Sun logo      Previous      Contents      Index      Next     

Sun ONE Meta-Directory 5.1.1 Administration Guide

Chapter 12
Starting and Stopping Components

The process of starting, stopping and restarting Meta-Directory components is key to refreshing data entries and keeping records current. This process is handled by a Perl script that creates a file named start.conf. This chapter contains the following sections:


About start.conf File

The start.conf file is a text file; there is one start.conf file for each Meta-Directory component. The files can be found at:

NETSITE_ROOT/component_directory/config/start.conf

where component_directory is a variable to be replaced by one of the following component name placeholders: Join Engine, ADC, NTDC, or UTC.

At startup, the objective of a Meta-Directory component is to connect to the data server as well as validate the distinguished name and password (referred to as authenticationDetails) needed to open access to it. Initially, the start.conf file contains only the URL of the server. At the implementation of Start Server for the specified component, the distinguished name and password are retrieved from the Administration Server and written to the start.conf file. With this information, the component is able to bind to the data server specified as well as read and confirm the authentication details thus allowing itself to start.

Shortly after startup, the component reopens the start.conf file and erases the distinguished name and password so that, once again, it contains only the URL of the data server. (Specifically, the password is overwritten with white space characters and truncated to zero length.) This process maximizes security.


Note

If the component is unable to erase the authentication details from start.conf, a warning message will be logged although the component will continue to function properly.



Starting Meta-Directory Components

On Windows NT systems, you can start Meta-Directory components using the Console or the Meta-Admin command-line tool. On Solaris systems, you can start Meta-Directory components using the Console or the Meta-Admin command-line tool. If you are unable to start any of the components, log files recorded to each component’s directory can be viewed at the following location to determine the problem:

NETSITE_ROOT/component_directory/logs/

Using the Console

You can start the Join Engine or connectors on a Windows NT or Solaris system by using either the Sun ONE Console or Meta-Directory console.

    To start from the Sun ONE Console navigation tree
  1. Open Sun ONE Console by clicking Start and choosing Programs >Sun ONE Server Products > Sun ONE Console.
  2. Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to start.
  3. Select the instance and right-click. A context menu appears.
    Figure displays the options that are available in the short-cut menu for an instance.
  4. Select Start Server. A message appears stating that the server has been started.
    To start from the Meta-Directory Console navigation tree
  1. Open Sun ONE Console by clicking Start and choosing Programs >Sun ONE Server Products > Sun ONE Console.
  2. Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to start.
  3. Select the instance and click Open in the upper right corner of the window.
  4. Select the instance from the Meta-Directory console navigation tree and right-click on it. A context menu appears.
    Figure shows the options available in the short-cut menu for a particular instance.
  5. Select Start Server. A message appears stating that the server has been started.

Using the Meta-Admin Command-Line Tool

You can also start the Join Engine or connectors by using the Meta-Admin command-line tool. Because the Meta-Admin Command-line tool works in conjunction with an instance of Administration Server, the Administration Server can be used to start components remotely. For information on this tool, you can read Chapter 15, "Command-Line Administration."


Stopping Meta-Directory Components

On Windows NT systems, you can stop Meta-Directory components with the Sun ONE Console, the Meta-Admin command-line tool. On Solaris systems, you can stop Meta-Directory components with the Sun ONE Console or the Meta-Admin command-line tool.

Using the Console

You can stop the Join Engine or connectors either by way of Sun ONE Console or Meta-Directory console.

    To stop from the Sun ONE Console navigation tree
  1. Open Sun ONE Console by clicking Start and choosing Programs > Sun ONE Server Products > Sun ONE Console.
  2. Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to stop.
  3. Select the instance and right-click. A context menu appears.
    Figure shows the options available in the short-cut menu for the selected instance.
  4. Select Stop Server. A message appears stating that the server has been stopped.
    To stop from the Meta-Directory Console navigation tree
  1. Open Sun ONE Console by clicking Start and choosing Programs > Sun ONE Server Products > Sun ONE Console.
  2. Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to stop.
  3. Select the instance and click Open in the upper right corner of the window.
  4. Select the instance from the Meta-Directory console navigation tree and right-click. A context menu appears.
    Figure shows the options available for selection for the selected instance.
  5. Select Stop Server. A message appears stating that the server has been stopped.

Using the Meta-Admin Command-Line Tool

You can stop the Join Engine or connectors by using the Meta-Admin command-line tool. As the Meta-Admin Command-line tool works in conjunction with an instance of Administration Server, the Administration Server can be used to start components remotely. For information on this tool, you can read Chapter 15, "Command-Line Administration."

Using Windows NT Services

You can stop the Join Engine or connectors from the Services Control Manager control panel in Windows NT.

  1. Click Start and choose Settings > Control Panel.
  2. Choose the Sun ONE component to stop.
  3. Press Stop.


Checking a Component Operational Status

The following procedure allows you to check whether a specific component is in operational mode.

  1. In the Meta-Directory console, click the Status tab.
  2. Select either the Join Engine or a connector from the navigation tree.
  3. Click the Operations tab.
  4. The service status of the component is at the top of this panel. Up refers to a running component while down refers to a component that has stopped.

For more information on the Operations panel, see "Operations" of Chapter 13, "Monitoring Meta-Directory Components."


Automated Restarts

To automate a server restart, the administrator can prevent the erasure of start.conf as explained in "About start.conf File". By preventing the erasure of the distinguished name and password, the file can be reused. The first two procedures described are the simplest way to automate a server restart but, offer relatively little or no server security. The last procedure offers a higher level of server security. Once the start.conf file is re-configured, a script can be written to detect a shutdown and restart the component.

    Automating a restart on Windows NT systems

To automate a server restart on Windows NT, you need to prevent the server from erasing the authentication details in the start.conf file. To do this:

  1. Select the start.conf file of the component you would like to automate in Windows Explorer.
  2. Right-click and select Properties.
  3. Check Read-only so the file can not be written to.

This procedure allows for the reuse of the authentication details from the last start request. A script can be written to detect whether the component is down and restart if necessary.

    Automating a restart on Solaris systems

To automate a server restart on the Solaris environment, you need to prevent the server from erasing the authentication details in the start.conf file. To do this enter the command:

chmod ugo-w start.conf

This procedure allows for the reuse of the authentication details from the last start request. A script can be written to detect whether the component is down and restart if necessary.

    Automating a restart with High Security on Windows NT systems

To allow for automated restarts on Windows NT while achieving the highest level of security possible:

  1. Create a login account for your system that will have exclusive permissions to read the start.conf file.
  2. Configure all four Meta-Directory components (Join Engine, NT Domain connector, Active Directory connector, and Universal connector) to run as that administration account.
  3. The four components are configured by selecting from the Windows NT Start menu. Choose Settings > Control Panels > Services. From there select the component to be configured and select Startup. Check Log On As: and use the information created for the trustee account.


    Note

    To enable the ability to change startup parameters via the Console, the Administration Server associated with the Join Engine must be permitted to write to the start.conf file. If the Administration Server can read but not write start.conf, Console users may start the Meta-Directory server but only with the same parameters already stored in start.conf.




Previous      Contents      Index      Next     


Copyright 2004 Sun Microsystems, Inc. All rights reserved.