test

Sun Directory Server Enterprise Edition 7.0 Installation Guide

Chapter 2 Installing Directory Server Enterprise Edition

This chapter focuses on the zip distribution based installation.

Note –

For information about native packages based installation, refer to Chapter 4, Installing and Uninstalling Directory Server Enterprise Edition Using Native Packages.

The installation procedure can be divided into following three steps:

  1. Laying out the software elements in the chosen place on a host filesystem.

    See Installing Directory Server Enterprise Edition Using Zip Distribution.

  2. Pre-configuring installation, that is, running the minimum set of commands that make the software installation operational.

    See Pre-Configuring the Directory Server Enterprise Edition Installation.

  3. Checking the installation, that is, running a few commands to confirm if the software is fully operational.

    See Checking Your Directory Server Enterprise Edition Installation.

For information about installing Identity Synchronization for Windows, refer to Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide and Additional Installation Instructions for Sun Java System Identity Synchronization for Windows 6.0.

Installing Directory Server Enterprise Edition Using Zip Distribution

Before you proceed with the installation, check Operating System Requirements in Sun Directory Server Enterprise Edition 7.0 Release Notes.

You can install the zip distribution as a non-root user.

ProcedureTo Install Directory Server Enterprise Edition Using Zip Distribution

  1. Download the Directory Server Enterprise Edition zip distribution binaries as specified in Getting the Software in Sun Directory Server Enterprise Edition 7.0 Release Notes.

    After this operation is complete, you should have one of the following files in your temporary space, for example, /var/tmp/dsee:

    • DSEE.7.0.Solaris-Sparc-zip.tar.gz

    • DSEE.7.0.Solaris10-X86-zip.tar.gz

    • DSEE.7.0.Solaris9-X86-zip.tar.gz

    • DSEE.7.0.Linux-X86-zip.tar.gz

    • DSEE.7.0.Linux-X86-64-zip. tar.gz

    • DSEE.7.0.HP-UX-zip.tar.gz

    • DSEE.7.0.Windows-X86-zip.zip

  2. Type the following commands to install the Directory Server Enterprise Edition software.


    # mkdir -p install-path 
# cd /var/tmp/dsee 
# gunzip DSEE.7.0.xxx-zip.tar.gz
# tar xf DSEE.7.0.xxx-zip.tar
# unzip -qq sun-dsee7.zip -d install-path
    Note –

    You can remove /var/tmp/dsee contents now.

    The install-path directory is where all the software elements are placed. Minimum 1 Gb space is required.

    You are now ready to start working with the Directory Server Enterprise Edition installation.

    Note –

    Directory Server Enterprise Edition 7.0 depends on the Microsoft Visual C++ 2008 Redistributable Package. If your computer does not have Visual C++ 2008 installed, you must install the Microsoft Visual C++ 2008 Redistributable Package (x86). This package is available from the Microsoft Download Center at http://www.microsoft.com/downloads (Product family: Developer tools).

    To use AES_256 with JavaTM technology based applications and utilities, you must download the JCE Unlimited Strength Jurisdiction Policy Files from http://java.sun.com/javase/downloads/index.jsp and install them.

See Also

If you are already using version 6 or 5.2, and want to use the same legacy instances with the version 7.0 installation, refer to Sun Directory Server Enterprise Edition 7.0 Upgrade and Migration Guide.

Pre-Configuring the Directory Server Enterprise Edition Installation

After installing the Directory Server Enterprise Edition software successfully, you must do the pre-configuration to make the software functional.

This section includes the following subsections:

ProcedureTo Pre-Configure Directory Service Control Center

The Directory Service Control Center (DSCC) has a web-based interface to manage Directory Server and Directory Proxy Server instances.

  1. Create the WAR file for DSCC. 


    $ install-path/bin/dsccsetup war-file-create

Created dscc-war-file-path

    Make a note of the dscc-war-file-path, which is the path of the DSCC war file.

  2. Initialize the DSCC registry. 


    $ install-path/bin/dsccsetup ads-create
Choose password for Directory Service Manager:directory-service-pwd
Confirm password for Directory Service Manager:directory-service-pwd

Creating DSCC registry...
DSCC Registry has been created successfully

    The value that you provide for directory-service-pwd, will be needed to authenticate the DSCC login page and is also used as a DSCC registry password.

    DSCC uses its own local instance of Directory Server to store information about your directory service configuration. The instance is referred to as the DSCC Registry.

  3. Note the port and the path assigned to DSCC registry.


    # install-path/bin/dsccsetup status
...
Path of DSCC registry is dscc-registry-path
Port of DSCC registry is dscc-registry-port
...

    The dscc-registry-port is the port assigned to the DSCC registry by dsccsetup ads-create. The default port that is assigned to the DSCC registry is 3998.

  4. Deploy the WAR file in any of the supported application server instance.

    For example deployment procedures, refer to Appendix A, Deploying DSCC WAR File With Supported Application Servers.

ProcedureTo Pre-Configure the DSCC Agent

  1. Register the DSCC agent in Common Agent Container.


    $install-path/bin/dsccsetup cacao-reg

Configuring Cacao...
Cacao will listen on port dscc-agent-port

    The dscc-agent-port specifies the port of the DSCC agent.

    Note –

    On Windows 2008, for a non-administrator user, the Cacao configuration fails. To solve this problem, set the following Windows registry parameters to zero:


    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

Useful Information for Your Records

You must make a note of the following information that is gathered during the pre-configuration operation.

Information 

Description 

Comments 

install-path

Path under which Directory Server Enterprise Edition 7.0 is installed. 

 

directory-service-pwd

Password assigned to the Directory Service Manager. 

 

dscc-war-file-path

Path of the DSCC WAR file that is to be deployed in your application server. 

install-path/var/dscc7.war

dscc-registry-path

Path of the DSCC Registry 

install-path/var/dcc/ads

dscc-registry-port

Port of the DSCC Registry 

3998 or random. DSCC Registry port can be retrieved by typing the following command: 


install-path/bin/dsccsetup status

dscc-agent-port

Port of the DSCC Agent 

11162 or random. DSCC Registry port can be retrieved by typing the following command:  


install-path/bin/dsccsetup status

Checking Your Directory Server Enterprise Edition Installation

After the successful installation and pre-configuration of the Directory Server Enterprise Edition software, you can check your installation by creating the server instances and start working with them.

Creating Server Instances From Command Line

The following set of commands create a sample server instance, populates it with example data and registers it with DSCC. These commands should execute without any error if software is correctly installed and configured.

ProcedureTo Create a Directory Server Instance From the Command Line

Non-root users can create server instances.

Refer to the following procedure to create a Directory Server instance using the command line:

  1. Create a new Directory Server instance.


    $ dsadm create -p 1389 -P 1636 /local/dsInst

Choose the Directory Manager password:secret12
Confirm the Directory Manager password:secret12
Use 'dsadm start /local/dsInst' to start the instance

    The dsInst instance is created under the existing directory, /local/ and secret12 is assigned as the Directory Manager password.

  2. Start the instance.


    $ dsadm start /local/dsInst
Server started: pid=2845

  3. (Optional) Prepare an example suffix.

    1. Create an empty suffix.


      $ dsconf create-suffix -p 1389 -e dc=example,dc=com
Enter "cn=Directory Manager" password:secret12

      A suffix with root dc=example,dc=com is created.

    2. Populate the suffix with LDIF data.


      $ dsconf import -p 1389 -e\
install-path/resources/ldif/Example.ldif dc=example,dc=com

Enter "cn=Directory Manager" password:

New data will override existing data of the suffix "dc=example,dc=com".
Initialization will have to be performed on replicated suffixes.

...
...
## Closing files...
## Import complete.  Processed 160 entries in 4 seconds. (40.00 entries/sec)

Task completed (slapd exit code: 0).

      The suffix is populated with sample data from Example.ldif.

    3. Search for data in the new instance.


      $ ldapsearch -p 1389 -b dc=example,dc=com "(uid=bjensen)" mail

version: 1
dn: uid=bjensen, ou=People, dc=example,dc=com
mail: bjensen@example.com

  4. (Optional) Manage your server instance using DSCC.

    The following steps assume that DSCC is installed and pre-configured on dscc-host.

    1. Register the server instance with DSCC:


      $ dsccreg add-server -h dscc-host -p dscc-registry-port /local/dsInst

Enter DSCC administrator's password: directory-service-pwd
/local/dsInst is an instance of DS
Enter password of "cn=Directory Manager" for /local/dsInst: secret12
This operation will restart /local/dsInst.
Do you want to continue ? (y/n) y
Connecting to /local/dsInst (using ldap://127.0.0.1:1389)
Enabling DSCC access to /local/dsInst
Restarting /local/dsInst
Registering /local/dsInst in DSCC on dscc-host:dscc-registry-port.

    2. List the server that are currently registered into DSCC


      # dsccreg list-servers -h dscc-host -p dscc-registry-port

Enter DSCC administrator's password: directory-service-pwd
Hostname        Port      sPort  Type  Owner  Flags  iPath       Description
--------------  --------  -----  ----  -----  -----  ----------  -----------
current-host    1389      1636   DS    uid           /local/dsInst

  5. (Optional) If you need to use the installation for production and want to clean the system, type the following commands:


    # dsccreg remove-server -h dscc-host -p dscc-registry-port /local/dsInst
# dsadm delete /local/dsInst
Next Steps

You can add more suffixes, configure replication with other server instances, tune the instance, and generally proceed with other configuration operations.

See Part I, Directory Server Administration, in Sun Directory Server Enterprise Edition 7.0 Administration Guide for instructions on configuring Directory Server with command-line administration tools.

Similarly, you can create Directory Proxy Server instance using the command line tools. For more information, see Chapter 17, Directory Proxy Server Instances, in Sun Directory Server Enterprise Edition 7.0 Administration Guide.

Creating Server Instances Using Directory Service Control Center

After successfully deploying DSCC, use the following procedure to create a sample Directory Server instance.

ProcedureTo Create Server Instances with Directory Service Control Center

Non-root users can create server instances.

Refer to the following procedure to create server instances using DSCC.

  1. Access DSCC by using http://dscc-host:port/dscc7.

  2. Log in to DSCC as Directory Service Manager.

    Directory Service Manager's entry is stored in the DSCC registry. Directory Service Manager also has administrator access to the server instances registered with DSCC.

    1. Type the following values:


          *  Directory Server Manager: admin
    * Password: directory-service-pwd

    2. Click the Log In button.

  3. Under the Directory Servers tab, click New Server.

    The Directory Service Control Center New Directory Server wizard displays.

    Directory Servers tab for Directory Service Control Center

  4. Follow the instructions in the Directory Service Control Center New Directory Server wizard to create the server instance.

    Web-based wizard for creating a Directory Server instance

    While creating the new server instances, you need to provide the following information:


        *  Host: server-host   # Host where DSCC agent has been configured
    *  LDAP Port: 1389
    * LDAPS Port: 1636
    * Instance Path: /local/dsInst
    * Directory Manager Password: secret12
    * Confirm Password: secret12
    * Runtime User ID: install-user
    * Runtime User Password: install-user-pw
    * DSCC Agent Port: dscc-agent-port
    Note –

    The instance path does not support non-ASCII characters.

    Note –

    To successfully create an instance on Windows 2003 Primary Domain Controller, type domainname\username in Runtime User Id.

  5. Complete the create server instance process by following the instructions provided in the graphical user interface.

  6. (Optional) You can choose to delete the server instance by clicking Delete in the More Server Actions drop-down menu.

See Also

Similarly, you can create Directory Proxy Server instances using the Proxy Server tab.

For further configuration and administration of Directory Server and Directory Proxy Server instances, refer to Sun Directory Server Enterprise Edition 7.0 Administration Guide.

See the online help for Directory Service Control Center for hints on configuring Directory Server and Directory Proxy Server through the graphical user interface.

Note –

If you setup your browser for your preferred language, DSCC may sometimes report few messages in other language. The language in which such messages are shown is the language that was effective when the dsccsetup cacao-reg command was executed. Such a language usually is the default locale of the host.

Environment Variables

This section lists environment variables that you can set to facilitate creating server instances and using Directory Server Resource Kit and software development kits.

Environment Variable 

Description 

Reference 

DIR_PROXY_HOST

Hostname of Directory Proxy Server, used when the --hostname option is not specified.

dpconf(1M) command

DIR_PROXY_PORT

Port number of Directory Proxy Server, used when the --port and --secure-port options are not specified.

dpconf(1M) command

DIRSERV_HOST

Hostname of Directory Server, used when the --hostname option is not specified.

dsconf(1M) command

DIRSERV_PORT

Port number of Directory Server, used when the --port and --secure-port options are not specified.

dsconf(1M) command

DSCC_HOST

Hostname of the DSCC registry, used when the --hostname option is not specified.

dsccreg(1M), dsccmon(1M) commands

DSCC_PORT

Port number of the DSCC registry, used when the --port and --secure-port options are not specified.

dsccreg(1M), dsccmon(1M) commands

LDAP_ADMIN_PWF

Path to the file that contains a password, used when the --pwd-file option is not specified.

When server instances are registered with Directory Service Control Center, setting this variable to a file containing the Directory Service Manager password allows to manage all the server instances even if they have different Directory Manager passwords. 

dpconf(1M), dsconf(1M), dsccreg(1M), dsccmon(1M) commands

LDAP_ADMIN_USER

Directory administrator DN, used when the --user-dn option is not specified.

When server instances are registered with Directory Service Control Center, you may set this variable to cn=admin,cn=Administrators,cn=dscc or any other administrator DN create using DSCC.

dpconf(1M), dsconf(1M), dsccreg(1M), dsccmon(1M) commands

MANPATH

Zip distribution:  


install-path/resources/man/:\
$install-path/ext/cacao_2/usr/share/man

Native packages: /opt/SUNWdsee7/man

Online manual pages to browse with the man command

MANSECT

Add any of the following sections that are not listed in your MANSECT environment variable.

1:1m:4:5dsconf:5dpconf:5dssd:5dsat:5dsoc:5

Alternatively, specify the sections to search explicitly when using the man command.

The man command uses the MANSECT environment variable to identify the sections to search by default.

PATH

Zip distribution: install-path/bin

Native packages: /opt/SUNWdsee7/man

Directory Server Enterprise Edition commands 

Zip distribution: install-path/dsrk/bin

Directory Server Resource Kit and LDAP client commands