Total Pageviews

Saturday, August 9, 2014

Registering new instance in ODSEE 11g thru command line



after login to console
1. new server
2. enter instance path and server name where you want to create instance.
3. enter DSCC Agent Port(make sure your CACAO agent is listening at that port) default is 11162
4. click next
5. enter administrator Dn and password(i.e cn=Directory Manager)
6. final page will display and click on OK.
 
Posted by at No comments:

adding group in LDAP thru command line and thru console



adding group in LDAP thru command line and thru console


1.     Create group using directory manager

2.     Using. Go to ENTRY MANAGER TAB in 1389 instance

3.     Go under Browse

4.   Under o=companyname
5.   Select ou=groups

6.     Click on New entry

7.     Follow the instructions to create new group.
 

     In order to create manual

     Go to Softera or any browser you are using and find existing group.

 Under o=companyname.com ou=groups

 Find any group name that is little seems similar

 Export that ou=groupname

Open in Txt and change values
 
import back with your desired group name
 
 
 
Posted by at No comments:

cheet sheet for LDAP DS 5.2 and ODSEE 11g commands

i am trying to put all the command that we mostly use while working in LDAP.



Renewing Certificate.

./dsadm renew-cert /dsee7/dsinstances/slapd-Users/ server-cert /renewed-certificate-path

 

Adding Certificate

./dsadm add-cert /dsee7/dsinstances/slapd-Users/ server-cert / new-certificate-path

 

Listing Certificate.

./dsadm list-certs /dsee7/dsinstances/slapd-Users/

 

Removing Certificate

./dsadm remove-cert /dsee7/dsinstances/slapd-Users/ cert-name

 

Exporting Certificate

 

./dsadm export-cert -W replmgpwd.txt -o /tmp/server-cert-0p.cert /dsee7/dsinstances/slapd-Users server-cert

 

Importing Certificate

Importing certificate(if exporting  from local server and importing it on same or different server)

 

./dsadm import-cert -W replmgpwd.txt  /dsee7/dsinstances/slapd-Users /tmp/server-cert-0p.cert

 
Change instance to use new generated certificate
 
 

./dsconf set-server-prop -h ds1.idp-example.com -p 1489 ssl-rsa-cert-name:ds1

 
 
to generate 2048-bit certificate thru command line
/apps/dsee7/bin/dsadm request-cert --name aaaaaaaa.utc.com --org orasystemsusa --org-unit COR  -F ascii  --city [ Chicago] --state IL --country US --phone 1234567890 --email mshahbaz@orasystemsusa.com --keysize 2048 -o /tmp/aaaaaaaa_cert_request_file  /dsee7/dsinstances/slapd-Users

 
Generating Certificate thru command line in 5.2 server

 
 
root@orasystemsusa:(/iplanet52/servers/shared/bin)#  ./certutil -W -d /apps/iplanet52/servers/alias -P "slapd-"
 
 

Generate CSR for certificate

 
root@orasystemsusa:(/iplanet52/servers/shared/bin)# ./certutil -R -s "cn=servername.com,o=orasystemsusa.com,l=Hartford,st=CT,c=us" -a -o /tmp/cert-request.csr -d /iplanet52/servers/alias -P "slapd-" -g 2048
 

exporting LDIF backup from 5.2
 
./ldif2db  -n userRoot -i /tmp/2nd-ldifbak.ldif

 

import LDIF backup into 5.2
./db2ldif  -D "cn=directory manager" -w - -r -n userRoot -a /tmp/db2ldifbak.ldif

 
insync command to check replication status thru command


./insync -D "cn=directory manager" -w password -s masterserver:port -c consumer:port


creating replication agreement thru command at odsee 11g


i.                 ./dsconf create-repl-agmt -p port o=orasystemsusa.com destinationserver:port

ii.                 ./dsconf get-repl-agmt-prop -p port o=orasystemsusa.com destinationserver:port

iii.                 ./dsconf set-repl-agmt-prop -p port o=orasystemsusa.com destinationserver:port auth-pwd-file:pwd.txt

 

making server read/write odsee 11g thru command line

 
./dsconf get-suffix-prop o=orasystemsusa.com repl-accept-client-update-enabled

./dsconf set-suffix-prop o=orasystemsusa.com repl-accept-client-update-enabled:on

setting up referrals for a master

$ dsconf set-suffix-prop -h servername -p port o=suffixname referral-url:ldap://servername:port

$ ./dsconf set-suffix-prop -h servername -p port o=suffix  referral-mode:only-on-write
 


removing server from referral mode thru command line at odsee 11g


ldapmodify -h orasystemsusa.com -p port -D "cn=directory manager" -w <directory manager password>

dn: cn=replica, cn="o=utc.com",cn=mapping tree,cn=config
changetype: modify
add: ds5BeginReplicaAcceptUpdates
ds5BeginReplicaAcceptUpdates: start
 starting odsee 11g instances, creating instance

#opt/sun/ldap/ds6/bin> ./dsadm start /opt/sun/ldap/var/dscc6/dcc/ads (starting the dscc)

#/opt/sun/ldap/dsee6/cacao_2/usr/sbin> ./cacaoadm start (to start cacao)
#/opt/tomcat/bin> ./startup.sh (to start the tomcat web-browser)

#/opt/sun/ldap/dscc6/bin> ./dsccreg add-server /opt/sun/ldap/ins4

copy 99user.ldif if you want to use same schema information
99user.ldif - /opt/sun/ldap/ins5/config/schema/ (place where 99user.ldif is saved)


 Binary Backup of odsee 11g command



$dsadm backup /dsee7/dsinstances/instancesname    /dsee7/dsinstances/instancesname/bak

for example

$dsconf backup /dsee7/dsinstances/instancesname /dsee7/dsinstances/instancesname/bak



Backup to LDIF File


$dsadm export  /dsee7/dsinstances/instances-name o=suffix.com \ /dsee7/dsinstances/instance-name/ldif/ldif_name.ldif

 
 
 
 
 
Binary Restore Process
 $ dsadm restore -h hostname -p port/dsee7/dsinstance/instance-name /dsee7/dsinstances/instance-name/bak/backup_filename
 LDIF Restoration from LDIF file

$dsconf import –h hostname –p port /dsee7/dsinstances/instance-name/ldif/ldif-file_name.ldif o=sufixname.com(suffix DN)
 
 
 

to start DS 5.2
For starting the server,
Solaris Packages # /usr/sbin/directoryserver start
Other Installations # ServerRoot/slapd-serverID/start-slapd
For stopping the server,
Solaris Packages # /usr/sbin/directoryserver stop
Other Installations # ServerRoot/slapd-serverID/stop-slapd
 
/iplanet52/servers/
run ./start-slapd
 
to stop
go to the same instance and run stop command
./stop-slapd
 
to start and stop ODSEE 11g
 
./dsadm start /instance/path
 
to stop
./dsadm stop /instance/path
 
to run script in the back ground
 
nohup ./scriptname &
 
 
odsee 11g

To create New Directory Server Instance, use the following command:
#./ dsadm create -p port-number -P port-number  <path name>
where -p -> LDAP Port
               -P -> Secured port
To Start Directory Server Instance, use the following command:
     # ./dsadm start <Directory server Instance Path>

 
·        To Registering Directory Server Instance, use the following command:
     # ./ dsreg add-server -P port-number <path>
 
·        To list Registering Directory Server Instance, use the following command:
     # ./ dsreg list-servers -h dscc-host -p dscc-registoryport
 
·        To Remove Directory Server, use the following command:
  # ./ dsreg remove-server -h dscc-host -p dscc-registory-port <path    
                                      of the directory server Instance>
     # ./ dsadm delete <path of the directory server Instance>   
 
 
Posted by at No comments:

unindexed searches at 11.1.1.5.0 running on Linux NUMA (Non-Uniform Memory Architecture) operating system

if you have 11.1.1.5.0 and see some searches are unindexed and you are running 11g at Linux(latest version), it is bug that is fixed after upgrading to 11.1.1.5.1

issue is 11.1.1.5.0 doest support  NUMA (Non-Uniform Memory Architecture) base operating system, so you  have to upgrade it to 11.1.5.1 in order to fix this issue. also 11.1.1.5.1 fix a lot of performance issues.

 
Posted by at No comments:

2048-bit SSL certs for ODSEE 11g, entrust certificate upload error. ldap certificate renewal


Starting December 2013, the above mentioned request will not work because Entrust is looking for a 2048 bit request instead of a 1024 bit one. In order to generate a 2048 bit request, use the following procedure

  1. Logon to the server as root.
  2. it is always recommended to take backup of your cert database.
  3. Modify  the following comment depending on your context and paste it at the command line.

 

/apps/dsee7/bin/dsadm request-cert --name aaaaaaaa.utc.com --org orasystems --org-unit COR  -F ascii  --city [Chicago ] --state IL --country US --phone 1234567890 --email first.last@orasystemscom --keysize 2048 -o /tmp/aaaaaaaa_cert_request_file  <ODSEE instance>/dsee7/dsinstances/slapd-Users

 

where

 

1.     name – Server where the certificate is being installed

2.     org  --  Organization.

3.     org-unit  --   Business Unit.

4.     City  --  Server Location City.

5.     State  --  Server Location State.

6.     Country  --  Server Location Country.

7.     Phone  --  Phone No. of the requestor.

8.     Email  --  Email Address of the requestor.

9.     /tmp/aaaaaaaa_cert_request_file   --  The path and name of the certificate file that needs to be created.

10.  /dsee7/dsinstances/slapd-Users  --  The path of the instance for which the certificate is being requested.

 

 

Export Certificate

 

./dsadm export-cert -o /tmp/server-cert-01.cert /dsee7/dsinstances/slapd-Users server-cert

 

Generating Certificate thru command line in 5.2 server

 

- Set keystore password    (idsadmin)


root@devidm:(/iplanet52/servers/shared/bin)#  ./certutil -W -d /iplanet52/servers/alias -P "slapd-"

Enter a password which will be used to encrypt your keys.

The password should be at least 8 characters long,

and should contain at least one non-alphabetic character.

 

Enter new password:

Re-enter password:

 

 

2. Generate CSR for certificate

 

 

root@devidm:(/iplanet52/servers/shared/bin)# ./certutil -R -s "cn=servername,o=orasystems.com,l=hartford,st=CT,c=us" -a -o /tmp/cert-request.csr -d /iplanet52/servers/alias -P "slapd-" -g 2048

 

Enter Password or Pin for "NSS Certificate DB":

 

A random seed must be generated that will be used in the

creation of your key.  One of the easiest ways to create a

random seed is to use the timing of keystrokes on a keyboard.

 

To begin, type keys on the keyboard until this progress meter

is full.  DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!

 

(I entered numbers 1234567890 continuously until buffer filled)

 

 

Continue typing until the progress meter is full:

 

|************************************************************|

 

Finished.  Press enter to continue:

 

 

Generating key.  This may take a few moments...

 

I entered numbers 1234567890 continuously until buffer filled

 

 

Renewing certificate

 

./certutil -A -n server-cert -d /iplanet52/servers/alias -t "C,C,C" -i /tmp/server-cert.txt -P "slapd-"
 
 
  

Addition commands

Adding/ renewing  certificate thru command prompt.

 
Renewing Certificate.
./dsadm renew-cert /dsee7/dsinstances/slapd-Users/ server-cert /renewed-certificate-path
 
Adding Certificate
./dsadm add-cert /dsee7/dsinstances/slapd-Users/ server-cert / new-certificate-path
 
Listing Certificate.
./dsadm list-certs /dsee7/dsinstances/slapd-Users/
 
Removing Certificate
./dsadm remove-cert /dsee7/dsinstances/slapd-Users/ cert-name
 
Exporting Certificate
 
./dsadm export-cert -W pwd.txt -o /tmp/server-cert-0p.cert /dsee7/dsinstances/slapd-Users server-cert
 
Importing Certificate
Importing certificate(if exporting  from local server and importing it on same or different server)
 
./dsadm import-cert -W replmgpwd.txt  /apps/dsee7/dsinstances/slapd-Users /tmp/server-cert-0p.cert
 
Newly installed instance modification

 

  1. If you create new instance then instance certificate need to be updated to use CA Certificate

 

Using command prompt.

 

 

  1. ./dsconf set-server-prop -h ds1.idp-example.com
  2. -p 1489 ssl-rsa-cert-name:ds1
  3.  
  4. Enter "cn=Directory Manager" password: dsmanager
  5.  
  6. Before setting SSL configuration, export Directory Server data.
  7.  
  8. Do you want to continue [y/n] ?  y
  9.  
  10. Directory Server must be restarted for changes to take effect.

 

Using GUI. Change Certificate to server-cert(name of server certificate that was received during online request)

Directory Server --> select instance name --> Security -->  select General --> from Certificate select newly installed certificate.
 
 
Posted by at No comments:

ODSEE unindexed searches issue, performace issue, nsslapd-allidsthreshold value

issue is, you have attribute that is indexed but logs shows that it is having indexed searches.

solution:

please check value of nsslapd-allidsthreshold  attribute in dse.ldif. by default when you create instance oracle assign it to 50,000 but if your data is more than that and query is searching more records than that for any attribute, result will be slow and you will get unindexed searches result.

in order to over come this issue do the following.
1. increase value for this attribute in dse.ldif(make sure instances is stopped when you increase the value).
2. you can increase this value thru Console and rebuild of indexes is required.


to increase threshold  values of all the indexed do the following.
1.stop the instance and export data from that instance
2. go to dse.ldif
3. there is a value called nsslapd-allidsthreshold increase value to you max record plus future enhancement.
4. start instance.
5. import data into that suffix, it will rebuild all the indexes instead of rebuilding thru GUI.
 
Posted by at No comments:

ldap 11g aci error

Failed to modify ,(add groupname abc_authorizeduser to uid=m10300,ou=applicationsupport,o=abc.com)
reason: netscape.ldap.LDAPException: error result (50); Insufficient 'write' privilege to the 'memberOf' attribute of entry 'uid=m10300,ou=applicationsupport,o=abc.com'.; Insufficient access

solution.
it clearly says that user don't have rights to write on memberOf attribute.

reason can be following
1.   mostly reason can be user dost qualify to be the member of this group and process is trying to add
2. ACI for this group dost exits.
 
Posted by at 1 comment:
Subscribe to: Posts (Atom)