SUN/Oracle directory user entry DN rename (move)

Similar Messages

• Install Sun ONE Directory Server 5,2 & how to use it for authenticate user

  Good afternoon, Excuse, are newbie in the scope I am learning and putting desire to him, this in my situation I am trying to install Sun ONE Directory Server 5,2 since I understand that this it is application LDAP for Solaris, ok I want to install it to authenticate user against the system, that is to say, to be able to acces the server entering with a created user from the data base of LDAP and make think user that his created in the system. But the documentation that I finds indicates the installation of Sun ONE Directory Server 5,2 but it not clearly about how to use it for authentication. Some one have any manual step by step of Sun ONE Directory Server 5,2 installation and how to make it for authentication systems users.
  I read the forum seeking for anwser and i get confuse
  Thanks for the help and sorry for any inconvenient
  Message was edited by:
  Aku_28
  Message was edited by:
  Aku_28

  I think that I found the Sun endorsed book locations for using LDAP accounts that don't use authentication besides "crypt". I now can use an account with a "ssha" password. It can be more than 8 characters long.
  Chapter 14 System Administration Guide: Naming and Directory Services
  Read page 201 which is the pam.conf file pam_ldap setups. I edited my "/etc/pam.conf" file to reflect this
  Chapter 7 Directory Server 5.2 2005Q4 - Administration Guide
  Read page 316-318 which has a graphical technique to specify password syntax. I set it up and then tried the password by running "su - brahms". It now requires a longer password than 8 characters and it is set up to use "ssha" for that UID entry "brahms".

• Turn "Delete Resource Account" for Active Directory into rename/move/unlink

  My Windows sysad would like me to stop deleting Active Directory users; he's tired of cleaning up from dangling SIDs, and I don't particularly blame him. Instead, he would like the process of "deleting" an AD account to be more like:
  1. disable
  2. rename from cn=user to cn=user_999, where 999 is replaced with an incrementing number (jsmith_001, jsmith_002, etc.). (Or maybe he;d be Ok with jsmith_yyyymmddhhmmss...)
  3. move (probably in the same "rename" above) from ou=Employees to ou=4Delete.
  4. unlink account from user.
  We are assigning AD accounts through roles, and so the Delete Resource User (or Delete Resource Person?) task is invoked. Does anyone have a customized version of this task that differentiates between resource account types and handles the "disable/rename/move/unlink" AD account paradigm my sysad would like? -Les

  Hi,
  did you ever resolve this? If so, how did you work it out as we would like to do the same.
  Thanks.

• How to import your MS Active Directory users in an Oracle table

  Hello,
  I first tried to get a Heterogenous Connection to my MS Active Directory to get information on my Active Directory users.
  This doesn't work so I used an alternative solution:
  How to import your MS Active Directory users in an Oracle table
  - a Visual Basic script for export from Active Directory
  - a table in my database
  - a SQL*Loader Control-file
  - a command-file to start the SQL*Loader
  Now I can schedule the vsb-script and the command-file to get my information in an Oracle table. This works fine for me.
  Just to share my scripts:
  I made a Visual Basic script to make an export from my Active Directory to a CSV-file.
  'Export_ActiveDir_users.vbs                              26-10-2006
  'Script to export info from MS Active Directory to a CSV-file
  '     Accountname, employeeid, Name, Function, Department etc.
  '       Richard de Boer - Wetterskip Fryslan, the Nethterlands
  '     samaccountname          Logon Name / Account     
  '     employeeid          Employee ID
  '     name               name     
  '     displayname          Display Name / Full Name     
  '     sn               Last Name     
  '     description          Description / Function
  '     department          Department / Organisation     
  '     physicaldeliveryofficename Office Location     Wetterskip Fryslan
  '     streetaddress          Street Address          Harlingerstraatweg 113
  '     l               City / Location          Leeuwarden
  '     mail               E-mail adress     
  '     wwwhomepage          Web Page Address
  '     distinguishedName     Full unique name with cn, ou's, dc's
  'Global variables
      Dim oContainer
      Dim OutPutFile
      Dim FileSystem
  'Initialize global variables
      Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
      Set OutPutFile = FileSystem.CreateTextFile("ActiveDir_users.csv", True)
      Set oContainer=GetObject("LDAP://OU=WFgebruikers,DC=Wetterskip,DC=Fryslan,DC=Local")
  'Enumerate Container
      EnumerateUsers oContainer
  'Clean up
      OutPutFile.Close
      Set FileSystem = Nothing
      Set oContainer = Nothing
      WScript.Echo "Finished"
      WScript.Quit(0)
  Sub EnumerateUsers(oCont)
      Dim oUser
      For Each oUser In oCont
          Select Case LCase(oUser.Class)
                 Case "user"
                      If Not IsEmpty(oUser.distinguishedName) Then
                          OutPutFile.WriteLine _
                 oUser.samaccountname      & ";" & _
                 oUser.employeeid     & ";" & _
                 oUser.Get ("name")      & ";" & _
                 oUser.displayname      & ";" & _
                 oUser.sn           & ";" & _
                 oUser.description      & ";" & _
                 oUser.department      & ";" & _
                 oUser.physicaldeliveryofficename & ";" & _
                 oUser.streetaddress      & ";" & _
                 oUser.l           & ";" & _
                 oUser.mail           & ";" & _
                 oUser.wwwhomepage      & ";" & _
                 oUser.distinguishedName     & ";"
                      End If
                 Case "organizationalunit", "container"
                      EnumerateUsers oUser
          End Select
      Next
  End SubThis give's output like this:
  rdeboer;2988;Richard de Boer;Richard de Boer;de Boer;Database Administrator;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Richard de Boer,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;
  tbronkhorst;201;Tjitske Bronkhorst;Tjitske Bronkhorst;Bronkhorst;Configuratiebeheerder;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Tjitske Bronkhorst,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;I made a table in my Oracle database:
  CREATE TABLE     PG4WF.ACTD_USERS     
       samaccountname          VARCHAR2(64)
  ,     employeeid          VARCHAR2(16)
  ,     name               VARCHAR2(64)
  ,     displayname          VARCHAR2(64)
  ,     sn               VARCHAR2(64)
  ,     description          VARCHAR2(100)
  ,     department          VARCHAR2(64)
  ,     physicaldeliveryofficename     VARCHAR2(64)
  ,     streetaddress          VARCHAR2(128)
  ,     l               VARCHAR2(64)
  ,     mail               VARCHAR2(100)
  ,     wwwhomepage          VARCHAR2(128)
  ,     distinguishedName     VARCHAR2(256)
  )I made SQL*Loader Control-file:
  LOAD DATA
  INFILE           'ActiveDir_users.csv'
  BADFILE      'ActiveDir_users.bad'
  DISCARDFILE      'ActiveDir_users.dsc'
  TRUNCATE
  INTO TABLE PG4WF.ACTD_USERS
  FIELDS TERMINATED BY ';'
  (     samaccountname
  ,     employeeid
  ,     name
  ,     displayname
  ,     sn
  ,     description
  ,     department
  ,     physicaldeliveryofficename
  ,     streetaddress
  ,     l
  ,     mail
  ,     wwwhomepage
  ,     distinguishedName
  )I made a cmd-file to start SQL*Loader
  : Import the Active Directory users in Oracle by SQL*Loader
  D:\Oracle\ora92\bin\sqlldr userid=pg4wf/<password>@<database> control=sqlldr_ActiveDir_users.ctl log=sqlldr_ActiveDir_users.logI used this for a good list of active directory fields:
  http://www.kouti.com/tables/userattributes.htm
  Greetings,
  Richard de Boer

  I have a table with about 50,000 records in my Oracle database and there is a date column which shows the date that each record get inserted to the table, for example 04-Aug-13.
  Is there any way that I can find out what time each record has been inserted?
  For example: 04-Aug-13 4:20:00 PM. (For my existing records not future ones)
  First you need to clarify what you mean by 'the date that each record get inserted'.  A row is not permanent and visible to other sessions until it has been COMMITTED and that commit may happen seconds, minutes, hours or even days AFTER a user actually creates the row and puts a date in your 'date column'.
  Second - your date column, and ALL date columns, includes a time component. So just query your date column for the time.
  The only way that time value will be incorrect is if you did something silly like TRUNC(myDate) when you inserted the value. That would use a time component of 00:00:00 and destroy the actual time.

• Problem opening reports with a user in the Oracle Directory.

  I have already followed all the steps in the user's guide to run reports with a user in the Oracle Directory.
  I accessed the enterprise security manager and created the mandatory xml publisher roles, besides I created another role. I added user A to the new role I created.
  I accessed then the administrator tab in XML publisher. I went to roles and the role I created was there. When I tried to add a folder. I'm able to add the folder there. I click on apply and then when I enter in the security Settings again the folder is not there anymore.
  I get the following error in the log:
  [021207_103218621][][EXCEPTION] oracle.apps.xdo.servlet.resources.ResourceNotFoundException: /opt/oracle/infra2/j2ee/home/xmlpublisher
  /Admin/Security/security.xml
  When I access xml publisher with the user A, who belongs to the new role I'm working with, I'm not able to see any folder, nor anything else.
  Do you have any ideas about what could be going wrong?
  Thanks,
  Joaquin

  Can you replay how? I have been facing this problem for nearly 3 months without any solution. Please help me.
  Debarati

• Granting Write rights to an ORACLE directory entry

  Hi
  I got some problems with granting Write rights to an ORACLE directory entry on a 8.1.7.0.0 Database.
  When I try grant write rights:
  grant write on directory dump_dir to IDM;
  This results in ORACLE error ORA-22928: invalid privilege on directories
  There are no problems with read rights:
  Granting read works ok.
  The directory entry exists, typing:
  select * from dba_directories;
  gives...
  OWNER DIRECTORY_NAME
  ------------------------------ ------------------------------ DIRECTORY_PATH
  SYS DUMP_DIR
  /home/track/export
  v$version states that ORACLE 8.1.7.0.0 Production version is being used.
  Hope you can help, Thanks.
  Mikkel Andersen

  OK, figured it out. This was helpful: http://www.adp-gmbh.ch/ora/sql/create_directory.html

• Oracle Enterprise User, OVD and MS Active Directory (AD)

  Hi,
  I need to authenticate Oracle Users from MS Active Directory.
  If I create an Oracle Enterprise User, can I just use OVD or do I need also OID ?
  If the answer is YES, I just need OVD do I need just to install OVD or do I need any other installation from OIM in order for it to work?
  Thanks in advance for answering this post : )
  CMT

  Hi,
  I am not sure that you are correct.
  In the meantime, some one mentioned a white paper to read: "Directory Services Integration with Database Enterprise User Secuirty. In page 10 it mentions a scenario: EUS deployment using Active Directory and OVD
  (without OID).
  The cons mentioned are: Need to extend AD schema to include EUS meta-data (which I am not sure how its done).

• Oracle Directory Server Enterprise Edition/Sun DSEE  oim11g r2 connector

  Hi,
  is there any OOTB  oim 11g r2 connector available for Oracle Directory Server Enterprise Edition/Sun DSEE

  Yes. The standard LDAP OIM ICF connector fully support ODSEE.

• ORACLE SUN ACTIVE DIRECTORY

  Hello,
  I want to know:
  Does SW called Oracle Sun Active Directory or something similar like that exist?.
  If exist someone can give me the link to download it.
  Thanks in advance.
  Regards,
  Cesar Advincula

  yes it does exis, the name Oracle Sun Directory Services Enterprise Edition.
  Regads,
  Cesar Advincula

• How to get account expiry date for Oracle Directory Server?

  I need to get the account expiry date for Oracle Directory server. Which attribute stores this value? Please let me also know the attribute type and how to fetch it.
  Thanks,
  Subrat

  Hello,
  Yes you can use nsAccountLock directly (When nsAccountLock=true, the object is inactivated and the user cannot log in)
  This is documented in Modifying Directory Server’s NsAccountLockAttribute Directly (Sun Java System Directory Server Enterprise Edition 6.2 In…  (release number is old but it does not matter, Thats the first one Ive found)
  You can also use dsutil account-inactivate as described in dsutil - 11g Release 1 (11.1.1.7.0)
  Sylvain
  Please mark this response as correct or helpful when appropriate to make it easier for others to find it

• Synchronization between AD and Sun Java Directory Server

  I would like to build an environment as below, kindly let me know whether it is possible or not.
  My Enterprise Directory is Active Directory and i have Policy Server which directs the sso users to get authenticated with that server. I would like to synchronize the user data from Active Directory to Sun Java Directory Server (existing version is 5.2 Service Pack 4) including the passwords and i would like to know with which hashing algorithm these passwords are stored in the sun directory server. Because i want to synchronize the same attributes from sun java directory server to Oracle Internet Directory and is it possible to get my sso users to get authenticated at OID even?
  Kindly let me know whether this approach is feasible or not?
  Any suggestion to this approach is greatly appreciated...
  Thanks in advance...
  Regards,
  Kishore Repakula.

  i would like to know with which hashing algorithm these
  passwords are stored in the sun directory server.Like most other directory servers, SunDS offers a few choices here.
  The most secure is SSHA, which you'd probably want to use unless you have apps with dependencies on other hashes (e.g., CRYPT for backward compatibility with UNIX password field).
  I would like to synchronize the user data from Active Directory
  to Sun Java Directory Server (existing version is 5.2
  Service Pack 4) including the passwords...Sun has a "Identity Synchronization for Windows" product which might work for you.
  http://www.sun.com/software/products/directory_srvr_ee/identity_synch/
  Unfortunately, the big trick with AD passwords is that they are stored in a proprietary one-way hash, so you can't just sync them directly over to another directory. Likewise, you can't import password hashes from other sources into AD and expect them to work.

• Sun Java Directory server 6.3.1

  Hello,
  Anyone with knowledge to configure mail aliases in LDAP especially in Sun java directory server 6.x? I have already created the container ou=aliases
  The problem is i get the below error when I install LDAP client on a server:
  +Apr 23 18:32:00 Server1 sendmail[10032]: [ID 801593 mail.crit] n3NHW0HC010032: SYSERR(root): ldap_init/ldap_bind failed to localhost in map aliases.ldap: Can't connect to the LDAP server+
  I found that I dont have aliases not configured in LDAP, the mail host sits on a different server. Other than this my client works perfectly over SSL
  Thanks in advance
  sys

  Sys
  SOrry but this looks to me like you have serveral problems. Most of them are Sendmail related. Maybe it would be a better idea to ask in a sendmail forum instead of a Directory server forum. Since you have not posted any configs I can not more than speculate. Here are my guesses:
  Apr 29 11:58:21 server1 sendmail[3138]: [ID 801593 mail.info] n3TAwKaC003138: n3TAwKaD003138: return to sender: Host unknown (Name server: mailhost.xxxx.com: host not found)if mailhost.xxxx.com is an existing host then I guess you have a problem with DNS resolution. Are you able to resolve hosts other than those related to this case or infrastructure (eg. can you resolve www.google.com)? If not then you should have a look at /etc/resolv.conf. There shold be a series of nameserver lines followed by the IP-Addresses of the nameservers (Important: IPs . not names). Another source of error could be found in the "hosts:" line in /etc/nsswitch.conf (it ususally reads "hosts: files dns").
  Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.crit] n3TB4Muk003218: SYSERR(root): ldap_init/ldap_bind failed to localhost in map aliases.ldap: Can't connect to the LDAP serverNow this means your sendmail is trying to connect to an LDAP Directory on the same host to resolve aliases. If the port is correct you might find in the <instance_root>/logs/access file further details about what the sendmail server tried and why it failed. If there is no entry in the access log this would mean that there is no LDAP-Server listening on the port sendmail connects to. Fact is that somewhere you "told" sendmail to connect to the ldap server and it is failing to do so.
  Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.alert] n3TB4Muk003219: Losing ./qfn3TB4Muk003219: savemail panic
  Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.crit] n3TB4Muk003219: SYSERR(root): savemail: cannot save rejected email anywhereNow this errormessage is normal if alias resolution does not work. An errormessage would be generated which is sent by the user MAILER-DEAMON. In sendmail default config MAILER-DEAMON is an alias for postmaster which is again an alias for root. But if teher is no aliases there is no "account" MAILER-DEAMON. This errormessage will most likely disapear as soon as you resolved the alias issue.
  So much for the errormessages. Unfortunately you are not very specific on your environment. I try to guess what I have understood and try to formulate queries which might help you to find the problem.
  - There is a host A running solaris 10 and an Sun Directory Server 6.3.1
  -- On what port is the server listening and what information can you get at its current configuration with an anonymous bind (eg. ldapsearch without username or password)
  -- You have setup a suffix on this server and created an ou=aliases
  -- Have you inserted the standard aliases (such as MAILER-DEAMON or postmaster)?
  - There is a host B which is the mailhost.
  -- B i trying to connect to localhost (so host B not A) to get informations from an LDAP. Is LDAP running on localhost yes or no? You are not clear on this topic.
  -- what did you (or anyone else) do to get the server to obtain aliases from an LDAP (this is not standard config - You need to modify settings to do this)
  -- it is definitely a good idea to define a global bunch of settings in confLDAP_DEFAULT_SPEC (especially the options -d -P -b -h should be set in your case most likely)
  If these hints do not solve your problems I definitely recommend posting in an sendmail forum and read the sendmail documentation (eg. https://www.sendmail.org/doc/sendmail-current/cf/README). As far as I know LDAP in sendmail is pretty new in std sendmail and you have to expect that documentation on this topic is still poor.
  Regards
  Martin

• How to display active directory users through weblogic portal Application?

  Hi,
  Does anyone has faced this situation?
  I configured the activedirectory and able to see the users and group in the weblogic console at Security->Realms->Myrealm->users. when I run my portal application,I am able to see only the users that are configured in embedded weblogic LDAP ie, I can see only the users weblogic,portaladmin and yahooadmin that are of defaultauthenticator provider.I need to display the active directory users also in our portal.
  I have two doubts on this?
  1)Is it I need to write custom code to view the active directory users in our portal?
  2)Does I need to use any jars that supports active directory authenticator?
  I would appreciate if any one can reply on this with helpfull docs/information.
  We are using BEA 8.1 SP4.
  Windows 2000.
  Surendra

  Hi,
  I too have a similar kind of requirement, i use a jsp to do this activity, but i get an exception, i have shown the entire jsp code below,
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <%@ page import="java.util.Set" %>
  <%@ page import="javax.naming.Context" %>
  <%@ page import="weblogic.jndi.Environment" %>
  <%@ page import="weblogic.management.MBeanHome" %>
  <%@ page import="weblogic.management.configuration.DomainMBean" %>
  <%@ page import="weblogic.management.configuration.SecurityConfigurationMBean" %>
  <%@ page import="weblogic.management.security.RealmMBean" %>
  <%@ page import="weblogic.management.security.authentication.AuthenticationProviderMBean" %>
  <%@ page import="weblogic.management.security.authentication.UserPasswordEditorMBean" %>
  <%@ page import="weblogic.security.providers.authentication.LDAPAuthenticatorMBean" %>
  <%@ page import="weblogic.management.configuration.EmbeddedLDAPMBean" %>
  <%@ page import="weblogic.management.security.authentication.UserEditorMBean" %>
  <%@ page import="weblogic.management.security.authentication.UserReaderMBean" %>
  <%@ page import="weblogic.management.security.authentication.GroupReaderMBean" %>
  <%@ page import="weblogic.management.utils.ListerMBean" %>
  <%@ page import="javax.management.MBeanException" %>
  <%@ page import="javax.management.modelmbean.RequiredModelMBean" %>
  <%@ page import="examples.security.providers.authentication.manageable.*" %>
  <%@ page import="weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBean" %>
  <%@ page import="weblogic.management.utils.InvalidParameterException" %>
  <%@ page import="weblogic.management.utils.NotFoundException" %>
  <%@ page import="weblogic.security.SimpleCallbackHandler" %>
  <%@ page import="weblogic.servlet.security.ServletAuthentication"%>
  <%!
  private String makeErrorURL(HttpServletResponse response,
  String message)
  return response.encodeRedirectURL("welcome.jsp?errormsg=" + message);
  %>
  <html>
  <head>
  <title>Password Changed</title>
  </head>
  <body>
  <h1>Password Changed</h1>
  <%
  // Note that even though we are running as a privileged user,
  // response.getRemoteUser() still returns the user who authenticated.
  // weblogic.security.Security.getCurrentUser() will return the
  // run-as user.
  System.out.println("------------------------------------------------------------------");
  String username = request.getRemoteUser();
  System.out.println("User name -->"+username);
  // Get the arguments
  String currentpassword = request.getParameter("currentpassword");
  System.out.println("Current password -->"+currentpassword);
  String newpassword = request.getParameter("newpassword");
  System.out.println("New password -->"+newpassword);
  String confirmpassword = request.getParameter("confirmpassword");
  System.out.println("Confirm password -->"+confirmpassword);
  // Validate the arguments
  if (currentpassword == null || currentpassword.length() == 0 ||
  newpassword == null || newpassword.length() == 0 ||
  confirmpassword == null || confirmpassword.length() == 0) { 
  response.sendRedirect(makeErrorURL(response, "Password must not be null."));
  return;
  if (!newpassword.equals(confirmpassword)) {
  response.sendRedirect(makeErrorURL(response, "New passwords did not match."));
  return;
  if (username == null || username.length() == 0) {
  response.sendRedirect(makeErrorURL(response, "Username must not be null."));
  return;
  // First get the MBeanHome
  String url = request.getScheme() + "://" +
  request.getServerName() + ":" +
  request.getServerPort();
  System.out.println("URL -->"+url);
  Environment env = new Environment();
  env.setProviderUrl(url);
  Context ctx = env.getInitialContext();
  MBeanHome mbeanHome = (MBeanHome) ctx.lookup(MBeanHome.LOCAL_JNDI_NAME);
  System.out.println("MBean home obtained....");
  DomainMBean domain = mbeanHome.getActiveDomain();
  SecurityConfigurationMBean secConf = domain.getSecurityConfiguration();
  // Sar
  EmbeddedLDAPMBean eldapBean = domain.getEmbeddedLDAP();
  System.out.println("Embedded LDAP Bean obtained...."+eldapBean );
  RealmMBean realm = secConf.findDefaultRealm();
  System.out.println("RealmMBean obtained....");
  AuthenticationProviderMBean authenticators[] = realm.getAuthenticationProviders();
  System.out.println("AuthProvMBean obtained....");
  // Now get the UserPasswordEditorMBean
  // This code will work with any configuration that has a
  // UserPasswordEditorMBean.
  // The default authenticator implements these interfaces
  // but other providers could work as well.
  // We try each one looking for the provider that knows about
  // this user.
  boolean changed=false;
  UserPasswordEditorMBean passwordEditorMBean = null;
  System.out.println("UserPwdEdtMBean obtained....");
  //System.out.println("Creating MSAI....");
  //ManageableSampleAuthenticatorImpl msai =
  // new ManageableSampleAuthenticatorImpl(new RequiredModelMBean());
  //System.out.println("Done....");
  for (int i=0; i<authenticators.length; i++) {
  System.out.println("### Authenticator --->"+authenticators);
  if (authenticators[i] instanceof ActiveDirectoryAuthenticatorMBean)
  ActiveDirectoryAuthenticatorMBean adamb =
  (ActiveDirectoryAuthenticatorMBean)authenticators[i];
  System.out.println("### ActiveDirectoryAuthenticatorMBean .....");
  String listers = adamb.listUsers("*",0);
  while(adamb.haveCurrent(listers))
  System.out.println("### ActiveDirectoryAuthenticatorMBean user advancement.....");
  adamb.advance(listers);
  if (authenticators[i] instanceof UserPasswordEditorMBean) {
  passwordEditorMBean = (UserPasswordEditorMBean) authenticators[i];
  System.out.println("Auth match ...."+passwordEditorMBean);
  try {
  // Now we change the password
  // Sar comment
  System.out.println("Password changed....");
  //passwordEditorMBean.changeUserPassword(username,
  // currentpassword, newpassword);
  changed=true;
  // Sar Comment
  catch (InvalidParameterException e) {
  response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
  return;
  catch (NotFoundException e) {
  catch (Exception e) {
  response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
  return;
  // Sar code
  LDAPAuthenticatorMBean ldapBean = null;
  UserReaderMBean urMBean = null;
  UserEditorMBean ueMBean = null;
  GroupReaderMBean gMBean = null;
  //ListerMBean lBean = null;
  try
  if (authenticators[i] instanceof LDAPAuthenticatorMBean)
  ldapBean = (LDAPAuthenticatorMBean) authenticators[i];
  String userFilter = ldapBean.getAllUsersFilter();
  System.out.println("userFilter ="+userFilter);
  if (authenticators[i] instanceof UserEditorMBean)
  try
  System.out.println("UserEditorMBean...");
  ueMBean = (UserEditorMBean) authenticators[i];
  System.out.println("List users..."+ueMBean);
  boolean b = ueMBean.userExists("webuser");
  System.out.println("User Exists->>>"+b);
  String cursor = ueMBean.listUsers("webuser", 2);
  System.out.println("List User ----->"+cursor);
  catch(InvalidParameterException e)
  response.sendRedirect(makeErrorURL(response, "ERROR InvalidParameterException:" + e));
  catch(java.lang.reflect.UndeclaredThrowableException e)
  response.sendRedirect(makeErrorURL(response, "ERROR UndeclaredThrowableException :" + e));
  e.printStackTrace();
  catch(Exception e)
  response.sendRedirect(makeErrorURL(response, "ERROR LBean:" + e));
  catch(Exception ex)
  ex.printStackTrace();
  response.sendRedirect(makeErrorURL(response, "ERROR:" + ex));
  return;
  if (passwordEditorMBean == null) {
  response.sendRedirect(makeErrorURL(response, "Internal error: Can't get UserPasswordEditorMBean."));
  return;
  System.out.println("pwd changed ->"+changed);
  if (!changed) {
  // This happens when the current user is not known to any providers
  // that implement UserPasswordEditorMBean
  response.sendRedirect(makeErrorURL(response,
  "No password editors know about user " + username + "."));
  return;
  %>
  User <%= username %>'s password has been changed!
  <br>
  <br>
  </body>
  </html>
  Here is the console log
  User name -->webuser
  Current password -->i
  New password -->u
  Confirm password -->u
  URL -->http://localhost:7011
  MBean home obtained....
  Embedded LDAP Bean obtained....[Caching Stub]Proxy for mydomain:Name=mydomain,Type=EmbeddedLDAP
  RealmMBean obtained....
  AuthProvMBean obtained....
  UserPwdEdtMBean obtained....
  ### Authenticator --->Security:Name=myrealmDefaultAuthenticator
  Auth match ....Security:Name=myrealmDefaultAuthenticator
  Password changed....
  UserEditorMBean...
  List users...Security:Name=myrealmDefaultAuthenticator
  User Exists->>>true
  java.lang.reflect.UndeclaredThrowableException
  at $Proxy1.listUsers(Unknown Source)
  at jsp_servlet.__updatepassword._jspService(__updatepassword.java:411)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
  at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.jav
  a:1006)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:463)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
  ontext.java:6718)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:37
  64)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
  Caused by: javax.management.MBeanException
  at weblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:551)
  at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1560)
  at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1528)
  at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.j
  ava:988)
  at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:946)
  at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:365)
  ... 14 more
  ### Authenticator --->Security:Name=myrealmDefaultIdentityAsserter
  pwd changed ->true
  Can u pls let me know how to get all the entries from LDAP.
  Thanx
  Sar

• How to migrate Sun One directory server to a new physical server install

  need help
  We have to move our existing installation of sun on directory server 5.2 to a new physical server.
  We have a new physical server with a new host name. I am trying to find an easiest way to take a snapshot of our existing server and put it on a new installation
  So will installing sun one directory server , its shows me two choices either to create a new instance or copy configuration from a existing server
  What do i choose and which is the fastest route to replicate my old server
  Thanks a bunch in advance
  Sganb

  Hi,
  I'm glad you're still using the old, glorious Sun One Directory Server 5.2, because it brings me back a lot of memories... But are you seriously talking of the 'plain' version, with no patches/hot fixes on top? If that's the case, you're using of a software that has been developed in 2004 and released in Jan 2005! Just for you to be aware, in the last *8* (eight) years a considerable number (in the magnitude of 10^3) of bugs, security problems and performance issues has been identified and fixed...
  However, to provide a better answer to your question, it would be important to understand the 'big picture' in terms of scenario and requirements:
  1) Is this a critical 24x7 service for which you need to perform an on-line migration or you have a 'maintenance window' during which the service may be switched off?
  2) Is the old server member of replication environment? If yes, how many masters/slaves do you have already? Shall the new server be part of this topology? What role shall it have?
  3) Would it be possible to make the the old server able to communicate with the new server?
  4) How big is the database that you've got to migrate? Do you have any requirement in terms of caches?
  5) Do you take backups on a regularly basis and have in place working (*tested*) backup/restore procedures?
  6) Is the new server conserving or changing the O.S. and architecture? [SPARC->SPARC, x86->x86, SPARC->x86, Solaris -> ? , 32 .vs. 64-bit? ]
  7) What are the steps you did to 'install' the software on the new server?
  Thanks,
  Marco
  P.S.: I don't wanna sound 'scaring' with all these questions, neither this should be intended as an 'hidden advertising' for Oracle Professional/Consulting Services, but the only way to not put in jeopardy your data is being aware of the risks, having the control of what's going on and ... possibly have a 'B' plan ;-)
  P.S.S.: My last suggestion is to consider a migration to a later release AS SOON AS POSSIBLE; the latest is ODSEE 11.1.1.7, which is available here:
  http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html
  and seems to work pretty well ;-)

• Root is running Sun One Directory Proxy Question ?

  While i was installing the directory proxy server, i gave all root to own the files? Is Sun One Directory Proxy suppose to run as root or can i run as non-root user ?

  You can (and probably should) run as a non-root user, assuming you're running on a port above 1024.
  If you've already installed as root, and root owns all the files, the following should theoretically work:
  - Shut down DPS
  - Edit <dps-root>/etc/dpsDefaultConfiguration.ldif, and change the ids-proxy-con-userid attribute to the user ID you would like the server to run as
  - Modify the same entry in the directory server that holds your proxy's configuration information, like:
  ldapmodify -h config_dir_host -p config_dir_port -D "cn=directory manager" -w password
  dn: ids-proxy-con-config-name=<instanceName>,ou=system,ou=dar-config,o=NetscapeRoot
  changetype: modify
  replace: ids-proxy-con-userid
  ids-proxy-con-userid: <same value as you put in the LDIF file above>
  - Change the ownership of all the files in the DPS install directory
  - Change over to the user that you selected and try to start the DPS process