SOLVED Setting up LDAP server.

Similar Messages

• Need help setting up LDAP server for Address Book

  I've set up Panther servers before for AFP which is pretty simple but now the office I work at wants me to setup an LDAP server so they can share the same contact information, probably about 2,000+ entries. I'm guessing that this will have to be entered in the LDAP server entry by entry.
  I need to know how to setup the server and what settings need to be on the clients' computers, such as in Address Book.
  The server is an older G4 tower and I've got 8 computers hooked up to it on a simple network. I don't think I'll need to make the LDAP server accessible from outside the network but it's something I'll have to worry about for the future.
  Thanks for any help you can offer.

  bump

• Setting up LDAP Server to lookup Connection Factories using JNDI

  Can someone let me know how to setup LDAP server within 10G to lookup connection factories using JNDI?
  I read through the Advanced Queuing User Guide and Reference document where this is mentioned and it says use the Database Configuration Assistant to do this but I could not find how.
  When I install 10G is LDAP server automatically setup? How do I get to it?
  Thanks

  That is correct. I was indeed able to use the app server (10g) to give the LDAP user permission to access the objects, then used sql commands to register the objects inside the LDAP.
  However, I am finding NOTHING about actually creating a unique connection factory that can be registered in the LDAP. I find reference to registering Queues/Topics/Factories inside the LDAP, but nothing about actually creating the factories.
  In fact, here
  http://download.oracle.com/docs/cd/B28359_01/server.111/b28420/aq_envir.htm#sthref409
  it's listed that you cannot use sql to create a connectionfactory... not to mention the create java commands for factories look strikingly similar to the queue/topic GET commands, and not the create commands. You can add an alias for that factory using sql, but can't actually create the factory using sql... ???

• How to change LDAP server setting in Access Manager 6.2

  Hi,
  We have initially set authentication as a SunONE Directory Server 5.1 (master DS1) in Sun Java System Access Manager 6.2. In both /etc/opt/SUNWam/config/serverconfig.xml
  /etc/opt/SUNWam/config/AMConfig.properties
  conf files, DS1 was set initially. Also on console's Service Configuration ->LDAP->Primary LDAP Server was set as "DS1"
  Now the problem is that I am not able to change the DS1 to the other master "DS2". I set DS2 in both above conf files and also the Service Configuration page as Primary LDAP Server. I restarted the server. When I stopped the DS1, I couldn't login access manager console with any user. It looks like it is still trying to get authentication from DS1.
  Does anybody know what I am missing here?
  Regards,

  After hopeless tries, I finally made it work;) The trick was actually updating the sunKeyValue attribute of the entry:
  "dn:ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMAuthLDAPService,ou=ser
  vices,dc=company,dc=com" in one of the master DS I have.
  Even though I set DS2 and loadBalancer hosts in all conf files and in Primary LDAP conf in amconsole's Service Configuration, it just didn't work until I inserted loadBalancer host in sunKeyValue attribute.
  Hope it helps to someone....
  -Bora

• Set or sign up at a LDAP Server

  Hi all,
  first off a happy new year to all readers - I´m just setting up a network with FileMaker Server and inside my network at home everything is going OK. In order to connect to the FileMaker Server - which is on my home G4 without steady IP - but I have internet address which constantly watches the changes and therefore is fixed - I have to sign up at a LDAP Server. Is that possible from inside my computer with 10.4.8. - can I be myself the LDAP server or do I need anything else? Can somebody maybe guide me to a page with a link?
  Thanks in advance - Christoph
  MDD G4 DP876   Mac OS X (10.4.8)  

  Hi Christoph,
  Best I can find is this...
  http://www.padl.com/Articles/AdvancedOpenDirectoryConf.html
  But also of interest may be...
  http://www.udel.edu/topics/e-mail/macosxmail/index.html#TigerLDAP
  http://docs.info.apple.com/article.html?artnum=32478
  http://www.macosxhints.com/article.php?story=20040111075453713

• Terminal Command to set LDAP server

  How do I do it? I want to save it as a template in ARD3 to blast out to our clients.

  Nick, I'm not sure what your original post was asking, but if you're just trying to figure out how to set up a LDAP server, you might want to search the forum and see if you can find a thread I started (and Gary contributed to) on LDAP several months ago.
  The bottom line was that you can more or less follow the recipe in the first few chapters in O'Reilly's LDAP book (Amazon or Barnes & Noble will have it). It's not Mac-specific (so doesn't tell you about using NetInfo) -- but the book explains how to install Berkeley DB to set up the database. Pretty much any free articles I found about LDAP were of no help (and in fact served to confuse me rather badly -- that's not hard to do in general, however).
  There are some utilities out there for exporting from Mac's address book for easy importing to LDAP. And there are also a few GUI apps for manually entering data. And there's phpLDAPadmin. You'll have to use google to track those down.
  And the REAL bottom line was that LDAP disappointed me. I wanted a universally-accessible editable universal address book for myself (I use Outlook, Thunderbird, Mail.app, SquirrelMail, Address Book, etc etc) -- LDAP provides something kind of half-baked and uneditable from any of those programs, so it didn't serve my purposes. (Though yours may be different!)
  (And I suppose I shouldn't blame LDAP alone. Those clients could include LDAP editing if the developers wanted it, I suppose. LDAP, however, is designed as a read-often write-infrequently system -- so maybe my expectations were ill placed to begin with.)

• [Solved] Setting Security Provider to LDAP during Deployment

  Hi,
  One of our developers has created an ant script that deploys our application to an Oracle Application Server. Our application requires users to be authenticated via OID, and so we modify the security provider accordingly amd restart the application.
  However, everytime we redeploy the application, the security provider is always "reset" to File Based Authentication. Is there a way in ant or in some other else to set the security provider to LDAP so we don't have to keep changing the security provider and bouncing application whenever we redeploy?
  We've tried creating an orion-application.xml file already with jazn entry set to LDAP. What happens is that this file gets included in the ear file, but when it is deployed, it is placed in the OC4J_HOME/applications/myapp/META-INF directory instead of the OC4J_HOME/application-deployments/myapp directory, which is where the proprietary application deployment descriptor should go.
  Is there something we're missing?
  Cheers,
  Rey

  Hi Thanassis,
  I figured out how to deploy using ant with LDAP as security provider! It's a bit of work though.
  1. Create application.xml because application needs to be deployed as an ear file.
  2. Create orion-application.xml because this will contain the entry of using LDAP instead of xml.
  3. Create a Deployment Plan. This is done in JDeveloper by creating a WAR Deployment Profile, then right clicking it and deploying to an Oracle Application Server. Before actual deployment, JDeveloper will show a dialog for the Deployment Plan. Save the file, and cancel the deployment. You can view the contents of the file in JDeveloper. Make sure the line <jazn provider="LDAP"> exists; otherwise, there was something wrong with the orion-application.xml file.
  4. I edited the Deployment Plan and removed the line for data-sources.xml because I don't want to include one. You can create one alterantively if you don't want to remove this line.
  5. Finally, in the ANT script, add some lines to generate the ear file. Then in the oracle:deploy tag, make sure you use the deploymentplan attribute, and set it to the deployment plan you saved in step 3.
  That's it! Works beautifully!
  Cheers,
  Rey

• How to connect a LDAP Server?

  When creating the LDAP Data Server in Topology Manager using the Sunopsis LDAP Open Connector, the following message is displayed:
  "A NamingException occured saying: [LDAP: error code 49 - Invalid Credentials]"
  I use the sunopsis JDBC driver:
  com.sunopsis.ldap.jdbc.driver.SnpsLdapDriver
  and set the parameters:
  jdbc:snps:ldap?ldap_url=ldap://10.182.255.38:389/&ldap_basedn=cn=Users,dc=cn,dc=oracle,dc=com
  the user is set to:
  cn=orcladmin,cn=Users,dc=cn,dc=oracle,dc=com OR cn=orcladmin OR orcladmin, the error is the same.
  Could anyone tell me how to solve this issue?

  I can't connect to the ldap server.
  Using a simple java program, no problem, ODI, no go.
  Some code I found on the internet to connect to the ldap server
  Note the comments on SECURITY_PRINCIPAL and SECURITY_CREDENTIALS.
  This works fine for me.
  If I try to do the same with ODI, it doesn't work.
  Why?
  Kinde regards,
  Frans.
  public static void main( String[] args ) {
  // set up environment to access the server
  Properties env = new Properties();
  env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
  env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" + rootContext);
  //env.put( Context.SECURITY_PRINCIPAL, rootdn );
  //env.put( Context.SECURITY_CREDENTIALS, rootpass );
  try {
  // obtain initial directory context using the environment
  DirContext ctx = new InitialDirContext( env );
  // now, create the root context, which is just a subcontext
  // of this initial directory context.
  //ctx.createSubcontext( rootContext );
  Attributes attr = ctx.getAttributes("");
  NamingEnumeration allAttr = attr.getAll();
  while (allAttr.hasMore()) {
  Attribute a = (Attribute)allAttr.next();
  System.out.println("attr: " + a.getID());
  NamingEnumeration values = attr.getAll();
  while (values.hasMore()) {
  System.out.println("value: " + values.next());
  catch ( NameAlreadyBoundException nabe ) {
  System.err.println( rootContext + " has already been bound!" );
  catch ( Exception e ) {
  System.err.println( e );
  }

• Problem instaliing sun one LDAP server on windows server 2008 r2

  Hi all ,
  I am trying to install Ldap server (Sun ONE Directory Server) on windows server 2008
  I am using apache-tomcat-7.0.28 and java jdk1.7.0_05
  I am following this manual for installing :
  https://blogs.oracle.com/marginNotes/entry/installing_directory_server_enterprise_edition1
  I have a problem with the cacao agent and how to install it .
  I've got this error message :
  c:\Program Files\Sun\dsee7\bin>dsccsetup cacao-reg
  Configuring Cacao...
  ## Failed to run "c:/Program Files/Sun/dsee7/ext/cacao_2/bin/cacaoadm.bat" set-
  aram "jdmk-home=c:/Program Files/Sun/dsee7/lib/private"
  #### Cannot create service for instance: [cacao.instance.name].
  #### Cannot perform firstime inialisation and configuration.
  ## Exit code is 1
  Failed to configure Cacao.
  I stuck and with no other solutions . I hope if you could to help with this issue .
  i will glad to know if there is any other ways to install this specific Ldap server ,
  Thanks,
  Alon

  You most likely skipped the step of starting the installed server prior to trying to access admin URL. Please check this document:
  http://docs.sun.com/source/817-1830-10/win.html
  Relevant section is:
  You can start the Administration Server in either of the following ways:
  # Select Start Menu -> Programs -> Sun ONE Web Server, and choose Start Web Server Administration Server.
  # From the Control Panel�s Services item.
  HTH...

• Getting HTTP 500 Error When Trying To Authenticate Against LDAP Server (Active Directory)

  Hello,
  I am currently facing an issue when I try and use LDAP authentication in my Apex application as I am getting a HTTP 500 Internal Server Error message. For my authentication scheme I have used the pre-configured option of how to connect to an LDAP server and in my development environment this seems to be working fine but now I have deployed my application to our staging environment and I am getting the error. If I switch to the Application Express Authentication scheme then I don't get the error.
  I've had a look at the log file on the server and I see I am getting this error:
  [#|2015-03-31T16:19:11.254+0100|SEVERE|glassfish3.1.2|null|_ThreadID=21;_ThreadName=Thread-2;|JDBCException [kind=UNAVAILABLE]
      at oracle.dbtools.common.jdbc.JDBCException.wrap(JDBCException.java:99)
      at oracle.dbtools.common.config.db.DatabaseConfig.getConnection(DatabaseConfig.java:81)
      at oracle.dbtools.common.jdbc.ora.OraPrincipal.connection(OraPrincipal.java:69)
      at oracle.dbtools.apex.ModApexContext.getConnection(ModApexContext.java:372)
      at oracle.dbtools.apex.OWA.getStatement(OWA.java:536)
      at oracle.dbtools.apex.OWA.init(OWA.java:308)
      at oracle.dbtools.apex.ModApex.doPost(ModApex.java:138)
      at oracle.dbtools.apex.ModApex.service(ModApex.java:303)
      at oracle.dbtools.rt.web.HttpEndpointBase.modApex(HttpEndpointBase.java:347)
      at oracle.dbtools.rt.web.HttpEndpointBase.service(HttpEndpointBase.java:130)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
      at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1550)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
      at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
      at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
      at com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
      at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
      at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860)
      at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757)
      at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056)
      at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)
      at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
      at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
      at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
      at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
      at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
      at java.lang.Thread.run(Thread.java:662)
  Caused by: java.sql.SQLException: Exception occurred while getting connection: oracle.ucp.UniversalConnectionPoolException: All connections in the Universal Connection Pool are in use
      at oracle.ucp.util.UCPErrorHandler.newSQLException(UCPErrorHandler.java:488)
      at oracle.ucp.util.UCPErrorHandler.throwSQLException(UCPErrorHandler.java:163)
      at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:928)
      at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:863)
      at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:855)
      at oracle.dbtools.common.config.db.DatabaseConfig.getConnection(DatabaseConfig.java:71)
      ... 33 more
  Caused by: oracle.ucp.UniversalConnectionPoolException: All connections in the Universal Connection Pool are in use
      at oracle.ucp.util.UCPErrorHandler.newUniversalConnectionPoolException(UCPErrorHandler.java:368)
      at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:49)
      at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:80)
      at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:131)
      at oracle.ucp.common.UniversalConnectionPoolImpl.borrowConnectionWithoutCountingRequests(UniversalConnectionPoolImpl.java:279)
      at oracle.ucp.common.UniversalConnectionPoolImpl.borrowConnection(UniversalConnectionPoolImpl.java:142)
      at oracle.ucp.jdbc.JDBCConnectionPool.borrowConnection(JDBCConnectionPool.java:157)
      at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:916)
      ... 36 more
  So it seems that every time I try and use LDAP I hit this error. Also after awhile I have to re-start the Apex Listener for that domain. I have came across this thread: LDAP Authentication Question but I am not sure if the user got the problem solved or not.
  Our infrastructure is as follows:
  Database: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit
  Apex Listener: 2.0.3.221.10.13
  GlassFish Server Open Source Edition 3.1.2.2 (build 5)
  If anybody has any idea what is causing this that would be great.
  Cheers,
  Paul.

  Hi Colm,
  Thanks for getting back to me on this. I have downloaded and created a new ORDS server with 2.0.10 and while I don't get the error:
  Exception occurred while getting connection: oracle.ucp.UniversalConnectionPoolException: All connections in the Universal Connection Pool are in use 
  I am now getting the following (I have turned on the logging)
  No more data to read from socket java.sql.SQLRecoverableException: No more data to read from socket
  at oracle.jdbc.driver.T4CMAREngine.unmarshalUB1(T4CMAREngine.java:1157) at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:345)
  at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:223) at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:531)
  at oracle.jdbc.driver.T4CCallableStatement.doOall8(T4CCallableStatement.java:205)
  at oracle.jdbc.driver.T4CCallableStatement.executeForRows(T4CCallableStatement.java:1043)
  at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1336)
  at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3612)
  at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:3713)
  at oracle.jdbc.driver.OracleCallableStatement.execute(OracleCallableStatement.java:4755)
  at oracle.jdbc.driver.OraclePreparedStatementWrapper.execute(OraclePreparedStatementWrapper.java:1378)
  at sun.reflect.GeneratedMethodAccessor1991.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at oracle.ucp.jdbc.proxy.StatementProxyFactory.invoke(StatementProxyFactory.java:230)
  at oracle.ucp.jdbc.proxy.PreparedStatementProxyFactory.invoke(PreparedStatementProxyFactory.java:124)
  at oracle.ucp.jdbc.proxy.CallableStatementProxyFactory.invoke(CallableStatementProxyFactory.java:101)
  at $Proxy432.execute(Unknown Source) at oracle.dbtools.apex.OWA.execute(OWA.java:145)
  at oracle.dbtools.apex.ModApex.handleRequest(ModApex.java:201)
  at oracle.dbtools.apex.ModApex.doPost(ModApex.java:152)
  at oracle.dbtools.apex.ModApex.service(ModApex.java:303)
  at oracle.dbtools.rt.web.HttpEndpointBase.modApex(HttpEndpointBase.java:350)
  at oracle.dbtools.rt.web.HttpEndpointBase.service(HttpEndpointBase.java:132)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
  at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1550)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
  at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
  at com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
  at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
  at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860)
  at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757)
  at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056)
  at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)
  at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
  at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
  at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
  at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
  at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
  at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
  at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
  at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
  at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
  at java.lang.Thread.run(Thread.java:662)    
  I cant see anything glaring that is causing this. I have also increased the Minimum Connections to 30 and Maximum Connections to 100 with the administration part of Configuring ORDS via SQL Developer and it still has no desired effect.
  The application works fine in our Development and Testing Environment but since I have ported it over to our production instance I am unable to log into it using my Active Directory credentials.
  Cheers,
  Paul.

• How can portal use two different LDAP Server in UME

  Hi,
  My question is Can UME in portal be configured for multiple LDAP sources.Currently i have a setting in portal
  as follows:
  Server Name : Abcd
  port : 1234
  user : CN=" ",Ou=" ",Ou=" ",Dc=AD,Dc=my company,Dc=com
  password :
  user path : DC=AD,Dc=My company,Dc=Com
  group Path : same as user path
  I want to configure one more LDAP server to my portal UME,how can give values for that in above sttings.I even want these current settings to be enabled.
  Do anyone have idea on this.
  Thanks and Regards
  Rani A

  Hi again ,
  I know it can be done. But how urgent is this for you.
  I can get back to you in couple of days, me lil busy today.
  cheers,
  Anu...

• Can an LDAP server be it's own client?

  In short yes, why would you want to do this? Many reasons, but mine is to be able to use ldap on laptops running Solaris and have them log into the machine with ldap credentials off the network. When we plug them back onto the network, I have a master server send any new data via one-way replication. I will give 2 separate ways to accomplish this. One is, to put it bluntly, a dirty hack to get it working. The second is much more elegant and it's the one I have stressed tested to verify that it works.
  Disclaimer: I have only used these methods on Solaris10 update 3 with Trusted Extensions using directory server 5.2 as well as the administration server. I have used a few different kinds of machines (all x86) and have not had a problem with it. I do not know if it will work on any other version or hardware. I haven't even looked at the source code, all assumptions made here are from observing the systems behavior while making minor changes.
  Now, the reasons why normally you can't be your own client (at least as far as I can tell) is because of the way the system boots and the dependencies that the ldap/client service needs to start up. If you boot a machine that is it's own client and ldap/client runs before the directory server starts, of course it will fail. The system boots the services first, then legacy init scripts. Directory Server 5.2 uses init scripts. Correct me if I am wrong, but that is the only real hurdle in your way.
  So the first way to get it 'working' (dirty hack) is to delay the ldap/client smf service from starting until the directory server is started. After you become a client of yourself (in this case the global zone) disable the ldap/client serrvice.
  svcadm disable ldap/clientThen enable it temporarily with the -t option
  svcadm enable -t ldap/clientWell if you were to reboot now it would not work because the service would not start at boot because it is set to be administratively down. Edit the S72directory script in /etc/rc2.d and after the start commands just add the svcadm enable -t ldap/client command and it will load right after directory server starts. Will this work? Yes, is it a clean way to do it? NO. I used this method just for testing the theory that the only reason I could not be my own client was because of the booting issue.
  Now the best way that I can see to accomplish this is to create your own smf services for the directory server and admin server. That way all you have to do is add a dependency to the ldap/client xml file to wait until the new directory server service is started before it starts. So in /var/svc/manifest/site create a folder called ldap (I put this in site because I didn't want to run into any issues of patching). In /var/svc/manifest/site/ldap/ create two xml files named:
  quick note: These are the first services I have created. There may be a much better way to make them. If you can re-code it better, please let me know so I can look at them. Also there is no restart command in here (actually I just noticed that) so adding one of those would be wise.
  ds_admin.xml and directory_server.xml.
  ds_admin.xml contains<?xml version="1.0"?>
  <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
  <!--
       Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
       Use is subject to license terms.
       ident     "@(#)client.xml     1.4     04/12/09 SMI"
       NOTE:  This service manifest is editable; its contents will not
       be overwritten by package or patch operations, including
       operating system upgrade.
  -->
  <service_bundle type='manifest' name='SUNWdsadmin:dsadmin'>
  <service
       name='site/ldap/ds_admin'
       type='service'
       version='1'>
       <create_default_instance enabled='false' />
       <single_instance />
       <dependency
           name='fs'
           grouping='require_all'
           restart_on='none'
           type='service'>
            <service_fmri value='svc:/system/filesystem/minimal' />
       </dependency>
       <dependency
           name='net'
           grouping='require_all'
           restart_on='none'
           type='service'>
            <service_fmri value='svc:/network/initial' />
       </dependency>
       <exec_method
           type='method'
           name='start'
           exec='/lib/svc/method/ds_admin start'
           timeout_seconds='120' >
            <method_context>
                 <method_credential user='root' group='sys' />
            </method_context>
       </exec_method>
       <exec_method
           type='method'
           name='stop'
           exec='/lib/svc/method/ds_admin stop'
           timeout_seconds='60' >
            <method_context>
                 <method_credential user='root' group='sys' />
            </method_context>
       </exec_method>
       <stability value='Unstable' />
       <template>
            <common_name>
                 <loctext xml:lang='C'>
                 LDAP Admin server      
                 </loctext>
            </common_name>
            <description>
                 <loctext xml:lang='C'>
  LDAP admin server
  Information Service lookups
                 </loctext>
            </description>
       </template>
  </service>
  </service_bundle>and directory_server.xml contains:
  <?xml version="1.0"?>
  <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
  <!--
       Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
       Use is subject to license terms.
       ident     "@(#)client.xml     1.4     04/12/09 SMI"
       NOTE:  This service manifest is editable; its contents will not
       be overwritten by package or patch operations, including
       operating system upgrade.
  -->
  <service_bundle type='manifest' name='SUNWds:ds'>
  <service
       name='site/ldap/directory_server'
       type='service'
       version='1'>
       <create_default_instance enabled='false' />
       <single_instance />
       <dependency
           name='usr'
           grouping='require_all'
           restart_on='none'
           type='service'>
            <service_fmri value='svc:/system/filesystem/minimal' />
       </dependency>
       <dependency
           name='net'
           grouping='require_all'
           restart_on='none'
           type='service'>
            <service_fmri value='svc:/network/initial' />
       </dependency>
    <dependency
              name='ds_admin'
              grouping='require_all'
              restart_on='none'
              type='service'>
                  <service_fmri
                      value='svc:/site/ldap/ds_admin' />
       </dependency>
       <exec_method
           type='method'
           name='start'
           exec='/lib/svc/method/directory_server start'
           timeout_seconds='120' >
            <method_context>
                 <method_credential user='root' group='sys' />
            </method_context>
       </exec_method>
       <exec_method
           type='method'
           name='stop'
           exec='/lib/svc/method/directory_server stop'
           timeout_seconds='60' >
            <method_context>
                 <method_credential user='root' group='sys' />
            </method_context>
       </exec_method>
       <stability value='Unstable' />
       <template>
            <common_name>
                 <loctext xml:lang='C'>
                 LDAP directory server      
                 </loctext>
            </common_name>
            <description>
                 <loctext xml:lang='C'>
  LDAP directory server
  Information Service lookups
                 </loctext>
            </description>
       </template>
  </service>
  </service_bundle>Now the start/stop scripts will be located in /lib/svc/method and are as followed:
  ds_admin
  #!/sbin/sh
  case "$1" in
       start)
            /usr/sbin/directoryserver start-admin
       stop)
            /usr/sbin/directoryserver stop-admin
            echo "Usage: $0 { start | stop }"
            exit 1
  esac
  exit 0simple yes.
  directory_server
  #!/sbin/sh
  HOST_NAME=`hostname`
  SERVER_ROOT=/var/opt/mps/serverroot
  DIRECTORY_SERVER_INSTANCE=slapd-${HOST_NAME}
  case "$1" in
       start)
            ${SERVER_ROOT}/${DIRECTORY_SERVER_INSTANCE}/start-slapd
       stop)
            ${SERVER_ROOT}/${DIRECTORY_SERVER_INSTANCE}/stop-slapd
            echo "Usage: $0 { start | stop }"
            exit 1
  esac
  exit 0The only thing left to do is modify the ldap/client smf file to wait until the directory server starts before it loads.
  So edit /var/svc/manifest/network/ldap/client.xml and right before the dependency for for /var/ldap/ldap_client_file add this
  <dependency
              name='directory_server'
              grouping='require_all'
              restart_on='none'
              type='service'>
                  <service_fmri
                          value='svc:/site/ldap/directory_server' />
          </dependency>
  Any changes made to the /ldap/client xml file must be made after ALL zones have been installed. If this file is copied to a zone it will never work as the directory_server service is not loaded in the zones.
  Now what? You must remove the legacy init scripts in /etc/rc2.d. Those would be S72directory and S73mpsadm. No need to keep them around, alternatively, you can just change the capital 'S' to lower case and they want start.
  You can now either use svccfg to validate and import the new services or you can reboot. Typically, I reboot and use the '-m verbose' option on boot to watch the services for any errors. I haven't had any lately but on different systems I always watch to see if it behaves different.
  That's it. I have rebooted all the machines many, many times without error. This of course does not address loading the directory server or adding users, tnrhdb file, etc... We have scripted most of loading out and once we get some error correction coded in I will post them.
  Also, if you find any errors or even a better way to accomplish this, please post it.

  This restriction is only in terms of implementing the Solaris support for LDAP as a naming service. If the Solaris OS is configured to use LDAP as a naming service, it can't use a LDAP server running on the same host.
  The reason is that the LDAP server makes naming service calls before it gets fully started up. If the OS wants to use the LDAP server for the naming service, then a deadlock happens, where the LDAP server's gethostbyname() call can't complete because the LDAP server isn't up.
  It is possible to configure the Solaris naming resolution to avoid this problem. I've got a system set up this way myself. Regardless, the official support channels won't support a system set up this way, so if you do this you do it at your own risk.

• Error in authentication with ldap server with certificate

  Hi,
  i have a problem in authentication with ldap server with certificate.
  here i am using java API to authenticate.
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
  I issued the new certificate which is having the up to 5 years valid time.
  is java will authenticate up to one year only?
  Can any body help on this issue...
  Regards
  Ranga

  sorry i am gettting ythe same error
  javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
  here when i am using the old certificate and changing the system date means i can get the authentication.
  can you tell where we can concentrate and solve the issue..
  where is the issue
  1. need to check with the ldap server only
  2. problem in java code only.
  thanks in advance

• "untrusted server cert chain" exception while connecting LDAP server

  While connecting to LDAP server using JNDI over JSSE ..This is happening when trying to get the initial context
  using
  InitialDirContext initContext = new InitialDirContext(env);
  where env is a hash table set with the default parametes.The certificate used for is a Novell CA certificate converted to X509 format and the key store is initialized with this

  This got resolved when in the code the following
  System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
  where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
  in X509 format

• Unable to Retrieve Attributes from LDAP Server

  I have a problem. I was wondering if anyone can assist me. I am new to LDAP servers and JNDI. I cannot retrieve any attributes from the users listed in my data entry. Any assistance would be greatly appreciated! Thanks.
  I created an entry in the LDAP server that looks like this:
  �o=somedn�
  |
  �ou=people, o=somedn�
  The �ou=people, o=somedn� entry contains fictitious users. The LDAP server is connected to a MySQL database. When I write Java code to read the attributes of a given user whose fullname (cn) is �Vinny Luigi�, as listed in the database, I receive an error that starts with the following:
  javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=Vinny Luigi,ou=people'
  The code I used is based on the Sun JNDI tutorial. Sun�s code is at http://java.sun.com/products/jndi/tutorial/basics/directory/src/GetattrsAll.java. My version of the code is below:
  * @(#)GetattrsAll.java     1.5 00/04/28
  * Copyright 1997, 1998, 1999 Sun Microsystems, Inc. All Rights
  * Reserved.
  * Sun grants you ("Licensee") a non-exclusive, royalty free,
  * license to use, modify and redistribute this software in source and
  * binary code form, provided that i) this copyright notice and license
  * appear on all copies of the software; and ii) Licensee does not
  * utilize the software in a manner which is disparaging to Sun.
  * This software is provided "AS IS," without a warranty of any
  * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
  * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
  * HEREBY EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE
  * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING,
  * MODIFYING OR DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN
  * NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
  * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL,
  * CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
  * CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT
  * OF THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS
  * BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  * This software is not designed or intended for use in on-line
  * control of aircraft, air traffic, aircraft navigation or aircraft
  * communications; or in the design, construction, operation or
  * maintenance of any nuclear facility. Licensee represents and warrants
  * that it will not use or redistribute the Software for such purposes.
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.Hashtable;
  * Demonstrates how to retrieve all attributes of a named object.
  * usage: java GetattrsAll
  class GetattrsAll
       static void printAttrs(Attributes attrs)
            if (attrs == null)
                 System.out.println("No attributes");
            else
                 /* Print each attribute */
                 try
                      for (NamingEnumeration ae = attrs.getAll(); ae.hasMore();)
                           Attribute attr = (Attribute) ae.next();
                           System.out.println("attribute: " + attr.getID());
                           /* print each value */
                           for (NamingEnumeration e = attr.getAll(); e.hasMore(); System.out.println("value: " + e.next()) )
                 } catch (NamingException e) {
                      e.printStackTrace();
       public static void main(String[] args) {
            // Set up the environment for creating the initial context
            Hashtable env = new Hashtable(100);
            env.put(Context.INITIAL_CONTEXT_FACTORY,
                      "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, "ldap://localhost:10389/o=somedn");
            try {
                 // Create the initial context
                 DirContext ctx = new InitialDirContext(env);
                 // Get all the attributes of named object
                 System.out.println("About to use ctx.getAttributes()");
                 Attributes answer = ctx.getAttributes("cn=Vinny Luigi,ou=people");
                 // Print the answer
                 printAttrs(answer);
                 // Close the context when we're done
                 ctx.close();
            } catch (Exception e) {
                 e.printStackTrace();
  The primary key of the database is id_pk. Below is a copy of the mapping.xml file which maps the LDAP server entry to the database:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE mapping PUBLIC "-//Penrose/DTD Mapping 1.2//EN" "http://penrose.safehaus.org/dtd/mapping.dtd">
  <mapping>
  <entry dn="o=somedn">
  <oc>organization</oc>
  <oc>top</oc>
  <at name="o" rdn="true">
  <constant>somedn</constant>
  </at>
  <aci>
  <permission>rs</permission>
  </aci>
  </entry>
  <entry dn="ou=people,o=somedn">
  <oc>inetOrgPerson</oc>
  <oc>organizationalPerson</oc>
  <oc>organizationalUnit</oc>
  <oc>person</oc>
  <oc>top</oc>
  <at name="cn">
  <constant>"fullname"</constant>
  </at>
  <at name="ou" rdn="true">
  <constant>people</constant>
  </at>
  <at name="sn">
  <constant>"lastname"</constant>
  </at>
  </entry>
  <entry dn="id_pk=...,ou=people,o=somedn">
  <oc>inetOrgPerson</oc>
  <oc>organizationalPerson</oc>
  <oc>person</oc>
  <oc>top</oc>
  <at name="Position_">
  <variable>usertable9.Position_</variable>
  </at>
  <at name="id_pk" rdn="true">
  <variable>usertable9.id_pk</variable>
  </at>
  <at name="fullname">
  <variable>usertable9.fullname</variable>
  </at>
  <at name="lastname">
  <variable>usertable9.lastname</variable>
  </at>
  <at name="cn">
  <variable>usertable9.fullname</variable>
  </at>
  <at name="sn">
  <variable>usertable9.lastname</variable>
  </at>
  <source name="usertable9">
  <source-name>usertable9</source-name>
  <field name="Position_">
  <variable>Position_</variable>
  </field>
  <field name="id_pk">
  <variable>id_pk</variable>
  </field>
  <field name="fullname">
  <variable>cn</variable>
  </field>
  <field name="lastname">
  <variable>sn</variable>
  </field>
  </source>
  </entry>
  </mapping>
  Thanks.

  The complete name (Distinguished Name) of the user you're searching is 'cn=Vinny Luigi,ou=people,o=somedn'.
  Regards,
  Ludovic.