Solaris 8 and iPlanet Directory Server 5.1: Help

Similar Messages

• OAS 4.0.8.2.1.a and Iplanet Directory Server

  How can I add the schema needed for OAS 4.0.8.2.1a into a Netscape Directory Server so that the OAS can create the objects needed for listener names etc?

  ^UP^

• Oracle Portal for LDAP Authentication using Iplanet directory server

  I have oracle portal on solaries machine and Iplanet directory server 5.1 on windows NT,
  Can i user portal user authentication Iplanet LDAP.
  Regards
  srinivas

  Yes You can. You have to provide the necessary info while running the ssoldap.sql.
  Vinodh R.

• Installation Error with iPlanet Directory Server 5.1 SP1 and Windows 2000

  Hello,
  I'm having real trouble getting iPlanet Directory Server installed on a Windows 200 Server machine. Every time I install it, no matter what options I choose, I get this series of popup boxes at the end:
  - Setup is unable to store configuration data in the LDAP directory
  - Unable to create Administration Server configuration
  - Could not authenticate ldap connection, "Unknown error"
  - Unable to set ACI in Configuration Directory Server
  But searching on this forum, I have found a lot of post. I have tested the different solution proposed :
  * Add on the host file the short name and the long name of my machine with it's IP adress
  * When the installation process crash, uninstall the software, reboot the machine and then restart the installation
  With all this solution, the problem is always here.
  Could you help me ?
  Boris MANCHETTE

  Are you using Terminal Services. iPlanet DS will not install properly over Terminal Services. You have to install from the direct attached console.
  Ted

• Differences between SunONE, iPlanet and Netscape Directory Server

  What are the differences between SunONE, iPlanet and Netscape Directory Server?
  When I go to docs.sun.com - Products Categories, I saw that they've documentation regarding with SunONE, iPlanet, Netscape Directory Server listed under Directory Server.
  I know that they're all different directory server, but is it one newer than other? If I'm not wrong, I assumed that Netscape transformed into iPlanet, and then from iPlanet, it transformed to SunONE. If that is the case, is that mean that all of it's console and how it works should be very similar?
  Thanks!

  That is exactly what I thought.
  so when people refer SunONE Directory Server 5.1, then that's mean iPlanet Directory Server 5.1, right?
  Because I'm looking at Solaris 9's specification and it mentioned that it bundled with SunONE Directory Server 5.1.
  Thanks for answering my question! :)

• Error while installing iplanet directory server 5.0

  Hi I am trying to install iPlanet directory server 5.0 on my local machine.My computer name doesnot contain any domain name.it is simply like "ERT3210".
  While installing Directory server it is asking for the computer name and if i give the computer name without domain it is not accepting.And i am unable to rename my computer name suffixing domain name as it is not contained in any domain..Now How can i give the computer name to install directory server?.Its very urgent for me.It will be great help if any one give reply.

  Start/Stop Directory Server and Start/Stop Admin Server are usually present in My Computer/Manage/Services, just start or stop the service.
  Assuming the install root directory is %LDAP_ROOT%
  You could always create program icons for
  1) start/stop dirrectory server
  %LDAP_ROOT%\slapd-%COMPUTERNAME%\start-slapd.exe
  %LDAP_ROOT%\slapd-%COMPUTERNAME%\stop-slapd.exe
  2) start/stop admin server
  %LDAP_ROOT%\start-admin.exe
  %LDAP_ROOT%\stop-admin.exe
  3) SUN ONE Console (iPlanet Console)
  %LDAP_ROOT%\startconsole.exe
  Gary

• Info about Japanese iPlanet Directory server

  I am evaluating Japanese localized version of directory server.
  I am not able to find any document which can tell me about the
  localization of this product.
  I have following questions:
  1. What level of localization is done. Has console localized ?
  Does log messages localized.
  2. What env variables I need to set to see console GUI in Japanese
  3. Do I need to set some env variables (like $LANG) before running the start script.
  It is urgent for me, if somebody can answer these or point me to some good doc, it will great
  help to me
  Thanks
  - Bharat

  Hi,
  Info about japanese iPlanet directory Server.
  Gateway is localized for English, Japanese, French, Spanish, and German. You can configure the gateway to support additional locales.
  Language files are stored in /usr/iplanet/servers/dsgw/html/lang and /usr/iplanet/servers/dsgw/config/lang, where lang is defined in RFC1766.
  For example, language files for Japanese are stored in /usr/iplanet/servers/dsgw/html/ja and /usr/iplanet/servers/dsgw/config/ja[true]).
  Support for the character sets necessary to render a particular locale (language) must be available in the browser's configuration.

• IPlanet directory server can't start in a user account - A bug?

  I installed iplanet directory server 5.1 in Solaris 9. I am using typical install mode. I set UserA/GroupA to represent the directoy server that means the directory server instance running in this user account. After I input the user name and group name, it gives a very strange message, say "suffix must have a valid dn. Press any key to continue" After I press any key, it continue to do other setup. Once instllation done, if I try to login as that user account and start-slapd, it just give an error message, " iplanet/servers/bin/slapd/server do not have permission". I checked this directory, UserA do not have even read access to the directory.
  So is this a bug in this verion of directory server/
  Thanks,
  Iris

  It's very likely that you gave an Invalid DN for the Suffix of your directory instance...
  The setup should have asked again the DN... It looks like a problem with the setup command.
  Ludovic

• Last Logon Time in Iplanet Directory Server 4.1

  Hi,
  It would be great help if any one of you could let me know the attribute in Iplanet Directory Server 4.1 to get the Last Logon Time of a particular account.
  The Directory Server is on solaris.
  Thanks

  Hari,
  You can try to find it from the logfiles.
  I actually designed a plugin for this type of thing, but it's not yet implemented. It would simply write a timestamp to a user's entry after every successful bind, among other things which I won't go into detail about now...
  Oletko suomessa?
  podzap

• Where can I get iPlanet Directory Server 4.1.3 for Linux

  Hello everyone,
  we are developing IMPS solution. but we need to support legacy system. How can we get a iPlanet Directory Server 4.1.3 for Linux for evaluation?
  Many thanks
  Billiken Xie

  Why you want to have NDS 4.11? Any version of the NDS 4.1x will support Solaris 2.6 and 8. This version is nolonger available in iplanet's site. I suggest you to get NDS 4.13 or later version. At iplanet's web site, you will find the latest version, 4.16. Also, you will find 4.13 from Solaris 8's CD ording from Sun's reseller.
  Lucas

• Roles in iPlanet Directory Server v5.0 und JNDI.

  Hi!
  I have the following problem:
  How can I find and change the Role object in iPlanet Directory Server v5.0 via JNDI? It's possible ?
  Regards,
  Andriy

  Hi,
  It is not necessary to go in such a way for going and adding the corresponding roles.
  For eg
  Here is an LDIF file which plays an important role in making the attributes.
  Here is an sample fedup.ldif file
  dn: uid=timb,ou=Customers,o=fedup.com
  objectclass: customer
  objectclass: inetorgperson
  objectclass: organizationalPerson
  objectclass: person
  objectclass: top
  cn: Tim Briggs
  uid: timb
  givenname: Tim
  customerid: timb
  sn: Briggs
  facsimiletelephonenumber: 4101
  telephonenumber: 4145
  creatorsname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
  createtimestamp: 20000401084012Z
  aci: (target="ldap:///uid=timb,ou=Customers,o=fedup.com")(targetattr="*")(version 3.0; acl "unknown"; allow (all) userdn = "ldap:///anyone": )
  ou: Customers
  mail: [email protected]
  userpassword: bakru
  modifiersname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
  modifytimeStamp: 20000502084001Z
  Here I have sepecified userid as timb and password as bakru and with corresponding roles in aci.
  After making the LDIF file you have to import it in Directory server.
  For that you have to Iplanet Console menu, from there click on Import for the ldif file to get imported.
  Or else you can go for ldapadd, ldapmodify commands.
  Also if you are going to add new attributes which is not known by Directory server, Please follow these process.
  Creation of our own USER SCHEMA Files:-
  It is necessary for adding the attributes which are not defined in the
  Netscape directory server. In the above, customerid which is defined in ldif
  file is not existing in the directory server.
  Here is the Schema file for attributes:(ie for defining for eg customer id).
  The name of the file is slapd.user_at.conf:-
  attribute customerid customerid-oid cis single
  attribute packageid packageid-oid cis single
  attribute receivedate receivedate-oid cis single
  attribute shipdate shipdate-oid cis single
  attribute shipperid shipperid-oid dn single
  attribute receiveid receiveid-oid dn single
  #Java Attributes
  # Schema for storing java objects and java object references
  attribute javaClassName 1.3.6.1.4.1.42.2.27.4.1.1 ces single
  attribute javaCodebase 1.3.6.1.4.1.42.2.27.4.1.6 ces
  attribute javaSerializedData 1.3.6.1.4.1.42.2.27.4.1.7 bin single
  attribute javaRemoteLocation 1.3.6.1.4.1.42.2.27.4.1.8 ces single
  attribute javaFactory 1.3.6.1.4.1.42.2.27.4.1.4 ces single
  attribute javaReferenceAddress 1.3.6.1.4.1.42.2.27.4.1.3 ces
  Here is Schema file for your own object classes:-
  The name of the file is Slapd.user_oc.conf:-
  In the similar way we assume that there are no "customer" class in the object classes
  defined in the LDAP, so we will have to create our own "customer" Object class.
  Also it extends inetOrgPerson to add some new attributes such as "customerid".
  The object class of an entry specifies what attributes are required and what
  attributes are allowed in a particular entry.
  Also for eg, Package classes in the object class is created.
  Here is the sample file for creating the above:-
  objectclass package
  oid package-oid
  superior top
  requires
  packageid,
  receiveid,
  shipdate,
  shipperid
  allows
  description,
  ou,
  receivedate
  objectclass customer
  oid customer-oid
  superior inetorgperson
  requires
  customerid
  allows
  c
  #JAVA Schema
  # Schema for storing java objects and java object references
  objectclass javaContainer
  oid 1.3.6.1.4.1.42.2.27.4.2.1
  superior top
  requires
  cn
  objectclass javaObject
  oid 1.3.6.1.4.1.42.2.27.4.2.4
  superior top
  requires
  javaClassName
  allows
  javaCodebase
  objectclass javaSerializedObject
  oid 1.3.6.1.4.1.42.2.27.4.2.5
  superior javaObject
  requires
  javaSerializedData
  objectclass javaRemoteObject
  oid 1.3.6.1.4.1.42.2.27.4.2.6
  superior javaObject
  requires
  javaRemoteLocation
  objectclass javaNamingReference
  oid 1.3.6.1.4.1.42.2.27.4.2.7
  superior javaObject
  requires
  javaReferenceAddress,
  javaFactory
  STEP 4: Loading the USER SCHEMA files in Directory Server:-
  All the attributes created above should be added to the corresponding directory server,
  in order to make it as a common attribute.
  Steps for adding the User Schema files to the Directory Server:-
  1. Copy the above user schema files to the appropriate instance of Netscape Directory Server
  created above so that the existing LDIF file which is used in the Netscape directory
  server is not appended or overwritten.
  2. For eg, put it in "NetscapeServer/slapd-HostName/config" to replace the empty
  files "slapd.user_at.conf" and "slapd.user_oc.conf" by default.
  3. Then restart the Directory Server.
  I hope this will help you.
  Thanks
  Bakrudeen
  Technical Support Engineer
  Sun MicroSystems Inc, India

• Generating Self Signed Certificate for iPlanet Directory Server for testing

  Hi Experts,
  I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
  Thanks in Advance,
  Kalyan

  Here's one I did earlier.
  Refers to Solaris 10
  SSL Security
  add a new certificate that lasts for ten years (120 months).
  stop the instance:
  dsadm stop <instance>
  Remove DS from smf control:
  dsadm disable-service <instance>
  Change Certificate Database Password:
  dsadm set-flags <instance> cert-pwd-prompt=on
       Choose the new certificate database password:
       Confirm the new certificate database password:
  Certificate database password successfully updated.
  Restart the instance from the dscc:
  DSCC -> start <instance>
  Now add a new Certificate which lasts for ten years (120 months; -v 120):
  `cd <instance_path>`
  `certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
       Enter Password or Pin for "NSS Certificate DB":
  Stop the Instance.
  On the DSCC Security -> Certificates tab:
       select option to "Do not Prompt for Password"
  Restart the instance.
  On the Security -> General tab, select the new certificate to use for ssl encryption
  Restart the instance
  Stop the instance
  Put DS back into smf control:
  dsadm enable-service <instance>
  Check the smf:
  svcs -a | grep ds
  # svcs -a|grep ds
  disabled Aug_16 svc:/application/sun/ds:default
  online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
  online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1

• Hi, I am using HP11 and iPlanet web server. When trying to upload files over HTTP using FORM ENCTYPE="multipart/form-data" that are bigger than a few Kilobytes i get a 408 error. (client timeout).

  Hi, I am using HP11 and iPlanet web server. When trying to upload files over HTTP using FORM ENCTYPE="multipart/form-data" that are bigger than a few Kilobytes i get a 408 error. (client timeout). It is as if the server has decided that the client has timed out during the file upload. The default setting is 30 seconds for AcceptTimeout in the magnus.conf file. This should be ample to get the file across, even increasing this to 2 minutes just produces the same error after 2 minutes. Any help appreciated. Apologies if this is not the correct forum for this, I couldn't see one for iPlanet and Web, many thanks, Kieran.

  Hi,
  You didnt mention which version of IWS. follow these steps.
  (1)Goto Web Server Administration Server, select the server you want to manage.
  (2)Select Preference >> Perfomance Tuning.
  (3)set HTTP Persistent Connection Timeout to your choice (eg 180 sec for three minutes)
  (4) Apply changes and restart the server.
  *Setting the timeout to a lower value, however, may    prevent the transfer of large files as timeout does not refer to the time that the connection has been idle. For example, if you are using a 2400 baud modem, and the request timeout is set to 180 seconds, then the maximum file size that can be transferred before   the connection is closed is 432000 bits (2400 multiplied by 180)
  Regards
  T.Raghulan
  [email protected]

• Question re how iPlanet Directory Server applies the Look Through Limit.

  I have a question on how iPlanet Directory Server applies the lookthrough limit...
  I am running an LDAP search on a 4.13 directory. The search filter is:
       "(&(rtrdaMaturityDate>=20020128)(rtrdaMaturityDate<=20020130))"
  rtrdaMaturityDate is an int, and indexed with pres,eq,sub
  There are 244680 entries where rtrdamaturityDate>=20020128
  383005 entries where rtrdaMaturityDate<=20020130
  484 entries which satisfy both conditions
  When the query is run as Directory Manager it just hangs (presumably it would complete eventually).
  When run as another user it gives a size limit error. The size limit and lookthrough limit on the directory are both 5000 . As the matching number of entries doesn't exceed the size limit, I think perhaps it is the lookthrough limit causing the problem...
  It looks as if it treats each part of the filter separately, building an candidate list for each, giving an error if both reach the look through limit. i.e. it does not realise that both parts of the filter could be treated together.
  Is this correct ?
  This theory is born out by the fact that if I change the value so the filter would logically return only the highest few values, the search works (i.e. as if the <= filter condition hit LTL, but the >= did not).
  Also, if I add another condition to give "(&(rtrdaIssuerBgNid=4403)(rtrdamaturityDate>=20020128)(rtrdaMaturityDate<=20020130))" then the search eventually correctly returns a single entry. (IssuerBgNid=4403 on its own gives 1004 entries).
  Can I therefore assume that a seach will only work if at least one condition in the filter gives a candidate list with less entries than the look through limit?
  Any advice on how to implement a range search like this would also be much appreciated.
  Thanks,
  Dave.

  The lookthrough limit is reached when the resulting candidate list contains more entries than the limit...
  Lookthrough limit has been implemented specifically to for Range filters (and OR filters) to avoid consuming too many resources.
  For your particular problem, you can increase the lookthrough limit... but it will affect all users and searches.
  Note that iPlanet Directory Server 5.x does provide a per User LookThrough Limit (and other limits as well), therefore you could just increase the lookthrough limit for the specific users performing these searches.
  Regards,
  Ludovic.

• Store Print & File Server on iPlanet Directory Server?

  I've a NT 4.0 server which I'm using as both a Print & File Server. Would I be able to use iPlanet Directory Server to do the same thing?
  If I can, please explain how? or direct me to where I can know how?
  If it can't be done, is there any other way(s) I can do it?
  Thanks!

  I don't understand. iDS is not a file and print server, it is a user data and user authentication server. Do you want to use iDS for your user authentication for file and print services instead of NT 4 domains? I don't think this is possible. What is possible is using iDS as your primary data store, and using iPlanet Meta Directory to sync changes from iDS to the NT 4 domain.