test

Sun Java System Reference Configuration Series: Portal Service on Application Server Cluster

Configuring the Directory Server Control Center

The Directory Server Control Center (DSCC) is a tool for managing Directory Server instances. DSCC is accessed through Sun Java Web ConsoleTM (Web Console), a web application that provides a single user interface framework for Sun system management applications.

This task consists of the following procedures:

ProcedureTo Create an Instance of the Directory Server Control Center

  1. Assess the current status of the control center.

    On ds1, run the following commands:

    # cd /opt/SUNWdsee/dscc6/bin

    # ./dsccsetup status

    The response should resemble the following:


    ***
DSCC Application is registered in Sun Java (TM) Web Console
***
DSCC Agent is registered in Cacao
***
DSCC Registry has not been created yet
***

    This response indicates that the installer has installed the DSCC packages but did not create a DSCC instance.

  2. Start the DSCC configurator.

    # ./dsccsetup install

    The response should resemble the following:


    ### 'install' subcommand is obsolete.
### Use 'ads-create' subcommand instead.
Choose password for Directory Server Manager:

  3. When prompted, type the directory-admin-password.

    The response should resemble the following:


    Confirm password for Directory Service Manager: Creating DSCC registry...
DSCC Registry has been created successfully.

  4. Confirm that your new DSCC instance is running.

    # ps -ef | grep dscc6

    The response should resemble the following:

    /opt/SUNWdsee/ds6/lib/64/ns-slapd -D /var/opt/SUNWdsee/dscc6/dcc/ads -i /var/opt

  5. If the DSCC instance is not running, start it.

    # /opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/dscc6/dcc/ads

ProcedureTo Register Your DSCC Instance With the Web Console

If the dsccsetup status command in Step 1 of To Create an Instance of the Directory Server Control Center does not indicate that the DSCC application is registered in the Web Console, then perform the following steps.

  1. Check the status of Web Console.

    # cd /usr/share/webconsole/bin

    # ./smcwebserver status

    The output should resemble the following:

    Sun Java(TM) Web Console is stopped

  2. If the Web Console is not running, start the Web Console.

    # ./smcwebserver start

  3. Register your DSCC instance.

    1. Run the following command:

      # /opt/SUNWdsee/dscc6/bin/dsccsetup smreg

      The response prompts you to automatically restart the Web Console.

    2. Type Y and press Return.

ProcedureTo Register Your Directory Server Instances With DSCC

To manage your Directory Server instances, you must register your instances with the DSCC. Doing so modifies the Directory Server instance's cn=config tree.

To complete this task, you work in both the command-line and the DSCC Web Console interfaces.

  1. Start a Browser.

  2. Go to the Web Console login page.

    https://ds1.pstest.com:6789

    The Web Console login page opens.

  3. Log in to the Web Console by typing the following values and clicking Login.

    Input Field 

    Value 

    User ID 

    root

    (Any authorized user can log in to the Web Console, but you must log in as root to register the DSCC. 

    password 

    root-password

    The DSCC main page in Web Console opens.

  4. In the DSCC main page, locate the list of services and click the link for the Directory Server Control Center.

    The Directory Server Control Center page opens.

  5. Type the following values and click Login.

    Input Field 

    Value 

    User ID 

    admin

    Password 

    directory-admin-password

    The Directory Service Control Center Common Tasks panel appears.

  6. Interrupt the registration procedure to Enable DSCC audit logging.

    The audit logs will show the DSCC entries to be added in the registration steps that follow.

    1. Run the following command on ds1:

      # /opt/SUNWdsee/ds6/bin/dsconf set-log-prop -p 389 audit enabled:on

      You are prompted to accept a certificate.

    2. Type Y to accept the certificate and press Return.

    3. When prompted, type the directory-manager-password and press Return.

      The response should resemble the following:


      time: 20080220175511
dn: cn=config
changetype: modify
replace: nsslapd-auditlog-logging-enabled
nsslapd-auditlog-logging-enabled: on

  7. Returning to the Web Console, click the Directory Servers tab.

    The Directory Servers tab is displayed, and the Enter Host Info panel opens.

  8. Register the Directory Server instance on ds1.

    1. In the Directory Servers tab, locate the More Server Actions drop-down menu and select Register Existing Server.

      The Register Existing Directory Server wizard opens, displaying the Step 1. Enter Host and Server Information panel.

    2. In the Enter Host and Server Information panel, type the following values and click Next.

      Otherwise, keep the default values.

      Input Field 

      Value 

      Instance Path 

      /var/opt/SUNWdsee/ds-inst-ds1

      Description 

      ds-inst-ds1

      The Review Server Certificate panel opens.

    3. Click Next to accept the certificate.

      The Provide Authentication Information panel opens. Keep the default values.

    4. Type the directory-manager-password and click Next.

      The Summary panel opens stating that a restart is required

    5. Click Finish.

      Your Directory Server instance (ds-inst-ds1) restarts and registers with the DSCC.

    6. When the registration process is complete, click Close.

      The Register Existing Directory Server wizard closes.

  9. Register the Directory Server instance on ds2.

    Repeat Step 8, except replace all occurrences of ds1 with ds2 (for example, in the instance name, ds-inst-ds2).

    You now see your Directory Server instances (ds-inst-ds1 and ds-inst-ds2) in the DSCC's list of registered servers.

  10. Check the audit logs for both Directory Server instances.

    # tail -100 /var/opt/SUNWdsee/ds-inst-ds1/logs/audit

    # tail -100 /var/opt/SUNWdsee/ds-inst-ds2/logs/audit

    The audit logs should resemble the following:


    time: 20080421170848
dn: cn=pass through authentication,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginarg0
nsslapd-pluginarg0: ldap://localhost:3998/cn=dscc
- replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
- replace: modifiersname
modifiersname: cn=directory manager
- replace: modifytimestamp
modifytimestamp: 20080421160847Z
- 
time: 20080421170848
dn:
changetype: modify
add: aci
aci: (targetattr = "*") (version 3.0; acl "Enable full access for Directory Services Managers";
 allow (all)(userdn = "ldap:///cn=*,cn=Administrators,cn=dscc");)
aci: (targetattr = "aci") (targetscope = "base") (version 3.0; acl "Enable root ACI modification
 by Directory Services Managers"; allow (all)(userdn = "ldap:///cn=*,cn=Administrators,cn=dscc");)

  11. Check the audit logs for the DSCC registry instance.

    # tail -100 /var/opt/SUNWdsee/dscc6/dcc/ads/logs/audit

ProcedureTo Verify Configuration of the DSCC

  1. List the Directory Server instances that are registered with DSCC.

    # /opt/SUNWdsee/dscc6/bin/dsccreg list-servers

    When prompted, type the directory-admin-password.

  2. Press Enter.

    The response should resemble the following:


    Hostname Port sPort Type Owner iPath Description
ds1 389 636 DS root /var/opt/SUNWdsee/ds-inst-ds1 ds-inst-ds1 on ds1
ds2 389 636 DS root /var/opt/SUNWdsee/ds-inst-ds2 ds-inst-ds2 on ds2