Use of configuration directory server

Maybe this is a dumb question but since I dont know the answer:
Does one need to buy a production license of the Directory Server to use as a configuration directory server?
I will have six web servers in my production environment. But only one or two admin user accounts for secure access.
Thank,
-amit

Both 2005Q1 and 2005Q4 are considered 6.2. I would
use 2005Q4. Actually, I DID use 2005Q4.
Why use bits that are already superceeded? Is it the
cost of 4 CD's?So, can this happen in two separate stages?:
1. First upgrade all directory servers to 5.2p4 and migrate the current messaging server 5.2 configuration.
2. At a later date, once directory services have been upgraded and are stable, the upgrade of the messaging server can be done.
Thanks

Similar Messages

  • Error configure directory server 5.2

    Hi,
    I'm getting this error when doing issuing
    bash-3.00# directoryserver configure
    after installing Directory Server with Configure Later option
    [slapd-elara]: starting up server ...
    [slapd-elara]: [29/Aug/2009:10:40:37 +0100] - Sun Java(TM) System Directory
    Server/5.2_Patch_4 B2005.230.0041 (64-bit) starting up
    [slapd-elara]: [29/Aug/2009:10:40:38 +0100] - Listening on all interfaces port
    389 for LDAP requests
    [slapd-elara]: [29/Aug/2009:10:40:38 +0100] - slapd started.
    Your new directory server has been started.
    error: can't bind to server:Unable to bind to server. (Invalid credentials (49)
    returned from ldap_simple_bind_s(cn=Directory Manager))
    Could not configure server.
    Configuration of the Directory Server failed.
    Error Directory Server configuration failure
    Error Configuration of the server(s) failed.
    Can someone give me a hint?
    Best regards

    Problem solved.
    1 - uninstalled Directory Server
    /var/sadm/prod/SUNWds-entsys4/uninstall
    2 - removed all the packages used in a manual instalation
    for i in SUNWasha SUNWasvc SUNWasvcp SUNWasvr SUNWasvu SUNWdsha SUNWdsvcp SUNWdsvh SUNWdsvhx SUNWdsvpl SUNWdsvr SUNWdsvu SUNWdsvx SUNWicu SUNWicux SUNWjss SUNWldk SUNWldkx SUNWpr SUNWprx SUNWsasl SUNWsaslx SUNWtls SUNWtlsx; do echo $i;pkgrm $i;done
    3 - re-install it with configure later option
    java_es_05Q4_directory/Solaris_sparc/installer
    4 - Configure Directory Server
    directoryserver -u 5.2 configure
    5 - Configure Administration Server
    mpsadmserver configure
    And everything started working.

  • IDS 5.x: Is a separate configuration directory server instance even needed?

    Because iDS 5.x supports multiple database instances, why is there a need to suggest installing the directory server with a separate configuration directory server instance (on say port 390)?
    In large multi-tiered iDS 4.x directory server implementations, using a single master configuration directory server is very cumbersome, so many implementations are using a local configuration directory server instance, on port 390 with the data instance on the usual port 389.
    With the iDS 5.x release, we will be implementing local directory server instances, all on port 389, on all of our tiered LDAP servers. There will be no separate configuration directory server instance, as it is not needed.
    At this point, I am questioning the "best practices" suggested by the SunOne documentation to use a separate configuration directory server instance. It does not need to be on a separate port now with iDS 5.x supporting multiple databases.
    And I note that the present "/usr/sbin/directoryserver setup" script will not allow for a directory instance to be installed on port 390.
    Adam

    Yes, with iDS 5.X, it's much safer to have the o=NetscapeRoot tree served by the same instance as your corp/user tree. The separation approach was created to avoid the pitfalls when importing LDIF, but the -n argument to ldif2db lets you avoid such problems.

  • Help!! How to install and use Sun ONE Directory Server Resource Kit 5.2

    Hi ! Friend:
    I have some problem on install and use Sun ONE Directory Server Resource Kit 5.2, when I execute "java DSRK", afterwards something like this : com.iplanet.install.until.wbResource::gerstring:resource bundle"locale.resources.S1DSRKResource" not found appeared in the window ,that's why?
    Meanwhile ,can you give some data about it on how to use it ?
    Thank you !

    You should be aware of the following characteristics of your directory when using this tool:
    Size and number of entries.
    Directory structure and access permissions.
    Virtual attributes, class of service, and indexing.
    Usage, types of access, and access patterns.
    Post your error messages completely.
    Thanks
    --Britto                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • Issue w/ Case Differences Using the IBM Directory Server MA

    We have the following issue using the IBM Directory Server MA using FIM 2010 R2 (Version 4.1.3479.0).
    We provision a new object, e.g., uid=jdoe,ou=users,o=contoso, into an instance of IBM Directory Server
    The object is created in IBM Directory Server as uid=jdoe,ou=users,o=contoso
    A Full Import on the IBM Directory Server MA runs and confirms the export
    Subsequent imports, sync, and exports run successfully
    <Time passes>
    A Full Import on the IBM Directory Server MA runs, and this object shows up as a staging-error (uid=jdoe,ou=Users,o=contoso)
    Subsequent imports and syncs report errors on this object (staging-error)
    Note that we do not manipulate the anchor (DN) of this object once it is created in IBM Directory Server. Other attributes are synchronized, but the object is never renamed/moved. This case change does not happen with all of the objects brought
    in during the Full Import, but the number of instances do increase periodically. At this point, it does look like the import is changing from a lowercase "u" to an uppercase "U" but not vice versa.
    I found a related
    TechNet article containing the following remark:
    "IBM Directory Server does not guarantee that the case of a DN component will match in all instances. On a synchronization or import from IBM Directory Server, this can manifest itself as an unexpected update. For example, if you create
    O=TEST, and then create the user cn=MikeDan,O=TEST, this might be imported from IBM Directory Server as
    cn=MikeDan,O=test. Because of the case difference, FIM treats this as an update on subsequent full imports."
    Unfortunately, the article does not propose a resolution.
    Has anyone encountered this issue? More importantly has anyone resolved this or found an acceptable workaround?
    Note that deleting the connector space is not an acceptable workaround. :)

    I remember experiencing this issue when we were on 5.0, and I believe it persists through 5.1 as well.
    There is a comment in the 5.2 release notes that something similar was fixed:
    Changing case sensitive attribute values failed in MMR. (4624693)
    If I had to take a wild guess, I would say that the server does some internal checking to see if the value has changed, possibly based on the attribute syntax, to avoid replicating "changes" that really don't change anything except case. I doubt that all your custom attributes are case-sensitive, though. Enabling replication probably "turns on" this behavior, which doesn't go away even if replication is disabled.
    In any case, you're probably out of luck unless/until you upgrade to 5.2.

  • How to Configure Directory Server 6 In configure later mode

    Hi ,
    I would like to know how to configure the directory server in configure later mode.
    I have done it in JES4 using the directoryserver command. Which is the command to be used in JES5 for configuring the directory server after the binaries are installed.
    It would be great if anyone could refer me to the documentation for the configure later mode.
    Thanks,

    There has been quite a few posts on blogs.sun.com with regards to configuring DS instances after installation.
    It is part of the installation guide as far as I can remember.
    Check <http://blogs.sun.com/marginNotes/entry/the_version_6_cli%3A_getting>
    Regards
    Ludovic,

  • Passwordless ssh login using kerberos in Directory Server 5.2

    Hello all,
    I am trying to do passwordless ssh login in directory server 5.2 . I have done everything on directory server and client such as enabling sasl/gssapi, configuring kdc, creating gssapi profile, identity mapping, configured client with that profile. ldapsearch with -o mech=gssapi works fine.
    But still i can't do password less ssh login. However, i can do passwordless login with the kerberos principal for local user but not for user which is in directory server.
    Any help will be greatly appreciated.

    Hello all,
    I am trying to do passwordless ssh login in directory server 5.2 . I have done everything on directory server and client such as enabling sasl/gssapi, configuring kdc, creating gssapi profile, identity mapping, configured client with that profile. ldapsearch with -o mech=gssapi works fine.
    But still i can't do password less ssh login. However, i can do passwordless login with the kerberos principal for local user but not for user which is in directory server.
    Any help will be greatly appreciated.

  • Configuring Directory server control center after installation..

    Hi,
    We have already installed Sun Java Communication Suite 6.0 on a Sun solaris 10 machine along with Directory Server.
    During installation , we have skipped the directory server control center component. How do we select the same after the installation?
    Any addition inputs for configuration of Directory server control center will be helpful.
    Thanx in advance....
    Edited by: ashish0_0 on Nov 18, 2007 9:40 PM

    Hi,
    We have already installed Sun Java Communication Suite 6.0 on a Sun solaris 10 machine along with Directory Server.
    During installation , we have skipped the directory server control center component. How do we select the same after the installation?
    Any addition inputs for configuration of Directory server control center will be helpful.
    Thanx in advance....
    Edited by: ashish0_0 on Nov 18, 2007 9:40 PM

  • Move Configuration directory server

    We are in the process of transitioning from DS5.2 to DS6.3.1. A few of the consumers will be remaining at 5.2 level for some time (budget reasons). Currently they all have their configuration stored on one of our 5.2 masters. When the time comes to take down this old master we'd like to move the configuration directory (the o=NetscapeRoot information) to the individual consumers. Anyone know how to get the config for a particular consumer, upload it (to a file or a newly created o=netscaproot on the consumer), and the configure the admin server to look for it in the new location?
    Thanks for any help.

    Thanks,
    Yes, I do think it will be better to take the whole NetscapeRoot tree instead of trying to get just the host specific data now that I think about it. But the other question of getting the admin servers on the consumers to look for their info in the new location - I tried editing {install-root}/admin-serv/config/adm.conf and changing the 'ldaphost' line to a new host, but even after restart it kept going to the old server. Any ideas on getting this to change?

  • ISP won't let me use my configured DNS server-what to do?

    I put Open DNS servers in my Mac OS X Network Preferences (OS X 10.6) for when I use DHCP connections. This works fine on one network (DHCP to a wireless router connected to internet via DSL), but when I connect to another network, I find that I end up using the network's DNS servers - It appears my computer is sending a request out for the Open DNS IPs (208.67.222.222 or 208.67.220.220) according to Little Snitch's network monitoring, but the ISP seems to be internally changing it to their own DNS server within their network before the domain name is looked up. I can verify whether Open DNS is really used by visiting welcome.opendns.com/ or by going to the mispelled craigslist.og (which Open DNS redirects to the classified ads). The troublesome situation is when I connect by wifi DHCP to my TMobile cell phone.
    What can I do about these sorts of ISPs? Is there anything I can do?
    Also, is there a page I can visit to tell me the IP address of the actual DNS server used, not just what I configured in my Mac?
    Thanks

    - Transfer iTunes purchases to the computer by:
    iTunes Store: Transferring purchases from your iPhone, iPad, or iPod to a computer
    - For other music you need a third-party program like one of those discussed here:
    Copy music from Ipod to new computer...: Apple Support Communities
    - After all the stuff is on your computer, connect the iPod to yur computer and make a backup by right clicking on the iPod under Devices in iTunes and select Back Up.
    - Restore the iPod from that backup.

  • Unable to use SSL between Access Manager and Directory Server

    I am trying to set up Access Manager to use SSL when communicating with Directory Server. Access Manager 7 is running under Sun Web Server 6.1. I have configured Directory Server to use SSL using a Self-Signed CA and have imported the CA certificate into the certificate database for Web Server. When I change the Access Manager configuration as specified in the Admin Guide to use SSL and restart the Web Server, Access Manager fails with the message
    (among many others)
    netscape.ldap.LDAPException: SSL connection to
    eauth1.arc.nasa.gov:636, SSL_ForceHandshake failed: (-8157) Certificate extension not found. (91); Cannot
    connect to the LDAP server
    I am able to connect to the Directory Server instanc with JXplorer using SSL (with a complaint about an unknown CA). Can someone explain the error message so that I can fix the problem or work around it?
    Thanks

    in the initial part of AMConfig.properties, you'll find an entry similar to trustSSLCerts . This, by default, is set to false. Trying setting it to true (AM web server instance will need a restart). This lets AM continue with SSL handshaking inspite of errors. Am not sure if this affects AM to DS connectivity as well. It sure affects AM to AM communication (in a multiple server configuration).
    Naturally, it is not recommended that you use this feature when you are ready for production, but atleast it'll let you be sure that apart from the cert issue, everything else is okay.
    Hope this helps.

  • Installation Error with iPlanet Directory Server 5.1 SP1 and Windows 2000

    Hello,
    I'm having real trouble getting iPlanet Directory Server installed on a Windows 200 Server machine. Every time I install it, no matter what options I choose, I get this series of popup boxes at the end:
    - Setup is unable to store configuration data in the LDAP directory
    - Unable to create Administration Server configuration
    - Could not authenticate ldap connection, "Unknown error"
    - Unable to set ACI in Configuration Directory Server
    But searching on this forum, I have found a lot of post. I have tested the different solution proposed :
    * Add on the host file the short name and the long name of my machine with it's IP adress
    * When the installation process crash, uninstall the software, reboot the machine and then restart the installation
    With all this solution, the problem is always here.
    Could you help me ?
    Boris MANCHETTE

    Are you using Terminal Services. iPlanet DS will not install properly over Terminal Services. You have to install from the direct attached console.
    Ted

  • Problems while installing Sun ONE Directory Server.

    Hi all,
    I'm a newbie to LDAP amd my problem is -
    When I started Installing SunONE DS on machine first time, at the end of the installation, it thrown an error message.
    "The program cant start because nss3.dll is missing from your computer. Try reinstalling the program to fix this problem."
    Later, I copied nss3.dll file to "C:\Windows\System32" and then started the installation then it thrown error again as follows -
    "Configuration of the Directory Server failed.
    Error Directory Server configuration failure
    Checking connection to the Configuration Directory Server... failed.
    The Administration Server cannot be configured.
    Error Administration Server configuration failure
    Error Configuration of the server(s) failed.
    Click Next to continue. "
    What is the reason behind this?

    Bingo, It worked. Yup, I'm using SODS 5.2, I have copied all .dll files from nsbasesystem.zip to "C:\Windows\System32".
    but now the problem is -
    Sun One Directory server service is running
    but
    Sun ONE Administration server process is not running
    I have tried to start it manually but it didn't worked. It initiates the starting of process and then suddenly shows error message that
    "The Sun ONE Administration server 5.2 service on local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs."

  • Error trying to install Directory Server on Linux - pls help

    I get a silly error loop when trying to install the Directory Server 5.2 on a Fedora Core 4 box.
    I do a ./directoryserver configure to configure the directory server, and it ran for a bit and then error'ed out in the middle, but most of the install said it was successful.
    I try to do a ./directoryserver start and it says Directory Server 5.2 is not configured.
    Use:
        '/opt/sun/sbin/directoryserver -u 5.2 configure' to configure Directory Server 5.2.I then try to run ./directoryserver configure again, and it says,
    An instance of Directory Server has already been configured The current
    configuration will not be removed or replacedWhere is this configuration kept, and how do I just manually edit it or delete it? It's blocking my being able to get the Sun App server up, so I need any help I can get.
    Thanks much,
    --Tad
    Church of Scientology
    http://www.scientology-washingtondc.org

    Gary -
    Thanks much.
    Do I now have to rpm -e the packages that I have already installed on the system in order for this clean install to work? I attempted removing all of the product registry files and so forth, but on re-install the installer program insists that the pgm is still installed on the system. Slapd is definitely not running (and never was on this system) so that isn't the issue.
    I'm thinking perhaps just rpm -e'ing all of the sun-related RPMs that came onto the server and starting over. Better idea?
    -- Tad
    System Administrator
    Church of Scientology
    http://www.scientology-washingtondc.org

  • Directory Server and Samba 3 PDC

    I'm trying to connect to directory server from samba 3
    # ./smbpasswd -w secret
    # ./net getlocalsid
    it says:
    bash-3.00# ./net getlocalsid
    [2006/04/29 13:29:10, 0] lib/smbldap.c:smbldap_connect_system(890)
    failed to bind to server ldap://merlin.cotarh.local with dn="cn=admin,dc=cotarh,dc=local" Error: Inappropriate authentication
    [2006/04/29 13:29:25, 0] lib/smbldap.c:smbldap_search_suffix(1346)
    smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timelimit exceeded)
    SID for domain MERLIN is: S-1-5-21-3865381809-2382358429-1619658665
    What's wrong?

    Once the user has authenticated with Kerberos, the token can be used with LDAP using the SASL authentication with GSSAPI / Kerbv5 mechanism.
    How to configure Directory Server 5.2 for this is fully documented in the Chapter 11 - Managing Authentication and Encryption of the Administration Manual.
    <http://docs.sun.com/source/817-5221/ssl.html#wp20166>
    Regards,
    Ludovic.

Maybe you are looking for

  • Resource capacity utilization report

    Hi, Is there any standard report for Resource capacity utilization after SNP run. Any standard extractor/data source is available to build the report? Regards, Krunal

  • Determine data type

    Hi all, I've got procedure for inserting data into value1 column of table1. My need is to determine data type entered by user. If data type is not number then user should receive error. How do I perform it?

  • High-End headphones and iPod cases don't match

    I just received 4 cases for both my Nano and iPod Video. They were ordered sight unseen long ago. There's a terrifying trend here. iPod Lounge will only give high marks to cases that cover everything with little holes for access. And so 3 of my 4 hig

  • No background grid view .

    Hi.. i am new here and sorry for my english. does anyone know why no background grid view on my stack? it happen since i upgrade to 10.5.1 til now 10.5.6 here is a picture: http://i385.photobucket.com/albums/oo292/ovandalish/Snapshot2009-02-1507-01-4

  • Migrate User Data on one iMac

    I have my iMac (mavericks) set up with two users.  I no longer need the separation and want to combine data into one, then delete the unneeded user.  How can I do this?