Suns LDAP Pool and Multithreading
I used Suns built in LDAP Pool for quite a while in a multithreaded environment. JDK 1.4.2_08, OpenLdap 2.1.19, Win32.
Suddenly I have some trouble with it. All pools connections become busy and if that state is reached none is getting free anymore, which locks up my program. I've set the pools logging level to "all" with which I was able to observe how more and more connections get busy until the max connections limit is reached.
I had had some trouble with the pool. The solution had been to close() each and every JNDI Resource I had requested (NamingEnumerations and Contexts). But now im clueless...
Anyone who can help with some hints? Are there any rules to observe when using the pool in a multithreaded environment?
Thanx,
Peter
Some more info:
1. The problem can be reproduced on Java 1.5 and 1.6 (I tried 1.5.0_12 and 1.6.0_01).
2. Method query() implemented using Netscape LDAP driver works correctly (number of established TCP connections does not exceed 30).
3. I use Sun LDAP Directory Server 5.2.
Marek
Similar Messages
-
IDsync 1.0 and DS5.2, deletion from AD not wrking in SUN LDAP
Good day all,
we were doing test on account creation account lock, so on and so forth, everything is working except the deletion from AD are not getting deleted in SUN LDAP.
Anyone has the answer for that.
Thank you in advanceWhat happens when you set "block internet access" to always? I have also had weird experiences with this feature.
For example, as I am typing this message, I have instructed the router to block all internet access on this computer (using parental controls), yet I am still able to visit this forum; although, other websites are blocked. I'll also try your rules and see what effect they have on my computer.
I also agree with you about the annoying "network device" issue that happens when the router isn't able to identify the devices' hostnames. There are also devices that appear in that list, which haven't seen in my DHCP table for awhile.
I don't work for Cisco. I'm just here to help. -
Urgent: Please help: Trusted recon - Sun LDAP - timeout
Hi Experts,
I am doing trusted reconciliation with sun ldap using oim 11.1.1.5 bp4.
LDAP system has around 3 lakh users. so i am planned to do trusted recon in 5 or 6 intervals to get around 50K records each time.
i tested for 1000 users - no timeout is happening and all users are created perfectly using trusted recon
when i run for 25K users, i am getting timeout excception below,
1. It is searching and listing the users, (please chck time)
recon.schedule.tasks.tcTskIPlanetUserReconciliation : countRecord() : Before search time: Tue Oct 09 13:24:41 KST 2012
recon.schedule.tasks.tcTskIPlanetUserReconciliation : countRecord() : TotalRecords from LDAP: 22882
recon.schedule.tasks.tcTskIPlanetUserReconciliation : countRecord() : After search time: Tue Oct 09 15:54:42 KST 2012
2. Timeout exception
recon.schedule.tasks.tcTskIPlanetUserReconciliation : pagingBatchingReconciliation() : The searchBase is: ou=XX,ou=XX,o=XX
pagingBatchingReconciliation() : Problem searching directory: javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; Remaining name: ou=XX,ou=XX,o=XX
In iPlanet User Truseted Recon I gave,
Abandoned connection timeout - 108000 (seconds)
Connection pooling supported - false
Connection wait timeout - 60 (seconds)
LDAP Connection TimeOut - 3000 (seconds)
Inactive connection timeout - 60 (seconds)
Above parameters are good for more than 25K users?
Please help me...
Thanks..They look good...
Try to use Connection pooling too if possible...
Abandoned connection timeout - 108000 (seconds)
Connection pooling supported - true
Connection wait timeout - 60 (seconds) --> Increase it to say 90 (seconds)
LDAP Connection TimeOut - 3000 (seconds) --->
Inactive connection timeout - 60 (seconds) --> Increase it to 600 (As the default value in the LDAP Server IT Resource Type Definition)
Alternatively You can rather break your chunks in 20000 records because you are able to fetch 22882 records successfully.... -
Is connection pooling and sharing available on Oracle 9i RDBMS ?
Hello,
I would like to connect from oracle to sql server through db link and ODBC (Heterogenous connectivity). But every session in oracle launch session in sql server. Is it possible to have connection pooling and sharing from Oracle RDBMS level ? I need one solution : when (for example) i run 100 sessions in Oracle i would like to see 10 sessions on sql server. I would like remain 90 sessions from oracle to be queued.
I would mention that i was using Heterogenous connectivity with multithreading agent (agtctl) without success.
appreciate any help :-)There are two concepts you could evaluate, but they are mainly used for connections to the database, not to sqlserver, but if you can make them work with heterogeneous connectivity this could help:
Connection Pooling. When many sessions are connecting to the same database, it could be that some of them remain idle. Oracle can detect them and timed them out letting another session to enter into the database, letting the idle session remain open without closing its session. This is configured by means of the shared server architecture.
Session Multiplexing. Session multiplexing allows the same bandwidth to be used by many sessions at the same time, this enables the server to use fewer network connection endpoints for incoming request. In order for you to configure session multiplexing you have to configure connection manager.
Ref. Oracle® Database Net Services Administrator's Guide
10g Release 2 (10.2)
Part Number B14212-02
~ Madrid
http://hrivera99.blogspot.com/ -
Connection pooling and auditing on an oracle database
Integration of a weblogic application with an oracle backend,
Connection pooling, and auditing ,2 conflicting requirements ?
Problem statement :
We are in the process of maintaining a legacy client server application where
the client is
written in PowerBuilder and the backend is using an Oracle database.
Almost all business logic is implemented in stored procedures on the database.
When working in client/server mode ,1 PowerBuilder User has a one-to-one relation
with
a connection(session) on the oracle database.
It is a requirement that the database administrator must see the real user connected
to the database
and NOT some kind of superuser, therefore in the PowerBuilder app each user connects
to the database
with his own username.(Each user is configured on the database via a seperate
powerbuilder security app).
For the PowerBuilder app all is fine and this app can maintain conversional state(setting
and
reading of global variables in oracle packages).
The management is pushing for web-based application where we will be using bea
weblogic appserver(J2EE based).
We have build an business app which is web-based and accessing the same oracle
backend app as
the PowerBuilder app is doing.
The first version of this web-based app is using a custom build connector(based
on JCA standard and
derived from a template provided by the weblogic integration installation).
This custom build connector is essentially a combination of a custom realm in
weblogic terms
and a degraded connection pool , where each web session(browser) has a one-to-one
relation
with the back end database.
The reason that this custom connector is combining the security functionality
and the pooling
functionality , is because each user must be authenticated against the oracle
database(security requirement)
and NOT against a LDAP server, and we are using a statefull backend(oracle packages)
which would make it
difficult to reuse connections.
A problem that surfaced while doing heavy loadtesting with the custom connector,
is that sometimes connections are closed and new ones made in the midst of a transaction.
If you imagine a scenario where a session bean creates a business entity ,and
the session bean
calls 1 entity bean for the header and 1 entity bean for the detail, then the
header and detail
must be created in the same transaction AND with the same connection(there is
a parent-child relationship
between header and detail enforced on the back end database via Primary and Foreing
Keys).
We have not yet found why weblogic is closing the connection!
A second problem that we are experincing with the custom connector, is the use
of CMP(container managed persistence)
within entity beans.
The J2EE developers state that the use of CMP decreases the develoment time and
thus also maintenance costs.
We have not yet found a way to integrate a custom connector with the CMP persistence
scheme !
In order to solve our loadtesting and CMP persistence problems i was asked to
come up with a solution
which should not use a custom connector,but use standard connection pools from
weblogic.
To resolve the authentication problem on weblogic i could make a custom realm
which connects to the
backend database with the username and password, and if the connection is ok ,
i could consider this
user as authenticated in weblogic.
That still leaves me with the problem of auditing and pooling.
If i were to use a standard connection pool,then all transaction made in the oracle
database
would be done by a pool user or super user, a solution which will be rejected
by our local security officer,
because you can not see which real user made a transaction in the database.
I could still use the connection pool and in the application , advise the application
developers
to set an oracle package variable with the real user, then on arrival of the request
in the database,
the logic could use this package variable to set the transaction user.
There are still problems with this approach :
- The administrator of the database can still not see who is connected , he will
only see the superuser connection.
- This scheme can not be used when you want to use CMP persistence , since it
is weblogic who will generate the code
to access the database.
I thought i had a solution when oracle provided us with a connection pool known
as OracleOCIConnectionPool
where there is a connection made by a superuser, but where sessions are multiplexed
over this physical pipe with the real user.
I can not seem to properly integrate this OCI connectionpool into weblogic.
When using this pool , and we are coming into a bean (session or entity bean)
weblogic is wrapping
this pool with it's own internal Datasource and giving me back a connection of
the superuser, but not one for the real user,
thus setting me with my back to the wall again.
I would appreciate if anyone had experienced the same problem to share a possible
solution with us
in order to satisfy all requirements(security,auditing,CMP).
Many Thanks
Blyau Gino
[email protected]Hi Blyau,
As Joe has already provided some technical advice,
I'll try to say something on engineering process level.
While migrating an application from one technology to
other, like client-server to n-tier in you case, customers and
stakeholders want to push into the new system as many old
requirements as possible. This approach is AKA "we must
have ALL of the features of the old system". Mostly it happens
because they don't know what they want. Ad little understanding
of abilities of the new technology, and you will get a requirement
like the one you have in you hands.
I think "DBA must see real user" is one of those. For this
type of requirements it can make sense to try to drop it,
or to understand its nature and suggest alternatives. In this
particular case it can be a system that logs user names,
login and logout times.
Blind copying of old features into an incompatible new architecture
may endanger the whole project and can result in its failure.
Hope this helps.
Regards,
Slava Imeshev
"Blyau Gino" <[email protected]> wrote in message
news:[email protected]...
>
Integration of a weblogic application with an oracle backend,
Connection pooling, and auditing ,2 conflicting requirements ?
Problem statement :
We are in the process of maintaining a legacy client server applicationwhere
the client is
written in PowerBuilder and the backend is using an Oracle database.
Almost all business logic is implemented in stored procedures on thedatabase.
When working in client/server mode ,1 PowerBuilder User has a one-to-onerelation
with
a connection(session) on the oracle database.
It is a requirement that the database administrator must see the real userconnected
to the database
and NOT some kind of superuser, therefore in the PowerBuilder app eachuser connects
to the database
with his own username.(Each user is configured on the database via aseperate
powerbuilder security app).
For the PowerBuilder app all is fine and this app can maintainconversional state(setting
and
reading of global variables in oracle packages).
The management is pushing for web-based application where we will be usingbea
weblogic appserver(J2EE based).
We have build an business app which is web-based and accessing the sameoracle
backend app as
the PowerBuilder app is doing.
The first version of this web-based app is using a custom buildconnector(based
on JCA standard and
derived from a template provided by the weblogic integrationinstallation).
This custom build connector is essentially a combination of a custom realmin
weblogic terms
and a degraded connection pool , where each web session(browser) has aone-to-one
relation
with the back end database.
The reason that this custom connector is combining the securityfunctionality
and the pooling
functionality , is because each user must be authenticated against theoracle
database(security requirement)
and NOT against a LDAP server, and we are using a statefull backend(oraclepackages)
which would make it
difficult to reuse connections.
A problem that surfaced while doing heavy loadtesting with the customconnector,
>
is that sometimes connections are closed and new ones made in the midst ofa transaction.
If you imagine a scenario where a session bean creates a business entity,and
the session bean
calls 1 entity bean for the header and 1 entity bean for the detail, thenthe
header and detail
must be created in the same transaction AND with the same connection(thereis
a parent-child relationship
between header and detail enforced on the back end database via Primaryand Foreing
Keys).
We have not yet found why weblogic is closing the connection!
A second problem that we are experincing with the custom connector, is theuse
of CMP(container managed persistence)
within entity beans.
The J2EE developers state that the use of CMP decreases the develomenttime and
thus also maintenance costs.
We have not yet found a way to integrate a custom connector with the CMPpersistence
scheme !
In order to solve our loadtesting and CMP persistence problems i was askedto
come up with a solution
which should not use a custom connector,but use standard connection poolsfrom
weblogic.
To resolve the authentication problem on weblogic i could make a customrealm
which connects to the
backend database with the username and password, and if the connection isok ,
i could consider this
user as authenticated in weblogic.
That still leaves me with the problem of auditing and pooling.
If i were to use a standard connection pool,then all transaction made inthe oracle
database
would be done by a pool user or super user, a solution which will berejected
by our local security officer,
because you can not see which real user made a transaction in thedatabase.
I could still use the connection pool and in the application , advise theapplication
developers
to set an oracle package variable with the real user, then on arrival ofthe request
in the database,
the logic could use this package variable to set the transaction user.
There are still problems with this approach :
- The administrator of the database can still not see who is connected ,he will
only see the superuser connection.
- This scheme can not be used when you want to use CMP persistence , sinceit
is weblogic who will generate the code
to access the database.
I thought i had a solution when oracle provided us with a connection poolknown
as OracleOCIConnectionPool
where there is a connection made by a superuser, but where sessions aremultiplexed
over this physical pipe with the real user.
I can not seem to properly integrate this OCI connectionpool intoweblogic.
When using this pool , and we are coming into a bean (session or entitybean)
weblogic is wrapping
this pool with it's own internal Datasource and giving me back aconnection of
the superuser, but not one for the real user,
thus setting me with my back to the wall again.
I would appreciate if anyone had experienced the same problem to share apossible
solution with us
in order to satisfy all requirements(security,auditing,CMP).
Many Thanks
Blyau Gino
[email protected] -
What's the difference between using a connection pool and a datasource
Howdy. I figure this is a newbie question, but I can't seem to find an
answer.
In the docs at bea, the datasource docs say
"DataSource objects provide a way for JDBC clients to obtain a DBMS
connection. A DataSource is an interface between the client program and the
connection pool. Each data source requires a separate DataSource object,
which may be implemented as a DataSource class that supports either
connection pooling or distributed transactions."
In there it says the datasource uses the connection pool, but other than
that, what is the difference between a connection pool and a datasource?Thanks for the info. I think it makes some sense. But it's a bit greek.
I'm sure it'll make more sense the more I work with it. Thanks.
"Chuck Nelson" <[email protected]> wrote in message
news:3dcac1f5$[email protected]..
>
Peter,
Here is a more formal definition of a DataSource from the Sun site
"A factory for connections to the physical data source that thisDataSource object
represents. An alternative to the DriverManager facility, a DataSourceobject
is the preferred means of getting a connection. An object that implementsthe
DataSource interface will typically be registered with a naming servicebased
on the JavaTM Naming and Directory (JNDI) API.
The DataSource interface is implemented by a driver vendor. There arethree types
of implementations:
Basic implementation -- produces a standard Connection object
Connection pooling implementation -- produces a Connection object thatwill automatically
participate in connection pooling. This implementation works with amiddle-tier
connection pooling manager.
Distributed transaction implementation -- produces a Connection objectthat may
be used for distributed transactions and almost always participates inconnection
pooling. This implementation works with a middle-tier transaction managerand
almost always with a connection pooling manager.
Does that help clarify the distinction?
Chuck Nelson
DRE
BEA Technical Support -
Problem with creating Connection pool and JNDI, driver is not detected
Hi,
I have an issue with creating Connection Pool and JNDI.
I'm using:
- JDK 1.6
- OS: Linux(ubuntu 8.10)
- Netbeans IDE 6.5.1
- Java EE 5.0
- Apache Tomcat 6.0.18 Its lib directory contains all necessary jar files for Oracle database driver
- Oracle 11g Enterprise
My problem is that the Oracle database driver is not detected when I want to create a pool (it works pretty well and is detected without any problem when I create ordinary connection by DriverManager)
Therefore after running:
InitialContext ic = new InitialContext();
Context context = (Context)ic.lookup("java:comp/env");
DataSource dataSource = (DataSource)context.lookup("jdbc/oracle11g");
Connection connection = dataSource.getConnection();and right after dataSource.getConnection() I have the following exception:
org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'oracle.jdbc.OracleDriver'
at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1136)
at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880)
at servlets.Servlet1.doPost(Servlet1.java:47)
at servlets.Servlet1.doGet(Servlet1.java:29)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.ClassNotFoundException: oracle.jdbc.OracleDriver
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at sun.misc.Launcher$ExtClassLoader.findClass(Launcher.java:229)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:169)
at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1130)
... 17 more
My application context file (context.xml) is:
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/WebApplication3">
<Resource auth="Container"
driverClassName="oracle.jdbc.OracleDriver"
maxActive="8"
maxIdle="4"
name="jdbc/oracle11g"
username="scott"
password="tiger"
type="javax.sql.DataSource"
url="jdbc:oracle:thin:@localhost:1521:database01" />
</Context>and my web.xml is:
<resource-ref>
<description>Oracle Datasource example</description>
<res-ref-name>jdbc/oracle11g</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
...I found similar threads in different forums including sun, such as
http://forums.sun.com/thread.jspa?threadID=567630&start=0&tstart=0
http://forums.sun.com/thread.jspa?threadID=639243&tstart=0
http://forums.sun.com/thread.jspa?threadID=5312178&tstart=0
, but no solution.
As many suggest, I also tried to put context directly in the server.xml (instead of my application context) and referencing it by <ResourceLink /> inside my application context but it didn't work and instead it gave me the following message:
org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC driver of class ' ' for connect URL 'null'
Has anyone succeeded in creating a connection pool with JNDI by using Tomcat 6 or higher ? If yes, could kindly explain about the applied method.
Regards,Hello again,
Finally I managed to run my application also with Tomcat 6.0.18. There was only two lines that had to be modified
in the context.xml file (the context of my application project and not server's)
Instead of writing
<Context antiJARLocking="true" path="/WebApplication2">
type="javax.sql.DataSource"
factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
</Context>we had to write:
<Context antiJARLocking="true" path="/WebApplication2">
type="oracle.jdbc.pool.OracleDataSource"
factory="oracle.jdbc.pool.OracleDataSourceFactory"
</Context>- No modification was needed to be done at server level (niether server.xml nor server context.xml)
- I just added the ojdbc6.jar in $CATALINA_HOME/lib (I didn't even need to add it in WEB-INF/lib of my project)
- The servlet used to do the test was the same that I presented in my precedent post.
For those who have encountered my problem and are interested in the format of the web.xml and context.xml
with Tomcat 6.0, you can find them below:
Oracle server: Oracle 11g Enterprise
Tomcat server version: 6.0.18
Oracle driver: ojdbc.jar
IDE: Netbeans 6.5.1
The context.xml file of the web application
<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="true" path="/WebApplication2">
<Resource name="jdbc/oracle11g"
type="oracle.jdbc.pool.OracleDataSource"
factory="oracle.jdbc.pool.OracleDataSourceFactory"
url="jdbc:oracle:thin:@localhost:1521:database01"
driverClassName="oracle.jdbc.OracleDriver"
userName="scott"
password="tiger"
auth="Container"
maxActive="100"
maxIdle="30"
maxWait="10000"
logAbandoned="true"
removeAbandoned="true"
removeAbandonedTimeout="60" />
</Context>The web.xml of my web application
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<resource-ref>
<description>Oracle Database 11g DataSource</description>
<res-type>oracle.jdbc.pool.OracleDataSource</res-type>
<res-auth>Container</res-auth>
<res-ref-name>jdbc/oracle11g</res-ref-name>
</resource-ref>
<servlet>
<servlet-name>Servlet1</servlet-name>
<servlet-class>servlets.Servlet1</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet1</servlet-name>
<url-pattern>/Servlet1</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>Ok, now I'm happy as the original problem is completely solved
Regards -
Hi Folks,
We have SUN Java Directory Server 5.2 / MS Windows 2003 server Active Directory. And we have successfully configured Synchronization for Windows. Both LDAP are hierarchical structure.....e.g ou=poeple,ou=unit,ou=dept,o=organization...etc
Now we have to move SUN Java Directory Server 5.2 to flat structure where all the user are under one container (Flat Structure). BUT our Active Directory is still hierarchical....My question is is there any way we can sync Flat LDAP to hierarchical Active Directory...???? or create dynamic sync list.....???
Any thought/suggestion.....ll much appreciate....
Kind Regards,Hi,
I tired once to create two SULs which share the same base DN on the Sun Directory Server side but each SUL remove the users from the other one as they don't exist in their base DN on AD side.
In our case, the synchronization flows from AD to Sun DS. And in the SUL the users from suborganisations of the AD base DN are synchronized into the Sun DS base DN like this:
samaccountname=foo1,ou=bar2,o=users,dc=myorg (AD) -> uid=foo1,ou=people,dc=myorg (DS)
samaccountname=foo2,ou=bar2,o=users,dc=myorg (AD) -> uid=foo2,ou=people,dc=myorg (DS)
So if you select the dc=myorg as base DN for the AD side you will have hierarchical to flat replication from AD to DS. And if you don't want to synchronize everybody, you can still put a filter in the SUL.
If you want to synchronize the other way (flat to hierarchical), I have no idea if it's possible.
Regards,
Vincent -
Sun LDAP to IDM synchronization issue
Hello friends, I am trying to synchronize all the new accounts created in sun LDAP to IDM. It runs every 10 minutes as configured but does not pick the new user from LDAP. Here is the brief configuration detail.
(1) I have switched on the "Retro Plugin" for LDAP and found the changes are getting logged. The sample entry of the change log looks like :-
dn: changenumber=665,cn=changelog
objectClass: top
objectClass: changelogentry
changeNumber: 665
targetDn: uid=zorouser7,ou=people,ou=appuser,dc=educ,dc=mde
changeTime: 20090518211551Z
changeType: modify
changes:: cmVwbGFjZTogb2JwYXNzd29yZGNoYW5nZWZsYWcKb2JwYXNzd29yZGNoYW5nZWZsYWc6IGZhbHNlCi0KcmVwbGFjZTogb2JwYXNzd29yZGNyZWF0aW9uZGF0ZQpvYnBhc3N3b3JkY3JlYXRpb25kYXRlOiAyMDA5LTA1LTE4VDIxOjE1OjUwWgotCnJlcGxhY2U6IG1vZGlmaWVyc05hbWUKbW9kaWZpZXJzTmFtZTogY249b2JsaXgKLQpyZXBsYWNlOiBtb2RpZnlUaW1lc3RhbXAKbW9kaW
Z5VGltZXN0YW1wOiAyMDA5MDUxODIxMTU1MFoKLQoA
creatorsname: cn=Retro Changelog Plugin,cn=plugins,cn=config
modifiersname: cn=Retro Changelog Plugin,cn=plugins,cn=config
createtimestamp: 20090518211551Z
modifytimestamp: 20090518211551Z
nsuniqueid: 081d2284-1dd211b2-80b380e1-7558dd15
parentid: 1
entryid: 666
entrydn: changenumber=665,cn=changelog
numsubordinates: 0
subschemasubentry: cn=schema
hassubordinates: FALSE
(2) Here is my synchronization policy for LDAP resource :-
o Object class to synchronize : inetorgperson mdeUser mdeAuthZ OblixPersonPwdPolicy OblixOrgPerson (Last four are custom object)
o Ldap Filter for account synchronize : objectClass=inetOrgPerson
o Attributes to synchronize : uid userPassword givenName sn cn mail telephoneNumber objectClass mdeApplicationId mdeRoleId
o change log block size : 100
o Change Number Attribute Name : 665
o Proxy Administrator : Configurator
o Input form : Tabbed : User Form
o Create Unmatched Accounts : yes
o Assign source resource on create events : yes
(3) The IDM log for synchronization shows the following detail for each polling :-
2009-05-18T17:20:00.069-0500: Pause completed
2009-05-18T17:20:00.131-0500: Polling
2009-05-18T17:20:00.209-0500: Start of poll - lastUpdated = {changenumber=266}
2009-05-18T17:20:00.209-0500: buildSearchParams:BEGIN
2009-05-18T17:20:00.209-0500: Block Size: 100
2009-05-18T17:20:00.209-0500: Change Number Attribute Name: 665
2009-05-18T17:20:00.209-0500: Searching for: (&(665>=267)(665<=366))
2009-05-18T17:20:00.209-0500: Search attributes: [targetdn, changetype, changes, changetime, changenumber, newrdn, deleteoldrdn, newsuperior]
2009-05-18T17:20:00.225-0500: buildSearchParams:END
2009-05-18T17:20:00.240-0500: End of poll - lastUpdated = {changenumber=266}
2009-05-18T17:20:00.240-0500: Poll complete.
2009-05-18T17:20:00.240-0500: SARunner: loop 1
2009-05-18T17:20:00.272-0500: Started, paused until Mon May 18 17:30:00 CDT 2009
Please help .....
- Kabi
Edited by: kpp on May 18, 2009 5:21 PMMaybe something like this. Keep in mind, your LDAP may have specific rules for what really constitutes a Create, Update, or Delete.
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Configuration PUBLIC 'waveset.dtd' 'waveset.dtd'>
<Configuration name='LDAP Active Sync Form' wstype='UserForm'>
<Extension>
<Form name='LDAP Active Sync Form' objectLocationID='objectType=UserForm&objectName=LDAP+Active+Sync+Form&objectPath=0&isBegin=true'>
<Field name='IAPI.cancel'>
<Expansion>
<s>true</s>
</Expansion>
<Disable>
<isnull>
<select>
<ref>activeSync.changedAttributes.accountType</ref>
<ref>activeSync.accountType</ref>
</select>
</isnull>
</Disable>
</Field>
<Field name='password.password'>
<Expansion>
<s>TestPassword1</s>
</Expansion>
</Field>
<Field name='waveset.accountId'>
<Expansion>
<ref>activeSync.accountId</ref>
</Expansion>
<Disable>
<neq>
<upcase>
<ref>feedOp</ref>
</upcase>
<upcase>
<s>create</s>
</upcase>
</neq>
</Disable>
</Field>
<Field name='waveset.resources'>
<Expansion>
<list>
<s>LDAP_RESOURCE_NAME</s>
</list>
</Expansion>
<Disable>
<neq>
<upcase>
<ref>feedOp</ref>
</upcase>
<upcase>
<s>create</s>
</upcase>
</neq>
</Disable>
</Field>
<Field name='waveset.organization'>
<Expansion>
<s>Top:Something</s>
</Expansion>
<Disable>
<neq>
<upcase>
<ref>feedOp</ref>
</upcase>
<upcase>
<s>create</s>
</upcase>
</neq>
</Disable>
</Field>
<Field name='accounts[Lighthouse].email'>
<Expansion>
<ref>activeSync.mail</ref>
</Expansion>
</Field>
<Field name='global.idmManager'>
<Expansion>
<ref>activeSync.supervisor</ref>
</Expansion>
<Disable>
<neq>
<upcase>
<ref>feedOp</ref>
</upcase>
<upcase>
<s>create</s>
</upcase>
</neq>
</Disable>
</Field>
<Field name='waveset.idmManager'>
<Expansion>
<ref>global.idmManager</ref>
</Expansion>
<Disable>
<neq>
<upcase>
<ref>feedOp</ref>
</upcase>
<upcase>
<s>create</s>
</upcase>
</neq>
</Disable>
</Field>
<Field name='viewOptions.Process'>
<Expansion>
<switch>
<upcase>
<ref>feedOp</ref>
</upcase>
<case>
<s>CREATE</s>
<s>Active Sync Create User Workflow</s>
</case>
<case>
<s>UPDATE</s>
<s>Active Sync Update User Workflow</s>
</case>
<case>
<s>DELETE</s>
<s>Active Sync Disable User Workflow</s>
</case>
<case default='true'>
<null/>
</case>
</switch>
</Expansion>
</Field>
</Form>
</Extension>
<MemberObjectGroups>
<ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
</Configuration> -
Hi everyone,
I cant integrate SUN LDAP with the WLM, I configured it as the manual says, I can authenticate the user, but when the user tries to checkout a task, I got the following exception:
[#|2006-10-17T11:12:11.459-0400|SEVERE|IS5.1.1|javax.enterprise.system.container.web|_ThreadID=33; ThreadName=http18001-Processor4;|StandardWrapperValve[action]: Servlet.service() for servlet action threw exception
com.stc.bpms.wlm.TaskException
at com.stc.bpms.wlm.TaskManager.reserveTask(TaskManager.java:668)
at com.stc.wlm.web.worklist.CheckoutAction.executeWLMAction(CheckoutAction.java:80)
at com.stc.wlm.web.worklist.WLMAction.execute(WLMAction.java:49)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:748)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
at sun.reflect.GeneratedMethodAccessor454.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:318)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:205)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:102)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:192)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at com.stc.wlm.web.worklist.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:89)
at sun.reflect.GeneratedMethodAccessor455.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:318)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:102)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:192)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:156)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:569)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:261)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:215)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:156)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:569)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:200)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:156)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:180)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:154)
at com.sun.enterprise.webservice.EjbWebServiceValve.invoke(EjbWebServiceValve.java:134)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:154)
at com.sun.enterprise.security.web.SingleSignOn.invoke(SingleSignOn.java:272)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:154)
at com.sun.enterprise.web.VirtualServerValve.invoke(VirtualServerValve.java:209)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:154)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:569)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:161)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:156)
at com.sun.enterprise.web.VirtualServerMappingValve.invoke(VirtualServerMappingValve.java:173)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:154)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:569)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:979)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:211)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:692)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:647)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:589)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:691)
at java.lang.Thread.run(Thread.java:595)
|#]
Any idea? The doc is not clear about the attributes Manager, Subordinate, and email, I set them to Manager=manager, Subordinate=(any valid attribute, I use "secretary") and email=mail.
thanks in advance,
Edgar.Hi TE,
These are the only lines that the LDAP log in the access.log:
[27/Oct/2006:11:49:15 -0400] conn=36493 op=63 msgId=64 - SRCH base="" scope=0 filter="(objectClass=*)" attrs=ALL
[27/Oct/2006:11:49:15 -0400] conn=36493 op=63 msgId=64 - RESULT err=0 tag=101 nentries=1 etime=0
[27/Oct/2006:11:49:15 -0400] conn=36493 op=64 msgId=65 - SRCH base="ou=people,o=qoslabs,dc=lab" scope=1 filter="(uid=csagan)" attrs="manager"
[27/Oct/2006:11:49:15 -0400] conn=36493 op=64 msgId=65 - RESULT err=0 tag=101 nentries=1 etime=0
Any idea?
Regards,
Edgar Maya -
On Threads, Pools and other beasts
I'm seeing some unexpected behaviours in our production system relating to
(AFAICS) threads and connection pools, and hope you could bring some info
about them.
Our system is built over 4 PIII Xeon processors under Linux.
We do currently have this configuration:
15 threads for the "default" queue and 10 for an special servlet one, we
decided to separate threads in two queues in order to assure our users get
always a thread besides what the rest of the system is "doing".
Even we do not have a lot of users (about 20 or so) they do generate a lot
of load as for the bussiness logic inherent to the application.
For sample, so you can understand what goes with practically any user
"action", think on this.
After a user "confirms" some data via a servlet and after executing the data
validation and bussines rules some messages are sent via JMS to the
"asynchronous" part of the system (that is running in the same weblogic
instance). After commiting the user transaction an thus releasing the
servlet thread, so it can be used by the same or other user, JMS messages
are delivered to MDBs that must transform information from on-line (servlet)
processes in different ways so they can be stored onto other systems, i.e.
into a mainframe, into an XML DB and possibly into another RDBMS. Our
configuration is that there can be as much as 10 MDB of each type (I mean
for each kind of "action" of a servlet) running concurrently and as you can
suppose those processes do take some time to communicate with destination
systems and perform their work.
We end at last with a lot of concurrent processes in our system that ends
some time with the users complaining about system responsiveness.
After all this explanation I would like to know if 25 threads for
"background" and on-line processes is too low (as I'm afraid they are). The
problem is we can't seem to increase the number of threads without being
very careful with JDBC connection pools.
Currently we have two connection pools. We do demarcate transactions in the
clients (servlets, batch processes) we have a "transacted" pool and a "non
transacted" one.
We are delegating persistence to the contanier (formally in our case we are
using TopLink persistence and it uses in it's deployment descriptor both
types of pools)
Our configuration is as follows:
Oracle pool NON Tx 60 connections
Oracle pool Tx 30 connections
initially we create 5 connections for each pool with an increment of 5 for
each one too.
From the tests I have made I have discovered that setting more threads than
the minimum amount of pools yields to this exception:
weblogic.common.ResourceException: No available connections in pool
myNonTxPool
at
weblogic.common.internal.ResourceAllocator.reserve(ResourceAllocator.java:57
8)
at
weblogic.common.internal.ResourceAllocator.reserve(ResourceAllocator.java:40
5)
at
weblogic.common.internal.ResourceAllocator.reserveNoWait(ResourceAllocator.j
ava:373)
at
weblogic.jdbc.common.internal.ConnectionPool.reserve(ConnectionPool.java:165
at
weblogic.jdbc.common.internal.ConnectionPool.reserveNoWait(ConnectionPool.ja
va:126)
at
weblogic.jdbc.common.internal.RmiDataSource.getPoolConnection(RmiDataSource.
java:194)
at
weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java
:219)
the behaviour I would expect is that in case a thread needs a connection and
there isn't any one available the thread may be blocked and it would receive
the connecion once one is released, of course as I can see in the stack the
ConnectionPool.reserveNoWait() method is behaving just the other way.
The main problem with this is that as you can see we are "forced" to spend
90 (60+30) connections to the DB (even we will never use more than 25
(15+10) simultaneously just because we must assure that at least there is
one "reserved" connection to each thread.
Our DBA thinks that it can't be possible that we spend such number of
connections that could be taken by another application(s) (as the DB is
shared with other apps)
Currently our DB system is not set as "multithreaded" so each connection
created against the DB is a process on the system and of course they are a
really scarce resource.
My question is. What would be a "fine" number of threads for an application
like this that is mainly "background-batch processing" but assuring on-line
users have their threads always available?
I have just another doubt (maybe this is not the right thread to ask for it
but...) how does the UserTransaction actually works? I mean, is the
connection given to the thread (and thus extracted from pool) as soon as the
thread begin it's work? or is it given in the instant of "commiting" to the
DB. I know maybe using TopLink changes default Weblogic CMP behaviour but I
would like to know what the "default" Weblogic behaviour is; and, what
happens when you don't start a transaction in the client and total execution
time exceeds 30 seconds? I have seen a rollback due to "exceeding" those 30
seconds althought I'm sure we do not open any transaction, what kind of
"transaction" is that? Is just a way of Weblogic to assure a thread is not
"locked" more than a certain period of time so the system never "stalls"?
Thanks in advance.
Regards.
Ignacio.Hi Ignacio,
See my answer inline.
"Ignacio G. Dupont" <[email protected]> wrote in message
news:[email protected]...
I'm seeing some unexpected behaviors in our production system relating to
(AFAICS) threads and connection pools, and hope you could bring some info
about them.
Our system is built over 4 PIII Xeon processors under Linux.
We do currently have this configuration:
15 threads for the "default" queue and 10 for an special servlet one, weThat numbers defines number of concurrent requests services
associated with that queues can handle. If monitoring CPU utilization
shows that CPU load is not high, let say less than 90%, - you can increase
that numbers.
decided to separate threads in two queues in order to assure our users get
always a thread besides what the rest of the system is "doing".
Even we do not have a lot of users (about 20 or so) they do generate a lot
of load as for the bussiness logic inherent to the application.>
For sample, so you can understand what goes with practically any user
"action", think on this.[eaten]
We end at last with a lot of concurrent processes in our system that ends
some time with the users complaining about system responsiveness.You will have to run a load test in your QA environment and play with queue
sizes. In addition, you may want to run a profiler (like JProbe or
OptimizeIt)
for maximum load to find if there are bottlenecks in the application.
After all this explanation I would like to know if 25 threads for
"background" and on-line processes is too low (as I'm afraid they are).The
It all depends of the usage pattern. I'd say that for a production
environment
with any noticeable load, it's low.
problem is we can't seem to increase the number of threads without being
very careful with JDBC connection pools.Yes, you will have to increase size of the pools to match maximum
number of ongoing transactions. Minimum would be a number of execution
threads. Actual number should be determined either by load testing or
by setting it to a guaranteed high level.
Currently we have two connection pools. We do demarcate transactions inthe
clients (servlets, batch processes) we have a "transacted" pool and a "non
transacted" one.
We are delegating persistence to the contanier (formally in our case weare
using TopLink persistence and it uses in it's deployment descriptor both
types of pools)
Our configuration is as follows:
Oracle pool NON Tx 60 connections
Oracle pool Tx 30 connections
initially we create 5 connections for each pool with an increment of 5 for
each one too.
From the tests I have made I have discovered that setting more threadsthan
the minimum amount of pools yields to this exception:That's quite natural.
weblogic.common.ResourceException: No available connections in pool
myNonTxPool[eaten]
the behaviour I would expect is that in case a thread needs a connectionand
there isn't any one available the thread may be blocked and it wouldreceive
That would lock exec threads very quickly. A connection pool is a vital
resource that is to be available constantly. So weblogic uses fail-fast
approach so that you can adjust setting to match highest load.
the connecion once one is released, of course as I can see in the stackthe
ConnectionPool.reserveNoWait() method is behaving just the other way.>
The main problem with this is that as you can see we are "forced" to spend
90 (60+30) connections to the DB (even we will never use more than 25
(15+10) simultaneously just because we must assure that at least there is
one "reserved" connection to each thread.That's right.
Our DBA thinks that it can't be possible that we spend such number of
connections that could be taken by another application(s) (as the DB is
shared with other apps)I don't think it's a correct observation. Oracle can be configured to handle
more connections. I saw weblogic pools configured to handle 200
connections.
Currently our DB system is not set as "multithreaded" so each connection
created against the DB is a process on the system and of course they are a
scarce resource.Application demand for resources should be satisfied.
My question is. What would be a "fine" number of threads for anapplication
like this that is mainly "background-batch processing" but assuringon-line
users have their threads always available?It should be high enough to satisfy requirement to handle given number
of concurrent requests processed on given hardware. Normally this
is determined by load testing and gradual increase of this number
to the point where you see that hardware (seen as CPU load)
cannot handle it. Buy the way this point sometimes is unreachable
as application becomes DB-bound, i.e. bottleneck is shifted to
the database.
I have just another doubt (maybe this is not the right thread to ask forit
but...) how does the UserTransaction actually works? I mean, is the
connection given to the thread (and thus extracted from pool) as soon asthe
thread begin it's work? or is it given in the instant of "committing" tothe
It's given when a connection, assuming it's obtained from TxDatasource,
is requested.
DB. I know maybe using TopLink changes default Weblogic CMP behavior but I
would like to know what the "default" Weblogic behavior is; and, what
happens when you don't start a transaction in the client and totalexecution
time exceeds 30 seconds? I have seen a rollback due to "exceeding" those30
seconds although I'm sure we do not open any transaction, what kind of
"transaction" is that? Is just a way of Weblogic to assure a thread is notFor instance, stateful session beans are transactional.
"locked" more than a certain period of time so the system never "stalls"?Basically, no, it's not. There is no way to "unlock" thread after certain
period.
So when a queue has finished processing, TX monitor checks the timeout,
and if there is one, issues a corresponding rollback. So, it's possible
for thread to run for 10 hours if the timeout is 30 seconds.
Since 7.0 weblogic is capable of detecting such situations so that
administrator can be informed about it and required actions can be
taken [on application side].
Hope this helps.
Regards,
Slava Imeshev -
Sun LDAP to SQL server provisiong
I am a new to Sun IDM.
I am planning to use Sun IDM for a simple provisioning requirement. We have all our external (yahoo, hotmail type) users in our sun LDAP and need to be synced (one way) to a sql server based on certain group type. So far from sun documentation I could figure out that I have to
(1) switch on retro change log of source LDAP.
(2) configure a active sync adapter.
However, I am not sure where to start. I just configured the source LDAP as a resource and did a (full reconciliation) from it. Here are my questions.
(1) should I configure the source LDAP user as "service Provider User " OR "Identity Manager User". Asking since, the users are outsider, not our employee.
(2) After the "Load from Resource" operation I see list of accounts pulled from the LDAP. However, I don't see any other attributes other than userId (account Id) in the "List Account" page. do I have to customize the ../accout/List.jsp page ?
(3) what are the next high level tasks to sync the changes to a sql server ?
Thanks!Thank You Roman, Looks like I need some more spoon feedings to overcome the initial learning curve.
I did what you suggested. Created two resources (Ldap & SQL Server). I could load the accounts from the LDAP resources. Now I wanted to do the followings:-
(A) Load users from Ldap to Sql server based on the filter say "userAssociation=Finance", where 'userAssociatation' is custom attributes in the LDAP for the user object.
(B) Continue the above said provisioning for all new users from Ldap.
I tried to Edit "Synchronization Policy" for SQLServer resource. My question is,
(1) Where in the "Edit synchronization policy" screen I can mention the rule "userAssociation=Finance" ?
(2) I have enabled the "Retro Changelog Plugin" for the LDAP. Do I have to mention this somewhere for this Ldap to SQLServer provisioning ?
Thanks!
Kabi -
I want to Integrate AIX an HPUX in an SUN Ldap Enviroment.
I ve got a SUN LDAP Directory Server 5.2 P4 on Windows2003 Enterprise Server.
My Question: How can I get the Schema LDIF files with the attributes an objektclasses in a LDIF Format to
include it to my LDAP Server. So that i can Integrate Users an logon to my AIX with authenticating by the Sun LDAP Server.
I need only the Schema files with Objectcalsses an Attributes!!!!!On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
- Brian -
Besides, can we install the LDAP server in sparc hosts as nameing system? Can we use Sun LDAP server or iPlanet Directory Server? or need BIND DNS server too?
There is a nice book from Michael Haines and Tom Bialaski: "Solaris and LDAP Naming Services" which contains all you need to configure Directory Server, LDAP, Naming Switch...
Ludovic. -
Hi im just wondering about how password are stored in sun ldap.
Now when I view a users password in the console it is encrypted, when i change the password it also gets encrypted which is fine.
Now my question is for example if I am querying or adding new entries in LDAP from a vb.net script can I
1) Compare a password entered by the user on my homepage to the encrypted password in ldap
2) If i had a new entry with password from a .net page does this automatically get encrypted ?
Thanks in advanceHi Jeremy,
here the answers to your questions:
>My question is which system takes precedence over the password policy?
Unfortunately there is no policy verification between the portal and your Sun One LDAP. So if you reset the password from the portal then only the portal password policies can be checked.
> If I wanted to do password resets from the Portal, does the portal then store only the password in its database?
No, the password will be stored in the LDAP, but only if it also corresponds with the LDAP policies. If not, then you will get an error, but you will not see the real LDAP exception.
> Also what would then happen if you tried to reset the password from the LDAP?
The password in the LDAP does not have to fit to the Portal password policies. When you log in, the portal will only check if the password you tipped in is the new one in LDAP and will not check any policies.
Hope this brings some light in,
Robert
Maybe you are looking for
-
I just bought a ipod touch 5 secondhand and the previous owner never restored the ipod, so now i cannot sign in or use any features without the previous owners apple id password, what should i do?
-
Tax calculation in material management procedure
Hai, i have assigned the tax calculation type TAXINN procedure. . Material pricing procedure RM1000. In this NAVS tax detutable condition type is there. I have also Maintained TAXINN calculation procedure, there i am having MWVS condition type for in
-
I have selected leave messages on web browser until i delete them but how do i read old ones again
I had a problem with Windows 7 and had to restore a system image taken on 01 Nov 2014. This means I have lost all emails received by Thunderbird since then. I had selected 'Leave messages on the server until I delete them' so how do I now read them a
-
I have about 50 computers some of which accepted the 9.3.3 update from Adobe. On all of those comuters when they click a pdf on the internet to download, it stops updating the status. Example Status will say Downloading (97.55 KB of 55.84 MB) : url
-
Replying does not show original message
After upgrading to Safari 4 (final release not beta), I started to notice that when replying an email the original message would not always show. I have selected all the correct settings in preferences. Does anyone have a suggestion?. As a side note,