What is the architecture of iplanet Directory Server Integration Edition tool?
hi,
There is no separate architecture for iDSIE.
iPlanet Directory Server Integration Edition is an integrated solution that provides meta-directory services combined with secure, highly available directory services.Further details visit this link
http://docs.iplanet.com/docs/manuals/dsie/50/intro/dsie-ina.htm#15695
Similar Messages
-
Hi,
The following are the features of iPlanet Web Server 6.0 which is enhanced from iPlanet Web Server 4.1 release.
You can implement sticky sessions by prefixing the name of the server host that generated the session to the JSESSIONID (the Servlets 2.2 API standard session cookie name). This enables the front-end load balancer to do sticky load balancing, such as forwarding future requests to the same host that generated the session.
Keep-alive handling now thousands of keep-alive connections can be maintained.
Added support for digest authentication as defined in RFC 2617. Digest authentication is used in conjunction with the iPlanet Directory Server 5.0 as an access authentication method that avoids passing the user name and password over the network in an unencrypted form.
Command Line Administration Tools.
Improved User Interface:-iPlanet Web Server 6.0 provides an improved user interface with the following features:
Magnus Editor ,Class Manager ,.htaccess Configuration
iPlanet Web Server currently provides support for Quality of Protection (QOP)= auth and algorithm = MD5 only.
iPlanet Web Server 6.0 features improved SSL performance and simplified server certificate acquisition from VeriSign.
In general, the authentication mechanisms provided by iPlanet Web Server 6.0, such as basic and digest authentication using LDAP, work across web applications (or servlet contexts). For FORM authentication, you can implement single sign-on using a cookie-based FORM login session created with a virtual-server-wide session manager. This FORM login session is available across all applications within the virtual server and is separate from the regular HTTP session which is limited to the servlet context
You can install iPlanet Web Server 6.0 on multiple machines using templatized installation.
Web Publishing is not supported in iPlanet Web Server 6.0.
Server-Side JavaScript (SSJS) /LiveWire is not supported in iPlanet Web Server 6.0.
Live Connect (LC) is not supported in iPlanet Web Server 6.0.
Regards
Selva -
The NT installation lists the NT Domain connector as an option. The Solaris version doesn't. I spoke briefly with a project manager at Sun who said putting an NT Domain connector onto a Directory Server on Solaris was possible, but I'm not sure how.
You'll have to install the NT connector on an NT machine. The Join Engine that joins this connector can reside on Solaris.
-
"I am carrying my tests under W2000 with all the default installation options. I've checked the user ID (admin), password and port are correct. However, I was not able to start the Netscape Console and also, the kregedit exited with messages:
Could not connect to LDAP server on cr7260et017 port 389 as user cn=Directory Manager: Can't contact LDAP server
GXBindInit: GXBindBasic failed
GXContextInit: GXBindInit failed 2
[18/Jan/2002 13:56:48:3] error: ENGINE-context_init_failed: EngineClassSpace ContextModule.createContextInit failed:
error: could not get context
*** Errors in initialization from registry ***
Errors in initialization, exiting ..."
(previously submitted to Portal Services/Wireless)Hi,
I'm not sure if there are known issues with iAS test drive and Windows 2000 howevere I would like to help you in cracking the error.
The GXBIND error appears only when the iAS is not able to communicate with the directory server. In our case, let us proceed by the following...
1. Check if the directory server is running. Verify this by checking the services and look for an entry for directory server and it must look something like
"Netscape Directory Server 4.1 (machine name)" and the status is started.
2. Next, if you are not able to start the console of directory server, then you must check if the directory administrative server is running. This is also verified with the services and look for the entry...
"Netscape Administration Server 4.2" and the status is started.
3. Next, if both of the above are running, then you need to login to directory server console by using cn=Directory Server and issuing the password. If you are able to login successfully then, iAS will work, if not, then rectify the problem with directory server and I'm sure iAS will work.
4. If you have forgotten the password for cn=Directory Manager, then there is a work around for fixing the password in directory server and iAS.
Please let the outcome once you have done this.
Regards
Raj -
If you are using Exchange 5.5 or later you don't really need a custom connector. Exchange has an export/import command "admin.exe" that can be used to create a csv file of your exchange users (and other info). All you'll need then is the meta UTC (Universal Text Connector).
-
Last Logon Time in Iplanet Directory Server 4.1
Hi,
It would be great help if any one of you could let me know the attribute in Iplanet Directory Server 4.1 to get the Last Logon Time of a particular account.
The Directory Server is on solaris.
ThanksHari,
You can try to find it from the logfiles.
I actually designed a plugin for this type of thing, but it's not yet implemented. It would simply write a timestamp to a user's entry after every successful bind, among other things which I won't go into detail about now...
Oletko suomessa?
podzap -
Question re how iPlanet Directory Server applies the Look Through Limit.
I have a question on how iPlanet Directory Server applies the lookthrough limit...
I am running an LDAP search on a 4.13 directory. The search filter is:
"(&(rtrdaMaturityDate>=20020128)(rtrdaMaturityDate<=20020130))"
rtrdaMaturityDate is an int, and indexed with pres,eq,sub
There are 244680 entries where rtrdamaturityDate>=20020128
383005 entries where rtrdaMaturityDate<=20020130
484 entries which satisfy both conditions
When the query is run as Directory Manager it just hangs (presumably it would complete eventually).
When run as another user it gives a size limit error. The size limit and lookthrough limit on the directory are both 5000 . As the matching number of entries doesn't exceed the size limit, I think perhaps it is the lookthrough limit causing the problem...
It looks as if it treats each part of the filter separately, building an candidate list for each, giving an error if both reach the look through limit. i.e. it does not realise that both parts of the filter could be treated together.
Is this correct ?
This theory is born out by the fact that if I change the value so the filter would logically return only the highest few values, the search works (i.e. as if the <= filter condition hit LTL, but the >= did not).
Also, if I add another condition to give "(&(rtrdaIssuerBgNid=4403)(rtrdamaturityDate>=20020128)(rtrdaMaturityDate<=20020130))" then the search eventually correctly returns a single entry. (IssuerBgNid=4403 on its own gives 1004 entries).
Can I therefore assume that a seach will only work if at least one condition in the filter gives a candidate list with less entries than the look through limit?
Any advice on how to implement a range search like this would also be much appreciated.
Thanks,
Dave.The lookthrough limit is reached when the resulting candidate list contains more entries than the limit...
Lookthrough limit has been implemented specifically to for Range filters (and OR filters) to avoid consuming too many resources.
For your particular problem, you can increase the lookthrough limit... but it will affect all users and searches.
Note that iPlanet Directory Server 5.x does provide a per User LookThrough Limit (and other limits as well), therefore you could just increase the lookthrough limit for the specific users performing these searches.
Regards,
Ludovic. -
Solaris 8 and iPlanet Directory Server 5.1: Help
Could anyone help with advice or where to find documentation of how to setup a Solaris 8 client machine to authenticate against iPlanet Directory Server 5.1? The only documentation (eg books, BluePrint articles) I can find cover iPlanet Directory 4.11 or 4.12 and a Solaris 8 client. Even the tools from the BluePrint Tools area at Sun only talk about using iPlanet Directory Server 4.11/12. Quite a lot seems to have change from iDS 4.12 to iDS5.1.
Any help would be greatly appreciated.
Thanks in advance,
StewartHi Steven, I suppose that this question is identical to your other question: " Topic: solaris 8 client setup with solaris 9 ldap".
So the answer will be the same.
You may find what you are looking for in the following technical note: http://knowledgebase.iplanet.com/ikb/kb/articles/7966.html
It is called: "Cookbook for Solaris 8 client with Directory Server 5.1/Solaris 9"
Cheers / Damien. -
Info about Japanese iPlanet Directory server
I am evaluating Japanese localized version of directory server.
I am not able to find any document which can tell me about the
localization of this product.
I have following questions:
1. What level of localization is done. Has console localized ?
Does log messages localized.
2. What env variables I need to set to see console GUI in Japanese
3. Do I need to set some env variables (like $LANG) before running the start script.
It is urgent for me, if somebody can answer these or point me to some good doc, it will great
help to me
Thanks
- BharatHi,
Info about japanese iPlanet directory Server.
Gateway is localized for English, Japanese, French, Spanish, and German. You can configure the gateway to support additional locales.
Language files are stored in /usr/iplanet/servers/dsgw/html/lang and /usr/iplanet/servers/dsgw/config/lang, where lang is defined in RFC1766.
For example, language files for Japanese are stored in /usr/iplanet/servers/dsgw/html/ja and /usr/iplanet/servers/dsgw/config/ja[true]).
Support for the character sets necessary to render a particular locale (language) must be available in the browser's configuration. -
Store Print & File Server on iPlanet Directory Server?
I've a NT 4.0 server which I'm using as both a Print & File Server. Would I be able to use iPlanet Directory Server to do the same thing?
If I can, please explain how? or direct me to where I can know how?
If it can't be done, is there any other way(s) I can do it?
Thanks!I don't understand. iDS is not a file and print server, it is a user data and user authentication server. Do you want to use iDS for your user authentication for file and print services instead of NT 4 domains? I don't think this is possible. What is possible is using iDS as your primary data store, and using iPlanet Meta Directory to sync changes from iDS to the NT 4 domain.
-
Installation Error with iPlanet Directory Server 5.1 SP1 and Windows 2000
Hello,
I'm having real trouble getting iPlanet Directory Server installed on a Windows 200 Server machine. Every time I install it, no matter what options I choose, I get this series of popup boxes at the end:
- Setup is unable to store configuration data in the LDAP directory
- Unable to create Administration Server configuration
- Could not authenticate ldap connection, "Unknown error"
- Unable to set ACI in Configuration Directory Server
But searching on this forum, I have found a lot of post. I have tested the different solution proposed :
* Add on the host file the short name and the long name of my machine with it's IP adress
* When the installation process crash, uninstall the software, reboot the machine and then restart the installation
With all this solution, the problem is always here.
Could you help me ?
Boris MANCHETTEAre you using Terminal Services. iPlanet DS will not install properly over Terminal Services. You have to install from the direct attached console.
Ted -
Is there any hardware requirement guideline for iPlanet Directory Server?
I plan to set up the iPlanet Directory server. I need to select the appropriate hardware platform for the DS capacity. e.g what CPU model, ram & hard disk size if entries is around 10000 etc.
The upper limit for iDS 5.0 is 2G of RAM but for 100K users, expect about 80-85MB ldif file which correlates to about 290-300Mb importCacheSize. This means that you will need 64Mb+300Mb minimum.
As far as network, 100BaseT is adequate but GBit or multiple 100BaseTs are better.
SSL hardware is recommended if running securely.
As far as processors, an Ultra60 1x440Mhz or a Dell PowerEdge 2400 1x776Mhz will work. Attaching 2x18G disk should be enough. Go with scsi over ide if possible.
pat -
Roles in iPlanet Directory Server v5.0 und JNDI.
Hi!
I have the following problem:
How can I find and change the Role object in iPlanet Directory Server v5.0 via JNDI? It's possible ?
Regards,
AndriyHi,
It is not necessary to go in such a way for going and adding the corresponding roles.
For eg
Here is an LDIF file which plays an important role in making the attributes.
Here is an sample fedup.ldif file
dn: uid=timb,ou=Customers,o=fedup.com
objectclass: customer
objectclass: inetorgperson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Tim Briggs
uid: timb
givenname: Tim
customerid: timb
sn: Briggs
facsimiletelephonenumber: 4101
telephonenumber: 4145
creatorsname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
createtimestamp: 20000401084012Z
aci: (target="ldap:///uid=timb,ou=Customers,o=fedup.com")(targetattr="*")(version 3.0; acl "unknown"; allow (all) userdn = "ldap:///anyone": )
ou: Customers
mail: [email protected]
userpassword: bakru
modifiersname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
modifytimeStamp: 20000502084001Z
Here I have sepecified userid as timb and password as bakru and with corresponding roles in aci.
After making the LDIF file you have to import it in Directory server.
For that you have to Iplanet Console menu, from there click on Import for the ldif file to get imported.
Or else you can go for ldapadd, ldapmodify commands.
Also if you are going to add new attributes which is not known by Directory server, Please follow these process.
Creation of our own USER SCHEMA Files:-
It is necessary for adding the attributes which are not defined in the
Netscape directory server. In the above, customerid which is defined in ldif
file is not existing in the directory server.
Here is the Schema file for attributes:(ie for defining for eg customer id).
The name of the file is slapd.user_at.conf:-
attribute customerid customerid-oid cis single
attribute packageid packageid-oid cis single
attribute receivedate receivedate-oid cis single
attribute shipdate shipdate-oid cis single
attribute shipperid shipperid-oid dn single
attribute receiveid receiveid-oid dn single
#Java Attributes
# Schema for storing java objects and java object references
attribute javaClassName 1.3.6.1.4.1.42.2.27.4.1.1 ces single
attribute javaCodebase 1.3.6.1.4.1.42.2.27.4.1.6 ces
attribute javaSerializedData 1.3.6.1.4.1.42.2.27.4.1.7 bin single
attribute javaRemoteLocation 1.3.6.1.4.1.42.2.27.4.1.8 ces single
attribute javaFactory 1.3.6.1.4.1.42.2.27.4.1.4 ces single
attribute javaReferenceAddress 1.3.6.1.4.1.42.2.27.4.1.3 ces
Here is Schema file for your own object classes:-
The name of the file is Slapd.user_oc.conf:-
In the similar way we assume that there are no "customer" class in the object classes
defined in the LDAP, so we will have to create our own "customer" Object class.
Also it extends inetOrgPerson to add some new attributes such as "customerid".
The object class of an entry specifies what attributes are required and what
attributes are allowed in a particular entry.
Also for eg, Package classes in the object class is created.
Here is the sample file for creating the above:-
objectclass package
oid package-oid
superior top
requires
packageid,
receiveid,
shipdate,
shipperid
allows
description,
ou,
receivedate
objectclass customer
oid customer-oid
superior inetorgperson
requires
customerid
allows
c
#JAVA Schema
# Schema for storing java objects and java object references
objectclass javaContainer
oid 1.3.6.1.4.1.42.2.27.4.2.1
superior top
requires
cn
objectclass javaObject
oid 1.3.6.1.4.1.42.2.27.4.2.4
superior top
requires
javaClassName
allows
javaCodebase
objectclass javaSerializedObject
oid 1.3.6.1.4.1.42.2.27.4.2.5
superior javaObject
requires
javaSerializedData
objectclass javaRemoteObject
oid 1.3.6.1.4.1.42.2.27.4.2.6
superior javaObject
requires
javaRemoteLocation
objectclass javaNamingReference
oid 1.3.6.1.4.1.42.2.27.4.2.7
superior javaObject
requires
javaReferenceAddress,
javaFactory
STEP 4: Loading the USER SCHEMA files in Directory Server:-
All the attributes created above should be added to the corresponding directory server,
in order to make it as a common attribute.
Steps for adding the User Schema files to the Directory Server:-
1. Copy the above user schema files to the appropriate instance of Netscape Directory Server
created above so that the existing LDIF file which is used in the Netscape directory
server is not appended or overwritten.
2. For eg, put it in "NetscapeServer/slapd-HostName/config" to replace the empty
files "slapd.user_at.conf" and "slapd.user_oc.conf" by default.
3. Then restart the Directory Server.
I hope this will help you.
Thanks
Bakrudeen
Technical Support Engineer
Sun MicroSystems Inc, India -
Generating Self Signed Certificate for iPlanet Directory Server for testing
Hi Experts,
I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
Thanks in Advance,
KalyanHere's one I did earlier.
Refers to Solaris 10
SSL Security
add a new certificate that lasts for ten years (120 months).
stop the instance:
dsadm stop <instance>
Remove DS from smf control:
dsadm disable-service <instance>
Change Certificate Database Password:
dsadm set-flags <instance> cert-pwd-prompt=on
Choose the new certificate database password:
Confirm the new certificate database password:
Certificate database password successfully updated.
Restart the instance from the dscc:
DSCC -> start <instance>
Now add a new Certificate which lasts for ten years (120 months; -v 120):
`cd <instance_path>`
`certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
Enter Password or Pin for "NSS Certificate DB":
Stop the Instance.
On the DSCC Security -> Certificates tab:
select option to "Do not Prompt for Password"
Restart the instance.
On the Security -> General tab, select the new certificate to use for ssl encryption
Restart the instance
Stop the instance
Put DS back into smf control:
dsadm enable-service <instance>
Check the smf:
svcs -a | grep ds
# svcs -a|grep ds
disabled Aug_16 svc:/application/sun/ds:default
online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1 -
Error while installing iplanet directory server 5.0
Hi I am trying to install iPlanet directory server 5.0 on my local machine.My computer name doesnot contain any domain name.it is simply like "ERT3210".
While installing Directory server it is asking for the computer name and if i give the computer name without domain it is not accepting.And i am unable to rename my computer name suffixing domain name as it is not contained in any domain..Now How can i give the computer name to install directory server?.Its very urgent for me.It will be great help if any one give reply.Start/Stop Directory Server and Start/Stop Admin Server are usually present in My Computer/Manage/Services, just start or stop the service.
Assuming the install root directory is %LDAP_ROOT%
You could always create program icons for
1) start/stop dirrectory server
%LDAP_ROOT%\slapd-%COMPUTERNAME%\start-slapd.exe
%LDAP_ROOT%\slapd-%COMPUTERNAME%\stop-slapd.exe
2) start/stop admin server
%LDAP_ROOT%\start-admin.exe
%LDAP_ROOT%\stop-admin.exe
3) SUN ONE Console (iPlanet Console)
%LDAP_ROOT%\startconsole.exe
Gary
Maybe you are looking for
-
Jabber 9.2 on Windows 8 - Google Calendar integration asking for login after every restart
I am currently testing Jabber 9.2.0, build 496 on Windows 8. Google Calendar integration works, but the user is prompted to re-authenticate after exiting and restarting Jabber. I have tried running the client in compatibility mode (Windows 7), but no
-
ITunes movies captions stuck onscreen on 1Gen AppleTV
Just purchased Argo and the captions that are included in the movie (for example the country they're in at the time...) are staying on the screen well after the scene is over. I'm playing the movie on a 1st generation Apple TV and that's where the t
-
How to configure SIP settings on Nokia E51
Hello to all. I need help. I have Username Authentication Username SIP address SIP Password Domain Outbound Proxy in one of big SIPs provider but i cant configure my phone work with it. Please help me. I allready installed SIP Voip settings from noki
-
Sales Order VA01 Header data.....
Hi Experts, I am trying to get the New field in my Header sales dats screen VA01 or VA02. in the SALES sub screen i need to add CREDIT STATUS. or i can say... In VA01 sub screen (Sales) i need new field which is in (Status) sub screen CREDIT STATUS T
-
Greetings - YouTube no longer works on my iPad2. Not in the YouTube app, not in safari on YouTube, not on embedded YouTube clips on other sites. I have already tried hard reset (several times). I have closed inactive apps, including YouTube. Message