CHAPTER 8 |
Sun Directory Services Administration |
SIMS supports either the Sun Directory Services and the Netscape Directory Services. The most common directory services tasks are adding, deleting and modifying entries. These are described in Chapter 3, "User/Group Management." For all other directory service information, refer to the following docs:
|
|
Sun Directory Services documentation (http://docs.sun.com:80/ab2/coll.297.1/@Ab2CollToc?subject=sysadmin) |
|
|
If the Sun Directory Services is installed in your system, you can access its Admin Console by clicking on the icon on the SIMS Admin Console home page. If you have the Netscape Directory Service installed, you will not have a directory service icon at all, and will need to access the Admin Console from the command line.
Note - To log in to the directory service GUI, you need to use the directory administrator's uid and password which may be different from the SIMS Administrator's uid and password.
|
Topic/Task |
Description |
Page |
|---|---|---|
|
Sun Directory Services 3.1 Administration Guide |
http://docs.sun.com:80/ab2/coll.297.1/@Ab2CollToc?subject=sysadmin |
|
|
Self-explanatory. |
||
|
Self-explanatory. |
||
|
Describes how to configure the two mandatory parameters: the administrator name/password and the distinguished name of the naming context held in the data store and the data store location. |
||
|
This section is in Chapter 11, "SIMS Periodic Maintenance Procedures." It describes: |
||
|
- Diagnosing SIMS Problems Caused by Improper Directory Entries |
SIMS typically uses the directory server installed with the system. It is possible, however, to designate a different directory server to support SIMS. This is done using the imadmin-modify-currentldap. Refer to the man page for complete information.
It is also possible to designate backup directory servers in the event that current directory server goes down. Refer to the imadmin-add-ldapserver man page for complete information.
You can start the directory server daemon, dsservd, from the Sun Directory Services Admin Console, or you can start the directory server daemon by typing the following command as root:
If you change the directory service configuration, you can restart dsservd without dropping the connections to current LDAP clients. In this case use the dsservd restart command:
You can stop the daemon from the Sun Directory Services Admin Console, or you can stop the directory server daemon by typing the following command as root:
Stopping the directory server automatically stops the replication server. If you have set up a replication schedule, the replication server is restarted automatically when you restart the directory server, and will continue to follow the schedule.
When SIMS is installed, the Sun Directory Services are given default configuration settings, which in most cases will not need to be modified. This section describes the Sun Directory Services configuration settings that relate to SIMS (other settings will not be described). For more details, refer to the Sun Directory Services 3.1 Administration Guide.
The basic settings are accessible through the Sun Directory Services Admin Console, an expanded version of which is shown in FIGURE 8-2, FIGURE 8-3, and FIGURE 8-4. The following bulleted items describe the settings starting from the top of the console and going down. Only settings relevant to SIMS are described.
|
|
Status shows the status of the supported services. Only LDAP must be running for SIMS to operate. |
|
|
Security allows you to set the name and password to access Sun Directory Services Admin Console. |
|
|
LDAP has several different parameters: |
|
|
LDAP port shows the port on which the server listens for incoming SIMS requests. Default: 389. |
|
|
Default referral host specifies the default directory server for referrals. Default: None. |
|
|
Data Store shows a map of the SIMS naming contexts and replicas. Data stores naming contexts, and replicas can be created and modified. See "Data Store Configuration Settings" on page 186 |
|
|
Schema displays the overall LDAP schema of which the SIMS schema is a subset. Also displayed is the schema checking. Default: Weak (schema is checked for each add/modify directory operation). |
|
|
Access Control displays the access properties for specified SIMS entries. During SIMS installation an access control rule is added for the SIMS Administration. |
Note - Making changes to the SIMS access control could expose data to unauthorized users. The default access control rules are adequate for most uses.
|
|
Log shows various LDAP logging information. Logging information may be useful if you are diagnosing LDAP problems. Default: /var/opt/SUNWconn/ldap/log. |
FIGURE 8-2 Sun Directory Services Admin Console Extended View (Page 1 of 3)
FIGURE 8-3 Sun Directory Services Admin Console Extended View (Page 2 of 3)
FIGURE 8-4 Sun Directory Services Admin Console Extended View (Page 3 of 3)
The data store refers to the physical storage space for SIMS LDAP data (essentially user and group entries). For many environments, the data store configured at installation is adequate, however, you may wish to modify or access the data store configuration for the following purposes:
|
|
Backing up the SIMS data store. The Sun Directory Services Admin Console displays the file space containing the data store. |
|
|
To view or modify the indexed entry attributes. Indexing optimizes searches for entries by attribute. |
|
|
To view the naming contexts stored in the data store. |
|
|
To view the replicas supported by the directory service. |
This section describes the data store configuration settings as they relate to SIMS. These setting are viewable from the Sun Directory Services Admin Console (FIGURE 8-5). For additional conceptual information refer to the SIMS Concepts Guide. For additional information on configurable data store settings, as well as how to create or modifying data stores see the Sun Directory Services 3.1 Administration Guide.
|
|
Datastore Suffix is a naming context contained in the datastore. A data store can have up to four naming contexts. Separate naming contexts might be used to store separate domains. |
|
|
DB Directory refers to the file space containing the SIMS data store. Default: /var/opt/SUNWconn/ldap/dbm. |
|
|
Indexes lists the attributes that are indexed and by what rules they are indexed. Indexing optimizes SIMS entry searches. Any attribute that will be searched should be indexed. The most commonly searched attributes are indexed upon SIMS installation: |
|
|
Naming Contexts shows SIMS naming contexts in the datastore as well as their type (object or subtree) and the mode (master or slave). Master means that this naming context contains the master list of entries. Slave means that this naming context is a replicated copy of the master list of entries. |
|
|
Replica shows the replicated copies of the naming contexts, and what hosts to which they are replicated. Replication is most commonly used in SIMS message access proxies. |