Synchronize the ldap server

I am using Microsoft active directory 2003 as LDAP server.While synchronize my domain the following error is coming
An exception caught while persisting Users.
2007-11-14 11:09:01,781 ERROR [com.adobe.idp.um.businesslogic.directoryservices.DirectorySynchronizationManagerBean] UserM:DIRSYNC: [Thread Hashcode: 2744714] transactReadUsers on: [PrincipalDomainEntity: pan_dir epoch:1 state:STARTED ] failed: com.adobe.idp.common.errors.exception.IDPSystemException: nullorigin: | [com.adobe.idp.um.provider.directoryservices.LDAPDirectoryPrincipalProviderImpl] errorCode:8193 errorCodeHEX:0x2001 message:retrieving record value chainedException:java.lang.NullPointerExceptionchainedExceptionMessage:null chainedException trace:java.lang.NullPointerException
please help me.

I have used the java ldap browser and i connect the microsoft active directory 2003.The connection was successful but the following error is came and not able to list the users from microsoft active directory 2003.
Root error: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece

Similar Messages

Why do I get error "The LDAP server is unavailable" while connecting to external domain via sync connection in SharePoint UPSA ?

Hello,
I am trying to connect to external domain via UPS Account having "Replicate Directory changes" permission on external domain while creating sync connection in UPSA.
I have checked below URLS :
http://social.technet.microsoft.com/Forums/en-US/1912bf88-8fec-4b5d-9d1e-a42db8318e33/ldap-server-is-unavailable-sharepoint-2010-user-synchronization?forum=sharepointadminprevious
http://social.technet.microsoft.com/Forums/en-US/6525d3aa-9197-42a2-aea0-190b84ac8356/the-ldap-server-is-unavailable?forum=sharepointadminprevious
And looks like its network connectivity issue - and hence I have verified that port 389 is open by infra team.
Note : I am able to connect to local AD , does it make sense that port is not open for external domain ?
Can anyone please let me know what can be the issue ?
Your help will be highly appreciated as I am struggling to fix this issue since quite long time but no luck yet.
Thank you in advance.
Kind regards,
Dipti Chhatrapati

Hi Dipti,
If you have Two-Way trust relationship then not sure if you have tried below:
Create a folder on the SharePoint server
Go to Folder properties - Security tab
Try adding user of the external domain on the folder
Please let us know if you are able to add the user or not. If you are able to add then it means that the connection and trust is proper and you should be able to create sync connection in UPA without any issues or else there is some issue with the connectivity
or the trust which is configured.
Please also make sure that you have given permissions to sync account as per below TechNet:
http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
Replicate Directory changes permissions are also required on cn=configuration container, below are the steps:
Grant Replicate Directory Changes permission on the cn=configuration container
Use this procedure to grant Replicate Directory Changes permission on the cn=configuration container to an account.
To grant Replicate Directory Changes permission on the cn=configuration container
On the domain controller, click Start, click Run, type adsiedit.msc, and then click OK.
If the Configuration node is not already present, do the following:
In the navigation pane, click ADSI Edit.
On the Action menu, click Connect to.
In the Connection Point area of the Connection Settings dialog box, click Select
a well know Naming Context, select Configuration from the drop-down list, and then click OK.
Expand the Configuration node, right-click the CN=Configuration... node, and then click Properties.
In the Properties dialog box, click the Security tab.
In the Group or user names section, click Add.
Type the name of the synchronization account, and then click OK.
In the Group or user names section, select the synchronization account.
In the Permissions section, select the Allow check box next to the Replicating
Directory Changes (Replicate Directory Changes on Windows Server 2003) permission, and then click OK.
Kind regards,
Bhavik K Jain
Please ensure that you mark a question as Answered once you receive a satisfactory response.

Why can't I get my Mac to like the LDAP server?

On Monday I started hammering away at getting the LDAP server setup on the Linux server with openldap. I was able to get a test Mac running Leopard to see the LDAP server and the accounts. The next battle was to get home directories to mount under /home. I was about to do that after finding a working ldif example using automaster and autohome. After that I was able to get the Public share automatically mounted on /Network/Public. Wonderful!
Tuesday I came in thinking that the next battle would be with Samba. Unfortunately, somewhere in powering off the Mac and rebooting it, I lost all the share mounting! It still sees the accounts, but it absolutely will not see the mounts. In trying to figure it out I have wiped the LDAP database and restarted it, I have wiped the test Mac twice, I have made sure the Mac is running the latest updates, and still nothing.
If I go into dscl this is now what I see:
ls Automount/
Record Name Unknown
Record Name Unknown
ls AutomountMap/
Record Name Unknown
Record Name Unknown
cat Mounts/10.110.1.1:\/share\/public/
dsAttrTypeNative:cn: 10.110.1.1:/share/public
dsAttrTypeNative:objectClass: mount top
AppleMetaNodeLocation: /LDAPv3/10.110.1.1
RecordName: 10.110.1.1:/share/public
RecordType: dsRecTypeStandard:Mounts
On the LDAP server, the records look like:
dn: automountMapName=auto_master,ou=mounts,dc=example,dc=com
automountMapName: auto_master
objectClass: top
objectClass: automountMap
dn: automountKey=/home,automountMapName=auto_master,ou=mounts,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: /home
automountInformation: auto_home
dn: automountMapName=auto_home,ou=mounts,dc=example,dc=com
automountMapName: auto_home
objectClass: top
objectClass: automountMap
dn: automountKey=*,automountMapName=auto_home,ou=mounts,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: *
automountInformation: 10.110.1.1:/home/&
dn: cn=10.110.1.1:/share/public,ou=mounts,dc=example,dc=com
mountDirectory: /Network/Public
objectClass: mount
objectClass: top
mountType: nfs
cn: 10.110.1.1:/share/public
It looks like for some reason it's either missing entries from the LDAP server, and/or it's ignoring some of the mapping and leaving them out. The Mounts entry is missing the VFSLinkDir which maps to mountDirectory. The Automount stuff is missing the RecordName which maps to automountKey and automountMapName.
What the heck happened? Why does the Mac refuse to see the LDAP server the way it did on Monday?

I am having something similar going on and can't sort out what it is doing:
ldiffs:
dn: automountMapName=auto_master,dc=example,dc=edu
objectClass: top
objectClass: automountMap
automountMapName: auto_master
dn: automountKey=/foo,automountMapName=auto_master,ou=Mounts,dc=soe,dc=ucsc,
dc=edu
objectClass: automount
automountKey: /foo
automountInformation: auto.foo,dc=example,dc=edu -rw,resvport,
hard,intr,nosuid,tcp
Second one:
dn: automountMapName=auto.foo,dc=example,dc=edu
objectClass: top
objectClass: automountMap
automountMapName: auto.foo
dn: automountKey=tstaff,automountMapName=auto.foo,dc=example,dc=edu
objectClass: top
objectClass: automount
automountInformation: fileserver:/export/foo/tstaff
automountKey: tstaff
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 name=tstaff[] map=auto.foo,dc=example,dc=edu opts=rw,resvport,hard,intr,nosuid,tcp path=/foo direct=0
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 getmapent_ds called
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 getmapent_ds: key=[ tstaff ]
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match called
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match: key =[ tstaff ]
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match: Searching for tstaff,automountMapName=auto.foo,dc=example,dc=edu
9/25/09 11:45:25 AM automountd[1101] ds_search failed
exiting ...
It seems like it can't find the trigger point tstaff. It is looking for:
ds_match: Searching for tstaff,automountMapName=auto.foo,dc=example,dc=edu
which isn't what the DN is in ldap:
Distinguished Name: automountKey=tstaff,automountMapName=auto.foo,dc=example,dc=edu
any thoughts?
regards,
Derek

The LDAP server is unavailable after installing KB2868725

After installing the KB2868725 Windows Update, a strange LDAPs connection problem occur.
Context : we have a C# web site (.NET 4.0) that perform an LDAPs Bind operation over LDAPs. The web server is not on the same domain (bind operations are perform again multiple LDAPs Server), and the code work like a charm more than a year.
So after installing the KB2868725 Windows Update we get a “System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.” exception from the same application. When we uninstall the update, the error stop.
The problem is present ONLY over a SECURE connection.
We have multiple web server in production and every server where the KB2868725 Windows Update is not installed are working perfectly.
We build a test application with this simple code, work fine on “non-KB2868725 updated server”:
void BindLDAP()
LdapDirectoryIdentifier ldi = new LdapDirectoryIdentifier("example.com", 636, true, false);
LdapConnection ldapCnn = new LdapConnection(ldi, new NetworkCredential("myUsername", "myPassword"), AuthType.Basic);
ldapCnn.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(Validate);
ldapCnn.Bind();
private static bool Validate(LdapConnection connection, X509Certificate certificate) { return true; }
Stack trace:
System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
at System.DirectoryServices.Protocols.LdapConnection.Connect()
at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
Server: Windows Server 2008 R2 Standard, Service Pack 1 (64-bit)
We tried to change every connections settings, change .NET version (2.0, 3.5 and 4.0), build the test application directly on the server and nothing work.
If we use others LDAP tool (like http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx) the problem also occur : “The server is not operational.”
Moreover, if we installed these updates the problem also occur: KB2574819, KB2830477, KB2871997, KB2592687.
We can’t install any Windows Updates, that’s a problem. We would like to find a solution, please help us ;-)

Hi,
The server is configure to get the Windows Update from a WSUS server. Those updates are downloaded from Microsoft.
I follow these steps:
1. Uninstall Windows Update : KB2574819, KB2830477 (KB2857650) and KB2913751;
2. Perform a LDAP connection test : work perfectly;
3. Install Update KB2574819;
4. Perform a LDAP connection test : not working (The LDAP server is unavailable.);
5. Install Update KB2830477 (KB2857650 is include in KB2830477 update);
6. Perform a LDAP connection test : not working (The LDAP server is unavailable.);
7. Install Update KB2913751;
8. Perform a LDAP connection test : not working (The LDAP server is unavailable.);
The problem here is we can’t install KB2574819, KB2830477 (KB2857650) and KB2913751 on our productions servers because of the connections problems (install process work fine, is the effects of these Windows Updates).
Philippe Bernier

No trusted certificate found (91);Cannot connect to the LDAP server

HI All,
I am trying to connect to LDAP server with the following code.
JSSESocketFactory fact = null;
private LDAPConnection conn = null;
String keystore = "C:\\j2sdk1.4.2_15\\jre\\lib\\security\\cacerts";
System.setProperty("javax.net.ssl.trustStore",keystore);
fact = new JSSESocketFactory(null);
conn = new LDAPConnection(fact);
int ldapVersion = 3;//LDAPConnection.LDAP_V3; //defualt values of LDAP settings
private int ldapPort = 636;
LDAPAttributeSet ldapAtrbSet;
String ldapHost;
String loginDN;
String loginDN_Password;
And it is gicving me error :
Error: netscape.ldap.LDAPException: SSL connection to 192.168.10.8:636, sun.security.validator.ValidatorException: No trusted certificate found (91); Cannot connect to the LDAP server
netscape.ldap.LDAPException: SSL connection to 192.168.10.8:636, sun.security.validator.ValidatorException: No trusted certificate found (91); Cannot connect to the LDAP server
     at netscape.ldap.factory.JSSESocketFactory.makeSocket(JSSESocketFactory.java:105)
     at netscape.ldap.LDAPConnSetupMgr.connectServer(LDAPConnSetupMgr.java:418)
     at netscape.ldap.LDAPConnSetupMgr.openSerial(LDAPConnSetupMgr.java:350)
     at netscape.ldap.LDAPConnSetupMgr.connect(LDAPConnSetupMgr.java:244)
     at netscape.ldap.LDAPConnSetupMgr.openConnection(LDAPConnSetupMgr.java:170)
     at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:1042)
     at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:924)
     at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:768)
     at com.reflexis.LDAP.LdapTestSSL.createConnection(LdapTestSSL.java:522)
     at com.reflexis.LDAP.LdapTestSSL.checkLdap(LdapTestSSL.java:118)
     at com.reflexis.LDAP.LdapTestSSL.main(LdapTestSSL.java:52)
Unable to connect to LDAP server
I have imported atr certificate also by using command:
"keytool -import -alias jag -file c:\x225.cer -keystore c:\j
2sdk1.4.2_15\jre\lib\security\cacerts"
I am running my java code from eclipse. And do i have to set any thing in eclipse for certificate. I Have imported certificate from command prompt.
Can any one please help me.It is very important for me.
Please its very urgent.
THanks,
Ankush Patni

As previously said network is a possible cause.Other things could be time on filer is too far off time on DC.AD object for filer has been deleted or change by a Windows admin.If all users are experiencing a problem, you may need to rebind it to AD - run CIFS setup at command prompt

Error : Cannot connect to the LDAP server

I have exported a file called "test1.ldif"
and then import in a new Oracle ldap server using the command:
ldapadd -p 389 -D cn="directory manager" -w <password> -f test1.ldif
But there is error "Cannot connect to the LDAP server".
Actually, I'm migrating the ldap data from 1 machine to another, please advise. Thanks

Check your ldap port, by default it is 4032...
--Bill

How to make sure a client will reboot if the LDAP server SLAPD isn't runnin

What do I need to do to a Solaris 8 client to make sure that if SLAPD is down and something happened and the server rebooted, that it would come up even though the LDAP server slapd isn't running?
thanks,
Gary

You need to be able to see that Find My Mac is turned off. That is all you need to ensure.

Where is the LDAP server in Suns Webserver?

Attempting to run Sun's j2ee tutorial on Windows XP, specifically:
C:\Sun\j2eetutorial14\doc\index.html
Chapter 33: The Java Message Service API
A Simple Example of Synchronous Message Receives
I was under the impression that the JMS info entered in the Application Server Admin Console was going into an LDAP repository; presumably part of the Application Server. Specifically the stuff under the JMS tab eg., JMS connection Factories. However there is no server listening on port 389 where I expect an LDAP server. When I try to run the example it complains:
C:\Sun\j2eetutorial14\examples\jms\simple>appclient -client SimpleProducer.jar jms/Topic topic 3
Destination name is jms/Topic, type is topic
Could not create get Environmentjavax.naming.NameNotFoundException: jms not found
Which figures if it can't find the LDAP server.
So my question is: what the heck is going on?
Adam.

Ali,
As applmgr user, source the application env file and issue "echo $IAS_ORACLE_HOME", this should point to the directory where Apache files are installed (for example, apache executable file under bin directory).
Script to find Apache, Java, Jinitiator, Forms version and JVM details for Oracle E-Business Suite 11i [ID 466890.1]
Script to find Apache, Java, JRE, Forms version for Oracle E-Business Suite R12 [ID 468311.1]
Oracle Applications Concepts -- 11i/R12
http://www.oracle.com/technetwork/documentation/applications-167706.html
Thanks,
Hussein

An error occurred while contacting the LDAP server.

An error occurred while contacting the LDAP server.
(No such object)
The server could not locate the entry. If adding a new entry, be sure that the parent of the entry you are trying to add exists. If you received this error while searching or viewing an entry, it indicates that the entry which was being searched for does not exist.

I did the silly thing, i gave Base DN as o=domainname.com,which is supposed to give like dc=domainname, dc=com and restarted the server. LDAP works fine.

Error while connecting to the LDAP server

In LDAP Server, i have configured OU with the following characteres.
OU=AdministraciÃÆÃÂ³n.
Now when i try to connect LDAP server from my application, am getting the following exception.
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0]
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
     at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
     at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
     at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
     at javax.naming.InitialContext.init(InitialContext.java:223)
     at javax.naming.InitialContext.<init>(InitialContext.java:197)
     at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
When i search for this, i got the this [link |http://esupport.trendmicro.com/solution/en-us/1037285.aspx/] saying some Accent characters are not converted correctly into 8-bit Unicode Transformation Format (UTF-8).
Here i have used URLEncoder.encode(mySearchbase, "UTF-8"); to encode the special characters into UTC-8.
I would like to know whether its a known issue with accent characters or anything else i missed here to handle those characters.
Thanks,
-Konanki

Well, if you're passing an array of bytes to that LDAP access code, then that isn't the right way to encode a String to an array of bytes in UTF-8 encoding. And anyway it's been a long time since I wrote LDAP access code, but I don't recall having to pass arrays of bytes to any of those JNDI classes, so that idea is probably wrong in any case.
I would suggest, if that page you linked to is actually relevant, that you just install the hot-fix it refers to. On the other hand if it doesn't actually apply to your situation, then you should just ignore it.
My guess is that UTF-8 or not, your OU value on the server is in fact not "Administración" -- that's based on the number of mis-encoded characters I see there. So perhaps what you are passing to the JNDI classes does in fact not match the server's value and it isn't an encoding issue at all.

Can't connect to the LDAP server

I have two PCs on my network. Both have the Softerra LDAP Browser program. One can connect to the OpenLDAP.com LDAP server without issue, but my other computer gets a "can't connect.." error.
The box that can connect is my own personal machine, and the box that won't connect is a notebook given to me by my work. Are there any specific settings that could be changed to prevent LDAP access?
Thanks,
r

This sounds like a problem with the networking configuration of the notebook. It's certainly not a JNDI problem.

Help needed to figure out URL and username for the LDAP server

Given that LDAP directory parameters as follows, how can i identify the exact parameters to be used in my LDAP service access Java code. Im using JNDI to access a LDAP server given by an Ip address (say, 10.1.1.20) and the port number (say, 389)
Given: -D "cn=mycn,ou=mystaff,o=myorg,dc=test,dc=my,dc=org" -w secret
Heres my sample Java code
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "<URL>");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "<PRINCIPAL>");
env.put(Context.SECURITY_CREDENTIALS, "secret");
ctx = new InitialDirContext(env);
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
results = ctx.search("ou=mystaff,o=myorg", null);Could any one please help me to recognize what will be the values to be comes to URL, and PRINCIPAL , so that i can search all the objects inside "ou"
Note: Actually i tried several times, bt i was getting "Invalid Credentials" exception.. i doubt that is because the URL or the user name i gave was not syntactically correct. Thats y i need to verify with you all.
Thanks in advance
Saj

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "<URL>");env.put(Context.PROVIDER_URL, "ldap://10.1.1.20:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "<PRINCIPAL>");env.put(Context.SECURITY_PRINCIPAL, "cn=mycn,ou=mystaff,o=myorg,dc=test,dc=my,dc=org");
env.put(Context.SECURITY_CREDENTIALS, "secret");
ctx = new InitialDirContext(env);
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
results = ctx.search("ou=mystaff,o=myorg", null);

Why the LDAP server does not accept any connection upon the installation of iPlanet Application Server Enterprise Edition 6.0 Test Drive Phase II

"I am carrying my tests under W2000 with all the default installation options. I've checked the user ID (admin), password and port are correct. However, I was not able to start the Netscape Console and also, the kregedit exited with messages:
Could not connect to LDAP server on cr7260et017 port 389 as user cn=Directory Manager: Can't contact LDAP server
GXBindInit: GXBindBasic failed
GXContextInit: GXBindInit failed 2
[18/Jan/2002 13:56:48:3] error: ENGINE-context_init_failed: EngineClassSpace ContextModule.createContextInit failed:
error: could not get context
*** Errors in initialization from registry ***
Errors in initialization, exiting ..."
(previously submitted to Portal Services/Wireless)

Hi,
I'm not sure if there are known issues with iAS test drive and Windows 2000 howevere I would like to help you in cracking the error.
The GXBIND error appears only when the iAS is not able to communicate with the directory server. In our case, let us proceed by the following...
1. Check if the directory server is running. Verify this by checking the services and look for an entry for directory server and it must look something like
"Netscape Directory Server 4.1 (machine name)" and the status is started.
2. Next, if you are not able to start the console of directory server, then you must check if the directory administrative server is running. This is also verified with the services and look for the entry...
"Netscape Administration Server 4.2" and the status is started.
3. Next, if both of the above are running, then you need to login to directory server console by using cn=Directory Server and issuing the password. If you are able to login successfully then, iAS will work, if not, then rectify the problem with directory server and I'm sure iAS will work.
4. If you have forgotten the password for cn=Directory Manager, then there is a work around for fixing the password in directory server and iAS.
Please let the outcome once you have done this.
Regards
Raj

Escalation in BPM11g using "organization" and not the ldap server

Hi,
I want to implement the escalation of a task from user1 to user2.
How can i achieve this by management approval process instead of using the ldap (i.e. defining the manager and other higher approver titles and assigning the users to these titles in ldap).
What i know is we can create a logical hierarchy using Organizational Units.
I guessed that I can provide a OU hierarchy and use it for the Management Task.

OK!!
Do one thing...
1) Firstly write a EJB Class and by using EJB adapter fetch all the groups and the users using EJB service call ....
Consider,
Group A Has 2, 3 Users with a manger
Group B Has 4, 5 Users with a Director
Group C Has 4, 5 Users with a CEO
and etc....
2) Send the mails to all the Users and the Manager/Director / CEO of that group respectively if a specific task is not completed by any of the users then escalate to his supervisor/Reporting-manager
Hope iam on the same page!!
Regards,
Pavan

Error=49 from the LDAP server for GSSAPI Kerberos authentication

I am trying to find solution for ldapsearch failure with GSSAPI Kerberos authentication . I am running Sun Directory Server 5.2 P4 on a Solaris-9 sparc machine..
Steps :
bash-2.05# kinit tester1
Password for [email protected]:
bash-2.05#
When I do ldapsearch , I am getting following logs on the server :
tail -f /var/Sun/mps/slapd-bf1r-dsun-1/logs/access
[22/Feb/2007:01:44:16 -0700] conn=32 op=-1 msgId=-1 - fd=26 slot=26 LDAP connection from 10.7.30.185 to 10.7.30.16
[22/Feb/2007:01:44:16 -0700] conn=32 op=0 msgId=1 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:44:16 -0700] conn=32 op=0 msgId=1 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:44:16 -0700] conn=32 op=1 msgId=2 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:44:16 -0700] conn=32 op=1 msgId=2 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:44:16 -0700] conn=32 op=2 msgId=3 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:44:16 -0700] conn=32 op=2 msgId=3 - RESULT err=49 tag=97 nentries=0 etime=0
[22/Feb/2007:01:44:16 -0700] conn=32 op=3 msgId=4 - UNBIND
[22/Feb/2007:01:44:16 -0700] conn=32 op=3 msgId=-1 - closing - U1
[22/Feb/2007:01:44:17 -0700] conn=32 op=-1 msgId=-1 - closed.
[22/Feb/2007:01:45:50 -0700] conn=33 op=-1 msgId=-1 - fd=26 slot=26 LDAP connection from 10.7.30.185 to 10.7.30.16
[22/Feb/2007:01:45:50 -0700] conn=33 op=0 msgId=1 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:45:50 -0700] conn=33 op=0 msgId=1 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:45:50 -0700] conn=33 op=1 msgId=2 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:45:50 -0700] conn=33 op=1 msgId=2 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:45:50 -0700] conn=33 op=2 msgId=3 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:45:50 -0700] conn=33 op=2 msgId=3 - RESULT err=49 tag=97 nentries=0 etime=0
[22/Feb/2007:01:45:50 -0700] conn=33 op=3 msgId=4 - UNBIND
[22/Feb/2007:01:45:50 -0700] conn=33 op=3 msgId=-1 - closing - U1
[22/Feb/2007:01:45:51 -0700] conn=33 op=-1 msgId=-1 - closed.
I am using default Identiy Mapping and the ldif file looks like this :
dn: cn=default,cn=GSSAPI,cn=identity mapping,cn=config
objectClass: dsIdentityMapping
objectClass: nsContainer
objectClass: dsPatternMatching
objectClass: top
cn: default
dsMatching-pattern: ${Principal}
creatorsName: cn=directory manager
createTimestamp: 20070220045812Z
dsMatching-regexp: uid=(.*)
dsSearchBaseDN: ou=people,dc=test1,dc=com
dsMappedDN: uid=${Principal},ou=people,dc=test1,dc=com
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
modifyTimestamp: 20070221082740Z
Following is the snoop for LDAP on the server :
bash-2.05# !snoop
snoop -v port 389 | grep LDAP
Using device /dev/eri (promiscuous mode)
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 0: Bind Request]
LDAP: [Version]
LDAP: [Object Name]
LDAP: uid=tester1,ou=people,dc=test1,d
LDAP: c=com
LDAP: Authentication: SASL *[3]
LDAP: [OctetString]
LDAP: GSSAPI
LDAP: [OctetString]
LDAP: *** NOT PRINTED - Too long value ***
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 1: Bind Response]
LDAP: [Result Code]
LDAP: SASL Bind In Progress
LDAP: [Matched DN]
LDAP: [Error Message]
LDAP: SASL Credentials [7]
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 0: Bind Request]
LDAP: [Version]
LDAP: [Object Name]
LDAP: uid=tester1,ou=people,dc=test1,d
LDAP: c=com
LDAP: Authentication: SASL *[3]
LDAP: [OctetString]
LDAP: GSSAPI
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 1: Bind Response]
LDAP: [Result Code]
LDAP: SASL Bind In Progress
LDAP: [Matched DN]
LDAP: [Error Message]
LDAP: SASL Credentials [7]
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 0: Bind Request]
LDAP: [Version]
LDAP: [Object Name]
LDAP: uid=tester1,ou=people,dc=test1,d
LDAP: c=com
LDAP: Authentication: SASL *[3]
LDAP: [OctetString]
LDAP: GSSAPI
LDAP: [OctetString]
LDAP:
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 1: Bind Response]
LDAP: [Result Code]
LDAP: 1
LDAP: Invalid Credentials
LDAP: [Matched DN]
LDAP: [Error Message]
LDAP: SASL(-1): generic failure:
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation [APPL 2: Unbind Request]
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
Please help me on how to fix this issue.
Thanks,
Radhakrishnan

I did reply on the other thread of yours...
Ludovic

Synchronize the ldap server

Similar Messages

Maybe you are looking for