• RELEVANCY SCORE 3.65

    DB:3.65:Plans To Support Dsee 6.X On Windows Longhorn Server? df





    Are there plans to test or validate DSEE on Windows Longhorn - especially 64 bit?

    Thanks in advance,
    J Renouard

    DB:3.65:Plans To Support Dsee 6.X On Windows Longhorn Server? df

    Directory Server remains a 32bit application on Windows (at least for the 6.2 and 6.3 releases), but is already tested and supported on Windows 2003 server 64 bit.

    Support for Windows Server 2008 is being considered but no firm plan yet.

    Ludovic.

  • RELEVANCY SCORE 3.49

    DB:3.49:Dsee 6.3 Full Installation On Solaris 10 X86 s8





    Hello,

    I am doing an installation of LDAP - DSEE 6.3 (zip) on a Solaris x86 machine (virtualized on VMWARE server) and please:

    1. a clear procedure how to install and configure DSEE 6.3 (dscc instances etc)
    2. when and how to aplly patch 6.3.1

    Thanks
    Rue

    DB:3.49:Dsee 6.3 Full Installation On Solaris 10 X86 s8

    The "\" in the document is only there to let you know that the command continues on the next line.

    asadmin create-domain --domaindir ${AS_DOMAINS_ROOT} --adminport 3737 \
    --adminuser boss dscc

    The "\" is NOT part of the command. What you did is correct.

    Hope that helps,
    Eric

  • RELEVANCY SCORE 3.27

    DB:3.27:Restart Of Dsee 7 Service Disables Other Windows Service cp





    Hello,

    I am using DSEE 7.0 ZIP Distribution. I have registered the DSEE 7 as an windows service.

    1) Through Windows service manager when i restart the DSEE 7, restart happening correctly.

    2) When i restart my custom c++ services (used in our project), This custom services should stop start other 10 services.
    Custom service is able to stop all 10 services. But it could not able to start the services. All the 10 services are moved to the "Disabled" state.

    3) Through Windows service manager when i again restart the DSEE 7, all the 10 services get started automatically.

    Kindly provide me a solution in order to solve this problem

    Regards,
    Srini

    DB:3.27:Restart Of Dsee 7 Service Disables Other Windows Service cp

    Hello,

    I am using DSEE 7.0 ZIP Distribution. I have registered the DSEE 7 as an windows service.

    1) Through Windows service manager when i restart the DSEE 7, restart happening correctly.

    2) When i restart my custom c++ services (used in our project), This custom services should stop start other 10 services.
    Custom service is able to stop all 10 services. But it could not able to start the services. All the 10 services are moved to the "Disabled" state.

    3) Through Windows service manager when i again restart the DSEE 7, all the 10 services get started automatically.

    Kindly provide me a solution in order to solve this problem

    Regards,
    Srini

  • RELEVANCY SCORE 3.21

    DB:3.21:Need To Install Idsktune Utility ax


    Greetings,

    I've got installed DSEE 6.0 bud I've got no idsktune utility in my system. I'd like to add it, so i ran ./installer, but I don't know which DSEE software component I should install.

    Do you have any idea on how to add idsktune to existing installation?

    Apprecciate your help,
    Marcin

    DB:3.21:Need To Install Idsktune Utility ax

    Greetings,

    I've got installed DSEE 6.0 bud I've got no idsktune utility in my system. I'd like to add it, so i ran ./installer, but I don't know which DSEE software component I should install.

    Do you have any idea on how to add idsktune to existing installation?

    Apprecciate your help,
    Marcin

  • RELEVANCY SCORE 3.18

    DB:3.18:Ssl Replication With Dsee 6.3 f9


    Hello,

    I have two directory server instances on the same host /var/opt/SUNWdsee/{viz1, viz2}, both are using the self signed "Sun Microsystems" certificates and I'd like to configure SSL multi-master replication between them. I have enabled replication and created agreements

    viz:389 - viz:1636
    viz:1389 - viz:636

    When I try to accord the replication agreements, I get the following error

    # dsconf accord-repl-agmt dc=pims,dc=math,dc=ca viz:1636
    Unable to bind on "viz:1636"

    I think this is related to certificate trust as discussed in the release notes [DSEE 6.3 Release notes|http://docs.sun.com/app/docs/doc/820-5817/ds?a=view] with number 6401484, but I don't know how to carry out steps 3,4 or 5 of the proposed workaround.

    Can anyone be a bit more explicit about how to fix this.

    Thanks for your help,
    Ian

    DB:3.18:Ssl Replication With Dsee 6.3 f9

    It's all working now. Thanks.

    I was binding as an LDAP client on the same host and I didn't notice that the idsconfig script was overwriting /etc/nsswitch.conf. Specifically

    hosts: ldap [NOTFOUND=return] files
    ipnodes: ldap [NOTFOUND=return] files

    So the information I had given in hosts and ipnodes was being ignored.

  • RELEVANCY SCORE 3.05

    DB:3.05:Dsee 6.3.1 Identity Sync For Windows Support For Windows 2008? 7x


    Given Windows 2008 is hardly new, and that MS start to scale back our support in July we are planning on upgrading our Windows domain to Server 2008 R2 this year. AFAICS, Id sync still doesn't support it!

    How are we meant to move forward to AD 2008 if Sun don't yet support it? I've opened a case and been told I'm the only person who has asked! (RFE: 6733586)

    Does anyone actually use idsync in production? I'm getting increasingly concerned that we are the only people using it! Running on 6.3.1DS at the moment.

    Assuming Sun don't get their finger out, what are the alternatives for password (and ideally, other attribs) sync? MS ILM an option?

    Darren

    DB:3.05:Dsee 6.3.1 Identity Sync For Windows Support For Windows 2008? 7x

    Ok, I'm getting confused now...

    http://docs.sun.com/source/821-0816/ does indeed seem to support AD 2008 (no mention of 2008 R2 which our windows guys claim is "very different" - any idea if that's ok?).

    Then I read http://docs.sun.com/app/docs/doc/821-0422/aaraq?l=ena=view which says "Identity Synchronization for Windows 6.0 supports Sun Directory Server 7.0, 6.3, 6.2, 6.1, 6.0, and 5.2 Patch 5" - so we could install it on our 6.3.1 install?

    Then, to confuse me even more, http://docs.sun.com/app/docs/prod/sjs.dirsvr.ee63~1224.4#hic suggests that DSEE6 (that we are using) uses IDsync 6 as well.... how is this different?

    Are they all the same thing? I'll be "slightly irritated" if it turns out the advice we got from support was wrong and the version we have been battling with actually supports 2008 after all!

    Cheers,

    Darren - getting increasingly confused!

  • RELEVANCY SCORE 3.02

    DB:3.02:Re: Dsee 6.X Bigadmin Feature Article On Ldap Naming Services ax


    Phil,
    The focus of the article is LDAP as naming service for UNIX clients. The article assumes a successful install which is well documented here: http://docs.sun.com/app/docs/coll/1224.3
    The article uses the native pkgs which implies 'configure now'.
    However, the tar version which implies 'dsee_deploy', could also be used.
    Jonathan

    DB:3.02:Re: Dsee 6.X Bigadmin Feature Article On Ldap Naming Services ax

    Hey Jonathan....

    This is FYI....I noticed that the "add-cert" fails but I use the "import-cert" command with no problems:

    (Note that the "export-cert" call in step 3a in "Setting Up Replication" worked ok)

    server2# dsadm add-cert /opt/ds-ins2 "server1-server-cert" /tmp/server1-cert
    Unable to read certificate from input file: unknown format
    Failed to add the certificate.
    server2# dsadm import-cert /opt/ds-ins2 /tmp/server1-cert
    Enter the PKCS#12 file password:
    A certificate with the same subject (CN=Our Local CA Authority) already exists in the database.
    Do you want to continue [y/n]? y
    server2# I think I was successful because server1's cert shows up in server2's certificates on the DSCC...you agree?

    Any idea why "add-cert" failed but "import-cert" worked?

    Thanks again,
    Phil

  • RELEVANCY SCORE 2.98

    DB:2.98:Dsee 5 To Dsee 6 Migration sd


    I am new to ldap and need to migrate DSEE 5 to DSEE 6. When I tried to import the ldif file from 5 to 6 it bombed out because of missing object classes. What is the preferred method of moving from 5 to 6? Is it an in place upgrade of 5 to 6 then replication to new 6 servers? Or should I extend the schema of the version 6 to match what 5 has?

    If I have to add the custom object classes from 5 to the 6 version, what is the best way to go about that?

    Thanks!

    DB:2.98:Dsee 5 To Dsee 6 Migration sd

    At a minimum you will have to copy over the 99user.ldif. I tried to use the dsmig utility to migrate the schema, but it brough over more than I wanted. Just copy the 99user.ldif, and try again. That should get you going. Hopefully yoi hav already created your directory and your suffix, if you did not do it, you can always use dsmig migrate-config and bring over the suffix(es?), and other configuration parameters (not all of them though, look at the migration guide...)

  • RELEVANCY SCORE 2.95

    DB:2.95:Re: Isw And Windows Server 2008 Support z9


    Next version will be DSEE 7.0 we expect to cover that.

    DB:2.95:Re: Isw And Windows Server 2008 Support z9

    Hi,

    I can not find the files on SunSolve
    Did you direct links?

    I have the same problems that: [http://forums.sun.com/thread.jspa?forumID=761threadID=5182892]
    And no files on: [http://sunsolve.sun.com/search/document.do?assetkey=1-1-6691600-1]
    I have contact the support Sun and no response... help me

    Thany you,

    ROD

    Edited by: rod86 on Jun 9, 2010 1:15 PM

  • RELEVANCY SCORE 2.91

    DB:2.91:How To Change Default English Language To Chinese In Dsee 6.0 k1


    Hi,
    Anybody knows how to change language for DSEE 6.0. I want to change default language to Chinese.

  • RELEVANCY SCORE 2.88

    DB:2.88:Dsccsetup Ads-Create Fails On Windows fa


    Hi,

    Trying to install DSEE.6.3 on a windows server 2003.
    When running dsccsetup ads-create, I get the following error message (after the output 'Creating DSCC registry...):

    rc = 11
    E:/DevTools/DSEE/ds6/bin/dsadm.exe exited with unexpected error code 11
    com.sun.directory.common.slapx.AdmCmdErrorException: E:/DevTools/DSEE/ds6/bin/ds
    adm.exe create -p 3998 -P 3999 --pwd-file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\a
    ds34971.tmp E:/DevTools/DSEE/var/dscc6/dcc/ads
    at com.sun.directory.common.slapx.AdmCmd.run(AdmCmd.java:84)
    at com.sun.directory.common.slapx.AdmCmd.run(AdmCmd.java:51)
    at com.sun.directory.dcc.ads.ADSInstall.createADSInstance(ADSInstall.java:628)
    at com.sun.directory.dcc.ads.ADSInstall.create(ADSInstall.java:249)
    at com.sun.directory.dcc.cli.setup.CmdAdsCreate.performCreate(CmdAdsCreate.java:129)
    at com.sun.directory.dcc.cli.setup.CmdAdsCreate.perform(CmdAdsCreate.java:59)
    at com.sun.directory.clip.ClipSubcommand.execute(ClipSubcommand.java:89)

    at com.sun.directory.clip.FriendlySubcommand.execute(FriendlySubcommand.java:55)
    at com.sun.directory.clip.ClipParser.execute(ClipParser.java:196)
    at com.sun.directory.dcc.cli.setup.SetupMain.main(SetupMain.java:30)
    Sofware installation is probably incomplete or corrupted

    Does anyone know what error code 11 is, and where I can go from here?

    Thanks!
    stefan

    DB:2.88:Dsccsetup Ads-Create Fails On Windows fa

    Hi. Thanks for your reply!

    Found the problem: The password I used was only seven characters long. When I used a eight character password it worked!

    /stefan

  • RELEVANCY SCORE 2.87

    DB:2.87:Dsee With Idm Osso, Force Password Reset zz


    I really appreciate it if someone can clarify why the following fails using Identity Manager 8.1 (Id M), OpenSSO 8.1 (OSSO), and DSEE 6.3.1:

    Administrator resets the test user's password so user has to change it next time user binds to DSEE because the DSEE password policy has pwdMustChange set to true. Note: the internal read-only attribute pwdReset turns true for the test user.

    But now the test user cannot login to OSSO to change the password.

    How can one force the user to change their password using IdM and SSO?

    Thanks.

    Additional comments:
    Setting pwdMustChange to false lets the user login to OSSO but does not force password change after reset.
    I think when integrated with OSSO, Identity Manager attribute expire Password must be mapped to preset because the pass through authentication (PTA) will only check the LDAP. The issue is that if the user cannot login to OSSO, then Id M doesn't have a chance to force user's password to change. This may be an OSSO question so I will ask in #opens so irc.freenode.net as well.
    Thanks.

    h4. DSEE Instance Log:

    conn=690 op=214 msgId=3078 - SRCH base="ou=people,dc=EXAMPLE" scope=2 filter="(uid=test11)" attrs="dn uid"
    conn=690 op=214 msgId=3078 - ENTRY dn="uid=test11,ou=people,dc=EXAMPLE"
    conn=690 op=214 msgId=3078 - RESULT err=0 tag=101 nentries=1 etime=0.001450
    conn=692 op=210 msgId=3079 - BIND dn="uid=test11,ou=people,dc=EXAMPLE" method=128 version=3
    conn=-1 op=-1 msgId=-1 - SRCH base="uid=test11,ou=people,dc=EXAMPLE" scope=0 filter="(|(objectclass=*)(objectclass=ldapsubentry))" attrs=ALL
    conn=-1 op=-1 msgId=-1 - ENTRY dn="uid=test11,ou=people,dc=EXAMPLE"
    conn=-1 op=-1 msgId=-1 - RESULT err=0 tag=101 nentries=1 etime=0.000370
    conn=-1 op=-1 msgId=-1 - SRCH base="cn=EXM Password Policy_test,ou=config,dc=EXAMPLE" scope=0 filter="(|(objectclass=*)(objectclass=ldapsubentry))" attrs=ALL
    conn=-1 op=-1 msgId=-1 - ENTRY dn="cn=EXM Password Policy_test,ou=config,dc=EXAMPLE"
    conn=-1 op=-1 msgId=-1 - RESULT err=0 tag=101 nentries=1 etime=0.000440
    conn=-1 op=-1 msgId=-1 - RESULT err=0 tag=103 nentries=0 etime=0.007260
    conn=692 op=210 msgId=3079 - RESULT err=0 tag=97 nentries=0 etime=0.014970 dn="uid=test11,ou=people,dc=EXAMPLE"
    conn=688 op=1 msgId=116 - ENTRY dn="uid=test11,ou=people,dc=EXAMPLE"
    conn=1220 op=769 msgId=3080 - SRCH base="uid=test11,ou=people,dc=EXAMPLE" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="sunIdentityServerPPInformalName sunIdentityServerPPFacadeGreetSound uid manager sunIdentityServerPPCommonNameMN sunIdentityServerPPLegalIdentityGender preferredLocale iplanet-am-session-get-valid-sessions sunIdentityServerPPFacadegreetmesound iplanet-am-user-password-reset-question-answer telephoneNumber pwdAccountLockedTime employeeNumber iplanet-am-user-success-url iplanet-am-user-admin-start-dn iplanet-am-user-federation-info sunIdentityServerPPDemographicsDisplayLanguage pwdFailureTime pwdLastAuthTime objectClass sunIdentityServerPPLegalIdentityDOB authorityRevocationList sunIdentityServerPPDemographicsLanguage sunIdentityServerPPSignKey sunIdentityServerPPEmploymentIdentityOrg sn iplanet-am-session-max-caching-time iplanet-am-session-quota-limit sunIdentityServerPPEncryPTKey iplanet-am-session-max-session-time pwdMustChange sunIdentityServerPPCommonNamePT sun-fm-saml2-nameid-info sunIdentityServerDiscoEntries iplanet-am-user-login-status sunIdentityServerPPCommonNameCN pwdReset dn nsRole ..."
    conn=1220 op=769 msgId=3080 - ENTRY dn="uid=test11,ou=people,dc=EXAMPLE"
    conn=1220 op=769 msgId=3080 - RESULT err=0 tag=101 nentries=1 etime=0.007060
    conn=1220 op=770 msgId=3081 - SRCH base="uid=test11,ou=people,dc=EXAMPLE" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="iplanet-am-session-max-caching-time iplanet-am-session-max-idle-time iplanet-am-session-quota-limit iplanet-am-session-destroy-sessions iplanet-am-session-max-session-time iplanet-am-session-get-valid-sessions iplanet-am-session-add-session-listener-on-all-sessions iplanet-am-session-service-status"
    conn=1220 op=770 msgId=3081 - ENTRY dn="uid=test11,ou=people,dc=EXAMPLE"
    conn=1220 op=770 msgId=3081 - RESULT err=0 tag=101 nentries=1 etime=0.000780EXM Password Policy simply has pwdMustChange true and a user can change the password

    h4. OpenSSO amAuthentication.error log:
    "2009-09-18 04:58:18" "Login Failed" test11 "Not Available" 192.168.111.111 INFO dc=EXAMPLE "cn=dsameuser,ou=DSAME Users,dc=EXAMPLE" AUTHENTICATION-200 DataStore "Not Available" 192.168.111.111

    Edited by: mak4pi on Sep 18, 2009 6:53 AM

    Edited by: mak4pi on Sep 18, 2009 7:10 AM

    Edited by: mak4pi on Sep 18, 2009 7:13 AM

    Edited by: mak4pi on Sep 18, 2009 7:14 AM

    Edited by: mak4pi on Sep 18, 2009 7:16 AM

    Edited by: mak4pi on Sep 18, 2009 7:16 AM

    DB:2.87:Dsee With Idm Osso, Force Password Reset zz

    Ok, here's how we did achieved this.

    Add /idm/login.jsp and /idm/user/login.jsp to idm agent's not enforced URI
    Create /idm/login_sso.jsp (content is just jsp:include page="/login.jsp" / )
    Create /idm/user/login_sso.jsp (content is just jsp:include page="/login.jsp" / )

    Turn off the pwdMustChange in the DSEE

    Now the first time a user logs into Identity Manager, Identity Manager will ask them to change their passwords.

    Just make sure to change all links to Identity Manager to /idm/login_sso.jsp?nextPage=the_page_you_want.jsp because the user grabs the SSO cookie by going to /idm/login_sso.jsp and /idm/user/login_sso.jsp

    Thanks.

  • RELEVANCY SCORE 2.85

    DB:2.85:Dsee 7.0 + Idsconfig Not Working :-( a3


    Hi All,

    I am trying to configure DSEE 7.0 to work with Solaris 10 clients for authentication. I am at the point of running the idsconfig tool to modify the directory.

    /etc/release gives:
    Solaris 10 10/09 s10s_u8wos_08a SPARC

    I get this message when I run /usr/lib/ldap/idsconfig:
    ERROR: idsconfig only works with JES DS version 5.x and 6.x, not 7.0.

    I have seen this opensolaris webpage noting the exact issue that I'm having:
    [Bug ID 6890468 - idsconfig must support DS 7.x |http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6890468]

    So to get to my question, how do I get the correct idsconfig on my system?

    DB:2.85:Dsee 7.0 + Idsconfig Not Working :-( a3

    If you do a search for 'idsconfig' here: http://sunsolve.sun.com/search/document.do?assetkey=1-21-142436-05-1 you'll see that if you install this patch idsconfig will work properly.

  • RELEVANCY SCORE 2.85

    DB:2.85:Can Dscc 6.3 Manage Nodes On Dsee 7.0? m1


    Hi,

    We have a dscc 6.3 managing a few replicated dsee 6.3 nodes across several datacenter.

    In the process of setting up new nodes, we want to try out dsee 7.0, can the older dscc manage these new nodes on dsee 7.0?

    Best regards

    DB:2.85:Can Dscc 6.3 Manage Nodes On Dsee 7.0? m1

    hi All,
    in order to access the Directory Server Enterprise Edition 7.0 instances using DSCC, I have upgrade DSCC 6 to version 7.0
    and in order to manage the server instances using web-based interface, I have deployed the WAR file, supplied with the Directory Server Enterprise Edition software, with tomcat I use http://hostname:8080/dscc7 to connect to DSCC, The Directory Service Manager Login page displays.everyhing seems great so far.
    I have unregistered the Directory Server instances from DSCC 6 and and upgrade them to 7.0 by by "+dsadm upgrade+" command without any problem afterwords register them with DSCC 7.0 by dsccreg add-server command

    altough the directory server registered with DSCC 7.0 after typing user/pass from The Directory Service Manager Login Page only "+*blank page*+" appears, my question is: how can I see and use the upgraded instances with DSCC 7.0?

    I check it with dsadm info command as well and looks fine

    any help is appreciated, thanks ...

    root@melisa:/opt/SUNWdsee7 ./bin/dsadm info /var/opt/SUNWdsee7/dcc/ads
    Instance Path: /var/opt/SUNWdsee7/dcc/ads
    Owner: noaccess(root)
    Non-secure port: 3998
    Secure port: 3999
    Bit format: 64-bit
    State: Running
    Server PID: 9427
    DSCC url: -
    SMF application name: -
    Instance version: D-A10

    root@melisa:/opt/SUNWdsee7 ./bin/dsccreg add-server -B cn=dirmanager -w pwd -h melisa.sss.turkcell.tgc /opt/Sun/ds631/slapd-melisa
    /opt/Sun/ds631/slapd-melisa is an instance of DS
    Enter password of "cn=dirmanager" for /opt/Sun/ds631/slapd-melisa:
    This operation will restart /opt/Sun/ds631/slapd-melisa.
    Do you want to continue ? (y/n) y
    Starting /opt/Sun/ds631/slapd-melisa
    Connecting to /opt/Sun/ds631/slapd-melisa (using ldap://127.0.0.1:6389)
    Enabling DSCC access to /opt/Sun/ds631/slapd-melisa
    Restarting /opt/Sun/ds631/slapd-melisa
    Registering /opt/Sun/ds631/slapd-melisa in DSCC on melisa.sss.turkcell.tgc.

  • RELEVANCY SCORE 2.85

    DB:2.85:Multple Instances Multiple Ips Same Port fz


    Hello,
    I'm installing DSEE 6.2 and creating multiple instances. What I'd like to do is continue using port 389 for all the instances. I have 5 IP addresses configured on the server, one for each instance I want to create. Is there a dse.ldif configuration that allows me to assign the instance to an IP address? BTW, I'm running Windows 2003. Please don't laugh at me, I had no choice in the matter.

    DB:2.85:Multple Instances Multiple Ips Same Port fz

    Hi.

    You can use dsconf set-server-prop to change the listen address of each DS (listen-address and secure-listen-address properties)

    Regards,
    Carole.

  • RELEVANCY SCORE 2.83

    DB:2.83:Sun Dsee 7.0 And Red Hat Entreprise Linux 5 U4 (X64) 1z


    Hello Experts,

    Does Red Hat Enterprise Linux 5.4 (x64) is a supported OS version for DSEE 7.0? Does anyone try to install DSEE 7.0 on Red hat 5.4 with success?

    Thanks,

    DB:2.83:Sun Dsee 7.0 And Red Hat Entreprise Linux 5 U4 (X64) 1z

    Please read 7.0 release notes...

    http://docs.sun.com/app/docs/doc/820-4805/software?a=view

  • RELEVANCY SCORE 2.83

    DB:2.83:Dsee 6.3 Installation Questions/Problems j9


    1) The DSEE 6.3 installation guide explains that to install DSEE 6.3, one has to install DSEE 6.2, then upgrade the shared components and then install the DSEE 6.3 patch. It looks crazy not to be able to install 6.3 from scratch.

    And I don't understand why there's a 6.3 full native installation available for download, as well as a patch install ?

    2)
    Anyway, I tried to install DSEE 6.3 from scratch with the native packages full distribution on RHAS 4U6, and
    get an error: the installation was successful even if the sun-ldap-console-gui rpm failed to install, accordign to the installation logs.
    I have had to manually edit the /etc/opt/webconsole/console/config.properties and correctly set the java_home java_help variables, then remove the package and install it again . (these variables were set to unexisting directories)
    Known bug ?

    3)
    When the /tmp filesystem is mounted with the -noexec flag (it's not my choice but my customer's one), the DSEE 6.3 installer script fails as it tries to execute some scripts from /tmp. RFE ?

    4)
    The 1st time I ran the installer, I only installed the directory packages. Then, I ran the installer again to install DPS. The installation was successful, without any error but I noticed it replaced my /etc/opt/webconsole/console/config.properties file with the default one, which caused problems later.
    For example, it prevented the Web Console from starting.
    Known bug too ?

    DB:2.83:Dsee 6.3 Installation Questions/Problems j9

    Thanks for the info. I forgot to mention that server that I used is SUN V490. I did create it from the global zone. OS is Solaris 10 5/8.

  • RELEVANCY SCORE 2.80

    DB:2.80:Installing Dsee 7 On Windows 2008 R2 Sp1 64-Bit Does Nothing pa


    Hi All,

    Has anyone been able to install DSEE 7 on Windows 2008 R2 SP1 64-bit? Is it supported?

    I followed the instructions and when run the command (as the Administrator) below nothing happen, it simply return an empty command prompt. Ms VC 2008 Redistributables (the one that come with the archive) is installed.

    dsccsetup.exe war-file-create

    dsccsetp.exe ads-create

    When run the same command using the same archive on Windows 7 64-bit it does prompt for further input or report error.

    Any suggestions or help would be much appreciated.

    Shane L

    DB:2.80:Installing Dsee 7 On Windows 2008 R2 Sp1 64-Bit Does Nothing pa

    Windows 2008 R2 is not listed as a supported OS in the release notes.
    http://docs.oracle.com/cd/E19424-01/820-4805/820-4805.pdf

    It lists:
    Microsoft Windows Server 2008 Standard Edition for x86 and x64 Service Pack 1
    Microsoft Windows Server 2008 Enterprise Edition for x86 and x64 Service Pack 1

    If you are able to go to the next version, it is listed as supported in the release notes for ODSEE 11g:
    http://www.oracle.com/technetwork/middleware/downloads/odsee-11gr1certmatrix-161592.xls

    I have not tried 11g on 2008 R2 myself, but if it is in the certification matrix, it should work.

    Hope that helps,
    Eric

  • RELEVANCY SCORE 2.79

    DB:2.79:Dsml On Dsee Proxy 6.3.1 p9


    Does anyone know how to enable DSML communications to the Proxy server? I see how to enable it to the LDAP server, but could not find any documentation or server setting to enable it on the Proxy server.

    DB:2.79:Dsml On Dsee Proxy 6.3.1 p9

    Actually you can't - DPS is a pure LDAP proxy.

  • RELEVANCY SCORE 2.77

    DB:2.77:Using The T-Series Cryptographic Accelerator? cx


    Can someone point me to a document on configuring the DSEE 6.3 proxy server to use the hardware crypto accelerator on the T-series servers. I have my proxies installed on T-5120's and would like to take advantage of the hardware acceleration. I had a document at one time on how to do this but I can't seem to find it.

    Thanks,

    Matt

    DB:2.77:Using The T-Series Cryptographic Accelerator? cx

    Finally figured out that the DSCC only sees the original keystore. Even though you are using the Cryptographic Accelerator the DSCC can't see it's keystore. This was actually working and I didn't know it.

  • RELEVANCY SCORE 2.77

    DB:2.77:Run Dsee 6.3.1.1.1 On Solaris 11 p9


    Hello,I know that Solaris 11 is not a supported platform for the DSEE 6.3.x releases, but I've been stubbornly trying to get it working anyway. What's interesting is that DSEE 6.3 works, and DSEE 6.3.1 works, but when I patch 6.3.1 to 6.3.1.1.1, suddenly cacaoadm doesn't work anymore. I'm using the zip releases, and the final lines of output from the dsee_deploy command for the 6.3.1.1.1 patch are as follows:Configuring Cacao at /opt/SUNWdsee/dsee6/cacao_2Setting Cacao parameter jdmk-home with saved value [/opt/SUNWdsee/dsee6/private]Failed setting jdmk-home with value [/opt/SUNWdsee/dsee6/private]Setting Cacao parameter java-home with saved value [/opt/SUNWdsee/jre]Failed setting java-home with value [/opt/SUNWdsee/jre]Setting Cacao parameter nss-lib-home with saved value [/opt/SUNWdsee/dsee6/private/lib]Failed setting nss-lib-home with value [/opt/SUNWdsee/dsee6/private/lib]Setting Cacao parameter nss-tools-home with saved value [/opt/SUNWdsee/dsee6/bin]Failed setting nss-tools-home with value [/opt/SUNWdsee/dsee6/bin]Setting Cacao parameter jmxmp-connector-port with saved value [11162]Failed setting jmxmp-connector-port with value [11162]Setting Cacao parameter network-bind-address with saved value [0.0.0.0]Failed setting network-bind-address with value [0.0.0.0]Error: cannot register into cacao frameworkCannot register sysidconfig script.Cannot perform firstime initialisation and configuration.The last two lines -- "Cannot register sysidconfig script" and "Cannot perform firstime initialisation and configuration" -- are the only output I can get from cacaoadm after updating to 6.3.1.1.1 no matter what I try. Under 6.3 and 6.3.1, cacaoadm works fine. Any ideas would be greatly appreciated.The reason for all of this is that we have an aging Sun server running DSEE 6.3.1 on Solaris 10, which I'm looking to replace. We have a T4-1 running Solaris 11 which has a lot of unused resources available on it, and I would like to set up a zone on it to be the new LDAP server. I tried ODSEE 11.1.1.7.0, and that installed just fine, but it doesn't work with our existing DSCC 6 server, which apparently can't interact with DSEE servers unless they're using cacao. Before I go down the path of setting up DSCC 7 and incurring sporadic downtime for the restarts of the instances on all of our LDAP servers, I thought I'd try one last time to get 6.3.1.1.1 working. If we're staying with the 6.3 family, we need 6.3.1.1.1 for it's support of 2048-bit SSL certificates.Sheesh! Nothing's ever simple. :-)

    DB:2.77:Run Dsee 6.3.1.1.1 On Solaris 11 p9

    Thanks, nychawk. The removal of cacao support is the reason why DSEE 11.1.1.7.0 doesn't work with DSCC 6, but I'm still stumped as to why cacaoadm works under 6.3.1 but is broken under 6.3.1.1.1. Any ideas?

  • RELEVANCY SCORE 2.76

    DB:2.76:Sun Directory Server Support 3j


    What is the maximum number of users supported by a single instance Sun Directory server 5.2 or DSEE 6 .

    DB:2.76:Sun Directory Server Support 3j

    The limits of a single instance depend a lot more on how it is used (and the hardware from which it runs), than how many user/account entries are stored in it.
    You can have millions of users in a single instance, and still be quite comfortable if they all use the directory lightly.

  • RELEVANCY SCORE 2.76

    DB:2.76:Ida Configuration 73


    Dear All,

    Would anyone guide me to how configure IDA?
    I am using schema 2 on DSEE 6.2
    after i installed and configured IDA i couldnt log wiht the amadmin credentials?

    Does anyone know why?
    Moreover, how can i set ACI for schema 2 that is found in this doc?
    http://docs.sun.com/app/docs/doc/819-4438/acfdk?a=view

    Thanks,
    Scotty

    DB:2.76:Ida Configuration 73

    Dear All,

    Would anyone guide me to how configure IDA?
    I am using schema 2 on DSEE 6.2
    after i installed and configured IDA i couldnt log wiht the amadmin credentials?

    Does anyone know why?
    Moreover, how can i set ACI for schema 2 that is found in this doc?
    http://docs.sun.com/app/docs/doc/819-4438/acfdk?a=view

    Thanks,
    Scotty

  • RELEVANCY SCORE 2.76

    DB:2.76:2nd Try: Targetscope Keyword Not Working As Expected d9


    I've noticed the following bug with DSEE 6.3.1 B2008.1121.0155 on Linux. It seems like it had already been noticed
    by someone else (see http://forums.sun.com/thread.jspa?forumID=761threadID=5233763) but I didn't see any
    evidence of solution. Also, it had been identified as a bug (http://sunsolve.sun.com/search/document.do?assetkey=1-1-6737235-1)
    with DSEE 6.2 and planed to be fixed with the next 6.x release (thus 6.3 at least).
    Also, I've checked the problem doesn't occur with OpenDS 2.2 RC3.
    So:

    has it been fixed in DSEE 7 only ?
    is there some hotfix available for DSEE 6.3.1 ?

    The bug could be summarized as follows: targetscope keyword not working as expected

    I've the following very simple tree:

    dn: dc=domain
    objectClass: top
    objectClass: domain
    dc: domain
    description: test
    aci: (targetattr != "aci") (targetscope = "base") (version 3.0; aci "Enable r
    ead access to root dn for anonymous users"; allow(read,search,compare) user
    dn="ldap:///anyone"; )

    dn: ou=services,dc=domain
    objectClass: top
    objectClass: organizationalUnit
    ou: services

    dn: ou=special users,dc=domain
    objectClass: top
    objectClass: organizationalUnit
    ou: special users

    dn: cn=user,ou=special users,dc=domain
    objectClass: top
    objectClass: person
    cn: nomade
    sn: nomade
    userPassword: {SSHA}wbIcMS/P235wPPSy2vnhgyHhlDAPAzUxcBfgfg==

    With such a single ACI, I expect anonymous subtree searches to only see the root DN entry, without
    the ACI attribute, but I can actually see the whole subtree as well as user passwords (!!):

    ldapsearch -b "dc=domain" -p 3389 objectclass=top
    version: 1
    dn: dc=domain
    objectClass: top
    objectClass: domain
    dc: domain
    description: test

    dn: ou=services,dc=domain
    objectClass: top
    objectClass: organizationalUnit
    ou: services

    dn: ou=special users,dc=domain
    objectClass: top
    objectClass: organizationalUnit
    ou: special users

    dn: cn=user,ou=special users,domain
    objectClass: top
    objectClass: person
    cn: nomade
    cn: user
    sn: nomade
    userPassword: {SSHA}wbIcMS/P235wPPSy2vnhgyHhlDAPAzUxcBfgfg==

    Is it an known bug ?

    DB:2.76:2nd Try: Targetscope Keyword Not Working As Expected d9

    I've noticed the following bug with DSEE 6.3.1 B2008.1121.0155 on Linux. It seems like it had already been noticed
    by someone else (see http://forums.sun.com/thread.jspa?forumID=761threadID=5233763) but I didn't see any
    evidence of solution. Also, it had been identified as a bug (http://sunsolve.sun.com/search/document.do?assetkey=1-1-6737235-1)
    with DSEE 6.2 and planed to be fixed with the next 6.x release (thus 6.3 at least).
    Also, I've checked the problem doesn't occur with OpenDS 2.2 RC3.
    So:

    has it been fixed in DSEE 7 only ?
    is there some hotfix available for DSEE 6.3.1 ?

    The bug could be summarized as follows: targetscope keyword not working as expected

    I've the following very simple tree:

    dn: dc=domain
    objectClass: top
    objectClass: domain
    dc: domain
    description: test
    aci: (targetattr != "aci") (targetscope = "base") (version 3.0; aci "Enable r
    ead access to root dn for anonymous users"; allow(read,search,compare) user
    dn="ldap:///anyone"; )

    dn: ou=services,dc=domain
    objectClass: top
    objectClass: organizationalUnit
    ou: services

    dn: ou=special users,dc=domain
    objectClass: top
    objectClass: organizationalUnit
    ou: special users

    dn: cn=user,ou=special users,dc=domain
    objectClass: top
    objectClass: person
    cn: nomade
    sn: nomade
    userPassword: {SSHA}wbIcMS/P235wPPSy2vnhgyHhlDAPAzUxcBfgfg==

    With such a single ACI, I expect anonymous subtree searches to only see the root DN entry, without
    the ACI attribute, but I can actually see the whole subtree as well as user passwords (!!):

    ldapsearch -b "dc=domain" -p 3389 objectclass=top
    version: 1
    dn: dc=domain
    objectClass: top
    objectClass: domain
    dc: domain
    description: test

    dn: ou=services,dc=domain
    objectClass: top
    objectClass: organizationalUnit
    ou: services

    dn: ou=special users,dc=domain
    objectClass: top
    objectClass: organizationalUnit
    ou: special users

    dn: cn=user,ou=special users,domain
    objectClass: top
    objectClass: person
    cn: nomade
    cn: user
    sn: nomade
    userPassword: {SSHA}wbIcMS/P235wPPSy2vnhgyHhlDAPAzUxcBfgfg==

    Is it an known bug ?

  • RELEVANCY SCORE 2.75

    DB:2.75:Can A Dsee 5 Repicate To Dsee 6 79


    Can I replicate from a master DSEE 5.2 to a DSEE 6 server? Is this possible? Thanks

  • RELEVANCY SCORE 2.75

    DB:2.75:Can There Be Multiple Cn=Directory Manager Type Credentials In Dsee 6.X? 98


    I would like to know how to create/configure multiple "cn=directory manager" accounts in DSEE 6.x directory instances. I thought that I had read that this was a new feature in the DSEE 6.x product but have not been able to find how to accomplish this.

    Thankyou in advance

    DB:2.75:Can There Be Multiple Cn=Directory Manager Type Credentials In Dsee 6.X? 98

    SaviorToday2:
    The two step authentication in DSCC is by design. The username used when logging on is within the DSCC registry and not related to the host OS. This is enough to perform any action over the wire (using ldap). The host based username-password is required when making changes on the filesystem (restart, etc). If you are not keen to handover root access to the DS admins, it is possible to install DSEE as a non-root user using the ZIP install distribution. All instances can be running as a non-root user whose auth details you can hand over to the DS admins.

    keesor:
    This feature regarding multiple directory managers will most probably NOT make it into DSEE 7.0. If I find out otherwise, I will post it here.

  • RELEVANCY SCORE 2.75

    DB:2.75:Dsee 6.2 Backup Strategy ?S zk


    We are using encrypted attributes, and running on Windows 2003. Going through the backup requirements we need to recover our certs, and the data. And perhaps partial data (recovering from a bad process). So we need to backup the changelog or retro changelog and of course the configuration files.
    If we do a freeze and file copy or disk snapshot, along with a an export, will we be able to recover everything? And how?

  • RELEVANCY SCORE 2.74

    DB:2.74:Configuring High Availablity js


    Hi,

    I am quite new to Sun DSEE and I need to achieve High Availability for my LDAP Server. After reading this artcle:
    [Using Replication and Redundancy for High Availability|http://download.oracle.com/docs/cd/E19693-01/819-0992/gaxtb/index.html]

    I am trying to achieve something similar to the section "Using Multiple Directory Proxy Servers" in the above article. However, instead of having 4 masters, I will only have 2 masters. And, each master also act as the directory proxy server running on another port. Is this solution feasible? If yes, can any one provide me with any guides on how to achieve this? Cos the online guides have been very messy since SUN is brought over by Oracle. I can't really find guides or online sources on how to configure this.

    Many thanks : )

    DB:2.74:Configuring High Availablity js

    Hi,
    the documentation you're referring to is for the 'old' 6.0... if you're starting with a new deployment, I strongly suggest you to use a more recent release (11gR1 as of today); the documentation center for this release, is available here:

    http://download.oracle.com/docs/cd/E19656-01/

    further details about designing an highly available Directory Service could be found in the 'Deployment Planning Guide':

    http://download.oracle.com/docs/cd/E19656-01/821-1502/index.html

    refer to Part III/chapter 12.

    Regarding the other question about the deployment... the only correct answer is: it depends.

    The number of DS/DPS instances and where to locate it, how distribute the data, etc... are not a easy questions to answer, neither there exists an universal formula because different needs require different solutions. That said, I think that the following general considerations may still hold true in many of the cases:

    - Increasing the number of DS elements in your deployment will increase the availability of the data at cost of replication overhead
    - Having multiple instances of DS/DPS on a same physical machine may provide architectural isolation of the components, but doesn't guarantee in case of machine failure

    HTH,
    marco

  • RELEVANCY SCORE 2.73

    DB:2.73:Install Steps For Dsee 6.2 On Windows 2003 m7


    Hi,

    I am trying to install 6.2 directory server on windows 2003 server i have tried few things but they did not work can some one list steps to installl 6.2 on 2003 server probably this is most dumbest questions but hey this is my first install so please ..

    Vj

    DB:2.73:Install Steps For Dsee 6.2 On Windows 2003 m7

    Not dumb at all. Looking at the software and associated documentation it is obvious that this was never designed to be run on a Windows based server. I have been able to get the DSEE 6.2 running on a stand alone Win2K3 SP2 Std. Ed. server, but am still having issues on a network SP2 R2 Std. Ed server. Here is how I have been installing it:

    1) Create a local admin account
    2) Sign on with local account
    3) Install Active Perl 5
    4) Run Dsee_deployee install - sun install path
    5) Install Tomcat 5.5, point JRE path to: sun install path\jre
    6) From a cmd line run: sun install path\dscc6\bin\dsccsetup ads-create Choose Dir Mgr and DSCC admin password
    7) Deploy DSCC instance in Tomcat by running from a cmd line: unzip sun install path\var\dscc6\dscc.war -d catalina_base\webapps\dscc NOTE: unzip.exe is found in the zip install folder
    8) At this point DSCC should be installed in Tomcat. Test by browsing to: http://svr name:8080/dscc

    Best of luck. If you have any luck at getting it to work on a server in a domain, please let me know.

  • RELEVANCY SCORE 2.72

    DB:2.72:Problem Creating Jdbc Dataview To Oracle On Windows zm


    Hi,

    I'm trying to configure a JDBC dataview to an Oracle 10g database on DSEE 6.3.1 running Windows 2008

    Here are the command I used:

    dpconf create-jdbc-data-source -b MYDBSID -B jdbc:oracle:thin://dbhost:1510: \
    -J file://e:\dsee\ojdbc14.jar \
    -S oracle.jdbc.driver.OracleDriver mydb

    echo "password" e:\dsee\instances\mydb.pwd

    dpconf set-jdbc-data-source-prop mydb db-user:myuser \
    db-pwd-file:e:\dsee\instances\mydb.pwd \
    is-enabled:true is-read-only:true \

    dpconf create-jdbc-data-source-pool mypool
    dpconf attach-jdbc-data-source mypool mydbAnd when trying to create the view with this command:

    dpconf create-jdbc-data-view myview mypool o=example.comHere is what I get:

    [LDAP: error code 1 - Unable to apply configuration changes: Exception catched while initializing
    JDBC driver oracle.jdbc.driver.OracleDriver in configuration entry cn=mydb,cn=data sources,cn=config --
    java.lang.ClassNotFoundException: oracle.jdbc.driver.OracleDriver. Check that [Ljava.lang.String;@100
    bac2 is a valid URL to a jar file containing class oracle.jdbc.driver.OracleDriver]".
    {code}

    I guess that it doesn't find the jdbc driver for Oracle but the file is there in e:\dsee\ojdbc14.jar
    I tried to copy it to e:\dsee\dps6\lib but it doesn't work better.

    Any idea ?

    Frederic.

    DB:2.72:Problem Creating Jdbc Dataview To Oracle On Windows zm

    I found the solution by adapting the path to the jdbc jar file:

    dpconf set-jdbc-data-source-prop ehldb driver-url:file:///e:/dsee/ojdbc14.jarAdding a third slash after file: and using backslashes instead of slashes solved my problem.

    Frederic.

  • RELEVANCY SCORE 2.72

    DB:2.72:Uncompressing Windows Dsee 6.3 9d


    any else having a problem uncompressing the 6.3 full zip version of the software?

    DB:2.72:Uncompressing Windows Dsee 6.3 9d

    We have resolved this issue and the Windows full download now works properly.

    Kevin

  • RELEVANCY SCORE 2.71

    DB:2.71:Is Isw Compatible With Windows 2012? cm


    Hello,We have:Sun DSEE 5.2 patch 6; ISW 6.0Sp1. Both installed on Windows server 2003 Enterprise edition.We also have AD running on windows server 2008 R2 Enterprise Edition 64bits SP1.We are thinking about upgrading the AD to Windows 2012 standard edition 64bits. Is there any incompatibility with this version of OS?. Thank you,

    DB:2.71:Is Isw Compatible With Windows 2012? cm

    Hi,Windows 2012 is currently not supported. See certification matrix at http://www.oracle.com/technetwork/middleware/downloads/odsee-11gr1certmatrix-161592.xlsin ISW certification tab.-Sylvain

  • RELEVANCY SCORE 2.70

    DB:2.70:Replication Guidelines 91


    Hi,We've seven OUD Instances and two DSEE 7.0 masters running on standalone mode. Our plan is to enable replication within the OUD Instances, and integrate DSEE 7.0. Do we've any standard guidelines on setting up replication? I appreciate if any one could suggest replication topology for the above. ( FYI - our plan is to drop dsee instances in near future. )Thanks.

  • RELEVANCY SCORE 2.69

    DB:2.69:Does Sun Support Dscc (Dsee 6.3) When Running Under Tomcat 6? cx


    Does Sun support dscc (dsee 6.3) when running under tomcat 6? I see that tomcat 5.5 is supported.

    Many thanks,

    Rob Chevalier

    DB:2.69:Does Sun Support Dscc (Dsee 6.3) When Running Under Tomcat 6? cx

    Rob,

    6.3 is not validated with Tomcat 6. Our intend is to do so with the next update for DSEE that should come later this year.

    Etienne

  • RELEVANCY SCORE 2.67

    DB:2.67:Isw 6.0 Installation And Configuration Using Commnad Line x1


    Hi All,

    I am using DSEE 7.0 for the DS instance. Now i want to install ISW 6.0 with Synchronize DS instance and Windows AD instance. I havew following problem. can you please help me to reolve following issue.

    1. I want to install and configure ISW using command lines (not GUI). Note that configuring the different component using command line.. Please provide me the steps....
    2. In ISW installer folder conatin "silent.inf.template". How can i modify this file so while installation not ask any quetions. All the parameter will pick from .inf file. Is any sample available for the same?
    3. while installation MQ , we can give the statefile. Now how can i create the statefile for MQ installation.Is any sample available for the same?

    Thanks in advance

    DB:2.67:Isw 6.0 Installation And Configuration Using Commnad Line x1

    There is no way to use a silent install mode either to install or configure ISW. You have to install ISW using the provided installer and configure it with the ISW console (you can use -nodisplay option of the installer (except on Windows platform) if you don't want the graphical installer, but you still have t o interact with the text mode installer).

    regards

    Pat

  • RELEVANCY SCORE 2.67

    DB:2.67:Re: Dsee 7 Online Backup Without Password 7m


    I haven't installed DSEE 7 yet, but on my DSEE 6 instances, I back them up via a cron job and supply the password with the -w /path/to/bind_pw dsconf option. It looks something like this:

    # Backup the directory database
    $EXEC_DIR/dsconf backup -w $DS_LOCATION/etc/bind_pw $BACKUP_LOCATIONFor more information on all the commands, you can run the following command:
    dsconf --help

    DB:2.67:Re: Dsee 7 Online Backup Without Password 7m

    Hi Giannis,

    and here are the additional acis that you need to enable the backupuser for ldif exports:

    dn:
    changetype: modify
    add: aci
    aci: (targetattr = "*") (target = "ldap:///cn=export,cn=tasks,cn=config") (version 3.0; acl "Allow rsca access for user backupuser on cn=export,cn=tasks,cn=config"; allow(read,search,compare,add) userdn = "ldap:///cn=backupuser,cn=config"; )
    aci: (targetattr = "*") (target = "ldap:///cn=mapping tree,cn=config") (version 3.0; acl "Allow rsc access for user backupuser on cn=mapping tree,cn=config"; allow(read,search,compare) userdn="ldap:///cn=backupuser,cn=config"; )
    aci: (targetattr = "*") (target = "ldap:///cn=ldbm database,cn=plugins,cn=config") (version 3.0; acl "Allow rsc access for user backupuser on cn=ldbm database,cn=plugins,cn=config"; allow(read,search,compare) userdn="ldap:///cn=backupuser,cn=config"; )Cheers,
    Jakob

  • RELEVANCY SCORE 2.66

    DB:2.66:Unix Login Againt Dsee zx


    Hello there,

    Can you guys tell me any good docs available to setup unix login against DSEE7.0? We have to configure Solaris/Linux/AIX servers users to authenticate against DSEE.
    I also would like to know what is needed on the Unix servers (how to setup) to authenticate against DS.

    Thanks!

    DB:2.66:Unix Login Againt Dsee zx

    Check out this article on the 389 Directory (a/k/a Red Hat Directory, acquired from Netscape by Red Hat and closely related to the Sun/Oracle DSEE) wiki, http://directory.fedoraproject.org/wiki/Howto:PAM. It covers configuring the PAM (Pluggable Authentication Module) subsystem on Red Hat/Linux and Solaris clients for LDAP authentication.

    Edited by: PhilL on Jun 2, 2011 3:30 PM

  • RELEVANCY SCORE 2.66

    DB:2.66:Quantity Of Static Group Members ms


    Ill be migrating from 5.2 to DSEE 6.x soon. One aspect of the environment is that there is a very large number of static groups with some having upwards of 50000 members in a group. I'd like to know the limitations of static groups in 5.2 and DSEE 6.3 environments.

    1.Recommended maximum number of static groups
    2.Recommended maximum number of entries within a static group
    3.Provide actual performance data for reading from and writing to various size groups/entries that supports the answers to the above two recommendations
    4.Best practices used for managing large number of groups.

    Your comments are appreciated

    DB:2.66:Quantity Of Static Group Members ms

    Group management has been vastly improved in the 6 series and therefore, if you have it on 5.2, it will perform better on 6.
    There is one slight problem if you have a need for the retro change log but Sun has a hot fix for that.
    If you don't need RCL then you will see improvements.

  • RELEVANCY SCORE 2.65

    DB:2.65:Dsee Version Of Opends's "Idle-Lockout-Interval" 1j


    Is there a plugin for DSEE 6.3.1 to lock any account that has been idle for a time interval?

    Looking at Neil Wilson's wiki entry from 2007, there is no way in DSEE 6, but there is a way in OpenDS: https://www.opends.org/wiki/page/PasswordPolicy

    The way to do this in OpenDS is the idle-lockout-interval: http://wikis.sun.com/display/SunOpenDSSEdocs/Managing+Password+Policies

    In 6.1, 6.2, 6.3, and 6.3.1 there are no mentions of addition of any functionality similar to OpenDS's idle-lockout-interval.

    Is there a better way to lock idle accounts other than running a custom script to check for user's pwdlastauthtime and running ns-inactivate on the accounts with (current time - pwdlastauthtime)time interval?

    Anyone know if DSEE 7 will have this feature?

    Thanks in advance.

    --------------------

    Having chatted with ludovicp in #opends, although sun professional services may offer this plugin, it is not available out-of-the-box.

    Edited by: mak4pi on Sep 18, 2009 5:50 AM

    Edited by: mak4pi on Sep 18, 2009 6:54 AM

    DB:2.65:Dsee Version Of Opends's "Idle-Lockout-Interval" 1j

    Is there a plugin for DSEE 6.3.1 to lock any account that has been idle for a time interval?

    Looking at Neil Wilson's wiki entry from 2007, there is no way in DSEE 6, but there is a way in OpenDS: https://www.opends.org/wiki/page/PasswordPolicy

    The way to do this in OpenDS is the idle-lockout-interval: http://wikis.sun.com/display/SunOpenDSSEdocs/Managing+Password+Policies

    In 6.1, 6.2, 6.3, and 6.3.1 there are no mentions of addition of any functionality similar to OpenDS's idle-lockout-interval.

    Is there a better way to lock idle accounts other than running a custom script to check for user's pwdlastauthtime and running ns-inactivate on the accounts with (current time - pwdlastauthtime)time interval?

    Anyone know if DSEE 7 will have this feature?

    Thanks in advance.

    --------------------

    Having chatted with ludovicp in #opends, although sun professional services may offer this plugin, it is not available out-of-the-box.

    Edited by: mak4pi on Sep 18, 2009 5:50 AM

    Edited by: mak4pi on Sep 18, 2009 6:54 AM

  • RELEVANCY SCORE 2.63

    DB:2.63:Installation Steps Of Directory Server 6.3 In Windows 2003 d7


    Hi All,
    I am completely new to SunOne Directory Server.

    Can anyone please tell me how to install "*Directory Server 6.3*" in Windows 2003.
    Have downloaded the file from sun's site named "*DSEE.6.3.Windows-X86-full*".

    Thanks.

    Edited by: kirti_603 on Sep 1, 2008 7:40 AM

    DB:2.63:Installation Steps Of Directory Server 6.3 In Windows 2003 d7

    Hi.

    The issue is probably due to the fact that start TLS is not enabled on Windows.

    Extract from the Release Notes:

    On Windows systems, Directory Server does not allow Start TLS by default.

    This issue affects server instances on Windows systems only. This issue is due to performance on Windows systems when Start TLS is used.

    To work around this issue, consider using the -P option with the dsconf command to connect using the SSL port directly. Alternatively, if your network connection is already secured, consider using the -e option with the dsconf command. The option lets you connect to the standard port without requesting a secure connection.So try
    dsconf create-suffix -h localhost -e -p 1389 dc=example1,dc=comor
    dsconf create-suffix -h localhost -P 1636 dc=example1,dc=comRegards,
    Carole

  • RELEVANCY SCORE 2.63

    DB:2.63:Odsee 11g Vs Dsee 6.3.1 Classes xa


    We are running Sun DSEE 6.3.1. I am a new admin and looking for classes on it. I was wondering if anyone knows if the ODSEE 11G courses will be helpful in this area or if too much has changed? I'm having trouble finding classroom courses for DSEE 6.3.1. We'll likely be upgrading to ODSEE anyways down the line.

    DB:2.63:Odsee 11g Vs Dsee 6.3.1 Classes xa

    user13471064 wrote:
    We are running Sun DSEE 6.3.1. I am a new admin and looking for classes on it. I was wondering if anyone knows if the ODSEE 11G courses will be helpful in this area or if too much has changed? I'm having trouble finding classroom courses for DSEE 6.3.1. We'll likely be upgrading to ODSEE anyways down the line.??? http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getSchedPage?page_id=4dc=D69253GC11

    Or try starting at:

    http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=402p_nl=ORMM

    to

    http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getSearchResults?p_search_keyword=Directory%20Serverp_fuzzy_match=Np_output_style=Pp_header_yn=Np_search_category_id=p_delivery_language=US

    .... You may wel have been to these pages already. Its worth checking the course contents for the v6 and 11g and comparing yourself ....

    Otherwise try contacting Oracle University for help.

    You may have done these things already.

  • RELEVANCY SCORE 2.62

    DB:2.62:What All Needs To Be Started At System Reboot For Dsee To Work? 8z


    Hey Guys

    Can anyone confirm these are the steps needed to be taken so that after a server reboot, ODSEE and DSCC startup automatically and properly?

    For ODSEE 11g on Solaris

    1) cacaoadm (for the DSCC to contact the server) -- either by running "cacaoadm enable" to start it at system startup (set and forget?) OR putting a script in /etc/init.d/ to run "cacaoadm start" -- (looks like I have to put cacaoadm start in the /etc/init.d/ to startup?)

    2) dsadm start instancepath -- putting this in /etc/init.d/ to start up after server reboot

    3) Need to enable service -- dsadm enable-service -T SMF INSTANCENAME for autostart of the instance?

    For DSCC on Linux

    1) dsadm start DSEEPATH/var/dcc/ads/ -- put this in /etc/init.d to start DSCC registery

    Am I missing something for ODSEE or DSCC??

    Edited by: user13488351 on Feb 2, 2012 5:59 PM

    Edited by: user13488351 on Feb 2, 2012 6:39 PM

    Edited by: user13488351 on Feb 2, 2012 6:43 PM

    Edited by: user13488351 on Feb 2, 2012 6:45 PM

    DB:2.62:What All Needs To Be Started At System Reboot For Dsee To Work? 8z

    Hi.

    For DSEE on Solaris, step 2 is not needed if you do for step 3. Note that step 3 is the recommended way to do it

    For DSCC Linux, your proposal looks fine.

    Regards,
    Carole.

  • RELEVANCY SCORE 2.62

    DB:2.62:Idsyncwin Does Not Invalidate Old Passwords ps


    I am using Identity Synchronization for Windows (part of DSEE 11g) to replicate MSAD accounts into an organization maintained in DSEE, one-way. This works acceptably, except for one nit, which may be a problem to complete the POC demonstration: a change of user password in MSAD does not propagate into DSEE reliably.To be more specific, when the password is changed in Active Directory, ISW does detect the change and sets dspswvalidate:true as is expected. If the DSEE user logs in with the new MSAD password, this password is validated against MSAD, succeeds, and is saved into DSEE. Likewise, login with a random password fails as expected.However, if the user logs in with his old DSEE password, the validation against MSAD is logged as successful (which is apparently wrong), but the old DSEE password remains in place. The dspswvalidate flag is cleared and the user no longer has a chance to log in with a Windows password - the old DSEE password remains in place.I see that when provisioning new users, ISW can place an invalid string into userpassword attribute... can it do the same when it detects changes in the upstream MSAD data, so the user has no possibility to log in with an obsolete password?Since the ISW is a bit of esoteric and old product with little change from DS5.x times (though works fine with current DSEE and MSAD), possibly a solution would be to make some plugin for DSEE that would detect changes to the dspswvalidate flag and invalidate a password?.. Any ideas how to do this, if all else fails?Thanks in advance,//Jim Klimov

    DB:2.62:Idsyncwin Does Not Invalidate Old Passwords ps

    So... status update: the problem has been traced to MSAD - the domain controllers trust both the user's new password and the previous password for 5 minutes, which leads to DSEE testing the old passwords if the clients request it to (i.e. regular mail checks), trusting them and saving them for posterity (and removing the flag to verify passwords via MSAD).The Windows team was not able to remove this behaviour from domain controllers. It is also probably infeasible to change their password-changing procedure to change it twice (so as to forget the previous password completely), or to instantly (programmatically?) log in to DSEE via convergence or ldapsearch or whatever with the new password, or to manually change the email password as well - especially when end-users can change their domain passwords too.So the problem remains: old passwords are verifiable via MSAD and thus trusted by DSEE, so for example regular messaging tasks running on behalf of users might practically prevent propagation of updated passwords from MSAD domain into DSEE/CommSuite.One solution that I see is to have DSEE (maybe via its ISW plugin) not remove the dspswvalidate flag for a configurable timeout after it first detected the password-change event on another directory source. This way for some 10 minutes (for example) after the MSAD-initiated password invalidation, DSEE would re-validate against the domain, ultimately making sure that the saved-to-trust password is the new one.Another idea is to test the user-provided cleartext password against (a copy of) the old DSEE userPassword hashed value, and not save the password if it is positive against both the MSAD domain and old DSEE password.Both of those ideas rely on changes to the ISW plugin which we can not do to the closed-source program.A bolt-on solution might be to make a script that runs every minute from crontab, detects new DSEE invalidations and saves a timestamp. Then for those example 10 minutes it would restore the requirement to validate against MSAD, if it detects the invalidation flag cleared during this time. I can foresee how this would NOT work and increase helpdesk calls, with lags upon logins after the password change, on-and-off trust of DSEE to one or another password, and mostly with automated email tasks firing within that minute between script runs so that the password change event, setting of the flag, validation of old password and clearing of the flag all happen before the bolt-on script would detect that anything happened.MAYBE though, it can parse cn=changelog for a verifiable history of events to detect appearances of the validation flag - even if it has been cleared by the time the script runs...Still, the bolt-on sounds like an unreliable solution, though doable.Are there any other ideas or practical advices, remaining withing the constraints of MSAD + DSEE + IdSyncWin? (Implementation of IAMS in particular, to unify this and other identity management is considered, but as a separate project and purchase - so some solution is needed for what they have today)Thanks,//Jim Klimov

  • RELEVANCY SCORE 2.62

    DB:2.62:Dsee 6.2 On Windows - How To Run The Ns-Slapd As A Windows Service m7


    I installed DSEE 6.2 on a Windows 2003 server. I was logged in with an id that had Admin privileges.

    dseedeploy install -iinstall path

    I created an instance, imported data, and started the instance (when connected to the server usign Remote desktop)
    When I log off the RDP, my slapd server is not running any more!!
    Is there a way to have the slapd server running as a Windows service?
    -Chalukya

    DB:2.62:Dsee 6.2 On Windows - How To Run The Ns-Slapd As A Windows Service m7

    Thanks Carole. That helped me in running the process as a Windows service.
    -Chalukya

  • RELEVANCY SCORE 2.62

    DB:2.62:Implement Sha 256 In Directory Server 7 ka


    How to implement SHA 256 in SUN DSEE 7 ?

    Thanks

    DB:2.62:Implement Sha 256 In Directory Server 7 ka

    Hi,

    SHA256 implementation is not delivered with DSEE7.0
    I would encourage you to contact the Oracle support team to figure out how this feature could be delivered to you.
    Regards
    Sylvain

  • RELEVANCY SCORE 2.62

    DB:2.62:Ds 6.2 And Password Expiration ks


    Hello,

    I'm having problems enforcing password expiration with DSEE. We have two Solaris 10 DSEE 6.2 servers configured with multi-master replication. The clients are running Solaris 8 (117350-47 Jun 2007 kernel patch level), and are using pam_ldap authentication.

    Using either telnet (just as a test) or ssh to login, I don't receive warnings of password expiration, nor is the account locked after passwordExpirationTime is exceeded.

    As an example, I can still authenticate as a user with this passwordExpirationTime:
    passwordExpirationTime=20071123163438Z

    The following is our DSEE password policy:

    pwd-accept-hashed-pwd-enabled : off
    pwd-check-enabled : on
    pwd-compat-mode : DS6-mode
    pwd-expire-no-warning-enabled : on
    pwd-expire-warning-delay : 4w
    pwd-failure-count-interval : 10m
    pwd-grace-login-limit : disabled
    pwd-keep-last-auth-time-enabled : on
    pwd-lockout-duration : disabled
    pwd-lockout-enabled : on
    pwd-lockout-repl-priority-enabled : on
    pwd-max-age : 12w6d
    pwd-max-failure-count : 4
    pwd-max-history-count : 3
    pwd-min-age : 1w
    pwd-min-length : 6
    pwd-mod-gen-length : 6
    pwd-must-change-enabled : off
    pwd-root-dn-bypass-enabled : off
    pwd-safe-modify-enabled : off
    pwd-storage-scheme : SSHA
    pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
    pwd-strong-check-enabled : on
    pwd-strong-check-require-charset : any-three
    pwd-supported-storage-scheme : CRYPT
    pwd-supported-storage-scheme : SHA
    pwd-supported-storage-scheme : SSHA
    pwd-supported-storage-scheme : NS-MTA-MD5
    pwd-supported-storage-scheme : CLEAR
    pwd-user-change-enabled : on

    Am I missing something obvious in the DSEE password policy? Would any other information be helpful in troubleshooting, such as /etc/pam.conf, patch levels of other packages, etc.?

    Thanks!

    DB:2.62:Ds 6.2 And Password Expiration ks

    If your DS6 instance is in DS5-compatible-mode (see above references), passwordExpirationTime is not ignored; however, please note that modifying server operational attributes via protocol has never been supported.

    A supported way to force a user to change his or her password (without administratively resetting the password) would be to define a specialized password policy with a small max-age value (but maintaining the relationship pwdMinAge+pwdExpireWarningpwdMaxAge), and use Roles/CoS to scope the policy to the user entry that requires a password change, but for which the password has not yet been changed. A value of pwdChangedTime in the past (or its absence from the entry) would indicate that the password had not yet been changed as requested. If the DS6 instance is in DS5-compatible-mode, you will need to enable grace logins via passwordWarning in the policy, while if the DS6 instance is in DS6-migration-mode or DS6-mode, you will also need to enable grace logins via pwdGraceAuthNLimit in the policy. Otherwise, the user cannot bind with an expired password.

    OpenDS includes a "must-change-by" feature in the password policy that simplifies configuring the specialized password policy, but I'm not aware of any plans to add this feature to DS6.

  • RELEVANCY SCORE 2.62

    DB:2.62:Dsee 6.3 Installation Question xj


    When deploying a fresh install of DSEE 6.3 to a new solaris 5.10 x86_64 machine what are the advantages and disadvantages to using the native or zip distribution. Which is the suggested source for a fresh installation on this type of start?

    any insight is appreciated, thanks.

    DB:2.62:Dsee 6.3 Installation Question xj

    thanks guys this just what i was wanting to know!

  • RELEVANCY SCORE 2.62

    DB:2.62:Dsee 6 On Solaris Vs Linux 38


    Any opinions on installing DSEE 6 on Solaris versus Linux? Are there any real differences or advantages to either? Thanks

    DB:2.62:Dsee 6 On Solaris Vs Linux 38

    Any opinions on installing DSEE 6 on Solaris versus Linux? Are there any real differences or advantages to either? Thanks

  • RELEVANCY SCORE 2.61

    DB:2.61:Odsee Replication Support Matrix 1m


    Hi experts,
    is there a support replication matrix? I need to know if multi-master replication between DSEE 6.x and ODSEE 11g is supported...
    Many thanks.

    DB:2.61:Odsee Replication Support Matrix 1m

    Yes it is supported.
    See http://docs.oracle.com/cd/E20295_01/html/821-1220/bcasa.html#scrolltoc

    -Sylvain

  • RELEVANCY SCORE 2.61

    DB:2.61:When Is Dsee 6.3.1 Supposed To Be Released? p3


    When is DSEE 6.3.1 supposed to be released? And is there an available list of the bug fixes in it?

    Also, why is it that you cannot search per forum on here anymore? This makes it almost impossible to find stuff relevant to what you are looking for.

    Thanks, Matt

    DB:2.61:When Is Dsee 6.3.1 Supposed To Be Released? p3

    DSEE 6.3.1 has been released.

    Release notes: http://docs.sun.com/app/docs/doc/820-5817

  • RELEVANCY SCORE 2.61

    DB:2.61:Cacao Starts But Smf Service Shows " Offline* " Dsee 6.3.X p7


    We've had this problem for some time now. I have searched endlessly on here and Google, but can't seem to find anything close to this problem.

    Here is some info:

    Server:
    Sun X4470 64GB RAM

    OS:
    Same result with both:
    Solaris 10 u10 x64 (Entire Distribution) with JDK 1.6.0_30 added

    or

    Solaris 10 u10 x64 (Core) with the following added:
    SUNWbash
    SUNWssh*
    SUNWxcu4
    and JDK 1.6.0_30

    DSEE Version:
    Installed as root
    DSEE 6.3 upgrade to 6.3.1 upgrade to 6.3.1.1.1
    Same problem with both ZIP and Native install using Java Identity Management Suite 5u1 then upgrade

    Here is the scenario:

    Install DSEE 6.3 (either ZIP or Native)
    Install is successful and cacao runs fine. The SMF service ( svc:/application/management/common-agent-container-1:default ) shows online.
    Able to stop and start cacao with cacaoadm command.
    Reboot the server.

    After the reboot, if you start cacao with cacaoadm or svcadm enable commands, cacao listens on the proper ports, and works with DSCC, however the SMF service shows " offline* ". This also happens with 6.3, 6.3.1 and 6.3.1.1.1.

    The following examples are from a 6.3.1.1.1 ZIP install upgraded from 6.3.1, on a Solaris Core install (same results with Entire Distribution):

    svcs -xv it shows the following:

    svc:/application/management/common-agent-container-1:default (Cacao, a common Java container for JDMK/JMX based management solution)
    State: offline since Wed Apr 25 11:53:39 2012
    Reason: Start method is running.
    See: http://sun.com/msg/SMF-8000-C4
    See: man -M /usr/share/man -s 1M cacaoadm
    See: man -M /usr/share/man -s 5 cacao
    See: /var/svc/log/application-management-common-agent-container-1:default.log
    Impact: This service is not running.

    The SMF log shows:

    [ Apr 25 11:53:39 Enabled. ]
    [ Apr 25 11:53:39 Executing start method ("/opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/tools/scripts/cacao_smf start default") ]

    The cacao log shows it started successfully. This is an excerpt from the end of the cacao.0 log:

    INFO: Cacao Initialization completed
    Apr 25, 2012 11:54:04 AM com.sun.cacao.common.utils.impl.ContainerUtils printContainerStatus
    INFO: cacao.print.status: 0

    The only warnings in the mfwk agent.log.0 are:

    WARNING: Job Dir does not exists: /opt/dsee/dsee6//var/opt/SUNWmfwk/jobtool
    Apr 25, 2012 11:54:04 AM com.sun.management.oss.impl.tools.Persistence loadManagedEntities
    WARNING: loadManagedEntities: persistence repository is not a directory: /opt/dsee/dsee6//var/opt/SUNWmfwk/persistence/measurement
    Apr 25, 2012 11:54:04 AM com.sun.management.oss.impl.tools.Persistence loadManagedEntities
    WARNING: loadManagedEntities: persistence repository is not a directory: /opt/dsee/dsee6//var/opt/SUNWmfwk/persistence/threshold
    Apr 25, 2012 11:54:04 AM com.sun.management.oss.impl.tools.Persistence loadManagedEntities
    WARNING: loadManagedEntities: persistence repository is not a directory: /opt/dsee/dsee6//var/opt/SUNWmfwk/persistence/opstatus

    Then at the end of the mfwk log it shows:

    INFO: Packet received

    Here is the output when you do /usr/ucb/ps -auxww |egrep "cacao|jmx"

    root 977 0.0 0.2154256100264 ? S 11:53:40 0:19 /opt/dsee/jre/bin/java -Xms4M -Xmx128M -Dcom.sun.management.jmxremote -Dfile.encoding=utf-8 -classpath /opt/dsee/dsee6/private/lib/jdmkrt.jar:/opt/dsee/dsee6/private/lib/jmxremote_optional.jar:/opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/cacao_cacao.jar:/opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/cacao_j5core.jar -Djavax.management.builder.initial=com.sun.jdmk.JdmkMBeanServerBuilder -Dcacao.print.status=true -Dcacao.config.dir=/opt/dsee/dsee6/cacao_2/etc/cacao/instances/default -Dcacao.monitoring.mode=smf -Dcom.sun.cacao.ssl.keystore.password.file=/opt/dsee/dsee6/cacao_2/etc/cacao/instances/default/security/password com.sun.cacao.container.impl.ContainerPrivate

    root 797 0.0 0.0 3740 940 ? S 11:53:39 0:00 /bin/sh /opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/tools/scripts/cacao_smf start default

    root 801 0.0 0.0 4492 1716 ? S 11:53:39 0:00 /bin/sh /opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/tools/scripts/../../../bin/cacaoadm smf_start -i default

    root 974 0.0 0.0 3812 1000 ? S 11:53:40 0:01 /bin/ksh /opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/tools/scripts/cacao_smf_start /opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/tools/launch -w /opt/dsee/dsee6/cacao_2/usr/lib/cacao -f -U root -G root -- /opt/dsee/jre/bin/java -Xms4M -Xmx128M -Dcom.sun.management.jmxremote -Dfile.encoding=utf-8 -classpath /opt/dsee/dsee6/private/lib/jdmkrt.jar:/opt/dsee/dsee6/private/lib/jmxremote_optional.jar:/opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/cacao_cacao.jar:/opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/cacao_j5core.jar -Djavax.management.builder.initial=com.sun.jdmk.JdmkMBeanServerBuilder -Dcacao.print.status=true -Dcacao.config.dir=/opt/dsee/dsee6/cacao_2/etc/cacao/instances/default -Dcacao.monitoring.mode=smf -Dcom.sun.cacao.ssl.keystore.password.file=/opt/dsee/dsee6/cacao_2/etc/cacao/instances/default/security/password com.sun.cacao.container.impl.ContainerPrivate

    root 976 0.0 0.0 2288 1200 ? S 11:53:40 0:00 /opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/tools/launch -w /opt/dsee/dsee6/cacao_2/usr/lib/cacao -f -U

    root -G root -- /opt/dsee/jre/bin/java -Xms4M -Xmx128M -Dcom.sun.management.jmxremote -Dfile.encoding=utf-8 -classpath /opt/dsee/dsee6/private/lib/jdmkrt.jar:/opt/dsee/dsee6/private/lib/jmxremote_optional.jar:/opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/cacao_cacao.jar:/opt/dsee/dsee6/cacao_2/usr/lib/cacao/lib/cacao_j5core.jar -Djavax.management.builder.initial=com.sun.jdmk.JdmkMBeanServerBuilder -Dcacao.print.status=true -Dcacao.config.dir=/opt/dsee/dsee6/cacao_2/etc/cacao/instances/default -Dcacao.monitoring.mode=smf -Dcom.sun.cacao.ssl.keystore.password.file=/opt/dsee/dsee6/cacao_2/etc/cacao/instances/default/security/password com.sun.cacao.container.impl.ContainerPrivate
    root 5388 0.0 0.0 3700 868 pts/1 S 13:07:04 0:00 egrep cacao|jmx

    Finally here is the output from a /opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm status

    default instance is DISABLED at system startup.
    default instance is not running.

    Any help would be greatly appreciated!!! Thanks!

    DB:2.61:Cacao Starts But Smf Service Shows " Offline* " Dsee 6.3.X p7

    Try to restart cacaoadm:

    cacaoadm stop
    cacaoadm start
    cacaoadm status.

    Marco.

  • RELEVANCY SCORE 2.61

    DB:2.61:Dsee 6 On A Virtual Machime mf


    We are considering running DSEE 6 on a virtual machine
    ( vmware ). The current DS 5.2 system runs on redhat intel
    physical machine. We currrently ghave excellent performance.

    I believe there is about 7.2G of physical i/o / day,
    2/3 reads, 1/3 writes.

    Any user experiences or suggestions about runnung DS
    on a virtual machine ?

    JYard
    UCLA

    DB:2.61:Dsee 6 On A Virtual Machime mf

    We've been running all of our DSEE 6 (Linux) servers on VMware since 6.1 . Our VMware ESX 3.5 cluster consists of 4 servers. All 4 servers have 2 Dual core AMD processors; 2 have 16GB RAM, 2 have 24GB RAM.

    Our DSEE servers have 2 vCPUs w/ 2GB of RAM. We have a single master which only gets attribute changes from our system of record and replicates to a hub. Our hub and consumer accept queries from the world needing LDAP services. The hub and consumer are behind a hardware load balancer (F5 BigIP). We don't have much load, but we do have a lot of writes.

    DSEE 6.1, 6.2, and 6.3 were prone to random crashes. Not sure if it was the JVM, bugs in DSEE, or introducing VMware into the mix. But, ever since I upgraded all 3 servers to 6.3.1, they've been stable as a rock and haven't had a single crash. If you're going to be running DSEE on VMware, I'd highly recommend 6.3.1 .

  • RELEVANCY SCORE 2.61

    DB:2.61:How To Install Ios 6 On Ipad 2 fa


    How to install iOS 6 on iPad 2?

    DB:2.61:How To Install Ios 6 On Ipad 2 fa

    Yes you can do it OTA(over the air) or if you don't have wifi, you can use iTunes.

  • RELEVANCY SCORE 2.61

    DB:2.61:Ms's Data Execution Protection 8c


    Has anyone experienced on DSEE 6.2, on Windows Server 2003, a need to change the list of exceptions on DEP and add, the ns-slapd, dsee_ntservice, cacaosvc, launch, and bin_dsadm.exe

    DB:2.61:Ms's Data Execution Protection 8c

    Has anyone experienced on DSEE 6.2, on Windows Server 2003, a need to change the list of exceptions on DEP and add, the ns-slapd, dsee_ntservice, cacaosvc, launch, and bin_dsadm.exe

  • RELEVANCY SCORE 2.60

    DB:2.60:Where To Go To Get Help On Getting Dsee Installed And Running On Redhat? ad


    Specifically some workable documentation would be a good start

    DB:2.60:Where To Go To Get Help On Getting Dsee Installed And Running On Redhat? ad

    I seem to have gone through this docuemntation already...

    packages are,

    [root@vuwunicvdseem01 sun]# ls -l
    total 262452
    -rw-r--r-- 1 jonesst1 jonesst1 231823 Aug 1 12:32 compat-libstdc++-33-3.2.3-47.3.i386.rpm
    -rw-r--r-- 1 root root 268152945 Jul 31 16:43 DSEE.6.1.Redhat-X86-full.tar.gz
    drwxr-xr-x 2 865 wheel 4096 May 25 04:38 DSEE_Directory_Editor
    drwxr-xr-x 7 865 wheel 4096 May 25 04:42 DSEE_Identity_Synchonization_for_Windows
    drwxr-xr-x 3 865 wheel 4096 May 25 04:38 DSEE_ZIP_Distribution
    drwxr-xr-x 2 root root 4096 Aug 1 12:02 java
    drwxr-xr-x 2 865 wheel 4096 May 25 04:42 Legal
    -rwxr-xr-x 1 865 wheel 20295 May 25 04:42 LICENSE.txt
    -rwxr-xr-x 1 865 wheel 3157 May 25 04:42 README.txt
    drwxr-xr-x 2 root root 4096 Aug 1 16:26 webconsole

  • RELEVANCY SCORE 2.59

    DB:2.59:Java Dsee 6.3 And Redhat As 5(Centos 5) 9k


    Hello,

    We have a small datacenter with many linux servers( centos 5) and just two dsee 6.3 servers running on solaris(9 10 on old sparc hardware).
    We looking forward to migrate the two DSEE to new servers with linux too, but according to Sun supported OS for DSEE 6, only Redhat AS 4 is supported.
    Do you know if sun will support Readhat AS 5 and when???

    I have successfully installed dsee 6.3 on centos 5(there are some minor problems with the administrator gui) but i am not so sure to put them in productions.
    I also know that one option it will be to install solaris 10 x86 instead of linux, but i really dont want to..:-)

    DB:2.59:Java Dsee 6.3 And Redhat As 5(Centos 5) 9k

    DSEE 7, which should be out later this year will be supported on Red Hat 5.

  • RELEVANCY SCORE 2.59

    DB:2.59:How To Link Dsee Into The Java Web Console? On Rhas4-U5-32bit 98


    http://docs.sun.com/app/docs/doc/819-0993/6n3co69jj?a=view

    I have both running but when i log into the java the web console does not show DSEE as present....

    I get,

    You Do Not Have Access to Any Application
    No application is registered with this Sun Java(TM) Web Console, or you have no rights to use any applications that are registered. See your system administrator for assistance.

    So I either need to set rights so the web console can get to DSEE or register it....not sure which but I have followed the forum and docs so I suspect it might be a permisisons of authentication issie rathr than registration (but Im not that sure).

    DB:2.59:How To Link Dsee Into The Java Web Console? On Rhas4-U5-32bit 98

    http://docs.sun.com/app/docs/doc/819-0993/6n3co69jj?a=view

    I have both running but when i log into the java the web console does not show DSEE as present....

    I get,

    You Do Not Have Access to Any Application
    No application is registered with this Sun Java(TM) Web Console, or you have no rights to use any applications that are registered. See your system administrator for assistance.

    So I either need to set rights so the web console can get to DSEE or register it....not sure which but I have followed the forum and docs so I suspect it might be a permisisons of authentication issie rathr than registration (but Im not that sure).

  • RELEVANCY SCORE 2.59

    DB:2.59:Calendar Server 6.3 And Multiple Directory Servers j1


    I'm working through Calendar Server 6.3 with Directory Server EE 6 (JCS 5) and it occurred to me that it would be a good thing to be able to point Calendar at multiple LDAP servers.

    I'm envisioning two DSEE 6 servers running the same version of DSEE, same platform, both with comm_dssetup.pl applied for schema 2.

    These servers would essentially be multimaster servers.

    I can't find anything in the calendar docs specifically about doing this, I can find info for Communications Express. but this isn't quite the same thing as far as I can tell.

    Can this be done in ics.conf?

    Should I be using Directory Proxy Server or a hardware load balancer to do this instead - i.e. failover activity in front of the calendar server so to speak but not in the calendar server.

    DB:2.59:Calendar Server 6.3 And Multiple Directory Servers j1

    I successfully did this today, need to do it again to confirm but here is what I did:

    1. LDAP running on multi-master DSEE 6 nodes Marge and Homer for the suffixes o=comms-config, o=pab, o=PiServerDb, and my domain o=foobar.com,o=gov

    2. I'm running JCS5 so I setup LDAP failover in all components around Communications Express:

    Calendar ics.conf
    local.authldaphost="marge homer:389"
    local.ugldaphost="marge homer:389"
    Restart Calendar services

    Messaging Server
    configutil -o local.ugldaphost -v "marge homer"
    configutil -o local.service.pab.ldaphost -v "marge homer"
    configutil -o local.ugldapuselocal -v "yes"
    Stop and start Messaging Server services

    Access Manager (we use SSO with Comm Express)
    vi /etc/opt/SUNWam/config/serverconfig.xml
    Add a line like this after 'Server1' line:
    Server name="Server2" host="homer" port="389" type="SIMPLE" /
    Stop and start the web container

    The AM docs mention this method. In the console there is a place to add additional LDAP servers for authentication:

    http://server/amserver/console
    Login as amadmin
    Choose Configuration tab
    Choose 'LDAP' under Authentication
    Add my secondary server including port (homer:389)
    Save

    Doesn't seem to be necessary as I didn't do this in my test. Not sure what this is used for exactly in AM, need to research.

    Communications Express
    cd /var/opt/SUNWuwc/WEB-INF/config
    vi uwcauth.properties and set the following:
    ldapusersession.ldapport (should be LDAP port, 389 by default)
    ldapusersession.ldaphost to marge.foobar.com,homer.foobar.com
    Stop and start the web container

    IM - not sure if this is supported or not

    Delegated Administrator - not sure if this is supported or not

    Logged into CE and then shutdown DSEE on Marge. There was a slight delay when I accessed my calendar but it worked.

    Logged out of CE and logged back in with a different user account. Worked fine.

    Stopped DSEE on Homer and was unable to login which is expected.

    Restarted DSEE on Marge and was able to login and access mail and calendar in CE.

  • RELEVANCY SCORE 2.57

    DB:2.57:Syncing The Oim Data Changes To Dsee c8


    Hi,

    I need to update the DSEE if any updates happens to OIM data.

    I know if I manullay change the data in process form then the changes gets reflected in DSEE, but here I want if I update the OIM data then the same should get reflected to DSEE also autmatically.

    Please suggest how to achieve this.

    Thanks

    DB:2.57:Syncing The Oim Data Changes To Dsee c8

    this is fine. once your "change" task will update the process form . Updated task will be executed and data will be populated into target system.

    hope, your flow is working now as expected

  • RELEVANCY SCORE 2.57

    DB:2.57:Can't Create An Instance 3x


    I got the below error on Solaris 10. Do you have any ideas?

    # ./dsadm create /users/lab/dsee/dsins1
    ld.so.1: dsadm: fatal: libsasl.so: version `SUNWprivate1.1' not found (required by file /users/lab/dsee/ds6/bin/../../dsee6/private/lib/libldap60.so)
    ld.so.1: dsadm: fatal: libsasl.so: open failed: No such file or directory
    Killed

  • RELEVANCY SCORE 2.56

    DB:2.56:Upgrade 6.3 To 6.3.1.1.1 Error 13


    Hello ,

    While installing upgrade patch for 6.3.1.1.1 on the Win 2003 server i'm getting this unzip error.

    Has anyone faced this error before ? What its is related to ?

    inflating: c:/Program Files/Sun/DSEE/./dsee6/cacao_2/lib/tools/template/modules/com.sun.cacao.snmp
    v3_adaptor.xml
    inflating: c:/Program Files/Sun/DSEE/./dsee6/cacao_2/lib/tools/template/startup/cacao
    inflating: c:/Program Files/Sun/DSEE/./dsee6/data/sun-ldap-cacao.lis
    extracting: c:/Program Files/Sun/DSEE/./dsee6/data/sun-ldap-cacao.del
    Removing c:\Program Files\Sun\DSEE/dsee6/data/sun-ldap-cacao.del
    Error: unzip error

    Thanks for help

    DB:2.56:Upgrade 6.3 To 6.3.1.1.1 Error 13

    Hello ,

    While installing upgrade patch for 6.3.1.1.1 on the Win 2003 server i'm getting this unzip error.

    Has anyone faced this error before ? What its is related to ?

    inflating: c:/Program Files/Sun/DSEE/./dsee6/cacao_2/lib/tools/template/modules/com.sun.cacao.snmp
    v3_adaptor.xml
    inflating: c:/Program Files/Sun/DSEE/./dsee6/cacao_2/lib/tools/template/startup/cacao
    inflating: c:/Program Files/Sun/DSEE/./dsee6/data/sun-ldap-cacao.lis
    extracting: c:/Program Files/Sun/DSEE/./dsee6/data/sun-ldap-cacao.del
    Removing c:\Program Files\Sun\DSEE/dsee6/data/sun-ldap-cacao.del
    Error: unzip error

    Thanks for help

  • RELEVANCY SCORE 2.56

    DB:2.56:Redhat 6 Clients Need To Configure On Dsee 6.3.1 Server x7


    Dear all, we have a group that needs to configure their Redhat 6 (RHEL6) clients to a Sun Directory Server 6.3.1, we have some earlier Redhat clients that are successfully configured however this later version seems to have changes in regard to secure LDAP. Does anyone on this forum have any experience or suggestions please

    DB:2.56:Redhat 6 Clients Need To Configure On Dsee 6.3.1 Server x7

    Dear all, we have a group that needs to configure their Redhat 6 (RHEL6) clients to a Sun Directory Server 6.3.1, we have some earlier Redhat clients that are successfully configured however this later version seems to have changes in regard to secure LDAP. Does anyone on this forum have any experience or suggestions please

  • RELEVANCY SCORE 2.56

    DB:2.56:Ida Configuration 99


    Dear All,

    Would anyone guide me to how configure IDA?
    I am using schema 2 on DSEE 6.2
    after i installed and configured IDA i couldnt log wiht the amadmin credentials?

    Does anyone know why?
    Moreover, how can i set ACI for schema 2 that is found in this doc?
    http://docs.sun.com/app/docs/doc/819-4438/acfdk?a=view

    Thanks,
    Scotty

    DB:2.56:Ida Configuration 99

    I am getting this upon logging in:

    [21/May/2008:13:07:25] failure ( 388): for host 10.1.4.2 trying to POST /commcli/auth, service-j2ee reports: StandardWrapperValve[commLDAPAuth]: PWC1406: Servlet.service() for servlet commLDAPAuth threw exception
    java.lang.NoClassDefFoundError: netscape/ldap/LDAPConnection
    at java.lang.ClassLoader.defineClass1(Native Method)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
    at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:972)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1498)
    at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
    at sun.comm.cli.server.servlet.commAuth.getAuthDomainFromLogin(commAuth.java:480)
    at sun.comm.cli.server.servlet.commAuth.getAuthDomainName(commAuth.java:593)
    at sun.comm.cli.server.servlet.commAuth.getAuthDomainName(commAuth.java:553)
    at sun.comm.cli.server.servlet.commAuth.execute(commAuth.java:158)
    at sun.comm.cli.server.servlet.commServlet.doPost(commServlet.java:90)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:816)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
    at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:277)
    at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
    at com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)

    Any help!

  • RELEVANCY SCORE 2.55

    DB:2.55:Dsee On Solaris 11 7m


    It is possible to install DSEE11g on Solaris 11?

    DB:2.55:Dsee On Solaris 11 7m

    Ok, zip distribution is not an option, but:

    pkg works too if:

    # pkg install cacao

    add Solaris10 pkgs:
    # pkgadd SUNWicu SUNWldapcsdk-libs SUNWsasl

    and then
    # pkgadd SUNWdsee7 SUNWdsee7-var

  • RELEVANCY SCORE 2.55

    DB:2.55:Dsee 6.3 On Linux: Memory Leak Problem z7


    Hello, I have a DSEE 6.3 B2008.0311.0224 (32-bit) running over RHEL 4U7.
    I have LDIF exports and database binary backups running every night. Until now, everything was fine
    but I had a server crash last night, due to a memory shortage:

    [10/sep/2009:02:04:33 +0200] - ERROR5135 - Resource Limit - conn=-1 op=-1 msgId=-1 - Memory allocation error calloc of 2948 bytes failed; errno 12
    The server has probably allocated all available virtual memory. To solve this problem, make more virtual memory available to your server, or reduce the size of the server's `Maximum Entries in Cache' (cachesize) or `Maximum DB Cache Size' (dbcachesize) parameters.
    can't recover; calling exit(1)

    My system statistics usually looks like this

    Mem: 3635316k total, 2799908k used, 835408k free, 51992k buffers
    Swap: 8385888k total, 60204k used, 8325684k free, 2066224k cached

    PID USER PR NI VIRT RES SHR S %MEM %CPU TIME+ COMMAND
    13330 root 16 0 1880m 1.7g 1.2g S 49.1 0.3 2:25.25 ns-slapd

    I have the whole database in entry and database caches (each set to about 900 Mo), and about 800 Mb of memory occupied by java processes (LDAP updates clients). I've about 140000 entries in my directory so I wonder how much extra memory (if any) binary backups or LDIF exports need to run well ? Any possible memory leak ? Should I upgrade to v 6.3.1 ?

    DB:2.55:Dsee 6.3 On Linux: Memory Leak Problem z7

    Would you happen to know if this bug existed in 5.2 patch 6? I've had a similar crash and wondered if I should put in a ticket.

    Thanks,

    Ethan

    [20/Sep/2009:20:20:44 -0400] - ERROR5135 - Resource Limit - conn=-1 op=-1 msgId=-1 - Memory allocation error calloc of 22532 bytes failed; errno 12
    The server has probably allocated all available virtual memory. To solve this problem, make more virtual memory available to your server, or reduce the size of the server's `Maximum Entries in Cache' (cachesize) or `Maximum DB Cache Size' (dbcachesize) parameters.
    can't recover; calling exit(1)

    Mem: 8306064k total, 5232616k used, 3073448k free, 169952k buffers
    Swap: 2031608k total, 188k used, 2031420k free, 4701120k cached

  • RELEVANCY SCORE 2.55

    DB:2.55:A Few Basic Questions Under Pressing Time.... dd


    Hello Everybody,

    under pressing time I have following questions:

    1
    On Server 1 open Solaris 2009.06 (oSol) is deployed and DSEE is installed on it and running.
    On Server 2 I plan to deploy Solaris10 U7 and use LDAP as naming system (being configured for DSEE on Server1).
    What is the consequences, advantages for Solaris10 U7 (on Server2) as a Unix LDAP Client and for the Solaris Management Console (SMC)? Does it mean all system resources (as Solaruis User, Roles, etc.) will be kept in the DIT and not more in files?
    Can you provide me a link to a document relating to SMC and LDAP?

    2 What is the relationship between LDAP profile and DSEE's Schema?

    3
    What is a LDAP Profile?
    Except Default Profile created by deployment and configuration of DSEE, when I need to create additional profiles and how I do this? (just link to a document describing it is enough.)

    4 Does Solaris OS (Solaris 10-U7 AND open Solaris) include the LDAP Server software or just only the LDAP Client?

    Please help, even partly
    Thanks in advance.
    aski

    DB:2.55:A Few Basic Questions Under Pressing Time.... dd

    Thank you for your answers.

    I miss an answer to the question nr. 1 AND 2, cuz I' don't know, when I have to set a Solaris box as a LDAP client.

    For a deployment in a school, on this Solaris box the Sun Ray Server Software 4.1 (SRSS) must be installed and uses the Directory Server Enterprise Edition 6.3.1 (already running on a OpenSolaris-driven box) for data store. In this context, is it NECESSARY, that host of SRSS (*Solaris 10 U7*) must be a LDAP client?

    I'm not clear about what is the benefits, advantages and site effects of having a Solaris instance as a LDAP client for the OS itself AND for server applications (like SRSS), running on it while requiring a Directory Server (the same LDAP server, serving the Solaris instance too) .

    aski

  • RELEVANCY SCORE 2.55

    DB:2.55:Pswconnector User Password Expired x1


    Hello,
    We have installed DSEE 7.0 ISW 6.0 on Solaris 10.
    Active Directory is running on Windows 2008 R2 Enterprise Edition (64-bit)

    We have one way syncronization (LDAP - AD)

    We learned that password for user "PSWConnector" expired, and now getting following in ISW audit.log file...
    "failed to open connection to ldap://ldap-server, error(49): Invalid credentials, reason: password expired!."

    We are trying to figure out how to reset this users password or how to "un-expire" this users password.

    Thank you,

    DB:2.55:Pswconnector User Password Expired x1

    Ok; we were able to set it back to original password, and sync started up.
    Also updated password policy for PSWConnector so its password does not expire.

    Thank you "handat" and "chris c" for your input...

  • RELEVANCY SCORE 2.55

    DB:2.55:Dscc Configuration With Dsee 6.1 71


    Trying to configure DSCC in DSEE 6.2. Getting the error
    "The Directory Service Control Center requires a one-time initialization process to be run before it can be used. This initialization process needs to be done using the dsccsetup command line."

    dsccsetup status gives me the following output
    Sun Java (TM) Web Console is not installed
    ***
    DSCC Agent is registered in Cacao
    ***
    DSCC Registry has been created
    Path of DSCC registry is /opt/apps/dps6/var/dscc6/dcc/ads
    Port of DSCC registry is 3998

    Installed DSEE as proxy:proxy
    Deployed war file generated on WAS
    Created the DSCC registry by running dsccsetup adscreate

    Getting the above error. Any suggestions on how this can be fixed?

    DB:2.55:Dscc Configuration With Dsee 6.1 71

    Hi Chalukya,

    Did you ever get this working..either using the web console or just the dscc war file? If so, could you provide the details of how you accomplished this?

    Thanks -- M

  • RELEVANCY SCORE 2.55

    DB:2.55:Acceso Denegado Disco Sata 2 Con Xp Dsee Win 7 3j


    Tengo dos discos Sata, uno con sistema Win 7 Home Premium y otro XP. Al arrancar con XP, no hay problema de acceso al otro disco. Sin embargo bajo Win7 no puedo acceder al disco con XP, a pesar de que al ejecutar "administrar discos" se muestra el disco,
    con su letra de unidad asignada y su capacidad. No es posible abrir ni explorar.
    La configuracion de seguridad es correcta, con permiso total para todos los usuarios.

    Curiosamente, al arrancar en modo de fallos de Win7 sí que es posible acceder al disco.

    Agradeceria una solución al problema

    Atentamente

    DB:2.55:Acceso Denegado Disco Sata 2 Con Xp Dsee Win 7 3j

    Solucionado. Parece que enconre la causa!. estaba en los permisos, a pesar de que en los dos discos la configuracion de seguridad y usuarios con control total era identica, localizé el usuario "todos" para darle control tota en el disco problematico y
    así se arregló.
    Que cosas pasan!

  • RELEVANCY SCORE 2.55

    DB:2.55:Sun Isw ; Where Is Download Media? fd


    AoA,
    Although it sounds absurd, But i am unable to find the installation media of Identity Synchronization for Windows 6.0
    Is it included in the JES 5 installer?
    The DSEE installation guide has a section where it says
    "This section explains how to download, unpack (or unzip), and run the Identity
    Synchronization for Windows installation program on the following platforms:"
    Unfortunately though, the section only explains running but not downloading.
    Please help anyone
    regards
    Kimi

    DB:2.55:Sun Isw ; Where Is Download Media? fd

    http://www.sun.com/software/products/directory_srvr_ee/get1.jsp

    Choose:
    - "Directory Server Enterprise Edition 6.x"
    - 6.1 or 6.0 (I think the ISW components are the same in both).
    - "Compressed Archive (ZIP)"

  • RELEVANCY SCORE 2.55

    DB:2.55:How To Use Of Mfwk In Dsee 6.3 az


    Hello

    I want to notify the changes made by my plugin to Java web service component.

    Can anyone suggest me whether it is possible with the use of mfwk present in DSEE 6.3?

    Regards,
    Srini

    DB:2.55:How To Use Of Mfwk In Dsee 6.3 az

    For change notification, you'll either want to let the data propagate by replication, http://docs.sun.com/app/docs/doc/820-2765/fnysf, or by taking changes from the change log (also referenced in that chapter).

  • RELEVANCY SCORE 2.54

    DB:2.54:Speificing Listen Address In Dsee 6.X 1z


    Hi All

    I have mutliple interfaces on the server running DSEE 6.3 and I want to have it listen on only 1 of the interfaces, how could I do that?

    thanks

    DB:2.54:Speificing Listen Address In Dsee 6.X 1z

    by default DS listens on all port so that the listen-address is 0.0.0.0. To set it to 192.168.0.1 for example do as follows
    dsconf set-server-prop listen-address:192.168.0.1

    for more details you may check the official documentation here

  • RELEVANCY SCORE 2.54

    DB:2.54:Using Dsee 6.3.1 As Authentication Server For Srss 4.1 8z


    Hi everybody,

    for a school in Germany, we are designing and implementing an IT system, mainly based on following Sun technologies and products:
    - Solaris 10 U7, Open Solaris 2009.06
    - GlassFish V3 Prelude
    - Sun Directory Server Enterprise Edition 6.3.1 (DSEE)
    - Sun Ray (SRSS 4.1, SDM 1.1 and Win Connector 2.0 to provide ALSO Win-Apps to students)

    In further steps we plan to integrate following Sun products into this environment:
    - MySQL 5.1 (integrated with GlassFish and as a single data-store for all server applications)
    - open SSO Enterprise 8.0
    - Sun GlassFish Web Space Server 10.0

    We REALLY need the support of related communities to do the job professorially.

    Currently in a lab environment 2 Servers are running under Solaris 10 U7:
    GlassFish and DSEE are installed on Server 1 (js1) and SRSS on Server 2 (js2), which is configured as a Unix LDAP Client (relative to js1).
    Current state of deployments is fine and runs stable. But at the time being we have following main questions, problems:

    1.- After deployment of DSEE, creation of a Directory Server instance, creation of a root suffix: The execution of idsconfig tool creates Directory's container, that ldapaddent doesn't accept for transfer of data from etc-databases into a few of these containers, specially */etc/passwd* into ou=people, also:
    ldapaddent -D "cn=Directory Manager" -a Simple -f /etc/passwd people
    returns following error:

    database people not supported; supported databases are:
    passwd, group, services, protocols, rpc, hosts, ipnodes, ethers, bootparams, etworks, netmasks, netgroup, aliases, publickey, generic, printers, auth_attr, prof_attr, exec_attr, user_attr, audit_user

    a) What we have to do?

    b) Please provide us a reference to an online documentation, describing how to transfer correctly the /etc - databases into DIT of DSEE.

    Currently SRSS doesn't use LDAP Authentication. When we solve above mentioned problem, we will change the configuration.

    2.- Can DSEE and /or SunRay be deployed on Open Solaris - driven hosts without problems and limitations? Please inform us briefly about your experiences, recommendations.

    We hope the community helps us soon....

    Thanks in advance
    aski

    DB:2.54:Using Dsee 6.3.1 As Authentication Server For Srss 4.1 8z

    Hi,

    In order to migrate users, groups and password you have to use the command ldapaddent as you did with this sintax:

    # ldapaddent -D "cn=Directory Manager" -w secret -f /etc/group group
    # ldapaddent -D "cn=Directory Manager" -w secret -f /etc/passwd passwd
    # ldapaddent -D "cn=Directory Manager" -w secret -f /etc/shadow shadowNote that you must use passwd instead of people container.

    I suggest you to check this article from BigAdmin http://www.sun.com/bigadmin/features/articles/nis_ldap_part1.jsp

    G.

  • RELEVANCY SCORE 2.54

    DB:2.54:Dsee 6.2, Dscc And Xp sp


    Just installed DSEE 6.2 from Jes 5u1 on XP. Install seems to work fine. Able to start, stop, restart, and configure DS from dsadm command line tools. Can load data, search data, etc.

    Problem begins when I try to stop the DS from DSCC. I get the message that the operation has completed. However, the status screen in DSCC still shows the DS as Started. I also can see the bin-ns-slapd process running in the windows monitor. Only way to really kill the process is from the windows monitor.

    Also noticed that is I try to stop the DS from the DSCC, notice it is still running, and then try to stop it using dsadm, I get the message "No PID file found".

    Same behavior on both Firefox and IE.

    Any ideas?

    DB:2.54:Dsee 6.2, Dscc And Xp sp

    Just installed DSEE 6.2 from Jes 5u1 on XP. Install seems to work fine. Able to start, stop, restart, and configure DS from dsadm command line tools. Can load data, search data, etc.

    Problem begins when I try to stop the DS from DSCC. I get the message that the operation has completed. However, the status screen in DSCC still shows the DS as Started. I also can see the bin-ns-slapd process running in the windows monitor. Only way to really kill the process is from the windows monitor.

    Also noticed that is I try to stop the DS from the DSCC, notice it is still running, and then try to stop it using dsadm, I get the message "No PID file found".

    Same behavior on both Firefox and IE.

    Any ideas?

  • RELEVANCY SCORE 2.53

    DB:2.53:Strange Error Message When Try To Create A Ds Instance ks


    I installed DSEE 6.1 on Solaris 10 and afterward I tried to create an instance and I got the below. Do you have any ideas?

    root# ./dsadm create /usr/local/dsee/dsins1
    Choose the Directory Manager password: ******
    Confirm the Directory Manager password: ******
    Failed to make directory /usr/local/dsee/dsins1: a component of the path prefix does not exist.

    DB:2.53:Strange Error Message When Try To Create A Ds Instance ks

    you have to create /usr/local/dsee/ and give to it write permissions to ds user

    Edited by: gfaraway on May 11, 2008 9:58 AM

  • RELEVANCY SCORE 2.53

    DB:2.53:How To Install Dsee 6.3 On Rhas4-U2 With Functional Dscc? 9a


    Been trying to install DSEE 6.3 (native package version + multi-language support) on an out-of-the-box RHAS4-U2 (32-bit) as per DSEE 6.3 doco and associated patch doco and have DSCC continue to work after patching...

    Our initial install of DSEE 6.0 ('All Shared Components', DSEE Monitoring Framework options selected) was fine with DSCC available in Sun Java Web Console (SJWC).

    Sadly, after patching of shared components DSCC was no longer available in the SJWC. We initially figured this was due to original version of DSCC app being incompatible with updated SJWC so pressed on with DSEE 6.3 upgrade. However, even after DSEE 6.3 patches had been applied DSCC was still not available in SJWC.

    We've been through the install process three times in an attempt to document a repeatable build process. We do get a successful install of all components except DSCC app somehow (repeatedly) breaks every time. Trying dsccsetup console-unreg/console-reg doesn't help as dsccsetup reports successful registration yet the DSCC app itself is not available in the console.

    Searching the forum archives reveals that others have experienced this issue although none appear to have been resolved ...or at least not reported as resolved anyway.

    At this stage we suspect the patch sequence may be the problem so would appreciate any feedback re our post-DSEE 6.0 patch sequence (including associated installation method) as listed here:

    126368-04 ICU (rpm -Uvh sun-icu-3.2.1-5.i386.rpm)
    125954-16 SJWC (125954-16.sh)
    121656-17 NSS/NSPR/JSS (installpatch)
    119046-03 JDMK (rpm -Fvh *.rpm)
    123899-03 CACAO (rpm -Fvh 123899-03/sun-cacaort-2.1-0.i386.rpm 123900-03/sun-cacaort-man-2.1-0.i386.rpm 123901-03/sun-cacaowsvr-2.1-0.i386.rpm 123902-03/sun-cacaomon-2.1-0.i386.rpm)

    ...REBOOT, then...

    125939-07 DSEE 6.3 Localisation (installpatch)
    125309-07 DSEE 6.3 Core (installpatch)

    -TB

    DB:2.53:How To Install Dsee 6.3 On Rhas4-U2 With Functional Dscc? 9a

    SOLVED:

    Patch 125954-16 turned out to be the culprit ...not the patch sequence.

    Patch 125954-17 (released only yesterday it seems) successfully upgrades the web console to version 3.1 without breaking the DSCC application. Incidentally, in our testing the previous version of this patch did not break other applications (e.g. Monitoring Framework) only DSCC.

    -TB

  • RELEVANCY SCORE 2.53

    DB:2.53:Enabling Dsee 6 Web Console Remote Access On Rhas 4 8c


    Hi,

    I try to enable web console remote access on RHAS 4 and didn't find any
    obvious way to do that in that particular case.
    So, I'd like an equivalent to this Solaris command:

    svccfg -s svc:/system/webconsole setprop options/tcp_listen = true

    I've tried "wcadmin add -p -a console tcp_listen=true ; smcwebserver restart"
    but I still can't login remotely to the web console with a browser.

    Any idea ?

    DB:2.53:Enabling Dsee 6 Web Console Remote Access On Rhas 4 8c

    Hi,
    as far as i remember i had the same problem, but it was on solaris. I think i had to restart several services or reboot the whole machine and then it worked.
    Regards
    Jochem Ippers

  • RELEVANCY SCORE 2.53

    DB:2.53:Windows 6.3 Ds Instance Stops When User Logs Off!!! 7k


    Hellos.

    I have installed and configured 6.3 DS on a windows 2003 server sp2.

    I can logon and start the DS 'server' from the command line by: dsadm start d:\ds63data

    The Directory works well as long as the User who started the directory "server" remains logged on. When he logs out the "server" stops. The same is true if I start the Directory via DSCC.

    We installed the DS 6.3 software from the DSEE.63.Windows.full.zip file.

    How do we arrange DS 6.3 to be a proper server on Windows and not be tied to a user session?

    HELP!!

    GF

    DB:2.53:Windows 6.3 Ds Instance Stops When User Logs Off!!! 7k

    dsadm enable-service -T WIN_SERVICE \path\to\instance

  • RELEVANCY SCORE 2.52

    DB:2.52:Error... Installing Dsee 11.1.1.7.0 - Failed To Connect To "Localhost:389" dx


    Hi all, I'm installing DSEE 11.1.1.7.0 by the documentation given at [Oracle Documentation| http://docs.oracle.com/cd/E29127_01/doc.111170/e28973/installing--dsee.html]

    Then I got the error when I executed following command.

    C:\ofm_odsee_win_11.1.1.7.0_disk1_1of1\ODSEE_ZIP_Distribution\sun-dsee7\dsee7\bin dsconf set-plugin-prop dssnmp argument:on argument:3995

    Failed to connect to "localhost:389".
    Make sure server is up and running.
    The "set-plugin-prop" operation failed on "localhost:389".

    However when i run the dsccagent info command the output is as follows -

    C:\ofm_odsee_win_11.1.1.7.0_disk1_1of1\ODSEE_ZIP_Distribution\sun-dsee7\dsee7\bindsccagent info

    Instance Path : C:\ofm_odsee_win_11.1.1.7.0_disk1_1of1\ODSEE_ZIP_Distribution\sun-dsee7\dsee7\var\dcc\agent
    JMX port : 3997
    SNMP port : 3996
    DS port : 3995
    State : Running
    PID : 1724
    DSCC hostname : WIN-3MIAU5A4G2O
    DSCC non-secure port : 3998
    DSCC secure port : 3999
    SNMP v3 : Disabled
    Instance version : A-A00

    Edited by: Ranjeet Deshmukh on Mar 19, 2013 2:16 PM

  • RELEVANCY SCORE 2.52

    DB:2.52:Migrating Linux Shadow-File Md5 Passwords To Sun Dsee For Solaris/Sunmail fm


    Hello all,

    We are about to undertake migration of an outdated mail server based on RedHat 7.2 and Sendmail/ipop3d to Sun Messaging Server (JCS6u2). While the filesystem/mail are not a problem, we're stuck at the question of how to best migrate old users' identities.

    The old Linux system used user names and password hashes stored in /etc/passwd and /etc/shadow files. Hashes are mostly MD5 and a few seem like crypt.

    Question is: are there known incompatibilities between password hashes (algorithms, expected format) in Linux and Sun products - Solaris/DSEE/SunMail?

    That is, if we just take strings like these:

    usemd5:$1$Wu7IqFT5$TeUht3OMdeSSBB3Vab4dB.:11262:0:::::134540116
    usecrypt:DD2kEwCD8nies:10220::::::

    Can we simply place the second column as the userPassword attribute in Sun DSEE and expect that users would be able to log in to LDAP-enabled Solaris and Sun Mail with their old passwords knownst only to them?

    If not, is there some simple modification/translation of such hashes to a format accepted by Sun products?

    Or are these formats/algorithms known to be incompatible somehow in a fatal manner, so our only option would be generation of new passwords for Sun DSEE and its clients?

    Thanks,
    //Jim

    DB:2.52:Migrating Linux Shadow-File Md5 Passwords To Sun Dsee For Solaris/Sunmail fm

    Hello all,

    We are about to undertake migration of an outdated mail server based on RedHat 7.2 and Sendmail/ipop3d to Sun Messaging Server (JCS6u2). While the filesystem/mail are not a problem, we're stuck at the question of how to best migrate old users' identities.

    The old Linux system used user names and password hashes stored in /etc/passwd and /etc/shadow files. Hashes are mostly MD5 and a few seem like crypt.

    Question is: are there known incompatibilities between password hashes (algorithms, expected format) in Linux and Sun products - Solaris/DSEE/SunMail?

    That is, if we just take strings like these:

    usemd5:$1$Wu7IqFT5$TeUht3OMdeSSBB3Vab4dB.:11262:0:::::134540116
    usecrypt:DD2kEwCD8nies:10220::::::

    Can we simply place the second column as the userPassword attribute in Sun DSEE and expect that users would be able to log in to LDAP-enabled Solaris and Sun Mail with their old passwords knownst only to them?

    If not, is there some simple modification/translation of such hashes to a format accepted by Sun products?

    Or are these formats/algorithms known to be incompatible somehow in a fatal manner, so our only option would be generation of new passwords for Sun DSEE and its clients?

    Thanks,
    //Jim

  • RELEVANCY SCORE 2.52

    DB:2.52:Dsee 6.3.1 Upgrade To 7.0 a9


    I'm in the middle of upgrading all my 6.3.1 servers to 7.0. I've been following the upgrade and migration guide (http://docs.sun.com/app/docs/doc/820-4808/6ng8f6kgj?l=ena=view). I have upgraded DSCC and my DPS instances in my lab environment and am planning out the steps for upgrading my directory servers. The current installation is native package based (RPM) and thus are 32-bit instances.

    I'm following the section titled "To Upgrade 32bit Server Instances" and in step five the documentation mentions:

    "If your Directory Server instance was configured to use non-default directories for databases, the configuration has been reset but files have not been deleted. Before reconfiguring your instance to use non-default directories, you must delete all old databases, caches, and transaction logs."

    Could anyone provide some more detail around what needs to be done for this step. Simply mentioning these tasks with no details of what needs to be done is very deficient in my opinion. Some questions:

    1. How do I re-configure the instance to use the non-default directories?
    2. Can I use the same instance path that is running currently under the 6.3.1 install?
    3. How do I delete the old databases, caches and transaction logs safely?

    Or would I be better off to create a new instance and import my suffix data into the new instance?

    Edited by: user9028155 on Jan 6, 2011 12:41 PM

    Edited by: user9028155 on Jan 6, 2011 12:55 PM

    DB:2.52:Dsee 6.3.1 Upgrade To 7.0 a9

    As a follow up to this, I was wondering if anyone has performed an upgrade from DSEE 6.3.1 to 7.0 including an Identity Synchronization for Windows install? My current environment has ISW installed on one of my MMR DS servers and I wanted to find out what steps I need to take in regard to the DS instance/suffixes to make sure ISW is left in tact and working after the upgrade.

  • RELEVANCY SCORE 2.52

    DB:2.52:How Do I Configure Session Timeout For The Web Console j7


    How do I configure session timeout (or any other parameters) for the Java Web Console on a Windows platform. I have the Java Web Console 3.1 bundled with DSEE 6.3.1 and have tried running wcadmin add -p -a console session.timeout.value=120 but it returns an error. Same thing happens if I try to set the logging level with wcadmin add -p -a console logging.default.level=all.

    C:\Documents and Settings\LDAPAdminwcadmin add -p -a console session.timeout.value=120
    The option value "session.timeout.value" is not a valid name=value format.

    Is there some other way to set this? This is all I can find in the documentation. Thanks.

    DB:2.52:How Do I Configure Session Timeout For The Web Console j7

    Try these:

    wcadmin add -p -a console "session.timeout.value=120"

    or

    wcadmin add -p -a ROOT "session.timeout.value=120"

    using double quotes.

  • RELEVANCY SCORE 2.52

    DB:2.52:Dscc Showing Instance Status As Stopped Or Unknown Error p7


    Hello All,

    Am a newbie and learning DSEE 6.3 at present. Recently SSL renewal happened for all the servers in the production environment and once after that DSCC showing 2 instance as stopped or unknown error. While checking via command prompt everything looks fine, seems to be DSCC having communication issue with specific instance which are on different servers. How you are advising here? Does DSCC restart will help here or particular instance need to unregistered and register again?

    Thanks,
    Yathi

    DB:2.52:Dscc Showing Instance Status As Stopped Or Unknown Error p7

    Hi

    You should un-register your instances from DSCC and register them again so that their certificates are updated in DSCC registry.

    Carole.

  • RELEVANCY SCORE 2.52

    DB:2.52:How Do I Configure Ldap Without Using Dsee? 8f


    I would like to configure LDAP in Solaris 11 without using DSEE, but I don't know where to start or what I need to configure prior to running IDSCONFIG.

    DB:2.52:How Do I Configure Ldap Without Using Dsee? 8f

    Moderator Action:You already asked this question (and provided much more information) the previous day, and you placed it in a better forum space.https://community.oracle.com/thread/3521476This duplicate is redundant and is locked.

  • RELEVANCY SCORE 2.52

    DB:2.52:Problem With Dscc Agent Port zm


    Hi,

    I have just installed a fresh Sun Directory Server 6.0 on my windows machine. I started all the services and managed to get logged in into Java Web Console where my DSCC is registered. I am trying to create a new Directory Server Instance where it ask me host, port and all these information. But its failing with an error message that 'make sure DSCC is running on port 11162'. I verified the configurations as follows and its ok to me but I dont what am I misisng;

    DSCCSetup Status
    C:\SunOneDirectoryServer\Installation\Sun\DSEE\dscc6\bindsccsetup.exe status -v
    ***
    ## C:/SunOneDirectoryServer/Installation/Sun/share/webconsole/bin/smreg.bat is present
    ## C:/SunOneDirectoryServer/Installation/Sun/share/webconsole/bin/smcwebserver.bat is present
    ## C:/SunOneDirectoryServer/Installation/Sun/DSEE/dscc6/dccapp is present
    ## Running C:/SunOneDirectoryServer/Installation/Sun/share/webconsole/bin/smreg.bat list -a
    ## Running C:/SunOneDirectoryServer/Installation/Sun/share/webconsole/bin/smreg.bat list -l
    ## dccModule_1.0 is displayed
    ## jmx.jar/dccModule_1.0 is displayed
    ## jmxremote.jar/dccModule_1.0 is displayed
    ## jmxremote_optional.jar/dccModule_1.0 is displayed
    ## sasl.jar/dccModule_1.0 is displayed
    ## sunsasl.jar/dccModule_1.0 is displayed
    ## dcc.jar/dccModule_1.0 is displayed
    ## nquickclient.jar/dccModule_1.0 is displayed
    ## nquickapi.jar/dccModule_1.0 is displayed
    ## slapy.jar/dccModule_1.0 is displayed
    ## dpcfg.jar/dccModule_1.0 is displayed
    ## clip.jar/dccModule_1.0 is displayed
    ## common.jar/dccModule_1.0 is displayed
    ## cacao_cacao.jar/dccModule_1.0 is displayed
    DSCC Application is registered in Sun Java (TM) Web Console
    ***
    ## C:/SunOneDirectoryServer/Installation/Sun/share/cacao_2/bin/cacaoadm.bat is present
    ## C:/SunOneDirectoryServer/Installation/Sun/DSEE/dscc6/lib/jar/nquickmodule.jar is present
    ## Running C:/SunOneDirectoryServer/Installation/Sun/share/cacao_2/bin/cacaoadm.bat list-modules -r
    DSCC Agent is registered in Cacao
    ## Running C:/SunOneDirectoryServer/Installation/Sun/share/cacao_2/bin/cacaoadm.bat status
    ## Running C:/SunOneDirectoryServer/Installation/Sun/share/cacao_2/bin/cacaoadm.bat list-modules
    ## Running C:/SunOneDirectoryServer/Installation/Sun/share/cacao_2/bin/cacaoadm.bat get-param network-bind-address
    ## Running C:/SunOneDirectoryServer/Installation/Sun/share/cacao_2/bin/cacaoadm.bat get-param jmxmp-connector-port
    ***
    ## C:/SunOneDirectoryServer/Installation/Sun/DSEE/ds6/bin/dsadm.exe is present
    DSCC Registry has been created
    Path of DSCC registry is C:/SunOneDirectoryServer/Installation/Sun/DSEE/var/dscc6/dcc/ads
    Port of DSCC registry is 3998
    ***

    C:\SunOneDirectoryServer\Installation\Sun\DSEE\dscc6\binC:/SunOneDirectoryServer/Installation/Sun/share/cacao_2/bin/cacaoadm.bat get-param jmxmp-conn
    ector-port
    *jmxmp-connector-port=11162*Can anyone pleas help me with that,

    Thanks
    --
    Sheeraz

    DB:2.52:Problem With Dscc Agent Port zm

    Hi,

    cacaoadm must be running on the LDAP server on port 11162

    check with:
    cacaoadm status
    cacaoadm list-params

    DSCC server must have access to LDAP server on ldap ports as well as the cacaoadm (11162) port. Check with firewalls.
    LDAP server must have to DSCC server on port 3998/3999. Check with firewalls.

    regards,

    Giannis

  • RELEVANCY SCORE 2.51

    DB:2.51:Dsee Ldif Import Export? 9s


    Hi,

    i want to know how to import a LDIF file in oracle DSEE 7, because earlier i used ds52(SUN DS) it was easy to import and export ldif?

    is there any way so i can import and export ldif easily in dsee7 also?

    DB:2.51:Dsee Ldif Import Export? 9s

    Export:

    cd INSTALLPATH/bin
    ./dsadm export INSTANCEPATH suffix outputLDIFfileName

    Import:
    ./dsadm import INSTANCEPATH inputFilename suffix

    These above command can be done when slapd instance is stopped.

  • RELEVANCY SCORE 2.51

    DB:2.51:Idsconfig, Dsee, And Ldapclient Error 31


    I've used idsconfig on both Solaris 10 11/06 and Solaris Express b73 to generate a profile that uses proxy credentials and simple authentication. When I run ldapclient on a system to setup the client binding, I get this:

    [root@ldap-client1 ~]# ldapclient init -a profileName=profile1 -a proxyDN=cn=proxyagent,ou=profile,dc=const,dc=lan -a domainName=orion.const -a proxyPassword=foo 192.168.2.27
    Failed to find defaultSearchBase for domain orion.const

    I'm aware of the fact that the idsconfig shipped with Solaris 10 11/06 doesn't support DSEE 6, but the idsconfig in Solaris Express b73 does. When using ldapclient on both of those releases, as well, it still fails with the same error message.

    Doing manual initialization doesn't work either. To verify this I've done an ldapsearch, which fails to connect to the DSEE server.

    My guess would be that proxyagent doesn't have the correct permissions to read the directory information that it needs to. I've also done an init -v and it seems to not be able to access nisDomain in dc=orion,dc=const. Doing an 'ldapsearch -D="Directory Manager" -b dc=orion,dc=const -h 192.168.2.27 "nisDomain=*" yields one entry. Likewise, using the proxyDN as the binding yields nothing.

    Perhaps someone can point me in the right direction for further troubleshooting. I'm running DSEE 6.2 with the latest patch installed (125276-05).

    Thanks

    Edited by: graphic7 on Oct 13, 2007 1:53 AM

    Edited by: graphic7 on Oct 13, 2007 1:55 AM

    DB:2.51:Idsconfig, Dsee, And Ldapclient Error 31

    Hi,

    I do not think that your Directory Server allow anonymous searches. Try to add this ACI for the baseDN: dc=orion,dc=const when initializing the clients:

    (target="ldap:///dc=orion,dc=const") (targetattr !="userPassword")(version 3.0;acl "Anonymous read-search access";allow (read, search, compare)(userdn = "ldap:///anyone");)

    -Hope this helps!

  • RELEVANCY SCORE 2.51

    DB:2.51:New Attribute Syntax Possibility? 8d


    Folks,

    IHAC willing to create some new attribute syntaxes. These are standard LDAPv3 syntaxes (as per RFC4517), is there any info on how lib/syntax-plugin.so can be tweaked in the terms of achieving creating new syntaxes? Or, the DSEE in question is DSEE 6.3, is there any plan to include RFC4517 syntaxes in some patch level? I couldn't find anything regarding this on neither internal or external sites, but it can be I just didn't use the correct keywords.

    thanks in advance,

    DB:2.51:New Attribute Syntax Possibility? 8d

    A closer read of RFC 2252 says:

    6. Syntaxes
    Servers SHOULD recognize all the syntaxes described in this section.

    6.23. Numeric String
    ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )

    The meaning of the word "should" is "recommended" as per RFC 2119
    http://tools.ietf.org/html/rfc2119

    So yes, DSEE is RFC 2252 compliant for the mandatory parts. Hope this helps.

  • RELEVANCY SCORE 2.50

    DB:2.50:Queue For Isw pa


    Hi all,
    We have:
    Sun DSEE 7.0; ISW 6.0. Both installed and running on Solaris 10
    We also have AD running on Windows server 2008. ISW is working fine.

    I'm trying to figure out how can I look at what is "queued" incase if there is a network outage or server down etc?

    From documentation:
    "Data sent during a temporary network outage is queued while the network is down and re-delivered after connectivity is restored."

    But, I have not found out how can I monitor what is "queued"?

    Thank you,

    DB:2.50:Queue For Isw pa

    Hi,

    The number of messages in the event queue can be seen with the imqadm admin command.
    However the content of the messages is not accessible.

    HTH

    -Sylvain

  • RELEVANCY SCORE 2.50

    DB:2.50:How To Autofs s8


    Hello everyone,

    First of all I am very sorry about my bad English.

    I have a server DSEE 6.3 installed on Redhat 4that works fine with SUDO + SAMBA ...all works very well! ( :
    I want to know how I can also manage Autofs through dsee.
    I looked for the scheme to Autofs but I didn't found that.
    Can something please help me to configure AutoFS ?

    Thx
    Diego M

    DB:2.50:How To Autofs s8

    i'm not sure what you are really after, but if it's something like auto mounting home directories on a unix system then maybe something like this would work

    create a file (let's call it auto_master.ldif) containing this (tab separated)
    /home auto_home -nobrowse

    and another file (let's call it auto_home.ldif) containing a list of username and NFS mounts
    jonesa 192.168.0.2:/export/home/jonesa
    jonesb 192.168.0.2:/export/home/jonesb

    then load them via
    # ldapaddent -D "cn=Directory Manager" -w password -a simple -f ./auto_master.ldif auto_master
    # ldapaddent -D "cn=Directory Manager" -w password -a simple -f ./auto_home.ldif auto_home

  • RELEVANCY SCORE 2.50

    DB:2.50:Problem With Adding Ca Signed Certificate To Dsee Ldap Instance 3a


    I am trying to enable SSL with the SUN DSEE LDAP server.

    DSEE version: 6.0
    Solaris version: 10.3

    I am following instructions from the SUNDSEE-ADMIN guide to generate the cert request, and got the signed certificate file. So here is my procedure:

    1. generate cert request:
    dsadm request-cert ...

    2. send the request file to CA

    3. got the signed cert back from CA with format like this:
    ----------BEGIN CERTIFICATE------------
    ............
    ----------END OF CERTIFICATE----------

    So now I got two files at hand: the cert request, and the signed cert.

    Then I am trying to add the cert to the cert store for my LDAP instance:
    $ dsadm add-cert /path/to/instance my-cert ldapcert.crt
    Unable to find private key for this certificate.
    Failed to add the certificate.

    $ dsadm add-cert -C /path/to/instance my-cert ldapcert.crt
    This command will complete. But if you list cert, you can only see the CA cert, no new server cert.

    My question is, where is this private key file stored? I searched on the forum, and someone mentioned the private key is generated when you issue request-cert command.

    So how can I add the server cert? What procedure am I missing here? If you only get one cert file which only has the public key in it from CA, how do you add the server cert apart from the CA cert?

    Let me know if I have a wrong understanding for the procedure.

    Thanks!

    DB:2.50:Problem With Adding Ca Signed Certificate To Dsee Ldap Instance 3a

    I thought that the Sun docs on self-signed certs were sadly lacking, actually

    If you look at http://forums.sun.com/thread.jspa?threadID=5383235

    you can see how I did it. No guarantees, but there are some other solutions as well on that page, including the one that I followed almost exactly.

  • RELEVANCY SCORE 2.50

    DB:2.50:Recommendations For Configuring Dsee 6.3.1 To Run As A Windows Service? dm


    Hi All, I need some recommendations for configuring DSEE to run as a Windows service. Currently I have CACAO, DSCC, and the Web Console configured and running as Windows services and this works fine. I would like to configure the directory itself to run as a Windows service so that it will restart automatically if the server reboots for any reason. Using dsadm enable-service --type WIN_SERVICE I configured this but initial testing indicated that the service will fail to start automatically on reboot. I can start it manually once the server is rebooted. This appears to indicate a dependancy of some sort with one of the other services like CACAO or DSCC but I did not see any documentation on this. Does anyone know the appropriate way to configure the directory to run as a Windows service? Thanks.

    DB:2.50:Recommendations For Configuring Dsee 6.3.1 To Run As A Windows Service? dm

    Hi All, I need some recommendations for configuring DSEE to run as a Windows service. Currently I have CACAO, DSCC, and the Web Console configured and running as Windows services and this works fine. I would like to configure the directory itself to run as a Windows service so that it will restart automatically if the server reboots for any reason. Using dsadm enable-service --type WIN_SERVICE I configured this but initial testing indicated that the service will fail to start automatically on reboot. I can start it manually once the server is rebooted. This appears to indicate a dependancy of some sort with one of the other services like CACAO or DSCC but I did not see any documentation on this. Does anyone know the appropriate way to configure the directory to run as a Windows service? Thanks.

  • RELEVANCY SCORE 2.50

    DB:2.50:Dsee 6.3 Zip Using External Jvm 8c


    Hi All,

    I'm using DSEE 6.3 zip distribution. I'm wondering if using an external JVM is supported by sun? If so, what dependencies exist with the bundled JVM? Has anyone already done this? If so, have you run into any "gotchas"?

    Frank

    Edited by: ffossa on Apr 22, 2009 8:01 AM

    DB:2.50:Dsee 6.3 Zip Using External Jvm 8c

    I'm wondering if cacao can use the JAVA_HOME variable to replace this default behavior. So the java-home attribute set via cacaoadm is not enough? Setting JAVA_HOME will break dpadm and possible dpconf as well

    Edited by: etst123 on Apr 30, 2009 2:37 PM

  • RELEVANCY SCORE 2.50

    DB:2.50:Problem With Adding Admin Users In Dsee Console mc


    Greetings.

    I need help with my problem about adding admin users for DSEE 6.3.

    I am using DSEE 6.3 installed on a Windows Server 2003 SP2.

    Whenever I perform the same syntax as described in p. 74 of DSEE 6.3 Admin Guide (Creating Administration Users with Root Access), i usually get the error "ldap_add: Object Class Violation"

    Here is my sample code (with the result)

    ldapmodify -h host -p 1389 -D cn=admin,cn=Administrators,cn=config -w -
    Enter bind password: password

    dn: cn=admin2,cn=Administrator,cn=config
    changetype: add
    objectclass: top
    objectclass: person
    userPassword: password
    description: 2nd Admin

    adding new entry cn=admin2,cn=Administrator,cn=config
    ldap_add: Object class violation

    I've searched almost all forums with the same error, but seems that they only deal with normal users.

    Is there any difference in adding an admin user from adding a normal user?

    Or am I having a different situation?

    I hope anybody could help me with this one.

    DB:2.50:Problem With Adding Admin Users In Dsee Console mc

    Greetings.

    Forgive me for Im just a newbie.

    I used your method and the user "admin2' was confirmed by ldapmodify to be added already.

    Problem is, where will I check the entry admin2? I cannot see admin2 inside the directory when I try to user Search User.

    The moment I see that user, I would be very glad to close this and award the dukes.

    Thanks.

  • RELEVANCY SCORE 2.50

    DB:2.50:Dsee 6.3 Zip And Smf j8


    I am using the DSEE ZIP install of 6.3 on Solaris. We have good reasons to use the ZIP install. However, we still need the DS instance to start as a service, a feature missing from the ZIP version, so has anyone tried to create their own SMF service configuration for the DSEE? If so how? I've not found any docs yet on how to create one's own service, except on OpenSolaris, using the Easy SMF site, but I'm getting a error when I try to do an svccfg import:

    # svccfg import DSTest1.xml
    svccfg: couldn't parse document

    any help would be appreciated.

    DB:2.50:Dsee 6.3 Zip And Smf j8

    virdee wrote:
    Hi

    Regarding adding your ds instances to smf you could simply do the following;

    dsadm enable-service --type SMF path of you directory instance

    Once registered lookit up in SMF e,g svcs -a | grep instance

    CheersThe original poster already said that he is using the ZIP install version of DSEE6, which does not include the "enable-service" command in dsadm. I'm not sure why it isn't available there, since the ZIP install is sparse-zone friendly while the PKG install really isn't...

  • RELEVANCY SCORE 2.50

    DB:2.50:Dsee 6.3 Log Aggregation? fm


    We currently have only 1 DSEE server people use for authentication, but we're getting ready to roll out a couple behind a load balancer. From time to time, when people have trouble logging in, I have to crawl through the access logs to figure out why.

    For some reason software vendors don't know how to write code that listens to the LDAP return codes. Every piece of "LDAP enabled" software we have just logs "authentication failed". So we have no idea if the search couldn't find them, or if the bind failed, or what.

    So, once we get 2 or eventually 3 servers behind the load balancer, it's going to be pretty cumbersome to log into each server and look at the access logs.

    Is there anything for DSEE that functions like a syslog server? What does everyone else do in a situation like this?

    DB:2.50:Dsee 6.3 Log Aggregation? fm

    My company 's developed a DSEE monitoring GUI which is able to present the logs from different DPS servers. I believe it uses the JMX framework but I can check it out if needed. I think it could easily be re-usable for DS instances too.

    Otherwise, you may wish to use logsender or such like tools/daemons to send your logs to a common network disk for further analysis ..

  • RELEVANCY SCORE 2.50

    DB:2.50:Acc-Timing Parameter For Dps 6 ? sf


    Hi,

    Is is possible to have microsecond resolution of elapsed times in the DSEE 6 proxy access log ?
    Any plan to add this feature ?

    Cyril

    DB:2.50:Acc-Timing Parameter For Dps 6 ? sf

    I don't claim to be somebody fully "official", but as DPS 6.3 technical lead, I know what will be really in :-) so you are right : 6.3 is mainly bug fixes for DPS.

    Regarding acc_time, you will have the possibility to either use a time thread with reduced time resolution (as it is right now) and control time granularity (in 6.2 time was retrieved every 500ms only) or configure the proxy to systematically do a system call to retrieve the time.

    -Sylvain

  • RELEVANCY SCORE 2.50

    DB:2.50:Dsee Installation Cacao Perl Problem x7


    I'm trying to install DSEE on Windows 2003 Server. One step evidently involves Perl, and it seems to be looking to perl inside the Oracle home directory. It also seems like Perl is distributed with the dsee zip. Do I need to set an environmental variable or something?

    C:\sun_dir_server\dsee7\bindsccsetup cacao-reg
    Configuring Cacao...
    ## Failed to run C:/sun_dir_server/dsee7/ext/cacao_2/configure.bat
    ####
    #### Perl lib version (v5.6.1) doesn't match executable version (v5.8.8) at C:\OraHome_1\perl\5.6.1\lib\MSWin32-x86/Config.pm line 21.
    #### Compilation failed in require at C:\OraHome_1\perl\5.6.1\lib/FindBin.pm line 77.
    #### BEGIN failed--compilation aborted at C:\OraHome_1\perl\5.6.1\lib/FindBin.pm line 77.
    #### Compilation failed in require at C:\sun_dir_server\dsee7\ext\cacao_2\\configure.pl line 18.
    #### BEGIN failed--compilation aborted at C:\sun_dir_server\dsee7\ext\cacao_2\\configure.pl line 18.
    ####
    ## Exit code is 9
    Failed to configure Cacao.

    Thanks,
    Dale

    DB:2.50:Dsee Installation Cacao Perl Problem x7

    I deleted my environmental variable PERL5LIB, and the problem went away.

  • RELEVANCY SCORE 2.50

    DB:2.50:Silent Install Dsee Identity Synchronization For Windows 6.0 dp


    Looking for a way to do a silent (unattended) install of DSEE Identity Synchronization for Windows 6.0. I'm currently using the ZIP distro. Based on this page http://blogs.sun.com/directoryservices/entry/dsee_software_distributions it only looks like the Java Enterprise System distribution allows for a silent install.

    Found out the following:

    - in the install directory there is a silent.inf template (dont know how to use it or what can I add to it)

    DB:2.50:Silent Install Dsee Identity Synchronization For Windows 6.0 dp

    Looking for a way to do a silent (unattended) install of DSEE Identity Synchronization for Windows 6.0. I'm currently using the ZIP distro. Based on this page http://blogs.sun.com/directoryservices/entry/dsee_software_distributions it only looks like the Java Enterprise System distribution allows for a silent install.

    Found out the following:

    - in the install directory there is a silent.inf template (dont know how to use it or what can I add to it)

  • RELEVANCY SCORE 2.50

    DB:2.50:Dsee Problem With Selinux On Centos 13


    Hi,

    this morning tried to install DSEE 7.0 on a CentOS 5.4 system and had problems starting a directory server instance, due to SElinux. With SElinux disabled there is no problem, however as soon as SElinux is enabled I get errors. Later on tried SElinux enforcing enabled with DSEE 6.3.1 and got the same problem. The error I get with SElinux enabled is:

    $ sudo /srv/sun/DSEE/dsee6/ds6/bin/dsadm start '/srv/sun/DSEE/instances/dnldap01'

    Password:

    /srv/sun/DSEE/dsee6/ds6/lib/ns-slapd: error while loading shared libraries: /srv/sun/DSEE/dsee6/ds6/lib/libsh.so: cannot restore segment prot after reloc: Permission denied

    /srv/sun/DSEE/dsee6/ds6/lib/ns-slapd -D /srv/sun/DSEE/instances/dnldap01 -i /srv/sun/DSEE/instances/dnldap01/logs/pid failed: err=127

    Failed to start Directory Server instance '/srv/sun/DSEE/instances/dnldap01'

    After disabling SElinux, there is no problem:

    $ sudo /srv/sun/DSEE/dsee6/ds6/bin/dsadm start '/srv/sun/DSEE/instances/dnldap01'

    Directory Server instance '/srv/sun/DSEE/instances/dnldap01' started: pid=4014

    Information:
    $ /srv/sun/DSEE/dsee6/ds6/lib/ns-slapd -V

    Sun Microsystems, Inc.

    Sun-Java(tm)-System-Directory/6.3.1 B2008.1121.0522 32-bit

    ns-slapd : 6.3.1 B2008.1121.0522 DirectoryServices631_branch (Linux clochette 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:32:18 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux) ZIP

    Slapd Library : 6.3.1 B2008.1121.0522 DirectoryServices631_branch (Linux clochette 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:32:18 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux)

    Front-End Library : 6.3.1 B2008.1121.0522 DirectoryServices631_branch (Linux clochette 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:32:18 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux)

    The company policy is to enforce SElinux; what do I need to do to be able to start the directory instance with SELinux enabled? And the same question applies to the directory proxy server instance.

    Any suggestions appreciated,

    /rolf

    DB:2.50:Dsee Problem With Selinux On Centos 13

    DSEE 6 or 7 have not been tested with SELinux, therefore unsupported.

  • RELEVANCY SCORE 2.50

    DB:2.50:Dsee 6.0 Password Policy a3


    Dear All,

    I want to enable the following in global password policy:
    1. Require Password Change at First Login and After Reset
    2. Allow User to Login with Expired Password

    Both didn't apply from the DSCC, would anyone please point me out on how to enable the above features?

    Regards,
    Scotty

    DB:2.50:Dsee 6.0 Password Policy a3

    If you are running DS 6.0 I would suggest you patch to DS 6.3. I believe there were some password policy issues with 6.0. Start with that and see if your policy changes take effect.

  • RELEVANCY SCORE 2.49

    DB:2.49:Transferring /Etc - Databases Into Dsee's Dit fd


    Hi everybody,

    for a school in Germany, we are designing and implementing an IT system, mainly based on following Sun technologies and products:
    - Solaris 10 U7, Open Solaris 2009.06
    - GlassFish V3 Prelude
    - Sun Directory Server Enterprise Edition 6.3.1 (DSEE)
    - Sun Ray (SRSS 4.1, SDM 1.1 and Win Connector 2.0 to provide ALSO Win-Apps to students)

    In further steps we plan to integrate following Sun products into this environment:
    - MySQL 5.1 (integrated with GlassFish and as a single data-store for all server applications)
    - open SSO Enterprise 8.0
    - Sun GlassFish Web Space Server 10.0

    We REALLY need the support of related communities to do the job professorially.

    Currently in a lab environment 2 Servers are running under Solaris 10 U7:
    GlassFish and DSEE are installed on Server 1 (js1) and SRSS on Server 2 (js2), which is configured as a Unix LDAP Client (relative to js1).
    Current state of deployments is fine and runs stable. But at the time being we have following main questions, problems:

    1.- After deployment of DSEE, creation of a Directory Server instance, creation of a root suffix: The execution of idsconfig tool creates Directory's container, that ldapaddent doesn't accept for transfer of data from etc-databases into a few of these containers, specially */etc/passwd* into ou=people, also:
    ldapaddent -D "cn=Directory Manager" -a Simple -f /etc/passwd people
    returns following error:

    database people not supported; supported databases are:
    passwd, group, services, protocols, rpc, hosts, ipnodes, ethers, bootparams, etworks, netmasks, netgroup, aliases, publickey, generic, printers, auth_attr, prof_attr, exec_attr, user_attr, audit_user

    a) What we have to do?

    b) Please provide us a reference to an online documentation, describing how to transfer correctly the /etc - databases into DIT of DSEE.

    Currently SRSS doesn't use LDAP Authentication. When we solve above mentioned problem, we will change the configuration.

    2.- Can DSEE and /or SunRay be deployed on Open Solaris - driven hosts without problems and limitations? Please inform us briefly about your experiences, recommendations.

    We hope the community helps us soon....

    Thanks in advance
    aski

    DB:2.49:Transferring /Etc - Databases Into Dsee's Dit fd

    First I would highly recommend that you don't import all entries in your /etc/passwd file. You generally don't want system accounts (i.e. root, etc) stored in LDAP. You should copy your /etc/passwd and /etc/shadow files to a temp location and strip out the system accounts. Then import what is left.

    The database name that corresponds to the people container is called "passwd". Therefore your command should read something like:

    ldapaddent -D "cn=Directory Manager" -a Simple -f /tmp/passwd passwdwhere /tmp/passwd is the edited version.