Which directory server for naming?

Similar Messages

• The DHCP service failed to see a directory server for authorization.

  We have two DHCP servers hosted on Hyper-V.
  But after shutdown activity at our DC, the servers gave an usual issue.
  "The DHCP service failed to see a directory server for authorization."
  We have rebooted number of time before getting this server into production but it never gave such kind of error.
  Also this time the local DC was shutdown.
  Please suggest the necessary steps to be taken.

  Hi,
  The authorized DHCP server contacts a domain controller every 60 min to detect/redetect his status. Maybe your DHCP has tried to reach the DC which was offline thus throwing that error. Are you still having issues with DHCP server servicing clients?
  Once the server talks to a DC and checks that his authorized the service will start leasing IPs to clients.
  http://technet.microsoft.com/en-us/library/cc754493.aspx
  http://technet.microsoft.com/en-us/library/cc781697(v=ws.10).aspx
  Regards,
  Calin

• Generating Self Signed Certificate for iPlanet Directory Server for testing

  Hi Experts,
  I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
  Thanks in Advance,
  Kalyan

  Here's one I did earlier.
  Refers to Solaris 10
  SSL Security
  add a new certificate that lasts for ten years (120 months).
  stop the instance:
  dsadm stop <instance>
  Remove DS from smf control:
  dsadm disable-service <instance>
  Change Certificate Database Password:
  dsadm set-flags <instance> cert-pwd-prompt=on
       Choose the new certificate database password:
       Confirm the new certificate database password:
  Certificate database password successfully updated.
  Restart the instance from the dscc:
  DSCC -> start <instance>
  Now add a new Certificate which lasts for ten years (120 months; -v 120):
  `cd <instance_path>`
  `certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
       Enter Password or Pin for "NSS Certificate DB":
  Stop the Instance.
  On the DSCC Security -> Certificates tab:
       select option to "Do not Prompt for Password"
  Restart the instance.
  On the Security -> General tab, select the new certificate to use for ssl encryption
  Restart the instance
  Stop the instance
  Put DS back into smf control:
  dsadm enable-service <instance>
  Check the smf:
  svcs -a | grep ds
  # svcs -a|grep ds
  disabled Aug_16 svc:/application/sun/ds:default
  online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
  online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1

• The DHCP Service failed to see a directory server for authorization error

  Hi Experts,
  "The DHCP Service failed to see a directory server for authorization error"
  I have DHCP Server installed on the same server where Active directory is installed its a domain controller, when I see the event logs I saw the above error. 
  This alert comes a number of times, just after the error
  "The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain eg.com.pk, has determined that it is authorized to start. It is servicing clients now."
  Please somebody suggest some solution for this.
  TechSpec90

  Two questios:
  Is the server a domain controller?
  And, according to this, "The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain eg.com.pk, has determined that it is authorized to start. It is servicing clients now", the service eventually do start, yes?
  Best Regards,
  Jesper Vindum, Denmark
  Systems Administrator
  Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

• H/w requirements for DIrectory server for 200,000 users

  Hi,
  I would like to implement Directory services for 200,000 users. How can I know whether iPlanet Directory 5.1 will support this many users or not? If supports, Which h/w I have to use?
  If any one can let me know the formula to calculate users and h/w
  Thanks

  The directory server can handle many more users than 200K. The hardware requirements calculations are amply explained in the book "Solaris and LDAP Naming Services" by Bialaski. If you have iPlanet support contract they can provide you tuning information which includes this info.
  You should remember the possibility of growth and load in terms of number of clients and peak requests per second. With your needs, my gut feeling is that even a Netra can host it. However, if it's an enterprise service you may want to go with at least 220 machines in a replicated configuration for load balancing and availability.
  DISCLAIMER: Use these opinions at your own risk. You must do your own analysis and calculations to design a suitable physical/logical architecture.

• Cannot Access OpenLDAP Directory Server for Windows

  Hi All,
  Need urgent help for connecting to LDAP server which I installed on my Win 2000 Professional m/c. The LDAP installation was downloaded from the site www.ilex.fr/openldap. I successfully installed it. In the slapd.conf file, I have set the server suffice as dc=mycompany,dc=com and the rootdn is cn=Manager,dc-mycompany,dc=com. I have the following piece of code which tries to list the Java schema in the LDAP directory. The code was downloaded from sun's JNDI tutorial. The name of the Program is
  CreateJavaSchema and it is run by giving the following options:
  -l     List the Java schema in the directory
  -n<dn>      Use <dn> as the distinguished name for authentication
  -p<passwd>     Use <passwd> as the password for authentication
  -a<auth>     Use <auth> as the authentication mechanism. Default is "simple".
  I tried to run the program as java CreateJavaSchema -ncn=Manager,dc=mycompany,dc=com -psecret99
  where secret99 is the root password . However I get the following exception
  javax.naming.CommunicationException: localhost:389. Root exception is java.net.ConnectException: Connection refused: connect
  Can somone help me with this?
  Thanks

  The Code ..yes
  Here it is: .This code is availbale from JNDI tutorial. I run the program by specifying following command-line arguments.
  java ListJavaSchema -ncn=Manager,dc=mycompany,dc=com -psecret99.
  However I get the exception "javax.naming.CommunicationException: localhost:389. Root exception is java.net.ConnectException: Connection refused: connect"
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.Hashtable;
  public class ListJavaSchema {
  protected static String dn, passwd, auth;
  protected static boolean netscapebug;
  // NS 4.1 has problems parsing an object class definition which contains
  // a MUST clause without parentheses. The workaround is to add a
  // superfluous value (objectClass) to each MUST clause.
  // It also doesn't like the Octet String syntax (use Binary instead)
  protected static boolean netscape41bug = false;
  // AD supports auxiliary classes in a peculiar way.
  protected static boolean activeDirectorySchemaBug = false;
  protected static boolean traceLdap = false;
  protected static final int LIST = 0;
  protected static final int UPDATE = 1;
  private static String[] allAttrs = {
       "javaSerializedObject",
       "javaFactoryLocation",
       "javaReferenceAddress",
       "javaFactory",
       "javaClassName",
       "javaClassNames",
       "javaDoc",
       "javaSerializedData",
       "javaCodebase",
       "javaFactory",
       "javaReferenceAddress"};
  private static String[] allOCs = {
       "javaObject",
       "javaNamingReference",
       "javaSerializedObject",
       "javaRemoteObject",
       "javaMarshalledObject",
       "javaContainer"};
  public static void main(String[] args) {
       new ListJavaSchema().run(args, allAttrs, allOCs);
  ListJavaSchema() {
  protected void run(String[] args, String[] attrIDs, String[] ocIDs) {
       int cmd = processCommandLine(args);
       try {
       DirContext ctx = signOn();
       System.out.println("Context: "+ctx);
       switch (cmd) {
       case UPDATE:
  //          updateSchema(ctx, attrIDs, ocIDs);
            break;
       default:
            showSchema(ctx, attrIDs, ocIDs);
       } catch (NamingException e) {
       e.printStackTrace();
  * Signs on to directory server using parameters supplied to program.
  * @return The initial context to the server.
  private DirContext signOn() throws NamingException {
       if (dn != null && auth == null) {
       auth = "simple";      // use simple for Netscape
       Hashtable env = new Hashtable();
       env.put(Context.INITIAL_CONTEXT_FACTORY,
       "com.sun.jndi.ldap.LdapCtxFactory");
       env.put(Context.REFERRAL, "follow");
       if (auth != null) {
       env.put(Context.SECURITY_AUTHENTICATION, auth);
       env.put(Context.SECURITY_PRINCIPAL, dn);
       env.put(Context.SECURITY_CREDENTIALS, passwd);
       // Workaround for Netscape schema bugs
       if (netscapebug) {
       env.put("com.sun.naming.netscape.schemaBugs", "true");
       // LDAP protocol tracing
       if (traceLdap) {
       env.put("com.sun.jndi.ldap.trace.ber", System.err);
  System.out.println("HashMap: "+env);
       return new InitialDirContext(env);
  void showSchema(DirContext ctx, String[] attrs, String[] ocs)
       throws NamingException {
       DirContext attrRoot =
       (DirContext)ctx.getSchema("").lookup("AttributeDefinition");
       printSchema(attrRoot, attrs);
       DirContext ocRoot =
       (DirContext)ctx.getSchema("").lookup("ClassDefinition");
       printSchema(ocRoot, ocs);
  private void printSchema(DirContext ctx, String[] ids) {
       for (int i = 0; i < ids.length; i++) {
       try {
            System.out.print(ids[i] + ": ");
            System.out.print(ctx.getAttributes(ids));
       } catch (NamingException e) {
       } finally {
            System.out.println();
  private int processCommandLine(String[] args) {
       String option;
       boolean schema = false;
       boolean list = false;
       for (int i = 0; i < args.length; i++) {
       option = args[i];
       if (option.startsWith("-h")) {
            printUsage(null);
       if (option.startsWith("-s")) {
            schema = true;
            netscapebug = option.equals("-sn");
            netscape41bug = option.equals("-sn41");
            activeDirectorySchemaBug = option.equals("-sad");
       } else if (option.startsWith("-l")) {
            list = true;
       } else if (option.startsWith("-a")) {
            auth = option.substring(2);
       } else if (option.startsWith("-n")) {
            dn = option.substring(2);
       } else if (option.startsWith("-p")) {
            passwd = option.substring(2);
       } else if (option.startsWith("-trace")) {
            traceLdap = true;
       } else {
            // invalid option
            printUsage("Invalid option");
       if (!schema) {
       return LIST;
       } else {
       return UPDATE;
  protected void printUsage(String msg) {
       printUsageAux(msg, "Java");
  protected void printUsageAux(String msg, String key) {
       if (msg != null) {
       System.out.println(msg);
  System.out.print("Usage: ");
  System.out.println("java [-Djava.naming.provider.url=<ldap_server_url>] \\");
  System.out.println(" Create" + key + "Schema [-h|-l|-s[n|n41|ad]] [-n<dn>] [-p<passwd>] [-a<auth>]");
  System.out.println();
  System.out.println(" -h\t\tPrint the usage message");
  System.out.println(" -l\t\tList the " + key + " schema in the directory");
  System.out.println(" -sn\tUpdate schema:");
  System.out.println(
  "\t\t -sn use workaround for Netscape Directory pre-4.1 schema bug");
  System.out.println(
  "\t\t -sn41 use workaround for Netscape Directory 4.1 schema bug");
  System.out.println(
  "\t\t -sad use workaround for Active Directory schema bug");
  System.out.println(" -n<dn>\tUse <dn> as the distinguished name for authentication");
  System.out.println(" -p<passwd>\tUse <passwd> as the password for authentication");
  System.out.println(" -a<auth>\tUse <auth> as the authentication mechanism");
  System.out.println("\t\t Default is 'simple' if dn specified; otherwise 'none'");
       System.exit(-1);

• Change Directory server for Portal Server 6.2

  Hi there,
  I have the following problem with Portal Server 6.2 configuration which hopefully someone here will be able to help me with.
  Basically our current setup is the Sun Portal Server 6.2, ID server 6.1 and Directory server all sitting on one (Solaris 9) box. We now wish to separate the Portal / ID server components and the Directory Server component to separate boxes. In portal server 6.0 i think there was a pssetup tool which allowed configuration of a directory server which populated it with the necessary data for portal and ID server. The directory server we will be installing to will not necessarily be a clean install, i.e. it may already be populated with data.
  Is there some way therefore to re-configure the existing directory server to allow us to point our portal / ID server at it?
  Thanks in advance for any help
  Laurence.

  This can be done. You need to import the portal/identity server's schema into your new directory server and then export your existing directory server's content and import it into the new one.

• Configuring a Directory Server for Digital IDs and Certificates

  My company is moving toward using electronic signatures for internal documents. All of the users are on XP machines and have Acrobat Professional 8.0 installed. So far, I've been manually adding trusted IDs for each person who will be receiving signed documents that need to be validated. I'd like to make this a little easier by storing everyone's certificates on a server (Windows 2003) so that people can just go out there and add them all as one .fdf file. What I'm wondering is, what is the difference between doing it this way versus going through Acrobat and configuring a directory server? Will it work either way?
  Thanks!
  Anita

  Hi,
  Sorry for the late reply, regarding the error message: The DHCP services could not Contact Active Directory,
  please check the below KB article to see if it could help here:
  You are unable to authorize DHCP Server in Active Directory
  http://support.microsoft.com/kb/303317/en-us
  Reference for error ID 1059, and
  error ID 10020.
  For The specified server are already present in the directory services,
  please take a look into the below Blog:
  Active Directory DHCP authorisation issues
  The method mentioned in the blog above is trying to move the old information that stored in AD, and then take an action of re-authorisation of the DHCP server.
  Hope this may help
  Best regards
  Michael
  If you have any feedback on our support, please click
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Single directory Server for Messaging and Portal

  We are trying to unify our directory services.
  At present, there two directory servers, one for iPlanet messaging 5.2 and another for Portal server 6.0.
  Messaging's Directory server is v5.1 and Portal's Directory server is v5.2. Their BaseDN is same.
  Now, What we are planning to do is as below.
  1. LDIF everything from Msgr Directory and import into Portal's Directory.
  2. Point Msg Server to the Portal's directory.
  But, we are not sure what to export or how to tell messaging server to look at the Portal's Directory. Any help will be greatly appreciated!!!
  Thanks
  Srini

  What you are trying to do is non-trivial.
  Setting the ldap server for user and groups on the mail server is easy enough -- look at the output of configutil and you will find the values of local.ugldap*
  define the values you need to change.
  e.g.:
  local.ugldapbasedn
  local.ugldapbindcred
  local.ugldapbinddn
  local.ugldaphost
  local.ugldapport
  etc.
  These are all listed in the messaging reference manual.
  You need to ensure that the schemas of the two apps. match. For example, if you are using schema 1 for mail and schema 2 for the portal (quite likely), there will be a lot more work to do on the directory than simply moving the user entries accross and merging them.
  Unless you have done this sort of thing before, or feel very comfortable and knowlegable about how the messaging server in partuicular works with LDAP, I would suggest that you seriously consider getting help from Sun Professonal Services.

• Which J2EE server for commercial use ?

  I'm a bit new to all of this so please be gentle...
  I'm currently learning all about J2EE by going through the tutorials provided by Sun (the bookstore, the bank etc). At the moment, I use the j2ee.exe program that comes with the SDK as my server.
  My question is : when it comes to actually setting up a J2EE server for real-world use, would I still be using the same j2ee.exe or is this merely for test purposes and cannot take the strain of serious use.
  If it is merely for testing and development, which j2ee servers are used out there in the big wide world ? I hear a lot spoken about Tomcat but don't know what it is.
  I'd appreciate any comments about this. Although I can find lots of detailed knowledge about j2ee and server-side java in general, there seems to be very little information giving a general overview.
  Thanks - Steve.

  Funny cos' I was nearly gonna ask the same question myself but...One thing I know is that Tomcat is only the servlet implementation of J2EE and cannot run EJB's...this I know for sure... On the other hand, Application servers like IBM's Websphere or BEA's Weblogic can handle both Servlets and EJB's...but are quite costly....there exists an open source version called JBOSS (jboss.org) that is free and seems to be quite worth checking out...as far as j2ee.exe goes, I think it just supports basic EJB implementation on it's own and does not take care of security, transactions, persistence etc... like the expensive ones do..
  did that help?
  pkingsun2002

• Can I get the Mac address in Audit logs of Active directory server for the user's machine which connect to the network/Domain

  Hello All,
  I am trying to get the information of all the user's who connect to our Domain network by signing in using the domain account. For this I am using the Windows audit group policies ( I am not sure of there is any other way). I can see when the user tries
  to login to the network there is a audit event created on the AD/DC server. I can see the Kerberos authentication and logon/logoff events in the audit events under event viewer.  
            However the info which is being populated in these events include :- Hostname, IP address, Username and so on... But I can't see the MAC address of the user machine/system. Is there any way I can
  get the Mac address of the endpoint system as its one of the important criteria for our project.
  Any inputs on this would be appreciated, incase if there is any other way other than group policies please suggest.
  Thanks,
  Kavish

  > include :- Hostname, IP address, Username and so on... But I can't see
  > the MAC address of the user machine/system. Is there any way I can get
  > the Mac address of the endpoint system as its one of the important
  > criteria for our project.
  If you use DHCP, you can query the DHCP server. There's no builtin
  method to get the MAC address directly.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• One Open Directory server for multiple businesses?

  Hi all,
  Is it possible to have one Mac OS X server seen by client computers through different domain names?
  See, I have one server now, with name:
  server01.it.lan
  As we are managing three different companies, I'd like the users working for one particular company to see the server with that company's name:
  server01.bizA.lan
  or
  server01.bizB.lan
  ...and so on.
  And I'd want whatever service used by that user to have a path or address that refers to that name, even though it will point to the same server in the end...
  After some reading, I have different avenues available which would each require quite some reading. So I'm turning to you to narrow the field of researches.
  1. First of all, is this possible? I mean, not-too-complicated possible?
  2. Where would you recommend I spend time learning?
  - DNS aliases? AFP seems to go back to the primary name when I use an alias in Directory Access... (shows server01.it.lan/share instead of server01.bizA.lan/share)
  - Network configuration duplicates, to have more than one IP address pointing to the same machine?
  - Other ideas? I don't need/want a full walkthrough. Actually, I'd prefer to just have simple hints to direct my researches...
  Thanks,
  Fred

  Hi Leandro,
  For your requirement this document describes the TREX installation -
  [TREX with Multiple Instances|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/78df2a46-0a01-0010-ef81-a6be60cc5cfd]
  Hope this helps,
  Reward points if helpful
  Regards,
  Shailesh Nagar

• Setting up Access Manager and Directory Server for Failover.

  I'm setting up 2 Access Managers AM1,AM2 and 2 Directory Servers DS1 and DS2 for failover. I've connected AM1 and AM2 to DS1. Suffixes of DS1 is replicated to DS2. Any change made to AM1 is replicated to AM2 as expected. I just patched AM1 with Access Manager patch 1 and the version information for AM1 shows 7.1 126359-01. I followed the same procedure to patch AM2 but AM2 still shows ver 7.1.
  How do I make sure both Access Managers are patched to the same version?
  I'm able to authenticate to one IIS6 site and authentication is passed on to Outlook Web Access on AM1 but when I shut down AM1 to test failover to AM2 OWA prompts me again for password. How do I resolve this?
  On AM1 http://host.domain/amserver/UI/Login?realm=sso successfully logs in but the same on AM2 gives Warning that "You have already logged in. Do you want to log out and then login to a different organization?"
  Please help !!!

  I'll answer what bits I can:
  Q: AM showing the same version?
  A: No idea on this one. I would have expected the operation you described to have produced the right answer. Check that neither your application server nor your web browser are caching old pages (ctrl-F5 in my browser)
  Q: How do I resolve re-authentication on failover?
  A: The AM documentation includes a deployment example that covers pretty closely what it is you are trying to achieve:
  http://docs.sun.com/app/docs/doc/820-2278
  Specifically, the problem you are describing is related to session failover. The sessions are stored in a local DB so when you failover the backup server does not store the same information and hence requires a reauthentication. The section of the above doc that deals with this is here:
  http://docs.sun.com/app/docs/doc/820-2278/gdsre?l=en&a=view
  Q: "You have already logged in" warning
  A: No idea. Sorry.
  R

• JAAS LoginModule for SunOne Directory Server?

  I have a customer who is using SunOne Directory Server for LDAP.
  I have test code that uses the JAAS's com.sun.security.auth.module.JndiLoginModule to do authentication against an OpenLDAP test server.
  The test code won't work at the customer site because they need to use a special userid/pw along with the subject userid/pw in order to do an authentication. I assume this is LDAP v3 stuff, but the customer is unsure. Unfortunately I have no direct access to the customer's LDAP admin folk. Typical bureaucracy stuff.
  The customer was able to write java code that authenticates to his LDAP server using example code from http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html which uses the JNDI API and specifies the access userid/pw using Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS.
  So thats great, however my application uses JAAS, and therfore only indirectly uses JNDI. The JndiLoginModule provided by JAAS does not appear to support the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS parameters.
  A custom JAAS LoginModule could be written which interfaces to the JNDI LDAP stuff, however considering that JAAS and the SunOne Directory server are both Sun products, I thought perhaps SunOne Directory comes with a JAAS compatible LoginModule that my customer does not know about? I've looked at online docs, but haven't found any such thing yet.

  Hey dav,
  Sorry that I am not posting to give you a solution - it is more to ask for some guidance.
  I am implementing a client-server arch system which has a lot of 'privileged' actions to be managed. I have thus succesfully integrated the basics of JAAS in to the system... but I am now desparately looking for away to have client-side policies distributed at runtime from the server.
  I do not want to get involved with any web/application server stuff more than I need to; unfortunately one of the system requirements is for client-server comms to be facilitated by SOAP over HTTP, and thus probably JAX-RPC - but it is no problem. I have a developed a database backed Policy and (JAAS) Config which constitute parts of the server component. Now it is just a case of getting the policy to the client at client start-up and subsequently the configuration forJAAS authentication. The aim is that this data will be transfered once during login, and anytime that the the policy is requested to be refreshed.
  Since reading you post, I'm wondering what services LDAP or JNDI can offer me?
  Also, is JNDI an appropriate option for data persistence? is it better to go with JDO or some other object store abstraction.
  Kind regards,
  Darren B

• Migration Users with MD5 Passwords to Directory Server 6.1 on Solaris 10

  Hi,
  We are currently in a requirement of migrating some users to a application database to inside LDAP. Currently Application maintained the passwords in the MD5 hash form. Typical 32 digit Hex value - 41da76f0fc3ec62a6939e634bfb6a342
  Is there a way we can migrate these Users password to directory Server as-is so that they don't end up facing the prospect of resetting post migration.
  I have done some of the initial ground work but seems to be missing other critical info if at all it's possible.
  I believe it's possible to have CRYPT password policy (which directory server uses from underlying OS) as one of the plug-ins to configure in a way that underlying CRYPT utility starts to process/provide/support MD5 hashes. I got it to work, my using the below command on DSEE instance:
  dsconf set-plugin-prop -p 389 CRYPT argument:'$md5$'
  But for some reasons the MD5 hash (Sun MD5 library) provides does not match with the original hash value. It's 22 char long (as I have not specified any salt length) so I am assuming it's Base64 encoded. I have a perl script which converts the original 32-digit hex values to a base64 encoded representation (which I have also verified with other open source tools)
  Is there a way I can tweak CRYPT utility or something so that it understands typical standard MD5 hashes. (Confused between Sun MD5 and BSD (Linux) MD5 - none of them seems to match standard MD5 generated value).
  Any leads on this would be really helpful ?

  Just to reclarify or throw more information:
  a password - cleartext value - testuser1 has 32-digit HEX value as - 41da76f0fc3ec62a6939e634bfb6a342
  Same password when converted to Base64 pattern becomes - Qdp28Pw+xippOeY0v7ajQg==
  But when I use pwdhash utility in DSE after configuring CRYPT to use MD5 hashes it becomes -
  {crypt}$md5$$LiB/H70zXr3xfQPoXVuUQ1
  I used below command :
  pwdhash -D /opt/SUNWdsee/dsee6/ds6/slapd-oha-dev -s CRYPT testuser1
  Actual hash value of pwdhash is -LiB/H70zXr3xfQPoXVuUQ1 with rest of the prefix is to meet RFC standard and salt and algo name separator.
  I am wondering if Sun MD5 default uses any salt even when I haven't used or DS does it. Or if any other MD5 option is there which can be used.
  Thanks,
  Gaurav