Synchronization between AD and Sun Java Directory Server

Similar Messages

• User base Synchronization between SAP and MS Active Directory Server

  Dear all!
  I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
  i successfully implemented the synchronization of user data between SAP and the ADS.
  My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
  Currently I don't have a clue how to do this.
  Regards,
  Christoph

  Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
  The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
  Regards,
  Marc g

• Sun java directory server and Active Directory

  We are using two different directory servers Sun java directory server and active directory.
  My question is how we can have password synchronization between these two directory servers.
  I have checked Sun Java[TM] System Identity Synchronization for Windows 1 2004Q3
  http://www.sun.com/download/products.xml?id=41537425
  It seems that it's supported platforms is only for solaris and windows , but I have installed my Sun java directory server on linux and obviously it doesn't work for me.
  I would be grateful if anyone can suggest a solution to work around this situation.
  I have checked identity manager , I would like to know that if I can do this using this product.
  http://www.sun.com/software/products/identity_mgr/specs.jsp
  --regards.
  Sara

  Yes RHEL 4 is a supported OS with DSEE 6.0.
  Identity Synchronization for Windows is a part of DSEE that allows synchronization of users, passwords and groups between Sun Directory Server and Active Directory bi-directionally without altering the users environments, ie it does not require that users change their current habits.
  Identity Manager is a complete identity management solution that is targetting enterprise work flow when it comes to user provisioning and de-provisioning, but also allows to build authentication and password change forms that will provision the passwords to many different systems including Sun Directory Server and Active Directory but also IBM mainframes, legacy applications, databases...
  If you are implementing a complete identity management solution, then go with Identity Manager. If you need a lightweight and fast solution for just synchronizing users and passwords between Sun DS and MS AD, Identity Synchronization for Windows should be your choice.
  Regards,
  Ludovic.

• Sun java DIRECTORY SERVER 6.0 WITH SUN OPENSSO 8

  Hi all,
  I have install the sun java directory server 6.0.
  Now I have install the sun openssl ( I could had installed the sun java access manager but i wanna use the sun opensso 8 for SSO).
  when created the directory i.e. by using command from directory preparation tool, the directory server stop starting.
  It do not start and is asking me the error as follows,
  bash-3.00# /var/opt/SUNWdsee/dsins1/start-slapd
  [20/Feb/2009:14:44:30 +0500] - ERROR<4131> - Bootstrap config - conn=-1 op=-1 msgId=-1 - System error The entry cn=schema in file /var/opt/SUNWdsee/dsins1/config/schema/99user.ldif is invalid (error 20: Type or value exists) - attribute type sunIdentityServerDiscoEntries: Does not match the OID "1.3.6.1.4.1.42.2.27.9.1.821". Another attribute type is already using the name or OID..
  [20/Feb/2009:14:44:30 +0500] - ERROR<4129> - Bootstrap config - conn=-1 op=-1 msgId=-1 - Configuration error Please edit the configuration file to correct the reported problems and then restart the server. Server exiting.
  Server not running!! Failed to start ns-slapd process.
  Note: while preparing the directory (sun java directory preparation tool) I mentioned the schema 2 i.e. ACCESS MANAGER, because sun opensso 8 is the latest version for Sun java access manager ?
  Any help??????????????
  Regards
  Adeel

  Looks like the attribute sunIdentityServerDiscoEntries is defined twice in the schema. Run the following and see where it is defined for the second time.
  # cd /var/opt/SUNWdsee/dsins1/config/schema
  # grep -w sunIdentityServerDiscoEntries *.ldif | grep -iv objectclasses
  Edited by: etst123 on Mar 3, 2009 1:28 PM

• Sun Java Directory Server 5.2 x86 download

  I'm trying to find a copy of the x86 version of the Sun Java Directory Server compressed archive for Solaris.  I'm trying to build out a test system for some old software, and I only have a copy of the Sparc version of ldap.  I've tried using the current DSEE version available on the Oracle e-delivery cloud, but the software is too old to work with it...it needs the 5.2 version, specifically.  Is anyone aware of where I can find a copy?
  Thanks for any assistance.      

  Nope
  This is part of the Oracle Lifetime Support policy:
  http://www.oracle.com/us/support/lifetime-support/index.html
  'OLD' products can/may still be supported under *SPECIAL* support contracts. So if you're entitled to its support, you can access it. Otherwise, I'm afraid the answer is no.
  HTH,
  Marco

• Importing LTPA key in Sun Java Directory Server

  hi all,
  is it possible to import a LTPA token into Sun Java Directory Server?
  havent found any helpful docs on the net regarding the same.
  We want the users to get authentication from a Sun Directory when he login from a Domino HTTP server
  thanks
  Prasad

  Sun Directory Server is a generic purpose LDAP based directory server and can certainly contain any data, including LTPA tokens.
  Whether these tokens could be used for authentication using LDAP is another story (and the answer is probably no).
  Regards,
  Ludovic.

• Sun Java Directory Server Linux RHEL 5 Installation

  Hello,
  As Linux RHEL ES/AS 5 is not officially listed in the operating system requirements.
  Has somebody been succesful in the installation ?
  - With which Linux RHEL 5 update.
  - Are the package depencies the same (compat-C/C++ libraries)
  - Which Edition of Sun Java Directory Server (5.2Q6, 6.0, 6.3) and which packages (Native/ZIP)
  Tips would be useful as I have been successful in Linux RHEL 4 update 4 with Sun Java Directory Server 5.x
  in the past but customer requirements have changed and I did not find any Information and do not have testing Time.
  Thanks,
  Fab

  I just installed a consumer replica on CentOS (same thing as RHEL) 5.2 . It's working fine. Here's my kickstart file so that you can see what packages I installed:
  # Kickstart file automatically generated by anaconda.
  install
  cdrom
  lang en_US.UTF-8
  keyboard us
  xconfig --startxonboot
  network --device eth0 --bootproto dhcp
  rootpw --iscrypted <removed>
  firewall --disabled
  authconfig --enableshadow --enablemd5
  selinux --disabled
  timezone --utc America/Chicago
  bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
  # The following is the partition information you requested
  # Note that any partitions you deleted are not expressed
  # here so unless you clear all partitions first, this is
  # not guaranteed to work
  clearpart --linux
  part /boot --fstype ext3 --size=128 --asprimary
  part swap --size=1024 --asprimary
  part pv.100000 --size=100 --grow
  volgroup vgmain --pesize=32768 pv.100000
  logvol /var --fstype ext3 --name=varlv --vgname=vgmain --size=512
  logvol /var/log --fstype ext3 --name=varloglv --vgname=vgmain --size=512
  logvol /usr --fstype ext3 --name=usrlv --vgname=vgmain --size=3072
  logvol /usr/local --fstype ext3 --name=usrlocallv --vgname=vgmain --size=4096
  logvol / --fstype ext3 --name=rootlv --vgname=vgmain --size=512
  logvol /home --fstype ext3 --name=homelv --vgname=vgmain --size=1024
  logvol /tmp --fstype ext3 --name=tmplv --vgname=vgmain --size=512
  %packages
  @development-libs
  @editors
  @system-tools
  @text-internet
  @legacy-network-server
  @gnome-desktop
  @core
  @base
  @legacy-software-development
  @base-x
  @web-server
  @smb-server
  @server-cfg
  @admin-tools
  @development-tools
  @graphical-internet
  audit
  net-snmp-utils
  lynx
  kexec-tools
  device-mapper-multipath
  xorg-x11-server-Xnest
  xorg-x11-server-Xvfb
  system-config-boot
  imake
  -bluez-hcidump
  -bluez-gnome
  -slrn
  -gnome-user-docs
  -gnome-themes
  -gedit
  -gnome-power-manager
  -gnome-backgrounds
  -gok
  -gnome-audio
  -esc
  -gnome-user-share
  -gimp-print-utils
  -desktop-printing
  -file-roller
  -gnome-screensaver
  -gnome-pilot
  -krb5-workstation
  -ipsec-tools
  -sysreport
  -irda-utils
  -bluez-utils
  -synaptics
  -krb5-auth-dialog
  -linuxwacom
  -system-config-nfs
  -evolution
  -nspluginwrapper
  -gnome-themes
  -evolution-webcal
  -ekiga
  -evolution-connectorI installed DSEE 6.3 from the ZIP distribution.

• Sun Java Directory server 6.3.1

  Hello,
  Anyone with knowledge to configure mail aliases in LDAP especially in Sun java directory server 6.x? I have already created the container ou=aliases
  The problem is i get the below error when I install LDAP client on a server:
  +Apr 23 18:32:00 Server1 sendmail[10032]: [ID 801593 mail.crit] n3NHW0HC010032: SYSERR(root): ldap_init/ldap_bind failed to localhost in map aliases.ldap: Can't connect to the LDAP server+
  I found that I dont have aliases not configured in LDAP, the mail host sits on a different server. Other than this my client works perfectly over SSL
  Thanks in advance
  sys

  Sys
  SOrry but this looks to me like you have serveral problems. Most of them are Sendmail related. Maybe it would be a better idea to ask in a sendmail forum instead of a Directory server forum. Since you have not posted any configs I can not more than speculate. Here are my guesses:
  Apr 29 11:58:21 server1 sendmail[3138]: [ID 801593 mail.info] n3TAwKaC003138: n3TAwKaD003138: return to sender: Host unknown (Name server: mailhost.xxxx.com: host not found)if mailhost.xxxx.com is an existing host then I guess you have a problem with DNS resolution. Are you able to resolve hosts other than those related to this case or infrastructure (eg. can you resolve www.google.com)? If not then you should have a look at /etc/resolv.conf. There shold be a series of nameserver lines followed by the IP-Addresses of the nameservers (Important: IPs . not names). Another source of error could be found in the "hosts:" line in /etc/nsswitch.conf (it ususally reads "hosts: files dns").
  Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.crit] n3TB4Muk003218: SYSERR(root): ldap_init/ldap_bind failed to localhost in map aliases.ldap: Can't connect to the LDAP serverNow this means your sendmail is trying to connect to an LDAP Directory on the same host to resolve aliases. If the port is correct you might find in the <instance_root>/logs/access file further details about what the sendmail server tried and why it failed. If there is no entry in the access log this would mean that there is no LDAP-Server listening on the port sendmail connects to. Fact is that somewhere you "told" sendmail to connect to the ldap server and it is failing to do so.
  Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.alert] n3TB4Muk003219: Losing ./qfn3TB4Muk003219: savemail panic
  Apr 29 12:04:22 server1 sendmail[3219]: [ID 801593 mail.crit] n3TB4Muk003219: SYSERR(root): savemail: cannot save rejected email anywhereNow this errormessage is normal if alias resolution does not work. An errormessage would be generated which is sent by the user MAILER-DEAMON. In sendmail default config MAILER-DEAMON is an alias for postmaster which is again an alias for root. But if teher is no aliases there is no "account" MAILER-DEAMON. This errormessage will most likely disapear as soon as you resolved the alias issue.
  So much for the errormessages. Unfortunately you are not very specific on your environment. I try to guess what I have understood and try to formulate queries which might help you to find the problem.
  - There is a host A running solaris 10 and an Sun Directory Server 6.3.1
  -- On what port is the server listening and what information can you get at its current configuration with an anonymous bind (eg. ldapsearch without username or password)
  -- You have setup a suffix on this server and created an ou=aliases
  -- Have you inserted the standard aliases (such as MAILER-DEAMON or postmaster)?
  - There is a host B which is the mailhost.
  -- B i trying to connect to localhost (so host B not A) to get informations from an LDAP. Is LDAP running on localhost yes or no? You are not clear on this topic.
  -- what did you (or anyone else) do to get the server to obtain aliases from an LDAP (this is not standard config - You need to modify settings to do this)
  -- it is definitely a good idea to define a global bunch of settings in confLDAP_DEFAULT_SPEC (especially the options -d -P -b -h should be set in your case most likely)
  If these hints do not solve your problems I definitely recommend posting in an sendmail forum and read the sendmail documentation (eg. https://www.sendmail.org/doc/sendmail-current/cf/README). As far as I know LDAP in sendmail is pretty new in std sendmail and you have to expect that documentation on this topic is still poor.
  Regards
  Martin

• RSA Certificate Manager with Sun Java Directory Server

  Has anyone integrated Sun Java Directory Server with RSA Certificate Manager

  we have the Key Managment System in our DSEE 6.3 through a proxy. We had to enable some OIDs for it to work.

• Radius server for Sun Java directory Server?

  I want to know what products does offer Sun for provide a radius server using the Sun Java Directory Server..
  I have only seen Sun Access Manager, but it is a complex/expensive product for use only the radius server
  Regards

  Nope
  This is part of the Oracle Lifetime Support policy:
  http://www.oracle.com/us/support/lifetime-support/index.html
  'OLD' products can/may still be supported under *SPECIAL* support contracts. So if you're entitled to its support, you can access it. Otherwise, I'm afraid the answer is no.
  HTH,
  Marco

• Sun Java Directory Server 6.3 supports nCipher HSM?

  Hi,
  We want to do the replication in Master - Master configuration on SSL. Does anyone has an idea whether it is possible to store the SSL Certificate Keys used for replication in nCipher netHSM.
  If yes, can anyone provide us the URL on how can it be done or how to go about it?
  Thanks and Regards

  Hi,
  Thanks for the reply. The URL that you mentioned has "Sun Java System Web Server" integration with nCipher HSM.
  We have a requirement where we want to do replication between two "Sun Java Directory Servers" on SSL and the keys used are in HSM. We are not using Web Servers in our setup.
  If you have any info on integration with Directory Servers, it would be of great help.
  Thanks and Regards.

• Active Directory 2003 and Sun One Directory Server 5.2

  I just installed Sun One Directory Server 5.2 on a Linux machine. I want to configure LDAP on that machine so that it can be authenticated on Active Directory 2003. How do I go about doing this?

  Active Directory server is a "directory server" (and kerberos server.) If your linux client authenticates against Active Directory it doesn't have to involve the Sun Directory Server at all. You have several general approaches you could investigate:
  1. Linux client gets accounts and and authentication via LDAP from Active Directory
  If you use AD to handle unix LDAP authentication (opt 1) you may need to extend schema in AD to add the unix password field. I haven't tried it yet, but hope to.
  2. Linux client gets accounts from AD LDAP and authorization from AD Kerberos.
  There should be docs on support.microsoft.com on enabling kerberos support for non-Win clients.
  3. Linux client (with samba client installed, with winbind or pam_smb to support unix level services) gets accounts and authentication as a "Windows" client from Active directory "Windows server"
  Check the samba.org docn or forums- I think this is a pretty common solution.
  4. Linux client gets account information from Sun Directory server but uses kerberos (against active directory) for authentication.
  There should be docs on support.microsoft.com on enabling kerberos support for non-Win clients.
  5 Linux client gets account and authorization from Sun Directory server, which the sun Directory server configured to use Active Directory as a Kerberos server.
  Probably incredibly complex.

• Oracle 9.0.1 and Sun Java Application Server problem

  Hello
  I am gonna configure Oracle's (9.0.1) thin JDBC driver (only for JDK 1.3) on Sun Java Application Server 8
  I copied the class12.zip to domain1/lib/ext. I add the usr name and passwd in domain1/config/domain.xml.
  it looks like
  <jdbc-connection-pool connection-validation-method="auto-commit" datasource-classname="oracle.jdbc.pool.OracleDataSource" fail-all-connections="false" idle-timeout-in-seconds="300" is-connection-validation-required="false" is-isolation-level-guaranteed="false" max-pool-size="32" max-wait-time-in-millis="60000" name="OraclePool" pool-resize-quantity="2" res-type="javax.sql.DataSource" steady-pool-size="8">
  <property name="url" value="jdbc:oracle:thin:@localhost:1521:ora9i"/>
  <property name="Password" value="tiger"/>
  <property name="User" value="scott"/>
  It doesn't work though. Anybody know the problem?
  Thanks a lot

  You should use the oracle 9.0.3 ojdbc14.jar or a later version, not classes12.zip.
  The config looks like for me:
  <jdbc-connection-pool connection-validation-method="auto-commit" datasource-classname="oracle.jdbc.pool.OracleDataSource" fail-all-connections="false" idle-timeout-in-seconds="300" is-connection-validation-required="false" is-isolation-level-guaranteed="true" max-pool-size="32" max-wait-time-in-millis="60000" name="my-oracle-pool" pool-resize-quantity="2" res-type="javax.sql.DataSource" steady-pool-size="16">
  <property name="URL" value="jdbc:oracle:thin:@localhost:1521:mydb"/>
  <property name="user" value="user"/>
  <property name="password" value="mypass"/>
  </jdbc-connection-pool>
  You will also need to boot the server after adding the jar files to lib/ext

• Error in installing sun java directory server

  dear ,
  i am trying to install sun java directiry server from sun java enterprise server using command line ( ./installer ), but this error reported to me when i issue the installer command .
  # ./installer
  Error occurred during initialization of VM java/lang/NoClassDefFoundError: java/lang/Object
  Error occurred during initialization of VM
  java/lang/NoClassDefFoundError: java/lang/Object
  Thanks in Advance,
  Basem

  Sorry for the delay in response.
  It could be a patch issue. Have you read http://docs.sun.com/app/docs/doc/820-2210/gduwe?a=view
  Have you checked if the problem exists in Web Server 7.0 update 3 as well?
  Can you send more details like :
  isainfo -v
  file /home/sjws7.0/lib/libadminsecurity.so
  ldd /home/sjws7.0/lib/libadminsecurity.so

• Integrating Sun Java Directory Server with Sun Java Application Server 7

  Hi,
  My basic goal is to implement Single Sign On within the network i,e if the user is inside the company's network and tries to access any application, then he should not be required for Username/password again becuase he is in the network.
  My question is Is this possible with Sun Java System DIrectory server. If yes how can we integrate Directory Server with Sun Java System Application Server 7 2004Q2.
  Please help.
  Thanks

  Directory Server in itself doesn't provide any kind of SSO functions. Basically it is a high performing data repository accessible via LDAP and DSML. It is, however, a key component used by SSO applications like Access Manager. If your applications are web applications then take a look at Access Manager for your SSO needs.
  Regards,
  Scott