Sun Directory Proxy 5.2 fail over?

Similar Messages

• Question on Sun Directory Proxy Server 5.2.4

  Hello Guys,
  Is it a good idea to have DPS and DS on the same server? Did anyone run into any issues? We have four Sun DS servers four-way master replicated on Windows 2003 std. We are in the process of evaluating Sun Directory Proxy server to resolve single point of failure between our custom apps and LDAP servers. I would appreciate any insights on Sun DPS implementation on Windows 2003 Std.
  Thanks

  While it might not be too good an idea (you essentially want the DPS for load balancing AND failover, right? So why risk putting it on the same machine ;) ), it does work.
  I recently implemented DPS on Solaris, and things generally work fine. (The command line interface isn't too reliable though). If you are thinking of routing all your traffic over SSL (ie, Client---ssl--->DPS---ssl--->DS), make sure you apply the latest patch available for the DPS. The dps524.jar that comes with the default installer isn't what it used to be (JES 2005Q4), and will give you issues when configuring SSL for DPS. Apart from that, things are more or less a breeze.

• Directory Proxy not accepting connections

  Hi,
  We are having issues with our Directory Proxy servers 6.3. We recently moved an application that makes a lot of searches to the proxy and we started getting the error below. This causes all bind to fail when we start getting this error. Does anybody have this issue or idea what could be causing it?
  Proxy Access Log:
  [24/Jul/2008:10:09:26 -0500] - CONNECT - INFO - conn=4881366 client=XX.XX.XX.XX:43291 server=xxxxxxxxxxxx:389 protocol=LDAP
  [24/Jul/2008:10:09:26 -0500] - PROFILE - INFO - conn=4881366 assigned to connection handler cn=default connection handler, cn=connection handlers, cn=config
  [24/Jul/2008:10:09:26 -0500] - OPERATION - INFO - conn=4881366 op=0 BIND dn="cn=xxxxxxxxx" method="SIMPLE" version=3
  [24/Jul/2008:10:09:26 -0500] - OPERATION - INFO - conn=4881366 op=0 BIND RESPONSE err=1 msg="Server Error " etime=0
  Error Log:
  [24/Jul/2008:10:09:26 -0500] - EXCEPTION - INFO - Server Error
  Exception thrown from thread Worker Thread 7
  java.lang.NullPointerException
  com.sun.directory.proxy.extensions.FailoverLoadBalancingAlgorithm.getBindConnection(FailoverLoadBalancingAlgorithm.java:965)
  com.sun.directory.proxy.server.BackendSet.getBindConnection(BackendSet.java:453)
  com.sun.directory.proxy.server.LDAPDataView.getBindContext(LDAPDataView.java:555)
  com.sun.directory.proxy.server.BindOperation.processOperation(BindOperation.java:525)
  com.sun.directory.proxy.server.WorkerThread.runThread(WorkerThread.java:150)
  com.sun.directory.proxy.util.DistributionThread.run(DistributionThread.java:225)
  Thanks,
  Federico

  Does anyone have an answer for this? We are seeing the same error.
  Proxy Access Log:
  [21/Aug/2008:11:43:48 -0400] - OPERATION - INFO - conn=282 op=1644 BIND dn="cn=1234,ou=employee,c=company" method="SIMPLE" version=3
  [21/Aug/2008:11:43:48 -0400] - OPERATION - INFO - conn=282 op=1644 BIND RESPONSE err=1 msg="Server Error " etime=0
  Proxy Error Log:
  [21/Aug/2008:11:30:23 -0400] - EXCEPTION - INFO - Server Error
  Exception thrown from thread Worker Thread 53
  java.lang.NullPointerException
  com.sun.directory.proxy.extensions.FailoverLoadBalancingAlgorithm.getBindConnection(FailoverLoadBalancingAlgorithm.java:965
  com.sun.directory.proxy.server.BackendSet.getBindConnection(BackendSet.java:453)
  com.sun.directory.proxy.server.LDAPDataView.getBindContext(LDAPDataView.java:555)
  com.sun.directory.proxy.server.BindOperation.processOperation(BindOperation.java:525)
  com.sun.directory.proxy.server.WorkerThread.runThread(WorkerThread.java:150)
  com.sun.directory.proxy.util.DistributionThread.run(DistributionThread.java:225)

• Root is running Sun One Directory Proxy Question ?

  While i was installing the directory proxy server, i gave all root to own the files? Is Sun One Directory Proxy suppose to run as root or can i run as non-root user ?

  You can (and probably should) run as a non-root user, assuming you're running on a port above 1024.
  If you've already installed as root, and root owns all the files, the following should theoretically work:
  - Shut down DPS
  - Edit <dps-root>/etc/dpsDefaultConfiguration.ldif, and change the ids-proxy-con-userid attribute to the user ID you would like the server to run as
  - Modify the same entry in the directory server that holds your proxy's configuration information, like:
  ldapmodify -h config_dir_host -p config_dir_port -D "cn=directory manager" -w password
  dn: ids-proxy-con-config-name=<instanceName>,ou=system,ou=dar-config,o=NetscapeRoot
  changetype: modify
  replace: ids-proxy-con-userid
  ids-proxy-con-userid: <same value as you put in the LDIF file above>
  - Change the ownership of all the files in the DPS install directory
  - Change over to the user that you selected and try to start the DPS process

• SUN ONE Directory proxy Server on NT Server

  I want to use the sun one directory proxy server on a NT Server as a LDAP Proxy Server to my customised database running on an AIX box. During the installation of the proxy server (called idar 5.0 SP1) it fails indicating that the "the server configuration directory may not be running".
  IWhat am i missing? Is the ldap proxy server dependent on SUN's directory server.

  Hi,
  u need to have a Directory Server for the installation of the Directory Proxy Server, but not essentially the Sun ONE Directory Server itself.
  regards,
  raj

• Firefox Proxy Fail-over is not working correctly

  I am in a corporate environment, where we must use a complex auto-proxy, by configuring an automatic proxy configuration of http://proxyconf/proxy.pac. I am seeing an intermittent failure with Firefox 3.6.13, where the same site will load after a delay in IE (e.g. it works for half an hour, then fails for a while, etc.).
  By using Wireshark and tracing the packets, I have identified that a proxy server is intermittently failing, and Firefox is failing to try the second proxy. The auto proxy rule that is being invoked is:
  if (!isResolvable(host)) return "PROXY 172.16.39.201:8080; PROXY 10.241.32.28:8080";
  The problem is that Firefox is never failing over - it tries the 172 address 6 times in a row, then gives up and displays the "The proxy server is refusing connections" "Firefox is configured to use a proxy server that is refusing connections." "* Check the proxy settings to make sure that they are correct." "* Contact your network administrator to make sure the proxy server is working." error message. It continues with this behavior regardless of how many attempts, reloads, restarts are tried.
  IE on the other hand will try and fail with the 172 address, and then start using the 10. address (which works correctly). Several other applications also work correctly, such as IRC clients.
  Obviously the corporate proxy that is failing must be fixed, however Firefox is failing to utilitize the 2nd proxy after the first one fails.
  Seems like a bug.
  Is there some easy way for me to replace the proxy file with my own file? E.g. replace http://http://proxyconf/proxy.pac with file://c:\..., or use some add-on?
  It must be an autoproxy script, as there is no single proxy that I can use for all addresses.

  You can correct this issue by forcing the file blocklist.xml to update or wait until Firefox updates the file.<br />
  That update will remove the severity="0" flags in the file that cause the problem.
  See:
  * [/questions/832793?page=2#answer-198407]
  * http://forums.mozillazine.org/viewtopic.php?p=10899869#p10899869
  *[https://bugzilla.mozilla.org/show_bug.cgi?id=663722 Bug 663722] - The blocklist output is including severity="0" where it shouldn't be

• Sun Identity Manger 8.0 and fail over..

  We are setting up a fail/recovery site for our Sun Identity Manager solution, I had pictured a seem less fail over, but that looks near impossible to do with oracle database. I had pictured load balanced Appserver, with load balanced data bases, sort of a multi-master like LDAP allows..
  Curious what others are using for a fail over site / setup.
  Thanks

  We're using 7.0. For us failover is basically mulitple servers all using the same DB repository, with a "smart" loadbalancer in front of them (smart meaning, able to detect which back end servers are responsive).
  IdM doesn't use any inter-server temp-data synchronization, all the servers running off the same repository communicate by committing changes to the database.
  So if a specific IdM instance dies, on the next page load the user will be redirected to a new server. That server will redirect to the login page and ask the user to re-auth, with the desired page placed after login.jsp as a "nextPage" argument. After (re-)logging in, the user's returned to the page they were trying to get to. However, in-progress edits that had not been committed back to the database will be lost.
  We looked at high availability arrangements where valid sessions are shared across a new server, but fundamentally the limitation is that the app servers still don't sync in-progress edits, so the only difference between an HA environment and a more passive fail-over environment (like ours) is that in an HA environment the user doesn't have to re-login on a server failure; they still lose in-progress edits. So HA didn't seem like it added value to us.
  If you are literally talking about an off-site, completely standby, seamless failover site, I agree I don't see how you would do that. I'd expect that you'd need the offsite setup to be a cold-standby site; configured to use the replicated database, but with the apps powered down until you actually need them. Otherwise, I think you'd have problems with the standby site servers not wanting to "standby". You could ensure no users end up on the standby servers, but background processes are likely to be run across both the primary and the standby services; I don't think you can enforce an "idle but running" status for the standby servers.
  Edited by: etech on Feb 4, 2009 7:37 PM

• Sun One Directory Proxy unable to start error DPS.pid file was not found

  We finally able to install Sun One Directory Proxy 5.2 , but we are unable to start the Proxy server, we are getting error "Since the DPS.pid file was not found, DPS-server is assumed down
  Anybody has any clue / ideas that we would very help fulll?
  Thank

  I've been struggling with this and another problem with DPS for a couple of weeks.
  It generally starts up fine when you dont have SSL enabled. The moment you enable SSL, a couple of things go for a toss:
  1. The problem mentioned above surfaces. Are you facing this problem even without SSL?
  2. If you log into the Administration console, and try to make changes to the DPS configuration, it will give an error stating that "Error in writing to Configuration Directory". But apparently, it will manage to save things. Just that when you try to start it with SSL enabled, it won't. Neither from the command line, nor the GUI.
  Anyone managed to fix this? Sun informed us that there is a problem with Jars, but thats about it.

• ACE 4710 - 'reverse proxy' infront of serverfarm - fail-over/sorry server design issue

  Hi All,
  I'm working on a specific config and have an issue in the backup farm/fail-over/sorry server area.
  The customer wants the following:
  They have an existing serverfarm with X web servers, they want a single server to act as a reverse-proxy in front of the farm.
  So that all traffic goes trough that server, that server then forwards the request to the original serverfarm.
  The problem in my design is in the fail-over, if i configure the reverse-proxy server in a new serverfarm and use the original (web servers) farm as backup it has fail-over, but if the reverse-proxy AND the original serverfarm fail, there is no nice way to get the users on a sorry server.
  I could give the original serverfarms rservers a 'backup standby' server but that won't give the desired effect either.
  For maintance they first take 50% of the servers offline and switch to the other 50% after that, so then users would see a sorry page even if there where operational servers in the farm left.
  The 4710's are running routed mode, and the farms use Sticky Cookie, and also some http URL & Cookie matching is done.
  Anyone have an idea how to build this?

  Hi,
  It need additional testing but as per my understanding if you put the back up in this order then the last backup server will be choosen first.
  In your case it will be like " RSERVER1 >> backup sorry server >> backup web content
  As per the below example:
  I put test 2 as first backup server and test1 as second backup server but if you look at the first part it took rserver test1 as first backup.
  serverfarm host 1313-GIN-GWAP-SDC-80
    rserver RSERVER1
      backup-rserver test1
      inservice
    rserver test1
      inservice standby
    rserver test2
      inservice standby
  regards,
  Ajay Kumar

• RAC using SUN Geo Clusters with Fail over

  Hi ,
  My customer is in the process of investigating and deploying Sun GeoClusters to fail over a RAC from one location to another, the distance between the primary and fail over site is 1200km, they are going to use TrueCopy to replicate the storage across the sites.
  I am in the process of gathering information and need to find out more detail and if any one has any knowledge of this software.If anybody knows about the clients who are using(some urls) the same please let me know.
  Regards
  Manoj

  TrueCopy is a way of replicating storage offsite. RAC works using a single source for the database. That means that RAC can not be used simultaneously at both locations with the files being used locally.
  If my memory serves me well, Hitachi TrueCopy was OSCP (oracle storage compatiblity program) certified, but the OSCP program seems to be discontinued per januari 2007 (see http://www.oracle.com/technology/deploy/availability/htdocs/oscp.html)
  That means that you can use TrueCopy to replicate the storage layer to another location (according to the OSCP note), and use the replicated storage to startup the RAC database in case of failover.

• Sun Directory Server 5.2 installation problem on AIX 5.2

  Hi,
  Am newbie to sun ds5.2 and I got stuck during installation for last 2 days. Could you pls guide to resolve this issue. Please error msg below
  Checking disk space...
  The following items for the product Directory Server will be installed:
  Product: Directory Server
  Location: /Sun/mps
  Space Required: 141.70 MB
  Sun ONE Directory Suite
  Sun ONE Directory Server
  Sun ONE Directory Console Support
  Sun ONE Administration Services
  Sun ONE Administration Server
  Sun ONE Administration Console
  Sun ONE Server Console
  Sun ONE Server Console Core
  Java Runtime Environment
  Sun ONE Server Basic Libraries
  Ready to Install
  1. Install Now
  2. Start Over
  3. Exit Installation
  What would you like to do [1] {"<" goes back, "!" exits}? 1
  Installing Directory Server
  |-1%--------------25%-----------------50%-----------------75%--------------100%|
  [slapd-bmpdev4]: starting up server ...
  error:server:The server could not be started due to invalid command syntax or
  operating system resource limits.
  system_errno:2
  Configuration of the Directory Server failed.
  Warning creating dbswitch.conf
  Warning creating ssusers.conf
  Error Directory Server configuration failure
  Checking connection to the Configuration Directory Server... failed.
  The Admininistration Server cannot be configured.
  Error Administration Server configuration failure
  Error Configuration of the server(s) failed.
  Installation Details:
  Product Result More Information
  1. Directory Server Partially Installed. Refer to "Details..." for more
  information. Available
  2. Done
  Enter the number corresponding to the desired selection for more
  information, or enter 2 to continue [2] {"!" exits}: 2
  thanks
  Bala

  You are correct. Dir 5.2 is not certified for AIX 5.2. It does install though. Like a previous reponse stated. Check the permissions for the user you are installing with and the file system you are installing to. Make certain you have enough disk space. My install took 150 MB of disk space. Finally, Dir 5.2 creates the file "/var/adm/sw/productregistry" during install. If you do not have permissions to /var/adm/sw, you may have troubles.
  Tim
  Computer Systems Engineer
  Komatsu Canada Limited

• Time out fail over

  On this system:
  OS: Solaris 10 11/06 s10s_u3wos_10 SPARC
  Cluster version: 3.1u4
  A- Normally after how much time resource is moved to the other node if ipmp fails (e.g. gateway is unreacheable) ?
  B- What happens if ipmp fails in both server ? packages are kept on their nodes ?
  C- Does it exist timeout over 10 minutes in cluster configuration ?

  u have 2 options - u could increase the back end time out to a very large value so that server can wait rather than timing out rather than failing over or to do some thing like
  <Object name=�default�>
  NameTrans fn=map from=/ name=reverse-proxy-/
  </Object>
  <Object name=�reverse-proxy-/�>
  Route fn=set-origin-server server=server1
  ObjectType fn=http-client-config timeout=600
  </Object>
  see - http://docs.sun.com/app/docs/doc/820-4841/gdhrg?a=view
  ( or simply disable any fail over but have different individual servers distributing load across different application)
  split your uri or application so that each application goes to 1 back end server. for example, let us say - u have 2 java applications that u would like jboss to do the job for you, u could do some thing like
  now, u could edit your obj.conf or (<vs>-obj.conf) depending on your configuration so that it looks like this
  <Object name=�default�>
  NameTrans fn=map from=/ name=reverse-proxy-/
  </Object>
  <Object name=�reverse-proxy-/�>
  <If $uri =~ /foo1>
  Route fn=set-origin-server server=<&#349;erver1>
  </If>
  <If $uri =~ /foo2>
  Route fn=set-origin-server server=<&#349;erver2>
  </If>
  </Object>
  btw - i will file a RFE on your behalf for this feature.

• Sconadm timeout - Sun On-line Account authentication failed.

  Hello,
  I run Solaris 10 5/08 s10x_u5wos_10 X86.
  and the registration timeout. See below the basicreg.log
  I copy the commands i used. and the output. I also run the suc.sh script and post in the end.
  #ping 82.98.86.176
  82.98.86.176 is alive
  #sconadm register -a -r regfile
  sconadm is running
  Authenticating user ...
  Sun On-line Account authentication failed
  failed registration!
  telnet cns-transport.sun.com 443
  Trying 198.232.168.137...
  traceroute to cns-transport.sun.com (198.232.168.137), 30 hops max, 40 byte packets
  1 172.30.168.254 (172.30.168.254) 0.409 ms 0.241 ms 0.147 ms
  2 125-230-64-254.dynamic.hinet.net (125.230.64.254) 2.334 ms 77.107 ms 1.457 ms
  3 tc-kk-t64-2.router.hinet.net (168.95.149.78) 0.937 ms 1.112 ms 0.867 ms
  4 220-128-17-98.HINET-IP.hinet.net (220.128.17.98) 1.246 ms tc-c12r12.router.hinet.net (220.128.17.158) 1.252 ms 1.138 ms
  5 tp-crs11.router.hinet.net (220.128.2.10) 4.423 ms 4.281 ms 15.803 ms
  6 220-128-4-29.HINET-IP.hinet.net (220.128.4.29) 5.076 ms 4.274 ms 4.034 ms
  7 r02-s2.tp.hinet.net (220.128.4.38) 16.038 ms 4.358 ms 4.359 ms
  8 r12-pa.us.hinet.net (211.72.108.121) 142.842 ms 150.936 ms 142.567 ms
  9 r11-pa.us.hinet.net (202.39.83.193) 143.152 ms 142.800 ms 142.830 ms
  10 206.111.12.165.ptr.us.xo.net (206.111.12.165) 142.651 ms 142.925 ms 142.852 ms
  11 te-11-0-0.rar3.sanjose-ca.us.xo.net (207.88.12.69) 144.081 ms 144.510 ms 144.974 ms
  12 207.88.14.117.ptr.us.xo.net (207.88.14.117) 218.322 ms 218.461 ms 217.083 ms
  13 207.88.14.118.ptr.us.xo.net (207.88.14.118) 218.363 ms 217.950 ms 218.103 ms
  14 207.88.183.54.ptr.us.xo.net (207.88.183.54) 214.827 ms 214.479 ms 216.544 ms
  15 border7.te2-2-bbnet2.wdc002.pnap.net (216.52.127.87) 214.862 ms 215.908 ms 214.832 ms
  16 seven-6.border7.wdc002.pnap.net (216.52.125.250) 214.658 ms 214.440 ms 214.558 ms
  17 * * *
  18 * * *
  # cat basicreg20081024111737681.log
  24.10.2008 11:17:48 com.sun.cns.basicreg.BasicReg loadPropertiesFromHomeDir
  INFO: properties file loaded from the default config.properties
  24.10.2008 11:17:48 com.sun.scn.util.Utils getLocalHostNames
  INFO: get hostname 82.98.86.176
  24.10.2008 11:17:48 com.sun.scn.util.Utils getLocalHostNames
  INFO: first returned hostname 82.98.86.176
  24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
  INFO: SCNNetworkProxyConfigMBean.setHost() = null
  24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
  INFO: SCNNetworkProxyConfigMBean.setPort() = null
  24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
  INFO: SCNNetworkProxyConfigMBean.setUser() = null
  24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
  INFO: SCNNetworkProxyConfigMBean.setPassword() = null
  24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
  INFO: userName = [email protected]
  24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
  INFO: password = *****
  24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
  INFO: hostName =
  24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
  INFO: portalEnabled =false
  24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI run
  INFO: Authenticating user ...
  24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter getSCNClientSession
  INFO: CREATING SCNClientSession
  24.10.2008 11:25:18 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter loginAccount
  SCHWERWIEGEND: Error: login account exception: Connection refused to host: 82.98.86.176; nested exception is:
  java.net.ConnectException: Connection timed out
  24.10.2008 11:25:18 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter loginAccount
  SCHWERWIEGEND:
  com.sun.scn.jmx.impl.UISClientLoginModule.login(UISClientLoginModule.java:151)
  sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  java.lang.reflect.Method.invoke(Method.java:585)
  javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
  java.security.AccessController.doPrivileged(Native Method)
  javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
  javax.security.auth.login.LoginContext.login(LoginContext.java:575)
  com.sun.scn.jmx.impl.UISClientLogin.login(UISClientLogin.java:201)
  sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  java.lang.reflect.Method.invoke(Method.java:585)
  com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)
  javax.management.StandardMBean.invoke(StandardMBean.java:323)
  com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
  com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
  com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
  com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
  com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:203)
  com.sun.cacao.agent.DispatchInterceptor.invoke(DispatchInterceptor.java:736)
  com.sun.cacao.agent.auth.impl.AccessControlInterceptor.invoke(AccessControlInterceptor.java:618)
  com.sun.jdmk.JdmkMBeanServerImpl.invoke(JdmkMBeanServerImpl.java:764)
  com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.invoke(InstrumDefaultForwarder.java:106)
  javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1410)
  javax.management.remote.rmi.RMIConnectionImpl.access$100(RMIConnectionImpl.java:81)
  javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1247)
  java.security.AccessController.doPrivileged(Native Method)
  javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1350)
  javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:784)
  sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  java.lang.reflect.Method.invoke(Method.java:585)
  sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
  sun.rmi.transport.Transport$1.run(Transport.java:153)
  java.security.AccessController.doPrivileged(Native Method)
  sun.rmi.transport.Transport.serviceCall(Transport.java:149)
  sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:466)
  sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:707)
  java.lang.Thread.run(Thread.java:595)
  24.10.2008 11:25:18 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter getLoginResult
  INFO: SCN Fault: Connection refused to host: 82.98.86.176; nested exception is:
  java.net.ConnectException: Connection timed out
  24.10.2008 11:25:18 com.sun.cns.basicreg.BasicRegCLI run
  SCHWERWIEGEND: Sun On-line Account authentication failed
  #sh suc.sh
  User: root
  Logname: root
  Freitag, 24. Oktober 2008 11:48 Uhr CST
  xxx
  smpatch settings:
  patchpro.backout.directory - ""
  patchpro.baseline.directory - /var/sadm/spool
  patchpro.download.directory - /var/sadm/spool
  patchpro.install.types - rebootafter:reconfigafter:standard
  patchpro.patch.source - https://getupdates1.sun.com/
  patchpro.patchset - current
  patchpro.proxy.host - ""
  patchpro.proxy.passwd **** ****
  patchpro.proxy.port - 8080
  patchpro.proxy.user - ""
  smpatch analyze:
  Failure: Cannot connect to retrieve detectors.jar: This system is currently unregistered and is unable to retrieve patches from the Sun Update Connection. Please register your system using the Update Manager, /usr/bin/updatemanager or provide valid Sun Online Account(SOA) credentials.
  Sun UC patch revision:
  120336-04
  121082-06
  121119-13
  121454-02
  123004-03
  123006-07
  123631-03
  123896-04
  124187-07
  Solaris release:
  Solaris 10 5/08 s10x_u5wos_10 X86
  Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
  Use is subject to license terms.
  Assembled 24 March 2008
  Solaris Kernel: Generic_127128-11
  Machine Type: i86pc
  Platform: i86pc
  Java -version:
  java version "1.5.0_14"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
  Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
  Cacao Java version:
  java-home=/usr/jdk/jdk1.5.0_14
  Software Cluster:
  CLUSTER=SUNWCall
  All ccr properties:
  Property not defined: 18
  18:
  cns.assetid:
  cns.br.SunUCenabled:
  true
  cns.ccr.keyGenPath:
  /usr/lib/cc-ccr/bin/ccrKeyGen
  cns.clientid:
  cns.httpproxy.auth:
  cns.httpproxy.ipaddr:
  cns.httpproxy.port:
  cns.regtoken:
  cns.security.password:
  cns.security.privatekey:
  cns.security.publickey:
  cns.swup.UMautolaunch:
  false
  cns.swup.autoAnalysis.enabled:
  true
  cns.swup.checkinInterval:
  2
  cns.swup.lastCheckin:
  0
  cns.swup.patchbaseline:
  current
  cns.swup.regRequired:
  true
  cns.transport.serverurl:
  patchsvr not installed.
  Sun UC package status:
  SUNWbreg not installed
  SUNWdc not installed
  Edited by: Denis_Theinert on Oct 24, 2008 4:13 AM

  I could connect all of this hosts without problems.
  # telnet sun.com 80
  Trying 72.5.124.61...
  Connected to sun.com.
  Escape character is '^]'.
  ^CConnection to sun.com closed by foreign host.
  # telnet cns-services.sun.com 443
  Trying 198.232.168.133...
  Connected to cns-services.sun.com.
  Escape character is '^]'.
  ^CConnection to cns-services.sun.com closed by foreign host.
  # telnet getupdates1.sun.com 443
  Trying 198.232.168.136...
  Connected to getupdates1.sun.com.
  Escape character is '^]'.
  ^CConnection to getupdates1.sun.com closed by foreign host.
  # telnet a248.e.akamai.net 443
  Trying 60.254.154.75...
  Connected to a248.e.akamai.net.
  Escape character is '^]'.
  ^CConnection to a248.e.akamai.net closed by foreign host.
  #

• Directory Proxy Sever

  Greetings,
  I have been able to set up the directory proxy server in our test environments, but was a little concerned about the performance tuning parameters. Currently everything is default. I have searched the net to see if there are any available benchmarks or performance tuning criteria and have not found anything suitable. For example:
  a) "Maximum BER Size" the default value is set "no limit". I searched for the definition of BERSIZE and found this out (http://docs.sun.com/app/docs/doc/819-0986/nsslapd-berbufsize-5dsconf?l=en&a=view). Still not sure whether to leave it default or play around with it. Our ldap servers in production enterprise level with over 200k to 300k searches a day.
  b) "Client Connections" The value can be between 2^1 or 2^6. I was just not sure whether to adjust with experience or if there is a benchmark somewhere.
  Any documentation links or comments would be welcome.
  Thanks
  Ahsan

  eferesen wrote:
  Thanks for the reply. I tried look for the idsktune binary and could not find it on the on the system. After researching I found a blurb that stated Java ES, Native Package Distribution (6.3) does not include the binary. However if it the zip distribution is installed then it is provided. Is there a place I can download it?
  ThanksI got idsktune with dsee7 zip, and it does come with v6 dsrk zip too I believe. Its not a panacea of knowledge or anything but its nice to have. It will tell you if you do not have enough open files set which is important. You can run ulimit -a to check number of open files on your system. 1024 is too low for a DPS. I dont recall the default on a rhel 5.5 system. I have mine at 8192 which can be much higher if you prefer. I added the 2 lines below to my limits.conf file to make setting permanent, or you can set with ulimit on the fly.
  /etc/security/limits.conf
    *     soft     nofile     8192
    *     hard     nofile     65536

• Can a Directory server be registered under 2 Directory proxy?

  Hi,
  Is it possible to register a directory server under 2 proxy servers?
  ===========================================
  Proxy Server 1 Proxy server 2
  | |
  |---------------------->DS 1<-----------------------|
  |---------------------->DS 2<-----------------------|
  There will be just one DSCC application that will control this set up...
  Thanks.

  Usually this is required for proper fail over between two DPS so that if one fails the other can still serve the traffic. Typically, in this kind of setup, a hardware load balancer would be in charge of doing this one layer up the chain, like:
  HLB1  -----> DPS1 -----> DS1
          X           X
  HLB2  -----> DPS2 -----> DS2each directory server needs to be added as an ldap-data-source in an ldap-data-source-pool in both DPS1 and DPS2
  cheers.