What is direct ldap mode.
I wanna know about some people suugest that use direct ldap. I want to diffrences b/w default and direct ldap mode and how to enable it.
I'm going to quote from the engineers responsible for Direct LDAP, "Dirsync is the blackest kind of black magic. Direct LDAP is White Magic."
Basically, Dirsync is an old holdover from the days when Sun didn't have a high-performance Directory Server, but did have a high-performance mail server. Since the old Sun Directory Server (no relationship to the current product, purchased as part of Netscape), Dirsync was developed as a way to gather the entire contents of the old directory into the mail server.
Since the current Sun JES directory server, iPlanet Directory Server is a very high-performance product, this is no longer needed. Dirsync uses a directory server in a very non-optimal way, essentially. Every day, Dirsync goes to the directory, and says, "tell me all you know". Every 10 minutes, it says to the directory, "tell me all you've learned in the last 10 minutes". These queries are very difficult for a directory server to handle, especially in large deployments, and can crash a directory server.
Direct LDAP is different. It uses the directory server in the way that the directory server was designed to be used. Look up a single user, with an indexed search. Direct LDAP is well documented, while Dirsync was not. Direct LDAP uses advanced cache systems. Dirsync did not. Direct LDAP is undergoing development and fixes, while Dirsync is not. Dirsync has bugs, and will never be fixed.
Messaging 6.0 and later do not even include the Dirsync capability.
Direct LDAP proves to perform faster than Dirsync, in real deployments, too.
Hopefully, that answers the questions?
Similar Messages
-
Some things no longer work after switch to direct LDAP mode
Hi,
today i have tried switching to direct ldap mode following the documentation
now i can no longer send mail directed to hosts as
[email protected]
i always get a 5.1.1 unknown or illegal alias:
whereas email@{subdomain}.domain.com is ok, as long as the subdomain is known to the MTA, ie it is an alias object in the DC tree
also, some aliases defined in the file "aliases" are no longer recognized,
for convenience, i had some default forward lines likes
*@domain.com: @otherrelay:*@domain.com
which effectively acted like a smarthost, ie mail to addresses not known in domain.com were forwarded to "otherrelay"
now, probably i could solve the second problem either using a smarthost in the DC tree 's domain config
the first problem, however, puzzles me...it look like if it doesn't find a matching address, and the host is not known as a domain, then further rewrite rules are not applied ?i found the problem,
in option.dat, DOMAIN_UPLEVEL must be set to 0, in order to have the old behaviour (wildcards in aliasfile, and possibility to send mails directly to specified hosts)
i had set it to 1, in the hope the MTA would be more tolerant to find users (if [email protected] is not found, then maybe it exists at [email protected], so use this instead) as some of our users have quite problems addressing other users in the correct subdomain. -
IMS52 (with Direct LDAP Mode) Directory Failover
I would like to configure all components of iMS5.2 for Directory Server failover. That should include (Direct LDAP) MTA, Messaging Express, authentication, Personal Address Book, Delegated Administration, etc.
What are all the settings I need to configure for any of these components to failover to an alternate directory server?
Thanks,
Fred./configutil -o local.ugldaphost -v "host.domain,host.domain,host.domain"
See the 5.2 Reference Manual, Chapter 4 for all of the configutil variables. -
Direct Ldap configuration mismatch....
I am running directory server 5.1 and messaging server 5.2.
I have one message store (msA.example.com) for users to retriew mail and it queries directory master server (dsA.exaple.com) with direct ldap configured.
I am configuring another messaging server (msB.example.com) with smtp authentication for same users to send mail through that and it queries another ldap consumer server (dsB.example.com).
dsB is replicated by dsA immediatly after any modification done to dsA. My present setup works fine if msB is configured on dirsync mode, but I want to configure it to use direct ldap from dsB.
When I try to send email via msB (with direct ldap enabled) it waits a long time after (smtp) authentication and then terminated with "server unexpectedly terminated the connection" message on outlook client. I can not see any message on mail.log_current.
All my direct ldap settings are correct and compiled properly.
Later I found that when I comment the
" $* $E$F$U%$[email protected]$V$H " line on imta.cnf file it works fine, ie. without any delay message is delivered.
(But this has to be uncomment with direct ldap mode according to the sun documentation)
Can anyone clarify this? I could see even without uncommenting the above line direct ldap works fine!Thanks for replys...
But I tried with the way that you mentioned, but still the problem persists.
No any message on DEBUG logs.
But I have some more thing to tell....
When I first install the messaging server (msB), I used the dsA as the ldap server. So after installation I got gelow results with configutil.
local.ugldaphost = dsA.example.com
local.ldaphost = dsA.example.com
local.service.pab.ldaphost = dsA.example.com
Since I want to use ldap queries from dsB, I change user lookups to dsB
Then the output was,
local.ugldaphost = dsB.example.com
local.ldaphost = dsA.example.com
local.service.pab.ldaphost = dsB.example.com
Do you think this cause thye error?
I can not use dsB for local.ldaphost since it causes the msB not usable. What I only need here is to get the user lookups from dsB. -
Aliases, mailforwardaddress,direct ldap, seeking clarification
Howdy,
We're running iMS 5.2p1 with IDS. We're still in dirsync mode and simply want to switch to direct ldap. The instructions are clear but I'm hesitating as I look into our aliases file and how to proceed. My questions are as follows -
1) yes or no: In direct ldap mode, the msg-instance/db/aliases file is NOT used ever?
2) if the answer to #1 is YES, then is the "solution" to create an ldap entry for a simple mail-id with a mailforwardaddress: attribute? Or if distributing to multiple users from a single mail-id, create a group/distribution list?
3) Is it possible to be in direct ldap mode AND still use an alias database?
We're not in the extreme on alias usage, maybe a few hundred. However when I start looking at adding a few hundred LDAP entries and then managing mailforwardaddresses: for something I used to do in one line in an alias file it becomes overkill. Perchance an ou=alias ldap entry could be thrown into the next version or maybe even gasp use the alias entry for all our Solaris servers which is already stored in LDAP?
It may be a case where performance vs. scalability vs. simplicity and I can accept that as a sound reason. Man alive though I love iMS and my aliases file! <smile>
Thanks for any feedback,
DougActually, I'd like to correct that.
) yes or no: In direct ldap mode, the
msg-instance/db/aliases file is NOT used ever?
The aliasesdb.db is referred to, in the case that
direct ldap lookup does not find anything (this is
what the "alias magic" setting in option.dat does).
2) if the answer to #1 is YES, then is the "solution"
to create an ldap entry for a simple mail-id with a
mailforwardaddress: attribute? Or if distributing to
multiple users from a single mail-id, create a
group/distribution list?
I"m not at all sure what you're trying to achieve.
We normally recommend REMOVING the old aliasesdb.db,
, unless there are things there you need to keep, or
are willing to maintain.
If you need a few aliases, there is a separate
aliases file. If you need alternate addresses, put
'em in the user's mailalternateaddress or
mailequivalentaddress attributes.This makes sense, I'll summarize more below.
>
3) Is it possible to be in direct ldap mode AND still
use an alias database?
Again, yes, but why would you want to do that? You'd
have to create the database, and maintain it. Bad
Idea.
We're not in the extreme on alias usage, maybe a few
hundred. However when I start looking at adding a few
hundred LDAP entries and then managing
mailforwardaddresses: for something I used to do in
one line in an alias file it becomes overkill.
Why forwarding addresses? This really doesn't make
sense.Sure it does, in my mind <smile> here's the situation. We're a college where students, staff and faculty will either graduate, move to another college nearby or move across country. When they do so, maintaining an entry in a file such as -
jsmith: [email protected]
Is pretty simple. This file can also be shared with other Sun servers or placed into the LDAP/NIS Alias entry. So the functionality extends beyond iMS a bit.
With a graduating class of say 400, with an email forwarding policy of 12 months after departure, these would accumulate in the LDAP database with no other iMS information than a mailforwardaddress needed. As we know, LDAP requires a tad more information to accept a record. Hence the perception on my part of the alias file. (I'm just afraid of change, bear with me!)
>
How do you do it NOW? What is it you're doing?We run in dirsync mode and rebuild the alias database. I also think I'm using the terms alias *file* and alias *database* interchangeably. I do understand that the DB gets built from the file.
>
>
Perchance an ou=alias ldap entry could be thrown into
the next version or maybe even *gasp* use the alias
entry for all our Solaris servers which is already
stored in LDAP?
It may be a case where performance vs. scalability
vs. simplicity and I can accept that as a sound
reason. Man alive though I love iMS *and* my aliases
file! <smile>
Again, what is it exactly that you want to do? Most
likely there's an easy way to do it.
Thanks for any feedback,Thank you, I appreciate the additional information. We also use the alias file to add quick addresses like for a department which only wants mail sent from one email address to many. No other functionality needed. For example -
summerconference2003: user1, user2, user3
A simple and quick "one to several" email address. Granted, for iMS I'd have to add the domain but the concept is the same.
Thanks again,
Doug -
Hi, I am testing out features in 5.2 after an upgrade from NMS 4.15. I couldnt find any benefits of using Dirsync so I switched to direct LDAP mode. The main reason was that if I make a change in the directory I want the mail server to pick it up right away, just like it does in 4.15.
I have noticed that, even in direct LDAP mode, things like changing a users forwarding address or vacation message take about 15 minutes for the mail server to pick up. It does not seem like a direct lookup at all, there must be some type of caching. Has anyone else experienced this, or can someone explain it ?
Thanks,
MarkI have the same problem.
Did you get any answer for it ?
Vincent -
Hi Jay,
I am having a problem with the switch to Direct LDAP. I am finally doing it on my production server. Using ldap 4.16 currently. Once I get this working I am upgrading to 5.2
We have a server that holds messages until a user releases them. This server is called ewall.mydomain.com.
They get a message in their inbox that allows them to click on a link to send the ewall server a message to release the held mail.
the link would look like this:
[email protected]
(all on one line)
This worked just fine in dirsync mode but after switching to Direct Ldap I get an 5.1.1 unknown or illegal alias when the user tries to send the message. If I switch back to dirsync mode it works fine again. Everything else is working fine.
Any ideas?
Thanks
DonWell, it means that for some reason, your [email protected]
user isn't being picked up in the direct ldap.
It could be that your domain is "mydomain.com", and the user is in "ewall.mydomain.com". dirsync assumes that subdomains are part of an overall domain
direct ldap doesn't, unless you set
domain_uplevel=3 in your option.dat, and recompile -
Error after setting up direct LDAP
Running iMS 5.2 and LDAP 4.1.6
after making the changes to set up direct LDAP lookup I started getting the following error:
4.0.0 temporary error returned by alias expansion
While making the changes to set the server back to dirsync mode I noticed that the databases:
aliasesdb.db and reversedb.db had been recreated but were significanly smaller than the originals.
After changing the imta.cnf, option.dat,job_controller.cnf and mappings files back and replacing my db files I ran a imsimta cnbuild and a full dirsync and everything functioned normal again.
Any ideas?
DonHi Roger and Jay,
I followed the instructions exactly. I have restored my backups of the config files a couple times and started over again. I did catch the error that Roger pointed out and my line read exactly like his example (with my domain of course)
This is my old mailserver. I have a new one working right now. I am trying to get the updates all working on this one before I mess up the production machine so there is no problem with it being down while I work the bugs out.
Here is a clip from the ldap access log
the last line shows an error 11 that I assume is the problem.
[14/Dec/2004:15:44:29 -0700] conn=46 op=1 SRCH base="dc=sturgeon,dc=ab,dc=ca,o=Internet" scope=0 filter="(|(objectclass=inetDomain)(objectclass=inetdomainalias))"
[14/Dec/2004:15:44:29 -0700] conn=46 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=2 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(&(objectclass=groupOfUniqueNames)(objectclass=inetMailAdministrator))"
[14/Dec/2004:15:44:29 -0700] conn=46 op=2 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=3 SRCH base="cn=Domain Administrators,ou=Groups,o=sturgeon.ab.ca,o=ab.ca" scope=0 filter="(objectclass=*)"
[14/Dec/2004:15:44:29 -0700] conn=46 op=3 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=4 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(uid=carlgren)"
[14/Dec/2004:15:44:29 -0700] conn=46 op=4 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:29 -0700] conn=47 fd=54 slot=54 connection from 192.168.0.12 to 192.168.0.12
[14/Dec/2004:15:44:29 -0700] conn=47 op=0 BIND dn="uid=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca" method=128 version=3
[14/Dec/2004:15:44:29 -0700] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0
[14/Dec/2004:15:44:29 -0700] conn=46 op=5 SRCH base="cn=Service Administrators,ou=Groups,o=ab.ca" scope=0 filter="(objectclass=groupOfUniqueNames)"
[14/Dec/2004:15:44:30 -0700] conn=46 op=5 RESULT err=0 tag=101 nentries=1 etime=1
[14/Dec/2004:15:44:30 -0700] conn=46 op=6 SRCH base="uid=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca" scope=0 filter="(objectclass=*)"
[14/Dec/2004:15:44:30 -0700] conn=46 op=6 RESULT err=0 tag=101 nentries=1 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 fd=55 slot=55 connection from 192.168.0.12 to 192.168.0.12
[14/Dec/2004:15:44:31 -0700] conn=48 op=0 BIND dn="uid=msg-admin-1,ou=People,o=sturgeon.ab.ca,o=ab.ca" method=128 version=3
[14/Dec/2004:15:44:31 -0700] conn=48 op=0 RESULT err=0 tag=97 nentries=0 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 op=1 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(|(cn=*)(ou=*))"
[14/Dec/2004:15:44:31 -0700] conn=48 op=1 RESULT err=0 tag=101 nentries=40 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 op=2 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(|(objectclass=pab)(objectclass=pabgroup))"
[14/Dec/2004:15:44:31 -0700] conn=48 op=2 RESULT err=0 tag=101 nentries=2 etime=0
[14/Dec/2004:15:44:31 -0700] conn=48 op=3 SRCH base="ou=carlgren,ou=people,o=sturgeon.ab.ca,o=ab.ca,o=pab" scope=2 filter="(memberofpab=AddressBook271b6af)"
[14/Dec/2004:15:44:31 -0700] conn=48 op=3 RESULT err=0 tag=101 nentries=37 etime=0
[14/Dec/2004:15:44:42 -0700] conn=38 op=3 SRCH base="o=sturgeon.ab.ca,o=ab.ca" scope=2 filter="(|([email protected])([email protected])([email protected]))"
[14/Dec/2004:15:44:49 -0700] conn=38 op=3 RESULT err=11 tag=101 nentries=1 etime=7 notes=U
If I put the machine back into dirsync mode then everything works fine. I must be missing something.
In the morning I'll try again.
Thanks for the help,
Don -
Optimizing Mailing Lists with Direct LDAP
Hey all,
I've noticed performance issues with iMS 5.2p1 (with iDS 5.1) with respect to direct LDAP look up's, especially for large mailing lists. Even a 28 user list takes 10 minutes, where as with MS 4.1.5 it was practaically instance. We also have a dynamic group with everyone (4000 people or so) and it simply pegs the LDAP server @100% CPU and sits there for a day. It seems that there are a ton of ways to optimize the caches and LDAP lookups. Where should I start or what should I do? What settings should I look to fix on the LDAP server, IMTA, etc. to speed things up?
Thanks!
ChrisThis was an LDAP server optimization issue. I increased the memory for both the slapd cache and the database cache. I then added indexes for all the common items search for by the IMTA. I was watching the slapd access logs and saw that the IMTA searchs for a lot of imortant items that are not indexed by default. I added indexes for:
inetUserStatus
mailUserStatus
inetMailGroupStatus
mailEquivalentAddress
mailRoutingAddress
mailMsgMaxBlocks
mailQuota
mailMsgQuota
mailProgramDeliveryInfo
mailDeliveryFileURL
maildeliveryfile
mailConversionTag
mailDeliveryOption
vacationStartDate
vacationEndDate
mailForwardingAddress
memberURL
rfc822mailmember
mailAccessDomain
mailMessageStore
preferredLanguage
mailAllowedServiceAccess
Now a message to everyone that took 24 hours and never went through takes just over a minute to get to 4000 users on my little test server. Smaller dynamic lists are even faster. General performance of message delivery is also faster, as is SMTP response from the client prespective. -
How to set the router and play the Command & Conquer using direct IP mode?
My router is WRT54GFirmware Version: v3.03.1
How to set the router and play the Command & Conquer using direct IP mode with other computer?Hi, when you say direct IP mode, what do you mean ? do you wanna play the game online or on the LAN ??
can you give a few more details. -
Tax issue with Direct Input mode of RFBIBL00
Hi, I have a problem using <b>RFBIBL00</b> (direct input mode) to create A/R invoices. There is no tax associated with the invoice, however, when I use direct input mode, instead of posting immediately, a batch input session is created. In the log, an <b>information</b> message: <i>'Specify a tax jurisdiction key'</i>. The BDC session is processed with no error.
When using Call transaction mode for RFBIBL00, the document is posted immediately but the requirement is to use Direct input mode.
There is no converted data in the BBTAX structure since the doc. does not need to post to tax account. Do I need to populate the Tax amount, Tax code and jurisdiction code in this structure and BBSEG in order to by pass the information message?
Any advice is appreciated.
- MinamiProblem solved. Just need to untie the relationship between the ITEM import structure and the BBTAX so the Direct Input program will not require a tax jurisdiction code.
-
What are the lock modes in Lock object
What are the lock modes in Lock object ?
what are the divfferences between
Exclusive , cumulative
Shared
Exclusive , not cumulative
Could any body explain what happens in each table lock ?
How the lock consists ?HI
Lock objects are used to synchronize access to the same data by more than one program.
The lock mode controls whether several users can access data records at the same time. The lock mode can be assigned separately for each table in the lock object. When the lock is set, the corresponding lock entry is stored in the lock table of the system for each table.
There are three types of lock modes
1.Exclusive
2.Shared
3.Exclusive not cummulative
Exclusive lock: The locked data can only be displayed or edited by a single user. A request for another exclusive lock or for a shared lock is rejected.
Shared lock: More than one user can access the locked data at the same time in display mode. A request for another shared lock is accepted, even if it comes from another user. An exclusive lock is rejected.
Exclusive but not cumulative: Exclusive locks can be requested several times from the same transaction and are processed successively. In contrast, exclusive but not cumulative locks can be called only once from the same transaction. All other lock requests are rejected.
please go through these links:
<a href="http://help.sap.com/saphelp_nw04/helpdata/en/a2/3547360f2ea61fe10000009b38f839/frameset.htm">http://help.sap.com/saphelp_nw04/helpdata/en/a2/3547360f2ea61fe10000009b38f839/frameset.htm</a>
<a href="http://help.sap.com/saphelp_nw04/helpdata/en/af/22ab01dd0b11d1952000a0c929b3c3/frameset.htm">http://help.sap.com/saphelp_nw04/helpdata/en/af/22ab01dd0b11d1952000a0c929b3c3/frameset.htm</a>
<a href="http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eeb2446011d189700000e8322d00/frameset.htm">http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eeb2446011d189700000e8322d00/frameset.htm</a>
<a href="http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eebf446011d189700000e8322d00/frameset.htm">http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eebf446011d189700000e8322d00/frameset.htm</a>
<a href="http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eed9446011d189700000e8322d00/frameset.htm">http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eed9446011d189700000e8322d00/frameset.htm</a>
Regards,
Gunasree. -
What exactly does Standby mode do?
In a quest to figure out how to turn the screen power off when I want to, I have found Standby mode, which does exactly that. All the manual says about it is to press and hold the mute button to go into standby mode, but doesn't say anything else about it. What exactly is "Standby Mode"? Will it still give me calendar alerts, and phone calls and other alerts, or is it essentially turned off?
Jesse
Solved!
Go to Solution.Standby mode is just a low power state to conserve battery life. It shuts of the backlight and screen, and does not respond to key presses until you bring it out of standby mode. Your notifications, phone calls, etc. are not affected by it.
The holster serves the same purpose: it has a magnet that is detected by the phone to put it into standby. If you go to the notification/ ringer profile settings, you will notice 2 different setting: out of holster and in holster.
Kijana
Please remember to:
1. Mark Accept as Solution on the appropriate post once your issue has been resolved
2. Give Kudos to helpful posts (click the star next to the post)
Thanks -
What is "PDF/A" Mode?
Greetings,
When I open a particular PDF, a blue bar comes up saying "You are viewing this document in PDF/A mode." What is "PDF/A" mode?
I'm using Adobe Reader 9.3.1 on Windows 7 Home Premium.
Thanks,
Shane.Found it! Thank you!
Teresa Crimmens, Director of Trail Operations
Tahoe Rim Trail Association
948 Incline Way
Incline Village, NV 89451
775-298-0232
[email protected]
www.tahoerimtrail.org -
hi Experts,
Pls clarify what is the private mode and how we it can relate with Heap Memory?
Thanks in advance.hello amit
Private Mode
Private mode is mode where the heap data is getting exclusively allocated by the user and is no more shared across the system, this happen when your extended memory is exhausted.
You can go to transaction
ST02 --> Double click on extended memory --> Mode List
From there you see a history of which users were using all of your extended memory, and how much memory total.
If you want to know more about private mode
http://help.sap.com/saphelp_nwpi71/helpdata/en/7a/caa6f3bfdb11d188b30000e83539c3/content.htm
I hope this information will help you a lot
Thanks & Regards
Shishir
Maybe you are looking for
-
Can anyone explain why my internet is slowing down...
I noticed today my router had reset in the night and dropped speed, ive had a bad time with speed since getting BT infinity and finally it was at the 70mb i was suppost to get. Until i woke up today its slowly going down. Heres some stats to see wha
-
DBMS_XMLDOM.getdocumentelement failing...
Hi, I have written a generic function which takes 2 XMLType as input (parent, child) and returns a XMLType by appending child inside parent. I am using dbms_XMLDOM for this. eg. if parent = <a></a> and child <b></b> then output would be <a><b></b></a
-
When I use actions in the build of slides produced with Keynote on my Mac, they work well on my iPad when I integrate this Keynote presentation in iBooks Author using the Keynote Widget. But strangely enough actions used in a Keynote produced on my M
-
Exchange licence of Acrobat 9 from PC to Mac
I have a license for Acrobat 9 for PC. Now I have Mac and i would like to change my license for Mac. Who can help me
-
W/i 5 weeks my iphone broke 2x...after upgrading to ios7
w/i 5 weeks my iphone broke 2x...after upgrading to ios7