Roles in Directory Server?

Does access manager support the role mechanism used by Sun directory server 5.2 and above? Are there any inconsistencies that I should be aware of. I would like to set up roles in the directory and use access (and identity) manager in the future.

Please check Access Manager Admin guide on page 87.
ftp://docs-pdf.sun.com/817-7647/817-7647.pdf
Copy from above manual. Jerry
Roles are a Directory Server entry mechanism similar to the concept of a group. A group has members; a role has members. A role�s members are LDAP entries that possess the role. The criteria of the role itself is defined as an LDAP entry with attributes, identified by the Distinguished Name (DN) attribute of the entry. Directory Server has a number of different types of roles but Access Manager can manage only one of them: the managed role.

Similar Messages

  • Role of nscd in 5.1 directory server

    Hi,
    Can somebody tell me the role of nscd in iplanet 5.1 directory server?
    I assume this has to be disabled on directory server for better performance by adding enable-cache hosts no in /etc/nscd.conf file.
    Can somebody validate this?? If possible with supporting urls.
    Thanks in advance

    I had the same problem. DS 5.1 sp2
    in my case it is trying to allocate 4.2G virtual memory
    ps

  • Roles in iPlanet Directory Server v5.0 und JNDI.

    Hi!
    I have the following problem:
    How can I find and change the Role object in iPlanet Directory Server v5.0 via JNDI? It's possible ?
    Regards,
    Andriy

    Hi,
    It is not necessary to go in such a way for going and adding the corresponding roles.
    For eg
    Here is an LDIF file which plays an important role in making the attributes.
    Here is an sample fedup.ldif file
    dn: uid=timb,ou=Customers,o=fedup.com
    objectclass: customer
    objectclass: inetorgperson
    objectclass: organizationalPerson
    objectclass: person
    objectclass: top
    cn: Tim Briggs
    uid: timb
    givenname: Tim
    customerid: timb
    sn: Briggs
    facsimiletelephonenumber: 4101
    telephonenumber: 4145
    creatorsname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
    createtimestamp: 20000401084012Z
    aci: (target="ldap:///uid=timb,ou=Customers,o=fedup.com")(targetattr="*")(version 3.0; acl "unknown"; allow (all) userdn = "ldap:///anyone": )
    ou: Customers
    mail: [email protected]
    userpassword: bakru
    modifiersname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
    modifytimeStamp: 20000502084001Z
    Here I have sepecified userid as timb and password as bakru and with corresponding roles in aci.
    After making the LDIF file you have to import it in Directory server.
    For that you have to Iplanet Console menu, from there click on Import for the ldif file to get imported.
    Or else you can go for ldapadd, ldapmodify commands.
    Also if you are going to add new attributes which is not known by Directory server, Please follow these process.
    Creation of our own USER SCHEMA Files:-
    It is necessary for adding the attributes which are not defined in the
    Netscape directory server. In the above, customerid which is defined in ldif
    file is not existing in the directory server.
    Here is the Schema file for attributes:(ie for defining for eg customer id).
    The name of the file is slapd.user_at.conf:-
    attribute customerid customerid-oid cis single
    attribute packageid packageid-oid cis single
    attribute receivedate receivedate-oid cis single
    attribute shipdate shipdate-oid cis single
    attribute shipperid shipperid-oid dn single
    attribute receiveid receiveid-oid dn single
    #Java Attributes
    # Schema for storing java objects and java object references
    attribute javaClassName 1.3.6.1.4.1.42.2.27.4.1.1 ces single
    attribute javaCodebase 1.3.6.1.4.1.42.2.27.4.1.6 ces
    attribute javaSerializedData 1.3.6.1.4.1.42.2.27.4.1.7 bin single
    attribute javaRemoteLocation 1.3.6.1.4.1.42.2.27.4.1.8 ces single
    attribute javaFactory 1.3.6.1.4.1.42.2.27.4.1.4 ces single
    attribute javaReferenceAddress 1.3.6.1.4.1.42.2.27.4.1.3 ces
    Here is Schema file for your own object classes:-
    The name of the file is Slapd.user_oc.conf:-
    In the similar way we assume that there are no "customer" class in the object classes
    defined in the LDAP, so we will have to create our own "customer" Object class.
    Also it extends inetOrgPerson to add some new attributes such as "customerid".
    The object class of an entry specifies what attributes are required and what
    attributes are allowed in a particular entry.
    Also for eg, Package classes in the object class is created.
    Here is the sample file for creating the above:-
    objectclass package
    oid package-oid
    superior top
    requires
    packageid,
    receiveid,
    shipdate,
    shipperid
    allows
    description,
    ou,
    receivedate
    objectclass customer
    oid customer-oid
    superior inetorgperson
    requires
    customerid
    allows
    c
    #JAVA Schema
    # Schema for storing java objects and java object references
    objectclass javaContainer
    oid 1.3.6.1.4.1.42.2.27.4.2.1
    superior top
    requires
    cn
    objectclass javaObject
    oid 1.3.6.1.4.1.42.2.27.4.2.4
    superior top
    requires
    javaClassName
    allows
    javaCodebase
    objectclass javaSerializedObject
    oid 1.3.6.1.4.1.42.2.27.4.2.5
    superior javaObject
    requires
    javaSerializedData
    objectclass javaRemoteObject
    oid 1.3.6.1.4.1.42.2.27.4.2.6
    superior javaObject
    requires
    javaRemoteLocation
    objectclass javaNamingReference
    oid 1.3.6.1.4.1.42.2.27.4.2.7
    superior javaObject
    requires
    javaReferenceAddress,
    javaFactory
    STEP 4: Loading the USER SCHEMA files in Directory Server:-
    All the attributes created above should be added to the corresponding directory server,
    in order to make it as a common attribute.
    Steps for adding the User Schema files to the Directory Server:-
    1. Copy the above user schema files to the appropriate instance of Netscape Directory Server
    created above so that the existing LDIF file which is used in the Netscape directory
    server is not appended or overwritten.
    2. For eg, put it in "NetscapeServer/slapd-HostName/config" to replace the empty
    files "slapd.user_at.conf" and "slapd.user_oc.conf" by default.
    3. Then restart the Directory Server.
    I hope this will help you.
    Thanks
    Bakrudeen
    Technical Support Engineer
    Sun MicroSystems Inc, India

  • How to create Roles along with Entitlements in Sun One Directory Server?

    i need to create roles in sun one directory server along with entitlements
    please help me in this regard

    Hi Logeshr,
    Is the issue with deploying the webjobsever resolved ? If yes, could you share the work around so that it can help others who has similar issues.
    Most possible causes for the issue could be Problems with  Problems with Parallel build using MSBuild  or
    HeatDirectory failure on TFS with MSBUILD error MSB4166: Child node “3” exited prematurely
    However, as you said it works fine in Visual studio , ensure your CI server has all of the latest updates to MS Build.  If you're not current, you'll get a build error when .targets file processes at the end of the  buildsequence. 
    Regards,
    Shirisha Paderu

  • Provision Unix accounts/roles/groups to Directory server using OIM

    Hi,
    I have a requirement to integrated large number of Unix servers with LDAP (OID or Sun Directory Server) for Centralized Authentication and Authorization and to provision Unix accounts/roles/groups to Directory server using OIM, I have following queries.
    1. If using PAM_LDAP then what are the schema changes required in ldap to support it ?
    2. Does OIM's out of box connector for OID or Sun Directory Server supports Unix accounts/roles/groups provisioning to Directory server ? If not, can it be extend ? or do I need to write a custom connector ?
    3. If I use Oracle Authentication Services for OS for centralized unix account management then OIM provisioning is same as #2 or different ?
    Thanks
    Nitin

    yes. iPlanet connector support for multivalued attribute. Go through the connector doc. It will let you know how to extend its functionality.
    --nayan                                                                                                                                                                                                                                                                                                               

  • Sun Directory Server role support?

    I would like to set up roles in the sun directory and use the identity manager in the future. Does identity manager support the role mechanism used by Sun directory server 5.2 and above? Are there any inconsistencies that I should be aware of?
    Also, AFIAK Active Directory does not support multi-valued DN's as attribute values. If I use identity manager to sync Sun DS with AD will user entries with multiple Sun DS roles become a problem?

    We are in intial stages of design. Yes that was the goal to take the roles from Sun DS and use them in AD by way of identity manager. I am new to identity manager, so there may be a mapping instead of a direct push.
    The Sun DS roles are operational attributes and I am not sure how identity manager sees them or supports them. I guess if it can see tham then it can map them to anything.

  • Ubuntu Karmic authentication against Snow leopard open directory server

    Hi,
    I'm looking for help. I've tried to configure an installation of Karmic to authenticate against our office's open directory server running on an osx snow leopard server. Currently `getent password` show all users including those from the open directory server when running the command as both root and normal users. However authentication against the open directry users fails with the following messages in the /var/log/auth.log:-
    Dec 7 22:42:05 [hostname] getent: nss_ldap: failed to bind to LDAP server ldap://server.domain.com: Invalid credentials
    Dec 7 22:42:05 [hostname] getent: nss_ldap: could not search LDAP server - Server is unavailable
    (I've changed the hostname and ldap url)
    /etc/ldap.conf has:-
    base dc=server,dc=domain,dc=com
    ldap_version 3
    rootbinddn cn=diradmin,dc=server,dc=domain,dc=com
    bind_policy soft
    pam_password md5
    /etc/ldap.secret is set to the password of the diradmin user and has a permission mask of 600
    /etc/pam.d/common-passwd :-
    password sufficient pam_ldap.so md5
    password required pam_unix.so nullok obscure md5
    password optional pam_smbpass.so nullok use_authtok tryfirstpass missingok
    /etc/pam.d/common-auth:-
    auth [success=2 default=ignore] pam_unix.so nullok_secure
    auth [success=1 default=ignore] pam_ldap.so usefirstpass
    auth requisite pam_deny.so
    auth required pam_permit.so
    /etc/pam.d/common-account:-
    account [success=2 newauthtokreqd=done default=ignore] pam_unix.so
    account [success=1 default=ignore] pam_ldap.so
    account requisite pam_deny.so
    account required pam_permit.so
    /etc/pam.d/common-session
    session [default=1] pam_permit.so
    session requisite pam_deny.so
    session required pam_permit.so
    session required pam_unix.so
    session optional pam_ldap.so
    session optional pamckconnector.so nox11
    Does anyone have any ideas where to go from here?
    Message was edited by: zebardy

    Hi
    It's easy enough to 'connect' any version of OS X Server to any other version of OS X Server. Use the Join button in the Users & Groups Preferences Pane. Alternatively use the Directory Utility itself.
    You seem to be misunderstanding what an Open Directory Master and Replica are? They are not what I think you think they are. They are not a 'back-up' of each other if you're providing more than the shared Directory Service.
    An OD Replica maintains a read-only copy of the LDAP Database (Usernames, Passwords and Policies etc) that's stored on the OD Master and nothing more. If the Master was to go offline for any reason the Replica can be quickly promoted to a Master Role and continue to provide information for the shared directory. This assumes it has easy and quick access to the Volume storing networked home folders? The LDAP Database in that case would then become writable. Later on and whenever you've fixed the problem with the old Master it can quickly be demoted and made a Replica of the now new Master.
    Although this is for 10.6 Server (it is nevertheless still applicable) everything you need to know about Master and Replica relationships is here:
    http://manuals.info.apple.com/en_US/OpenDirAdmin_v10.6.pdf
    Page 55 onwards.
    From Page 64:
    "The Open Directory master and its replicas must use the same version of Mac OS X Server. . ."
    If your OD Master is also providing Mail, Calendar and Contact Services then none of these will be replicated. You will have to maintain a backup of these databases yourself using whatever method you deem fit for your needs.
    HTH?
    Tony

  • Access read-only LDAP for username/password, Directory Server LDAP for rest

    Hello! I keep trying to find documentation on the above, but thus far I have been unable to find something that explains this well (and my attempts at figuring out thus far have failed).
    I have a read-only LDAP that is used University wide, and I am not allowed to change how it currently operates. It uses double-bind authentication in that you search for a user to get their DN, then bind to that DN with the users password to see if it was correct.
    I'd like to use the above setup to verify a user's credential as well as return some basic information about them (name, email, etc). After this, I'd like to use another freshly installed Directory Server LDAP to manage the roles that seem to be needed for Portal Server (as I cannot write to the original LDAP).
    Any help or advice on the above would be appreciated! Thank you.

    The authentication you described is the default way LDAP authentication works.
    AM Ldap auth-module allows you to 'pull' attributes from the LDAP server you're using for authentication and store it in it's 'amSDK' Directory Server - which is leveraged by Portal Server (if you're talking about Sun's Portal Server).
    However this is only done if the profile is created (set 'dynamic profile generation' in auth - service).
    As Portal Server does not support the new 'identity repsoistory API' of AM you have to stick to AM's legacy mode when using Portal Server.
    To keep the the data in sync (if needed) you have to write a post-auth class.
    -Bernhard

  • Active Directory server is not available

    i have just setup and started testing a new exchange 2007 on my network. we did not have a exchange before, so this is a new install.
    my domain, xxx.com is a windows 2000 native AD. the exchange 2007 is a win 2003 sp1 x64, it is also a DC and has all roles assigned to it
    in my network i have
    dc01 win2000 sp4  dc (gc)
    dc02 win2000 sp4 dc (gc)
    exch01 win 2003 sp1 dc, rid, pdc, fmso, gc, infrastucture and naming
    the install went well, and i have been testing it for the past 2 weeks this dummy accounts. test smtp connectors, etc. all was working fine. to the point that i have started planing the migration of the users
     today i did some mods to IIS for a owa free SSL from startcom (as well as the root CAs). i have remove it since.
    i now get the following errors when i start the console, or shell. :
    Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
    It was running command 'get-ExchangeAdministrator'.
    The following error(s) were reported while loading topology information:
    get-ExchangeServer
    Failed
    Error:
    Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
    A local error occurred.
    get-UMServer
    Failed
    Error:
    Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
    A local error occurred.
    HELP.. i have no idea what it does not like.
     exbpa does not report anything, i even get it to connect to the exch01 for it AD access.
    Any ideas??
    Thanks
    Paul Gartner
    (over all i like what i have been seeing in ex2007) 

    i think that you might be confusing "AD user account" and "profile". you DO NOT delete administrator from your AD Users and Computers. you only delete the Profile (\documents and settings\administrator folder). you can NOT do this while you are logged on using the administrator account.
    be sure to backup any data in your my documents and any favorites
    create another user that is in the domain admin group of your active directory, log on with that account and verify that the exchange tools works. then follow this to remove the profile.
    >1). Logon the Exchange server by using another admin account.
    >2). Open Control Panel, select System.
    >3). Select Advanced tab and click the Settings button of User Profile.
    >4). Delete the Profile of user which encounters this issue.
    >5). Click OK.
    >6). Restart the server and logon it by using Administrator account.

    once this is done, logon with your administrator account and try the tools again, they should work.tn
    Paul Gartner

  • [Forum FAQ] How to install and configure Windows Server Essentials Experience role on Windows Server 2012 R2 Standard via PowerShell locally and remotely

    As we all know,
    the Windows Server Essentials Experience role is available in Windows Server 2012 R2 Standard and Windows Server 2012 R2 Datacenter. We can add the Windows Server
    Essentials Experience role in Server Manager or via Windows PowerShell.
    In this article, we introduce the steps to install and configure Windows
    Server Essentials Experience role on Windows Server 2012 R2 Standard via PowerShell locally and remotely. For better analyze, we divide this article into two parts.
    Before installing the Windows Server Essentials Experience Role, please use
    Get-WindowsFeature
    PowerShell cmdlet to ensure the Windows Server Essentials Experience (ServerEssentialsRole) is available. (Figure 1)
    Figure 1.
    Part 1: Install Windows Server Essentials Experience role locally
    Add Windows Server Essentials Experience role
    Run Windows PowerShell as administrator, then type
    Add-WindowsFeature ServerEssentialsRole cmdlet to install Windows Server Essentials Experience role. (Figure 2)
    Figure 2.
    Note: It is necessary to configure Windows Server Essentials Experience (Post-deployment Configuration). Otherwise, you will encounter following issue when opening Dashboard.
    (Figure 3)
    Figure 3.
      2. Configure Windows Server Essentials Experience role
    (1)  In an existing domain environment
    Firstly, please join the Windows Server 2012 R2 Standard computer to the existing domain through the path:
    Control Panel\System\Change Settings\”Change…”\Member of. (Figure 4)
    Figure 4.
    After that, please install Windows Server Essentials Experience role as original description. After installation completed, please use the following command to configure Windows
    Server Essentials:
    Start-WssConfigurationService –Credential <Your Credential>
    Note: The type of
    Your Credential should be as: Domain-Name\Domain-User-Account.
    You must be a member of the Enterprise Admin group and Domain Admin group in Active Directory when using the command above to configure Windows Server Essentials. (Figure 5)
    Figure 5.
    Next, you can type the password for the domain account. (Figure 6)
    Figure 6.
    After setting the credential, please type “Y” to continue to configure Windows Server Essentials. (Figure 7)
    Figure 7.
    By the way, you can use
    Get-WssConfigurationStatus
    PowerShell cmdlet to
    get the status of the configuration of Windows Server Essentials. Specify the
    ShowProgress parameter to view a progress indicator. (Figure 8)
    Figure 8.
    (2) In a non-domain environment
    Open PowerShell (Run as Administrator) on the Windows Server 2012 R2 Standard and type following PowerShell cmdlets: (Figure 9)
    Start-WssConfigurationService -CompanyName "xxx" -DNSName "xxx" -NetBiosName "xxx" -ComputerName "xxx” –NewAdminCredential $cred
    Figure 9.
    After you type the commands above and click Enter, you can create a new administrator credential. (Figure 10)
    After creating the new administrator credential, please type “Y” to continue to configure Windows Server Essentials. (Figure 11)
    After a reboot, all the configurations will be completed and you can open the Windows Server Essentials Dashboard without any errors. (Figure 12)
    Figure 12.
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Part 2: Install and configure Windows Server Essentials Experience role remotely
    In an existing domain environment
    In an existing domain environment, please use following command to provide credential and then add Server Essentials Role: (Figure 13)
    Add-WindowsFeature -Name ServerEssentialsRole
    -ComputerName xxx -Credential DomainName\DomainAccount
    Figure 13.
    After you enter the credential, it will start install Windows Server Essentials role on your computer. (Figure 14)
    Figure 14.
    After the installation completes, it will return the result as below:
    Figure 15.
    Next, please use the
    Enter-PSSession
    cmdlet and provide the correct credential to start an interactive session with a remote computer. You can use the commands below:
    Enter-PSSession –ComputerName
    xxx –Credential DomainName\DomainAccount (Figure 16)
    Figure 16.
    Then, please configure Server Essentials Role via
    Add-WssConfigurationService cmdlet and it also needs to provide correct credential. (Figure 17)
    Figure 17.
    After your credential is accepted, it will update and prepare your server. (Figure 18)
    Figure 18.
    After that, please type “Y” to continue to configure Windows Server Essentials. (Figure 19)
    Figure 19.
    2. In a non-domain environment
    In my test environment, I set up two computers running Windows Server 2012 R2 Standard and use Server1 as a target computer. The IP addresses for the two computers are as
    below:
    Sevrer1: 192.168.1.54
    Server2: 192.168.1.53
    Run
    Enable-PSRemoting –Force on Server1. (Figure 20)
    Figure 20.
    Since there is no existing domain, it is necessary to add the target computer (Server1) to a TrustedHosts list (maintained by WinRM) on Server 2. We can use following command
    to
    add the TrustedHosts entry:
    Set-Item WSMan:\localhost\Client\TrustedHosts IP-Address
    (Figure 21)
    Figure 21.
    Next, we can use
    Enter-PSSession
    cmdlet and provide the correct credential to start an interactive session with the remote computer. (Figure 22)
    Figure 22.
    After that, you can install Windows Server Essentials Experience Role remotely via Add-WindowsFeature ServerEssentialsRole cmdlet. (Figure 23)
    Figure 23.
    From figure 24, we can see that the installation is completed.
    Figure 24.
    Then you can use
    Start-WssConfigurationService cmdlet to configure Essentials Role and follow the steps in the first part (configure Windows Server Essentials Experience in a non-domain environment) as the steps would be the same.
    The figure below shows the status of Windows Server Essentials.
    Figure
    25.
    Finally, we have successfully configured Windows Server Essentials on Server1. (Figure 26)
    Figure 26.
    More information:
    [Forum
    FAQ] Introduce Windows Powershell Remoting
    Windows Server Essentials Setup Cmdlets
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  • Service 'MSExchangeADTopology' failed to reach status 'Running' while installing Hub transport role of exchnage server 2010 sp1 on Window Server 2008 r2

    Hi
    Getting this error while installing hub transport role of exchange server 2010 sp1 on window server 2008 R2.
    Hub Transport Role
    Failed
    Error:
    The following error was generated when "$error.Clear();
              if ($exsSid -eq $null -or $exsSid -eq "")
              $exsSid = get-ExchangeServerGroupSID -DomainController $RoleDomainController
              start-setupservice -ServiceName MSExchangeADTopology -ServiceParameters $exsSid,$RoleDomainController
            " was run: "Service 'MSExchangeADTopology' failed to reach status 'Running' on this server.".
    Service 'MSExchangeADTopology' failed to reach status 'Running' on this server.
    Click here for help...
    http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.1.218.11&e=ms.exch.err.Ex88D115&l=0&cl=cp
    Elapsed Time: 00:25:35
    Sandeep Gupta

    Hi,
    It might be a permission issue.
    1 :
    Add Manage auditing and security log Properties
    Administative Tools > Local Security Policy > Local Policies > User Rights
    Assignment > Manage auditing and security
    Add
    Exchance Servers.
    2. Check Exchange Trusted Subsystem
    1)Open Active Directory Users and Computers
    2)Under domain name (For example contoso.com),navigate to the Builtin Container,on
    the right hand side select the Administrator group,goto the properties
    3)Click members tab and add Exchange Trusted Subsystem
    4)Click ok twice
    5)Reboot the Exchange server
    6)Rerun the Exchange setup
    Best Regards!

  • User base Synchronization between SAP and MS Active Directory Server

    Dear all!
    I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
    i successfully implemented the synchronization of user data between SAP and the ADS.
    My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
    Currently I don't have a clue how to do this.
    Regards,
    Christoph

    Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
    The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
    Regards,
    Marc g

  • Iplanet Directory server 5.0 replication issue

    Hi,
    I'm currently running some test for replication with the OLD version of DS 5.0 on Windows XP
    Running 2 Servers Master A and Consumer B, where A is the original who initialise B with Data then from there on Master A replicates changes to Consumer B.
    My problem is here, I can initialise the the Data ( copying it from A to B ) no problem.
    But when I make changes in A and wait for it to replication from A --> B.
    it does nothing.
    I followed MOST of the steps in the replication guide for Administrator, but have hit a wall.
    Only part i did no understand is below:
    //=============================================
    Create the entry corresponding to the supplier bind DN, if it does not exist. This is the special entry that the supplier will use to bind.
    In the Directory Server Console, click the Directory tab, and create an entry. For example you could use cn=Replication Manager,cn=config.
    Specify a userPassword attribute-value pair.
    If you have enabled password expiration, or intend to do so in future, disable the password expiration policy on this attribute, by adding the passwordExpirationTime attribute with a value of 20380119031407Z.
    //=============================================
    Therefore I used cn=Replication Manager,cn=config wheen it asked during the replication config setup.
    I also used this when creating the Directory server instance for Master A and Consumer B.
    Logs are below:
    ConsumerB Error Log
    [31/Oct/2008:11:29:44 +1300] - slapd started. Listening on all interfaces port 10264 for LDAP requests
    [31/Oct/2008:11:29:44 +1300] - cos_cache_getref: no cos cache created
    [31/Oct/2008:11:34:34 +1300] NSMMReplicationPlugin - multimaster_be_state_change: replica o=psbconexa.co.nz is going offline; disabling replication
    [31/Oct/2008:11:34:34 +1300] - import userRoot: Index buffering enabled with bucket size 10
    [31/Oct/2008:11:34:34 +1300] - import userRoot: Beginning import job...
    [31/Oct/2008:11:34:35 +1300] - import userRoot: Workers finished; cleaning up...
    [31/Oct/2008:11:34:37 +1300] - import userRoot: Workers cleaned up.
    [31/Oct/2008:11:34:37 +1300] - import userRoot: Indexing complete. Post-processing...
    [31/Oct/2008:11:34:37 +1300] - import userRoot: Flushing caches...
    [31/Oct/2008:11:34:37 +1300] - import userRoot: Closing files...
    [31/Oct/2008:11:34:37 +1300] - import userRoot: Import complete. Processed 3 entries in 3 seconds. (1.00 entries/sec)
    [31/Oct/2008:11:34:37 +1300] NSMMReplicationPlugin - multimaster_be_state_change: replica o=psbconexa.co.nz is coming online; enabling replication
    [31/Oct/2008:11:34:38 +1300] NSMMReplicationPlugin - repl_set_mtn_referrals: could not set referrals for replica o=psbconexa.co.nz: 53
    ConsumerB Access Log:
    [31/Oct/2008:11:36:32 +1300] conn=6 op=6 UNBIND
    [31/Oct/2008:11:36:32 +1300] conn=6 op=6 fd=1320 closed - U1
    [31/Oct/2008:11:36:38 +1300] conn=2 op=135 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=135 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=136 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=136 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=137 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="namingContexts"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=137 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=138 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=138 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=139 SRCH base="o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=139 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=140 SRCH base="o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=140 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=141 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-privatenamespaces"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=141 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=142 SRCH base="cn=schema" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=142 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=143 SRCH base="cn=monitor" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=143 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=144 SRCH base="cn=monitor" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=144 RESULT err=0 tag=101 nentries=0 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=145 SRCH base="cn=monitor" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=145 RESULT err=0 tag=101 nentries=0 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=146 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=146 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=147 SRCH base="cn=config" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=147 RESULT err=0 tag=101 nentries=4 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=148 ABANDON msgid=628
    [31/Oct/2008:11:36:38 +1300] conn=2 op=149 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="subschemaSubentry"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=149 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:38 +1300] conn=2 op=150 SRCH base="cn=schema" scope=0 filter="(objectClass=subschema)" attrs="* ldapSyntaxes"
    [31/Oct/2008:11:36:38 +1300] conn=2 op=150 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=151 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nscpEntryDN ldapSyntaxes nsUniqueId ldapSchemas passwordExpirationTime passwordRetryCount nsTimeLimit hasSubordinates modifiersName passwordAllowChangeTime numSubordinates copyingFrom nsRoleDN entryid passwordExpWarned nsIdleTimeout entrydn modifyTimestamp accountUnlockTime nsRole nsds5ReplConflict nsAccountLock passwordHistory retryCountResetTime parentid copiedFrom createTimestamp nsBackendSuffix nsSchemaCSN subschemaSubentry creatorsName aci nsSizeLimit dncomp nsLookThroughLimit *"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=151 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=152 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=152 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=153 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=153 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=154 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=154 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=155 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
    [31/Oct/2008:11:36:39 +1300] conn=2 op=155 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=156 SRCH base="" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=156 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:39 +1300] conn=2 op=157 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:39 +1300] conn=2 op=157 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:41 +1300] conn=2 op=158 SRCH base="ou=Ray001,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:41 +1300] conn=2 op=158 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:41 +1300] conn=2 op=159 SRCH base="ou=Ray001,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [31/Oct/2008:11:36:41 +1300] conn=2 op=159 VLV 50:50:49:0 0:0 (0)
    [31/Oct/2008:11:36:41 +1300] conn=2 op=159 RESULT err=0 tag=101 nentries=0 etime=0 notes=U
    [31/Oct/2008:11:36:41 +1300] conn=2 op=160 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [31/Oct/2008:11:36:41 +1300] conn=2 op=160 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:41 +1300] conn=2 op=161 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsBackendSuffix"
    [31/Oct/2008:11:36:41 +1300] conn=2 op=161 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:41 +1300] conn=2 op=162 SRCH base="cn=MCC ou=Ray001 o=psbconexa.co.nz, cn=userRoot, cn=ldbm database, cn=plugins, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
    [31/Oct/2008:11:36:41 +1300] conn=2 op=162 RESULT err=32 tag=101 nentries=0 etime=0
    [31/Oct/2008:11:36:48 +1300] conn=2 op=163 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-accesslog nsslapd-accesslog-list"
    [31/Oct/2008:11:36:48 +1300] conn=2 op=163 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:50 +1300] conn=2 op=164 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-errorlog nsslapd-errorlog-list"
    [31/Oct/2008:11:36:50 +1300] conn=2 op=164 RESULT err=0 tag=101 nentries=1 etime=0
    [31/Oct/2008:11:36:52 +1300] conn=2 op=165 SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-auditlog nsslapd-auditlog-list"
    [31/Oct/2008:11:36:52 +1300] conn=2 op=165 RESULT err=0 tag=101 nentries=1 etime=0
    //=====================
    MasterA Error Log:
    There seem to have no update during the time i started teh replication? replication updated started at about 31/Oct/2008:11:36:XX but in the logs in is 1 min behind with nothing i believe is important.
    but let me know if needed.

    And here is the backward replication from consumer to master WHICH SHOULDN"T happen.......
    Created a new entry organization called, TEST002 on consumer side, which did not appear of course, but appeared on the Master side????...........................................................................
    Master log:
    [05/Nov/2008:10:58:21 +1300] conn=13617 fd=2292 slot=2292 connection from 10.1.1.79 to 10.30.1.200
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=0 BIND dn="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128 version=3
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=1 ADD dn="ou=TEST002,o=marketsite,o=psbconexa.co.nz"
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=1 RESULT err=0 tag=105 nentries=0 etime=0 csn=4910c57d000000050000
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=2 UNBIND
    [05/Nov/2008:10:58:21 +1300] conn=13617 op=2 fd=2292 closed - U1
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=236 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=236 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=237 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsslapd-suffix nsBackendSuffix"
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=237 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=238 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=238 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=239 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
    [05/Nov/2008:10:58:28 +1300] conn=13614 op=239 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=240 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=240 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=241 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=241 RESULT err=0 tag=101 nentries=12 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=242 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=242 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=243 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=243 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=244 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=244 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=245 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=245 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=246 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=246 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=247 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=247 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=248 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=248 RESULT err=0 tag=101 nentries=18 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=249 ABANDON msgid=322
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=250 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=250 RESULT err=0 tag=101 nentries=2 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=251 ABANDON msgid=324
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=252 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=252 RESULT err=0 tag=101 nentries=5 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=253 ABANDON msgid=326
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=254 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=254 RESULT err=0 tag=101 nentries=9 etime=0
    [05/Nov/2008:10:58:32 +1300] conn=13614 op=255 ABANDON msgid=328
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=256 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=256 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=257 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=257 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=258 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=258 SORT cn givenName o ou sn (12)
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=258 VLV 50:50:49:0 12:12 (0)
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=258 RESULT err=0 tag=101 nentries=12 etime=0 notes=U
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=259 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=259 RESULT err=0 tag=101 nentries=5 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=260 ABANDON msgid=333
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=261 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=261 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=262 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=262 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=263 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=263 RESULT err=0 tag=101 nentries=2 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=264 ABANDON msgid=337
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=265 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=265 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=266 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=266 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=267 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=267 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=268 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=268 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=269 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=269 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=270 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=270 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=271 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=271 RESULT err=0 tag=101 nentries=9 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=272 ABANDON msgid=345
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=273 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=273 RESULT err=0 tag=101 nentries=18 etime=0
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=274 ABANDON msgid=347
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=275 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nscpEntryDN ldapSyntaxes nsUniqueId ldapSchemas passwordExpirationTime passwordRetryCount nsTimeLimit hasSubordinates modifiersName passwordAllowChangeTime numSubordinates copyingFrom nsRoleDN entryid passwordExpWarned nsIdleTimeout entrydn modifyTimestamp accountUnlockTime nsRole nsds5ReplConflict nsAccountLock passwordHistory retryCountResetTime parentid copiedFrom createTimestamp nsBackendSuffix nsSchemaCSN subschemaSubentry creatorsName aci nsSizeLimit dncomp nsLookThroughLimit *"
    [05/Nov/2008:10:58:33 +1300] conn=13614 op=275 RESULT err=0 tag=101 nentries=1 etime=0
    ///===========
    Consumer log:
    [05/Nov/2008:10:58:20 +1300] conn=1 op=449 ADD dn="ou=TEST002,o=marketsite,o=psbconexa.co.nz"
    [05/Nov/2008:10:58:20 +1300] conn=1 op=449 RESULT err=10 tag=105 nentries=0 etime=0
    [05/Nov/2008:10:58:20 +1300] conn=13 fd=1088 slot=1088 connection from 10.30.1.200 to 10.1.1.79
    [05/Nov/2008:10:58:20 +1300] conn=13 op=0 BIND dn="cn=Directory Manager" method=128 version=3
    [05/Nov/2008:10:58:20 +1300] conn=13 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
    [05/Nov/2008:10:58:20 +1300] conn=13 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension"
    [05/Nov/2008:10:58:20 +1300] conn=13 op=1 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:20 +1300] conn=13 op=2 EXT oid="2.16.840.1.113730.3.5.3"
    [05/Nov/2008:10:58:20 +1300] conn=13 op=2 RESULT err=0 tag=120 nentries=0 etime=0
    [05/Nov/2008:10:58:20 +1300] conn=13 op=3 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="nsSchemaCSN"
    [05/Nov/2008:10:58:20 +1300] conn=13 op=3 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=450 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=450 RESULT err=0 tag=101 nentries=10 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=451 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=451 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=452 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=452 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=453 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=453 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=454 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=454 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=455 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=455 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=456 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=456 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=457 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=457 RESULT err=0 tag=101 nentries=18 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=458 ABANDON msgid=542
    [05/Nov/2008:10:58:21 +1300] conn=1 op=459 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=459 RESULT err=0 tag=101 nentries=2 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=460 ABANDON msgid=544
    [05/Nov/2008:10:58:21 +1300] conn=1 op=461 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=461 RESULT err=0 tag=101 nentries=5 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=462 ABANDON msgid=546
    [05/Nov/2008:10:58:21 +1300] conn=1 op=463 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=463 RESULT err=0 tag=101 nentries=9 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=464 ABANDON msgid=548
    [05/Nov/2008:10:58:21 +1300] conn=1 op=465 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=465 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=466 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=466 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=467 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=467 SORT cn givenName o ou sn (10)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=467 VLV 50:50:49:0 10:10 (0)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=467 RESULT err=0 tag=101 nentries=10 etime=0 notes=U
    [05/Nov/2008:10:58:21 +1300] conn=1 op=468 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=468 RESULT err=0 tag=101 nentries=5 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=469 ABANDON msgid=553
    [05/Nov/2008:10:58:21 +1300] conn=1 op=470 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=470 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=471 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=471 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=472 SRCH base="ou=Guests,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=472 RESULT err=0 tag=101 nentries=2 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=473 ABANDON msgid=557
    [05/Nov/2008:10:58:21 +1300] conn=1 op=474 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=474 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=475 SRCH base="ou=Members,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=475 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=476 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=476 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=477 SRCH base="ou=People,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=477 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=478 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=478 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=479 SRCH base="ou=Roles,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=479 RESULT err=0 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=480 SRCH base="ou=Services,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=480 RESULT err=0 tag=101 nentries=9 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=481 ABANDON msgid=565
    [05/Nov/2008:10:58:21 +1300] conn=1 op=482 SRCH base="ou=TradingPartners,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=482 RESULT err=0 tag=101 nentries=18 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=483 ABANDON msgid=567
    [05/Nov/2008:10:58:21 +1300] conn=1 op=484 SRCH base="o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=484 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=485 SRCH base="o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=485 SORT cn givenName o ou sn (2)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=485 VLV 50:50:49:0 2:2 (0)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=485 RESULT err=0 tag=101 nentries=2 etime=0 notes=U
    [05/Nov/2008:10:58:21 +1300] conn=1 op=486 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=486 RESULT err=0 tag=101 nentries=10 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=487 ABANDON msgid=571
    [05/Nov/2008:10:58:21 +1300] conn=1 op=488 SRCH base="cn=ldbm database, cn=plugins, cn=config" scope=2 filter="(objectClass=nsBackendInstance)" attrs="nsslapd-suffix nsBackendSuffix"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=488 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=489 SRCH base="" scope=0 filter="(objectClass=*)" attrs="nsBackendSuffix"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=489 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=490 SRCH base="cn=MCC o=psbconexa.co.nz, cn=userRoot, cn=ldbm database, cn=plugins, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
    [05/Nov/2008:10:58:21 +1300] conn=1 op=490 RESULT err=32 tag=101 nentries=0 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=491 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=491 RESULT err=0 tag=101 nentries=1 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=492 SRCH base="o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=492 SORT cn givenName o ou sn (10)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=492 VLV 50:50:49:0 10:10 (0)
    [05/Nov/2008:10:58:21 +1300] conn=1 op=492 RESULT err=0 tag=101 nentries=10 etime=0 notes=U
    [05/Nov/2008:10:58:21 +1300] conn=1 op=493 SRCH base="ou=Config,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource)(objectClass=netscapeserver))" attrs="objectClass numSubordinates nsAccountLock"
    [05/Nov/2008:10:58:21 +1300] conn=1 op=493 RESULT err=0 tag=101 nentries=5 etime=0
    [05/Nov/2008:10:58:21 +1300] conn=1 op=494 ABANDON msgid=578
    [05/Nov/2008:10:58:21 +1300] conn=1 op=495 SRCH base="ou=Contacts,o=marketsite,o=psbconexa.co.nz" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1))(objectClass=organization)(objectClass=organizationalunit)(objectClass=netscaperesource

  • How to migrate Sun One directory server to a new physical server install

    need help
    We have to move our existing installation of sun on directory server 5.2 to a new physical server.
    We have a new physical server with a new host name. I am trying to find an easiest way to take a snapshot of our existing server and put it on a new installation
    So will installing sun one directory server , its shows me two choices either to create a new instance or copy configuration from a existing server
    What do i choose and which is the fastest route to replicate my old server
    Thanks a bunch in advance
    Sganb

    Hi,
    I'm glad you're still using the old, glorious Sun One Directory Server 5.2, because it brings me back a lot of memories... But are you seriously talking of the 'plain' version, with no patches/hot fixes on top? If that's the case, you're using of a software that has been developed in 2004 and released in Jan 2005! Just for you to be aware, in the last *8* (eight) years a considerable number (in the magnitude of 10^3) of bugs, security problems and performance issues has been identified and fixed...
    However, to provide a better answer to your question, it would be important to understand the 'big picture' in terms of scenario and requirements:
    1) Is this a critical 24x7 service for which you need to perform an on-line migration or you have a 'maintenance window' during which the service may be switched off?
    2) Is the old server member of replication environment? If yes, how many masters/slaves do you have already? Shall the new server be part of this topology? What role shall it have?
    3) Would it be possible to make the the old server able to communicate with the new server?
    4) How big is the database that you've got to migrate? Do you have any requirement in terms of caches?
    5) Do you take backups on a regularly basis and have in place working (*tested*) backup/restore procedures?
    6) Is the new server conserving or changing the O.S. and architecture? [SPARC->SPARC, x86->x86, SPARC->x86, Solaris -> ? , 32 .vs. 64-bit? ]
    7) What are the steps you did to 'install' the software on the new server?
    Thanks,
    Marco
    P.S.: I don't wanna sound 'scaring' with all these questions, neither this should be intended as an 'hidden advertising' for Oracle Professional/Consulting Services, but the only way to not put in jeopardy your data is being aware of the risks, having the control of what's going on and ... possibly have a 'B' plan ;-)
    P.S.S.: My last suggestion is to consider a migration to a later release AS SOON AS POSSIBLE; the latest is ODSEE 11.1.1.7, which is available here:
    http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html
    and seems to work pretty well ;-)

  • Password Policy on Directory Server 11.1.1.7.2

    Hi,
    I'm trying to set up a password policy with DS 11.1.1.7.2 but it doesn't seem to be getting applied to the users. I went through the DSCC gui and created a new policy that is supposed to remember the last 3 passwords and also expire in a couple days just for test purposes. I then set the compatibility mode to Directory Server 6 and clicked on "Assign Policy" and selected ou=people,o=xxxxxx,o=isp where my test accounts are.
    I've then tried using ldapmodify using the credentials to the accounts who's passwords I'm changing and it allows me to reuse the same passwords. I saw something about using a virtual attribute for assigning users to a policy. Is that required also?
    dn: cn=TestPWpolicy1,o=xxxxxxx,o=isp
    cn: TestPWpolicy1
    objectclass: sunPwdPolicy
    objectclass: pwdPolicy
    objectclass: ldapsubentry
    objectclass: top
    passwordrootdnmaybypassmodschecks: on
    passwordstoragescheme: CRYPT
    pwdallowuserchange: true
    pwdattribute: userPassword
    pwdcheckquality: 2
    pwdexpirewarning: 86400
    pwdinhistory: 3
    pwdmaxage: 172800
    pwdminage: 0
    pwdminlength: 2
    pwdmustchange: false
    createtimestamp: 20150302195541Z
    creatorsname: cn=admin,cn=administrators,cn=dscc
    entrydn: cn=testpwpolicy1,o=xxxxxxxx,o=isp
    entryid: 28
    hassubordinates: FALSE
    modifiersname: cn=admin,cn=administrators,cn=dscc
    modifytimestamp: 20150302195541Z
    nsuniqueid: 0a0ca681-c11611e4-800799c3-4c540d75
    numsubordinates: 0
    parentid: 2
    subschemasubentry: cn=schema
    Thanks for any help.

    Hello,
    A user entry references a custom password policy through the value of the operational attribute pwdPolicySubentry. When referenced by a user entry, a custom password policy overrides the default password policy for the instance.
    It is unclear to me whether you want to assign the new password policy to an individual account or to every user in ou=people,o=xxxx,o=isp.
    To assign a password policy to an individual account, just ddd the password policy DN to the values of the pwdPolicySubentry attribute of the user entry e.g.
    $ cat pwp.ldif
    dn: uid=dmiller,ou=people,o=xxxxxxx,o=isp
    changetype: modify
    add: pwdPolicySubentry
    pwdPolicySubentry: cn=TestPWpolicy1,o=xxxxxxx,o=isp
    $ ldapmodify -D cn=directory\ manager -w - -f pwp.ldif
    Enter bind password:
    modifying entry uid=dmiller,ou=people,o=xxxxxxx,o=isp
    $ ldapsearch -D cn=directory\ manager -w - -b dc=xxxxxxx,o=isp \
    "(uid=dmiller)" pwdPolicySubentry
    Enter bind password:
    version: 1
    dn: uid=dmiller, ou=People, o=xxxxxxx,o=isp
    pwdPolicySubentry: cn=TestPWpolicy1,o=xxxxxxx,o=isp
    $
    See Directory Server Password Policy - 11g Release 1 (11.1.1.7.0)
    You can also assign a password policy to a set of users using cos/roles virtual attributes as described in section 8.3.4 at Directory Server Password Policy - 11g Release 1 (11.1.1.7.0)
    -Sylvain
    Please mark the response as helpful or correct when appropriate to make it easier for others to find it

Maybe you are looking for

  • Verizon's Understanding of Courtesy

    I posted this to Fios Internet but I guess this would had been a better place, so I wanted to post it to the correct Forum. I have an Extreme HD Triple Play Verizon customer for almost 3 years. I recently have moved to a new location within the same 

  • Error while upgrading to 11.1.0.7 on RHEL 5 x64

    Hi, I'm trying to upgrade Oracle Database 11.1.0.6 to 11.1.0.7 but the installer fails in the linking stage. Please see details below. Platform: RHEL 5.3 x64 Error details: Error in invoking target 'client_sharedlib' of makefile '/u01/oracle/database

  • Watchguard XTM 515 SNMP not working

    Mine scan fine, and I have a mix of models including a 535. Here's how you set them up. In your snmp setup in policy manager, use version 3. Lets go with a snmp username of watchguardv3. Select SHA1 and DES. For all 4 password boxes, use the same pas

  • Depreciation Run gone wrong for Manual Assets

    Hi All We ran the depreciation run for period 4 - and now we see that the 2 manual assets are wrong because after changing the depreciation key from LINS to MANU - I forgot to 'recalculate values'  of the asset again so now the depreciation posted fo

  • Swing JTree in JDeveloper

    HI all, I'm trying to create a JTree using JDeveloper and when the JTree is displayed it displays color, food, sports etc as its elements. Does anyone knows how to change these default values using JDeveloper. Thanks Rajesh