Chapter 1
  Installing Sun ONE Directory Server

This chapter is designed to guide you through initial Sun ONE Directory Server software installation and uninstallation. It contains the following sections:

• Before You Start
• Installation
• Uninstallation
• Troubleshooting

Before You Start

---

Before you install Directory Server for use in a production environment, ensure the system is minimally equipped and configured to run directory services. At minimum, familiarize yourself with the concepts discussed in Sun ONE Directory Server Deployment Guide.

---

Note	To achieve optimal performance, also follow the tuning and configuration instructions provided throughout this guide.

---

Planning Your Directory Deployment

Perform the following steps, referring to the operating system documentation for tasks related to the underlying platform.

1. Plan the deployment of directory services.

Refer to the Sun ONE Directory Server Deployment Guide for instructions.

2. If the deployment involves centralized administration of server configuration, users, and groups for multiple directory installations, determine configuration and user directory locations.

The configuration directory or Configuration Directory Server (CDS) stores information about how Directory Server itself is configured. This directory is generally installed first, and every subsequent server registers with it. A single configuration directory provides for centralized administration of all servers.

The user directory stores entries for users and groups who access directory services. The user directory is generally unique to the network domain, and other servers access it for user and group information. A single user directory provides for centralized administration of users and groups.

For small deployments, it is possible to install configuration, user, and other directories on the same directory instance. For larger deployments, consider placing the configuration and user directories on separate servers.

Refer to the Sun ONE Server Console Server Management Guide for details on appropriate location of configuration, user, and group data.

3. Ensure the host system runs a supported platform on a supported architecture, as summarized in Table 1-1.

Table 1-1    Supported Platforms and Architectures 

Platform	Architectures
Sun Solaris™ Operating Environment 9	SPARC® processors, 32 and 64-bit mode Supported x86 platforms
Sun Solaris Operating Environment 8	UltraSPARC processors, 32 and 64-bit mode
Sun Linux 5.0	Sun LX50 servers
Hewlett Packard HP-UX 11i	PA-RISC 2.0 processors, 32 and 64-bit mode
IBM AIX 5.1	PowerPC processors
Microsoft Windows 2000 Server, SP 3 Microsoft Windows 2000 Advanced Server, SP 3	Pentium II or later IA-32 processors
Red Hat Linux 7.2	Pentium II or later IA-32 processors

4. Ensure the host system meets at least minimum disk space and memory requirements, as summarized briefly in Table 4-1.
5. Restrict physical access to the host system.
6. Ensure the host system uses a static IP address.
7. If the Directory Server instance is not itself providing a naming service for the network or if the deployment involves remote administration of Directory Server, ensure a naming service and the domain name for the host are properly configured.

Obtaining Directory Server Software

After performing the procedure outlined in "Planning Your Directory Deployment", complete the following steps.

1. Ensure an unzip utility is installed so you can unpack the software.
2. Download the software. At the time of this writing, you can download from:

http://wwws.sun.com/software/download/

3. Unpack the software into a directory other than the directory where you intend to install Directory Server.

Installation

---

Which Directory Server installation steps you follow depends on your specific deployment requirements. With these specific deployment requirements in mind, proceed according to the appropriate sections:

• Determining What to Install
• Determining How to Install
• Preparing Installation Information
• Installing on Solaris Systems
• Installing on Other UNIX Systems
• Installing on Windows Systems

Determining What to Install

You have a number of alternatives to evaluate before you decide which software to install. Consider these questions:

• Do you need large cache capabilities for a high-volume deployment?

If so, consider using a platform on which Directory Server can run as a 64-bit process, and install the 64-bit version.

If your Directory Server deployment is relatively small, with a database size of less than 500 MB, consider installing only 32-bit support, even on platforms that support 64-bit versions.

• Do you plan to administer Directory Server through the graphical user interface?

If so, install Sun ONE Server Console and Sun ONE Administration Server.

If you intend to administer Directory Server through the command-line interface only, then you may choose not to install the Console and Administration Server.

If you intend to use the system for remote management through the graphical user interface, you may choose to install only the Console and Administration Server.

• Do you intend to deploy Directory Server on Sun Cluster software?

If so, refer to Appendix C "Installing Sun Cluster HA for Directory Server," for instructions.

Determining How to Install

You also have alternatives to evaluate before you decide which packaging best fits your deployment, and whether you intend to install interactively. Consider these questions:

• Do you want tighter integration with Solaris system administration processes? Do you want to share components among multiple Sun ONE servers on the same system?

If so, consider installing using Solaris Packages.

• Do you want to install without first becoming super user? Do you want to install multiple independent sets of Directory Server binaries on the same system?

If so, consider installing from a compressed archive, even on Solaris systems.

• Do you want to install quickly to evaluate Directory Server? Is this your first time installing this version of Directory Server?

If so, consider installing interactively.

• Do you want to script installation? Do you want to install many systems with similar configurations?

If so, consider using the silent installation process.

Preparing Installation Information

Preparing information in advance can help you complete the installation process quickly. Before performing interactive installations, consider creating a work sheet to hold the installation information, as summarized for a typical installation in Table 1-2.

Table 1-2    Basic Information Required During Typical Installation 

Description	Examples	Your Answers...
Administration domain	example.com
Administration Server port number	5201
Directory Administrator ID	admin
Directory Administrator password	$3kReT4wD
Directory Manager DN1 (super user for the directory)	cn=Directory Manager
Directory Manager password (at least 8 characters)	#$8Yk$-%&
Directory Server port number (1-65535, inclusive)2	389 (default LDAP) 636 (default LDAP/SSL)
Fully qualified host distinguished name	dirserv.example.com
(Optional) Configuration directory host, port, bind ID and password if using an existing configuration directory	config.example.com 389 admin $3kReT4wD
(Optional) User directory host, port, bind DN, password, and suffix if using an existing user directory	usergroup.example.com 389 cn=Directory Manager #$8Yk$-%& dc=example, dc=com
Server ID (No periods or spaces allowed)	dirserv
Server suffix (At least one to hold directory content)	dc=example,dc=com
ServerRoot (software installation directory; refer to "Default Paths and Filenames" for more information) Do not install on top of an existing earlier version. Do not install Sun ONE Web Server in the same ServerRoot as Directory Server. (UNIX platforms) No spaces allowed.	/var/mps/serverroot /var/Sun/mps C:\Program Files\Sun\MPS
(UNIX platforms) Server group ID3 Use the name, rather than the group ID number.	noaccess
(UNIX platforms) Server user ID Use the name, rather than the user ID number.	diruser
(Windows) Administrator password (Optional, other platforms) super user password	Ask your system administrator.

1 All DNs must be entered in UTF-8 encoding; refer to RFC 2253. Older encodings such as ISO-8859-1 are not supported. 2 The Internet Assigned Numbers Authority assigns port numbers less than 1024. Install as super user to use a port less than 1024. 3 You create the appropriate UNIX user and group as described in the installation procedures.

When providing information for Directory Administrator and Directory Manager accounts, recall that Directory Administrator access rights may be managed using Directory Server access control mechanisms. Recall also that Directory Server access control does not apply for the Directory Manager account.

Silent installation configuration files contain similar information.

Installing on Solaris Systems

How you install Directory Server software depends on which packaging you decide to use, and on whether you want to interact with the install program. Proceed according to instructions in the appropriate sections:

• Preparing For Installation From Solaris Packages
• Performing Interactive Installation Using Solaris Packages
• Performing Silent Installation Using Solaris Packages
• Preparing For Installation From a Compressed Archive
• Performing Interactive Installation From a Compressed Archive
• Performing Silent Installation From a Compressed Archive
• Completing the Installation Process

When installing Directory Server in a Sun Cluster system, follow the instructions in Appendix C "Installing Sun Cluster HA for Directory Server."

Preparing For Installation From Solaris Packages

1. (Optional) Create a user and group account for Directory Server.

Directory Server runs as the user and group you specify during installation. Set permissions that prevent unauthorized access to the directory and to other resources on the system. Refer to "(UNIX Platforms) Users and Groups" for more information.

2. (Optional) Allow access to the display using the xhost(1) command.

When you set the DISPLAY environment variable appropriately and perform installation as a user having access to the display, the installation program displays the graphical user interface by default.

If the installation program cannot display the graphical user interface, it starts installation in command-line mode.

3. Before installing using a locale other than US English, set the LANG environment variable to C.
4. Ensure the required packages listed in Table 1-3 are installed, in addition to all Solaris packages installed by default with a basic system.

Table 1-3    Prerequisite Solaris Packages 

Package	Description	Required for 32-Bit Directory Server	Required for 64-Bit Directory Server
SUNWj3rt1	J2SDK 1.4 runtime environment	Yes	Yes
SUNWzlib	The Zip compression library	Yes	Yes
SUNWzlibx	The Zip compression library (64-bit)	No	Yes

1 It is strongly recommended that you use a Java Runtime Environment version 1.4.1 or later.

Performing Interactive Installation Using Solaris Packages

Perform the steps in the following procedures.

Installing Solaris Packages

You install Solaris packages using the pkgadd(1M) utility. Use pkginfo(1) to determine which packages are already installed, when performing an upgrade for example. When installing packages on multiple hosts, you may define default installation actions through the installation defaults file described in admin(4). In any case, all packages must share the same basedir.

Refer to the Solaris Operating Environment system administration documentation for further information on handling software packages.

1. Consider the full list of packages listed in Table 1-4 or Table 1-5.

Table 1-4    Solaris Packages Provided (SPARC Platforms) 

Package	Description
SUNWasha	Sun ONE Administration Server Component for Sun Cluster
SUNWasvc	Sun ONE Administration Console
SUNWasvcp	Sun ONE Administration Server Console Plug-In
SUNWasvr	Sun ONE Administration Server (Root)
SUNWasvu	Sun ONE Administration Server (Usr)
SUNWdsha	Sun ONE Directory Server Component for Sun Cluster
SUNWdsvcp	Sun ONE Directory Server Console Plug-In
SUNWdsvh	Sun ONE Directory Server Heap Allocator (Solaris 8 systems only)
SUNWdsvhx	Sun ONE Directory Server Heap Allocator (64-bit, Solaris 8 systems only)
SUNWdsvpl	Sun ONE Directory Server PerLDAP modules
SUNWdsvr	Sun ONE Directory Server (Root)
SUNWdsvu	Sun ONE Directory Server (Usr)
SUNWdsvx	Sun ONE Directory Server (64-bit)
SUNWicu	International Components for Unicode User Files
SUNWicux	International Components for Unicode User Files (64-bit)
SUNWjss	Network Security Services for Java (JSS)
SUNWldk	LDAP C SDK
SUNWldkx	LDAP C SDK (64-bit)
SUNWpr	Netscape Portable Runtime Interface
SUNWprx	Netscape Portable Runtime Interface (64-bit)
SUNWsasl	Simple Authentication and Security Layer
SUNWsaslx	Simple Authentication and Security Layer (64-bit)
SUNWtls	Network Security Services
SUNWtlsx	Network Security Services (64-bit)

Table 1-5    Solaris Packages Provided (x86 Platforms) 

Package	Description
SUNWasvc	Sun ONE Administration Console
SUNWasvcp	Sun ONE Administration Server Console Plug-In
SUNWasvr	Sun ONE Administration Server (Root)
SUNWasvu	Sun ONE Administration Server (Usr)
SUNWdsvcp	Sun ONE Directory Server Console Plug-In
SUNWdsvpl	Sun ONE Directory Server PerLDAP modules
SUNWdsvr	Sun ONE Directory Server (Root)
SUNWdsvu	Sun ONE Directory Server (Usr)
SUNWicu	International Components for Unicode User Files
SUNWjss	Network Security Services for Java (JSS)
SUNWldk	LDAP C SDK
SUNWpr	Netscape Portable Runtime Interface
SUNWsasl	Simple Authentication and Security Layer
SUNWtls	Network Security Services

It is recommended that you use a writable basedir such as /var when installing all packages. Notice when relocating packages that SUNWasvr and SUNWdsvr place startup and shutdown scripts in basedir/etc.

2. Use the hints in Table 1-6 to determine which packages to install.

Table 1-6    Which Packages to Install 

Configuration	List of Packages to Install1
32-bit Directory Server, Administration Server, and Console	SUNWascv SUNWasvcp SUNWasvr SUNWasvu SUNWdsvcp SUNWdsvh SUNWdsvpl SUNWdsvr SUNWdsvu SUNWicu SUNWjss SUNWldk SUNWpr SUNWsasl SUNWtls
32-bit Directory Server only (no Console)	SUNWasvu SUNWdsvh SUNWdsvpl SUNWdsvr SUNWdsvu SUNWicu SUNWjss SUNWldk SUNWpr SSUNWsasl SUNWtls
64-bit Directory Server, 32-bit Administration Server, and Console	SUNWascv SUNWasvcp SUNWasvr SUNWasvu SUNWdsvcp SUNWdsvh SUNWdsvhx SUNWdsvpl SUNWdsvr SUNWdsvu SUNWdsvx SUNWicu SUNWicux SUNWjss SUNWldk SUNWldkx SUNWpr SUNWprx SUNWsasl SUNWsaslx SUNWtls SUNWtlsx
64-bit Directory Server only (no Console)	SUNWasvu,SUNWdsvh SUNWdsvhx SUNWdsvpl SUNWdsvr SUNWdsvu SUNWdsvx SUNWicu SUNWicux SUNWjss SUNWldk SUNWldkx SUNWpr SUNWprx SUNWsasl SUNWsaslx SUNWtls SUNWtlsx
Cluster node	Add SUNWasha SUNWdsha
Sun ONE Server Console and Administration Server only (no Directory Server, remote management only)	SUNWasvc SUNWasvcp SUNWasvr SUNWasvu SUNWdsvcp SUNWjss SUNWldk SUNWpr SUNWsasl SUNWtls

1 Packages SUNWdsvh (32-bit) and SUNWdsvhx (64-bit) are required by Directory Server only on Solaris 8 systems.

3. Verify that the packages you want are not yet installed.

Do not reinstall packages that have already been installed on the system.

4. Become super user.
5. Use the pkgadd(1M) utility to transfer product packages to the system.

Packages SUNWicu, and SUNWicux depend on the version of Solaris running on the system where you install Directory Server.

Furthermore, refer to the subsequent section, "Installing Required Patches," for more information about installing and patching component packages SUNWpr, SUNWprx, SUNWsasl, SUNWsaslx, SUNWtls, and SUNWtlsx.

6. After quitting pkgadd, verify that all required product packages are installed.

When upgrading from iPlanet Directory Server 5.1 installed using IPLT* Solaris packages, the 5.1 /usr/sbin/directoryserver command is renamed to /usr/sbin/directoryserver.51bak. You may manage the 5.1 version using the renamed command.

Installing Required Patches

Directory Server relies on packages SUNWpr, SUNWprx, SUNWsasl, SUNWsaslx, SUNWtls, and SUNWtlsx that have been updated to include recent fixes, and on recommended system patches.

1. Using pkginfo(1) with the -x option, determine which of these packages are installed on your system. Verify specifically that the appropriate package versions have been installed for your system, as shown in Table 1-7.

Table 1-7    Appropriate Versions and Patches For Components 

System Version and Architecture	SUNWpr(x) Version	SUNWsasl(x) Version	SUNWtls(x) Version	Patches
Solaris 9 (SPARC platforms)	4.1.2 or later	2.01 or later	3.3.2 or later	114049, 115342
Solaris 9 (x86 platforms)	4.1.3 or later	2.01 or later	3.3.3 or later	114050, 115343
Solaris 8 (SPARC platforms)	4.1.2 or later	2.01 or later	3.3.2 or later	114045, 115328

2. Using showrev(1M) with the -p option, determine whether the appropriate patches listed in Table 1-7 have been applied for your platform.
3. Use the hints in Table 1-8 to determine whether to patch components.

Table 1-8    Whether to Patch Components 

On your system...	Do this...
The packages are already installed, and the patches have been applied.	Proceed to Step 4.
The packages are already installed, but the patches have not been applied.	Apply the appropriate patches for your platform provided with Directory Server.
The packages are not yet installed.	Install the packages and appropriate patches provided with Directory Server.

4. Run the following command as super user:

root# /usr/sbin/directoryserver idsktune -q > idsktune.out

idsktune suggests changes you may make to the system. The subcommand itself makes no changes to the system.

5. Fix at least all ERROR conditions indicated.

If you do not fix ERROR conditions, installation may fail. Notice that the idsktune subcommand reports as missing all patches recommended at the time of release and not installed on the system, even patches for packages not installed on the system.

You may download patches from http://sunsolve.sun.com/.

Refer to Chapter 5 "Tuning the Operating System" for more information.

Configuring Directory Server

1. Start the configuration program.

To use the graphical user interface:

root# /usr/sbin/directoryserver configure

To use the command-line interface:

root# /usr/sbin/directoryserver configure -nodisplay

The first installation screen appears.

2. Follow the instructions on each screen using the work sheet you made when "Preparing Installation Information".

Configuring Administration Server

1. Start the configuration program.

To use the graphical user interface:

root# /usr/sbin/mpsadmserver configure

To use the command-line interface:

root# /usr/sbin/mpsadmserver configure -nodisplay

The first installation screen appears.

2. Follow the instructions on each screen using the work sheet you made when "Preparing Installation Information".

Proceed to "Completing the Installation Process".

Performing Silent Installation Using Solaris Packages

Complete the steps in the following procedures.

Installing Solaris Packages

Follow the instructions in "Installing Solaris Packages".

Installing Required Patches

Follow the instructions in "Installing Required Patches".

Creating Specification Files

To perform full silent installation, you must first create two files containing installation specifications, one for Directory Server, one for Administration Server. For a Directory Server installation specification file template, refer to /usr/ds/v5.2/setup/typical.ins. For Administration Server, refer to /usr/sadm/mps/admin/v5.2/setup/admin/typicalInstall.ins.

---

Note	Specification files may contain passwords in clear text. Protect such files with appropriate file permissions.

---

You may create a silent installation specification file either by editing a copy of the template file by hand, or by performing interactive configuration using the Directory Server and Administration Server configuration programs.

To create silent installation specification files for Directory Server and for Administration Server interactively, follow these steps:

1. Perform Directory Server configuration using the -saveState option.

root# /usr/sbin/directoryserver configure -saveState dirserv-file

to create the specification file, dirserv-file.

2. Perform Administration Server configuration using the -saveState option.

root# /usr/sbin/mpsadmserver configure -saveState admserv-file

to create the specification file, admserv-file.

3. Adjust the specification files, dirserv-file and admserv-file, before using them to install on other systems.

Some silent installation specification file directives, such as FullMachineName, depend directly on the underlying host system and so cannot be generated generically.

Silent installation specification files contain a checksum string corresponding to the build version of the install program. To reuse a silent installation specification file with a different build or release of the install program, update the checksum string in lines beginning with [STATE_BEGIN and [STATE_DONE. The updated checksums are in /usr/ds/v5.2/setup/typical.ins for Directory Server and in /usr/sadm/mps/admin/v5.2/setup/admin/typicalInstall.ins for Administration Server. Code Example 1-1 shows a sample checksum.

---

Code Example 1-1    Silent Installation Checksum Line

[STATE_BEGIN Sun ONE Directory Distribution a7cc64b2f71a0452899e1c3b853ecead72027b3b]

Installing Using the Specification Files

To configure Directory Server and Administration Server interactively, follow these steps:

1. Verify the changes made to the silent installation specification file.
2. Perform Directory Server configuration in silent mode.

root# /usr/sbin/directoryserver configure -f dirserv-file

Here dirserv-file is the silent installation configuration file.

3. Perform Administration Server configuration in silent mode.

root# /usr/sbin/mpsadmserver configure -f admserv-file

Here admserv-file is the silent installation configuration file.

Proceed to "Completing the Installation Process".

Preparing For Installation From a Compressed Archive

1. From the directory containing the software you unpacked as described in "Obtaining Directory Server Software", run the idsktune utility. idsktune checks for appropriate patches and verifies the system is tuned to support high directory service performance.

As super user, enter the following command:

root# ./idsktune -q > idsktune.out

Perform suggested changes to the system manually. idsktune itself makes no changes to the system.

2. Fix at least all ERROR conditions indicated by idsktune. If you do not fix ERROR conditions, installation may fail. Notice that idsktune reports as missing all patches recommended at the time of release and not installed on the system, even patches for packages not installed on the system.

You may download patches from http://sunsolve.sun.com/.

Refer to Chapter 5 "Tuning the Operating System" for more information.

3. (Optional) Create a user and group account for Directory Server.

Directory Server runs as the user and group you specify during installation. Set permissions that prevent unauthorized access to the directory and to other resources on the system. Refer to "(UNIX Platforms) Users and Groups" for more information.

4. (Optional) When installing interactively as another user, allow access to the display using the xhost(1) command.

When you set the DISPLAY environment variable appropriately and perform installation as a user having access to the display, the installation program displays the graphical user interface by default.

If the installation program cannot display the graphical user interface, it starts installation in command line mode.

5. Before installing using a locale other than US English, set the LANG environment variable to C.

Performing Interactive Installation From a Compressed Archive

1. Start the installation program in the directory containing the unpacked software.

For the graphical user interface:

root# ./setup

For command-line interface:

root# ./setup -nodisplay

The first installation screen appears.

2. Follow the instructions on each screen using the work sheet you made when "Preparing Installation Information".




---

Note	To install a 32-bit Directory Server, ensure you clear the check box next to Sun ONE Directory Suite > Sun ONE Directory Server (64-bit support) in the wizard screen titled Select Components.

---




Do not install this version in the same directory as an earlier version of the Directory Server. If you must reuse the same directory location, first uninstall the earlier version. Refer to Chapter 2 "Upgrading From Previous Versions," for further information.

Performing Silent Installation From a Compressed Archive

Complete the steps in the following procedures.

Creating Specification Files

To perform a silent installation, you must first create a file containing installation specifications. For a silent installation specification file template, refer to setup_data/typical.ins under the directory where you unpacked the software.

---

Note	Specification files may contain passwords in clear text. Protect such files with appropriate file permissions.

---

You may create a silent installation specification file either by editing a copy of the template file by hand, or by performing interactive configuration using the installation program.

1. Become super user.
2. Start the installation program with the -saveState option.

root# ./setup -saveState filename

to create the specification file, filename.

3. Perform interactive installation.
4. Adjust the specification file, filename, before using it to install on other systems.

Some silent installation specification file directives, such as FullMachineName, depend directly on the underlying host system and so cannot be generated generically.

Silent installation specification files contain a checksum string corresponding to the build version of the install program. To reuse a silent installation specification file with a different build or release of the install program, update the checksum string in lines beginning with [STATE_BEGIN and [STATE_DONE. The updated checksum can be found in typical.ins. Code Example 1-1 shows a sample checksum.

Installing Using the Specification Files

1. Verify the changes made to the installation specification file.
2. Start the installation program in silent mode.

root# ./setup -noconsole -nodisplay -state filename

Here filename is the silent installation specification file.

Completing the Installation Process

1. Ensure that access permissions for the files under ServerRoot/alias have been set to prevent access by all users other than servers you install under ServerRoot.
2. (Optional) If you installed from a compressed archive, add support to start Directory Server on system reboot. This support is included in the Solaris package version.

Refer to the Solaris system administration documentation for details.

3. (Optional) Enable core file generation.

If you have installed Directory Server as super user, but have set the user and group ID to that of another account, the Directory Server may not be able to generate a core file during a crash. It is strongly recommended that you plan enough space for core files, and allow Directory Server to generate them during a crash.

You may administer core file generation using coreadm(1M), allowing Directory Server to generate core files as follows, for example:

root# coreadm -e proc-setid

Refer to "(UNIX Platforms) Core Files" for further information.

4. (Optional) Many command-line scripts written in Perl can now read the bind password interactively (-w - option). To enable this functionality:

1. Install the Term::ReadKey Perl module, available separately from CPAN.
2. Edit each Perl script to read the bind password interactively by uncommenting the appropriate lines.

All other Perl script functionality remains available without the Term::ReadKey module.

Directory Server is now minimally configured and started.

Installing on Other UNIX Systems

Proceed according to instructions in the appropriate sections:

• Preparing For Installation
• Performing Interactive Installation
• Performing Silent Installation
• Completing the Installation Process

Preparing For Installation

Proceed according to instructions in the appropriate sections:

• Instructions For All UNIX Platforms
• Additional Instructions For AIX Systems
• Additional Instructions For HP-UX Systems

Instructions For All UNIX Platforms

1. Run the idsktune utility, which you find in the directory containing the unpacked software. idsktune checks for appropriate patches and verifies the system is tuned to support high directory service performance.

As super user, enter the following command:

root# ./idsktune -q > idsktune.out

Perform suggested changes to the system manually. idsktune itself makes no changes to the system.

2. Fix at least all ERROR conditions indicated by idsktune. If you do not fix ERROR conditions, installation may fail.

Table 1-9 suggests where to look for official patches not yet installed on your system.

Table 1-9    Where to Obtain Patches, By Platform 

Platform	Browse...
Hewlett Packard HP-UX	http://www.hp.com/support/
IBM AIX	http://www.ibm.com/support/
Red Hat Linux	http://www.redhat.com/

Refer to Chapter 5 "Tuning the Operating System" starting on page 97 for more information.

3. (Optional) Create a user and group account for Directory Server.

Directory Server runs as the user and group you specify during installation. Set permissions that prevent unauthorized access to the directory and to other resources on the system. Refer to "(UNIX Platforms) Users and Groups" for more information.

4. (Optional) When installing interactively as another user, allow access to the display using the xhost(1) command.

When you set the DISPLAY environment variable appropriately and perform installation as a user having access to the display, the installation program displays the graphical user interface by default.

If the installation program cannot display the graphical user interface, it starts installation in command-line mode.

5. Before installing using a locale other than US English, set the LANG environment variable to C.

Additional Instructions For AIX Systems

• If you plan to use the Console, install the X11.adt package.

This package is not part of the standard bundle, but may be obtained from IBM.

Additional Instructions For HP-UX Systems

1. Ensure that support for IPv6 is installed, even if you do not intend to use IPv6 interfaces with Directory Server.
2. Before installing remotely using a locale with fonts not supported for US English, ensure you can access font aliases for remote sessions.

Refer to the operating system documentation for instructions.

Performing Interactive Installation

1. Start the installation program in the directory containing the unpacked software.

For the graphical user interface:

root# ./setup

For the command-line interface:

root# ./setup -nodisplay

The first installation screen appears.

2. Follow the instructions on each screen using the work sheet you made when "Preparing Installation Information".




---

Note	To install a 32-bit Directory Server on platforms with 64-bit server support, ensure you clear the check box next to Sun ONE Directory Suite > Sun ONE Directory Server (64-bit support) in the wizard screen titled Select Components.

---




Do not install this version in the same directory as an earlier version of the Directory Server. If you must reuse the same directory location, first uninstall the earlier version. Refer to Chapter 2 "Upgrading From Previous Versions," for further information.

Proceed to "Completing the Installation Process".

Performing Silent Installation

Complete the steps in the following procedures.

Creating Specification Files

To perform a silent installation, you must first create a file containing installation specifications. For a silent installation specification file template, refer to setup_data/typical.ins under the directory where you unpacked the software.

---

Note	Specification files may contain passwords in clear text. Protect such files with appropriate file permissions.

---

You may create a silent installation specification file either by editing a copy of the template file by hand, or by performing interactive configuration using the installation program.

1. Become super user.
2. Start the installation program with the -saveState option.

root# ./setup -saveState filename

to create the specification file, filename.

3. Perform interactive installation.
4. Adjust the specification file, filename, before using it to install on other systems.

Some silent installation specification file directives, such as FullMachineName, depend directly on the underlying host system and so cannot be generated generically.

Silent installation specification files contain a checksum string corresponding to the build version of the install program. To reuse a silent installation specification file with a different build or release of the install program, update the checksum string in lines beginning with [STATE_BEGIN and [STATE_DONE. The updated checksum can be found in typical.ins. Code Example 1-1 shows a sample checksum.

Installing Using the Specification Files

1. Verify the changes made to the installation specification file.
2. Start the installation program in silent mode.

root# ./setup -noconsole -nodisplay -state filename

Here filename is the silent installation specification file.

Completing the Installation Process

1. Ensure that access permissions for files under ServerRoot/alias have been set to prevent access by all users other than servers you install under ServerRoot.
2. (Optional) Add support to start Directory Server on system reboot.

Refer to the operating system documentation for details.

3. (Optional) Enable core file generation.

If you have installed Directory Server as super user, but have set the user and group ID to that of another account, the Directory Server may not be able to generate a core file during a crash. It is strongly recommended that you plan enough space for core files, and allow Directory Server to generate them during a crash.

Refer to "(UNIX Platforms) Core Files" for further information.

4. (Optional) Many command-line scripts written in Perl can now read the bind password interactively (-w - option). To enable this functionality:

1. Install the Term::ReadKey Perl module, available separately from CPAN.
2. Edit each Perl script to read the bind password interactively by uncommenting the appropriate lines.

All other Perl script functionality remains available without the Term::ReadKey module.

Directory Server is now minimally configured and started.

Installing on Windows Systems

Proceed according to instructions in the appropriate sections:

• Preparing For Installation
• Performing Interactive Installation
• Performing Silent Installation
• Completing the Installation Process

Preparing For Installation

1. When installing Windows 2000, specify that the computer is a stand-alone server, not a member of any existing domain or workgroup, to reduce dependencies on network security services.
2. Apply Service Pack 3.
3. Ensure the display driver supports at least 256 colors.
4. Log on as a user with Administrator privileges.
5. Set the TEMP environment variable to a valid folder for temporary files.

Performing Interactive Installation

1. Double click setup.exe in the folder containing the unpacked software.

The first installation screen appears.

2. Follow the instructions on each screen using the work sheet you made when "Preparing Installation Information".

Do not install this version in the same folder as an earlier version of the Directory Server. If you must reuse the same folder, first uninstall the earlier version. Refer to Chapter 2 "Upgrading From Previous Versions," for further information.

Proceed to "Completing the Installation Process".

Performing Silent Installation

Perform the steps in the following procedures.

Creating Specification Files

To perform a silent installation, you must first create a file containing installation specifications. For a silent installation specification file template, refer to setup_data\typical.ins in the folder where you unpacked the software.

---

Note	Specification files may contain passwords in clear text. Protect such files with appropriate file permissions.

---

You may create a silent installation specification file either by editing a copy of the template file by hand, or by performing interactive configuration using the installation program.

1. Log on as a user with Administrator privileges.
2. Start the installation program with the -saveState option.

From the folder where you unpacked the product, enter

Prompt>setup -saveState filename

to create the specification file, filename.

3. Perform interactive installation.
4. Adjust the specification file, filename, before using it to install on other systems.

Some silent installation specification file directives, such as FullMachineName, depend directly on the underlying host system and so cannot be generated generically.

Silent installation specification files contain a checksum string corresponding to the build version of the install program. To reuse a silent installation specification file with a different build or release of the install program, update the checksum string in lines beginning with [STATE_BEGIN and [STATE_DONE. The updated checksum can be found in typical.ins. Code Example 1-1 shows a sample checksum.

Installing Using the Specification Files

1. Verify the changes made to the installation specification file.
2. Start the installation program in silent mode.

From the folder where you unpacked the product, enter

Prompt>setup -noconsole -nodisplay -state filename

Here filename is the silent installation specification file.

Completing the Installation Process

1. Ensure that access permissions for files under ServerRoot\alias have been set to prevent access by all users other than servers you install under ServerRoot.
2. After installation, manually set special access permissions for the following files such that only the user and group running the Administration Server has read-write access, and all other users have no access.

• ServerRoot\admin-serv\config\adm.conf
• ServerRoot\admin-serv\config\admpw
• ServerRoot\admin-serv\config\magnus.conf
• ServerRoot\admin-serv\config\obj.conf
• ServerRoot\admin-serv\config\secmod.db
• ServerRoot\admin-serv\config\server.xml

Refer to Windows help for instructions on setting special access permissions for files. This modification prevents unauthorized users from modifying Administration Server configuration data.

3. (Optional) Many command-line scripts written in Perl can now read the bind password interactively (-w - option). To enable this functionality:

1. Install the Term::ReadKey Perl module, available separately from CPAN.
2. Edit each Perl script to read the bind password interactively by uncommenting the appropriate lines.

All other Perl script functionality remains available without the Term::ReadKey module.

Directory Server is now minimally configured and started.

Uninstallation

---

Uninstallation removes the software and associated data from a computer. Directory Server becomes unavailable and you lose all settings and data.

Uninstallation removes not only server software, but also registry data stored on the system. If you delete files manually before using the uninstallation program, you may corrupt your registry. To avoid corrupting the registry, use the uninstallation program before deleting any product files manually.

---

Note

You do not receive a warning before proceeding with uninstallation of your configuration directory containing configuration information under the o=NetscapeRoot suffix. If you uninstall a centralized configuration directory that other directories rely on for configuration information, you cannot subsequently administer those directories.

---

Proceed according to the appropriate section:

• Uninstalling on Solaris Systems
• Uninstalling on Other UNIX Systems
• Uninstalling on Windows Systems

Uninstalling on Solaris Systems

How you remove Directory Server software depends on which packaging was used during the installation process, and on whether you want to interact with the uninstall program. Proceed according to instructions in the appropriate section:

• Performing Interactive Uninstallation After Installing Using Solaris Packages
• Performing Interactive Uninstallation After Installing From a Compressed Archive
• Performing Silent Uninstallation After Installing Using Solaris Packages
• Performing Silent Uninstallation After Installing From a Compressed Archive

Performing Interactive Uninstallation After Installing Using Solaris Packages

Proceed according to instructions in the appropriate sections:

• Uninstalling Previous Directory Server Versions
• Unconfiguring Administration Server
• Unconfiguring Directory Server
• Removing Packages

Uninstalling Previous Directory Server Versions

• Important If you are completing the upgrade of Directory Server 5.1 on a Solaris system to 5.2, and the 5.1 version was installed from IPLT* Solaris packages, then perform uninstallation for the 5.1 version:

root# /usr/sbin/directoryserver.51bak uninstall

Unconfiguring Administration Server

• Delete the Administration Server configuration.

root# /usr/sbin/mpsadmserver unconfigure

The first uninstallation screen appears. Follow the instructions on each screen.

Unconfiguring Directory Server

• Delete the Directory Server configuration.

root# /usr/sbin/directoryserver unconfigure

The first uninstallation screen appears. Follow the instructions on each screen.

Removing Packages

• Using the pkgrm(1M) utility, remove the Directory Server-specific packages installed in "Performing Interactive Installation Using Solaris Packages".

  ---

  CAUTION: Remove only those packages whose descriptions begin with "Sun ONE". Do NOT remove the other packages listed in these tables. Doing so can render your system unbootable.

  ---

Performing Interactive Uninstallation After Installing From a Compressed Archive

1. In the ServerRoot directory, start the uninstall program.

root# ./uninstall_dirserver

The first uninstallation screen appears.

2. Follow the instructions on each screen.

The selected software is now removed. If the uninstallation program cannot remove all files under the ServerRoot directory, it displays a message. You may manually remove files remaining under ServerRoot.

Performing Silent Uninstallation After Installing Using Solaris Packages

1. Edit uninstall specification file, ServerRoot/setup/uninstall.ins, to include the appropriate administrator identifiers and passwords.



---

Code Example 1-2    Sample Uninstall Specification File

[STATE_BEGIN Sun ONE Directory Distribution checksum] ConfigDirectoryAdminID = admin-user ConfigDirectoryAdminPwd = admin-password [STATE_DONE Sun ONE Directory Distribution checksum]

2. If you are completing the upgrade of Directory Server 5.1 on a Solaris system to 5.2, and the 5.1 version was installed from IPLT* Solaris packages, then perform uninstallation for the 5.1 version:

root# /usr/sbin/directoryserver.51bak uninstall -f 51-uninstaller-file

3. Delete the Administration Server configuration using the unconfigure subcommand.

root# /usr/sbin/mpsadmserver unconfigure -f ServerRoot/setup/uninstall.ins

4. Delete the Directory Server configuration using the unconfigure subcommand.

root# /usr/sbin/directoryserver unconfigure -f ServerRoot/setup/uninstall.ins

5. Using the pkgrm(1M) utility, remove the packages installed in "Performing Silent Installation Using Solaris Packages".

You may remove remaining files manually after uninstallation completes.

Performing Silent Uninstallation After Installing From a Compressed Archive

1. Edit uninstall specification file, ServerRoot/setup/uninstall.ins, as shown in Code Example 1-2 to include the appropriate administrator identifiers and passwords.
2. Run the uninstallation program in silent mode.

root# cd ServerRoot
root# ./uninstall_dirserver -noconsole -nodisplay -state setup/uninstall.ins

You may remove remaining files manually after uninstallation completes.

Uninstalling on Other UNIX Systems

Proceed according to instructions in the appropriate section.

Performing Interactive Uninstallation

1. In the ServerRoot directory, start the uninstall program.

root# ./uninstall_dirserver

The first uninstallation screen appears.

2. Follow the instructions on each screen.

The selected software is now removed. If the uninstallation program cannot remove all files under the ServerRoot directory, it displays a message. You may manually remove files remaining under ServerRoot.

Performing Silent Uninstallation

1. Edit uninstall specification file, ServerRoot/setup/uninstall.ins, as shown in Code Example 1-2 to include the appropriate administrator identifiers and passwords.
2. Run the uninstallation program in silent mode.

root# cd ServerRoot
root# ./uninstall_dirserver -noconsole -nodisplay -state setup/uninstall.ins

You may remove remaining files manually after uninstallation completes.

Uninstalling on Windows Systems

Proceed according to instructions in the appropriate section.

Performing Interactive Uninstallation

1. Click Start, and then choose Settings > Control Panel.
2. Double-click Add/Remove Programs.
3. In the Add/Remove Programs window, select Directory Server, then click Remove.
4. Follow the instructions in the Sun ONE Uninstall window.

If you have upgraded Directory Server, use custom uninstallation mode, and choose not to remove Basic System Libraries, which include .dll files shared with the new Directory Server instance.

Performing Silent Uninstallation

1. Edit uninstall specification file, ServerRoot\setup\uninstall.ins, as shown in Code Example 1-2 to include the appropriate administrator identifiers and passwords.
2. Run the uninstallation program in silent mode.

Prompt>cd ServerRoot
Prompt>uninstall_dirserver -noconsole -nodisplay -state setup\uninstall.ins

You may remove remaining files manually after uninstallation completes.

It is strongly recommended that you reboot the Windows system after uninstallation.

Troubleshooting

---

Table 1-10    Common Installation Problems With Solutions 

Problem	Possible Solutions
I get a message about missing libraries.	Run idsktune and fix at least all ERROR conditions, installing all recommended patches.
Installation did not work, and now I cannot uninstall. What do I do?	Removing the product registry file unless doing so would negatively impact other products: /var/sadm/install/productregistry on Solaris systems when installing as super user /var/tmp/productregistry on other UNIX systems productregistry in the system32 folder under the Windows system folder, for example C:\WINNT\system32\productregistry, on Windows Next, remove the partially installed files by hand before reinstalling.
Installation failed and I do not know why. Is there an installation log somewhere?	Yes. The log can be found under the following location: On Solaris systems, /var/sadm/install/logs (installation as super user) or /var/tmp (installation as a regular user) On other UNIX systems, /var/tmp On Windows systems, %TEMP% folder
Clients cannot locate the server.	Try using the host name such as dirserv. If that does not work, make sure the server is listed in the name service you are using such as DNS, and try the fully qualified domain name such as dirserv.example.com. If that does not work, try using the IP address for the host such as 192.168.0.30.
The port is in use.	If upgrading, you probably did not shut down Directory Server before you upgraded it. Shut down the old server, then manually start the upgraded one. Otherwise, another server might be using the port. Examine which ports are in use with an appropriate tool such as the netstat(1M) utility with the -a option on UNIX systems to determine which ports remain available.
An LDAP authentication error causes installation to fail.	You may have provided the incorrect fully qualified domain name during installation, such as dirserv.nisDomain.Example.COM instead of dirserv.example.com.
I have forgotten the Directory Manager DN and password.	The Directory Manager DN is recorded as the value of nsslapd-rootdn in ServerRoot/slapd-serverID/config/dse.ldif. The Directory Manager password is recorded as the value of nsslapd-rootpw in dse.ldif. If the password is not encrypted — we strongly recommend you encrypt it! — then it appears in dse.ldif in clear text, not prefixed with an encryption scheme identifier such as {SSHA}. If the password is encrypted, you must fix the problem manually. Stop Directory Server. Change the value of nsslapd-rootpw in dse.ldif, taking care not to add trailing spaces. Save and close dse.ldif. Restart the server. Login as Directory Manager using the value you assigned to nsslapd-rootpw. Set an encryption scheme for the Directory Manager password as described in the Sun ONE Directory Server Administration Guide, and then change the password again.
I installed the 32-bit version of the Directory Server by mistake. How do I run the 64-bit version instead?	Export all suffixes to LDIF as described in the Sun ONE Directory Server Administration Guide. Remove all database files. Database files are found under the path indicated by the value of nsslapd-directory on cn=config,cn=ldbm database,cn=plugins,cn=config for the instance. Install 64-bit components if you have not done so already. Make ServerRoot/bin/slapd/server/64/ns-slapd executable. If the operating system is running in 32-bit mode, reboot it in 64-bit mode. If necessary, change cache size settings to work in 32-bit mode. Refer to Chapter 6 "Tuning Cache Sizes," for further information. Initialize all suffixes with the LDIF you exported as described in the Sun ONE Directory Server Administration Guide. Restart the server.
I installed the 64-bit version of the Directory Server by mistake. How do I run the 32-bit version instead?	Export all suffixes to LDIF as described in the Sun ONE Directory Server Administration Guide. Remove all database files. Database files are found under the path indicated by the value of nsslapd-directory on cn=config,cn=ldbm database,cn=plugins,cn=config for the instance. Change the mode of ServerRoot/bin/slapd/server/64/ns-slapd so it is not executable. Initialize all suffixes with the LDIF you exported as described in the Sun ONE Directory Server Administration Guide. Restart the server.
I wrote a script to handle installation. When I tried installing using my script, the installer returned 73, rather than 0. What is going on here?	The installation program return codes are as follows:  0 - SUCCESS  1 - WARNING_REBOOT_REQUIRED  2 - WARNING_PLATFORM_SUPPORT_LIMITED  3 - WARNING_RESOURCE_NOT_FOUND  4 - WARNING_CANNOT_WRITE_LOG  5 - WARNING_LOCALE_NOT_SUPPORTED 50 - ERROR_FATAL 51 - ERROR_ACCESS 52 - ERROR_PLATFORM_NOT_SUPPORTED 53 - ERROR_NO_WINDOWING_SYSTEM_AVAILABLE 54 - ERROR_RESOURCE_NOT_FOUND 55 - ERROR_TASK_FAILURE 56 - ERROR_USER_EXIT 57 - ERROR_CANNOT_UPGRADE 58 - ERROR_NOTHING_TO_DO 59 - ERROR_IN_SERIALIZATION 60 - ERROR_ABNORMAL_EXIT 61 - ERROR_INCOMPATIBLE_STATEFILE 62 - ERROR_UNKNOWN_COMMANDLINE_OPTION 70 - ERROR_NOT_INSTALLED 71 - PARTIALLY_UNINSTALLED 72 - FULLY_UNINSTALLED 73 - INSTALLED 74 - ERROR_FAILED 75 - ERROR_STOPPED 76 - ERROR_STOPPED_ON_ERROR 77 - PARTIALLY_INSTALLED In other words, 73 indicates successful installation.