What is the architecture of iplanet Directory Server Integration Edition tool?

Similar Messages

• What are the differences between iPlanet web servers, enterprise edition 4.1 sp2 and version 6.0

   

  Hi,
  The following are the features of iPlanet Web Server 6.0 which is enhanced from iPlanet Web Server 4.1 release.
  You can implement sticky sessions by prefixing the name of the server host that generated the session to the JSESSIONID (the Servlets 2.2 API standard session cookie name). This enables the front-end load balancer to do sticky load balancing, such as forwarding future requests to the same host that generated the session.
  Keep-alive handling now thousands of keep-alive connections can be maintained.
  Added support for digest authentication as defined in RFC 2617. Digest authentication is used in conjunction with the iPlanet Directory Server 5.0 as an access authentication method that avoids passing the user name and password over the network in an unencrypted form.
  Command Line Administration Tools.
  Improved User Interface:-iPlanet Web Server 6.0 provides an improved user interface with the following features:
  Magnus Editor ,Class Manager ,.htaccess Configuration
  iPlanet Web Server currently provides support for Quality of Protection (QOP)= auth and algorithm = MD5 only.
  iPlanet Web Server 6.0 features improved SSL performance and simplified server certificate acquisition from VeriSign.
  In general, the authentication mechanisms provided by iPlanet Web Server 6.0, such as basic and digest authentication using LDAP, work across web applications (or servlet contexts). For FORM authentication, you can implement single sign-on using a cookie-based FORM login session created with a virtual-server-wide session manager. This FORM login session is available across all applications within the virtual server and is separate from the regular HTTP session which is limited to the servlet context
  You can install iPlanet Web Server 6.0 on multiple machines using templatized installation.
  Web Publishing is not supported in iPlanet Web Server 6.0.
  Server-Side JavaScript (SSJS) /LiveWire is not supported in iPlanet Web Server 6.0.
  Live Connect (LC) is not supported in iPlanet Web Server 6.0.
  Regards
  Selva

• How do you install the NT domain connector onto the Directory Server Integrated Edition 5.0 for Solaris?

  The NT installation lists the NT Domain connector as an option. The Solaris version doesn't. I spoke briefly with a project manager at Sun who said putting an NT Domain connector onto a Directory Server on Solaris was possible, but I'm not sure how.

  You'll have to install the NT connector on an NT machine. The Join Engine that joins this connector can reside on Solaris.

• Why the LDAP server does not accept any connection upon the installation of iPlanet Application Server Enterprise Edition 6.0 Test Drive Phase II

  "I am carrying my tests under W2000 with all the default installation options. I've checked the user ID (admin), password and port are correct. However, I was not able to start the Netscape Console and also, the kregedit exited with messages:
  Could not connect to LDAP server on cr7260et017 port 389 as user cn=Directory Manager: Can't contact LDAP server
  GXBindInit: GXBindBasic failed
  GXContextInit: GXBindInit failed 2
  [18/Jan/2002 13:56:48:3] error: ENGINE-context_init_failed: EngineClassSpace ContextModule.createContextInit failed:
  error: could not get context
  *** Errors in initialization from registry ***
  Errors in initialization, exiting ..."
  (previously submitted to Portal Services/Wireless)

  Hi,
  I'm not sure if there are known issues with iAS test drive and Windows 2000 howevere I would like to help you in cracking the error.
  The GXBIND error appears only when the iAS is not able to communicate with the directory server. In our case, let us proceed by the following...
  1. Check if the directory server is running. Verify this by checking the services and look for an entry for directory server and it must look something like
  "Netscape Directory Server 4.1 (machine name)" and the status is started.
  2. Next, if you are not able to start the console of directory server, then you must check if the directory administrative server is running. This is also verified with the services and look for the entry...
  "Netscape Administration Server 4.2" and the status is started.
  3. Next, if both of the above are running, then you need to login to directory server console by using cn=Directory Server and issuing the password. If you are able to login successfully then, iAS will work, if not, then rectify the problem with directory server and I'm sure iAS will work.
  4. If you have forgotten the password for cn=Directory Manager, then there is a work around for fixing the password in directory server and iAS.
  Please let the outcome once you have done this.
  Regards
  Raj

• Hello, I would like to know if you know of somebody that has developed the SQL and Exchange conector for the iPlanet Directory Server Intergration Edition (Meta Directory)? Thabk you

   

  If you are using Exchange 5.5 or later you don't really need a custom connector. Exchange has an export/import command "admin.exe" that can be used to create a csv file of your exchange users (and other info). All you'll need then is the meta UTC (Universal Text Connector).

• Last Logon Time in Iplanet Directory Server 4.1

  Hi,
  It would be great help if any one of you could let me know the attribute in Iplanet Directory Server 4.1 to get the Last Logon Time of a particular account.
  The Directory Server is on solaris.
  Thanks

  Hari,
  You can try to find it from the logfiles.
  I actually designed a plugin for this type of thing, but it's not yet implemented. It would simply write a timestamp to a user's entry after every successful bind, among other things which I won't go into detail about now...
  Oletko suomessa?
  podzap

• Question re how iPlanet Directory Server applies the Look Through Limit.

  I have a question on how iPlanet Directory Server applies the lookthrough limit...
  I am running an LDAP search on a 4.13 directory. The search filter is:
       "(&(rtrdaMaturityDate>=20020128)(rtrdaMaturityDate<=20020130))"
  rtrdaMaturityDate is an int, and indexed with pres,eq,sub
  There are 244680 entries where rtrdamaturityDate>=20020128
  383005 entries where rtrdaMaturityDate<=20020130
  484 entries which satisfy both conditions
  When the query is run as Directory Manager it just hangs (presumably it would complete eventually).
  When run as another user it gives a size limit error. The size limit and lookthrough limit on the directory are both 5000 . As the matching number of entries doesn't exceed the size limit, I think perhaps it is the lookthrough limit causing the problem...
  It looks as if it treats each part of the filter separately, building an candidate list for each, giving an error if both reach the look through limit. i.e. it does not realise that both parts of the filter could be treated together.
  Is this correct ?
  This theory is born out by the fact that if I change the value so the filter would logically return only the highest few values, the search works (i.e. as if the <= filter condition hit LTL, but the >= did not).
  Also, if I add another condition to give "(&(rtrdaIssuerBgNid=4403)(rtrdamaturityDate>=20020128)(rtrdaMaturityDate<=20020130))" then the search eventually correctly returns a single entry. (IssuerBgNid=4403 on its own gives 1004 entries).
  Can I therefore assume that a seach will only work if at least one condition in the filter gives a candidate list with less entries than the look through limit?
  Any advice on how to implement a range search like this would also be much appreciated.
  Thanks,
  Dave.

  The lookthrough limit is reached when the resulting candidate list contains more entries than the limit...
  Lookthrough limit has been implemented specifically to for Range filters (and OR filters) to avoid consuming too many resources.
  For your particular problem, you can increase the lookthrough limit... but it will affect all users and searches.
  Note that iPlanet Directory Server 5.x does provide a per User LookThrough Limit (and other limits as well), therefore you could just increase the lookthrough limit for the specific users performing these searches.
  Regards,
  Ludovic.

• Solaris 8 and iPlanet Directory Server 5.1: Help

  Could anyone help with advice or where to find documentation of how to setup a Solaris 8 client machine to authenticate against iPlanet Directory Server 5.1? The only documentation (eg books, BluePrint articles) I can find cover iPlanet Directory 4.11 or 4.12 and a Solaris 8 client. Even the tools from the BluePrint Tools area at Sun only talk about using iPlanet Directory Server 4.11/12. Quite a lot seems to have change from iDS 4.12 to iDS5.1.
  Any help would be greatly appreciated.
  Thanks in advance,
  Stewart

  Hi Steven, I suppose that this question is identical to your other question: " Topic: solaris 8 client setup with solaris 9 ldap".
  So the answer will be the same.
  You may find what you are looking for in the following technical note: http://knowledgebase.iplanet.com/ikb/kb/articles/7966.html
  It is called: "Cookbook for Solaris 8 client with Directory Server 5.1/Solaris 9"
  Cheers / Damien.

• Info about Japanese iPlanet Directory server

  I am evaluating Japanese localized version of directory server.
  I am not able to find any document which can tell me about the
  localization of this product.
  I have following questions:
  1. What level of localization is done. Has console localized ?
  Does log messages localized.
  2. What env variables I need to set to see console GUI in Japanese
  3. Do I need to set some env variables (like $LANG) before running the start script.
  It is urgent for me, if somebody can answer these or point me to some good doc, it will great
  help to me
  Thanks
  - Bharat

  Hi,
  Info about japanese iPlanet directory Server.
  Gateway is localized for English, Japanese, French, Spanish, and German. You can configure the gateway to support additional locales.
  Language files are stored in /usr/iplanet/servers/dsgw/html/lang and /usr/iplanet/servers/dsgw/config/lang, where lang is defined in RFC1766.
  For example, language files for Japanese are stored in /usr/iplanet/servers/dsgw/html/ja and /usr/iplanet/servers/dsgw/config/ja[true]).
  Support for the character sets necessary to render a particular locale (language) must be available in the browser's configuration.

• Store Print & File Server on iPlanet Directory Server?

  I've a NT 4.0 server which I'm using as both a Print & File Server. Would I be able to use iPlanet Directory Server to do the same thing?
  If I can, please explain how? or direct me to where I can know how?
  If it can't be done, is there any other way(s) I can do it?
  Thanks!

  I don't understand. iDS is not a file and print server, it is a user data and user authentication server. Do you want to use iDS for your user authentication for file and print services instead of NT 4 domains? I don't think this is possible. What is possible is using iDS as your primary data store, and using iPlanet Meta Directory to sync changes from iDS to the NT 4 domain.

• Installation Error with iPlanet Directory Server 5.1 SP1 and Windows 2000

  Hello,
  I'm having real trouble getting iPlanet Directory Server installed on a Windows 200 Server machine. Every time I install it, no matter what options I choose, I get this series of popup boxes at the end:
  - Setup is unable to store configuration data in the LDAP directory
  - Unable to create Administration Server configuration
  - Could not authenticate ldap connection, "Unknown error"
  - Unable to set ACI in Configuration Directory Server
  But searching on this forum, I have found a lot of post. I have tested the different solution proposed :
  * Add on the host file the short name and the long name of my machine with it's IP adress
  * When the installation process crash, uninstall the software, reboot the machine and then restart the installation
  With all this solution, the problem is always here.
  Could you help me ?
  Boris MANCHETTE

  Are you using Terminal Services. iPlanet DS will not install properly over Terminal Services. You have to install from the direct attached console.
  Ted

• Is there any hardware requirement guideline for iPlanet Directory Server?

  I plan to set up the iPlanet Directory server. I need to select the appropriate hardware platform for the DS capacity. e.g what CPU model, ram & hard disk size if entries is around 10000 etc.

  The upper limit for iDS 5.0 is 2G of RAM but for 100K users, expect about 80-85MB ldif file which correlates to about 290-300Mb importCacheSize. This means that you will need 64Mb+300Mb minimum.
  As far as network, 100BaseT is adequate but GBit or multiple 100BaseTs are better.
  SSL hardware is recommended if running securely.
  As far as processors, an Ultra60 1x440Mhz or a Dell PowerEdge 2400 1x776Mhz will work. Attaching 2x18G disk should be enough. Go with scsi over ide if possible.
  pat

• Roles in iPlanet Directory Server v5.0 und JNDI.

  Hi!
  I have the following problem:
  How can I find and change the Role object in iPlanet Directory Server v5.0 via JNDI? It's possible ?
  Regards,
  Andriy

  Hi,
  It is not necessary to go in such a way for going and adding the corresponding roles.
  For eg
  Here is an LDIF file which plays an important role in making the attributes.
  Here is an sample fedup.ldif file
  dn: uid=timb,ou=Customers,o=fedup.com
  objectclass: customer
  objectclass: inetorgperson
  objectclass: organizationalPerson
  objectclass: person
  objectclass: top
  cn: Tim Briggs
  uid: timb
  givenname: Tim
  customerid: timb
  sn: Briggs
  facsimiletelephonenumber: 4101
  telephonenumber: 4145
  creatorsname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
  createtimestamp: 20000401084012Z
  aci: (target="ldap:///uid=timb,ou=Customers,o=fedup.com")(targetattr="*")(version 3.0; acl "unknown"; allow (all) userdn = "ldap:///anyone": )
  ou: Customers
  mail: [email protected]
  userpassword: bakru
  modifiersname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
  modifytimeStamp: 20000502084001Z
  Here I have sepecified userid as timb and password as bakru and with corresponding roles in aci.
  After making the LDIF file you have to import it in Directory server.
  For that you have to Iplanet Console menu, from there click on Import for the ldif file to get imported.
  Or else you can go for ldapadd, ldapmodify commands.
  Also if you are going to add new attributes which is not known by Directory server, Please follow these process.
  Creation of our own USER SCHEMA Files:-
  It is necessary for adding the attributes which are not defined in the
  Netscape directory server. In the above, customerid which is defined in ldif
  file is not existing in the directory server.
  Here is the Schema file for attributes:(ie for defining for eg customer id).
  The name of the file is slapd.user_at.conf:-
  attribute customerid customerid-oid cis single
  attribute packageid packageid-oid cis single
  attribute receivedate receivedate-oid cis single
  attribute shipdate shipdate-oid cis single
  attribute shipperid shipperid-oid dn single
  attribute receiveid receiveid-oid dn single
  #Java Attributes
  # Schema for storing java objects and java object references
  attribute javaClassName 1.3.6.1.4.1.42.2.27.4.1.1 ces single
  attribute javaCodebase 1.3.6.1.4.1.42.2.27.4.1.6 ces
  attribute javaSerializedData 1.3.6.1.4.1.42.2.27.4.1.7 bin single
  attribute javaRemoteLocation 1.3.6.1.4.1.42.2.27.4.1.8 ces single
  attribute javaFactory 1.3.6.1.4.1.42.2.27.4.1.4 ces single
  attribute javaReferenceAddress 1.3.6.1.4.1.42.2.27.4.1.3 ces
  Here is Schema file for your own object classes:-
  The name of the file is Slapd.user_oc.conf:-
  In the similar way we assume that there are no "customer" class in the object classes
  defined in the LDAP, so we will have to create our own "customer" Object class.
  Also it extends inetOrgPerson to add some new attributes such as "customerid".
  The object class of an entry specifies what attributes are required and what
  attributes are allowed in a particular entry.
  Also for eg, Package classes in the object class is created.
  Here is the sample file for creating the above:-
  objectclass package
  oid package-oid
  superior top
  requires
  packageid,
  receiveid,
  shipdate,
  shipperid
  allows
  description,
  ou,
  receivedate
  objectclass customer
  oid customer-oid
  superior inetorgperson
  requires
  customerid
  allows
  c
  #JAVA Schema
  # Schema for storing java objects and java object references
  objectclass javaContainer
  oid 1.3.6.1.4.1.42.2.27.4.2.1
  superior top
  requires
  cn
  objectclass javaObject
  oid 1.3.6.1.4.1.42.2.27.4.2.4
  superior top
  requires
  javaClassName
  allows
  javaCodebase
  objectclass javaSerializedObject
  oid 1.3.6.1.4.1.42.2.27.4.2.5
  superior javaObject
  requires
  javaSerializedData
  objectclass javaRemoteObject
  oid 1.3.6.1.4.1.42.2.27.4.2.6
  superior javaObject
  requires
  javaRemoteLocation
  objectclass javaNamingReference
  oid 1.3.6.1.4.1.42.2.27.4.2.7
  superior javaObject
  requires
  javaReferenceAddress,
  javaFactory
  STEP 4: Loading the USER SCHEMA files in Directory Server:-
  All the attributes created above should be added to the corresponding directory server,
  in order to make it as a common attribute.
  Steps for adding the User Schema files to the Directory Server:-
  1. Copy the above user schema files to the appropriate instance of Netscape Directory Server
  created above so that the existing LDIF file which is used in the Netscape directory
  server is not appended or overwritten.
  2. For eg, put it in "NetscapeServer/slapd-HostName/config" to replace the empty
  files "slapd.user_at.conf" and "slapd.user_oc.conf" by default.
  3. Then restart the Directory Server.
  I hope this will help you.
  Thanks
  Bakrudeen
  Technical Support Engineer
  Sun MicroSystems Inc, India

• Generating Self Signed Certificate for iPlanet Directory Server for testing

  Hi Experts,
  I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
  Thanks in Advance,
  Kalyan

  Here's one I did earlier.
  Refers to Solaris 10
  SSL Security
  add a new certificate that lasts for ten years (120 months).
  stop the instance:
  dsadm stop <instance>
  Remove DS from smf control:
  dsadm disable-service <instance>
  Change Certificate Database Password:
  dsadm set-flags <instance> cert-pwd-prompt=on
       Choose the new certificate database password:
       Confirm the new certificate database password:
  Certificate database password successfully updated.
  Restart the instance from the dscc:
  DSCC -> start <instance>
  Now add a new Certificate which lasts for ten years (120 months; -v 120):
  `cd <instance_path>`
  `certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
       Enter Password or Pin for "NSS Certificate DB":
  Stop the Instance.
  On the DSCC Security -> Certificates tab:
       select option to "Do not Prompt for Password"
  Restart the instance.
  On the Security -> General tab, select the new certificate to use for ssl encryption
  Restart the instance
  Stop the instance
  Put DS back into smf control:
  dsadm enable-service <instance>
  Check the smf:
  svcs -a | grep ds
  # svcs -a|grep ds
  disabled Aug_16 svc:/application/sun/ds:default
  online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
  online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1

• Error while installing iplanet directory server 5.0

  Hi I am trying to install iPlanet directory server 5.0 on my local machine.My computer name doesnot contain any domain name.it is simply like "ERT3210".
  While installing Directory server it is asking for the computer name and if i give the computer name without domain it is not accepting.And i am unable to rename my computer name suffixing domain name as it is not contained in any domain..Now How can i give the computer name to install directory server?.Its very urgent for me.It will be great help if any one give reply.

  Start/Stop Directory Server and Start/Stop Admin Server are usually present in My Computer/Manage/Services, just start or stop the service.
  Assuming the install root directory is %LDAP_ROOT%
  You could always create program icons for
  1) start/stop dirrectory server
  %LDAP_ROOT%\slapd-%COMPUTERNAME%\start-slapd.exe
  %LDAP_ROOT%\slapd-%COMPUTERNAME%\stop-slapd.exe
  2) start/stop admin server
  %LDAP_ROOT%\start-admin.exe
  %LDAP_ROOT%\stop-admin.exe
  3) SUN ONE Console (iPlanet Console)
  %LDAP_ROOT%\startconsole.exe
  Gary