Sun Java System Reference Configuration Series: Portal Service on Application Server Cluster

ProcedureTo Register Your Directory Server Instances With DSCC

To manage your Directory Server instances, you must register your instances with the DSCC. Doing so modifies the Directory Server instance's cn=config tree.

To complete this task, you work in both the command-line and the DSCC Web Console interfaces.

  1. Start a Browser.

  2. Go to the Web Console login page.

    The Web Console login page opens.

  3. Log in to the Web Console by typing the following values and clicking Login.

    Input Field 


    User ID 


    (Any authorized user can log in to the Web Console, but you must log in as root to register the DSCC. 



    The DSCC main page in Web Console opens.

  4. In the DSCC main page, locate the list of services and click the link for the Directory Server Control Center.

    The Directory Server Control Center page opens.

  5. Type the following values and click Login.

    Input Field 


    User ID 




    The Directory Service Control Center Common Tasks panel appears.

  6. Interrupt the registration procedure to Enable DSCC audit logging.

    The audit logs will show the DSCC entries to be added in the registration steps that follow.

    1. Run the following command on ds1:

      # /opt/SUNWdsee/ds6/bin/dsconf set-log-prop -p 389 audit enabled:on

      You are prompted to accept a certificate.

    2. Type Y to accept the certificate and press Return.

    3. When prompted, type the directory-manager-password and press Return.

      The response should resemble the following:

      time: 20080220175511
      dn: cn=config
      changetype: modify
      replace: nsslapd-auditlog-logging-enabled
      nsslapd-auditlog-logging-enabled: on
  7. Returning to the Web Console, click the Directory Servers tab.

    The Directory Servers tab is displayed, and the Enter Host Info panel opens.

  8. Register the Directory Server instance on ds1.

    1. In the Directory Servers tab, locate the More Server Actions drop-down menu and select Register Existing Server.

      The Register Existing Directory Server wizard opens, displaying the Step 1. Enter Host and Server Information panel.

    2. In the Enter Host and Server Information panel, type the following values and click Next.

      Otherwise, keep the default values.

      Input Field 


      Instance Path 




      The Review Server Certificate panel opens.

    3. Click Next to accept the certificate.

      The Provide Authentication Information panel opens. Keep the default values.

    4. Type the directory-manager-password and click Next.

      The Summary panel opens stating that a restart is required

    5. Click Finish.

      Your Directory Server instance (ds-inst-ds1) restarts and registers with the DSCC.

    6. When the registration process is complete, click Close.

      The Register Existing Directory Server wizard closes.

  9. Register the Directory Server instance on ds2.

    Repeat Step 8, except replace all occurrences of ds1 with ds2 (for example, in the instance name, ds-inst-ds2).

    You now see your Directory Server instances (ds-inst-ds1 and ds-inst-ds2) in the DSCC's list of registered servers.

  10. Check the audit logs for both Directory Server instances.

    # tail -100 /var/opt/SUNWdsee/ds-inst-ds1/logs/audit

    # tail -100 /var/opt/SUNWdsee/ds-inst-ds2/logs/audit

    The audit logs should resemble the following:

    time: 20080421170848
    dn: cn=pass through authentication,cn=plugins,cn=config
    changetype: modify
    replace: nsslapd-pluginarg0
    nsslapd-pluginarg0: ldap://localhost:3998/cn=dscc
    - replace: nsslapd-pluginEnabled
    nsslapd-pluginEnabled: on
    - replace: modifiersname
    modifiersname: cn=directory manager
    - replace: modifytimestamp
    modifytimestamp: 20080421160847Z
    time: 20080421170848
    changetype: modify
    add: aci
    aci: (targetattr = "*") (version 3.0; acl "Enable full access for Directory Services Managers";
     allow (all)(userdn = "ldap:///cn=*,cn=Administrators,cn=dscc");)
    aci: (targetattr = "aci") (targetscope = "base") (version 3.0; acl "Enable root ACI modification
     by Directory Services Managers"; allow (all)(userdn = "ldap:///cn=*,cn=Administrators,cn=dscc");)
  11. Check the audit logs for the DSCC registry instance.

    # tail -100 /var/opt/SUNWdsee/dscc6/dcc/ads/logs/audit