Sun Directory and Samba

Similar Messages

• Active Directory and Samba issues

  When I updated a few of the computers here at work to Leopard, I tried mounting some authenticated samba shares here at work, and they worked just fine. However, with other users, it denies their password, and then re-prompts for the password, despite said password being correct. It doesn't appear to be related to administrator permission on the domain, either, because it denies me when I change my permissions to only have access to specific machines, instead of 'all computers'
  If you need any further information, I would be happy to give it.

  Hi
  I confess I don't know if this is in any way helpful or relevant but I do know changes have been made in Leopard viz Samba since you can no longer setup a Windows Printer via Samba in the GUI as you have previously been able to do. You can do it in CUPS but this isn't for all types of users. Thus I don't know if this has any bearing on your problem but it may help to look for more general based samba support changes.
  cheers

• Sun Directory Server role support?

  I would like to set up roles in the sun directory and use the identity manager in the future. Does identity manager support the role mechanism used by Sun directory server 5.2 and above? Are there any inconsistencies that I should be aware of?
  Also, AFIAK Active Directory does not support multi-valued DN's as attribute values. If I use identity manager to sync Sun DS with AD will user entries with multiple Sun DS roles become a problem?

  We are in intial stages of design. Yes that was the goal to take the roles from Sun DS and use them in AD by way of identity manager. I am new to identity manager, so there may be a mapping instead of a direct push.
  The Sun DS roles are operational attributes and I am not sure how identity manager sees them or supports them. I guess if it can see tham then it can map them to anything.

• Sun Directory Server and OID Synchronization

  I'm having a problem with synchronizing OID with our existing Sun Directory Server. This is a one way synchronization, using Sun DS as the source, and OID as the destination. I've successfully installed OID with SSL enabled (this is part of an Oracle Portal installation), and followed what docs I could find. I created an integration profile based off the iPlanet Import profile, and imported a custom mapping profile based off a differing DIT naming convention (o=company.com vs dc=company,dc=com). I have applied an ACI that should allow the synchronization profile user to update entries on the OID side, and a user in Sun DS that has access to the appropriate areas on that side. I was able to successfully bootstrap and import all of our users, and it was also able modify the last changelog number.
  Having said all of that, incremental changes aren't propagating to OID. I'm not sure where to look or what steps to take to troubleshoot this, as I'm brand new to OID. There's an agent execution command that is blank in the integration profile, but according to what I've found that's the default and is acceptable.
  Am I missing a step here? According to the docs, all I need to do is enable the profile, and away it goes.
  One last thing I had to do to overcome an issue with the changelog number not updating was adding our internal root ca's certificate to the local JVM's cacerts file. I accomplished this with the keytool command, and it seemed to work fine. I'm unsure if it's the SSL config that is hosed and is causing this, or if it's a configuration parameter I'm missing.. but I don't have anywhere to start as far as troubleshooting is concerned.

  On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
  You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
  - Brian

• Mac Open Directory and Sun Java DS

  We have Mac Open Directory Servers running on OSX 10.4.x domain. I am thinking about moving this domain by implementing Sun Identity Management solution. However, I am not able to find the Mac Open Directory in the IDM Supported standards. My Sun Directory Server synchronizes with the Windows AD using IDSYNC but I am not sure how a similar environment can be implemented for Open Directory. Is there a product from Sun for synchronizing accounts with Open Directory from the Sun Java DS?

  Mac Open Directory supports the LDAPv3 protocol so you could use Sun IdM's LDAP adapter to manage entries in Mac OD. I would probably set up Sun IdM to perform the synchronization. You configuration would depend on what source was authoritative.
  The tough thing is that Active Sync would probably not work for Mac OD so automatically doing a synchronization based on updates in the Mac OD would not be feasible unless you created and Active Sync adapter. If done it before. It's not too difficult.

• Sun Directory Server as Primary Domain Controller.

  Hello,
  I've recently installed Sun Directory Server, Access Manager, and DSEE Identity Manager, on CentOS 5.2, with success, but my question is:
  Can I use this directory as a primary domain controller for my network, I want to know if it is possible to integrate this directory in the same way that Active Directory works, I mean connecting Windows computers to the DC with some kind of connector (because windows won't connect to another directory than AD natively). I know that there are some MSGina replacements, like pgina, but I'm looking for some serious solution, especially for computers running Windows Vista.
  Thanks in advance.

  Hi,
  thanks for your answer, but.. there is a way to configure the DSEE to be like a native 2000/2003 Active Directory?, I mean, connecting directly to the DSEE without using Samba, I know that is possible to use that solution, but you lose some functionality.
  I've been trying to do some research about the topic, like modifying the bind DNS to act like a AD DNS, and it works at a certain grade, windows xp detects the SVR records but when it tries to connect to the directory it fails giving me an error telling that the DC isn't available. It will be great to make such environment, Windows XP / Vista connected to DSEE without third party software.
  Any comment would be greatly appreciated.
  Thanks.

• DS 6.x posix and samba objectclass?

  How do I had objectclasses for posix and samba attributes? Are they already included? Dont see them in the docs. I am attempting to configure a ds 6.1 to hold posix and samba account information for users. Can I implement RFC 2307 Network Information Service schema? And do I need to be running solaris to do this?

  There is no default schema for Samba shipped with Sun Directory Server...
  It should be pretty straightforward to adapt the OpenLDAP specific copy to Sun DS.
  We do not intend to deliver Sun DS with all possible existing schema definitions in the world... Especially when there is no standard describing it.
  The mail, calendar and other Netscape based products schema delivered are mostly there for historical reasons. In my personal opinion, they should not be installed by default, and probably not directly delivered by the product.
  Regards,
  Ludovic.

• Error while migrating to Sun Directory Server 6.0

  Hi All,
  I am trying to migrate the Sun One Directory Server 5.2 to Sun Directory Server 6.0. I am getting the following error
  bash-3.2# ./dsmig migrate-config /var/Sun/mps/slapd-circb2bld3/ /var/SunDirectoryServer6.0/dsInst/
  Launching Configuration Migration of server instance /var/Sun/mps/slapd-circb2bld3 .....
  Enter the certificate database password:
  Starting server instance /var/SunDirectoryServer6.0/dsInst ..... Instance /var/SunDirectoryServer6.0/dsInst is already running (ns-slapd pid is 3868)
  Enter "cn=Directory Manager" password:
  Connecting to server localhost:389 .....
  Could not bind securely on "localhost:389".
  Remote host closed connection during handshake
  Details: SSL peer shut down incorrectly
  Could not create context for configuration migration.
  Operation "migrate-config" failed.
  Please help me.

  Please stop
  The migration guide has step by step instructions, including command line examples, are you using that as your reference?
  Your upgrade should be to (at a minimum) DSEE 6.3.1.1.1. Upgrading to 6.0 is upgrading to a release level that has no patches or fixes to the product. There are significant fixes to the migration command line tools. There is a good chance you will run into issues.
  You should install and review migration to ODSEE 11.1.1.7.0 (which would effectively be the 7.2 release of the DS).
  There is a specific guide for migration and upgrade, which includes migration from DS 5.2 to 11.x
  The full documentation collection for 11.1.1.7.0 is here
  http://docs.oracle.com/cd/E29127_01/index.htm
  The specific migration guide is here
  http://docs.oracle.com/cd/E29127_01/doc.111170/e28971/toc.htm
  See: Part II Migrating from ODSEE 5.2 to ODSEE 11g Release 1 (11.1.1.7.0)
  ODSEE 11.1.1.7.0 can be downloaded from here.
  http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html

• Provisioning Sun directory Server to a User in OIM

  I am learning a OIM tool since 2 months, I could not able to do provisioning sun directory server to a user in OIM, the error is I am not getting the value for Organization DN. I am using ODSEE 11.1.1.5.0 and OIM 11.1.1.5.0. I have followed below steps
  1. Copy Connector and External Code Files.
  2. Configure Oracle Identity Manager Server.
  3. Import an Oracle Identity Manager Connector.
  4. Define an IT Resource.
  5. Create a User.
  6. Assign the Connector to a User.
  Please anyone suggest me solution for this problem.

  Hi,
  You need to run organization lookup reconciliation first then select value in the process form.
  If you are getting particular error, paste error messages from console?
  Regards,
  Raghav.

• Open Directory and LDAP questions/difficulties

  Hi, my company is about to try out OSX Server to replace our old Irix file server. In order to do this we need to run through a number of tests in order to validate the idea. Basically, the test setup is a PM G5 running OSX Server 10.4 and a connected Mac and/or PC on the G5's second ethernet port as test clients. The first ethernet port is connected to the local subnet (192.168.1.x) and, ideally, the OSX Server should have its own subnet on the second port and serve DHCP, AFP and SMB to that port only, along with an OD shared directory providing both authentication and home directories for users. (later on, if all is successful, it will serve those services on the company subnet). DNS is supplied by a separate server on the subnet (DNS caching server running tinydns)
  I've read my way through the OSX Server documentation, and gathered all the information the Worksheet requires. The problems started occuring because we installed OSX Server over an OSX Client and broke off the Server Assistent, because we were worried at the time that turning on a Windows PDC would collide with our current (and very flaky) Samba server running on the Irix machine, and that DHCP might also collide with our current dhcp server.
  As a consequence, we tried to set it up via the Server Admin Panel, Network Prefs, and the Workgroup Manager, after having connected the second ethernet port of the G5.
  Doing this, and setting the OD service to an OD Master, along with a Search base of dc=hostname, dc=domain, dc=tld has not exactly changed much. The problem is that the info panel says that LDAP is not running. This confuses me no end. I thought OD was based upon LDAP. The server name in the Server Admin panel is hostname.local. And now I get to my real questions (finally):
  1.Would it be better to just wipe the machine and start again using the Assistent, and set up the ODMaster that way?
  2.When is an ODMaster not a local directory and when is it a shared directory (the hostname.local worries me)
  3.What services exactly need to be running for the ODMaster to function properly
  3.How do I configure the local subnet on the second port (should I use the Gateway Assistent or do it by hand), and how do I only serve those services to that port (do I do it by setting the router/gateway for those services as the IP of the second port or as localhost).
  4.Do I need to simply enable LDAPv3 on the clients and set the search path to automatic to get the clients to Autheticate?
  5.Do user and groups added to the hostname.local become part of the OD Domain?
  I'm sorry if I come across as a total newbie. I'm used to doing most of this on the commandline in Linux (except for LDAP, which is new to me), and the GUI. I have managed to entangle myself quite nicely in all this and could really use some pointers.
  Thanks in advance
  Theo.
  PowerBook G4   Mac OS X (10.4.7)  

  1. Starting with a freshly installed OS X Server is recommended, but start no services at first, you need working DNS with reverse zone for the server IP to run OD Master (and other services). If the server domain is to be different from the existing network domain name setup DNS in OS X for the test domain.
  2. I'm not sure I understand the question. LDAP/OD can be used on the server to "house" the user accounts but you don't have to bind computers to it.
  If you don't use the more advanced possibilities with LDAP/OD I don't think the clients even need to have LDAP configured to be able to authenticate.
  hostname.local = hostname and the standard Bonjour domainname .local ?
  3a. DNS, so that reverse lookup works for the hostname before setting up OD Master. OD needs a "true" domainname Bonjour isn't sufficient. Setup/use something like mydomain.private.
  3b. You don't need to do NAT, you can also route between two subnets (you would need a static route in your Internet router too).
  If you want NAT you can use the GW assistant. The interface on the top of the list in Network config (where you can add more/alias interfaces) is the "main" interface used as the "WAN"/"Internet" interface.
  4. If the clients are "standalone" (not bound to the OD domain or not using server based homefolders and such) I think you only need LDAP if you want the clients to be able to search for info in OD/LDAP. Not needed for authentication.
  You can send out LDAP info with DHCP.
  5. If you mean you add/enter users and groups to OD/LDAP directory it just means you can have different servers/clients using a central repository(?) for authentication purposes.
  If you add (bind) machines to the domain you can to control what clients can do locally (priviledges), which applications they can run and so forth.
  In /etc/smb.conf you can say which interface to use för samba (don't remember what to enter though). And if using the firewall (you must if you want NAT) you can stop Bonjour (mDNS - multicasts) from entering the "old" network if you like/need.

• Active Directory and many OUs

  Hello all,
  This topic might have been talked about before but after a lot of searching I still have not found a solution, so I ask for a bit of help.
  In our Active Directory there are many OUs where users are kept. There is no one top OU where you can start your search. I don't really know why it was set up this way and I don't have an option to change that. I would really like to have ou=users like most have!
  So when I try to authenticate a user (I'm installing DSpace in my uni) I cannot automatically add the OU for the user trying to log in and the users themselves don't know their OU (well, why would they!).
  I'm hoping there is some simple solution to this. Maybe JNDI API allows for searching in many OUs at the same time (some fixed list in the code)? Or maybe the OU is not needed at all in the search?
  Any help/hints would be appreciated.
  best regards, Logi

  For searching, you can issue a subtree search will search through the entire subtree, irrespective of how many levels of OU's may exist, by using SearchControls.SUBTREE_SCOPE
  Have a look at the tutorial at http://java.sun.com/products/jndi/tutorial/basics/directory/scope.html
  For authentication, you can either get the user to enter their:
  distinguished name
  (cn=Albert Eirnstein, ou=Research,dc=Antipodes,dc=com), although that is not entirely user friendly
  their NT style logon name (samAccountName)
  ANTIPODES\alberte, more user friendly,
  or their Windows 200 style logon name (userPrincipalName),
  [email protected], equally as user friendly.
  You may also want to look at some of the following posts:
  JNDI, Active Directory and Authentication (Part 1) (Kerberos)
  http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
  JNDI, Active Directory & Authentication (part 2) (SSL)
  http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50
  JNDI, Active Directory & Authentication (part 3) (Digest-MD5)
  http://forum.java.sun.com/thread.jspa?threadID=581868&tstart=150
  JNDI, Active Directory & Authentication (part 4) (SASL EXTERNAL)
  http://forum.java.sun.com/thread.jspa?threadID=641047&tstart=0
  JNDI, Active Directory and Authentication (part 5, LDAP Fastbinds)
  http://forum.java.sun.com/thread.jspa?threadID=726601&tstart=0
  JNDI, Active Directory, Referrals and Global Catalog
  http://forum.java.sun.com/thread.jspa?threadID=603815&tstart=15

• Setting up the class root directory and choosing class files.

  I made a simple test application as it is proposed at the J2EE 1.4 Tutorial and all worked.
  (Chapter 24 Getting started with Enterprise Beans)
  Than I deleted the ear file to try out the deploy mechanism again.
  And after generating the new application with File-> New application which worked well I also
  tried to use the EJB Wizard feature of the J2EE deployment tool. After I had selected the appropriate EJB classes to add to my jar, I clicked NEXT and I got the following message:
  The class (converter.Converter) could not be loaded:
  Please consult online help for assistance in setting up the class root directory and choosing class files.
  The online helps isnt very usefull for this type of problem.
  Do you have a hint what to do ?

  Hi san-deepu,
  I couldn't reproduce the error you are having when I followed Ch. 24 tutorial in packaging the ear. Is there anymore information in deploytool's logfile? This is in <user_home>/.deploytool/logfile, or you can run in verbose mode: <as_install>/bin/deploytool -v
  When you say you deleted the ear file, did you also close the ear file in deploytool first? You may also want to exit deploytool () , and try deleting the temporary files. Deploytool usually cleans up the temp files automatically upon exit - maybe there are some left behind that it couldn't delete. On windows the temporary files are located by default in C:\Documents and Settings\Administrator\Local Settings\Temp\sun-dt-Administrator. In deploytool go to Edit --> Preferences --> General to find what the temporary directory is set to.
  Which version of the appserver are you using? jdk version? operating system?
  J

• Installation/Config Problem with Sun Directory Server Control Center (6.0)

  Hi All,
  I have recently attempted an installation of Sun Directory Server EE 6.0 on a x86 Solaris 10 machine.
  I have selected to install Core Directory Server and Sun Directory Server Control Center with my installation.
  After installation, if I check the status of the SUNDSCC, I receive the following message:
  bash-3.00# ./dsccsetup status
  DSCC Application is not installed
  DSCC Agent is registered in Cacao
  DSCC Registry has been created
  Path of DSCC registry is /var/opt/SUNWdsee/dscc6/dcc/ads
  Port of DSCC registry is 3998
  I have also tried to re-start the Sun Java Web Console using the /usr/sbin/smcwebserver start command but that does not do anything.
  If i try to initialize the SUNDSCC usin the ./dsccsetup initialize command, the registry got created, but it still displays as "application not installed".
  I do not understand. I have already installed this application using the JES installer.
  please help!
  Regards,
  Saahil Goel

  I had a similar issue. Here is how I fixed it.
  Run dsccsetup status with the -v option. it will show you where it is trying to find the DSCC Application. Then do a find on your system to see where it is actually installed. Then simply copy it over to where dsccsetup is looking for it. Then do dsccsetup initialize. Below is what it looked like on my system when I did it:
  # ./dsccsetup status -v
  ## /usr/sbin/smreg is present
  ## /usr/sbin/smcwebserver is present
  ## /opt/server/sun/dscc6/dccapp is MISSING
  DSCC Application is not installed
  ## /opt/sun/cacao/bin/cacaoadm is present
  ## /opt/server/sun/dscc6/lib/jar/nquickmodule.jar is present
  ## Running /opt/sun/cacao/bin/cacaoadm list-modules -r
  DSCC Agent is registered in Cacao
  ## Running /opt/sun/cacao/bin/cacaoadm status
  ## Running /opt/sun/cacao/bin/cacaoadm list-modules
  ## Running /opt/sun/cacao/bin/cacaoadm get-param network-bind-address
  ## Running /opt/sun/cacao/bin/cacaoadm get-param jmxmp-connector-port
  ## /opt/server/sun/ds6/bin/dsadm is present
  DSCC Registry has been created
  Path of DSCC registry is /var/opt/sun/dscc6/dcc/ads
  Port of DSCC registry is 3998
  # find / -name dccapp
  /opt/server/dscc6/dccapp
  # cp -R /opt/server/dscc6 /opt/server/sun
  # ./dsccsetup dismantle
  DSCC Application is not registered in Sun Java(TM) Web Console
  Unregistering DSCC Agent from Cacao...
  Deleting DSCC Registry...
  All server registrations will be definitively erased.
  Existing server instances will not be modified.
  Do you really want to delete the DSCC Registry ? [y/n]y
  Server stopped
  DSCC Registry has been deleted successfully
  # ./dsccsetup initialize
  Registering DSCC Application in Sun Java(TM) Web Console
  This operation is going to stop Sun Java(TM) Web Console.
  Do you want to continue ? [y,n] y
  Stopping Sun Java(TM) Web Console...
  Registration is on-going. Please wait...
  DSCC is registered in Sun Java(TM) Web Console
  Restarting Sun Java(TM) Web Console
  Please wait : this may take several seconds...
  Sun Java(TM) Web Console restarted successfully
  Registering DSCC Agent in Cacao...
  Checking Cacao status...
  Deploying DSCC agent in Cacao...
  DSCC agent has been successfully registered in Cacao.
  Choose password for Directory Service Manager:
  Confirm password for Directory Service Manager:
  Creating DSCC registry...
  DSCC Registry has been created successfully
  Hope this helps.

• Password synchronization problem between sun DS and ADS

  Hi
  I installed the sun one indentity synchronization 1.0. I synchronize password between one DS and one AD.It is working fine. My problem is i want to synchronize between two sun one DS and one AD , but it is ignoring the one DS in Sync , anothe DS and AD is Synchronizing. It is not synchrnonizing the two DS and one AD server.
  My SUL Configuration is
  SUL Name : DS1ToADS
  Windows
  Base DN : ou=newsync,dc=esecurity,dc=com
  Filter : destinationindicator=ameer.com
  Creation Expression : cn=%cn%, ou=newsync,dc=esecurity,dc=com
  Sun One Directory Server
  Base DN : cn=authorization2,dc=ameer,dc=com
  destinationindicator=ameer.com
  SUL Name : DS2ToADS
  Windows
  Base DN : ou=newsync,dc=esecurity,dc=com
  Filter : destinationindicator=basha.com
  Creation Expression : cn=%cn%, ou=newsync,dc=esecurity,dc=com
  Sun One Directory Server
  Base DN : cn=authorization2,dc=basha,dc=com
  destinationindicator=basha.com
  I am synchronizing the existing users using the following file.
  <?xml version="1.0" encoding="UTF-8"?>
  <UserLinkingOperationList allowLinkingOutOfScope="true">
  <UserLinkingOperation parent.attr="UserLinkingOperation"
  sulid="DS1ToADS">
  <UserMatchingCriteria parent.attr="UserMatchingCriteria">
  <AttributeMap parent.attr="AttributeMap">
  <AttributeDescription parent.attr="SunAttribute" name="sn"/>
  <AttributeDescription parent.attr="WindowsAttribute" name="sn"/>
  </AttributeMap>
  <AttributeMap parent.attr="AttributeMap">
  <AttributeDescription parent.attr="SunAttribute" name="employeenumber"/>
  <AttributeDescription parent.attr="WindowsAttribute" name="employeeid"/>
  </AttributeMap>
  </UserMatchingCriteria>
  </UserLinkingOperation>
  <UserLinkingOperation parent.attr="UserLinkingOperation"
  sulid="DS2ToADS">
  <UserMatchingCriteria parent.attr="UserMatchingCriteria">
  <AttributeMap parent.attr="AttributeMap">
  <AttributeDescription parent.attr="SunAttribute" name="givenName"/>
  <AttributeDescription parent.attr="WindowsAttribute" name="givenName"/>
  </AttributeMap>
  <AttributeMap parent.attr="AttributeMap">
  <AttributeDescription parent.attr="SunAttribute" name="employeenumber"/>
  <AttributeDescription parent.attr="WindowsAttribute" name="employeeid"/>
  </AttributeMap>
  </UserMatchingCriteria>
  </UserLinkingOperation>
  </UserLinkingOperationList>
       Should not showing the any error after synchronization.
  I am giving my log files     
  resync log
  [05/Jan/2005:17:29:12.505 +0530] INFO 66 CNN101 csi2a01 "Sent remote source entry 'dn: 'CN=actusr2,OU=newsync,DC=esecurity,DC=com' [activedirectorydomainname=esecurity.com, employeeid=11112]'." (Action ID=CNN101-10142707E24-10, SN=4)
  [05/Jan/2005:17:29:12.958 +0530] INFO 66 CNN101 csi2a01 "Sent remote source entry 'dn: 'CN=actusr1,OU=newsync,DC=esecurity,DC=com' [activedirectorydomainname=esecurity.com, employeeid=11111]'." (Action ID=CNN101-10142707E24-11, SN=4)
  [05/Jan/2005:17:29:13.051 +0530] INFO 66 CNN101 csi2a01 "Sent all entries for the 'DS2TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-13, SN=0)
  [05/Jan/2005:17:29:14.098 +0530] INFO 66 CNN101 csi2a01 "Sent all entries for the 'DS1TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-14, SN=0)
  [05/Jan/2005:17:29:17.442 +0530] INFO 71 CNN100 csi2a01 "Received all remote entries for the 'DS1TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-14, SN=5)
  [05/Jan/2005:17:29:18.567 +0530] INFO 62 CNN101 csi2a01 "Received all remote entries for the 'DS1TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-14, SN=10)
  [05/Jan/2005:17:29:22.098 +0530] INFO 72 CNN102 csi2a01 "The Windows entry 'dn: 'CN=actusr1,OU=newsync,DC=esecurity,DC=com' [employeenumber=11111, givenname=ameer1] [destinationindicator=[basha.com, ameer.com]]' is already linked to the Directory Server entry 'dn: 'uid=ds1ameer1,cn=Authorization1,dc=basha,dc=com' [employeenumber=11111, destinationindicator=esecurity.com]'." (Action ID=CNN101-10142707E24-11, SN=5)
  [05/Jan/2005:17:29:22.098 +0530] INFO 71 CNN102 csi2a01 "The Windows entry 'dn: 'CN=actusr2,OU=newsync,DC=esecurity,DC=com' [employeenumber=11112, givenname=ameer2] [destinationindicator=[basha.com, ameer.com]]' is already linked to the Directory Server entry 'dn: 'uid=ds1ameer2,cn=Authorization1,dc=basha,dc=com' [employeenumber=11112, destinationindicator=esecurity.com]'." (Action ID=CNN101-10142707E24-10, SN=5)
  [05/Jan/2005:17:29:22.520 +0530] INFO 73 CNN102 csi2a01 "Received all remote entries for the 'DS2TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-13, SN=5)
  [05/Jan/2005:17:29:22.629 +0530] INFO 63 CNN101 csi2a01 "Received all remote entries for the 'DS2TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-13, SN=10)
  audit log
  [05/Jan/2005:17:29:15.629 +0530] FINE 16 CNN102 csi2a01 "The agent has received an outbound action from MQ: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11112] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr2 destinationindicator: basha.com, ameer.com dn: CN=actusr2,OU=newsync,DC=esecurity,DC=com employeenumber: 11112 givenname: ameer2 objectclass: top, person, organizationalPerson, user dspswuserlink: tZeGDb7WM0SW72YcOMzfew== pwdlastset: 127493062677968750 samaccountname: 1234 sn: nagore2 usnchanged: 115104 whenchanged: 20050104100213.0Z}." (Action ID=CNN101-10142707E24-10, SN=3)
  [05/Jan/2005:17:29:15.895 +0530] FINE 16 CNN102 csi2a01 "The controller has received the following outbound action from the agent: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11112] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr2 destinationindicator: basha.com, ameer.com dn: CN=actusr2,OU=newsync,DC=esecurity,DC=com employeenumber: 11112 givenname: ameer2 objectclass: top, person, organizationalPerson, user dspswuserlink: tZeGDb7WM0SW72YcOMzfew== pwdlastset: 127493062677968750 samaccountname: 1234 sn: nagore2 usnchanged: 115104 whenchanged: 20050104100213.0Z}." (Action ID=CNN101-10142707E24-10, SN=4)
  [05/Jan/2005:17:29:16.208 +0530] FINE 16 CNN102 csi2a01 "The agent has received an outbound action from MQ: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11111] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr1 destinationindicator: basha.com, ameer.com dn: CN=actusr1,OU=newsync,DC=esecurity,DC=com employeenumber: 11111 givenname: ameer1 objectclass: top, person, organizationalPerson, user dspswuserlink: tfNQqDQ8VEigzgJjrfcVSg== pwdlastset: 127493178093125000 samaccountname: 123 sn: nagore1 usnchanged: 115147 whenchanged: 20050104131009.0Z}." (Action ID=CNN101-10142707E24-11, SN=3)
  [05/Jan/2005:17:29:16.926 +0530] FINE 16 CNN100 csi2a01 "The agent has received an outbound action from MQ: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=3)
  [05/Jan/2005:17:29:16.926 +0530] FINE 16 CNN100 csi2a01 "The controller has received the following outbound action from the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=4)
  [05/Jan/2005:17:29:16.973 +0530] FINE 16 CNN102 csi2a01 "The controller has received the following outbound action from the agent: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11111] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr1 destinationindicator: basha.com, ameer.com dn: CN=actusr1,OU=newsync,DC=esecurity,DC=com employeenumber: 11111 givenname: ameer1 objectclass: top, person, organizationalPerson, user dspswuserlink: tfNQqDQ8VEigzgJjrfcVSg== pwdlastset: 127493178093125000 samaccountname: 123 sn: nagore1 usnchanged: 115147 whenchanged: 20050104131009.0Z}." (Action ID=CNN101-10142707E24-11, SN=4)
  [05/Jan/2005:17:29:16.973 +0530] FINE 16 CNN102 csi2a01 "The agent has received an outbound action from MQ: Type: SENTINEL SUL: DS2TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-13, SN=3)
  [05/Jan/2005:17:29:16.989 +0530] FINE 16 CNN102 csi2a01 "The controller has received the following outbound action from the agent: Type: SENTINEL SUL: DS2TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-13, SN=4)
  [05/Jan/2005:17:29:17.442 +0530] FINER 13 SysMgr_100 csi2a01 "Sending an acknowledgement to the console for request (ID=1104926235041)."
  [05/Jan/2005:17:29:17.473 +0530] FINE 13 SysMgr_100 csi2a01 "Sent an acknowledgement to the console for request (ID=1104926235041)."
  [05/Jan/2005:17:29:17.457 +0530] FINE 71 CNN100 csi2a01 "The agent has received the following inbound action from the controller: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=6)
  [05/Jan/2005:17:29:17.489 +0530] INFO 71 CNN100 csi2a01 "The agent is sending the following inbound action to MQ: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=7)
  [05/Jan/2005:17:29:17.504 +0530] FINER 71 CNN100 csi2a01 "The controller has acknowledged the following outbound action to the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=8)
  [05/Jan/2005:17:29:18.192 +0530] FINE 16 CNN101 csi2a01 "The agent has received an outbound action from MQ: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=8)
  [05/Jan/2005:17:29:18.364 +0530] FINE 16 CNN101 csi2a01 "The controller has received the following outbound action from the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=9)
  [05/Jan/2005:17:29:18.676 +0530] FINER 62 CNN101 csi2a01 "The controller has acknowledged the following outbound action to the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=11)
  Please do the needful
  Basha

  Hi Joshua,
  Does this mean that I need to install the core and sub component but no need to install the DS and AD connectors. No!!! Core must only be installed on one machine! Here is a short summary of the steps during an installation having sun ONE LDAPs in multi-master replication (taking ldap2 as the machine, whrere core is installed):
  1. Install core on ldap2
  2. start console and configure your directory sources. For the sun directory source enter ldap2 as the preferred and ldap1 as the secondary ldap. Configure the rest: attribute-mapping, modification flow, AD-source, SULs, etc. save the configuration.
  3. on ldap2 run idsync prepds untill you get the SUCCESS message in the following way (be sure to specify the secondary ldap with -j and -r options):
  idsync prepds -h <ldap2> -p <ldap2port> -j <ldap1> -r <ldap1port> -D "cn=directory manager" -w <passwort> -s  <configuration_registry_suffix>4. Run the install binaries again on ldap2. Install DS Connector on ldap2, install DS-Subcomponent (preferred) on ldap2. Install AD-Connector.
  5. Copy over install binaries to ldap1. Run the install binaries on ldap1. Give ldap2 as configuration directory URL When you are asked, what components to install, select subcomponent. Select the suffix. When you are asked, what type of ldap, select secondary.
  6. Copy over install binaries to any ldap slave in your replication topology and install the subcomponent there, choosing "other" as the ldap type.
  Good luck again...
  Jakob.

• Log file size in Sun Directory Server

  Does anyone have an idea about the how the Sun Directory Server's log file size will increase in size with respective to the actions performed?
  Can someone give a data regarding this? If someone has a better scenario and the supportive data w.r.t log file size it will be helpful.
  Thanks,

  AFAIK No its based on time "At a certain time, or after a specified interval, the server rotates your access logs. "
  More info in Archiving Log Files in [http://docs.sun.com/app/docs/doc/820-7985/gczxv?l=en&a=vie]
  It should be easy to write such a script to be run as a daemon in logs directory. Here is the pseudo code :
  while [1]
  do
  get size of the access/error log file
  If size of file > max_size
  <ws-install-dir>/https-<instance>/bin/rotate
  sleep for sometime
  done