Previous      Contents      Index      Next
Sun Java System Directory Editor 1 2004Q4 SP1 Installation and Configuration Guide

Chapter 2
Installing Directory Editor

Use the information and procedures described in this chapter to install Directory Editor for use with different application servers. This chapter is organized as follows:

Before You Begin
Installation Steps
What’s Next?

---

Before You Begin

Before starting the Directory Editor installation process,

Ensure that your application server or servlet container uses the Java 1.4.2 J2SDK (or later)
Ensure you have the following information at-hand:
If your application server is already installed, note the installation location
Your login and password for the Directory Server

Note	You must have an account with read and write access for the directory server you will use to store the Directory Editor configuration.

---

Installation Steps

Use the following steps to install Directory Editor:

Install an application server (if it is not already installed on your machine).
Install the Directory Editor software.
Install and deploy Directory Editor on your application server.
Set the Startup Properties.
Set the Managed Directory.
Log-in.

Step 1: Install an Application Server

You must have a Java compiler and a Java Virtual Machine installed on your machine to run the Java classes that perform actions in Directory Editor. Both items are available with the Java 2 Software Developer’s Kit (J2SDK). (The JRE packages do not provide a compiler.)

You can download the J2SDK from http://java.sun.com, and follow the installation instructions provided with the product or many application servers bundle a J2SDK with their installation.

Caution	Directory Editor requires access to some privileged operations that the application server may not allow by default. Edit the security policy file for your application server and grant access to certain actions, as follows:   Open the server.policy file. Add the following lines to the end of the block granting access to “all remaining code:” permission javax.security.auth.AuthPermission   "getLoginConfiguration"; permission javax.security.auth.AuthPermission   "setLoginConfiguration"; permission javax.security.auth.AuthPermission   "createLoginContext.SunDirectoryLogin"; permission javax.security.auth.AuthPermission   "modifyPrincipals"; Save the file. Restart the application server.

Note	The J2SDK version that is shipped with an application server is always preferred to any other J2SDKs installed on your server. When installing the J2SDK, you can conserve space on your machine if you do not install the Java documentation, examples, or source code. Be aware that adding JAVA_HOME to your list of system environment variables benefits the application server, but it may affect other applications.

Step 2: Install Directory Editor

Use the following instructions to download and install the Directory Editor de.war file.

Download the DE12004Q4SP1.zip file from the Sun website to a safe location in your deployment directory. This zip file contains the following files:
Readme file
Third-party license file
Directory Editor license file
Directory Editor installer
Extract these files from the DE12004Q4SP1.zip file.
From a command window, type java de to launch the Directory Editor installer.
When the Welcome screen is displayed, click Next to open the Directory Editor Software License Agreement (shown in the following figure).

Figure 2-1  Directory Editor License Agreement



Click Yes (Accept License) if you agree to the terms.
Click No to cancel the installation.
If you accept the license agreement, the Select Installation Directory screen displays. Enter the directory and path where you want to install the product components (or click Browse to locate and select a directory).

Figure 2-2  Select Installation Directory Screen



Click Next and the Ready to Install screen is displayed to provide information about the product.
When you ready, click the Install Now button.

An Installing... screen displays briefly during the installation process, and then the Installation Summary screen (Figure 2-3) is displayed to report the installation status.

Figure 2-3  Installation Summary Screen



If necessary, click the Details button for additional information.

Click Close to exit the installer.

Next, you must install and deploy the de.war file on your application server. Continue to Step 3: Install Directory Editor on an Application Server for instructions.

Step 3: Install Directory Editor on an Application Server

After downloading and installing the Directory Editor de.war file, use the instructions provided in this section to install and deploy the software on your application server.

The information is organized as follows:

Installing Directory Editor on a Sun Application Server
Installing Directory Editor for Tomcat 5.0.x
Installing Directory Editor for WebLogic
Installing Directory Editor for WebSphere 5.1

Installing Directory Editor on a Sun Application Server

This section provides instructions for installing Directory Editor on a Sun Application Server, which consists of the following steps:

Installing the Sun Application Server Software
Configuring the Sun Application Server’s Policy File
Deploying Directory Editor into a Sun Applications Server

Installing the Sun Application Server Software

Note	The following information is provided for general reference only. For detailed installation instructions, refer to the installation instructions provided with your Sun Application Server or download the product documentation from http://docs.sun.com.

You may need to perform one or more of these general steps when installing the software:

Use the Sun Application Server’s Typical installation.
Specify a location for the installation directory.
Specify an administrator name and password for Application Server administration.

Configuring the Sun Application Server’s Policy File

You must configure the application server’s policy file to give Directory Editor permission to access the application server.

Define a de.home variable as follows:
Launch and log into the Sun ONE Admin Console.
On the left side of the Console, click the folder name for the Application Server instance on which Directory Editor will be installed.

Note	The default folder name is usually server1.

On the left side of the Console, select the JVM settings tab, and then click the JVM Options link.
Add the following JVM option for de.home:

-Dde.home=<SunONEHome>\<domain_name>\<App_Server_Instance>\
applications\j2ee-modules\<idm_1>

For example:

-Dde.home=-Dde.home=/opt/SUNWappserver7/domain1/server1/
applications/j2ee-modules/de_1

Add the following line to the <App Server Home>/domains/<Domain Name>/config/server.policy file (see Code Example 2-1):

grant codeBase "file:${de.home}/-" {
permission java.util.PropertyPermission "*","read,write";
permission java.io.FilePermission"<<ALL FILES>>","execute";
};

Code Example 2-1  Example Sun Application Server Policy File 

/* Copyright (c) 2002 Sun Microsystems, Inc. All rights reserved. */ /* Use is subject to license terms. */ //System Code Permissions grant { permission java.security.AllPermission; }; grant codeBase "file:${de.home}/-" {   permission java.util.PropertyPermission "*","read,write";   permission java.io.FilePermission"<<ALL FILES>>","execute"; }; //Web Application Permissions grant { permission java.lang.RuntimePermission "accessClassInPackage.sun.io"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission com.waveset.repository.test.testConcurrentLocking "read"; permission java.net.SocketPermission "*", "connect,resolve"; permission java.io.FilePermission "/export/logs/trace.log", "read,write"; permission java.util.PropertyPermission "trace.file", "read"; permission java.util.PropertyPermission "trace.destination", "read"; permission java.util.PropertyPermission "trace.enabled", "read";   permission javax.security.auth.AuthPermission  "getLoginConfiguration";   permission javax.security.auth.AuthPermission  "setLoginConfiguration";   permission javax.security.auth.AuthPermission  "createLoginContext.SunDirectoryLogin";   permission javax.security.auth.AuthPermission  "modifyPrincipals"; }; // Core server classes get all permissions by default grant codeBase "file:${com.sun.aas.installRoot}/lib/-" {   permission java.security.AllPermission; }; // iMQ classes get all permissions by default grant codeBase "file:${com.sun.aas.imqLib}/-" {   permission java.security.AllPermission; }; // Web Services classes get all permissions by default grant codeBase "file:${com.sun.aas.webServicesLib}/-" {   permission java.security.AllPermission; }; // Basic set of required permissions granted to all remaining code grant {   permission java.lang.RuntimePermission "loadLibrary.*";   permission java.lang.RuntimePermission "queuePrintJob";   permission java.net.SocketPermission "*", "connect";   permission java.io.FilePermission "<<ALL FILES>>", "read,write";   permission java.util.PropertyPermission "*", "read";   permission java.lang.RuntimePermission  "modifyThreadGroup"; }; // Following grant block is only required by Connectors. If Connectors // are not in use the recommendation is to remove this grant. grant {   permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential com.sun.enterprise.security.PrincipalImpl \"ANONYMOUS\"", "read"; }; // Following grant block is only required for Reflection. If Reflection // is not in use the recommendation is to remove this section. grant {   permission java.lang.RuntimePermission "accessDeclaredMembers"; };

 

Deploying Directory Editor into a Sun Applications Server

Use the following steps to deploy Directory Editor into the Sun Application Server:

Launch the Sun Admin Console and log in.
Navigate to the Web Apps folder icon in the left panel (for example, select
App Server Instance >server1 >Applications >Web Apps) and click the folder icon.
In the right panel, select the Deploy tab.
Enter the file path for the de.war file, and then click OK.
When prompted, set both the Web Application Name and the Context Root to de, and then click OK.
If you used the defaults at install time and you are not using a Web Server, open your browser and type http://localhost:<port_number>/de/ into the URL field. (The port number will vary.)

Note	If you are running your web browser on a host other than the application server you may have to change or adjust the host name in the URL.

The Directory Editor Startup Properties page is displayed. Continue to Step 4: Specify the Startup Properties for instructions.

Installing Directory Editor for Tomcat 5.0.x

This section provides general instructions for installing an Apache Tomcat application server, and then explains two methods for installing Directory Editor on an Tomcat application server. The information is organized as follows:

Installing Tomcat
Installing Directory Editor Using Tomcat Manager
Installing Directory Editor Manually

Installing Tomcat

Note	The instructions provided in this section are provided for general reference only. For detailed installation instructions, consult the Apache website (http://jakarta.apache.org/tomcat/) or the reference information provided for the application server software.

If you are installing the application server from the Tomcat installer

Download and unpack the Tomcat installation bundle.
Decide where to install your Tomcat installation.
Specify to start Tomcat as a service (on Windows only).
Select a port (default is 8080).
Modify the Tomcat start-up script as follows:
On UNIX: Open the $CATALINA_HOME/bin directory and add the following lines to the top of the setclasspath.sh file:

JAVA_HOME=<J2SDK location>

export JAVA_HOME

On Windows: Open the $CATALINA_HOME/bin directory and add the following lines to the top of the setclasspath.bat file:

SET JAVA_HOME=<J2SDK location>

Configuring the Policy File

If you will be running Tomcat with the Security Manager turned on, you must configure the application server’s catalina.policy file (located in $Appserver_home\conf\catalina.policy) to give Directory Editor permission to access the application server. Add the following line to the bottom of the file (see Code Example 2-3):

grant codeBase "file:${catalina.home}/webapps/de/-" {
permission java.security.AllPermission;
};

Code Example 2-2  Example catalina.policy File

/ ======================================================================== // catalina.corepolicy - Security Policy Permissions for Tomcat 5 // // This file contains a default set of security policies to be enforced (by the JVM) // when Catalina is executed with the "-security" option. In addition to the permissions // granted here, the following additional permissions are granted to the codebase specific // to each web application: // // * Read access to the document root directory // // $Id: catalina.policy,v 1.11 2004/03/02 12:36:22 remm Exp $ // ========================================================================

Code Example 2-3  Example catalina.policy File

// These permissions apply to javac grant codeBase "file:${java.home}/lib/-" {permission java.security.AllPermission; }; // These permissions apply to all shared system extensions grant codeBase "file:${java.home}/jre/lib/ext/-" {permission java.security.AllPermission; }; // These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre grant codeBase "file:${java.home}/../lib/-" {permission java.security.AllPermission; }; // These permissions apply to all shared system extensions when // ${java.home} points at $JAVA_HOME/jre grant codeBase "file:${java.home}/lib/ext/-" {permission java.security.AllPermission; }; // ======================= SYSTEM CODE PERMISSIONS ======================== // ========== CATALINA CODE PERMISSIONS =================================== // These permissions apply to the launcher code grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" {permission java.security.AllPermission; }; // These permissions apply to the daemon code grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {permission java.security.AllPermission; }; // These permissions apply to the commons-logging API grant codeBase "file:${catalina.home}/bin/commons-logging-api.jar" {permission java.security.AllPermission; }; // These permissions apply to the server startup code grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {permission java.security.AllPermission; }; // These permissions apply to the JMX server grant codeBase "file:${catalina.home}/bin/jmx.jar" {permission java.security.AllPermission; }; // These permissions apply to the servlet API classes and those that are shared across all // class loaders located in the "common" directory grant codeBase "file:${catalina.home}/common/-" {permission java.security.AllPermission; }; // These permissions apply to the container's core code, plus any additional // libraries installed in the "server" directory grant codeBase "file:${catalina.home}/server/-" {permission java.security.AllPermission; }; // ========== WEB APPLICATION PERMISSIONS ================================= // These permissions are granted by default to all web applications // In addition, a web application will be given a read FilePermission and JndiPermission // for all files and directories in its document root.grant {   // Required for JNDI lookup of named JDBC DataSource's and   //javamail named MimePart DataSource used to send mail   permission java.util.PropertyPermission "java.home", "read";   permission java.util.PropertyPermission "java.naming.*", "read";   permission java.util.PropertyPermission "javax.sql.*", "read";   // OS Specific properties to allow read access   permission java.util.PropertyPermission "os.name", "read";   permission java.util.PropertyPermission "os.version", "read";   permission java.util.PropertyPermission "os.arch", "read";   permission java.util.PropertyPermission "file.separator", "read";   permission java.util.PropertyPermission "path.separator", "read";   permission java.util.PropertyPermission "line.separator", "read";   // JVM properties to allow read access   permission java.util.PropertyPermission "java.version", "read";   permission java.util.PropertyPermission "java.vendor", "read";   permission java.util.PropertyPermission "java.vendor.url", "read";   permission java.util.PropertyPermission "java.class.version", "read";   permission java.util.PropertyPermission "java.specification.version", "read";   permission java.util.PropertyPermission "java.specification.vendor", "read";   permission java.util.PropertyPermission "java.specification.name", "read";   permission java.util.PropertyPermission "java.vm.specification.version", "read";   permission java.util.PropertyPermission "java.vm.specification.vendor", "read";   permission java.util.PropertyPermission "java.vm.specification.name", "read";   permission java.util.PropertyPermission "java.vm.version", "read";   permission java.util.PropertyPermission "java.vm.vendor", "read";   permission java.util.PropertyPermission "java.vm.name", "read";   // Required for OpenJMX   permission java.lang.RuntimePermission "getAttribute";     // Allow read of JAXP compliant XML parser debug     permission java.util.PropertyPermission "jaxp.debug", "read";   // Precompiled JSPs need access to this package.   permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";   permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*"; }; // You can assign additional permissions to particular web applications by // adding additional "grant" entries here, based on the code base for that // application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. // // Different permissions can be granted to JSP pages, classes loaded from // the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/ // directory, or even to individual jar files in the /WEB-INF/lib/ directory. // // For instance, assume that the standard "examples" application // included a JDBC driver that needed to establish a network connection to the // corresponding database and used the scrape taglib to get the weather from // the NOAA web server. You might create a "grant" entries like this: // // The permissions granted to the context root directory apply to JSP pages. // grant codeBase "file:${catalina.home}/webapps/examples/-" { // permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; // permission java.net.SocketPermission "*.noaa.gov:80", "connect"; // }; // // The permissions granted to the context WEB-INF/classes directory // grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" { // }; // // The permission granted to your JDBC driver // grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/-" { // permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; // }; // The permission granted to the scrape taglib // grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { // permission java.net.SocketPermission "*.noaa.gov:80", "connect"; // }; grant codeBase "file:${catalina.home}/webapps/de/-" {permission java.security.AllPermission; };

Installing Directory Editor Using Tomcat Manager

This section explains how to install Directory Editor using Tomcat Manager:

Note	You must have a manager role in Tomcat to use this installation method. To verify your status, check the following file: file <Tomcat_base_directory>/conf/tomcat-users.xml

Use the following steps to install Directory Editor using the Tomcat Manager:

Navigate to the Tomcat bin directory and use one of the following methods to
start Tomcat:
On Unix: From the command line, invoke startup.sh.
On Windows: Double-click startup.bat.
Open your browser and type localhost:<port_number>/manager/html into the URL field.

Note	If you are running your web browser on a host other than the application server you may have to change or adjust the host name in the URL.

When you are prompted for your Tomcat Manager Application user name and password, enter the information and then press OK.

The Tomcat Manager page is displayed.

Scroll down until you locate the Deploy section called “War file to deploy.”
Click Browse to locate the Directory Editor de.war file.
Select the de.war file and then click Deploy.

Installing Directory Editor Manually

Use the following steps to install Directory Editor manually:

Copy the Directory Editor de.war file from its current location into the Tomcat webapps directory. For example,

C:\Tomcat\jakarta-tomcat-5.0.28\webapps)

Navigate to the Tomcat bin directory and use one of the following methods to
stop Tomcat:
On Unix: From the command line, invoke shutdown.sh.
On Windows: Double-click shutdown.bat.
From the same directory, use one of the following methods to restart Tomcat:
On Unix: From the command line, invoke startup.sh.
On Windows: Double-click startup.bat.

The Tomcat application will automatically detect the de.war file, and will install the Directory Editor program.

Note	Be sure to wait for Tomcat to finish initializing before proceeding to the next step.

Open your browser and type localhost:<port_number>/de/ into the URL field.

The Directory Editor Startup Properties page is displayed. Continue to Step 4: Specify the Startup Properties for instructions.

Installing Directory Editor for WebLogic

Use the procedures described in this section to install Directory Editor for use with the BEA WebLogic application server. The information is organized as follows:

Configuring the WebLogic Software
Installing Directory Editor
Configuring a WebLogic 7x Server
Configuring a WebLogic 8.1 SP1Server

Configuring the WebLogic Software

If necessary, install WebLogic (using that product’s installation instructions) and select the domain that will be referenced when you install Directory Editor.

Installing Directory Editor

Use the following steps to install Directory Editor:

Copy the Directory Editor de.war file from its current location into the folder where you want to install Directory Editor.

Note	The WebLogic Web application home directory is: For Version 7x: <ServerHome>/user_projects/ <DomainName>/applications For Version 8.1 SP1: <ServerHome>/user_projects/domains/ <DomainName>/applications

The Application Home panel will display the location where Directory Editor will be installed. Click Next to begin installation.
Navigate to the WebLogic bin directory and use one of the following methods to stop WebLogic:
On Unix: From the command line, invoke shutdown.sh.
On Windows: Double-click shutdown.bat.
From the same directory, restart WebLogic using one of the following methods:
On Unix: From the command line, invoke startup.sh.
On Windows: Double-click startup.bat.

The WebLogic application will automatically detect the de.war file, and will install the Directory Editor program.

Note	Be sure to wait for WebLogic to finish initializing before proceeding to the next step.

Next you must configure the WebLogic server for use with Directory Editor.
Continue to one of the following sections for instructions:

Configuring a WebLogic 7x Server
Configuring a WebLogic 8.1 SP1Server

Configuring a WebLogic 7x Server

Use these steps to configure a WebLogic 7x server:

Start the WebLogic server.
Start the BEA WebLogic Administration Console.
In the left panel, expand Deployments and then click Web Applications.

The console displays the Web Applications panel.

Click Configure a new Web Application.
Using the links, locate the de folder and select it.
Specify the target server. Select a server from the Available Servers list, move it to the Target Servers area, and then click Configure and Deploy.
Click Deploy to deploy Directory Editor.
Open your browser and type localhost:<port_number>/de into the URL field. (The port number will vary.)

Note	If you are running your web browser on a host other than the application server you may have to change or adjust the host name in the URL.

The Directory Editor Startup Properties page is displayed. Continue to Step 4: Specify the Startup Properties for instructions.

Configuring a WebLogic 8.1 SP1Server

Use these steps to configure a WebLogic 8.1 SP1 server:

Start the WebLogic server.
Start the BEA WebLogic Administration Console.
In the left panel, expand Deployments, and then choose Web Application Modules.

The console displays the Web Applications panel.

Click Deploy a new Web Application Module.
Using the links under applications, locate and select the de folder where you put the de.war file.
Click Target Module.
Review the Targets, Accessibility and Identity configuration, and make any necessary changes.
Click Deploy to deploy Directory Editor.
Open your browser and type localhost:<port_number>/de into the URL field. (The port number will vary.)

Note	If you are running your web browser on a host other than the application server you may have to change or adjust the host name in the URL.

The Directory Editor Startup Properties page is displayed. Continue to Step 4: Specify the Startup Properties for instructions.

Installing Directory Editor for WebSphere 5.1

Use the following steps to install Directory Editor for use with the IBM WebSphere 5.1 (or later) application server.

Start the application server.
Start the WebSphere administration console, and then select
Applications >Install New Application.
Add the de.war file name in the Path:Local Path field.
Add the path to the Context Root for the Directory Editor installation (for example, /de), and then click Next.
Select the Generate Default Bindings option (using the default selections for Override and Virtual Host), and then click Next.
Install a new applications page. If you do not want to install the application in WebSphere’s default location, enter the path to a different location into the Directory to Install Application field. For example:

c:\Program Files\WebSphere\AppServer\installedApps\Hostname

Be sure the Distribute Application and Use Binary Configuration options are selected.
Be sure the Create Mbeans for Resources and Deploy EJBs options are not selected.
Enter the name of the application in the Application Name field (the default is de).
Selecting the Enable class reloading option is optional. Click Next.
To prepare for the new application’s installation, make sure the panel displays a line for the current release of Directory Editor, and that it maps to the appropriate virtual host. Click Next.
Be sure the panel displays a line for the current release of Directory Editor, and that it maps to the appropriate server. Click Next and then click Finish.
Click Save to Master Configuration to save the configuration.
Click Save, and then wait for the page to clear.
Select Applications >Enterprise Applications, and then click the application name (the name you specified in the Application Name field).
Be sure the Use Metadata From Binaries option is selected.
Select PARENT_LAST in the Classloader Mode field.
Select Application in the WAR Classloader Policy field.
Click Apply, and then click OK.
From the menu bar, click Save.
Click Save to save the changes to the Master Configuration.
Stop and restart the application server.
Open your browser and type localhost:<port_number>/de into the URL field. (The port number will vary.)

Note	With some platforms, there is a performance impact if you use the JCE provided with that platform. If you experience a long start-up time, see (more...) in Chapter 10, "Error Logging and Troubleshooting". If you are running your web browser on a host other than the application server you may have to change or adjust the host name in the URL.

The Directory Editor Startup Properties page is displayed. Continue to Step 4: Specify the Startup Properties for instructions.

Step 4: Specify the Startup Properties

The first time you open Directory Editor, a Startup Properties page is displayed, similar to the following:

Figure 2-4  Startup Properties Page

You will be prompted to specify these Startup properties and Managed Directory properties (described in the next section).

Note	Directory Editor may automatically complete some of the properties fields, but you can change the information if necessary.

Use the following information to complete the Startup Properties page:

Specify the following Configuration Directory Server parameters:
Host: Enter the name of the host(s) where your configuration Directory Server is located.

The Host field is a multi-valued field that accepts a comma-delimited list of host names.

If you specify more than one host name, you must configure the Directory Servers on each host to replicate master-to-master. Directory Editor will load-balance and provide failover between the configured hosts.
In addition, these hosts must be running Directory Server on the same port with the same security setting. For example, port 389 with nonsecure connections.

Note	The Directory Editor configuration directory is a directory where you store the product’s configuration information. This directory server does not have to be a configuration directory as defined by the Sun ONE Server Console 5.x Server Management Guide.

Port: Enter the port number on which the Directory Server is listening.

Caution	If you use SSL to connect to a server on a port that is not using SSL, the connection will hang — which is a characteristic of the SSL protocol. Similarly, using a plain socket to connect to a server's SSL socket, will also cause the connection to hang.

Bind DN: Enter the bind distinguished name used to authenticate to Directory Server in the bind request.
Password: Enter the password you use to access the configuration directory.

Note	After completing the Configuration Directory Server Properties section, click the Refresh button and Directory Editor will automatically display the naming contexts available for storing the configuration.

Configuration Suffix: Specify the base suffix of the naming context where the Directory Editor configuration is stored.
Specify the Startup Options, as follows:
Allow users to see this page during startup: Enable or disable the checkbox to control whether the Startup Properties page is displayed to end users.

Note	The Startup Properties page is displayed if Directory Editor cannot connect to the configuration directory when the user first starts the application. For security purposes, disable this checkbox after the initial Directory Editor installation. After disabling this checkbox, you can edit the configuration directory settings by selecting Configuration > Startup Page or by editing the startup.properties file in the WEB-INF directory.

Allow users to log in anonymously: Enable or disable the checkbox to control whether your users can log in to Directory Editor anonymously.

If users log in anonymously, they can access Directory Editor’s Home, Browse, and Search pages only. They will not have access to the Create or Configure pages.

Note	After a user logs in, Directory Editor will not allow them to delete, disable, or rename the object (dn) they used to login. If they try to change the object an error message will result.

Show user detailed message for failed log in attempts: Enable or disable the checkbox to control whether the end-user will see more-detailed failed log-in messages.

For example, if the user enters an invalid password

The following message displays if this option is disabled:

Authentication Failed: Invalid Credentials

The following message displays if this option is enabled:

Authentication Failed: Invalid Password

Note	For Advanced Users Only: The following properties are configurable, but they are not represented in the Directory Editor user interface: datastore.objectClass: Specify the LDAP object class that Directory Editor can use to store configuration objects in the directory. datastore.dmlIdAttribute: Specify an attribute from the specified object class that Directory Editor can use to store configuration object IDs. datastore.xmlObjectAttribute: Specify an attribute from the specified object class that Directory Editor can use to store configuration content in XML format. datastore.location: Specify the configuration location when it is prepended with the datastore.configSuffix. You can configure these properties in the startup.properties file located in <application_home>\WEB-INF; however, changing these attributes, may cause issues with the program and can make support more difficult.

When you are finished with this page, click the Save and Continue button to save the information.

Note	Your application server must allow write access to Directory Editor’s WEB-INF directory to persist startup.properties. If your application server does not allow write access, you will be allowed to continue, but Directory Editor will remain in non-production mode.

Note	After this initial configuration of the Startup Properties page, you can edit any of the configuration parameters by selecting Configuration > Startup.

A Managed Directory page displays (similar to the following figure).

Figure 2-5  Managed Directory Page



Instructions for completing this page are provided in the next section.

Step 5: Specify the Managed Directory Properties

Use the following information to complete the Managed Directory page (Figure 2-5):

Specify the following parameters:
Host: Enter the name of the host(s) where your managed directory is located.

To specify more than one Host, click the Add button located next to the Host field . (To remove a host, click the Rem button.)

Note	If you specify more than one host name, you must configure the Directory Servers on each host to replicate master-to-master. Directory Editor will load-balance and provide failover between the configured hosts. In addition, these hosts must be running Directory Server on the same port with the same security setting. For example, port 389 with nonsecure connections.

Port: Enter the port number on which the managed directory is listening, and then enable or disable the Secure Port checkbox to control whether this directory must communicate using a secure connection.

Caution	If you use SSL to connect to a server on a port that is not using SSL, the connection will hang — which is a characteristic of the SSL protocol. Similarly, using a plain socket to connect to a server's SSL socket, will also cause the connection to hang.

Base Context: Click the Refresh button to populate the drop-down menu.

Note	You must fill out the host and port fields before pressing Refresh.

Use the menu to select a base context to be managed by Directory Editor. (For example, ou=People,dc=example,dc=com)

Note	Be sure to set the base context high enough in the tree to ensure that you have access to all the information you need.

Manager Principals: Enter the name or distinguished name (DN) of one or more LDAP groups under the base context whose members are considered Directory Editor directory managers (administrators). These directory managers will have access rights to all Directory Editor functionality. (For more information, see Configuring Directory Editor.)

For additional manager principals, click the Add button. To remove principals, click the Rem button.

Note	After completing the initial configuration of Directory Editor, you will be able to browse the directory for manager principals to add to the Manager Principals list. (For more information, see Editing the Managed Directory Properties.)

User search authentication: Enter the method by which Directory Editor will search the directory for authenticating users.
Anonymously: Enable this button if your user objects are visible to anonymous search queries. (The Bind DN and Password text fields will become inactive and you cannot type in those fields.)
Simple Bind: Enable this button and then specify a Bind DN and Password if your user objects are not visible to anonymous search queries.
Bind DN: Enter the bind distinguished name used to authenticate to the managed directory in the bind request (not required for anonymous user search authentication). This option enables Directory Editor to search for users during the login process only.
Password: Enter the password you use to access your managed directory to search for user object DNs (not required for anonymous user search authentication).
Naming Attributes: Enter the attributes used in the directory tree.
For additional attributes, click the Add button. To remove attributes, click the Rem button.

When a user tries to log in, Directory Editor uses the Account ID field on the Log In form to search for a user object that matches one of these naming attributes exactly.

When you are finished, click Save to save the information and to open the Directory Editor Log In page.

Note	After this initial configuration of the Managed Directory page, you can edit any of the configuration parameters by selecting Configuration > Managed Directory.

---

What’s Next?

Continue to Chapter 3, "Getting Started" to log-in and begin customizing applications with Directory Editor.

Previous      Contents      Index      Next

---

Part No: 819-1701.   Copyright 2004 Sun Microsystems, Inc. All rights reserved.