What is direct ldap mode.

Similar Messages

• Some things no longer work after switch to direct LDAP mode

  Hi,
  today i have tried switching to direct ldap mode following the documentation
  now i can no longer send mail directed to hosts as
  [email protected]
  i always get a 5.1.1 unknown or illegal alias:
  whereas email@{subdomain}.domain.com is ok, as long as the subdomain is known to the MTA, ie it is an alias object in the DC tree
  also, some aliases defined in the file "aliases" are no longer recognized,
  for convenience, i had some default forward lines likes
  *@domain.com: @otherrelay:*@domain.com
  which effectively acted like a smarthost, ie mail to addresses not known in domain.com were forwarded to "otherrelay"
  now, probably i could solve the second problem either using a smarthost in the DC tree 's domain config
  the first problem, however, puzzles me...it look like if it doesn't find a matching address, and the host is not known as a domain, then further rewrite rules are not applied ?

  i found the problem,
  in option.dat, DOMAIN_UPLEVEL must be set to 0, in order to have the old behaviour (wildcards in aliasfile, and possibility to send mails directly to specified hosts)
  i had set it to 1, in the hope the MTA would be more tolerant to find users (if [email protected] is not found, then maybe it exists at [email protected], so use this instead) as some of our users have quite problems addressing other users in the correct subdomain.

• IMS52 (with Direct LDAP Mode) Directory Failover

  I would like to configure all components of iMS5.2 for Directory Server failover. That should include (Direct LDAP) MTA, Messaging Express, authentication, Personal Address Book, Delegated Administration, etc.
  What are all the settings I need to configure for any of these components to failover to an alternate directory server?
  Thanks,
  Fred

  ./configutil -o local.ugldaphost -v "host.domain,host.domain,host.domain"
  See the 5.2 Reference Manual, Chapter 4 for all of the configutil variables.

• Direct Ldap configuration mismatch....

  I am running directory server 5.1 and messaging server 5.2.
  I have one message store (msA.example.com) for users to retriew mail and it queries directory master server (dsA.exaple.com) with direct ldap configured.
  I am configuring another messaging server (msB.example.com) with smtp authentication for same users to send mail through that and it queries another ldap consumer server (dsB.example.com).
  dsB is replicated by dsA immediatly after any modification done to dsA. My present setup works fine if msB is configured on dirsync mode, but I want to configure it to use direct ldap from dsB.
  When I try to send email via msB (with direct ldap enabled) it waits a long time after (smtp) authentication and then terminated with "server unexpectedly terminated the connection" message on outlook client. I can not see any message on mail.log_current.
  All my direct ldap settings are correct and compiled properly.
  Later I found that when I comment the
  " $* $E$F$U%$[email protected]$V$H " line on imta.cnf file it works fine, ie. without any delay message is delivered.
  (But this has to be uncomment with direct ldap mode according to the sun documentation)
  Can anyone clarify this? I could see even without uncommenting the above line direct ldap works fine!

  Thanks for replys...
  But I tried with the way that you mentioned, but still the problem persists.
  No any message on DEBUG logs.
  But I have some more thing to tell....
  When I first install the messaging server (msB), I used the dsA as the ldap server. So after installation I got gelow results with configutil.
  local.ugldaphost = dsA.example.com
  local.ldaphost = dsA.example.com
  local.service.pab.ldaphost = dsA.example.com
  Since I want to use ldap queries from dsB, I change user lookups to dsB
  Then the output was,
  local.ugldaphost = dsB.example.com
  local.ldaphost = dsA.example.com
  local.service.pab.ldaphost = dsB.example.com
  Do you think this cause thye error?
  I can not use dsB for local.ldaphost since it causes the msB not usable. What I only need here is to get the user lookups from dsB.

• Aliases, mailforwardaddress,direct ldap, seeking clarification

  Howdy,
  We're running iMS 5.2p1 with IDS. We're still in dirsync mode and simply want to switch to direct ldap. The instructions are clear but I'm hesitating as I look into our aliases file and how to proceed. My questions are as follows -
  1) yes or no: In direct ldap mode, the msg-instance/db/aliases file is NOT used ever?
  2) if the answer to #1 is YES, then is the "solution" to create an ldap entry for a simple mail-id with a mailforwardaddress: attribute? Or if distributing to multiple users from a single mail-id, create a group/distribution list?
  3) Is it possible to be in direct ldap mode AND still use an alias database?
  We're not in the extreme on alias usage, maybe a few hundred. However when I start looking at adding a few hundred LDAP entries and then managing mailforwardaddresses: for something I used to do in one line in an alias file it becomes overkill. Perchance an ou=alias ldap entry could be thrown into the next version or maybe even gasp use the alias entry for all our Solaris servers which is already stored in LDAP?
  It may be a case where performance vs. scalability vs. simplicity and I can accept that as a sound reason. Man alive though I love iMS and my aliases file! <smile>
  Thanks for any feedback,
  Doug

  Actually, I'd like to correct that.
  ) yes or no: In direct ldap mode, the
  msg-instance/db/aliases file is NOT used ever?
  The aliasesdb.db is referred to, in the case that
  direct ldap lookup does not find anything (this is
  what the "alias magic" setting in option.dat does).
  2) if the answer to #1 is YES, then is the "solution"
  to create an ldap entry for a simple mail-id with a
  mailforwardaddress: attribute? Or if distributing to
  multiple users from a single mail-id, create a
  group/distribution list?
  I"m not at all sure what you're trying to achieve.
  We normally recommend REMOVING the old aliasesdb.db,
  , unless there are things there you need to keep, or
  are willing to maintain.
  If you need a few aliases, there is a separate
  aliases file. If you need alternate addresses, put
  'em in the user's mailalternateaddress or
  mailequivalentaddress attributes.This makes sense, I'll summarize more below.
  >
  3) Is it possible to be in direct ldap mode AND still
  use an alias database?
  Again, yes, but why would you want to do that? You'd
  have to create the database, and maintain it. Bad
  Idea.
  We're not in the extreme on alias usage, maybe a few
  hundred. However when I start looking at adding a few
  hundred LDAP entries and then managing
  mailforwardaddresses: for something I used to do in
  one line in an alias file it becomes overkill.
  Why forwarding addresses? This really doesn't make
  sense.Sure it does, in my mind <smile> here's the situation. We're a college where students, staff and faculty will either graduate, move to another college nearby or move across country. When they do so, maintaining an entry in a file such as -
  jsmith: [email protected]
  Is pretty simple. This file can also be shared with other Sun servers or placed into the LDAP/NIS Alias entry. So the functionality extends beyond iMS a bit.
  With a graduating class of say 400, with an email forwarding policy of 12 months after departure, these would accumulate in the LDAP database with no other iMS information than a mailforwardaddress needed. As we know, LDAP requires a tad more information to accept a record. Hence the perception on my part of the alias file. (I'm just afraid of change, bear with me!)
  >
  How do you do it NOW? What is it you're doing?We run in dirsync mode and rebuild the alias database. I also think I'm using the terms alias *file* and alias *database* interchangeably. I do understand that the DB gets built from the file.
  >
  >
  Perchance an ou=alias ldap entry could be thrown into
  the next version or maybe even *gasp* use the alias
  entry for all our Solaris servers which is already
  stored in LDAP?
  It may be a case where performance vs. scalability
  vs. simplicity and I can accept that as a sound
  reason. Man alive though I love iMS *and* my aliases
  file! <smile>
  Again, what is it exactly that you want to do? Most
  likely there's an easy way to do it.
  Thanks for any feedback,Thank you, I appreciate the additional information. We also use the alias file to add quick addresses like for a department which only wants mail sent from one email address to many. No other functionality needed. For example -
  summerconference2003: user1, user2, user3
  A simple and quick "one to several" email address. Granted, for iMS I'd have to add the domain but the concept is the same.
  Thanks again,
  Doug

• Direct LDAP in 5.2

  Hi, I am testing out features in 5.2 after an upgrade from NMS 4.15. I couldnt find any benefits of using Dirsync so I switched to direct LDAP mode. The main reason was that if I make a change in the directory I want the mail server to pick it up right away, just like it does in 4.15.
  I have noticed that, even in direct LDAP mode, things like changing a users forwarding address or vacation message take about 15 minutes for the mail server to pick up. It does not seem like a direct lookup at all, there must be some type of caching. Has anyone else experienced this, or can someone explain it ?
  Thanks,
  Mark

  I have the same problem.
  Did you get any answer for it ?
  Vincent

• Problem with Direct LDAP

  Hi Jay,
  I am having a problem with the switch to Direct LDAP. I am finally doing it on my production server. Using ldap 4.16 currently. Once I get this working I am upgrading to 5.2
  We have a server that holds messages until a user releases them. This server is called ewall.mydomain.com.
  They get a message in their inbox that allows them to click on a link to send the ewall server a message to release the held mail.
  the link would look like this:
  [email protected]
  (all on one line)
  This worked just fine in dirsync mode but after switching to Direct Ldap I get an 5.1.1 unknown or illegal alias when the user tries to send the message. If I switch back to dirsync mode it works fine again. Everything else is working fine.
  Any ideas?
  Thanks
  Don

  Well, it means that for some reason, your [email protected]
  user isn't being picked up in the direct ldap.
  It could be that your domain is "mydomain.com", and the user is in "ewall.mydomain.com". dirsync assumes that subdomains are part of an overall domain
  direct ldap doesn't, unless you set
  domain_uplevel=3 in your option.dat, and recompile

• Error after setting up direct LDAP

  Running iMS 5.2 and LDAP 4.1.6
  after making the changes to set up direct LDAP lookup I started getting the following error:
  4.0.0 temporary error returned by alias expansion
  While making the changes to set the server back to dirsync mode I noticed that the databases:
  aliasesdb.db and reversedb.db had been recreated but were significanly smaller than the originals.
  After changing the imta.cnf, option.dat,job_controller.cnf and mappings files back and replacing my db files I ran a imsimta cnbuild and a full dirsync and everything functioned normal again.
  Any ideas?
  Don

  Hi Roger and Jay,
  I followed the instructions exactly. I have restored my backups of the config files a couple times and started over again. I did catch the error that Roger pointed out and my line read exactly like his example (with my domain of course)
  This is my old mailserver. I have a new one working right now. I am trying to get the updates all working on this one before I mess up the production machine so there is no problem with it being down while I work the bugs out.
  Here is a clip from the ldap access log
  the last line shows an error 11 that I assume is the problem.
  [14/Dec/2004:15:44:29 -0700] conn=46 op=1 SRCH base="dc=sturgeon,dc=ab,dc=ca,o=Internet" scope=0 filter="(|(objectclass=inetDomain)(objectclass=inetdomainalias))"
  [14/Dec/2004:15:44:29 -0700] conn=46 op=1 RESULT err=0 tag=101 nentries=1 etime=0
  [14/Dec/2004:15:44:29 -0700] conn=46 op=2 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(&(objectclass=groupOfUniqueNames)(objectclass=inetMailAdministrator))"
  [14/Dec/2004:15:44:29 -0700] conn=46 op=2 RESULT err=0 tag=101 nentries=1 etime=0
  [14/Dec/2004:15:44:29 -0700] conn=46 op=3 SRCH base="cn=Domain Administrators,ou=Groups,o=sturgeon.ab.ca,o=ab.ca" scope=0 filter="(objectclass=*)"
  [14/Dec/2004:15:44:29 -0700] conn=46 op=3 RESULT err=0 tag=101 nentries=1 etime=0
  [14/Dec/2004:15:44:29 -0700] conn=46 op=4 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(uid=carlgren)"
  [14/Dec/2004:15:44:29 -0700] conn=46 op=4 RESULT err=0 tag=101 nentries=1 etime=0
  [14/Dec/2004:15:44:29 -0700] conn=47 fd=54 slot=54 connection from 192.168.0.12 to 192.168.0.12
  [14/Dec/2004:15:44:29 -0700] conn=47 op=0 BIND dn="uid=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca" method=128 version=3
  [14/Dec/2004:15:44:29 -0700] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0
  [14/Dec/2004:15:44:29 -0700] conn=46 op=5 SRCH base="cn=Service Administrators,ou=Groups,o=ab.ca" scope=0 filter="(objectclass=groupOfUniqueNames)"
  [14/Dec/2004:15:44:30 -0700] conn=46 op=5 RESULT err=0 tag=101 nentries=1 etime=1
  [14/Dec/2004:15:44:30 -0700] conn=46 op=6 SRCH base="uid=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca" scope=0 filter="(objectclass=*)"
  [14/Dec/2004:15:44:30 -0700] conn=46 op=6 RESULT err=0 tag=101 nentries=1 etime=0
  [14/Dec/2004:15:44:31 -0700] conn=48 fd=55 slot=55 connection from 192.168.0.12 to 192.168.0.12
  [14/Dec/2004:15:44:31 -0700] conn=48 op=0 BIND dn="uid=msg-admin-1,ou=People,o=sturgeon.ab.ca,o=ab.ca" method=128 version=3
  [14/Dec/2004:15:44:31 -0700] conn=48 op=0 RESULT err=0 tag=97 nentries=0 etime=0
  [14/Dec/2004:15:44:31 -0700] conn=48 op=1 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(|(cn=*)(ou=*))"
  [14/Dec/2004:15:44:31 -0700] conn=48 op=1 RESULT err=0 tag=101 nentries=40 etime=0
  [14/Dec/2004:15:44:31 -0700] conn=48 op=2 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(|(objectclass=pab)(objectclass=pabgroup))"
  [14/Dec/2004:15:44:31 -0700] conn=48 op=2 RESULT err=0 tag=101 nentries=2 etime=0
  [14/Dec/2004:15:44:31 -0700] conn=48 op=3 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(memberofpab=AddressBook271b6af)"
  [14/Dec/2004:15:44:31 -0700] conn=48 op=3 RESULT err=0 tag=101 nentries=37 etime=0
  [14/Dec/2004:15:44:42 -0700] conn=38 op=3 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(|([email protected])([email protected])([email protected]))"
  [14/Dec/2004:15:44:49 -0700] conn=38 op=3 RESULT err=11 tag=101 nentries=1 etime=7 notes=U
  If I put the machine back into dirsync mode then everything works fine. I must be missing something.
  In the morning I'll try again.
  Thanks for the help,
  Don

• Optimizing Mailing Lists with Direct LDAP

  Hey all,
  I've noticed performance issues with iMS 5.2p1 (with iDS 5.1) with respect to direct LDAP look up's, especially for large mailing lists. Even a 28 user list takes 10 minutes, where as with MS 4.1.5 it was practaically instance. We also have a dynamic group with everyone (4000 people or so) and it simply pegs the LDAP server @100% CPU and sits there for a day. It seems that there are a ton of ways to optimize the caches and LDAP lookups. Where should I start or what should I do? What settings should I look to fix on the LDAP server, IMTA, etc. to speed things up?
  Thanks!
  Chris

  This was an LDAP server optimization issue. I increased the memory for both the slapd cache and the database cache. I then added indexes for all the common items search for by the IMTA. I was watching the slapd access logs and saw that the IMTA searchs for a lot of imortant items that are not indexed by default. I added indexes for:
  inetUserStatus
  mailUserStatus
  inetMailGroupStatus
  mailEquivalentAddress
  mailRoutingAddress
  mailMsgMaxBlocks
  mailQuota
  mailMsgQuota
  mailProgramDeliveryInfo
  mailDeliveryFileURL
  maildeliveryfile
  mailConversionTag
  mailDeliveryOption
  vacationStartDate
  vacationEndDate
  mailForwardingAddress
  memberURL
  rfc822mailmember
  mailAccessDomain
  mailMessageStore
  preferredLanguage
  mailAllowedServiceAccess
  Now a message to everyone that took 24 hours and never went through takes just over a minute to get to 4000 users on my little test server. Smaller dynamic lists are even faster. General performance of message delivery is also faster, as is SMTP response from the client prespective.

• How to set the router and play the Command & Conquer using direct IP mode?

  My router is WRT54GFirmware Version: v3.03.1
  How to set the router and play the Command & Conquer using direct IP mode with other computer?

  Hi, when you say direct IP mode, what do you mean ? do you wanna play the game online or on the LAN ??
  can you give a few more details.

• Tax issue with Direct Input mode of RFBIBL00

  Hi, I have a problem using <b>RFBIBL00</b> (direct input mode) to create A/R invoices. There is no tax associated with the invoice, however, when I use direct input mode, instead of posting immediately, a batch input session is created. In the log, an <b>information</b> message: <i>'Specify a tax jurisdiction key'</i>. The BDC session is processed with no error.
  When using Call transaction mode for RFBIBL00, the document is posted immediately but the requirement is to use Direct input mode.
  There is no converted data in the BBTAX structure since the doc. does not need to post to tax account. Do I need to populate the Tax amount, Tax code and jurisdiction code in this structure and BBSEG in order to by pass the information message?
  Any advice is appreciated.
  - Minami

  Problem solved. Just need to untie the relationship between the ITEM import structure and the BBTAX so the Direct Input program will not require a tax jurisdiction code.

• What are the lock modes in Lock object

  What are the lock modes in Lock object ?
  what are the divfferences between
  Exclusive , cumulative
  Shared
  Exclusive , not cumulative
  Could any body explain what happens in each table lock ?
  How the lock consists ?

  HI
  Lock objects are used to synchronize access to the same data by more than one program.
  The lock mode controls whether several users can access data records at the same time. The lock mode can be assigned separately for each table in the lock object. When the lock is set, the corresponding lock entry is stored in the lock table of the system for each table.
  There are three types of lock modes
  1.Exclusive
  2.Shared
  3.Exclusive not cummulative
  Exclusive lock: The locked data can only be displayed or edited by a single user. A request for another exclusive lock or for a shared lock is rejected.
  Shared lock: More than one user can access the locked data at the same time in display mode. A request for another shared lock is accepted, even if it comes from another user. An exclusive lock is rejected.
  Exclusive but not cumulative: Exclusive locks can be requested several times from the same transaction and are processed successively. In contrast, exclusive but not cumulative locks can be called only once from the same transaction. All other lock requests are rejected.
  please go through these links:
  <a href="http://help.sap.com/saphelp_nw04/helpdata/en/a2/3547360f2ea61fe10000009b38f839/frameset.htm">http://help.sap.com/saphelp_nw04/helpdata/en/a2/3547360f2ea61fe10000009b38f839/frameset.htm</a>
  <a href="http://help.sap.com/saphelp_nw04/helpdata/en/af/22ab01dd0b11d1952000a0c929b3c3/frameset.htm">http://help.sap.com/saphelp_nw04/helpdata/en/af/22ab01dd0b11d1952000a0c929b3c3/frameset.htm</a>
  <a href="http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eeb2446011d189700000e8322d00/frameset.htm">http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eeb2446011d189700000e8322d00/frameset.htm</a>
  <a href="http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eebf446011d189700000e8322d00/frameset.htm">http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eebf446011d189700000e8322d00/frameset.htm</a>
  <a href="http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eed9446011d189700000e8322d00/frameset.htm">http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eed9446011d189700000e8322d00/frameset.htm</a>
  Regards,
  Gunasree.

• What exactly does Standby mode do?

  In a quest to figure out how to turn the screen power off when I want to, I have found Standby mode, which does exactly that.  All the manual says about it is to press and hold the mute button to go into standby mode, but doesn't say anything else about it.  What exactly is "Standby Mode"?  Will it still give me calendar alerts, and phone calls and other alerts, or is it essentially turned off?
  Jesse
  Solved!
  Go to Solution.

  Standby mode is just a low power state to conserve battery life. It shuts of the backlight and screen, and does not respond to key presses until you bring it out of standby mode. Your notifications, phone calls, etc. are not affected by it.
  The holster serves the same purpose: it has a magnet that is detected by the phone to put it into standby. If you go to the notification/ ringer profile settings, you will notice 2 different setting: out of holster and in holster.
  Kijana
  Please remember to:
  1. Mark Accept as Solution on the appropriate post once your issue has been resolved
  2. Give Kudos to helpful posts (click the star next to the post)
  Thanks

• What is "PDF/A" Mode?

  Greetings,
  When I open a particular PDF, a blue bar comes up saying "You are viewing this document in PDF/A mode." What is "PDF/A" mode?
  I'm using Adobe Reader 9.3.1 on Windows 7 Home Premium.
  Thanks,
  Shane.

  Found it! Thank you!
  Teresa Crimmens, Director of Trail Operations
  Tahoe Rim Trail Association
  948 Incline Way
  Incline Village, NV 89451
  775-298-0232
  [email protected]
  www.tahoerimtrail.org

• What is the private mode

  hi Experts,
                   Pls clarify what is the private mode and how we it can relate with Heap Memory?
  Thanks in advance.

  hello amit
  Private Mode
  Private mode is mode where the heap data is getting exclusively allocated by the user and is no more shared across the system, this happen when your extended memory is exhausted.
  You can go to transaction
  ST02 --> Double click on extended memory --> Mode List
  From there you see a history of which users were using all of your extended memory, and how much memory total.
  If you want to know more about private mode
  http://help.sap.com/saphelp_nwpi71/helpdata/en/7a/caa6f3bfdb11d188b30000e83539c3/content.htm
  I hope this information will help you a lot
  Thanks & Regards
  Shishir