There are time that you want to do some unusual stuff with Tivoli Access Manager such as migrate whole TAM instance to a different machine/environment. I did that when trying to replicate KVM environment to a different location, with changing target KVMs IPs to exactly match original one and all the rest as well, including LDAP.
That last component replacement seemed to be a bit too harsh for TAM, and despite copying secAuthority suffix data 1:1, after starting KVM machine and trying to log into pdadmin, I failed to authenticate.
After some investigation it turned out that after copying security suffix data into LDAP, you then need to apply TAM acls to secAuthority objects with ivrgy tool, such as:
/opt/PolicyDirector/sbin/ivrgy_tool -h ldap_host -389 -D "<LDAP_admin_id>" -w <LDAP_admin_pwd> add-acls domain_name
where domain_name is usually Default, but you may also have something more fancy :)
good luck, feel free to comment.
Showing posts with label utf-8. Show all posts
Showing posts with label utf-8. Show all posts
20 December 2011
18 October 2011
UTF-8 characters import into LDAP (TDS)
Related to previous post is the following problem: how to batch process multiple LDAP entries based on LDIF files, for entries containing UTF-8 characters (like polish specials)?
The way you should deal with them is quite similar, but you need to do one additional step: use Base64 encoding to pass UTF-8s to LDAP.
So, if you find yourself facing the following problem:
The way you should deal with them is quite similar, but you need to do one additional step: use Base64 encoding to pass UTF-8s to LDAP.
So, if you find yourself facing the following problem:
- ldapmodify: no DN specified
- ldap_add: Invalid DN syntax (34)
additional info: R004054 Invalid UTF-8 character found in string value (srv_explode_dn_int)
- Prepare your data in a text file but before pasting/typing in set encodingo to UTF-8, eg:
dn: cn=Kłak Szósty,ou=1,ou=2,O=myorg,C=PL
cn: Kłak Szósty
sn: 12345678901
objectclass: person
objectclass: top
- Now, use any tool to encodee UTF-8 strings into Base64 to get something like:
dn:: Y249S8WCYWsgU3rDs3N0eSxvdT0xLG91PTIsTz1teW9yZyxDPVBM
cn:: S8WCYWsgU3rDs3N0eQ==
sn: 12345678901
objectclass: person
objectclass: top
and be sure that you've added second colon (:) before b64 values!!
for Base64 encode I use N++ MIME plugin. - Having "based" your strings, now convert the file to ANSI (save as ANSI). This does not change the way it looks on the screen
- Copy to the target system using "binary" transfer mode and use it as an input to ldap shell tools (ldapadd, ldapmodify)
Labels:
ldap,
polskie znaki,
tds,
utf-8
14 October 2011
UTF-8 characters in pdadmin (TAM 6.1)
Recently I came across the following problem: how to import LDAP users that have UTF-8 (Polish) characters into TAM with pdadmin? When you simply run pdadmin and use user import command, you will get the result as in following example:
user import elenaciezka "cn=Elena Ciężka,ou=1,ou=2,ou=3,O=myorg,C=PL"
Could not perform the administration request
Error: HPDMG0755W The specified Distinguished Name (DN) does not exist. (status 0x14c012f3)
As you can easily add these users with Web Portal Manager, that means there is *the way* to do it with pdadmin, which is useful if you want to import more than ten-s of users...
A little googling and the solution to this problem is to use command files as input to pdadmin, which contain UTF-8 characters of your choice. but that's a little peculiar as you need to prepare the command file as ANSI type :)
So, that's what you need to do:
Good luck guys, and come back for more.
user import elenaciezka "cn=Elena Ciężka,ou=1,ou=2,ou=3,O=myorg,C=PL"
Could not perform the administration request
Error: HPDMG0755W The specified Distinguished Name (DN) does not exist. (status 0x14c012f3)
As you can easily add these users with Web Portal Manager, that means there is *the way* to do it with pdadmin, which is useful if you want to import more than ten-s of users...
A little googling and the solution to this problem is to use command files as input to pdadmin, which contain UTF-8 characters of your choice. but that's a little peculiar as you need to prepare the command file as ANSI type :)
So, that's what you need to do:
- prepare command file, setting UTF-8 encoding first so you get:
user import elenaciezka "cn=Elena Ciężka,ou=1,ou=2,ou=3,O=myorg,C=PL"
- change the encoding to ANSI and you see:
user import elenaciezka "cn=Elena Ciężka,ou=1,ou=2,ou=3,O=myorg,C=PL"
- save the file (say: tam_import.txt) and copy it to your target system using binary mode (most safe in terms of transmission of some strange stuff)
- before running pdadmin set shell to use your locale:
export LANG=pl_PL.utf-8
- and you can finally use your file:
pdadmin -a sec_master -p your_password tam_import.txt
Good luck guys, and come back for more.
Subscribe to:
Posts (Atom)