| Index Next |
| iPlanet Directory Server Access Management Edition Installation and Configuration Guide |
Contents
About This GuideWhat You Are Expected to Know
The iPlanet Directory Server Access Management Edition Documentation Set
Documentation Conventions Used in This Manual
Typographic Conventions
Related Information
Terminology
Part 1 Read This First
Chapter 1 Introducing iPlanet Directory Server Access Management Edition
iPlanet Products Form the DSAME Solution
Chapter 2 Deployment Considerations
Directory Server
Key Features and Benefits
Policy Service
Management Service
Web Server
URL Policy Agent
Directory Issues
If You Already Have an Existing Directory
Policy Management Issues
DSAME Schema
Compliant vs. Default DIT
Unsupported DITs
Directory Replications
Roles
Installing Other Products for Use with DSAME Services
Policies and URL Policy Agents
Service Attributes
Remote Web Servers
Hardware and Software Requirements
Multiple Directory Servers for Failover and High Availability
Load-Balancing Applications
Optimal Hardware Requirements
Recommended Hardware Configurations
Operating System Requirements
Remote Web Server Requirements
Web Browser Requirements
Part 2 Solaris Installation Instructions
Chapter 3 The DSAME Installation Program for Solaris
Before You Begin
Chapter 4 Simple Installations with No Existing Directory Server
Installation Program Options
Determining Which Installation Options to Use
Starting DSAME Services
Logging In to DSAME
Uninstalling DSAME
Installing DSAME Services
Chapter 5 Using an Existing Directory Server
To Install DSAME Services with Directory Server
Installing a Stand-Alone iPlanet Directory Server
Installing Directory Server With the DSAME Package Format
Configuring an Existing Directory Server 5.1 to Work with DSAME
Installing Directory Server Without the DSAME Package Format
To Configure an Existing Directory Server
Optimizing Directory Server for DSAME
Before You Begin
Chapter 6 Installing URL Policy Agents
Supported DITs and Unsupported DITs
Step 1: Install Directory Server 5.1 and Configure it to Work with DSAME
Background for Examples Used in This Chapter
Step 2: Install DSAME Services
Step 3: (Optional) Add Your Custom Object Classes to DSAME Schema
Step 4: (Optional) Configure Alternative Naming Attributes
Step 5: Load DSAME LDIF into Your Directory
Step 6: Load DSAME Service Attributes into Your Directory
Step 7: (Optional) Add DSAME ACIs to Your Default Organization
Step 8: Remove Unnecessary Files
Step 9: Start DSAME
Step 10: Add DSAME Object Classes and Attributes to Existing Directory Entries
Results of DSAME and Directory Modifications
How URL Policy Agents Work
Chapter 7 Basic Configurations
Protecting the Web Server That Runs DSAME Services
To Install a Policy Agent with the Policy and Management Services
Protecting Content on Remote Web Servers
Providing Failover Protection for DSAME Agents
Installing Multiple Policy Agents on the Same Computer System
To Install the Policy Agent on a Remote Web Server
To Install a Second Agent on the Same Computer (Using iPlanet Web Server 6.x)
Disabling URL Policy Agents
To Install a Second Agent on the Same Computer (Using iPlanet Web Server 4.x)
Installing Multiple DSAME Instances Against the Same Directory Server
Support for Directory Replication and High Availability
Replication Considerations
Secure Sockets Layer (SSL)
Configuring DSAME to Support Directory Replication
Configuring a Load-Balancing Application to Work With DSAME
Step 1: Enable LDAP Over SSL
Step 2: Enable DSAME to Run in SSL Mode
Step 3: (Optional) Install and Configure a URL Policy Agent for SSL
Part 3 Windows 2000 Installation Instructions
Chapter 8 The DSAME Installation Program for Windows 2000
Before You Begin
Chapter 9 Simple Installations with No Existing Directory Server
Installation Program Options
Determining Which Installation Options to Use
Starting DSAME Services
Logging In to DSAME
Uninstalling DSAME
Installing DSAME Services and Directory Server
Chapter 10 Using an Existing Directory Server
To Install DSAME Services with a New Directory Server
Installing a Stand-Alone iPlanet Directory Server
To Install a Stand-Alone iPlanet Directory Server
Optimizing Directory Server for DSAME
Configuring an Existing Directory Server 5.1 to Work with DSAME
To Configure an Existing Directory Server
Before You Begin
Chapter 11 Basic Configurations
Supported DITs and Unsupported DITs
Step 1: Install Directory Server 5.1 and Configure it to Work with DSAME
Background for Examples Used in This Chapter
Step 2: Install DSAME Services
Step 3: (Optional) Add Your Custom Object Classes to DSAME Schema
Step 4: (Optional) Configure Alternative Naming Attributes
Step 5: Load DSAME LDIF into Your Directory
Step 6: Load DSAME Service Attributes into Your Directory
Step 7: (Optional) Add DSAME ACIs to Your Default Organization
Step 8: Remove Unnecessary Files
Step 9: Start DSAME
Step 10: Add DSAME Object Classes and Attributes to Existing Directory Entries
Results of DSAME and Directory Modifications
Installing Multiple DSAME Instances Against the Same Directory Server
Support for Directory Replication and High Availability
Replication Considerations
Secure Sockets Layer (SSL)
Configuring DSAME to Support Directory Replication
Configuring a Load-Balancing Application to Work With DSAME
Step 1: Enable LDAP Over SSL
Step 2: Enable DSAME to Run in SSL Mode
Part 4 Appendixes
Appendix A DSAME Object Classes and Attributes
Using DSAME Object Classes as Markers
Appendix B Securing Your Web Server
Using Alternative Naming Attributes
DITs That Cannot Be Managed by DSAME
Limitations to Consider
ObjectClass and Attribute Descriptions
Examples of Unsupported DITs
Organization
Container (Organizational Unit)
People Container
Static Group
Assignable Dynamic Group
Filtered Group
User
Requiring Authentication
Appendix C Managing SSL
Creating a Trust Database
Requesting and Installing a VeriSign Certificate
Requesting and Installing Other Server Certificates
Migrating Certificates When You Upgrade
Managing Certificates
Installing and Managing CRLs and CKLs
Setting Security Preferences
Using External Encryption Modules
Setting Client Security Requirements
Setting Stronger Ciphers
Considering Additional Security Issues
Introduction to SSL in the Directory Server
Index
Obtaining and Installing Server Certificates
Activating SSL
Setting Security Preferences
Using Certificate-Based Authentication
Configuring LDAP Clients to Use SSL
Index Next
Copyright 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated March 27, 2002