Write performance in Directory Server 5.0

Hi,
is it possible to generate around 350 updates / second with IDS 5.0 ?
I haven't chosen any Hardware yet, because I can't find anything
on how to size a Directory Server according to write performance.
Has someone experience with write performance and how it scales
using more CPU / RAM ?
Thanks,
Sascha
Sascha Hemmerling eMail:
[email protected]
Dweerkamp 13
24247 Mielkendorf Tele: +49-4347-713258

Were you trying to create a new index and then reintdex the Database....if so Did you check the free space of your database filesystem??because it mentions about space problem for the database..after reindexin

Similar Messages

Performance concern with directory server implementation

performance concern with directory server implementation
I first posted this at metalink forum, and was suggested to post it here instead.
Hi,
I'd like to get any feedback regarding performance of oracle directory server implementation. Below is what I copy&patested from 9i Net Services Administrator's Guide, I found no 'directory server vendor documentation', so anything regarding this is welcome too.
Performance
Connect identifiers are stored in a directory server for all clients to access.
Depending on the number of clients, there can be a significant load on a directory
server.
During a connect identifier lookup, a name is searched under a specific Oracle
Context. Because of the scope of the lookup, you probably want users to experience
relatively quick performance so that the database connect time is not affected. Users
may begin to notice slow connect times if lookups takes more than one second.
You can resolve performance problems changing the network topology or
implementing replication.
See Also: Directory server vendor documentation for details on
resolving performance issues
Thanks.
Shannon

Shannon,
you can find some tuning advises in the following
a) OiD Capacity Planning Considerations
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96574/cap_plan.htm#1030019
b) Tuning Considerations
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96574/tuning.htm#999468
c) oracle net services
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96579/products.htm#1005697
you should start with a) to get an overview what to be aware of
--Olaf

Directory Server with huge memory - performance issue

Hi.
We're using Sun Java System Directory Server 5.2Patch6 on Sun T5240
(UltraSPARC T2) with 64GB memory. Setting DBCache + EntryCache > 20G,
some performance degradation occurred.
(A) Sometimes, ping(ICMP echo/reply) reply time was delayed
(from same network segments, it occasionally becomes response time > 100ms
though time is almost response time < 1ms usually).
(B) Small freeze (OS? SDS?) occrred. LDAP search(from other clients)
response time was delayed(access log's etime was <1, but in my experience,
it was delayed).
I've read follwing article.
http://wikis.sun.com/display/SunJavaSystem/Directory+Server+Cache+Sizing
In this article, suggested pagesize tuning. But using pmap command,
ns-slapd was already using 4M page, and using "ppgsz -o heap=256M",
ns-slapd still using 4M page.
So, I have 2 questions.
(1) How to change pagesize using ns-slapd? I want to use 256M pagesize
(supported by Solaris10 / T5240)
(2) Is the above-mentioned problems, due to pagesize?
Regards,
Nokamoto

Setting DBCache + EntryCache > 20G, some performance degradation occurred.Based on real-world observations, memory consumption of directory server can be upto thrice the configured entry cache size plus db cache size. So we can expect your process size to be inching toward your physical memory limit.This would in turn most likely cause a performance degradation as other processes also need RAM and the OS would start paging to disk.
Do you need to increase cache to 20GB?

Directory Server 6.2 upgrade to 6.3: import LDIF problem

Hi all,
I have tried upgrading my Directory Server 6.2 to version 6.3 because of the database integrity issues as stated in:
http://blogs.sun.com/dsee/entry/directory_server_6_2_database
I have followed the steps defined in this article:
1. Shut down each directory server instance, as described in Starting, Stopping, and Restarting a Directory Server Instance.
2. Perform an LDIF export of the database, as described in Backing Up to LDIF.
3. Install the hotfix for bug 6642430 on Directory Server 6.2, or upgrade your Directory Server 6.2 instance to Directory Server 6.3 once Directory Server 6.3 is available for download (early April). You will need to login to Sunsolve in order to see this bug description.
But when importing the LDIF export, I got the following error:
[17/Dec/2008:14:44:08 +0100] - import ec: WARNING: Skipping entry "sunPortalAdminPortalDomainPortalServerInstanceMonitoringID=Monitoring,sunPortalAdminPortalDomainPortalServerInstanceID=sol10portal-80,sunPortalAdminPortalDomainPortalID=portal1,sunPortalAdminPortalDomainID=defaultDomain,o=example" whichIt's the only information I get about why the entry was skipped (I did not forget to copy the part after 'which', there was no information there :-))
This resulted in a missing Portal instance configuration and thus I got a 'configuration error' when surfing through the gateway to the portal.
I have also tried: manually importing that entry, which resulted in a 'Object does not exist' error. I have tried copying the whole tree from another backup with identical setup, which wasn't working either.
Did anyone experience the same problems before? Did I do something wrong or is there a workaround for this?
Second question: What is the exact reason why a export and import is necessary? Or is it only necessary if the database is already corrupt? Is there a way to check that?
Thanks alot!
Sten

The entry was not imported most likely because it's parent isn't in the database yet. Are entries above this in another backend ? If so try importing that backend first. Also, that dn is so long, that it exhausted the buffer which is used to write messages in the access log. This is why, there's nothing after "which".
What is the exact reason why a export and import is necessary? Or is it only necessary if
the database is already corrupt? Is there a way to check that?The database corruption could be silent. So a binary backup/restore when going from 6.2 to 6.3 is not recommended and the LDIF route must be used.

Log file size in Sun Directory Server

Does anyone have an idea about the how the Sun Directory Server's log file size will increase in size with respective to the actions performed?
Can someone give a data regarding this? If someone has a better scenario and the supportive data w.r.t log file size it will be helpful.
Thanks,

AFAIK No its based on time "At a certain time, or after a specified interval, the server rotates your access logs. "
More info in Archiving Log Files in [http://docs.sun.com/app/docs/doc/820-7985/gczxv?l=en&a=vie]
It should be easy to write such a script to be run as a daemon in logs directory. Here is the pseudo code :
while [1]
do
get size of the access/error log file
If size of file > max_size
<ws-install-dir>/https-<instance>/bin/rotate
sleep for sometime
done

Directory Server 6.2 - Possible Database Corruption

We have become aware of a bug in Directory Server 6.2 only that could cause database corruption. We have a hotfix for this issue, and if you are running Directory Server 6.2 and run into this problem then you should contact Sun Support and ask for the fix for the following bug
6642430: DB corruption (zero’d pages) when performing db2ldif against large 20GB ldif file.
The sunsolve record for this bug can be found at [http://sunsolve.sun.com/search/document.do?assetkey=1-1-6642430-1].
NOTE: This issue does not affect Directory Server 6.0 or 6.1 release so you only need this fix if you are running Directory Server 6.2.
After you have the hotfix for this issue on Directory Server 6.2 and have applied the hotfix, then you will have to re-initialize the database from an LDIF backup to fully correct the corruption issue. Simply applying the hotfix will not fix the database if the database is already corrupted. Database corruption can be present though not detected with data in binary formats. You must therefore rebuild the database by importing an LDIF backup.
Directory Server Enterprise Edition 6.2 is no longer available for download and Directory Server Enterprise Edition 6.3, which includes a fix for this issue, will be available for download early April. When upgrading to Directory Server 6.3 from 6.2 (not needed if you are on 6.0 or 6.1), make sure you export the database (db2ldif) prior to the upgrade and then re-import the database after the upgrade to fully re-initialize the database and to ensure that no corruption issues remain.
Recommended patch or upgrade procedures:
<ol><li>     Shut down each directory server instance, as described in [Starting, Stopping, and Restarting a Directory Server Instance|http://docs.sun.com/app/docs/doc/820-2491/6ne3dhd8u?a=view#bcaan].
</li>
<li>     Perform an LDIF export of the database, as described in [Backing Up to LDIF|http://docs.sun.com/app/docs/doc/820-2491/6ne3dhdio?a=view#ganwh].
</li>
<li>     Install the [hotfix for bug 6642430|http://sunsolve.sun.com/search/document.do?assetkey=1-1-6642430-1] on Directory Server 6.2, or upgrade your Directory Server 6.2 instance to Directory Server 6.3 once Directory Server 6.3 is available for download (early April). You will need to login to Sunsolve in order to
     see this bug description.
</li>
<li>     Re-initialize the database from the LDIF exported in step 2, as described in [Importing Data From an LDIF File|http://docs.sun.com/app/docs/doc/820-2491/6ne3dhdj4?a=view#ganwc].
     If you are running replicated instances of Directory Server, make sure you read [Restoring Replicated Suffixes|http://docs.sun.com/app/docs/doc/820-2491/6ne3dhdjc?a=view#bcajf] as well.
</li>
</ol>
Edited by: KevinLeMay on Mar 28, 2008 4:48 AM

The entry was not imported most likely because it's parent isn't in the database yet. Are entries above this in another backend ? If so try importing that backend first. Also, that dn is so long, that it exhausted the buffer which is used to write messages in the access log. This is why, there's nothing after "which".
What is the exact reason why a export and import is necessary? Or is it only necessary if
the database is already corrupt? Is there a way to check that?The database corruption could be silent. So a binary backup/restore when going from 6.2 to 6.3 is not recommended and the LDIF route must be used.

Directory Server SMF tripping over itself (crosspost)

I've posted this question in the SMF related forum too, so if replies could go there, that would be handy: [http://forums.sun.com/thread.jspa?messageID=10940406]
We have a working instance of DSEE6.3.1 under Solaris 10 managed via SMF (using the manifest generated by dsadm/dscfg -- I forget which).
# svcs -a | grep ldap-user
online 10:47:08 svc:/application/sun/ds:ds--data-ldap-user-instanceAfter a forced shutdown, DSEE starts up and does a self-recovery (as it should). When that's complete, the slapd process is running and the startup script exits with status 221 (ie. Not 0) -- however slapd is running.
SMF notices that it's !0 and tries to restart DSEE... by issuing another start. This second start then exits almost immediately saying "slapd already running" but this time exits with 0 -- are we ok? No... cos SMF then notices that all the processes it just started have gone away so it calls "stop" followed by another "start".
This is where it gets a bit hazy as it looks like DSEE never shut down cleanly again so the whole process repeats itself ad infinitum (although I suspect that's a separate issue). :-(
I guess what I'm asking is -- is there a way to stop SMF from doing that: perhaps treat exit=221 as non-fatal and perform a service check?
Log file below:
[ Feb 26 21:40:42 Enabled. ]
[ Feb 26 21:40:50 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Failed to start Directory Server instance '/data/ldap/user/instance'
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Directory Server instance '/data/ldap/user/instance' has detected a disorderly shutdown or a change in cache
size
Recovery phase is starting, this may take a while...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
ns-slapd wrote the following lines in the error log (/data/ldap/user/instance/logs/errors):
##[26/Feb/2010:22:00:07 +0000] - Sun-Java(tm)-System-Directory/6.3.1 B2008.1121.0156 (64-bit) starting up
##[26/Feb/2010:22:00:09 +0000] - WARNING<20488> - Backend Database - conn=-1 op=-1 msgId=-1 - Detected Diso
rderly Shutdown last time Directory Server was running, recovering database.
##[26/Feb/2010:22:01:38 +0000] - Database recovery is 0% complete.
##[26/Feb/2010:22:01:51 +0000] - Database recovery is 100% complete.
##[26/Feb/2010:22:01:59 +0000] - WARNING<20805> - Backend Database - conn=-1 op=0 msgId=-1 - search is not
indexed base='cn=changelog' filter='(replicationcsn>=4b87f656000000000000)' scope='sub'
[ Feb 26 22:02:17 Method "start" exited with status 221 ]
[ Feb 26 22:02:17 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Directory Server instance '/data/ldap/user/instance' is already running (pid: 352)
[ Feb 26 22:02:18 Method "start" exited with status 0 ]
[ Feb 26 22:02:18 Stopping because all processes in service exited. ]
[ Feb 26 22:02:18 Executing stop method ("/opt/SUNWdsee/ds6/bin/dsadm stop --exec /data/ldap/user/instance")
Directory Server instance '/data/ldap/user/instance' stopped
[ Feb 26 22:02:20 Method "stop" exited with status 0 ]
[ Feb 26 22:02:20 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Failed to start Directory Server instance '/data/ldap/user/instance'
.......................... repeat ........................

Well, one way around it is to write your own start script and manage the exit codes yourself.
I have some doubts about the autorestart configuration of DS, especially in a case like this where the server seems to be crashing. Realistically, you can end up worse off if your server has crashed by automatically restarting it. Your data may be corrupt, and the process may eventually stay up (especially if you work around the current issue), but the DS is not really healthy and it does need an administrator to investigate what's wrong with it. It may also return inconsistent or simply bad data to clients. All in all, I would prefer an instance in such a state to stay down and trigger alarms, assuming it has failover peers that can take on its workload.

Directory Server SMF tripping over itself

We have a working instance of DSEE6.3.1 under Solaris 10 managed via SMF (using the manifest generated by dsadm/dscfg -- I forget which).
# svcs -a | grep ldap-user
online 10:47:08 svc:/application/sun/ds:ds--data-ldap-user-instanceAfter a forced shutdown, DSEE starts up and does a self-recovery (as it should). When that's complete, the slapd process is running and the startup script exits with status 221 (ie. Not 0) -- however slapd is running.
SMF notices that it's !0 and tries to restart DSEE... by issuing another start. This second start then exits almost immediately saying "slapd already running" but this time exits with 0 -- are we ok? No... cos SMF then notices that all the processes it just started have gone away so it calls "stop" followed by another "start".
This is where it gets a bit hazy as it looks like DSEE never shut down cleanly again so the whole process repeats itself ad infinitum (although I suspect that's a separate issue). :-(
I guess what I'm asking is -- is there a way to stop SMF from doing that: perhaps treat exit=221 as non-fatal and perform a service check?
Log file below:
[ Feb 26 21:40:42 Enabled. ]
[ Feb 26 21:40:50 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Failed to start Directory Server instance '/data/ldap/user/instance'
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Directory Server instance '/data/ldap/user/instance' has detected a disorderly shutdown or a change in cache
size
Recovery phase is starting, this may take a while...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
ns-slapd wrote the following lines in the error log (/data/ldap/user/instance/logs/errors):
##[26/Feb/2010:22:00:07 +0000] - Sun-Java(tm)-System-Directory/6.3.1 B2008.1121.0156 (64-bit) starting up
##[26/Feb/2010:22:00:09 +0000] - WARNING<20488> - Backend Database - conn=-1 op=-1 msgId=-1 - Detected Diso
rderly Shutdown last time Directory Server was running, recovering database.
##[26/Feb/2010:22:01:38 +0000] - Database recovery is 0% complete.
##[26/Feb/2010:22:01:51 +0000] - Database recovery is 100% complete.
##[26/Feb/2010:22:01:59 +0000] - WARNING<20805> - Backend Database - conn=-1 op=0 msgId=-1 - search is not
indexed base='cn=changelog' filter='(replicationcsn>=4b87f656000000000000)' scope='sub'
[ Feb 26 22:02:17 Method "start" exited with status 221 ]
[ Feb 26 22:02:17 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Directory Server instance '/data/ldap/user/instance' is already running (pid: 352)
[ Feb 26 22:02:18 Method "start" exited with status 0 ]
[ Feb 26 22:02:18 Stopping because all processes in service exited. ]
[ Feb 26 22:02:18 Executing stop method ("/opt/SUNWdsee/ds6/bin/dsadm stop --exec /data/ldap/user/instance")
Directory Server instance '/data/ldap/user/instance' stopped
[ Feb 26 22:02:20 Method "stop" exited with status 0 ]
[ Feb 26 22:02:20 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Failed to start Directory Server instance '/data/ldap/user/instance'
.......................... repeat ........................

Well, one way around it is to write your own start script and manage the exit codes yourself.
I have some doubts about the autorestart configuration of DS, especially in a case like this where the server seems to be crashing. Realistically, you can end up worse off if your server has crashed by automatically restarting it. Your data may be corrupt, and the process may eventually stay up (especially if you work around the current issue), but the DS is not really healthy and it does need an administrator to investigate what's wrong with it. It may also return inconsistent or simply bad data to clients. All in all, I would prefer an instance in such a state to stay down and trigger alarms, assuming it has failover peers that can take on its workload.

SMTP requests cause the directory server to allocate all processor resource

Using JES 2005Q1.
The problem started when adding mass number of users. When running the commadmin for a long time, the system will hang. We tuned the directory server by increasing the database, initialization and entry cache. I changed many other parameters to tune parameters. It was worthless.
I shifted to ldif and used ldapmodify to create those users.
The users were created successfully. But when the smtp traffic was directed to the server, the nslapd process will allocate 95% of the CPU in 5 minutes.
The problem is in the way the directory server is searched when it accepts an smtp request.
Knowing that the server is currently used only for Messaging Server, any suggestions on how to improve the performance of the directory?
Thanks in advance.

The "lookthroughlimit" is set to -1.
I sent from a local user on the server to the same user and the log was this :
"[04/Oct/2005:10:26:02 -0300] conn=1407 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:02 -0300] conn=1406 op=-1 msgId=-1 - closing - T1
[04/Oct/2005:10:26:02 -0300] conn=1406 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:26:02 -0300] conn=1407 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
[04/Oct/2005:10:26:02 -0300] conn=1407 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
[04/Oct/2005:10:26:02 -0300] conn=1407 op=1 msgId=2 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=marmara.terra.net.lb)(sunPreferredDomain=marmara.terra.net.lb)))" attrs=ALL
[04/Oct/2005:10:26:02 -0300] conn=1408 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:02 -0300] conn=1408 op=0 msgId=141 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:26:02 -0300] conn=1408 op=0 msgId=141 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:26:02 -0300] conn=1407 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
[04/Oct/2005:10:26:16 -0300] conn=1407 op=2 msgId=3 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=terra.net.lb)(sunPreferredDomain=terra.net.lb)))" attrs=ALL
[04/Oct/2005:10:26:16 -0300] conn=1407 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:16 -0300] conn=1407 op=3 msgId=4 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(&(uid=dede1)(objectClass=inetmailuser))" attrs="uid inetUserStatus mailUserStatus mailAllowedServiceAccess inetsubscriberstatus inetauthorizedservices nsmsgDisallowAccess mailAccessDomain mailHost mailMessageStore preferredLanguage mail mailQuota mailMsgQuota aclGroupAddr pabURI maxPabEntries preferredLocale"
[04/Oct/2005:10:26:16 -0300] conn=1407 op=3 msgId=4 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:16 -0300] conn=1409 op=-1 msgId=-1 - fd=41 slot=41 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:16 -0300] conn=1409 op=0 msgId=1 - BIND dn="uid=dede1,ou=People,o=terra.net.lb,o=isp" method=128 version=3
[04/Oct/2005:10:26:16 -0300] conn=1409 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=dede1,ou=people,o=terra.net.lb,o=isp"
[04/Oct/2005:10:26:17 -0300] conn=1407 op=4 msgId=5 - SRCH base="uid=dede1,ou=people,o=terra.net.lb,o=isp" scope=0 filter="(objectClass=*)" attrs="cn cn;lang-en givenName givenName;lang-en mail mailAlternateAddress mailAutoReplyMode mailAutoReplySubject mailAutoReplySubject;lang-en mailAutoReplyText mailAutoReplyText;lang-en mailAutoReplyTextInternal mailAutoReplyTextInternal;lang-en mailAutoReplyTimeout mailDeliveryOption mailForwardingAddress mailQuota mailMsgQuota preferredLanguage sn sn;lang-en uid vacationEndDate vacationStartDate mailHost mailSieveRuleSource sunUCDateFormat sunUCDateDelimiter sunUCTimeFormat nswmExtendedUserPrefs"
[04/Oct/2005:10:26:17 -0300] conn=1407 op=4 msgId=5 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:18 -0300] conn=1410 op=-1 msgId=-1 - fd=42 slot=42 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:18 -0300] conn=1410 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
[04/Oct/2005:10:26:18 -0300] conn=1410 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
[04/Oct/2005:10:26:18 -0300] conn=1410 op=1 msgId=2 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(|(cn=*)(ou=*))" attrs=ALL
[04/Oct/2005:10:26:18 -0300] conn=1410 op=1 msgId=2 - RESULT err=0 tag=101 nentries=2 etime=0
[04/Oct/2005:10:26:18 -0300] conn=1410 op=2 msgId=3 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(|(objectClass=pab)(objectClass=pabgroup))" attrs=ALL
[04/Oct/2005:10:26:18 -0300] conn=1410 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:18 -0300] conn=1410 op=3 msgId=4 - SRCH base="ou=dede1,ou=people,o=terra.net.lb,o=isp,o=pab" scope=2 filter="(memberOfPAB=AddressBookabbe53c)" attrs="un cn sn givenName mail description telephoneNumber homePhone memberOfPAB memberOfPABGroup objectClass"
[04/Oct/2005:10:26:18 -0300] conn=1410 op=3 msgId=4 - RESULT err=0 tag=101 nentries=0 etime=0
[04/Oct/2005:10:26:47 -0300] conn=1411 op=-1 msgId=-1 - fd=49 slot=49 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:47 -0300] conn=1411 op=0 msgId=1 - BIND dn="uid=msg-admin-marmara.terra.net.lb-20050906144228Z, ou=People, o=terra.net.lb,o=isp" method=128 version=3
[04/Oct/2005:10:26:47 -0300] conn=1411 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-marmara.terra.net.lb-20050906144228z,ou=people,o=terra.net.lb,o=isp"
[04/Oct/2005:10:26:47 -0300] conn=1411 op=1 msgId=2 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=terra.net.lb)(sunPreferredDomain=terra.net.lb)))" attrs=ALL
[04/Oct/2005:10:26:47 -0300] conn=1411 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:47 -0300] conn=1411 op=2 msgId=3 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(|([email protected])([email protected])([email protected]))" attrs="preferredLanguage mail mailEquivalentAddress"
[04/Oct/2005:10:26:47 -0300] conn=1411 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:47 -0300] conn=1411 op=3 msgId=4 - SRCH base="o=terra.net.lb,o=isp" scope=2 filter="(|([email protected])([email protected])([email protected]))" attrs="objectClass inetUserStatus mailUserStatus inetMailGroupStatus uid preferredLanguage mailRoutingAddress mailDeliveryOption mail mailAlternateAddress mailEquivalentAddress vacationStartDate vacationEndDate mailConversionTag mailMsgMaxBlocks mailHost mailQuota mailMsgQuota mailProgramDeliveryInfo mailDeliveryFileURL maildeliveryfile mailAutoReplyMode mailAutoReplySubject mailAutoReplyText mailAutoReplyTextInternal mailAutoReplyTimeout mailSieveRuleSource mailForwardingAddress mailDeferProcessing mgrpMsgRejectAction mgrprejecttext mgrpMsgRejectText mgrpBroadcasterPolicy mgrpDisallowedBroadcaster mgrpAllowedBroadcaster mgrpDisallowedDomain mgrpAllowedDomain mgrpMsgMaxsize mgrpAuthPassword mgrpModerator mgrpDeliverTo memberURL uniqueMember mgrpRFC822MailMember rfc822mailmember mgrpErrorsTo mgrpAddHeader mgrpRemoveHeader mgrpMsgPrefixText mgrpMsgSuffixText mgmanMemberVisibility expandable"
[04/Oct/2005:10:26:47 -0300] conn=1411 op=3 msgId=4 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:26:47 -0300] conn=1411 op=4 msgId=5 - SRCH base="o=isp" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=ims-ms-daemon)(sunPreferredDomain=ims-ms-daemon)))" attrs=ALL
[04/Oct/2005:10:26:48 -0300] conn=1411 op=4 msgId=5 - RESULT err=0 tag=101 nentries=0 etime=1
[04/Oct/2005:10:26:48 -0300] conn=1412 op=-1 msgId=-1 - fd=50 slot=50 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:26:48 -0300] conn=1412 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
[04/Oct/2005:10:26:48 -0300] conn=1412 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:26:48 -0300] conn=1412 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
[04/Oct/2005:10:26:48 -0300] conn=1412 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1418 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:32:56 -0300] conn=1415 op=-1 msgId=-1 - closing - T1
[04/Oct/2005:10:32:56 -0300] conn=1415 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:32:56 -0300] conn=1418 op=0 msgId=1 - BIND dn="cn=admin-serv-marmara, cn=Administration Server, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=3
[04/Oct/2005:10:32:56 -0300] conn=1418 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:32:56 -0300] conn=1418 op=1 msgId=2 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:32:56 -0300] conn=1418 op=1 msgId=2 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:32:56 -0300] conn=1418 op=2 msgId=3 - UNBIND
[04/Oct/2005:10:32:56 -0300] conn=1418 op=2 msgId=-1 - closing - U1
[04/Oct/2005:10:32:56 -0300] conn=1419 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:32:56 -0300] conn=1418 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:32:56 -0300] conn=1419 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:32:56 -0300] conn=1419 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=1 msgId=2 - SRCH base="cn=statusping,cn=operation,cn=tasks,cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=0 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=2 msgId=3 - SRCH base="cn=admin-serv-marmara,cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=2 msgId=3 - RESULT err=0 tag=101 nentries=22 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=3 msgId=4 - SRCH base="cn=slapd-marmara,cn=sun one directory server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=3 msgId=4 - RESULT err=0 tag=101 nentries=9 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=4 msgId=5 - SRCH base="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=4 msgId=5 - RESULT err=0 tag=101 nentries=16 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=5 msgId=6 - SRCH base="cn=sun one directory server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=5 msgId=6 - RESULT err=0 tag=101 nentries=13 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=6 msgId=7 - SRCH base="cn=administration server,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=6 msgId=7 - RESULT err=0 tag=101 nentries=22 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=7 msgId=8 - SRCH base="cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress"
[04/Oct/2005:10:32:56 -0300] conn=1419 op=7 msgId=8 - RESULT err=0 tag=101 nentries=17 etime=0
[04/Oct/2005:10:32:56 -0300] conn=1419 op=8 msgId=9 - UNBIND
[04/Oct/2005:10:32:56 -0300] conn=1419 op=8 msgId=-1 - closing - U1
[04/Oct/2005:10:32:57 -0300] conn=1419 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:33:02 -0300] conn=1420 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:33:02 -0300] conn=1420 op=0 msgId=143 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:33:02 -0300] conn=1420 op=0 msgId=143 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:35:00 -0300] conn=1420 op=-1 msgId=-1 - closing - T1
[04/Oct/2005:10:35:00 -0300] conn=1420 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:35:00 -0300] conn=1421 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
[04/Oct/2005:10:35:00 -0300] conn=1421 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:35:00 -0300] conn=1421 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
[04/Oct/2005:10:35:00 -0300] conn=1421 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
[04/Oct/2005:10:35:00 -0300] conn=1422 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:35:00 -0300] conn=1422 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=marmara.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
[04/Oct/2005:10:35:00 -0300] conn=1422 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:35:00 -0300] conn=1422 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=marmara.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
[04/Oct/2005:10:35:00 -0300] conn=1422 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
[04/Oct/2005:10:35:00 -0300] conn=1422 op=2 msgId=3 - UNBIND
[04/Oct/2005:10:35:00 -0300] conn=1422 op=2 msgId=-1 - closing - U1
[04/Oct/2005:10:35:00 -0300] conn=1422 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - closing - B1
[04/Oct/2005:10:35:00 -0300] conn=1421 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:35:02 -0300] conn=1423 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:35:02 -0300] conn=1423 op=0 msgId=144 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:35:02 -0300] conn=1423 op=0 msgId=144 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:35:31 -0300] conn=1424 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 127.0.0.1 to 127.0.0.1
[04/Oct/2005:10:35:31 -0300] conn=1424 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:35:31 -0300] conn=1424 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[04/Oct/2005:10:35:31 -0300] conn=1424 op=1 msgId=3 - UNBIND
[04/Oct/2005:10:35:31 -0300] conn=1424 op=1 msgId=-1 - closing - U1
[04/Oct/2005:10:35:31 -0300] conn=1424 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 212.98.130.21 to 212.98.130.20
[04/Oct/2005:10:37:05 -0300] conn=1423 op=-1 msgId=-1 - closing - T1
[04/Oct/2005:10:37:05 -0300] conn=1423 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:37:05 -0300] conn=1425 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=coral.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
[04/Oct/2005:10:37:05 -0300] conn=1425 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:37:05 -0300] conn=1425 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
[04/Oct/2005:10:37:05 -0300] conn=1425 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
[04/Oct/2005:10:37:05 -0300] conn=1426 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.21 to 212.98.130.20
[04/Oct/2005:10:37:05 -0300] conn=1426 op=0 msgId=1 - BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=coral.terra.net.lb, ou=terra.net.lb, o=NetscapeRoot" method=128 version=2
[04/Oct/2005:10:37:05 -0300] conn=1426 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot"
[04/Oct/2005:10:37:05 -0300] conn=1426 op=1 msgId=2 - SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=coral.terra.net.lb,ou=terra.net.lb,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
[04/Oct/2005:10:37:05 -0300] conn=1426 op=1 msgId=2 - RESULT err=0 tag=101 nentries=31 etime=0
[04/Oct/2005:10:37:05 -0300] conn=1426 op=2 msgId=3 - UNBIND
[04/Oct/2005:10:37:05 -0300] conn=1426 op=2 msgId=-1 - closing - U1
[04/Oct/2005:10:37:05 -0300] conn=1426 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - closing - B1
[04/Oct/2005:10:37:05 -0300] conn=1425 op=-1 msgId=-1 - closed.
[04/Oct/2005:10:37:17 -0300] conn=1427 op=-1 msgId=-1 - fd=38 slot=38 LDAP connection from 212.98.130.20 to 212.98.130.20
[04/Oct/2005:10:37:17 -0300] conn=1427 op=0 msgId=145 - BIND dn="cn=Directory Manager" method=128 version=3
[04/Oct/2005:10:37:17 -0300] conn=1427 op=0 msgId=145 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
This log was generated when the message was sent and recieved.
Thanks for the help.

Using Linux/Red Hat/Intel for Sun ONE/Java Directory Server

Anybody have any experience of this? We're looking to get off AIX, and Total Cost of Ownership for using Solaris/Sparc versus Linux/Intel is very similar.
The decider will be if no-one is using Linux as a platform for Sun ONE/Java Directory Server....
Any feedback would be appreciated....

We run Directory 5.1 in production on Solaris/Sparc, but I've tried it with sucess on Red Hat 7.2 on Intel. We have not been able to get it to work on Red Hat Enterprise 2.1 or 3.0. The main problem has been that the administration server fails on startup. Obvious the lack of support for the latest enterprise class Linux is a huge drawback. At this point I've decided to stay on Solaris/Sparc until Red Hat comes out with its own release of Netscape's Directory. When that happens we're going to evaluate whether to move the whole environment to Red Hat. The Sun and Netscape servers are almost identical in terms of features and performance, but having an open source version that can run on less expensive hardware would be a terrific win for us.

Access read-only LDAP for username/password, Directory Server LDAP for rest

Hello! I keep trying to find documentation on the above, but thus far I have been unable to find something that explains this well (and my attempts at figuring out thus far have failed).
I have a read-only LDAP that is used University wide, and I am not allowed to change how it currently operates. It uses double-bind authentication in that you search for a user to get their DN, then bind to that DN with the users password to see if it was correct.
I'd like to use the above setup to verify a user's credential as well as return some basic information about them (name, email, etc). After this, I'd like to use another freshly installed Directory Server LDAP to manage the roles that seem to be needed for Portal Server (as I cannot write to the original LDAP).
Any help or advice on the above would be appreciated! Thank you.

The authentication you described is the default way LDAP authentication works.
AM Ldap auth-module allows you to 'pull' attributes from the LDAP server you're using for authentication and store it in it's 'amSDK' Directory Server - which is leveraged by Portal Server (if you're talking about Sun's Portal Server).
However this is only done if the profile is created (set 'dynamic profile generation' in auth - service).
As Portal Server does not support the new 'identity repsoistory API' of AM you have to stick to AM's legacy mode when using Portal Server.
To keep the the data in sync (if needed) you have to write a post-auth class.
-Bernhard

An error occurred while configuring server as a directory server. Please check your network configuration and try again.

Hi there,
My Mac OS X Server 8.2 got buggered after I did the following steps:
Wiped Profile manager using "/Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeD B.sh"
Clicking the Off button in the Profile Manager section of the Server.app
Clicking the On button of the same
Clicking on asks if I want to create a new directory master, but I know that one already exists. Trying to continue confirms this. So, I go and destroy it to start again, but afterward, I get the following error when trying to create the directory master:
I've done this enough times while watching the system log to see the actual error thrown, which is:
Nov 12 22:01:24 srv.domain.com Server[279]: An error occurred while configuring srv as a directory server:
    Error Domain=XSActionErrorDomain Code=-1 "A child action failed" UserInfo=0x7fee9516c0f0 {XSActionErrorActionsKey=(
        "Creating Open Directory master"
    ), NSLocalizedDescription=A child action failed}
I have Googled the above and have discovered only a few entries here in these Apple communities, but have found no joy.
Here's a similar threads:
https://discussions.apple.com/message/19237429#19237429
Interestingly/confusingly, this server has been working just fine as a domain master using different domain names (on separate occasions/setups). It was only after having clicked the OFF button in Profile Manager (after a wipe) that things stopped working.
I could rebuild this server, as I have a backup image of it that I can restore, but I'd rather find out what's broken and fix it so as to hopefully be able to fix it if/when this ever happens to me again, learning something in the process.
That said, I perform the following steps prior to running the Open Directory setup on a the server to try and clean it up as best possible.
Clean up steps:
Delete the DNS zone (and all entries).
Turn off all server services
Delete all file server sharepoints
Change the host name at Hardware => SRV => Network tab. This runs the Change Host Name program.
Close Server.app
Throw Server.app in the trash / Empty trash (I've also just trashed and put back with same result)
Delete the /Library/Server directory
Clear and recreate System keychain using "systemkeychain -vfcC" to clear out all the certs related to old host name.
Delete all the entries in the Login keychain
Reboot (probably don't have to)
Re-download and install Server.app
Run Server.app, which actually retains some settings from the last setup, though I don't know where to clean those.
After Server setup, confirm that the host name from step 4 is what I want.
Running "changeip -checkhostname" shows "Success". I'm using an Internet domain name so pinging the "internal" zone (srv.domain.com) resolves with the correct internal IP, and pinging the "external" zone resolves to the correct external address on the Internet.
It would seem like I'm all good to go, but when I try to turn on Open Directory and go through the setup prompts, I get the same "Confirm Settings" error as above.
The *only* way that I've come close to "fixing" this is to cancel out of the Profile Manager. Then, go destroy the open directory that already exists. Then create the domain via the Profile Manager enabling process. At present, this only seems work to for a "private" domain. Neither of the two Internet domain names that I've used successfully in the past work with this (or any) method.
Any advice or clues you can throw my way would be most appreciated.
Thanks,
Kim

Had the same problem found the answer here:
https://discussions.apple.com/thread/3264944?start=0&tstart=0

Can an email address be a member of an LDAP group even if it isn't associated with an object in the Directory Server?

Can an email address be a member of an LDAP group even if it isn't
associated with an object in the Directory Server?
<P>
General members of a group are the members defined in the
Directory Server. They are full-fledged members of the group who
may have a set of permissions associated with their membership,
a title, or other attributes. Mail-specific users are users who
are not full-fledged members of the group, but who receive mail
sent to the group. Mail-specific users need not be identified as
a user in the Directory Server--an email address is sufficient.
An example of this is a group of salespeople, all of whom are in
the group "North American Sales Team." They have access to a
sales-tracking database, on-line quota information, and
competitive information. The mail-specific users of this group
are the admins who support the members of the sales team, who need
to get the mail that goes out to the group, but don't need access
to the applications and information that the salespeople do.

Hey EllyK,
Welcome to the BlackBerry Support Community Forums.
Thanks for the question.
I would suggest performing this workaround and then try to login to BlackBerry Link:
Open BlackBerry World on the BlackBerry smartphone and sign in using the BlackBerry ID.
Connect the BlackBerry 10 smartphone to the computer.
Open BlackBerry Link
Sign in using the BlackBerry ID.
Let me know if the issue still persists.
Cheers.
-ViciousFerret
Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
Be sure to click Like! for those who have helped you.
Click Accept as Solution for posts that have solved your issue(s)!

How to install directory server/client on Solaris 9 for dummys

Hi,
after reading hunderts of pages, after asking questions in forums without getting the right answers, i was able to install the directory server in our company.
Here is the summary i made for myself. Perhaps it helps others to avoid the same problems.
Set up a Directory Server (sun one ds 5.1)
Present situation:
-Nisplus is installed
-Solaris OS 9 sparc 64bit is installed
-DS5 Software is normally already installed in Solaris 9. Check off with 'pkginfo | grep IPLT*'
-Otherwise install from Solaris OS 9 Disc1 with 'pkgadd -d IPLTxxxx .'
-Software setup with '/usr/sbin/directoryserver setup'
     Install admin- and directory server.
     For Directory Server use port 389 (necessary for later use of SSL)
     For Admin Server use any empty port > 1024
     Run directoryserver as root (necessary for using port 389 and for -starting servers from console)
     Use default Directory Manager DN cn=Directory manager
     Use your domain as DIT (default information tree) example: dc=example, dc=com
     As second DIT, setup installs o=NetscapeRoot. Don't change this DIT at all!!!!!
The server stores all the default schemas there which are absolutely important for the directoy
server. Don't change anything there !
-Configure software with 'idsconfig'
     Preferred - and default server xxx.xxx.xxx.xxx (ip_adds of your directory server)
     Use default search scope one
     Use credential's Proxy
     Use authentication Simple (you may change this later if needed)
     All the rest should remain on default settings
     You will be asked for a proxy passwort
-Start the directoryserver console with '/usr/sbin/directoryserver startconsole'
-If it's not yet running, start the directory server from console or with command 'directoryserver -s instance_name start'
-If it's not yet running, start the admin server from console or with command 'directoyserver start-admin'
-On directoryserver's gui at configuraton/password set password encryption to 'unix crypt algorithm (CRYPT)'
Import Data
-Get Data from Nisplus with
     'niscat passwd.org_dir passwd.ldap'
     'niscat hosts.org_dir hosts.ldap'
     'niscat groups.org_dir groups.ldap'
     etc
-adjust the files. (try it out with one entry of a file only. You may delete this entry with the gui very easy if it's not successfull.
-hosts.ldap must look like
xxx.xxx.xxx.xxx machine1
xxx.xxx.xxx.xxx machine2
xxx.xxx.xxx.xxx machine3
     First value is the ip-address, second one is the hostname.
     If you have more than one hostname per machine, use a second line (don't write 2 names behind the ip-address like you did in nisplus!!!)
Change content of files into ldif format
-perl migrate_hosts.pl hosts.ldap hosts.ldif
-perl migrate passwd.pl passwd.ldap passwd.ldif
-You may download the above perl-Files from http://www.padl.com
Change the converted passwd.ldif File as follows:
-before change:
dn: uid=mario,ou=People,dc=krinfo,dc=ch
uid: mario
cn: mario
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword: {crypt}6O9m3uK./T/rM
loginShell: /bin/bash
uidNumber: 1020
gidNumber: 14
homeDirectory: /home/mario
-after change:
dn: uid=mario,ou=People,dc=krinfo,dc=ch
uid: mario
cn: mario
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount <--- this line must be inserted
objectClass: top
userPassword: {crypt}6O9m3uK./T/rM
loginShell: /bin/bash
uidNumber: 1020
gidNumber: 14
homeDirectory: /home/mario
Insert the line for every entry in the passwd.ldif file
You may now import all these xxxx.ldif files into the directory server with
-ldapadd -h name_of_directoryserver -D "cn=Directory Manager" -w password -f XXXXX.ldif
You may use this commands later to import further data.
-Initialise a client
'ldapclient -a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com init xxx.xxx.xxx.xxx'
The xxx.xxx.xxx.xxx at the end is the ip address of the directory server
-This will make a client with data taken from the default profile from the directory server. This profile has been produced with the earlier command idsconfig and can be changed if needed.
-The System will ask you for the proxy password (given the first time in idsconfig dialog)
-You may now look at the produces files
in '/var/ldap/ldap_client_file' for the client settings
in '/var/ldap/ldap_client_cred' for the proxy settings
'ldapclient list' shows the settings of the client
With 'ldaplist -h' you may see all the existing entries with their objects.
Activate the client
-If it's not yet running, start '/usr/lib/ldap/ldap_cachemgr'
-All nisplus daemons/programs have been stopped by ldapclient command. If not, stop them manually.
-/etc/nsswitch.conf should have been copied from /etc/nsswitch.ldap from ldapclient too.
-If not, do it manually.
example
passwd: files ldap
group: files ldap
hosts ldap dns files
etc
I recommend to change the file '/etc/nsswitch.ldap' because the system oftens copies nsswitch.ldap to nsswitch.conf and if nsswitch.ldap is adapted, you must now change it again and again.
you may now check whether ldap is working fine with the following requests:
getent passwd username
getent hosts hostname
getent groups
getent network
These commands should give you the requested answer.
Be sure to clean:
/etc/hosts      inside is only your workstation and the directory server
/etc/passwd     only default and local entries
/etc/groups only default and local entries
etc
try a telnet to your own machine to check, whether password and automount of your home_dirctory works fine.
I failed here. All was working fine, but the password exchange did not because of credential/authentication problems.
Best regards and good luck
Mario

Directory Server 5.1 does not support Kerberos authentication.
Beside this there are some extensions in MS kerberos authentication that makes it almost impossible to have a MS client authenticate with something else than AD.
Regards,
Ludovic.

Lync Hybrid : Unable to write to active directory due to lack of permission

Hello everyone,
I need a little help to troubleshoot a problem I have when moving a user to Lync Online.
My client has a Dirsync and Adfs working perfectly with o365.
My problem is that when I try to move a user to Lync Online I have this error :
Move-CsUser -Identity "Username" -Target sipfed.online.lync.com -credential $cred -hostedmigrationOverrideUrl "https://admin0e.online.lync.com/hostedmigration/hostedmigrationservice.svc"
"Move-CsUser : Unable to write to Active Directory due to lack of permissions"
Like the error said, it's a lack of permission but what kind of permission do I need to make this work ? I've tried to googleit/technetit but no helpful topic found...
Thanks in advance for your help and answers.
Regards,
Adrian TUPPER - ABC Systemes - http://thelyncexperience.blog.com/ If answer is helpful, please hit the green arrow on the left, or mark as answer Thank you

Hi,
Did you solve the issue by adding the account to RTCUniversalUserAdmins group?
To move an on-premises user to your Lync Online tenant, run the following cmdlets in the Lync Server Management Shell, using the administrator credentials for your Microsoft Office 365 tenant. Replace "[email protected]" with the information for the user
that you want to move.
You can try to move the user from Lync Server on premises to Lync online with the help of the link below “Move users to Lync Online”:
http://technet.microsoft.com/en-us/library/jj204969.aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support

Write performance in Directory Server 5.0

Similar Messages

Maybe you are looking for