
    ftp://docs-pdf.sun.com/817-7647/817-7647.pdf
    Copy from above manual. Jerry
    Roles are a Directory Server entry mechanism similar to the concept of a group. A group has members; a role has members. A role�s members are LDAP entries that possess the role. The criteria of the role itself is defined as an LDAP entry with attributes, identified by the Distinguished Name (DN) attribute of the entry. Directory Server has a number of different types of roles but Access Manager can manage only one of them: the managed role.

  • Roles in iPlanet Directory Server v5.0 und JNDI.

    Hi!
    I have the following problem:
    How can I find and change the Role object in iPlanet Directory Server v5.0 via JNDI? It's possible ?
    Regards,
    Andriy

    Hi,
    It is not necessary to go in such a way for going and adding the corresponding roles.
    For eg
    Here is an LDIF file which plays an important role in making the attributes.
    Here is an sample fedup.ldif file
    dn: uid=timb,ou=Customers,o=fedup.com
    objectclass: customer
    objectclass: inetorgperson
    objectclass: organizationalPerson
    objectclass: person
    objectclass: top
    cn: Tim Briggs
    uid: timb
    givenname: Tim
    customerid: timb
    sn: Briggs
    facsimiletelephonenumber: 4101
    telephonenumber: 4145
    creatorsname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
    createtimestamp: 20000401084012Z
    aci: (target="ldap:///uid=timb,ou=Customers,o=fedup.com")(targetattr="*")(version 3.0; acl "unknown"; allow (all) userdn = "ldap:///anyone": )
    ou: Customers
    mail: [email protected]
    userpassword: bakru
    modifiersname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
    modifytimeStamp: 20000502084001Z
    Here I have sepecified userid as timb and password as bakru and with corresponding roles in aci.
    After making the LDIF file you have to import it in Directory server.
    For that you have to Iplanet Console menu, from there click on Import for the ldif file to get imported.
    Or else you can go for ldapadd, ldapmodify commands.
    Also if you are going to add new attributes which is not known by Directory server, Please follow these process.
    Creation of our own USER SCHEMA Files:-
    It is necessary for adding the attributes which are not defined in the
    Netscape directory server. In the above, customerid which is defined in ldif
    file is not existing in the directory server.
    Here is the Schema file for attributes:(ie for defining for eg customer id).
    The name of the file is slapd.user_at.conf:-
    attribute customerid customerid-oid cis single
    attribute packageid packageid-oid cis single
    attribute receivedate receivedate-oid cis single
    attribute shipdate shipdate-oid cis single
    attribute shipperid shipperid-oid dn single
    attribute receiveid receiveid-oid dn single
    #Java Attributes
    # Schema for storing java objects and java object references
    attribute javaClassName 1.3.6.1.4.1.42.2.27.4.1.1 ces single
    attribute javaCodebase 1.3.6.1.4.1.42.2.27.4.1.6 ces
    attribute javaSerializedData 1.3.6.1.4.1.42.2.27.4.1.7 bin single
    attribute javaRemoteLocation 1.3.6.1.4.1.42.2.27.4.1.8 ces single
    attribute javaFactory 1.3.6.1.4.1.42.2.27.4.1.4 ces single
    attribute javaReferenceAddress 1.3.6.1.4.1.42.2.27.4.1.3 ces
    Here is Schema file for your own object classes:-
    The name of the file is Slapd.user_oc.conf:-
    In the similar way we assume that there are no "customer" class in the object classes
    defined in the LDAP, so we will have to create our own "customer" Object class.
    Also it extends inetOrgPerson to add some new attributes such as "customerid".
    The object class of an entry specifies what attributes are required and what
    attributes are allowed in a particular entry.
    Also for eg, Package classes in the object class is created.
    Here is the sample file for creating the above:-
    objectclass package
    oid package-oid
    superior top
    requires
    packageid,
    receiveid,
    shipdate,
    shipperid
    allows
    description,
    ou,
    receivedate
    objectclass customer
    oid customer-oid
    superior inetorgperson
    requires
    customerid
    allows
    c
    #JAVA Schema
    # Schema for storing java objects and java object references
    objectclass javaContainer
    oid 1.3.6.1.4.1.42.2.27.4.2.1
    superior top
    requires
    cn
    objectclass javaObject
    oid 1.3.6.1.4.1.42.2.27.4.2.4
    superior top
    requires
    javaClassName
    allows
    javaCodebase
    objectclass javaSerializedObject
    oid 1.3.6.1.4.1.42.2.27.4.2.5
    superior javaObject
    requires
    javaSerializedData
    objectclass javaRemoteObject
    oid 1.3.6.1.4.1.42.2.27.4.2.6
    superior javaObject
    requires
    javaRemoteLocation
    objectclass javaNamingReference
    oid 1.3.6.1.4.1.42.2.27.4.2.7
    superior javaObject
    requires
    javaReferenceAddress,
    javaFactory
    STEP 4: Loading the USER SCHEMA files in Directory Server:-
    All the attributes created above should be added to the corresponding directory server,
    in order to make it as a common attribute.
    Steps for adding the User Schema files to the Directory Server:-
    1. Copy the above user schema files to the appropriate instance of Netscape Directory Server
    created above so that the existing LDIF file which is used in the Netscape directory
    server is not appended or overwritten.
    2. For eg, put it in "NetscapeServer/slapd-HostName/config" to replace the empty
    files "slapd.user_at.conf" and "slapd.user_oc.conf" by default.
    3. Then restart the Directory Server.
    I hope this will help you.
    Thanks
    Bakrudeen
    Technical Support Engineer
    Sun MicroSystems Inc, India

  • How to create Roles along with Entitlements in Sun One Directory Server?

    i need to create roles in sun one directory server along with entitlements
    please help me in this regard

    Hi Logeshr,
    Is the issue with deploying the webjobsever resolved ? If yes, could you share the work around so that it can help others who has similar issues.
    Most possible causes for the issue could be Problems with  Problems with Parallel build using MSBuild  or
    HeatDirectory failure on TFS with MSBUILD error MSB4166: Child node “3” exited prematurely
    However, as you said it works fine in Visual studio , ensure your CI server has all of the latest updates to MS Build.  If you're not current, you'll get a build error when .targets file processes at the end of the  buildsequence. 
    Regards,
    Shirisha Paderu

  • Provision Unix accounts/roles/groups to Directory server using OIM

    Hi,
    I have a requirement to integrated large number of Unix servers with LDAP (OID or Sun Directory Server) for Centralized Authentication and Authorization and to provision Unix accounts/roles/groups to Directory server using OIM, I have following queries.
    1. If using PAM_LDAP then what are the schema changes required in ldap to support it ?
    2. Does OIM's out of box connector for OID or Sun Directory Server supports Unix accounts/roles/groups provisioning to Directory server ? If not, can it be extend ? or do I need to write a custom connector ?
    3. If I use Oracle Authentication Services for OS for centralized unix account management then OIM provisioning is same as #2 or different ?
    Thanks
    Nitin

    yes. iPlanet connector support for multivalued attribute. Go through the connector doc. It will let you know how to extend its functionality.
    --nayan                                                                                                                                                                                                                                                                                                               

  • Sun Directory Server role support?

    I would like to set up roles in the sun directory and use the identity manager in the future. Does identity manager support the role mechanism used by Sun directory server 5.2 and above? Are there any inconsistencies that I should be aware of?
    Also, AFIAK Active Directory does not support multi-valued DN's as attribute values. If I use identity manager to sync Sun DS with AD will user entries with multiple Sun DS roles become a problem?

    We are in intial stages of design. Yes that was the goal to take the roles from Sun DS and use them in AD by way of identity manager. I am new to identity manager, so there may be a mapping instead of a direct push.
    The Sun DS roles are operational attributes and I am not sure how identity manager sees them or supports them. I guess if it can see tham then it can map them to anything.

  • Ubuntu Karmic authentication against Snow leopard open directory server

    Hi,
    I'm looking for help. I've tried to configure an installation of Karmic to authenticate against our office's open directory server running on an osx snow leopard server. Currently `getent password` show all users including those from the open directory server when running the command as both root and normal users. However authentication against the open directry users fails with the following messages in the /var/log/auth.log:-
    Dec 7 22:42:05 [hostname] getent: nss_ldap: failed to bind to LDAP server ldap://server.domain.com: Invalid credentials
    Dec 7 22:42:05 [hostname] getent: nss_ldap: could not search LDAP server - Server is unavailable
    (I've changed the hostname and ldap url)
    /etc/ldap.conf has:-
    base dc=server,dc=domain,dc=com
    ldap_version 3
    rootbinddn cn=diradmin,dc=server,dc=domain,dc=com
    bind_policy soft
    pam_password md5
    /etc/ldap.secret is set to the password of the diradmin user and has a permission mask of 600
    /etc/pam.d/common-passwd :-
    password sufficient pam_ldap.so md5
    password required pam_unix.so nullok obscure md5
    password optional pam_smbpass.so nullok use_authtok tryfirstpass missingok
    /etc/pam.d/common-auth:-
    auth [success=2 default=ignore] pam_unix.so nullok_secure
    auth [success=1 default=ignore] pam_ldap.so usefirstpass
    auth requisite pam_deny.so
    auth required pam_permit.so
    /etc/pam.d/common-account:-
    account [success=2 newauthtokreqd=done default=ignore] pam_unix.so
    account [success=1 default=ignore] pam_ldap.so
    account requisite pam_deny.so
    account required pam_permit.so
    /etc/pam.d/common-session
    session [default=1] pam_permit.so
    session requisite pam_deny.so
    session required pam_permit.so
    session required pam_unix.so
    session optional pam_ldap.so
    session optional pamckconnector.so nox11
    Does anyone have any ideas where to go from here?
    Message was edited by: zebardy

    Hi
    It's easy enough to 'connect' any version of OS X Server to any other version of OS X Server. Use the Join button in the Users & Groups Preferences Pane. Alternatively use the Directory Utility itself.
    You seem to be misunderstanding what an Open Directory Master and Replica are? They are not what I think you think they are. They are not a 'back-up' of each other if you're providing more than the shared Directory Service.
    An OD Replica maintains a read-only copy of the LDAP Database (Usernames, Passwords and Policies etc) that's stored on the OD Master and nothing more. If the Master was to go offline for any reason the Replica can be quickly promoted to a Master Role and continue to provide information for the shared directory. This assumes it has easy and quick access to the Volume storing networked home folders? The LDAP Database in that case would then become writable. Later on and whenever you've fixed the problem with the old Master it can quickly be demoted and made a Replica of the now new Master.
    Although this is for 10.6 Server (it is nevertheless still applicable) everything you need to know about Master and Replica relationships is here:
    http://manuals.info.apple.com/en_US/OpenDirAdmin_v10.6.pdf
    Page 55 onwards.
    From Page 64:
    "The Open Directory master and its replicas must use the same version of Mac OS X Server. . ."
    If your OD Master is also providing Mail, Calendar and Contact Services then none of these will be replicated. You will have to maintain a backup of these databases yourself using whatever method you deem fit for your needs.
    HTH?
    Tony

  • Access read-only LDAP for username/password, Directory Server LDAP for rest

    Hello! I keep trying to find documentation on the above, but thus far I have been unable to find something that explains this well (and my attempts at figuring out thus far have failed).
    I have a read-only LDAP that is used University wide, and I am not allowed to change how it currently operates. It uses double-bind authentication in that you search for a user to get their DN, then bind to that DN with the users password to see if it was correct.
    I'd like to use the above setup to verify a user's credential as well as return some basic information about them (name, email, etc). After this, I'd like to use another freshly installed Directory Server LDAP to manage the roles that seem to be needed for Portal Server (as I cannot write to the original LDAP).
    Any help or advice on the above would be appreciated! Thank you.

    The authentication you described is the default way LDAP authentication works.
    AM Ldap auth-module allows you to 'pull' attributes from the LDAP server you're using for authentication and store it in it's 'amSDK' Directory Server - which is leveraged by Portal Server (if you're talking about Sun's Portal Server).
    However this is only done if the profile is created (set 'dynamic profile generation' in auth - service).
    As Portal Server does not support the new 'identity repsoistory API' of AM you have to stick to AM's legacy mode when using Portal Server.
    To keep the the data in sync (if needed) you have to write a post-auth class.
    -Bernhard

  • Active Directory server is not available

    i have just setup and started testing a new exchange 2007 on my network. we did not have a exchange before, so this is a new install.
    my domain, xxx.com is a windows 2000 native AD. the exchange 2007 is a win 2003 sp1 x64, it is also a DC and has all roles assigned to it
    in my network i have
    dc01 win2000 sp4  dc (gc)
    dc02 win2000 sp4 dc (gc)
    exch01 win 2003 sp1 dc, rid, pdc, fmso, gc, infrastucture and naming
    the install went well, and i have been testing it for the past 2 weeks this dummy accounts. test smtp connectors, etc. all was working fine. to the point that i have started planing the migration of the users
     today i did some mods to IIS for a owa free SSL from startcom (as well as the root CAs). i have remove it since.
    i now get the following errors when i start the console, or shell. :
    Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
    It was running command 'get-ExchangeAdministrator'.
    The following error(s) were reported while loading topology information:
    get-ExchangeServer
    Failed
    Error:
    Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
    A local error occurred.
    get-UMServer
    Failed
    Error:
    Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
    A local error occurred.
    HELP.. i have no idea what it does not like.
     exbpa does not report anything, i even get it to connect to the exch01 for it AD access.
    Any ideas??
    Thanks
    Paul Gartner
    (over all i like what i have been seeing in ex2007) 

    i think that you might be confusing "AD user account" and "profile". you DO NOT delete administrator from your AD Users and Computers. you only delete the Profile (\documents and settings\administrator folder). you can NOT do this while you are logged on using the administrator account.
    be sure to backup any data in your my documents and any favorites
    create another user that is in the domain admin group of your active directory, log on with that account and verify that the exchange tools works. then follow this to remove the profile.
    >1). Logon the Exchange server by using another admin account.
    >2). Open Control Panel, select System.
    >3). Select Advanced tab and click the Settings button of User Profile.
    >4). Delete the Profile of user which encounters this issue.
    >5). Click OK.
    >6). Restart the server and logon it by using Administrator account.

    once this is done, logon with your administrator account and try the tools again, they should work.tn
    Paul Gartner

  • User base Synchronization between SAP and MS Active Directory Server

    Dear all!
    I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
    i successfully implemented the synchronization of user data between SAP and the ADS.
    My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
    Currently I don't have a clue how to do this.
    Regards,
    Christoph

    Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
    The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
    Regards,
    Marc g

  • Iplanet Directory server 5.0 replication issue

    Hi,
    I'm currently running some test for replication with the OLD version of DS 5.0 on Windows XP
    Running 2 Servers Master A and Consumer B, where A is the original who initialise B with Data then from there on Master A replicates changes to Consumer B.
    My problem is here, I can initialise the the Data ( copying it from A to B ) no problem.
    But when I make changes in A and wait for it to replication from A --> B.
    it does nothing.
    I followed MOST of the steps in the replication guide for Administrator, but have hit a wall.
    Only part i did no understand is below:
    //=============================================
    Create the entry corresponding to the supplier bind DN, if it does not exist. This is the special entry that the supplier will use to bind.
    In the Directory Server Console, click the Directory tab, and create an entry. For example you could use cn=Replication Manager,cn=config.
    Specify a userPassword attribute-value pair.
    If you have enabled password expiration, or intend to do so in future, disable the password expiration policy on this attribute, by adding the passwordExpirationTime attribute with a value of 20380119031407Z.
    //=============================================
    Therefore I used cn=Replication Manager,cn=config wheen it asked during the replication config setup.
    I also used this when creating the Directory server instance for Master A and Consumer B.
    Logs are below:
    ConsumerB Error Log
    [31/Oct/2008:11:29:44 +1300] - slapd started. Listening on all interfaces port 10264 for LDAP requests
    [31/Oct/2008:11:29:44 +1300] - cos_cache_getref: no cos cache created
    [31/Oct/2008:11:34:34 +1300] NSMMReplicationPlugin - multimaster_be_state_change: replica o=psbconexa.co.nz is going offline; disabling replication
    [31/Oct/2008:11:34:34 +1300] - import userRoot: Index buffering enabled with bucket size 10
    [31/Oct/2008:11:34:34 +1300] - import userRoot: Beginning import job...
    [31/Oct/2008:11:34:35 +1300] - import userRoot: Workers finished; cleaning up...
    [31/Oct/2008:11:34:37 +1300] - import userRoot: Workers cleaned up.
    [31/Oct/2008:11:34:37 +1300] - import userRoot: Indexing complete. Post-processing...
    [31/Oct/2008:11:34:37 +1300] - import userRoot: Flushing caches...
    [31/Oct/2008:11:34:37 +1300] - import userRoot: Closing files...
    [31/Oct/2008:11:34:37 +1300] - import userRoot: Import complete. Processed 3 entries in 3 seconds. (1.00 entries/sec)
    [31/Oct/2008:11:34:37 +1300] NSMMReplicationPlugin - multimaster_be_state_change: replica o=psbconexa.co.nz is coming online; enabling replication
    [31/Oct/2008:11:34:38 +1300] NSMMReplicationPlugin - repl_set_mtn_referrals: could not set referrals for replica o=psbconexa.co.nz: 53
    ConsumerB Access Log:
    [31/Oct/2008:11:36:32 +1300] conn=6 op=6 UNBIND
    [31/Oct/2008:11:36:32 +1300] conn=6 op=6 fd=1320 closed - U1
    [31/Oct/2008:11:36:38 +1300] conn=2 op=135 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=135 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=136 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=136 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=137 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="namingContexts"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=137 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=138 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=138 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=139 SRCH base="o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=139 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=140 SRCH base="o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=140 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=141 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-privatenamespaces"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=141 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=142 SRCH base="cn=schema" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=142 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=143 SRCH base="cn=monitor" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=143 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=144 SRCH base="cn=monitor" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=144 RESULT err=0 tag=101 nentries=0 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=145 SRCH base="cn=monitor" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=145 RESULT err=0 tag=101 nentries=0 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=146 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=146 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=147 SRCH base="cn=config" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=147 RESULT err=0 tag=101 nentries=4 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=148 ABANDON msgid=628
    [31/Oct/2008:11:36:38 +1300] conn=2 op=149 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="subschemaSubentry"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=149 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=150 SRCH base="cn=schema" scope=0 filter="(objectClass=subschema)" attrs="* ldapSyntaxes"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=150 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=151 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nscpEntryDN ldapSyntaxes nsUniqueId ldapSchemas passwordExpirationTime passwordRetryCount nsTimeLimit hasSubordinates modifiersName passwordAllowChangeTime numSubordinates copyingFrom nsRoleDN entryid passwordExpWarned nsIdleTimeout entrydn modifyTimestamp accountUnlockTime nsRole nsds5ReplConflict nsAccountLock passwordHistory retryCountResetTime parentid copiedFrom createTimestamp nsBackendSuffix nsSchemaCSN subschemaSubentry creatorsName aci nsSizeLimit dncomp nsLookThroughLimit *"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=151 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=152 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=152 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=153 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=153 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=154 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=154 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=155 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
    [31/Oct/2008:11:36:39 +1300] conn=2 op=155 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=156 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=156 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=157 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=157 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:41 +1300] conn=2 op=158 SRCH base="ou=Ray001,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:41 +1300] conn=2 op=158 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:41 +1300] conn=2 op=159 SRCH base="ou=Ray001,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:41 +1300] conn=2 op=159 VLV 50:50:49:0 0:0 (0)
    [31/Oct/2008:11:36:41 +1300] conn=2 op=159 RESULT err=0 tag=101 nentries=0 etime=0 notes=U
    [31/Oct/2008:11:36:41 +1300] conn=2 op=160 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:41 +1300] conn=2 op=160 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:41 +1300] conn=2 op=161 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsBackendSuffix"
    [31/Oct/2008:11:36:41 +1300] conn=2 op=161 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:41 +1300] conn=2 op=162 SRCH base="cn=MCC ou=Ray001 o=psbconexa.co.nz, cn=userRoot, cn=ldbm database, cn=plugins, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
    [31/Oct/2008:11:36:41 +1300] conn=2 op=162 RESULT err=32 tag=101 nentries=0 etime=0
    [31/Oct/2008:11:36:48 +1300] conn=2 op=163 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-accesslog nsslapd-accesslog-list"
    [31/Oct/2008:11:36:48 +1300] conn=2 op=163 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:50 +1300] conn=2 op=164 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-errorlog nsslapd-errorlog-list"
    [31/Oct/2008:11:36:50 +1300] conn=2 op=164 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:52 +1300] conn=2 op=165 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-auditlog nsslapd-auditlog-list"
    [31/Oct/2008:11:36:52 +1300] conn=2 op=165 RESULT err=0 tag=101 nentries=1 etime=0
    //=====================
    MasterA Error Log:
    There seem to have no update during the time i started teh replication? replication updated started at about 31/Oct/2008:11:36:XX but in the logs in is 1 min behind with nothing i believe is important.
    but let me know if needed.

    And here is the backward replication from consumer to master WHICH SHOULDN"T happen.......
    Created a new entry organization called, TEST002 on consumer side, which did not appear of course, but appeared on the Master side????...........................................................................
    Master log:
    [05/Nov/2008:10:58:21 +1300] conn=13617 fd=2292 slot=2292 connection from 10.1.1.79 to 10.30.1.200
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=0 BIND dn="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128 version=3
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=1 ADD dn="ou=TEST002,o=marketsite,o=psbconexa.co.nz"
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=1 RESULT err=0 tag=105 nentries=0 etime=0 csn=4910c57d000000050000
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=2 UNBIND
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=2 fd=2292 closed - U1
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=236 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=236 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=237 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsslapd-suffix nsBackendSuffix"
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=237 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=238 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=238 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=239 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=239 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=240 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=240 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=241 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=241 RESULT err=0 tag=101 nentries=12 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=242 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=242 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=243 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=243 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=244 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=244 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=245 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=245 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=246 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=246 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=247 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=247 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=248 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=248 RESULT err=0 tag=101 nentries=18 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=249 ABANDON msgid=322
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=250 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=250 RESULT err=0 tag=101 nentries=2 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=251 ABANDON msgid=324
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=252 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=252 RESULT err=0 tag=101 nentries=5 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=253 ABANDON msgid=326
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=254 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=254 RESULT err=0 tag=101 nentries=9 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=255 ABANDON msgid=328
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=256 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=256 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=257 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=257 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=258 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=258 SORT cn givenName o ou sn (12)
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=258 VLV 50:50:49:0 12:12 (0)
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=258 RESULT err=0 tag=101 nentries=12 etime=0 notes=U
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=259 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=259 RESULT err=0 tag=101 nentries=5 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=260 ABANDON msgid=333
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=261 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=261 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=262 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=262 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=263 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=263 RESULT err=0 tag=101 nentries=2 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=264 ABANDON msgid=337
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=265 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=265 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=266 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=266 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=267 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=267 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=268 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=268 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=269 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=269 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=270 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=270 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=271 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=271 RESULT err=0 tag=101 nentries=9 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=272 ABANDON msgid=345
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=273 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=273 RESULT err=0 tag=101 nentries=18 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=274 ABANDON msgid=347
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=275 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nscpEntryDN ldapSyntaxes nsUniqueId ldapSchemas passwordExpirationTime passwordRetryCount nsTimeLimit hasSubordinates modifiersName passwordAllowChangeTime numSubordinates copyingFrom nsRoleDN entryid passwordExpWarned nsIdleTimeout entrydn modifyTimestamp accountUnlockTime nsRole nsds5ReplConflict nsAccountLock passwordHistory retryCountResetTime parentid copiedFrom createTimestamp nsBackendSuffix nsSchemaCSN subschemaSubentry creatorsName aci nsSizeLimit dncomp nsLookThroughLimit *"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=275 RESULT err=0 tag=101 nentries=1 etime=0
    ///===========
    Consumer log:
    [05/Nov/2008:10:58:20 +1300] conn=1 op=449 ADD dn="ou=TEST002,o=marketsite,o=psbconexa.co.nz"
    [05/Nov/2008:10:58:20 +1300] conn=1 op=449 RESULT err=10 tag=105 nentries=0 etime=0
    [05/Nov/2008:10:58:20 +1300] conn=13 fd=1088 slot=1088 connection from 10.30.1.200 to 10.1.1.79
    [05/Nov/2008:10:58:20 +1300] conn=13 op=0 BIND dn="cn=Directory Manager" method=128 version=3
    [05/Nov/2008:10:58:20 +1300] conn=13 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [05/Nov/2008:10:58:20 +1300] conn=13 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension"
    [05/Nov/2008:10:58:20 +1300] conn=13 op=1 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:20 +1300] conn=13 op=2 EXT oid="2.16.840.1.113730.3.5.3"
    [05/Nov/2008:10:58:20 +1300] conn=13 op=2 RESULT err=0 tag=120 nentries=0 etime=0
    [05/Nov/2008:10:58:20 +1300] conn=13 op=3 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="nsSchemaCSN"
    [05/Nov/2008:10:58:20 +1300] conn=13 op=3 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=450 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=450 RESULT err=0 tag=101 nentries=10 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=451 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=451 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=452 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=452 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=453 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=453 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=454 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=454 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=455 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=455 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=456 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=456 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=457 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=457 RESULT err=0 tag=101 nentries=18 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=458 ABANDON msgid=542
    [05/Nov/2008:10:58:21 +1300] conn=1 op=459 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=459 RESULT err=0 tag=101 nentries=2 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=460 ABANDON msgid=544
    [05/Nov/2008:10:58:21 +1300] conn=1 op=461 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=461 RESULT err=0 tag=101 nentries=5 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=462 ABANDON msgid=546
    [05/Nov/2008:10:58:21 +1300] conn=1 op=463 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=463 RESULT err=0 tag=101 nentries=9 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=464 ABANDON msgid=548
    [05/Nov/2008:10:58:21 +1300] conn=1 op=465 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=465 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=466 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=466 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=467 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=467 SORT cn givenName o ou sn (10)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=467 VLV 50:50:49:0 10:10 (0)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=467 RESULT err=0 tag=101 nentries=10 etime=0 notes=U
    [05/Nov/2008:10:58:21 +1300] conn=1 op=468 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=468 RESULT err=0 tag=101 nentries=5 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=469 ABANDON msgid=553
    [05/Nov/2008:10:58:21 +1300] conn=1 op=470 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=470 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=471 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=471 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=472 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=472 RESULT err=0 tag=101 nentries=2 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=473 ABANDON msgid=557
    [05/Nov/2008:10:58:21 +1300] conn=1 op=474 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=474 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=475 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=475 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=476 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=476 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=477 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=477 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=478 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=478 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=479 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=479 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=480 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=480 RESULT err=0 tag=101 nentries=9 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=481 ABANDON msgid=565
    [05/Nov/2008:10:58:21 +1300] conn=1 op=482 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=482 RESULT err=0 tag=101 nentries=18 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=483 ABANDON msgid=567
    [05/Nov/2008:10:58:21 +1300] conn=1 op=484 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=484 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=485 SRCH base="o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=485 SORT cn givenName o ou sn (2)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=485 VLV 50:50:49:0 2:2 (0)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=485 RESULT err=0 tag=101 nentries=2 etime=0 notes=U
    [05/Nov/2008:10:58:21 +1300] conn=1 op=486 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=486 RESULT err=0 tag=101 nentries=10 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=487 ABANDON msgid=571
    [05/Nov/2008:10:58:21 +1300] conn=1 op=488 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=488 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=489 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsBackendSuffix"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=489 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=490 SRCH base="cn=MCC o=psbconexa.co.nz, cn=userRoot, cn=ldbm database, cn=plugins, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
    [05/Nov/2008:10:58:21 +1300] conn=1 op=490 RESULT err=32 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=491 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=491 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=492 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=492 SORT cn givenName o ou sn (10)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=492 VLV 50:50:49:0 10:10 (0)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=492 RESULT err=0 tag=101 nentries=10 etime=0 notes=U
    [05/Nov/2008:10:58:21 +1300] conn=1 op=493 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=493 RESULT err=0 tag=101 nentries=5 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=494 ABANDON msgid=578
    [05/Nov/2008:10:58:21 +1300] conn=1 op=495 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource

  • How to migrate Sun One directory server to a new physical server install

    need help
    We have to move our existing installation of sun on directory server 5.2 to a new physical server.
    We have a new physical server with a new host name. I am trying to find an easiest way to take a snapshot of our existing server and put it on a new installation
    So will installing sun one directory server , its shows me two choices either to create a new instance or copy configuration from a existing server
    What do i choose and which is the fastest route to replicate my old server
    Thanks a bunch in advance
    Sganb

    Hi,
    I'm glad you're still using the old, glorious Sun One Directory Server 5.2, because it brings me back a lot of memories... But are you seriously talking of the 'plain' version, with no patches/hot fixes on top? If that's the case, you're using of a software that has been developed in 2004 and released in Jan 2005! Just for you to be aware, in the last *8* (eight) years a considerable number (in the magnitude of 10^3) of bugs, security problems and performance issues has been identified and fixed...
    However, to provide a better answer to your question, it would be important to understand the 'big picture' in terms of scenario and requirements:
    1) Is this a critical 24x7 service for which you need to perform an on-line migration or you have a 'maintenance window' during which the service may be switched off?
    2) Is the old server member of replication environment? If yes, how many masters/slaves do you have already? Shall the new server be part of this topology? What role shall it have?
    3) Would it be possible to make the the old server able to communicate with the new server?
    4) How big is the database that you've got to migrate? Do you have any requirement in terms of caches?
    5) Do you take backups on a regularly basis and have in place working (*tested*) backup/restore procedures?
    6) Is the new server conserving or changing the O.S. and architecture? [SPARC->SPARC, x86->x86, SPARC->x86, Solaris -> ? , 32 .vs. 64-bit? ]
    7) What are the steps you did to 'install' the software on the new server?
    Thanks,
    Marco
    P.S.: I don't wanna sound 'scaring' with all these questions, neither this should be intended as an 'hidden advertising' for Oracle Professional/Consulting Services, but the only way to not put in jeopardy your data is being aware of the risks, having the control of what's going on and ... possibly have a 'B' plan ;-)
    P.S.S.: My last suggestion is to consider a migration to a later release AS SOON AS POSSIBLE; the latest is ODSEE 11.1.1.7, which is available here:
    http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html
    and seems to work pretty well ;-)

  • Netscape Directory Server 4.x with sun blueprints script - still no luck

    I installed the directory server 4.x, ran suns NATIVE ldap script for Solaris 8. I don't think it generated the "Solaris Native" profile. . how can I tell. When I go to ldapclient a client machine, I get the following:
    parsing -P option
    findDN: begins
    findDN: calling __ns_ldap_default_config()
    found 2 namingcontexts
    findDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject)(nisdomain=carfund.com))"
    rootDN[0] dc=carfund,dc=com
    found baseDN dc=carfund,dc=com for domain carfund.com
    Servers addresses 172.16.100.233
    About to configure machine by downloading a profile
    save sysinfo
    save stat(/etc/nsswitch.conf,
    save /usr/sbin/nscd -K
    save /usr/bin/pkill -9 nscd
    save rename(/etc/nsswitch.conf, /etc/nsswitch.conf.orig)
    save stat(/etc/defaultdomain,
    save rename(/etc/defaultdomain, /etc/defaultdomain.orig)
    save stat(/etc/.rootkey,
    No /etc/.rootkey file!
    save stat(/var/nis/NIS_COLD_START,
    No /var/nis/NIS_COLD_START file!
    namelen 11
    save stat(/var/yp/binding/carfund.com,
    No /var/yp/binding/carfund.com directory!
    download save() of systems configuration suceeded.
    download ret 2
    download p 0xffbef4c4
    download p Object not found
    The download of the profile failed, recovering system state.
    recover stat(/etc/defaultdomain.orig, )
    recover stat(/etc/nsswitch.conf.orig, )
    recover open(/etc/defaultdomain.orig, )
    recover read(/etc/defaultdomain.orig, )
    recover old domainname carfund.com
    recover stat(/var/ldap/ldap_client_file.orig, )
    recover stat(/var/ldap/ldap_client_file.orig, )
    recover stat(/var/nis/NIS_COLD_START.orig, )
    recover stat(/var/yp/binding/carfund.com.orig, )
    recover ldap -1 nis+ -1 yp -1
    recover rename(/etc/nsswitch.conf.orig, /etc/nsswitch.conf)
    recover rename(/etc/defaultdomain.orig, /etc/defaultdomain)
    Any ideas?
    Thanks,
    Gary Walters
    FYI .. I really want to use Directory Server 5.1 on my Solaris 8 machine, but can't seem to get it even close.

    Followup:
    I installed the netscape version of Directory Server and then ran the blueprints script to set it up for native LDAP. I have found a few issues.
    1.) I can not log into the console as Directory Manager ... I have to use admin? I think this could be a problem because when it goes to set the permissions for proxyagent, I think it uses the Directory Manager login so when I go to see the permissions it created, I don't see that entry. When I go to create one, it gives me: insuffcient 'write' priveledge to the 'aci' attribute of entry.
    2.) I can not generate a profile and use ldapadd to add it, I get the following errors:
    ldap_gen_profile -P default -b dc=mydomain,dc=com -D \ "cn=Proxyagent,ou=profile,dc=mydomain,dc=com" -w password \ -a simple xxx.xxx.xxx.xxx > default.ldif
    Once that is done, you will have to edit the file and take out all the whitespace at the beginning of every line due to a bug. Once you are ready to add the profile, just run:
    ldapadd -D "cn=Directory Manager" -w password -h ldapserver \ -p 389 -f default.ldif
    I ran the steps above (substituting correct entries) and when I do the ldapadd -D command, I get the following error:
    adding new entry cn=default,ou=profile,dc=carfund,dc=com ldap_add_s: Object class violation
    3.) If I try to use ldapclient -v -P command on a client machine, I get the following errors:
    /usr/sbin/ldapclient -v -P "Solaris Native" ###.##.###.###
    parsing -P option
    findDN: begins
    findDN: calling __ns_ldap_default_config()
    found 2 namingcontexts
    findDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject) (nisdomain=carfund.com))" rootDN[0] dc=carfund,dc=com
    found baseDN dc=carfund,dc=com for domain carfund.com
    Servers addresses ###.##.###.###
    About to configure machine by downloading a profile
    save sysinfo
    save stat(/etc/nsswitch.conf,
    save /usr/sbin/nscd -K
    save /usr/bin/pkill -9 nscd
    save rename(/etc/nsswitch.conf, /etc/nsswitch.conf.orig)
    save stat(/etc/defaultdomain,
    save rename(/etc/defaultdomain, /etc/defaultdomain.orig)
    save stat(/etc/.rootkey,
    No /etc/.rootkey file!
    save stat(/var/nis/NIS_COLD_START,
    No /var/nis/NIS_COLD_START file!
    namelen 11
    save stat(/var/yp/binding/carfund.com,
    No /var/yp/binding/carfund.com directory!
    download save() of systems configuration suceeded.
    download ret 2
    download p 0xffbef4c4
    download p Object not found
    The download of the profile failed, recovering system state.
    recover stat(/etc/defaultdomain.orig, )
    recover stat(/etc/nsswitch.conf.orig, )
    recover open(/etc/defaultdomain.orig, )
    recover read(/etc/defaultdomain.orig, )
    recover old domainname carfund.com
    recover stat(/var/ldap/ldap_client_file.orig, )
    recover stat(/var/ldap/ldap_client_file.orig, )
    recover stat(/var/nis/NIS_COLD_START.orig, )
    recover stat(/var/yp/binding/carfund.com.orig, )
    recover ldap -1 nis+ -1 yp -1
    recover rename(/etc/nsswitch.conf.orig, /etc/nsswitch.conf)
    recover rename(/etc/defaultdomain.orig, /etc/defaultdomain)
    Any ideas .. I still want to get Version 5.1 working , but I may have to settle for 4.x since I am not running Solaris 9 and I can't upgrade at this time.

  • Password Policy on Directory Server 11.1.1.7.2

    Hi,
    I'm trying to set up a password policy with DS 11.1.1.7.2 but it doesn't seem to be getting applied to the users. I went through the DSCC gui and created a new policy that is supposed to remember the last 3 passwords and also expire in a couple days just for test purposes. I then set the compatibility mode to Directory Server 6 and clicked on "Assign Policy" and selected ou=people,o=xxxxxx,o=isp where my test accounts are.
    I've then tried using ldapmodify using the credentials to the accounts who's passwords I'm changing and it allows me to reuse the same passwords. I saw something about using a virtual attribute for assigning users to a policy. Is that required also?
    dn: cn=TestPWpolicy1,o=xxxxxxx,o=isp
    cn: TestPWpolicy1
    objectclass: sunPwdPolicy
    objectclass: pwdPolicy
    objectclass: ldapsubentry
    objectclass: top
    passwordrootdnmaybypassmodschecks: on
    passwordstoragescheme: CRYPT
    pwdallowuserchange: true
    pwdattribute: userPassword
    pwdcheckquality: 2
    pwdexpirewarning: 86400
    pwdinhistory: 3
    pwdmaxage: 172800
    pwdminage: 0
    pwdminlength: 2
    pwdmustchange: false
    createtimestamp: 20150302195541Z
    creatorsname: cn=admin,cn=administrators,cn=dscc
    entrydn: cn=testpwpolicy1,o=xxxxxxxx,o=isp
    entryid: 28
    hassubordinates: FALSE
    modifiersname: cn=admin,cn=administrators,cn=dscc
    modifytimestamp: 20150302195541Z
    nsuniqueid: 0a0ca681-c11611e4-800799c3-4c540d75
    numsubordinates: 0
    parentid: 2
    subschemasubentry: cn=schema
    Thanks for any help.

    Hello,
    A user entry references a custom password policy through the value of the operational attribute pwdPolicySubentry. When referenced by a user entry, a custom password policy overrides the default password policy for the instance.
    It is unclear to me whether you want to assign the new password policy to an individual account or to every user in ou=people,o=xxxx,o=isp.
    To assign a password policy to an individual account, just ddd the password policy DN to the values of the pwdPolicySubentry attribute of the user entry e.g.
    $ cat pwp.ldif
    dn: uid=dmiller,ou=people,o=xxxxxxx,o=isp
    changetype: modify
    add: pwdPolicySubentry
    pwdPolicySubentry: cn=TestPWpolicy1,o=xxxxxxx,o=isp
    $ ldapmodify -D cn=directory\ manager -w - -f pwp.ldif
    Enter bind password:
    modifying entry uid=dmiller,ou=people,o=xxxxxxx,o=isp
    $ ldapsearch -D cn=directory\ manager -w - -b dc=xxxxxxx,o=isp \
    "(uid=dmiller)" pwdPolicySubentry
    Enter bind password:
    version: 1
    dn: uid=dmiller, ou=People, o=xxxxxxx,o=isp
    pwdPolicySubentry: cn=TestPWpolicy1,o=xxxxxxx,o=isp
    $
    See Directory Server Password Policy - 11g Release 1 (11.1.1.7.0)
    You can also assign a password policy to a set of users using cos/roles virtual attributes as described in section 8.3.4 at Directory Server Password Policy - 11g Release 1 (11.1.1.7.0)
    -Sylvain
    Please mark the response as helpful or correct when appropriate to make it easier for others to find it

  • PORTAL SERVER 6.0 and Directory Server 5.1 existing

    I have one istance on sunone directory server 5.1 . I want install secure portal server 6.0 and i want use this directory server? . In the installation manual there are't this procedure.
    When I install the portal I select the installation with existing ldap and the portal server is installed . When I started the portal server this don't work.
    Thank's

    Go to Identity Server v5.1 documentation. It's well documented there. In two words, after you installed it this way, you have to apply 'existing.ldif' file to create ACIs and roles, then to create all services.
    Please check existing.ldif before you will apply it. Depending on your DIT, it may be quite broken. Don't forget to change ums.xml to match your schema.

Maybe you are looking for

  • SEVERE: java.io.FileNotFoundException: ./config/jps-config.xml (No such file or directory)

    I am installing OIM/OAM in a cluster configuration using release 11.1.1.7. I looked at the EDG here: http://docs.oracle.com/cd/E28280_01/core.1111/e12035/toc.htm And its pointing me to the 11.1.1.5 version http://docs.oracle.com/cd/E21764_01/core.111

  • How to view high-res images in iPad 3?

    I'm Korean and I like reading web comics on the web. Korean web comics (or as called here "webtoons") tend to have large images, and something like 500x12000 JPEG images are not uncommon. But as you know, Safari on iOS downsamples JPEG images larger

  • Directory problem  for iTunes library in Windows

    The default setting (the preferances area in the menu section "general section") will not change from the C drive to my external E drive. Everytime I change the setting and exit itunes it will say "saving itunes library". After that, I will reopen it

  • .ai files preview in finder

    Since upgrading to osx 10.8 i am not getting to preview any of my illustrator file in the finder, so i end up opening each individual file to see what the file is, it was fine in 10.6 but now i cant seem to get it to work. any ideas anyone

  • Copy user fields between PRq and PO.

    Hello. I have little problem. I prepare new user field in Purchase Requisition called for example ZFIELD it is displayed and save into table EBAN by user exit MEREQ001. Now I want to copy this field to Purchase Order when I create PO with reference t