Syntax dse.ldif file

Similar Messages

• DS6 dse.ldif file keeps getting deleted

  I am running Directory Server 6.3 on Solaris 10 U7. Last night I applied various system patches - none of them appear to the related to ldap or the directory server. Some times when I shutdown some thing seems to crash and the system does system dump. When I restart directory fails to start. The log shows
  Configuration error The default password storage scheme SSHA could not be read
  or was not found in the file /opt/ldap/slapd-server1/config/dse.ldif. It is mandatory.
  the dse.ldif file is blank. Fortunately the dse.ldif.startOK is OK. It looks like it had been created or modified during a clean shutdown yesterday evening.
  Any thoughts?
  thanks

  HI
  I have about 5 GB free on the rpool volume (i.e. /, /opt etc.)
  During the patching process (along with trying to get a tape drive working) I rebooted aout 3-4 times. At least twice, it looked like something panicked/crashed/dumped. My guess is that the directory server deleted the existing dse.ldif file, there was a system error, then directory server could not write the new file. it seems odd that at least twice that the crash occured immediately after the file was deleted. Would directory server crash if it can't write files? Server shutdown might take 5 min while various services are closed.
  When I stop the ds-myinstance svc with "svcadm" (without rebooting) it looks like it does update dse.ldif (at least time time stamp) , and creates and dse.ldif.bak file. On restarting the service cleanly, the dse.ldif.StartOK file is updated. So it looks like directory server itself is OK but either can't write files because of some other, system-related shutdown issue..
  What I may need to try is stopping directory server then shutting down the system and seeing if I get panic/coredumps/file syncs.
  Thanks

• Importing LDIF file In DSEE 11.1.1.7.0

  Hi All,
  I was trying to import Example.ldif file but some how its giving this error. What is the reason :-
  C:\sun-dsee7\dsee7\bin> dsconf import -h localhost -p 1389 C:\sun-dsee7\dsee7\resources\ldif\Example.ldif dc=example,dc=com
  Enter "cn=Directory Manager" password:
  Unable to bind securely on "localhost:1389".
  The "import" operation failed on "localhost:1389".
  C:\sun-dsee7\dsee7\bin>dsadm start C:\SUN
  Directory Server instance 'C:/SUN' is already running (pid: 2700)

  Hi Ranjeet,
  the error you get seems to be due to the fact that the dsconf command is trying to bind 'securely' to a 'clear' port; try with the following command using the -e option:
  C:\sun-dsee7\dsee7\bin> dsconf import -h localhost -p 1389 -e C:\sun-dsee7\dsee7\resources\ldif\Example.ldif dc=example,dc=com
  It should work.
  For further reference, please check the dsconf --help, or the official product documentation manual page:
  http://docs.oracle.com/cd/E29127_01/doc.111170/e28967/dsconf-1m.htm#dsconf-1m
  HTH,
  Marco

• How to create custom attributes & object classes through ldif files in OID

  Hi,
  I have to create 4 attributes and one object class(custom) in OID. I want to creae these attributes and object class through LDIF file.
  I tried creating an attribute through this command
  ldapadd -p 389 -h localhost -D cn=orcladmin -w password -f D:/newattr.ldif
  this ldif file contains inf. for creating a new attributes:
  dn: cn=subschemasubentry
  changetype: add
  add: attributetypes
  attributetypes: ( 1.2.3.4.5.6.10 NAME "xsUserType_new" DESC "User Type Definition" EQUALITY caseIgnoreMatch
  SYNTAX "1.3.6.1.4.1.1466.115.121.1.15" )
  I am getting error: Object class violation
  Failed to find add in mandatory or optional attribute list.
  Please help to find where I am going wrong...
  Thanks.

  Hi Ajay,
  Thank you for the help. Now i am able to create both attributes and object classes in OID through Ldif files.
  I was getting constraint violation error because (I think) I was not giving proper naming convection for attributes and object classes. For OID, there are certain Ldap naming conventions. They are as follows:
  # X below is the enterprise number assigned by IANA
  1.3.6.1.4.1.X.1 - assign to SNMP objects
  1.3.6.1.4.1.X.2 - assign to LDAP objects
  1.3.6.1.4.1.X.2.1 - assign to LDAP syntaxes
  1.3.6.1.4.1.X.2.2 - assign to LDAP matchingrules
  1.3.6.1.4.1.X.2.3 - assign to LDAP attributes
  1.3.6.1.4.1.X.2.4 - assign to LDAP objectclasses
  1.3.6.1.4.1.X.2.5 - assign to LDAP supported features
  1.3.6.1.4.1.X.2.9 - assign to LDAP protocol mechanisms
  1.3.6.1.4.1.X.2.10 - assign to LDAP controls
  1.3.6.1.4.1.X.2.11 - assign to LDAP extended operations
  By using these conventions for attributes and object class, I did got any error and they were created in OID.
  Thanks a zillion.
  Kalpana.

• How to create an new administrator with ldif files

  I need another administrator as orcladmin for create an new tree in OID 11g which groups and right must this administrator have?

  Although you can create a superuser account that is able to manage entries, it won't be able to do so using ODSM until 11g Patchset 4.
  What this means is that you may use ldapbind/ldapmodify/ldapadd/ldapdelete commands with this new user to do the same operations that you would normally only do using the superuser, but that until a future patchset (currently slated for 11g patchset 4), this user will not be able to login to ODSM.
  Attempts to login to ODSM as this new user will fail with:
  Error:
  ODSM allows only super user to connect to OID.
  Connected user is not a super user.
  Identify the groups that the superuser is in, as follows:
  ldapsearch -p <OID_port> -h <OID_host> -D "cn=orcladmin" -w <pwd> -b "" -s sub "uniquemember=cn=orcladmin" dn
  Create a new user entry, to be used as the second superuser.
  Add this user as a uniquemember to all the same groups returned in. This can either be done manually, or via the ldapmodify/ldapadd command with an LDIF file with the following syntax:
  newadmin.ldif
  dn: cn=odisgroup,cn=odi,cn=oracle internet directory
  changetype: modify
  add: uniquemember
  uniquemember: cn=myadmin,cn=users,dc=myorg,dc=com
  dn: cn=Provisioning Admins,cn=changelog subscriber,cn=oracle internet directory
  changetype: modify
  add: uniquemember
  uniquemember: cn=myadmin,cn=users,dc=myorg,dc=com
  ldapadd -p <OID_port> -h <OID_host> -D "cn=orcladmin" -w <pwd> -f newadmin.ldif
  Thanks,
  ABP

• When/how is dse.ldif  used?

  Hello DS experts.
  We have ds 5.1 sp3 running on Solaris 8. It seems that by default we only have maximum of 1024 file descriptors.
  In file <server_root>/config/dse.ldif I see in the cn=config entry the attribute nsslapd-maxdescriptors. This attribute has value 1024.
  I want to increase the max FD to 4096 by editing /etc/system.
  Now, my question is.. when I reboot my system will the DS when it starts up change the nsslapd-maxdescriptors value from 1024 to 4096 automatically.. OR do I have to 'manually' set it after the DS (hopefully) restarts.
  Thanks in advance.

  From the OS level, you have to modify /etc/systemand
  manually change that value for ulimit. After thatyou
  need restart the Unix server to let the changestake
  effective.
  Then from the application level, you also have to
  increase your setting as mentioned.
  However, even though 64-bit OS allow for 4096 FD,
  there is limit on application level. If your
  Directory server is running on 32-bit mode, the
  actually FD will be up to 256, unless your DS is
  running on 64-bit mode.This is incorrect. A 32-bit directory server can use
  up to
  ~ 65k file descriptors assuming kernel/process limits
  and
  the application asks for them. I've ran plenty of 32
  bit DS
  servers with 4k file descriptors with no problem.As I experienced, you can set 4096 or whatever in the DS level. However only 256 FD can only be used. In environment where you run 32-bit application (DS or iDAR), when the totall connections hit around 256, the service will become unstable, even though the service is still running.
  Please check the following link for more information.
  Thanks!
  >
  * update /etc/system with fd settingsck > * stop directory server
  * update limit in dse.ldif to 4096
  * bounce server
  Thanks!

• How do I add an objectclass to existing LDAP server entry using an ldif file?

  I am trying to fix an LDAP server that has been operating with schema check off. I need to add an objectclass to the groups so that some attributes that have been added to the groups will be "legal." From the documentation, the changetype: modify will allow the changing/adding of attributes that are already a part of the schema objects that define the entry. It does not look like I can add an objectclass with the modify operation.
  If this is the case, then how do I add an objectclass to an existing entry? Using the GUI is not possible since the directory server in question is not being managed with an admin server. Please tell me that I do not have to delete the groups and import them again with an LDIF file that has the new objectclass added.
  Kent

  See this post:
  http://softwareforum.sun.com/servlet/ProcessRequest?RHIVEID=181&RPAGEID=135&HOID=50B500000008000000636B0000&USEARCHCONTEXT_CATEGORY_0=_21_%24_7_&USEARCHCONTEXT_CATEGORY_S=0&UCATEGORY_0=_21_%24_7_&UCATEGORY_S=0

• Anyone tried using LDIF file in the User Profile Synchronization Process?

  Microsoft pushied an article recently talking about using LDIF file in the SharePoint's user profile synchronization. 
  Configure profile synchronization using a Lightweight Directory Interchange Format (LDIF) file (SharePoint Server 2010) http://technet.microsoft.com/en-us/library/ff959234.aspx
  Currently I am unable to obtain the required "Replicate Directory Change" permission set up by the AD admin.  So I thought of exploring this alternative since I still have AD search permission right now.
  So far, I was able to set up the MOSSLDAP-LDIFMA, and use an import.ldif file to add, remove and update user profiles.  However, there are some problems that I can't resolve.  One of key problems is, the LDIF-imported records can't be
  sync'd with login-based records.
  In my environment, when a user login SharePoint via Windows authentication, a new profile would be added, under the account name "domain\username".  Meanwhile, when an LDIF record imported, there will be another profile created under the account
  name "domain:domain\username", or "domain:username".  That is, there would be two profiles for each user.
  Based on my understanding, it is very likely the user profile synchronization is based on the user's account name.  But in document and sample files provided, I can't find out any clue how to prepare the ldif file so that it will update the
  matching records, instead of creating new ones.
  Any help?  Thanks in advance.

  Has anyone managed to get this to work?
  It's nice that Microsoft offers the ability to import user profiles via LDIF into SharePoint, but it is useless if the account name is not correct after the import. I have tried multiple imports from the LDIF to get a user account to show up as  "domain\username" but
  it always ends up as "domain:domain\username", or "domain:username".  or a variation
  of these 2 with a colon separating the domain form the username. i see that multiple people have had the same problem, but unfortunetaly can't seem to find a solution. Also I see Bradley mentions that he was able to import accounts using get-QADUser,
  but he doesnt mention what the accounts import as or if it resolved the domain colon issue.
  Thanks in advance for any help or information anyone can provide.
  cheers,
  Zed

• Proper syntax of the file name to attach files in FNDATTCH.fmb

  Can you please tell me the proper syntax of the file name to attach files in FNDATTCH.fmb ?
  i am not able to open attached document if it contains & in the file name..So i wanted to know the rules to give the file name

  This has nothing to do with the TB display.  You should repost in the computer forum

• OVD Adapter and ldif file

  Hello,
  When you create an OVD database adapter, does OVD automatically create an ldif file the first time you connect using the client view?
  Thank you.

  Hi,
  Try to increase your server parameters as below and try ....then you would be able to process large data
  u2022     UME Parameters :  May be we need to look into the pool size and poolmax wait parameters - UME recommended parameters (like: poolmaxsize=50, poolmaxwait=60000)
  u2022     Tuning Parameters:  May be we need to look/define the Message Size Limit u201Clike: EO_MSG_SIZE_LIMIT = 0000100u201D under tuning category
  u2022     ICM Parameters: May be we need to consider ICM parameters (ex: icm/conn_timeout = 900000. icm/HTTP/max_request_size_KB = 2097152)
  Regards,
  Naveen

• Can I load a LDIF file and initalise the database using iPlanet SDK?

  I know how to create a new context in the DS, initialise its database with a LDIF file from the console or using the LDAPModify.
  But would it be possible if I can create the context & initialise the database using the iPlanet SDK for Java?
  I'm developing a module that would allow an user to create a new organisation, thereby the need to create the database using the SDK. How can I go about to achieve this?
  Many thanks!

  I don't understand. If you know how to do everything using ldapmodify, it should be very straightforward to use java. What don't you understand?

• 8.1.7- How to load an LDIF file

  hai,
  I understand that there's bulkload.sh to load LDIF file. But I
  think this is for unix.
  How can I load LDIF file in Windows?
  thanks in advance,
  Evan

  Use ldapadd utilty
  465 D% ldapadd -h
  usage: ldapadd [-abcknrvF] [-d debug-level] [-h ldaphost] [-p
  ldapport] [-D bind
  dn] [-w passwd] [-W Wallet] [-P Wpasswd] [-U SSLAuth] [ -E
  Encoding ] [-Z (enabl
  e native authentication)] [ -f file | < entryfile ]
  463 D% whereis ldapadd
  d:\oracle\ora81\bin\ldapadd.exe
  d:\oracle\ora81\bin\ldapadd.exe
  or to run bulkload.sh install MKS utility

• I need to extend the schema for iPlanet Dir. 5.0 and add custom objectclasses and atributes. I do this by adding entries in the 99user.ldif file. Its not working. Any ideas?

  Hi
  I need to extend the schema for iPlanet Dir. 5.0 and I do not want to do so from the console. As per the documentation, I need to either add entries in the 99user.ldif file or define my own custom [00-99]myname.ldif file. I tried this but its not working.
  I have made the assumption that there is no explicit import step for the 'user defined' schema files (as it is for user data ldif files). I assume that on start (or on opening the console), I'd be able to see the new schema after the server has read the schema file.
  I have verified that entering new objectclasses and attributes from the console adds entries into the 99user.ldif file. So why is the reverse process not working. Can anybody throw some light on this? Also in case my assumptions are faulty, please let me know.
  I did not change the aci entries in the existing ldif file. Is any modification needed there? I was logged in as the Directory Manager during this testing process.
  regards
  Sikka ([email protected])

  Hi Sikka,
  The server reads its schema configuration on startup. If you manually modify the schema files while the server is running, it will not have any effect. You have to restart the server.
  The console adds the new schema elements over LDAP (you could do that as well, you only have to modify the cn=schema entry), so the server is aware of the changes immediately and thus restarting is not needed.
  I hope this helps.
  Bertold

• Modify schema using ldif file and ldapmodify

  Suppose I want to create a new attribute and add it to a previously created object class; using an ldif file and ldapmpodify.
  It seems that my only option is an ldif file that looks like this:
  dn:cn=schema
  changetype: modify
  replace: objectclasses
  objectclasses: (...........MAY 'new attribute'...)
  This means that the author of the ldif file has to have prior knowledge of the schema, presumably by doing an ldapsearch.
  Am I missing anything?
  Basically there is a requirement here that developers be able to modify ldap schema on the test server by themselves. (without asking the ldap admin to do so). They currently can add fields to an SQL database with SQL tools so they want to do the same to LDAP.
  Any ideas ?

  That is correct, you'll have to add the attribute and then replace the objectclass. However, you may have to disable schema checking to modify the objectclass.
  Someone pointed out in another thread, you can give write access to the schema and config to another user via ACIs.
  Another thing to keep in mind, adding attributes/objectclasses via ldapmodify will put everything in 99user.ldif. This could get messy if you need to upgrade or rebuild an instance. I reccommend creating a 98myapp.ldif (or whatever you want) and putting your application specific objectclasses/attributes in there. This will require stopping/starting the server, but it will give you a good handle on what's been changed. In fact, you could require the developers to keep this file in RCS (or other version control) and then you could have a nice history of changes and the ability to go back if necessary.
  HTH,
  Roger S.

• Creating and parsing LDIF file

  Hi,
  Does JNDI provide any libraries to create and parse LDIF files by performing an ldap search?.
  thanks in advance

  My guess would be that when you created the war file the internal paths were incorrect. Open the war file using WinZIp and check the file paths. They should be relative to the web application directory (ie prj.java should have the file path "WEB-INF/classses")
  As an added thought you may want to put your servlet file into packages.