Server LDAP on AirPorts

Similar Messages

• Access read-only LDAP for username/password, Directory Server LDAP for rest

  Hello! I keep trying to find documentation on the above, but thus far I have been unable to find something that explains this well (and my attempts at figuring out thus far have failed).
  I have a read-only LDAP that is used University wide, and I am not allowed to change how it currently operates. It uses double-bind authentication in that you search for a user to get their DN, then bind to that DN with the users password to see if it was correct.
  I'd like to use the above setup to verify a user's credential as well as return some basic information about them (name, email, etc). After this, I'd like to use another freshly installed Directory Server LDAP to manage the roles that seem to be needed for Portal Server (as I cannot write to the original LDAP).
  Any help or advice on the above would be appreciated! Thank you.

  The authentication you described is the default way LDAP authentication works.
  AM Ldap auth-module allows you to 'pull' attributes from the LDAP server you're using for authentication and store it in it's 'amSDK' Directory Server - which is leveraged by Portal Server (if you're talking about Sun's Portal Server).
  However this is only done if the profile is created (set 'dynamic profile generation' in auth - service).
  As Portal Server does not support the new 'identity repsoistory API' of AM you have to stick to AM's legacy mode when using Portal Server.
  To keep the the data in sync (if needed) you have to write a post-auth class.
  -Bernhard

• Mac Mini Server setup with airport express

  I have had issues trying to setting up mac mini server on my network. I wonder if my current hardware is the problem? At present I have a Thomson Router plugged into an airport express which broadcasts wifi for my house. I have been connecting to my wifi with my mac mini server. Despite running server assistant and setting up a DNS server in Mac Mini server no clients are able to connect to the DNS server (i.e. dig command works on server but not on clients). I found reference somewhere on the internet to the fact that the mac mini server must be plugged into the router via ethernet for it to be setup properly.
  Could this be the cause of my problems? Is it true?

  Just to clarify this is an airport express and not airport extreme therefore I am reliant on a wireless connection between my mac mini server and the airport express.
  The model of the Airport device here is largely irrelevant.
  Currently my Thomson router serves out an address of 192.168.1.67 to airport express router.
  Do you have any control over the gateway router?
  The airport express is configured to share out a single IP address
  Double NAT (which is what you have here) will cause you problems. Get rid of one layer of NAT.
  The airport express gives out addresses in range of 10.0.1.2-10.0.1.202 with 10.0.1.1 being the address for the airport express and 10.0,1.201 being assigned via DHCP to the mac mini server (using its MAC address to reserve the address)
  Within the private blocks, the IP addressing organization is your decision.
  The DNS server is set on the airport express to 10.0.1.201 (i.e. my server).
  OK. (I usually pick smaller numbers for more important boxes, because I tend to type addresses for those boxes more than the addresses of the boxes over in DHCP-land. But again, this is your call.)
  I guess I wondered if something funky was going on with server assistant during the setup. A post I read somewhere (I've lost the link) was someone in an identical situation who had issues and said that apple had stated that he need to be directly connected to the router by ethernet cable to get things working. I wondered if this is the issue. An airport express does not have a spare ethernet port to plug into so I wonder if I need to buy a wireless router with built-in ports i.e. airport extreme (expense+) or something similar.
  I'd probably switch the box to access point, but that presumes you can get (more) control over the gateway router.
  I can access by Thomson router but I able unable to change the DNS servers that it provides (set by my ISP) from the GUI. I'm sure you could probably do it from the commandline but I think this is beyond me. I did wonder if that is what is causing problems
  Talk with the ISP. You'd prefer to have the device switched to a bridge, if that's feasible. If not, then you're going to have to work within the confines of the particular model.

• Suggestions on serving LDAP from a desktop Mac (not server)

  I'd like to use a desktop machine to serve LDAP to a handful of Mac's- a mix of intel & powerpc desktops.
  Does anyone have suggestions as to how to accomplish this, or has anyone tried this?
  Thanks for any input.

  I'd install darwinports[1] and use theirport toolset to set that up.
  -Ralph
  [1] www.darwinports.org

• Monitor time of name server ldap@domain?

  our domain is 2003. fsmo roles on 2003 server. I have a san device reporting the error shown below.  it looks like the time of the windows domain (computers and dcs) are in sync with the local time of the san.  I had the support team for the san
  manually sync the time with our domain.  However, I still get these messages.  I'm wondering how could I monitor this time?
  Name server ldap@domain found a difference between its time (GMT: Fri Jan 
  2 07:48:53 2015) and local system time (GMT: Fri Jan  2 07:39:06 2015). The maximum allowed time difference is set to 300 seconds.
  Name server CIFS@domain found a difference between its time (GMT: Fri Jan 
  2 05:35:13 2015) and local system time (GMT: Fri Jan  2 05:25:27 2015). The maximum allowed time difference is set to 300 seconds.
  Name server krbtgt@domain found a difference between its time (GMT: Wed Dec 31 01:47:15 2014) and local system time (GMT: Wed Dec 31 01:38:11 2014). The maximum allowed time difference is set to 300 seconds.

  I'm assuming it resyncs automatically.  I read the help file on ntp sync but it doesn't say how often it resyncs. 
  After support manually synced the time, the error reoccurred less than 24 hours later.
  Every time I check the time in the web interface and my workstation, they are the same.  Hmm, I guess it could be syncing shortly before I come in.  One thing i'm noticing is that these errors are not happening during business hours. The times
  from day to day don't match up exactly but it seems 7p-11p would be a good time to look for errors.
  I assume Mr X's explanation of time source is correct.  However, I confused where they are getting these name server addresses from.  I didn't enter them into the system.  I don't see them in dns.  I'm not 100 % sure which server the
  san is contacting for this info. 
  I would recommend contacting your support to share the details about how your SAN time sync work and support you to solve the time sync issue on the SAN.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• External hard drive (Thunderbolt & USB) to be used as media server connected to Airport streaming to Apple TV?

  I just recently sold my Mac Pro and bought a new Macbook Pro with Retina Display and I love it.
  Here is my plan, I'm sure someone can help:
  I had all my media on my Mac Pro, which I would stream over my network to my Apple TV seemlessly. With my new MBP, I don't want to clutter my 500gb drive with my music and movie library, so I'm planning on keeping all music and video on an external drive that I can plug directly into my Airport Extreme station so I can stream everything from the drive to my Apple TV. Is this possible? I found this hard drive that has both a Thunderbolt and USB interface:
  http://www.amazon.com/Technology-MiniStation-Thunderbolt-Portable-HD-PA1-0TU3/dp /B008D4X9UI/ref=sr_1_1?ie=UTF8&qid=1344536171&sr=8-1&keywords=BUFFALO+MiniStatio n+Thunderbolt+1TB+USB+3.0+%2F+Thunderbolt+Portable+Hard+Drive+HD-PA1.0TU3
  I like to this this would work. That drives USB is 3.0, will that work with my Airport Express? Thoughts?

  ... so I'm planning on keeping all music and video on an external drive that I can plug directly into my Airport Extreme station so I can stream everything from the drive to my Apple TV. Is this possible?
  A HDD, attached to the AirPort Extreme, can perform as a Media Storage device ... but NOT as a Media Server. You will still need an iTunes Media Server (i.e., iTunes running on a Mac or PC) to provide the later services.
  The Extreme does not have a Thunderbolt port, but it does (as you know) have a USB 2.0 one. Your 3.0 HDD should work if it is backwards compatible (most 3.0 devices are).

• How to configure shared addressbook on Mac OS X Server + LDAP

  I have tried to study this issue but haven´t find any clear answer.
  We need to set up a shared addressbook on our organisation, apparently this is best to implement with LDAP(?).
  Users should be able to add new contacts with their email clients and use the shared db with Entourage/Thunderbird.
  We aren´t using OpenDirectory so the LDAP would serve only for the contacts.
  Is this possible to achieve with OS X Server?
  If so, how do I start? by enabling OpenDirectory and configuring LDAP? I didn´t find any way to add addresses or handling address db:n on Server Admin.

  Have you looked at Addressbook4LDAP...
  http://j2anywhere.com
  I think it gets installed elsewhere from the server, particularly if the server is already running ldap. Some favourable comment on other sites although I've not tried it myself yet. It's on my list for next week...
  -david

• Newbie: IBM Directory Server LDAP Java Implementation

  Good day friends,
  I'm new in developing LDAP applications. I'm using IBM Directory Server v4.1 & need to develop a application (a web application - JSP/Servlet/EJB). I'm doing this as part of a Web project where i need to store the User Info of the registering user to LDAP server with proper Organisational Hierarchy & Privileges. I'm using Java for this application. I have the proper JNDI environment set for LDAP interaction. Can anyone provide me with a best practice/right procedure for implementing this, like searching for an entry, inserting/updating an entry & how to make use of Attributes provided in IBM DS 4.1.
  I searched IBM redbook & others for this but without any success. All Prog references are pertaining to C & very minimal info for Java implementation. I found some info in other LDAP like Netscape & Novell, but there structuring is different from IBM DS. I would appreciate if anyone can throw some light on this regard. I would appreciate a complete Java Programmers Reference Guide for IBM Directory Server v4.1.
  Thanking u in anticipation.
  cheers,
  J2EEDev.

  I'm coping with the same question as you had.
  Did you get any valuable information or a Java programmers reference guide for IBM directory server ?
  If so, could you send me an url where I can obtain the required information ?
  Thanks for your reply !
  Dirk

• Newbie in need assistance configuring iChat server (LDAP).

  I needs some assistance in setting up iChat server for our office. I running LDAP and I have the iChat server basics setup and it is working, however my boss wants to set up different domains in iChat for the various departments (i. e. Accounting, Sales, production, etc.). These will not be accessed outside of the building. He states I need to configure additional search bases. It is at this point I am drawing a blank.

  Hi Paul,
  An intersetng one.
  James Weston may be able to post more on this.
  iChat can Chat to other Macs using the Bonjour option
  (Click the Apple/Command key + 2 together)
  Bonjour has to be enabled in the Account section of iChat Preferences.
  All computers have to be in the same subnet
  This is going to be the sticking point.
  Lets say you have one routing device for your local net and it issues all computers and devices with IP Addresses in the range 192.168.1.xxx then all the computers on on the same Subnet as there is only one LAN.
  If you have subsequent routers that change the IP addresses to somethng like 192.168.1.xxx for sales and 192.168.2.xxx fo accounts etc, then you will have subnets. Computers in 192.168.1.xxx will only see other Bonjour/iChat computers in that group and the same for 192.168.2.xxx but not from group to group.
  To show up in the Bonjour window iChat takes the Address Book Me card entry of the MAc user account and broadcasts it to the other computers.
  This would give you an option of using this method to pass out information where people were. The revelant "Sales" or "Accuounts" could be added to their Real Names.
  (Bonjour would have problems if several computers were changed to read just Sales as the Address Book name).
  An alternative would be to set up a VPN and have all computers on the same network for Bonjour independent of any of network they were on.
  James knows more about networks than I do and may have other information that may help.
  Ralph

• Email server LDAP authentication

  I have a Sun One Directory Server 5.2 and want to set up the sun mail server. I understand that the install lets you set it up with a directory server. But I want to know exactly how the mail server is using the ldap for authentication. Is there differences between OS's? Is it using a pam module on solaris? Is it application based or host based authentication? Thanks!

  Messaging Server uses a Directory Server very exstensively, not the PAM model at all. It's NOT host-based authentication.
  For additional information, you may want to examine some of the 5.2 documentation, including the Schema Guide and the Provisioning Guide:
  http://docs.sun.com/db/doc/816-6021-10
  http://docs.sun.com/db/doc/816-6018-10

• LDAPRealm and Microsoft Site Server (LDAP)

  I have problem setting up the LDAPRealm in Weblogic Commerce 2.0.1 and
  Personalisation Server connecting to a Microsoft Site Server.
  The ldaprealm.properties file is as below:
  weblogic.security.ldaprealm.url=ldap://localhost:389
  weblogic.security.ldaprealm.principal=cn=Administrator
  weblogic.security.ldaprealm.credential=password
  weblogic.security.ldaprealm.ssl=false
  weblogic.security.ldaprealm.authentication=none
  weblogic.security.ldaprealm.userAuthentication=local
  weblogic.security.ldaprealm.version=2
  weblogic.security.ldaprealm.userDN=o=test, ou=Members
  weblogic.security.ldaprealm.userNameAttribute=cn
  weblogic.security.ldaprealm.userPasswordAttribute=userpassword
  weblogic.security.ldaprealm.userCommonNameAttribute=cn
  weblogic.security.ldaprealm.groupDN=o=test, ou=Groups
  weblogic.security.ldaprealm.groupNameAttribute=cn
  weblogic.security.ldaprealm.groupIsContext=true
  weblogic.security.ldaprealm.groupUsernameAttribute=cn
  The server runs and halts at the last line of log:
  Fri Jul 28 11:58:21 GMT 2000:<I> <WebLogicServer> Server loading from
  weblogic.class.path. EJB redeployment enabled.
  Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> acl size = 211, pos ttl =60,
  neg ttl = 10
  Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> auth size = 211, pos ttl =
  60, neg ttl = 10
  Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> group size = 17, pos ttl =
  600, neg ttl = 600
  Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> perm size = 10000, pos ttl =
  600, neg ttl = 600
  Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> user size = 10000, pos ttl =
  600, neg ttl = 600
  Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getAclOwner("weblogic")
  Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> rewriting ACL
  "weblogic.jdbc.connectionPool.commercePool"
  Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getPermission("reserve")
  Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> perm: backup HAS reserve
  Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getPrincipal("everyone")
  Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getGroup("everyone")
  Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> getGroup("everyone")
  Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> search("o=telewest, ou=Groups,
  cn=everyone", "cn", "*")
  Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> lookup("o=telewest, ou=Groups,
  cn=everyone")
  Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> new JNDI context
  The server halted at that line. Can anyone explain that situation?
  We are sure that we could connect to the LDAP server since we have a JSP
  page connecting to the LDAP using the SUN's jndi-ldap driver. Would that be
  a LDAP version problem, if that is so, how could we set the
  "java.naming.ldap.version=2" environment variable as I have said in my JSP
  page.
  Thanks for answering.

  Yes, sorry by the mistake.
  "ramesh" <[email protected]> wrote:
  I think Johnny is trying to say : "If you change to SP9" or above...
  Try to get a copy of the ldaprealm.properties file from the unzipped
  SP8 and
  above. It is self explanatory from there. The current ldaprealm.properties
  which comes with WLS 5.1 and upto sp7 has been changed in SP8 and above.
  Yes my configuration is also same as his.
  Hope this helps.
  Ramesh
  "Johnny Valdez" <[email protected]> wrote in message
  news:3b44ebb3$[email protected]..
  I recommend you change your service pack to 9, because the 6 has someproblems
  with LDAP...
  if you change to sp6 you could use this
  ### Server type
  server.alias=microsoft
  ### Microsoft Site Server
  # This follows the default Microsoft Site Server (MSS) schema.
  microsoft.server.host=ldapserver.example.com
  microsoft.server.principal=cn=Administrator, ou=Members,o=ExampleMembershipDir
  # microsoft.server.credential=*secret*
  microsoft.user.dn=ou=Members, o=ExampleMembershipDir
  microsoft.user.filter=(&(cn=%u)(objectclass=member))
  microsoft.group.dn=ou=Groups, o=ExampleMembershipDir
  microsoft.group.filter=(&(cn=%g)(objectclass=mgroup))
  create a file ldaprealm.properties with this configuration and saveit
  into the
  Weblogic root directory.
  greetings..
  "Satya Ghattu" <[email protected]> wrote:
  Hello,
  I am trying to use an Microsoft site server as my LDAPRealm with weblogic
  5.1 sp6, but in vain. Is there anybody out there who configured microsoft
  site server with WLS sp6 and lesser? If yes, could you please post
  your
  configuaration properties?
  Thank you,
  -satya

• DNS Server issues on Airport Extreme since last update

  Since the last update to my Airport Extreme, my windows 7PC's show connected to internet but do not connect due to DNS server. Windows 8 computer works fine as does Mac. Mac is the only wireless computer I have mentioned. The wireless router is segregated so it should have no effect on anything on my network but it somehow does..... can anyone explain?

  Thanks for your reply.
  I tried everything I found in the web, but nothing worked. I even cleared the HDD and reinstalled the OS (and resetted SMC and PRAM), but now there doesn't seem to be an AirPort - as if it never had exist.
  Until that I have been very happy with the decision to switch to Mac instead of using a Windows PC, but that casts a cloud on it (in the last 10 years none of my windows PC's ever had a hardware defect).
  Fortunately the MacBook is half an year old, so I will bring it back to the seller hoping the best.

• BI Publisher login using Domain - does not recognize from BI Server LDAP

  We are using BI Server security for BI Publisher. I have specified 3 LDAP servers within the repository, with domains PUBLIC, AGENT, CORPORATE. I can login to Presentation Services just fine with these domains. ex: AGENT/<user>. However, when I try to login to BI Publisher directly with a domain, it will not work. I can login without the domain just fine. My problem is we have logic we want to run in BI Server based on the domain that a user logs into.
  How can I get BI Publisher to recognize a login domain?

  No it does not. I believe these are two different issues, so I assumed I should create a new thread. This question is simply, how to have BI Publisher recognize that I am using a domain identifier during logon. My other thread was how to default a domain if the user did not specify one. So, I'm going to assume I can't default one. Assume I'm doing nothing in the init blocks but straight LDAP authentication against 3 LDAP servers. BI Publisher is using BI Server security model. Shouldn't BI Publisher accept the entry of a domain during login? ex: CORPORATE/<user>. That is my question. Any help is much appreciated.

• 10.6.3 breaks my server: LDAP borked!

  I just upgraded a mac mini server from 10.6.2 to 10.6.3, and LDAP is broken. I haven't figured out WHY yet, but it's very annoying. I'm able to SSH in as a local, non-DS user, so I should be able to figure out what's going on.
  But I doubt I'm the only one who has this problem.

  I just got my Mini Server with 10.6 on it. Went to set it up, got two users configured. Decided to install upgrades/updates. I found 10.6.3 update and did install. I was not able to log in to desktop again. Remote admin Tools got me into the Server, but that's it. It looked like LDAP was busted. Since it was brand new install I decided to format the drives and reinstall, now I'm sitting on 10.6 and looking for update that works. All SW updates are installed and working - except OS. Does 10.6.3 v1.1 fix that problem?

• Can't change DNS server setting on airport express

  new airport express, comcast cable ISP, i cannot change the DNS server settings, they are greyed out.  why  is there no way to change this?

  Mark-
  Did you get the AE to actually use the OpenDNS servers?  I have the new AE and Airport Utility 6.3.1 and while I can enter the OpenDNS server settings (208.67.222.222 and 208.67.220.220), they don't work.  When I use a Wi-Fi connected device (my iPhone, for example) it sill uses the Comcast DNS settings, totally ignoring the OpenDNS settings.  I don't know when they stopped working, but they worked in the past.  I've used the old Airport Utility as well (5.6) and it says the OpenDNS settings are active, but they aren't.
  I want to use the OpenDNS settings for Wi-Fi connected devices in my home for content filtering.  If anyone knows of a DOCSIS 3 cable modem that allows setting DNS servers, that would be an option too, but unfortunately, my Motorola SurfBoard SBG6580 does not.