Verify NT User aganist an LDAP Server

Hi,
We would like to authendicate an NT User, running an Applet verified
using LDAP Server.
We would also like to build a SSO (Single Sign ON) based on this.
Can we use JAAS to get the NT user information (using NTLoginModule)
and use BEA JAAS login module to authendicate on the BEA Server?
The LDAP can be configured to the BEA Server (7.0) using the
LDAPRealm.
Have someone tried in these lines before? Any feedbacks ?
Thanks.

Hi Carlo,
Here's a suggestion. Perhaps take a look at "Custom Login Modules" to achieve what you are looking for. There is quite a bit of information on the forums, as well as links to work provided by Frank Nimphius in this area.
You can also consult the Application Server 10.1.3.2.0 book:
"Containers for J2EE Security Guide" for more detailed information.
I hope this helps.
Kenton

Similar Messages

  • Authenticate Users Using an LDAP Server

    Hi,
    I did implement 'Authenticate Users Using an LDAP Server' according the link blow below.
    [http://www.oracle.com/technology/products/database/application_express/howtos/how_to_ldap_authenticate.html]
    It works OK to specific DN String, example 'cn=%LDAP_USER%,OU=Menahel,OU=Cmp,DC=ho,DC=discount'.
    We have a lot of domain rules, mean the users not located at the same DN.
    Is it possibale to use general DN string (base root) like 'cn=%LDAP_USER%,*,*,DC=ho,DC=discount?
    Thanks in advance,
    Shay

    Augusto, one thing to check (since it caught me out) is that your LDAP entries conform to the right format, namely
    "cn=Bob" etc
    When I was integrating HTMLDB LDAP against a Sun One Directory Server, it had me scratching my head for ages, until I realised that the LDAP entries had been created in the format of -
    "uid=bob" rather than "cn=bob"
    This might not be your problem, but it's worth checking anyway ;)

  • How to use company users on existing ldap server as EP6.0 sp2  Users?

    Hi everybody
    Our company user data is on a  LDAP server we want to connect our EP6  UME  to this existing LDAP server so that existing company users can access  the Portal with their company id and password. What configuration we should do on the portal ?
    thanks and regards
    Rajendra

    Hi!
    Look at Admin Guide:
    Administration Guide->Portal Platform->System Administration->User Management Configuration->Configuration of Data Sources Used for User Management->Defining an LDAP Directory as a Data Source
    WBR, Lnk

  • How to enable security with users from an LDAP server

    Hello all
    My company is using a 10.1.3 Oracle LDAP server and I would like to authenticate users of my application against it.
    Can anyone point to the correct documentation?
    Thanks in advance
    Thanassis

    Thanks for your reply
    I 've gone through "Introduction to ADF Security in JDeveloper 10.1.3.2" and also Chapter 30 of "Application Development Framework Developer's Guide For Forms/4GL Developers"
    There still one thing I cannot understand : Where do I define the mapping between LDAP users and security roles?
    THanassis

  • Usage of external LDAP server with Portal

    Hi All,
    We are in a situation to use external LDAP server with WLP 8.1. These are the
    constraints we have to deal with:
    1. Only read is allowed from this LDAP server.
    2. This would be used for authentication purpose
    If thats the case, how can we use Visitor Entitlements/Delegated Admin and Group
    creation using Portal Admin tool since this will write to the configured LDAP
    server.
    Can somebody answer my question:
    1. Can we use external LDAP server - just for authetication (I know this is possible
    by using JAAS LoginModule, but I just want to get confirmed on this ) and
    2. Use default and embedded LDAP server for all others like Group/Visitor Entitlements/DAs.
    Any relevant pointers are also welcome.
    TIA,
    Prashanth Bhat.

    Thanks for th ereply. Some of your answers are not clear. Can you pls eloborate
    on this?? Pls see my comments below.
    "Johnson" <[email protected]> wrote:
    >
    Phil,
    Can I use embedded LDAP for production?
    Thanks
    Lawrence
    "Phil Griffin" <BEA> wrote:
    "Prashanth " <[email protected]> wrote in message
    news:[email protected]..
    Hi All,
    We are in a situation to use external LDAP server with WLP 8.1. Theseare
    the
    constraints we have to deal with:
    1. Only read is allowed from this LDAP server.
    2. This would be used for authentication purpose
    If thats the case, how can we use Visitor Entitlements/Delegated Adminand
    Group
    creation using Portal Admin tool since this will write to the configuredLDAP
    server.
    Can somebody answer my question:
    1. Can we use external LDAP server - just for authetication (I knowthis
    is possible
    by using JAAS LoginModule, but I just want to get confirmed on this) and
    >
    You can add the external LDAP server just for authentication, but in
    versions through
    8.1 SP2 WLP will want to verify the user exists (via the UserReaderMBean)
    during
    the login process (this check has been removed in SP3). A work around
    is to
    duplicate
    the user in a provider that does impl UserReaderMBean.
    Prashanth : You mean to say we have to duplicate the User in embedded LDAP server
    also??
    >>
    2. Use default and embedded LDAP server for all others like Group/VisitorEntitlements/DAs.
    >
    Yes, the default/embedded LDAP can still be used for DA/visitor
    entitlements. In the current
    release, the Portal Admin Tools can only be configured to use a single
    authentication provider
    while forming entitlements. In SP3, all configured providers are
    listed/usable by the tools.Prashanth : How can we configure Portal Admin tool to use authentication provider
    for entitlements??
    >>
    Any relevant pointers are also welcome.
    TIA,
    Prashanth Bhat.

  • Unable to Retrieve Attributes from LDAP Server

    I have a problem. I was wondering if anyone can assist me. I am new to LDAP servers and JNDI. I cannot retrieve any attributes from the users listed in my data entry. Any assistance would be greatly appreciated! Thanks.
    I created an entry in the LDAP server that looks like this:
    �o=somedn�
    |
    �ou=people, o=somedn�
    The �ou=people, o=somedn� entry contains fictitious users. The LDAP server is connected to a MySQL database. When I write Java code to read the attributes of a given user whose fullname (cn) is �Vinny Luigi�, as listed in the database, I receive an error that starts with the following:
    javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=Vinny Luigi,ou=people'
    The code I used is based on the Sun JNDI tutorial. Sun�s code is at http://java.sun.com/products/jndi/tutorial/basics/directory/src/GetattrsAll.java. My version of the code is below:
    * @(#)GetattrsAll.java     1.5 00/04/28
    * Copyright 1997, 1998, 1999 Sun Microsystems, Inc. All Rights
    * Reserved.
    * Sun grants you ("Licensee") a non-exclusive, royalty free,
    * license to use, modify and redistribute this software in source and
    * binary code form, provided that i) this copyright notice and license
    * appear on all copies of the software; and ii) Licensee does not
    * utilize the software in a manner which is disparaging to Sun.
    * This software is provided "AS IS," without a warranty of any
    * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
    * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
    * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
    * HEREBY EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE
    * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING,
    * MODIFYING OR DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN
    * NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
    * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL,
    * CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
    * CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT
    * OF THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS
    * BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    * This software is not designed or intended for use in on-line
    * control of aircraft, air traffic, aircraft navigation or aircraft
    * communications; or in the design, construction, operation or
    * maintenance of any nuclear facility. Licensee represents and warrants
    * that it will not use or redistribute the Software for such purposes.
    import javax.naming.*;
    import javax.naming.directory.*;
    import java.util.Hashtable;
    * Demonstrates how to retrieve all attributes of a named object.
    * usage: java GetattrsAll
    class GetattrsAll
         static void printAttrs(Attributes attrs)
              if (attrs == null)
                   System.out.println("No attributes");
              else
                   /* Print each attribute */
                   try
                        for (NamingEnumeration ae = attrs.getAll(); ae.hasMore();)
                             Attribute attr = (Attribute) ae.next();
                             System.out.println("attribute: " + attr.getID());
                             /* print each value */
                             for (NamingEnumeration e = attr.getAll(); e.hasMore(); System.out.println("value: " + e.next()) )
                   } catch (NamingException e) {
                        e.printStackTrace();
         public static void main(String[] args) {
              // Set up the environment for creating the initial context
              Hashtable env = new Hashtable(100);
              env.put(Context.INITIAL_CONTEXT_FACTORY,
                        "com.sun.jndi.ldap.LdapCtxFactory");
              env.put(Context.PROVIDER_URL, "ldap://localhost:10389/o=somedn");
              try {
                   // Create the initial context
                   DirContext ctx = new InitialDirContext(env);
                   // Get all the attributes of named object
                   System.out.println("About to use ctx.getAttributes()");
                   Attributes answer = ctx.getAttributes("cn=Vinny Luigi,ou=people");
                   // Print the answer
                   printAttrs(answer);
                   // Close the context when we're done
                   ctx.close();
              } catch (Exception e) {
                   e.printStackTrace();
    The primary key of the database is id_pk. Below is a copy of the mapping.xml file which maps the LDAP server entry to the database:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE mapping PUBLIC "-//Penrose/DTD Mapping 1.2//EN" "http://penrose.safehaus.org/dtd/mapping.dtd">
    <mapping>
    <entry dn="o=somedn">
    <oc>organization</oc>
    <oc>top</oc>
    <at name="o" rdn="true">
    <constant>somedn</constant>
    </at>
    <aci>
    <permission>rs</permission>
    </aci>
    </entry>
    <entry dn="ou=people,o=somedn">
    <oc>inetOrgPerson</oc>
    <oc>organizationalPerson</oc>
    <oc>organizationalUnit</oc>
    <oc>person</oc>
    <oc>top</oc>
    <at name="cn">
    <constant>"fullname"</constant>
    </at>
    <at name="ou" rdn="true">
    <constant>people</constant>
    </at>
    <at name="sn">
    <constant>"lastname"</constant>
    </at>
    </entry>
    <entry dn="id_pk=...,ou=people,o=somedn">
    <oc>inetOrgPerson</oc>
    <oc>organizationalPerson</oc>
    <oc>person</oc>
    <oc>top</oc>
    <at name="Position_">
    <variable>usertable9.Position_</variable>
    </at>
    <at name="id_pk" rdn="true">
    <variable>usertable9.id_pk</variable>
    </at>
    <at name="fullname">
    <variable>usertable9.fullname</variable>
    </at>
    <at name="lastname">
    <variable>usertable9.lastname</variable>
    </at>
    <at name="cn">
    <variable>usertable9.fullname</variable>
    </at>
    <at name="sn">
    <variable>usertable9.lastname</variable>
    </at>
    <source name="usertable9">
    <source-name>usertable9</source-name>
    <field name="Position_">
    <variable>Position_</variable>
    </field>
    <field name="id_pk">
    <variable>id_pk</variable>
    </field>
    <field name="fullname">
    <variable>cn</variable>
    </field>
    <field name="lastname">
    <variable>sn</variable>
    </field>
    </source>
    </entry>
    </mapping>
    Thanks.

    The complete name (Distinguished Name) of the user you're searching is 'cn=Vinny Luigi,ou=people,o=somedn'.
    Regards,
    Ludovic.

  • Getting Sun Calendar (csconfigurator.sh/comm_dssetup.pl) - my LDAP server

    I currently am trying to install a Sun Calendar server on a CentOS4
    machine which has working kerberos/ldap server access. Unfortunately
    when I try to run the csconfigurator script, despite correct entries
    and connections verified through 'ldapsearch' on a command line, I
    receive a protocol error #2 when csconfigurator tries to verify the
    connection to the LDAP server.
    I am using openldap on a ubuntu instance for the kerberos/ldap server,
    I believe that it is using v3 of LDAP. Is there anything in
    particular I need to know about how Calendar wants to access LDAP? I
    know that I saw a lot of documentation referring to Sun's Directory
    Server; all of the documentation that I dug up on this gave me the
    impression that it was just a standard LDAP server, thus leading me to
    believe that my current LDAP server should work alright.
    I would appreciate any pointers in the right direction or tips, and
    I'm certainly able to cut 'n paste any information that would be
    applicable to this issue. I really need to try to get this calendar
    server online as fast as possible, but the documentation that I've
    found seems to gloss over some of the areas where I'm having issues.
    Thanks for your time!
    -Damon Getsman

    You didn't mention which LDAP server you are using, however, JCS is really designed to work with Sun Directory Server.
    That isn't to say that one could not run JCS against OpenLDAP, etc but you would need to potentially modify the schema files that are part of comm_dssetup.pl
    The JCS 5 release notes contain product requirements:
    [http://docs.sun.com/app/docs/doc/819-4439/6n6jehs0r?a=view]
    The sequence is to install LDAP (nominally Sun DSEE), run comm_dssetup.pl, and then install Calendar Server against your LDAP instance.

  • WLSE support of Novell LDAP server NDS

    Hi all,
    It seems that WLSE (tested with 2.12) generates LDAP search packets that are not compatible with Nortel LDAP server called NDS.
    NDS is not designed to give the Userpassword in a reply of a ldap search as it is requested by the WLSE.
    I did not found on CCO a document that describes the LDAP servers supported by WLSE.
    Does anybody know what LDAP servers are supported by WLSE (2.12) and if NDS is supported?
    I attach logs on WLSE + sniffer trace where we can see teh ldap search from teh WLSE and the reply from NDS (not contating the UserPassword value).
    Many thanks for your help.
    Regards/Ludovic.

    I have the same problem with WLSE express 2.12 version, i have been trying to authenticate users against lotus LDAP server with not success, after make some test, i found that if y send the password in clear text the test passed but if i specify any other option that was not clear text or md5 the test was not success, so i think this device not support encryptation, I open a case and effectively they said that i was not supported but not give me the reason

  • Unable to initialize LDAP (No LDAP server is configured)show in the admin server of iWS6.0 users and group

    When I goto web server administration in users and group tab it alway show me Unable to initialize LDAP (No LDAP server is configured) Is it cause the effect to use web server because I use iWS with ias .
    If it cause some effect ,Please let me know how to configured LDAP server.

    Run this Command from the Exchange Server
    Net time \\ADServerName /Set
    and confirm the action,
    and then you need to restart the service
    Microsoft Exchange Active Directory Topology Service
    and confirm you are not getting the Error 4001 in the event Viewer.
    Thank you, it resolved my issue after being sweating looking for solution.
    How can I prevent this from happening? I cannot restart services on each server reboot nor lose 5 years of my life!!!
    Sokratis Laskaridis MCP, MCTS, MCITP, Small Business Specialist Netapp ASAP, Symantec STS

  • InitialContext.unbind() deleted the admin user for LDAP server...

    Hi,
    I am doing a connection to a LDAP server from Java code. Everything was fine for several days. But today I noticed that I don't execute an unbind operation and decided to put the necessary code. So I used InitialContext.unbind(). The result was that on the first execution of my program everything was OK. But on the second execution I was not able to bind to the server at all with the constructor of InitialLdapContext class even after restarting the machine from which I execute the Java code and the machine with the server. So it went that the admin user I was using for bind and unbind credentials was deleted. I am sure that the unbind() method is causing the problem because I actually broke the two LDAPs that I have (testing referrals...).
    Now I use close() method instead of the unbind() method and everything is OK but I wonder how is this possible and why is it not documented?

    I can't imagine documenting something like "This method will delete the admin user from your server". If that's the case then it's a bug, not something to be documented. Report it to whoever wrote your Java implementation. If that's Sun, then here:
    http://bugs.sun.com/bugdatabase/login.do
    You might also want to look into your LDAP server and see if it's a known bug there.

  • Fatal error 78: Cannot connect to User Group LDAP Server

    After configuring Calendar server when trying to start:
    give following error:
    # ./start-cal
    Restarting calendar services
    Stopping all calendar services
    Starting all calendar services
    # enpd is started
    csnotifyd is started
    csadmind is started
    Fatal error 78: Cannot connect to User Group LDAP Server
    cshttpd is not started
    Calendar service(s) not started
    cshttpd is not started
    Calendar service(s) not started
    Following logs are from http logs of calendar server
    [13/Sep/2004:22:02:47 +0100] Vigor11 cshttpd[17916]: General Information: Log created (1095109367)
    [13/Sep/2004:22:02:47 +0100] Vigor11 cshttpd[17916]: General Notice: Sun Java System Calendar Server 6 2004Q2 (built Apr 28 2004) cshttpd starting up
    [13/Sep/2004:22:02:47 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd attempting to open Counters Database
    [13/Sep/2004:22:02:47 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd successfully opened the Counters Database
    [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: HTTP Module is refreshing
    [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd is refreshing
    [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd is refreshed
    [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: HTTP Module has refreshed
    [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd: argc=3 argv[0]=/opt/SUNWics5/cal/lib/cshttpd
    [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: session_init: attempting to open session database for cshttpd
    [13/Sep/2004:22:02:49 +0100] Vigor11 cshttpd[17916]: General Notice: session_init: session database open completed for cshttpd
    [13/Sep/2004:22:02:49 +0100] Vigor11 cshttpd[17916]: Store Critical: Error checking session database: DB->set_alloc: method not permitted in shared environment
    [13/Sep/2004:22:02:49 +0100] Vigor11 cshttpd[17916]: General Notice: LdapCacheInit: Ldap Cache not enabled.
    [13/Sep/2004:22:02:49 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd_parse_commandline: successfully bind process 17916 to processor 0
    [13/Sep/2004:22:02:49 +0100] Vigor11 cshttpd[17916]: General Critical: Fatal error 78: Cannot connect to User Group LDAP Server
    Have any body seen this before.
    Regards

    The server was running fine for few months until i restarted the calendar server. i started to see the same error and the problem was the machine name got changed at some point.
    I added the old hostname to the /etc/hosts file and restarted the calender server and it started to work fine.

  • Retrieve multiple user's DisplayName values from LDAP server

    Hi,
    I have a report in answers, which will show the UserIds information pulling from a database table. These users information is stored in the LDAP server and I want to retrieve the DisplayName or FirstName-LastName (if possible) of the userids that I have in the report.
    Any pointers on how can I implement that in the repository by using IB, by defining variables etc?
    Thanks in advance.
    Rajesh Gurram

    I created PL/SQL table function to get users from ldap and view based on it (Oracle database).
    create or replace
    type ldap_users_t as object(
      dn varchar2(200),
      full_name varchar2(200),
      user_name varchar2(200),
      reg_number number,
      email varchar2(200) 
    create or replace
    TYPE ldap_users_t_ct as table of ldap_users_t;
    create or replace
    function get_ldap_users return ldap_users_t_ct PIPELINED
    is
       out_rec             ldap_users_t := ldap_users_t (null,null,null,null,null);
       retval              PLS_INTEGER;
       ldap_session    DBMS_LDAP.SESSION;
       ldap_attrs       DBMS_LDAP.string_collection;
       ldap_message  DBMS_LDAP.MESSAGE;
       ldap_entry      DBMS_LDAP.MESSAGE;
       ldap_dn          VARCHAR2 (256);
       ldap_attr_name   VARCHAR2 (256);
       i PLS_INTEGER;
       user_name           DBMS_LDAP.string_collection;
       full_name           DBMS_LDAP.string_collection;
       reg_number          DBMS_LDAP.string_collection;
       email               DBMS_LDAP.string_collection;
       ldap_host           VARCHAR2 (256);
       ldap_port           VARCHAR2 (256);
       ldap_user           VARCHAR2 (256);
       ldap_passwd         VARCHAR2 (256);
       ldap_base           VARCHAR2 (256);
    BEGIN
       retval := -1;
       ldap_host :=       '********************';
       ldap_port :=       '********************';
       ldap_user :=       '********************';
       ldap_passwd := '********************';
       ldap_base :=   '********************';
       DBMS_LDAP.use_exception := TRUE;
       ldap_session := DBMS_LDAP.init (ldap_host, ldap_port);
       retval := DBMS_LDAP.simple_bind_s (ldap_session, ldap_user, ldap_passwd);
       ldap_attrs (1) := '*';
       retval :=DBMS_LDAP.search_s (ldap_session, ldap_base,DBMS_LDAP.scope_subtree,
              'objectclass=*',ldap_attrs,0,ldap_message);
       ldap_entry := DBMS_LDAP.first_entry (ldap_session, ldap_message);
       WHILE ldap_entry IS NOT NULL
       LOOP      
          ldap_dn := DBMS_LDAP.get_dn (ldap_session, ldap_entry);
          user_name := DBMS_LDAP.get_values (ldap_session, ldap_entry, 'uid');
          full_name := DBMS_LDAP.get_values (ldap_session, ldap_entry, 'cn');
          reg_number := DBMS_LDAP.get_values (ldap_session, ldap_entry, 'employeeNumber');
          email := DBMS_LDAP.get_values (ldap_session, ldap_entry, 'mail');
          out_rec.dn:=ldap_dn;
          out_rec.user_name:=null;
          out_rec.full_name:=null;
          out_rec.reg_number:=null;
          out_rec.email:=null;
          IF user_name.COUNT > 0
            THEN out_rec.user_name:=user_name(0);
          END IF;
          IF full_name.COUNT > 0
            THEN out_rec.full_name:=full_name(0);
          END IF;
          IF reg_number.COUNT > 0
            THEN out_rec.reg_number:=reg_number(0);
          END IF;
          IF email.COUNT > 0
            THEN out_rec.email:=email(0);
          END IF;
          ldap_entry := DBMS_LDAP.next_entry (ldap_session, ldap_entry);
          pipe row(out_rec);
       END LOOP;
       retval := DBMS_LDAP.msgfree (ldap_message);
       retval := DBMS_LDAP.unbind_s (ldap_session);
    END;
    create or replace view scr_ldap_users_v as select * from table(get_ldap_users);

  • Can't start server -- Fatal error: Cannot connect to user group ldap server

    After installing iCS 2.1, iCS 2.1p1, and iCS 2.1p3, a user will receive the
    following error message when trying to start the server:
    <P>
    Fatal error: Cannot connect to user group ldap server.
    <P>
    In addition, the Directory Server access logs will contain the following
    entry:
    <P>
    -0400] conn=125 op=1 SRCH base="dc=ldgw-llc,dc=com" scope=2
    filter="(objectclass=People)"
    In the server.conf file,
    check the local.enduseradmindn
    parameter. The parameter
    should appear as follows:
    <P>
    uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
    <P>
    If the parameter contains
    "calmaster" or any user
    other than "admin,"
    change it to match the line above.

    Hi,
    I am getting the same error, kindly let me know how did you solved this problem
    Thanks
    Ahmad

  • Can an LDAP server be it's own client?

    In short yes, why would you want to do this? Many reasons, but mine is to be able to use ldap on laptops running Solaris and have them log into the machine with ldap credentials off the network. When we plug them back onto the network, I have a master server send any new data via one-way replication. I will give 2 separate ways to accomplish this. One is, to put it bluntly, a dirty hack to get it working. The second is much more elegant and it's the one I have stressed tested to verify that it works.
    Disclaimer: I have only used these methods on Solaris10 update 3 with Trusted Extensions using directory server 5.2 as well as the administration server. I have used a few different kinds of machines (all x86) and have not had a problem with it. I do not know if it will work on any other version or hardware. I haven't even looked at the source code, all assumptions made here are from observing the systems behavior while making minor changes.
    Now, the reasons why normally you can't be your own client (at least as far as I can tell) is because of the way the system boots and the dependencies that the ldap/client service needs to start up. If you boot a machine that is it's own client and ldap/client runs before the directory server starts, of course it will fail. The system boots the services first, then legacy init scripts. Directory Server 5.2 uses init scripts. Correct me if I am wrong, but that is the only real hurdle in your way.
    So the first way to get it 'working' (dirty hack) is to delay the ldap/client smf service from starting until the directory server is started. After you become a client of yourself (in this case the global zone) disable the ldap/client serrvice.
    svcadm disable ldap/clientThen enable it temporarily with the -t option
    svcadm enable -t ldap/clientWell if you were to reboot now it would not work because the service would not start at boot because it is set to be administratively down. Edit the S72directory script in /etc/rc2.d and after the start commands just add the svcadm enable -t ldap/client command and it will load right after directory server starts. Will this work? Yes, is it a clean way to do it? NO. I used this method just for testing the theory that the only reason I could not be my own client was because of the booting issue.
    Now the best way that I can see to accomplish this is to create your own smf services for the directory server and admin server. That way all you have to do is add a dependency to the ldap/client xml file to wait until the new directory server service is started before it starts. So in /var/svc/manifest/site create a folder called ldap (I put this in site because I didn't want to run into any issues of patching). In /var/svc/manifest/site/ldap/ create two xml files named:
    quick note: These are the first services I have created. There may be a much better way to make them. If you can re-code it better, please let me know so I can look at them. Also there is no restart command in here (actually I just noticed that) so adding one of those would be wise.
    ds_admin.xml and directory_server.xml.
    ds_admin.xml contains<?xml version="1.0"?>
    <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
    <!--
         Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
         Use is subject to license terms.
         ident     "@(#)client.xml     1.4     04/12/09 SMI"
         NOTE:  This service manifest is editable; its contents will not
         be overwritten by package or patch operations, including
         operating system upgrade.
    -->
    <service_bundle type='manifest' name='SUNWdsadmin:dsadmin'>
    <service
         name='site/ldap/ds_admin'
         type='service'
         version='1'>
         <create_default_instance enabled='false' />
         <single_instance />
         <dependency
             name='fs'
             grouping='require_all'
             restart_on='none'
             type='service'>
              <service_fmri value='svc:/system/filesystem/minimal' />
         </dependency>
         <dependency
             name='net'
             grouping='require_all'
             restart_on='none'
             type='service'>
              <service_fmri value='svc:/network/initial' />
         </dependency>
         <exec_method
             type='method'
             name='start'
             exec='/lib/svc/method/ds_admin start'
             timeout_seconds='120' >
              <method_context>
                   <method_credential user='root' group='sys' />
              </method_context>
         </exec_method>
         <exec_method
             type='method'
             name='stop'
             exec='/lib/svc/method/ds_admin stop'
             timeout_seconds='60' >
              <method_context>
                   <method_credential user='root' group='sys' />
              </method_context>
         </exec_method>
         <stability value='Unstable' />
         <template>
              <common_name>
                   <loctext xml:lang='C'>
                   LDAP Admin server      
                   </loctext>
              </common_name>
              <description>
                   <loctext xml:lang='C'>
    LDAP admin server
    Information Service lookups
                   </loctext>
              </description>
         </template>
    </service>
    </service_bundle>and directory_server.xml contains:
    <?xml version="1.0"?>
    <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
    <!--
         Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
         Use is subject to license terms.
         ident     "@(#)client.xml     1.4     04/12/09 SMI"
         NOTE:  This service manifest is editable; its contents will not
         be overwritten by package or patch operations, including
         operating system upgrade.
    -->
    <service_bundle type='manifest' name='SUNWds:ds'>
    <service
         name='site/ldap/directory_server'
         type='service'
         version='1'>
         <create_default_instance enabled='false' />
         <single_instance />
         <dependency
             name='usr'
             grouping='require_all'
             restart_on='none'
             type='service'>
              <service_fmri value='svc:/system/filesystem/minimal' />
         </dependency>
         <dependency
             name='net'
             grouping='require_all'
             restart_on='none'
             type='service'>
              <service_fmri value='svc:/network/initial' />
         </dependency>
      <dependency
                name='ds_admin'
                grouping='require_all'
                restart_on='none'
                type='service'>
                    <service_fmri
                        value='svc:/site/ldap/ds_admin' />
         </dependency>
         <exec_method
             type='method'
             name='start'
             exec='/lib/svc/method/directory_server start'
             timeout_seconds='120' >
              <method_context>
                   <method_credential user='root' group='sys' />
              </method_context>
         </exec_method>
         <exec_method
             type='method'
             name='stop'
             exec='/lib/svc/method/directory_server stop'
             timeout_seconds='60' >
              <method_context>
                   <method_credential user='root' group='sys' />
              </method_context>
         </exec_method>
         <stability value='Unstable' />
         <template>
              <common_name>
                   <loctext xml:lang='C'>
                   LDAP directory server      
                   </loctext>
              </common_name>
              <description>
                   <loctext xml:lang='C'>
    LDAP directory server
    Information Service lookups
                   </loctext>
              </description>
         </template>
    </service>
    </service_bundle>Now the start/stop scripts will be located in /lib/svc/method and are as followed:
    ds_admin
    #!/sbin/sh
    case "$1" in
         start)
              /usr/sbin/directoryserver start-admin
         stop)
              /usr/sbin/directoryserver stop-admin
              echo "Usage: $0 { start | stop }"
              exit 1
    esac
    exit 0simple yes.
    directory_server
    #!/sbin/sh
    HOST_NAME=`hostname`
    SERVER_ROOT=/var/opt/mps/serverroot
    DIRECTORY_SERVER_INSTANCE=slapd-${HOST_NAME}
    case "$1" in
         start)
              ${SERVER_ROOT}/${DIRECTORY_SERVER_INSTANCE}/start-slapd
         stop)
              ${SERVER_ROOT}/${DIRECTORY_SERVER_INSTANCE}/stop-slapd
              echo "Usage: $0 { start | stop }"
              exit 1
    esac
    exit 0The only thing left to do is modify the ldap/client smf file to wait until the directory server starts before it loads.
    So edit /var/svc/manifest/network/ldap/client.xml and right before the dependency for for /var/ldap/ldap_client_file add this
    <dependency
                name='directory_server'
                grouping='require_all'
                restart_on='none'
                type='service'>
                    <service_fmri
                            value='svc:/site/ldap/directory_server' />
            </dependency>
    Any changes made to the /ldap/client xml file must be made after ALL zones have been installed. If this file is copied to a zone it will never work as the directory_server service is not loaded in the zones.
    Now what? You must remove the legacy init scripts in /etc/rc2.d. Those would be S72directory and S73mpsadm. No need to keep them around, alternatively, you can just change the capital 'S' to lower case and they want start.
    You can now either use svccfg to validate and import the new services or you can reboot. Typically, I reboot and use the '-m verbose' option on boot to watch the services for any errors. I haven't had any lately but on different systems I always watch to see if it behaves different.
    That's it. I have rebooted all the machines many, many times without error. This of course does not address loading the directory server or adding users, tnrhdb file, etc... We have scripted most of loading out and once we get some error correction coded in I will post them.
    Also, if you find any errors or even a better way to accomplish this, please post it.

    This restriction is only in terms of implementing the Solaris support for LDAP as a naming service. If the Solaris OS is configured to use LDAP as a naming service, it can't use a LDAP server running on the same host.
    The reason is that the LDAP server makes naming service calls before it gets fully started up. If the OS wants to use the LDAP server for the naming service, then a deadlock happens, where the LDAP server's gethostbyname() call can't complete because the LDAP server isn't up.
    It is possible to configure the Solaris naming resolution to avoid this problem. I've got a system set up this way myself. Regardless, the official support channels won't support a system set up this way, so if you do this you do it at your own risk.

  • Why do I get error "The LDAP server is unavailable" while connecting to external domain via sync connection in SharePoint UPSA ?

    Hello,
    I am trying to connect to external domain via UPS Account having "Replicate Directory changes" permission on external domain while creating sync connection in UPSA.
    I have checked below URLS :
    http://social.technet.microsoft.com/Forums/en-US/1912bf88-8fec-4b5d-9d1e-a42db8318e33/ldap-server-is-unavailable-sharepoint-2010-user-synchronization?forum=sharepointadminprevious
    http://social.technet.microsoft.com/Forums/en-US/6525d3aa-9197-42a2-aea0-190b84ac8356/the-ldap-server-is-unavailable?forum=sharepointadminprevious
    And looks like its network connectivity issue - and hence I have verified that port 389 is open by infra team.
    Note : I am able to connect to local AD , does it make sense that port is not open for external domain ? 
    Can anyone please let me know what can be the issue ? 
    Your help will be highly appreciated as I am struggling to fix this issue since  quite long time but no luck yet.
    Thank you in advance.
    Kind regards,
    Dipti Chhatrapati

    Hi Dipti,
    If you have Two-Way trust relationship then not sure if you have tried below:
    Create a folder on the SharePoint server
    Go to Folder properties - Security tab
    Try adding user of the external domain on the folder
    Please let us know if you are able to add the user or not. If you are able to add then it means that the connection and trust is proper and you should be able to create sync connection in UPA without any issues or else there is some issue with the connectivity
    or the trust which is configured.
    Please also make sure that you have given permissions to sync account as per below TechNet:
    http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
    Replicate Directory changes permissions are also required on cn=configuration container, below are the steps:
    Grant Replicate Directory Changes permission on the cn=configuration container
    Use this procedure to grant Replicate Directory Changes permission on the cn=configuration container to an account.
    To grant Replicate Directory Changes permission on the cn=configuration container
    On the domain controller, click Start, click Run, type adsiedit.msc, and then click OK.
    If the Configuration node is not already present, do the following:
    In the navigation pane, click ADSI Edit.
    On the Action menu, click Connect to.
    In the Connection Point area of the Connection Settings dialog box, click Select
    a well know Naming Context, select Configuration from the drop-down list, and then click OK.
    Expand the Configuration node, right-click the CN=Configuration... node, and then click Properties.
    In the Properties dialog box, click the Security tab.
    In the Group or user names section, click Add.
    Type the name of the synchronization account, and then click OK.
    In the Group or user names section, select the synchronization account.
    In the Permissions section, select the Allow check box next to the Replicating
    Directory Changes (Replicate Directory Changes on Windows Server 2003) permission, and then click OK.
    Kind regards,
    Bhavik K Jain
    Please ensure that you mark a question as Answered once you receive a satisfactory response.

Maybe you are looking for

  • How do I keep a Window resize from holding the CPU and temporaily interrupting the Labview application?

    I am performing a data aquisition in one VI at 10000 Samples per second, then averaging 100 samples every 10 msec.  This runs in a loop and I monitor the time of the loop.  Another VI pulls the single point result of each 10 msec average and plots it

  • Layers in CS4

    New to CS4 and not well versed in HTML.  Sometime back in an older version of DW I used layers to position photos and text on a web page.  I now have CS4 and cannot figure out how to create a layer.  Help menu says to simply Click on Insert>Layout Ob

  • [SOLVED] ffmpeg 1:1.0.1-1 memory leak? it was the file nevermind

    Running devede with ffmpeg and my memory usage with 1:1.0.1-1 went from about 1.29 GB to 18 GB while encoding a film. Thought it may be my setup so I downgraded ffmpeg to try a test and see and sure enough no large memory needed (about 2.19 GB at max

  • Extrreme in bridge does not see Express

    Have an Extreme behind a Uverse residential gateway.  Set in bridge mode and it provides intermet access via CAT5 to my PC and WiFi to my iPad and wife's MacBook Air.  Want to extend the network with an Airport Express. Reset the Express.  Connected

  • Portal content Portfolio

    Hi I am looking for screenshots on ESS. Just a few days back I was able to see screenshots, PDF documentation etc for all Business Packages.I don't see it anymore. Does anyone know where are they situated now? Or does anyone have screenshots of the E