Solaris 10 ldapclient set up cert8.db and key3.db
I'm currently working on setting up a multi-master ldap cluster in a multi-site layout. There were a couple of questions which I have been trying to find the anser to but haven't had much luck.
1. Is it possible to have a single cert8.db and key3.db generated to be used across all the clients which will be authenticating via tls, I have currently set up a CA on one of the master servers which I have used to issue cert's for all the servers in the cluster. Or is the only option to have the cert8.db and key3.db generated per site and used as such.
2. Is there any way of getting the clients to import the certificate keys automatically without having to scp them around and then chmod them.
>
1. Is it possible to have a single cert8.db and key3.db generated to be used across all the clients which will be authenticating via tls, I have currently set up a CA on one of the master servers which I have used to issue cert's for all the servers in the cluster. Or is the only option to have the cert8.db and key3.db generated per site and used as such.The clients need to trust the CA which signed your LDAP servers' SSL certificates.
In other words, your cert8.db/key3.db for this case only needs to have the public certificate for the CA you used to sign your LDAP server certs.
You'll be happy to hear that "yes", this single cert8.db/key3.db set can be used on all clients.
The slight exception is Solaris clients with very old NSS libraries installed (early Solaris 8). These clients need a cert7.db/key3.db set... but again, this same set can be used on all of them. This won't matter to you if all your clients are Solaris 9 or later with recent patch clusters.
2. Is there any way of getting the clients to import the certificate keys automatically without having to scp them around and then chmod them.No keys involved on the client in this case, just the CA's public cert.
You do have to copy them onto each client. chown root:root, chmod 444.
Similar Messages
-
Solaris 10 as router using ipfilter and nat
Hi,
I installed Solaris 10 on a second disk on an Ultra 5, but have no
success on using
ipfilter with NAT.
I have it working on the first disk with Solaris 9 and ipfilter 3.4.35.
I have pfil on both interfaces (hme0 internal and qfe0
external-internet) and ipfilter enabled. I used the working rule sets
from Solaris9 and have ip-forwading enabled. IPFilter is working on the
external interface, but none of the hosts on the internal network can
connect through the router to the internet, but they can ping both
interfaces.
I had the same problem with Solaris 9 using ipfilter 4.x and had to go
back to 3.4.35.
ipfstat shows all rules are loaded and ipnat -l shows the rules, but no
connections. ndd -get /dev/ip ip_forwarding returns 1.
Following are my rules:
ipf.conf
lock in log quick all with opt lsrr
block in log quick all with opt ssrr
block in log quick all with ipopts
block in log quick proto tcp all with short
block in log quick proto icmp all with frag
block in log quick on qfe0 from 10.0.0.0/8 to any
block in log quick on qfe0 from 127.0.0.0/8 to any
block in log quick on qfe0 from 169.254.0.0/16 to any
block in log quick on qfe0 from 172.16.0.0/12 to any
block in log quick on qfe0 from 192.0.2.0/24 to any
block in log quick on qfe0 from 192.168.0.0/16 to any
block in log quick on qfe0 from 204.152.64.0/23 to any
block in log quick on qfe0 from 224.0.0.0/3 to any
block in log quick on qfe0 from aaa.aaa.aaa.0/24 to any
block in log quick on qfe0 from any to aaa.aaa.aaa.0/32
block in log quick on qfe0 from any to aaa.aaa.aaa.255/32
block in log on qfe0 all
block out quick on qfe0 proto tcp/udp from any port 136 >< 140 to any
block out quick on qfe0 proto tcp/udp from any to any port 136 >< 140
pass out quick on qfe0 proto tcp all flags S/SA keep state keep frags
pass out quick on qfe0 proto udp all keep state keep frags
pass out quick on qfe0 proto icmp all keep state keep frags
pass out quick on qfe0 all
pass in quick on lo0 all
pass out quick on lo0 all
pass in quick on hme0 all
pass out quick on hme0 all
ipnat.conf:
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port ftp ftp/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 7070
raudio/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 1720
h323/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 portmap tcp/udp auto
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32
aaa.aaa.aaa.aaa = internal network
bbb.bbb.bbb.bbb = external
My routeadm statement shows:
Configuration Current Current
Option Configuration System State
IPv4 forwarding enabled enabled
IPv4 routing enabled enabled
IPv6 forwarding disabled disabled
IPv6 routing disabled disabled
IPv4 routing daemon "/usr/sbin/in.routed"
IPv4 routing daemon args ""
IPv4 routing daemon stop "kill -TERM `cat /var/tmp/in.routed.pid`"
IPv6 routing daemon "/usr/lib/inet/in.ripngd"
IPv6 routing daemon args "-s"
IPv6 routing daemon stop "kill -TERM `cat /var/tmp/in.ripngd.pid`"
Any suggestion what more checks I should do or what additional information is needed.
Regards,
HorstHi,
I installed Solaris 10 on a second disk on an Ultra 5, but have no
success on using
ipfilter with NAT.
I have it working on the first disk with Solaris 9 and ipfilter 3.4.35.
I have pfil on both interfaces (hme0 internal and qfe0
external-internet) and ipfilter enabled. I used the working rule sets
from Solaris9 and have ip-forwading enabled. IPFilter is working on the
external interface, but none of the hosts on the internal network can
connect through the router to the internet, but they can ping both
interfaces.
I had the same problem with Solaris 9 using ipfilter 4.x and had to go
back to 3.4.35.
ipfstat shows all rules are loaded and ipnat -l shows the rules, but no
connections. ndd -get /dev/ip ip_forwarding returns 1.
Following are my rules:
ipf.conf
lock in log quick all with opt lsrr
block in log quick all with opt ssrr
block in log quick all with ipopts
block in log quick proto tcp all with short
block in log quick proto icmp all with frag
block in log quick on qfe0 from 10.0.0.0/8 to any
block in log quick on qfe0 from 127.0.0.0/8 to any
block in log quick on qfe0 from 169.254.0.0/16 to any
block in log quick on qfe0 from 172.16.0.0/12 to any
block in log quick on qfe0 from 192.0.2.0/24 to any
block in log quick on qfe0 from 192.168.0.0/16 to any
block in log quick on qfe0 from 204.152.64.0/23 to any
block in log quick on qfe0 from 224.0.0.0/3 to any
block in log quick on qfe0 from aaa.aaa.aaa.0/24 to any
block in log quick on qfe0 from any to aaa.aaa.aaa.0/32
block in log quick on qfe0 from any to aaa.aaa.aaa.255/32
block in log on qfe0 all
block out quick on qfe0 proto tcp/udp from any port 136 >< 140 to any
block out quick on qfe0 proto tcp/udp from any to any port 136 >< 140
pass out quick on qfe0 proto tcp all flags S/SA keep state keep frags
pass out quick on qfe0 proto udp all keep state keep frags
pass out quick on qfe0 proto icmp all keep state keep frags
pass out quick on qfe0 all
pass in quick on lo0 all
pass out quick on lo0 all
pass in quick on hme0 all
pass out quick on hme0 all
ipnat.conf:
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port ftp ftp/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 7070
raudio/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 1720
h323/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 portmap tcp/udp auto
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32
aaa.aaa.aaa.aaa = internal network
bbb.bbb.bbb.bbb = external
My routeadm statement shows:
Configuration Current Current
Option Configuration System State
IPv4 forwarding enabled enabled
IPv4 routing enabled enabled
IPv6 forwarding disabled disabled
IPv6 routing disabled disabled
IPv4 routing daemon "/usr/sbin/in.routed"
IPv4 routing daemon args ""
IPv4 routing daemon stop "kill -TERM `cat /var/tmp/in.routed.pid`"
IPv6 routing daemon "/usr/lib/inet/in.ripngd"
IPv6 routing daemon args "-s"
IPv6 routing daemon stop "kill -TERM `cat /var/tmp/in.ripngd.pid`"
Any suggestion what more checks I should do or what additional information is needed.
Regards,
Horst -
Process for setting up new directories and files on Unix
I am trying to document a process �Process for setting up new directories and files on Unix batch servers�.
Developer will be developing project on Windows and I need tell them as well as QA team how the Unix directory and file structure.
Please let me know how is the process in Unix on AIX.
If I get some documentation regarding this it will be useful.
Thanks in advance
Regards
Sanwell on unix/Linux/solaris there are no drives but storage heirarchy starts with a root directory represented with ' / '. and all files and directories are created in root directoy like
/usr/local/bin
/export/home/san
etc
also filesystem of unix consists iNodes rathar than FAT entries as in case of Windows.
some basic information is available at
http://www.techonthenet.com/unix/index.php
Regards -
Managing cert7.db and key3.db without Netscape
I'm trying to set up an LDAP client with TLS enabled. The admin guide says to use Netscape Communicator to create and manage the cert7.db and key3.db files. I do not have Netscape Communicator installed and I do not have the option of installing it.
Is there another utility that will allow me to manage these two files?You may be able to use the NSS security tools from Mozilla, http://www.mozilla.org/projects/security/pki/nss/tools/index.html
Note: This method is likely to take more time and effort than doing it as described in the docs. Your mileage may vary. -
I just got my new i phone 5 s and did all the syncing and backing up for my old iphone 4s and set my 5 up and synced it on itunes. It synced evrything but the contacts and other minor things. those were the only things that really transfered. My apps and all my music did not. Tthe thing is when i just went to go manually start dowmloading a few of the songs that i knew i already bought , itunes is making me pay forthem again. Its not saying instal like it usuall does when you go download something aleady purchased on your itunes account. I think or thought it might have something to do with the fact that i just changed my apple id name right before i got my new phine but my apps all re-downloaded (manually-no syncing) without making me pay for them again. i dont want to have to purchase allllll my songs again. Can someone please help me!! Itried going back to my old id or signing out of this id and signing in as my old apple id but now it wot even get on that oneits likjeit doesnt exist anymore.. And when i plug my old phone it shows in the itunes everything thats supposed to be there but all that doesnt stay in the itunes when i actually un plug it so when i plug my 5 in to my computer none of the stuff is in the store for me to actually transfer it I am so good with technology and this has me stumped please help
No it's not stealing. They have an allowance that you can share with so many computers/devices. You'll have to authorize her computer to play/use anything bought on your acct. You can do this under the Store menu at top when iTunes is open on her computer.
As far as getting it all on her computer....I think but I am not sure (because I don't use the feature) but I think if you turn on Home Sharing in iTunes it may copy the music to her computer. I don't know maybe it just streams it. If nothing else you can sign into your acct on her computer and download it all to her computer from the cloud. Not sure exactly how to go about that, I haven't had to do that yet. I wonder if once you authorize her computer and then set it up for automatic downloads (under Edit>Preferences>Store) if everything would download. Sorry I'm not much help on that. -
When i connect my iPhone to iTunes, it says i have to set up my iPhone, and wont allow me to sync any media i have already purchased on it. My phone is not new, so I dont understand? This all came about when i updated the iOS 6 software. I have tried to re-set up my phone but it makes no difference and deletes everything off my phone.
bubblesblom wrote:
Okay, so my friends think it is funny to change the passcode on my iPhone.
Maybe you should get new friends.
I'm not sure that recovery mode works when you have to trust the computer, but did you try it?
If you can't update or restore your iOS device - Apple Support
If that won't work, perhaps you can use Find my iPhone from a computer in your iCloud.com account to erase the device.
iCloud: Erase your device - Apple Support
This has nothing to do with the Find my iPhone app being installed on the phone, but you do have to have Find my iPhone activated in the iCloud settings on the phone. -
I was using my iphone just like any normal day and out of blue it went off because I let the battery die
it was 1% and I didn't put on charger, I forgot
so I put it on charger just like any normal day and it charged for sometime then it started to turn on
suddenly I got a weird screen on it a pic "iOS 6" and slide button saying "slide to set up" with all languages
I pulled that slide button
I found a screen of
Apple ID Sign In:
To finish setting up iCloud, iMessage, and FaceTime enter Apple ID password for ********@icloud.com
password:
so I wrote my password then clicked next
it got me to another screen saying "Updating iCloud settings...."
then it kept loading and loading so I restarted my mobile then I did all the above steps again
the next time it loaded fast and got me a new screen saying :
Your iPhone is now set up.
You're ready to start using the most advanced iOS ever
Start using iphone
and when I click on start using iphone, the iphone restarts itself and repeats the steps again !!!!!
I've tried everything, restarting my iphone, doing the steps, respring, clicking on home and off button, EVERYTHING !!!!
but it keeps redoing that stupid steps without any end
please HELP ME!! I need my iphone back!!!weird, i would try to restore through iTunes and set up as new as a test.
-
I am trying to create a simple animated gif in Photoshop. I've set up my frames and want to use the tween to make the transitions less jerky. When I tween between frame 1 and frame 2 the object in frame two goes out of position, appearing in a different place than where it is on frame 2. Confused!
Hi Melissa - thanks for your interest. Here's the first frame, the second frame and the tween frame. I don't understand why the tween is changing the position of the object in frame 2, was expecting it to just fade from one frame to the next.
-
Where is the hyphen on the apple TV? I am trying to set up my network and there is a hyphen in the password for the network
A few options to try:
They hyphen should be next to the + on the character map.
If you are still having issues, provided your ATV software is up to date, you can now connect an Apple Wireless Keyboard through bluetooth connections.
Change your network password so it does not use a hyphen
Good luck! -
How to set up DEV, TEST and PROD environment?
We have used BI publisher Enterprise (standalone), Oracle BI Publisher 10.1.3.4.1. Our admin set up DEV, TEST and PROD environment based on the folder. For example, there is DEV folder, TEST folder and PROD folder. Developer is developing reports under DEV folder. Under TEST and PROD folder, there are many sub-folder based on the login user role. Sometimes a report has to be assigned to a multiple sub-folder under PROD. So our admin create symbolic links in the Linux box which BI server is located. That way, if a report is updated, there is no need to update the report in all sub-folder.
The issue I have is we are not allowed to touch any files under TEST/PROD folder. Only admin will move the report from DEV folder to TEST/PROD folder because those links admin created might be broken. However, as a developer, we still have permission to delete/rename/copy report under those restricted folders. Yesterday one report under PROD has been renamed by a developer. And admin complains because the links he has created not working anymore. Just wonder if admin doesn't allow developers to touch the reports under those folders, is there a way to remove the write permission on those folders? Also do you think this is a good practice to set up DEV, TESDT and PROD environment? Any input will be greatly appreciated.We have used BI publisher Enterprise (standalone), Oracle BI Publisher 10.1.3.4.1. Our admin set up DEV, TEST and PROD environment based on the folder. For example, there is DEV folder, TEST folder and PROD folder. Developer is developing reports under DEV folder. Under TEST and PROD folder, there are many sub-folder based on the login user role. Sometimes a report has to be assigned to a multiple sub-folder under PROD. So our admin create symbolic links in the Linux box which BI server is located. That way, if a report is updated, there is no need to update the report in all sub-folder.
The issue I have is we are not allowed to touch any files under TEST/PROD folder. Only admin will move the report from DEV folder to TEST/PROD folder because those links admin created might be broken. However, as a developer, we still have permission to delete/rename/copy report under those restricted folders. Yesterday one report under PROD has been renamed by a developer. And admin complains because the links he has created not working anymore. Just wonder if admin doesn't allow developers to touch the reports under those folders, is there a way to remove the write permission on those folders? Also do you think this is a good practice to set up DEV, TESDT and PROD environment? Any input will be greatly appreciated. -
How do I set up the "Objects and Attachments"
Hi .... I'm new at WorkFlow (and SAP for that matter) and have inherited a WF that is already built. In several of the steps I can see "Objects and Attachments" on the work item screen where a User can click to be directed to a transaction. For example, on one screen the User can click on "Incoming Invoice: 5105601690" to be directed to the Invoice Display Screen that is populated with information for that particular invoice (5105601690).
I am looking at the WF using TCode SWDD and cannot figure our how the original developer set this up. So my question is ..... for a particular WF step, how do you set up the "Objects and Attachments: area so that the User will be directed to a particular transaction when he/she clicks on it.
Thanks in advance, and sorry for such a "juvenile" question.
Dan AThanks for your reply Rajkumar,
I am looking at the screen you have directed me to. Business object is BUS2081 (actually it is ZMMWBS2081 which is a customized version BUS2081) Method is "Display" and Attribute is "InvoiceDocNumber". How do I know by looking at this that "Display" means Display Invoice? What if I wanted to display the PO instead?
Thanks for the "spoon feeding".
Dan A -
How can I set BPEL server enviorment and create BPEL domain?
Without use the http console, how can I set BPEL server enviorment and create BPEL domain?
When I try to use API like below
import com.oracle.bpel.client.Server;
Server s = new Server(ServerAuthFactory.authenticate("oracle","localhost"));
But I always got four exceptions and one warning like below:
java.io.FileNotFoundException: C:\Workspace\WOSEDISystem\BPEL_Domain_Creation\config\security.properties (The system cannot find the path specified)
java.io.FileNotFoundException: C:\Workspace\WOSEDISystem\BPEL_Domain_Creation\config\ejb.properties (The system cannot find the path specified)
Warning: unable to read transaction.interoperability config property
java.io.FileNotFoundException: C:\Workspace\WOSEDISystem\BPEL_Domain_Creation\config\security.properties (The system cannot find the path specified)
java.lang.Exception: Failed to create "ejb/collaxa/system/ServerBean" bean; exception reported is: "javax.naming.CommunicationException: Can't find SerialContextProvider
Is it right to use com.oracle.bpel.client.Server like this, please help me.
Best regards,
VitaAnyone can help me? Because I need deploy BPEL process on production server, so I need the Java funtion to create domain. Thank you very much if you can tell me the correct method of using com.oracle.bpel.client.Server API.
-
I have an iTunes account with my own music library. My wife wants to have her own music library. Is there a way to set up a sub account for her, or do I have to set up a set of husband playlists and a set of wife playlists?
Sorry, but that's not possible.
You can share iTunes libraries on a network > iTunes: Setting up Home Sharing on your computer -
How do I set-up my IPhone and IPad to print wireless to a Epson xp-600 printer
How do I set-up my iphone and ipad to wireless print using a epson xp-600 wireless printer. Instructions with the epson ask's to load the disc in each computor that you want to use this printer. Do I have to sync each device to the mac for this to happen
Fortunately, the Epson XP-600 is AirPrint compatible!
So this guide tells you the simple setup:
AirPrint basics -
How do I set up my drag and drop questionaire to export to a XML file?
How do I set up my drag and drop questionaire to export to a
XML file?
I have a 70 seperate SWF files that pose a question and
contain a drag and drop rank order response of 1,2,3,4.How do I set
up a XML file that receives the responses.I don't understand how to
do the Actionscript
and get my responses to connect to the XML.Please
Help!Thanks!
Here's an example of my XML.
<assessment>
<sessionid>ffae926ea290ee93c3f26669c6c04a92</sessionid>
<request>save_progress</request>
<question>
<number>1</number>
<slot_a>2</slot_a>
<slot_b>1</slot_b>
<slot_c>4</slot_c>
<slot_d>3</slot_d>
</question>
<question>
<number>2</number>
<slot_a>4</slot_a>
<slot_b>3</slot_b>
<slot_c>2</slot_c>
<slot_d>1</slot_d>
</question>
<question>
<number>3</number>
<slot_a>1</slot_a>
<slot_b>2</slot_b>
<slot_c>3</slot_c>
<slot_d>4</slot_d>
</question>
</assessment>Use XML.sendAndLoad.
http://livedocs.macromedia.com/flash/8/main/00002879.html
You will need a server script to receive the XML structure
and it depends on
the server scripting language how you obtain that data. Then
you can either
populate a database or write to a static file or even email
the XML data
received from Flash.
For a basic example, I have two links I use for students in
my Flash
courses:
http://www.hosfordusa.com/ClickSystems/courses/flash/examples/XMLASP/Ex01/XMLASPEchoEx01_D oc.php
http://www.hosfordusa.com/ClickSystems/courses/flash/examples/XMLPHP/EX01/XMLPHPEchoEx01_D oc.php
Lon Hosford
www.lonhosford.com
May many happy bits flow your way!
"kenpoian" <[email protected]> wrote in
message
news:e5i9hp$cs6$[email protected]..
How do I set up my drag and drop questionaire to export to a
XML file?
I have a 70 seperate SWF files that pose a question and
contain a drag and
drop rank order response of 1,2,3,4.How do I set up a XML
file that receives
the responses.I don't understand how to do the Actionscript
and get my responses to connect to the XML.Please
Help!Thanks!
Here's an example of my XML.
<assessment>
<sessionid>ffae926ea290ee93c3f26669c6c04a92</sessionid>
<request>save_progress</request>
<question>
<number>1</number>
<slot_a>2</slot_a>
<slot_b>1</slot_b>
<slot_c>4</slot_c>
<slot_d>3</slot_d>
</question>
<question>
<number>2</number>
<slot_a>4</slot_a>
<slot_b>3</slot_b>
<slot_c>2</slot_c>
<slot_d>1</slot_d>
</question>
<question>
<number>3</number>
<slot_a>1</slot_a>
<slot_b>2</slot_b>
<slot_c>3</slot_c>
<slot_d>4</slot_d>
</question>
</assessment>
Maybe you are looking for
-
Is there a way to save a job action for YouTube upload in Compressor 3.5?
Is there a way to save a job action for YouTube upload? I have about 25 - ten minute clips I want to upload and they all pretty much have the same description and tags. Is there a way to save/make a preset of the job actions that way I don't have to
-
Query Regarding ALV - Very Urgent
Hi experts, I have defined a ALV grid in my program using the startdard function module as editable. Now I want the grid to be displayed in the screen with my pf-status. how can i do that?. Here is the sample code. REPORT zadvcformsub NO STANDARD
-
My PSC 6180 has stopped printing wirelessly from my Windows 7 laptop. I am considering buying the one-time phone support, but is that $20 for one phone call or one issue? I seriously doubt I can fix this (if I even can) in one (or even two) phone c
-
What field represents Payment terms in order tables
Hello BW-SD Experts I am implementing a project that requires a report on payment terms of an order. This is a BW project but however, it is an SD report. I need to know what field represents payment terms in SD tables - header or item table? Which f
-
Nevermind - downloaded the free trial of Acrobat XI and it is amazing!