Sun DSEE and LDAP C Client
Hi All,
I have installed Sun Java System Directory Server Enterprise Edition
(DSEE) 6.1 on Red Hat Enterprise Linux Release 4 Update 3. Now I will
be developing an LDAP client application using C++ programming
language.
My question is should the client application be written using the
client library distributed by Sun themselves? Or can I develop the
LDAP client application using any (eg. OpenLDAP) LDAP client
library?
Any help on this much appreciated.
Thank you.
Rgds,
anna
My question is should the client application be
written using the
client library distributed by Sun themselves? Or can
I develop the
LDAP client application using any (eg. OpenLDAP) LDAP
client
library?Sun Directory Server works well with either flavor, so you can use whichever you prefer for your application.
Similar Messages
-
DSEE 6.3.1 client and server SMF problem
Hi,
I have installed DSEE 6.3.1 from the ZIP distribution. I used the manifest template /opt/SUNWdsee/ds6/install/tmpl_smf.manifest to add DSEE to the SMF. I have successfully bound the machine to be an ldap client of itself.
My problem is that network/ldap/client and application/sun/ds seem to come up in the wrong order at boot time. This makes network/ldap/client transition to maintainence eventually even though DSEE will eventually come up. My modifications to tmpl_smf.manifest were very basic (changing %%%INSTALL_PATH%%% and changing the start and stop invocations to point directly at my instance).
Is there something I can do to get these two services to come up in the other order?
Thanks,
Ian.I had some luck figuring this out, I added the following dependency to network/ldap/client (/var/svc/manifest/network/ldap/client.xml)
<dependency
name='ds'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/application/sun/ds' />
</dependency>
Unfortunately this created a dependency loop in SMF because (following the advice in http://docs.sun.com/app/docs/doc/820-0376/dps?a=view for correcting bug 6542857) I had added the following lines to my dsee.manifest
+ <dependency name="nameservice" grouping="require_all" \
+ restart_on="none" type="service">
+ <service_fmri value="svc:/milestone/name-services"/>
+ </dependency>
I removed these lines and imported the service config again and now DSEE and ldap/client come up in the correct order.
If there is a better way to do any of this I would be very interested to hear it. -
Migrating Linux shadow-file MD5 passwords to Sun DSEE for Solaris/SunMail
Hello all,
We are about to undertake migration of an outdated mail server based on RedHat 7.2 and Sendmail/ipop3d to Sun Messaging Server (JCS6u2). While the filesystem/mail are not a problem, we're stuck at the question of how to best migrate old users' identities.
The old Linux system used user names and password hashes stored in /etc/passwd and /etc/shadow files. Hashes are mostly MD5 and a few seem like crypt.
Question is: are there known incompatibilities between password hashes (algorithms, expected format) in Linux and Sun products - Solaris/DSEE/SunMail?
That is, if we just take strings like these:
usemd5:$1$Wu7IqFT5$TeUht3OMdeSSBB3Vab4dB.:11262:0:::::134540116
usecrypt:DD2kEwCD8nies:10220::::::
Can we simply place the second column as the userPassword attribute in Sun DSEE and expect that users would be able to log in to LDAP-enabled Solaris and Sun Mail with their old passwords knownst only to them?
If not, is there some simple modification/translation of such hashes to a format accepted by Sun products?
Or are these formats/algorithms known to be incompatible somehow in a fatal manner, so our only option would be generation of new passwords for Sun DSEE and its clients?
Thanks,
//JimJust to reclarify or throw more information:
a password - cleartext value - testuser1 has 32-digit HEX value as - 41da76f0fc3ec62a6939e634bfb6a342
Same password when converted to Base64 pattern becomes - Qdp28Pw+xippOeY0v7ajQg==
But when I use pwdhash utility in DSE after configuring CRYPT to use MD5 hashes it becomes -
{crypt}$md5$$LiB/H70zXr3xfQPoXVuUQ1
I used below command :
pwdhash -D /opt/SUNWdsee/dsee6/ds6/slapd-oha-dev -s CRYPT testuser1
Actual hash value of pwdhash is -LiB/H70zXr3xfQPoXVuUQ1 with rest of the prefix is to meet RFC standard and salt and algo name separator.
I am wondering if Sun MD5 default uses any salt even when I haven't used or DS does it. Or if any other MD5 option is there which can be used.
Thanks,
Gaurav -
Sun Ray server software and Sun DSEE
I want to have a centralized user administration in the latest sun java 7 directory server. i want to set up the system in that the users of the sun ray thin clients will be authenticated from
the DSEE. Please assist me in how to make this work.Basically, you Sun Ray server must be an LDAP client: it must be set up so that when logging in, it actually authenticates users against DSEE.
DSEE can be installed on the same host as the Sun Ray server, but it's not a requirement. On the contrary, in such a case, you've got to be
careful in the start order of services at boot time. So the easiest way is to have DSEE and the Sun Ray server on separate machines.
How to configure both servers is explained here: http://download.oracle.com/docs/cd/E18752_01/html/816-4556/ldapsetup-1.html
Or at least, it's a good starting point. -
XI 3.1 Client Tools and LDAP Authentication
I have Business Objects XI 3.1 SP2 installed. For the web clients (InfoView) single sign on and LDAP authentication are working correctly. However when a user tries to log in using LDAP authentication to one of the client tools (Universe Designer, Webi Rich Client, etc) the error "Cannot access the repository (USR0013)" occurs with the following details:
[repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Security plugin error: Failed to set parameters on plugin.(hr=#0x80042a01)
Are there troubleshooting or setup guides dealing specifically with LDAP authentication with the various client tools?Make sure that the File and Printer Sharing for Microsoft Networks component is installed and enabled on your clients.
Take a look at note 1272536 (http://service.sap.com/notes)
Regards,
Stratos -
SUN DSEE 6.2 vs Fedora DS 1.1 performance comparison
Hi all,
I've just discovered a nice tool from SUN about performance analysis for ldap servers named SLAMD (http://www.slamd.com)
So I configured it and tried to analyze my servers. I've setup one SUN DSEE 6.2 and one Fedora DS 1.1
in my workstation. Both of them being populated with the same data (160 sample entries from sun) and using the same file descriptors.
My workstation is running fedora 8, Core(TM)2 Duo CPU E6550 @ 2.33GHz / 2 GB ram.
I did a couple of tests but all of them had the same search filters
Entry DN ou=people,dc=example,dc=com
Search Filter objectClass=*
Attribute(s) to Compare/Modify Add Operation Frequency 3
Compare Operation Frequency 7
Delete Operation Frequency 4
Modify Operation Frequency 4
Modify RDN Operation Frequency 1
Search Operation Frequency 10 description
I will give the results of my final test which lasted 240 seconds / 200 threads from one client
DS Overall Operations (Average/sec)
SUN *35,858*
Fedora *304,867*
It seems to me there is a huge difference! I didn't expect to get such numbers. To tell you the truth
I expected SUN DS to be much faster that Fedora DS instead of being *10 times slower*.
Furthermore while running the test on the Fedora DS the system got a max load of around 7-8 which implied that the system
worked hard to perform the test (CPU always at 100%).
On the other hand while running the SUN DS test, the system never got load more that 1 (cpu not more that 22%).
It was like the SUN DS was capable to do better but it was never bothered. I played with indexes, file descriptors, number of threads without
any significant change of performance.
I'm sure SUN DS can do better. So I'm looking for thoughts on the subject as well as performance tunning/optimization documentation.
Is the resource kit also available for 6.2 or is it just for SUN ONE server?
regards
GiannisGiannis,
Giving raw performance numbers doesn't mean anything unless you also provide the details of the data in your directory server, the settings and the exact tests performed (if it's a slamd standard job, give its name).
Slamd contains many jobs that are doing many different things leading to completely different numbers in term of operations per second.
This said, the numbers you show are puzzling me : SUN 35,858 vs Fedora 304,867 (Operations / Second) ?
I assume the , is the unit separator (and not like in the US the separator between thousands and hundreds).
If so, there is definitely something badly configured on Sun DS and/or Slamd.
Regards,
Ludovic. -
Jabber for Windows and Ldap Contacts without CUPC license
Dear Sr:
It is possible to add a user on ldap as a jabber contact WITHOUT assigning a CUPC license to the user?
The idea is that some users on the ldap don't have jabber but we should be able to add them as a contact AND we dont want to use jabber licenses for those users or have Presence server to load balance those users.
We can add Microsoft contact as jabber contact with no issues...
ThanksLDAP Authentication of End Users in CUCM is strongly recommended for CUPC/Jabber. When you login to CUPC/Jabber it authenticates against CUCM. If LDAP doesn't have the same password (i.e. CUCM isn't synced from LDAP) the client won't be able to do LDAP queries if using BDI. This is because it re-uses the same credentials when it attempts to bind to LDAP. If Jabber is configured for EDI, which is only even possible on Jabber for Windows running on domain-joined workstations, then this is not as critical since it would use the Windows ADSI API in the context of the logged-in user. Using EDI exclusively would rule out Jabber for Mac, iOS, Android, and Windows on a non-domain joined workstation though.
As for usernames: You can continue to use employeeNumber if you wish. You'll need to ensure that the jabber-config.xml file maps the username to this value for everything to work. Note that this will be their XMPP URI: [email protected] so be sure that you're comfortable with employee numbers being public.
Please remember to rate helpful responses and identify helpful or correct answers. -
Problem with ADS and LDAP
I have installed Win2000 + sp1 and ADS on a computer. This computer is PDC.
After connection via LDAP I cann't get any object ( users or goups etc. ).
I try connect to ADS by java ( JNDI ).
When I use another clients of LDAP ( eg. Maxware Directory Explorer) I have
the same problem - no objects.
Can anybody help me?
Grzegorz Pszona
my e-mail: [email protected]Thanks a lot.
Softerra's browser is really good.
Thanks
Rashmi
"Anant Kadiyala" <[email protected]> wrote:
>
I used Softerra's LDAP browser. The browser is free. There is also a
java baded
LDAP browser from Univ of Michigan. I found the Softerra browser to be
more easier
to use.
-anant
"rashmi" <[email protected]> wrote:
Hi,
Can you please let me know which exact ADS tool that you used to examine
the
DN. I have Active Directory Users and Computers, Sites and Servicesand
Domain
and Trusts installed on my machine but I am not able to figure out how
to get
the DN?
Thanks
Rashmi
for Stephen Davies <[email protected]> wrote:
Grzegorz,
I have had WLS6.1 & ADS working ok using LDAP V2. Mind you it did take
a
fair bit of messing around to get it going. MS does have a few oddities,
for example the Administrators DN might look something like this:
cn=Administrator,cn=Users,dc=eglobal,dc=net
One tool that I found invaluable came with the additional support tools
for Windows 2000. The 'Active Directory Administration Tool' made it
easy to list the directory contents and examine the DNs.
Regards,
Steve
Stephen Davies
Principal Consultant
eGlobal Services Pty. Ltd.
Sydney, Australia
Ph. +61 2 9283 1033
http://www.eglobal.net/ -
BO XI 3.1 SP3 SSO with CMC and Webi Rich Client
Hello,
Is it possible in BO XI 3.1 SP3 to use SSO with CMC and Webi Rich Client ?
It works fine with InfoView, Designer and Desktop Intelligence.
RegardsHi,
What kind of SSO authentication are you trying to set up? (AD, LDAP,...)
I think it's AD regarding your command line.
But be aware that in SSO, you don't need to configure the command line to run the client.
Have a look at the following guide.
[Configuring Manual Kerberos Authentication and-or SSO in Distributed Environments with XI 3.1 SP3.pdf|https://bosap-support.wdf.sap.corp/sap/support/sapnotes/public/services/attachment.htm?iv_key=002007204200000183782010&iv_version=0005&alt=2BCE4CB10DF674B172F4F3F7B32A284F49333135358877720E883731B332AF34CACD2AB52C0A2C8DCACA09084EF4CB494E4E0F2ECE8E2F89772908C9CE70CD2DF77675F7F2D1750C09514BCECFCFCE4C8DCF4BCC4DB5F575F4F4F3F57771F571F6F70B01B25D83D4120B0A722092A599504EB16D715E3E00&iv_guid=DF838310BFAAE8F1B486001A64C54696]
Regarding accessing CMC with SSO, it's not recomended at all as if you break this access, than you can't connect anymore to the CMC and modify settings.
Regards,
Philippe
Edited by: Philippe Tavares on Feb 15, 2011 4:11 PM -
Single sign-on using Kerberos and Ldap
I am currently setting up single sign-on using Kerberos for authentication and Ldap for authorization and information store.
The setup includes several Solaris 8 & 9 workstations, a couple of SGI's, as well as a M$ terminal server farm, several WinXP desktops and their associated Active Directory.
I am required to authenticate etc against the AD. (which has M$ SFU3.5 installed)
I have the Kerberos authentication and part of the Ldap service working via pam & nss.
ie. I can logon to the solaris worksatations using the AD username and password, mount the home directory from a M$ NFS server.
BUT...
id gives:- userID, groupID (primary group only)
groups :- primary group only. (no secondary groups are listed)
Question: what additional configuration information do I need in the pam, nss &/or ldap config files, so that I can list the secondary groups.
Thanks in advance for any help.After evaluating (giving up on, and finally throwing out) the Sun Directory server it looks like we are going to endup with a similar solution..
Sadly enough, the MS AD seems much more stable and easier to handle than Suns DS, kerberos and associated services.
Anyway, currently we are evaluating a product called vintela ( www.vintela.com ), and it seems very promising; its easy, robust, stable and does what we require it to do, as well as more :) It comes with an additional nss module called 'vas', so you easily can retrieve data like hosts/groups from your AD.
//M. -
Oracle Workflow Server in a SUN machine; and the Oracle
Hi All
I have installed Oracle Workflow Server in a SUN machine; and the Oracle
Workflow Client (Builder) in a WIN2000 machine.
In the SUN machine, I already had installed Oracle9i and OMS (Oracle
Management Server) version 9.2.0.1.0.
In the WINDOWS 2000 machine, I already had installed the Oracle9i
Client and the OWB (Oracle Warehouse Builder) version 9.0.3.35.0. Workflow
Builder
was installed together with Oracle Client components.
I have a OWB (Oracle Warehouse Builder) project, and I deploy and schedule
JOBS in OEM.
Now I need Oracle Workflow in order to better ordering, manage and schedule
that jobs.
I'm reading the following documentation:
Oracle Workflow Guide (Release 2.6.2)
http://www.csis.gvsu.edu/GeneralInfo/Oracle/workflow.920/a95265.pdf But I think Oracle Workflow is very complex to learn quickly.
My OWB Project has several mappings that load tables in a Data Warehouse.
When I deploy these mappings one by one, in OEM, I can execute them in OEM
and they work well.
But when I use the Workflow Deployment Wizard, I create a new Workflow
Project (Item type and Process).
But I can't Launch this process. I go to Launch Process in Workflow page
(http://:/pls//) but when I iniciate the project,
it stops in the OWB Standard Begin Function. It does not go ahead.
Well, when I use the Workflow Deployment Wizard inside OWB, it generates
jobs that can
be viewed inside OEM (Oracle Enterprise Manager) too. But when I submit
these jobs, I can't get success too.
Can somebody help me? May you guide me in order to solve my problem, or send
me some
documents or links about workflow, and it's integration with OWB and OEM?
Best regardsI think this might be more of an OWB question, and how OWB uses workflow, I have sent an email internally to try and get someone to responsd. You should also consider contacting Oracle Support if you are having these kinds of problems.
Hi All
I have installed Oracle Workflow Server in a SUN machine; and the Oracle
Workflow Client (Builder) in a WIN2000 machine.
In the SUN machine, I already had installed Oracle9i and OMS (Oracle
Management Server) version 9.2.0.1.0.
In the WINDOWS 2000 machine, I already had installed the Oracle9i
Client and the OWB (Oracle Warehouse Builder) version 9.0.3.35.0. Workflow
Builder
was installed together with Oracle Client components.
I have a OWB (Oracle Warehouse Builder) project, and I deploy and schedule
JOBS in OEM.
Now I need Oracle Workflow in order to better ordering, manage and schedule
that jobs.
I'm reading the following documentation:
Oracle Workflow Guide (Release 2.6.2)
http://www.csis.gvsu.edu/GeneralInfo/Oracle/workflow.920/a95265.pdf But I think Oracle Workflow is very complex to learn quickly.
My OWB Project has several mappings that load tables in a Data Warehouse.
When I deploy these mappings one by one, in OEM, I can execute them in OEM
and they work well.
But when I use the Workflow Deployment Wizard, I create a new Workflow
Project (Item type and Process).
But I can't Launch this process. I go to Launch Process in Workflow page
(http://:/pls//) but when I iniciate the project,
it stops in the OWB Standard Begin Function. It does not go ahead.
Well, when I use the Workflow Deployment Wizard inside OWB, it generates
jobs that can
be viewed inside OEM (Oracle Enterprise Manager) too. But when I submit
these jobs, I can't get success too.
Can somebody help me? May you guide me in order to solve my problem, or send
me some
documents or links about workflow, and it's integration with OWB and OEM?
Best regards -
How to config messaging 5.2 and ldap 5.2 with smtp auth?
Hello.
I want to config smtp auth for msg 5.2 and ldap 5.2.
How to step of work.
I config follow admin guide but it not work.
Please help me and advice me.For your internal clients to be authenticated,
replace "mustsaslserver" instead of "maysaslserver" in tcp_intranet channel on your imta.cnf file. Then all clients connecting from your internal IPs (listed on your mappings file) will be authenticated.
Add the below two parameters for messenger express users to use the same system.
configutil -o local.service.http.smtpauthuser -v "store admin user name"
configutil -o local.service.http.smtpauthpassword -v "store admin password"
All other external smtp connections (MX pointed) are not authenticated since they are directed to tcp_local channel. -
Hi,
I want to use sun ray solution with 100 windows client. can someone tell me which is the best license solution. i mean , should I go with windows terminal license or vmare solution.
if you can please explain me about the vmare solution and benefits.
thanks
rajeshWell to be honest; we don't currently have someone here with full SUN knowledge that can answer that. I am a Windows administrator and trying to find all the applications and appliances whether they are compatible with AD 2008 R2 level. If the Sun Ray and V210 don't have an AD link/integration, that is then actually good news.
Olaf -
Directory server and ldap TLS on windows platform
Any body, tested "sun directory server" and "ldap tls" on windows platform"??? cause I tried it, and I cant established a secure connection. On other platform, and I speack about solaris 9, evry thing is ok. Some comments??
It's a rather unusual way to use attribute subtypes. You may be able to do something with the mapping engine in DPS - I'll wait for Sylvain or someone else who knows DPS really well to answer that. But from the perspective of the information model, I have some doubts about this approach. For instance, what happens if you have multiple subtypes on a single-valued attribute?
Usually, for example, if there is a "preferred" common name as opposed to some other common names, it would be modeled in an entirely different attribute type, such as "preferredName". The subtypes are almost exclusively used for language specification nowadays. That's another question - what happens if you ever need to store multiple languages in your Directory?
Do you know of anyone else who is using this kind of information model in their Directory? -
Upgrade 32–bit Sun DSEE Server Instances with 64-bit RHEL 4.6?
I want to update 32–bit Sun DSEE Server Instances with 64-bit RHEL 4.6 to 64-bit ODSEE 11.1.1.5.0 with 64-bit RHEL 4.6.
ThanksBut it will be on the same physical machine or on a separate server? How big will be the DB?
Will be in the same topology? Separate topologies?
If you can afford some downtime and you've got different machines, you could plan a 'cold' migration:
- Stop the old DS instance
- Export to LDIF with NO REPLICA INFORMATION (this will also clean up a bit the DB!)
- Copy schema and indexes definition from source to target environment.
- Import from LDIF to the new DS topology
After that you'll have to tune the new environment, in terms of memory , entry cache, indexes, etc...
HTH,
Maco
Maybe you are looking for
-
Windows Formatted iPod Classic Migration to Mac
I have a Windows formatted iPod Classic, and Just got a macbook pro. How can i transfer all my music from the iPod Classic to the macbook?
-
I tried updating my iPod touch to the newest update. But my iPod was unable to complete the update. Now my iPod doesn't turn on completely. The apple logo appears but then the screen goes blank. I've tried charging it, letting it discharge, I've trie
-
on the instructions to install and run the SDM, its says unzip and then click the desktop icon (windows 2k pro) and follow the on screen instructions.............there are no on screen instructions. I unziped the download. There is a icon on my deskt
-
Java applet - save image to server...
My applet generates Image object which I then want to save it to that same server that the applet is running from. I'm planning to send the image to a .php file through $_POST parameter and then let the PHP deal with the filename, location...etc How
-
Order line invoiced even it has a fulfillment set value
Hello all, I am facing this issue with some SO....my order lines are getting invoiced even it has the fulfillment set value...let me explain with an example: I have SO with 3 lines, which have the same fulfillment_set value, lets say letter "A" is th