Previous     Contents     Index          Next     
iPlanet Directory Server Access Management Edition Installation and Configuration Guide



Chapter 4   Simple Installations With No Existing Directory Server


This chapter provides instructions for installing iPlanet Directory Server Access Management Edition (DSAME) for evaluation purposes, or for deploying a DSAME directory or services for the first time. These instructions assume that you do not already have iPlanet Directory Server installed on the target computer system.

Topics in this chapter include:


Note

If you plan to use DSAME with an existing Directory Server that is already provisioned with users, see Chapter 5 "Using an Existing Directory Server".




Installing DSAME Services


Use these instructions when you want to do a quick and simple installation to explore the product. You can also use these instructions when you are installing multiple instances of DSAME Services to support directory replication. For more information on directory replication, see"Installing Multiple DSAME Instances Against the Same Directory Server".

When you choose this option, the following components are installed:

  • Directory Server 5.1

  • DSAME Policy service and Management service

  • A Web Server that runs the DSAME Policy and Management services


To Install DSAME Services with Directory Server

You must have root permissions when you run the DSAME installation program. Be sure all web browsers are closed before starting the installation program.

  1. If you're installing DSAME from the product CD, insert the CD into the drive of the system on which you want to install the software.

    If you've downloaded the product, unpack the product binaries file using the following command:

    gunzip -dc dsame-5.1-domestic-us.sparc-sun-solaris2.8.tar.gz | tar -xvof -

  2. Run the aminstall program. On the product CD, you'll find the program in the directory /cdrom/DSAME_51. If you've downloaded the product binaries, you'll find the program in the directory where you untarred the binary files.

    At the command line, enter aminstall.

    The aminstall command accepts the -v [verbose] option. The verbose option gives brief progress messages as the actions of the install program take place. Otherwise, installation messages are written to log files in the following directory:

    /var/opt/SUNWam/install

  3. Read the License Agreement. When prompted, Do you agree to the license terms? Enter y for Yes.

  4. If the following message does not display, then skip to the Step 5.
    One or more components that are part of DSAME 5.1 have been detected on this system.

    If you are going to install components which already exist, you must uninstall them first.

    What would you like to do?
    1) Remove existing components, then continue installation.
    2) Continue installation without removing existing components.
    3) Exit

    • If the above message is displayed, and you want to re-install components listed in the message, then enter 1 to remove the existing components. After uninstallation, the installation program will automatically start again from the beginning.

    • If the message (above) is displayed, and you want to install components that are not listed, then enter 2 to proceed to the next step.

  5. The following options are displayed.
    Select which component to install:

    1) DSAME Management and Policy Services
    2) iPlanet Directory Server 5.1
    3) iPlanet Directory Server Configuration for DSAME
    4) DSAME Cross Domain Single Sign-On
    5) Exit

    When prompted, provide the following information:

    Select which component to install: Enter 1 to install DSAME Services.

    Do you want to install the DSAME Management and Policy Services on iPlanet Application Server? By default, DSAME will be installed with its own Web Server which will power the DSAME services and user interface.

    • If you want to use the default Web Server that comes with DSAME, enter n for No, and then skip to Step 6.

    • If you want to use Application Server instead of the default Web Server to run DSAME services, and Application Server is already installed and running, provide the following information when prompted:

      What directory is the iPlanet Application Server installed in? Enter the full path to the directory where Application Server is installed.

      What is the host name of the machine running the iPlanet Application Server Webserver? This is the Webserver host name that the iPlanet Application Server uses as its web connector.

      What is the sub-domain name ("." for none)? For example, in the name mycomputer.organizationname.madisonparc.com, the sub-domain name is organizationname. If your host computer does not have a sub-domain, enter a period (.).

      What is the domain name? For example, in the name mycomputer.organizationname.madisonparc.com, the domain name is madisonparc.com

      What is the iPlanet Application Server Webserver port? This is the Webserver port number that the Application Server uses as its port.

      Will you be using an existing DIT and schema? Enter n for No.

      What is the root suffix of your directory tree? This is the DSAME root suffix, or the point in your directory where you want DSAME to start managing entries. Enter a distinguished name (DN) that includes at least one type=value pair.

      Examples:

      o=isp

      o=madisonparc

      dc=sun,dc=com

      If you want the default organization to be the root suffix, enter a period (.).


      Note

      The default organization uses the organization (o) object class. If you want to use a different naming attribute such as dc, you must follow the installation instructions in Chapter 5 "Using an Existing Directory Server".


      What is your organization name? Enter a name for the first organization to be created in your DSAME Directory Information Tree (DIT). This name will be displayed in the DSAME graphical user interface. Examples: iPlanet or iplanet.com.

      Do you want to use an existing iPlanet Directory Server? Enter n for No.

      What directory do you want to install the Directory Server in? Enter the path to the directory where Directory Server will be installed. Do not install Directory Server in the same directory as DSAME Services. Ideally, you would install DSAME Services and Directory Server on different computer systems.

      What port should the LDAP server use? The following is an excerpt from iPlanet Directory Server Installation Guide regarding this topic:

      "Port numbers can be any number from 1 to 65535. Keep the following in mind when choosing a port number for your Directory Server:

      The standard Directory Server (LDAP) port number is 389.

      Port 636 is reserved for LDAP over SSL. Therefore, do not use port number 636 for your standard LDAP installation, even if 636 is not already in use. You can also use LDAP over TLS on the standard LDAP port.

      Make sure the ports you choose are not already in use.

      If you are using both LDAP and LDAPS communications, make sure the port numbers chosen for these two types of access are not identical."

      Directory Server Administration userid: Administration Server user ID is used only when the Directory Server is down and you are unable to log in as the configuration directory administrator. The existence of this user ID means that you can access Administration Server and perform disaster recovery activities such as starting Directory Server, reading log files, and so forth.

      Normally, Administration Server user and password should be identical to the configuration directory administrator ID and password.

      Admin password (8 chars minimum): Enter a password for the Directory Server administrator.

      Re-enter Admin password: Enter the password again to confirm it.

      What is the Directory Server admin port? The default port number is 58900.

      Directory Manager DN: The Directory Server administrative user, or Directory Manager, is the administrator who has unlimited access to Directory Server data and configuration. The default DN for the Directory Manager is cn=Directory Manager.

      Directory Manager password (8 chars minimum): Enter a password for the Directory Manager.

      Re-enter Directory Manager password: Enter the password again to confirm it.

      The Top Level Administrator user id is: This is the Administrator who has unlimited access to all entries managed by DSAME. The Super Administrator user id is hardcoded amAdmin. This ensures that the DSAME administrator role and its privileges are created and mapped properly in the Directory Server so that you can log into DSAME product immediately after installation.

      Admin password (8 chars minimum): Enter a password for the Super Administrator.

      Re-enter Admin password: Enter the Super Administrator password again to confirm it.

      Skip to Step 7.

  6. If you're using Application Server instead of the default Web Server that comes with DSAME, then skip to Step 7.

    If you're using the default Web Server that comes with DSAME, provide the following information when prompted:

    Do you wish to continue this installation without the required patches? Enter y for Yes to proceed with the installation. If you wish to install the patches, then enter n for No. For information on installing patches see "Patch Clusters for Solaris".

    What directory do you want to install the Services in? Enter the path to the directory where DSAME Services will be installed. Plan to install the DSAME Services and Directory Server in different directories. Ideally, you would install DSAME Services and Directory Server on different computer systems.

    Do you want to use the existing JDK? Java support in DSAME requires Java Development Kit (JDK) of version 1.3.1 or higher. While a default JDK is provided, you can use your own JDK with the Web Server. If you want to use your own JDK version, then enter n for No and then enter the full path to the version of JDK you want to use. Otherwise, enter y for Yes.

    What is the host name of the machine where the DSAME Services will run? This is the computer system where DSAME components and Web Server are installed together. For example, in the name mycomputer.organizationname.madisonparc.com, the host name is mycomputer.

    What is the sub-domain name ("." for none)? For example, in the name mycomputer.organizationname.madisonparc.com, the organizationname is the sub-domain name. If your host computer does not have a sub-domain, enter a period (.).

    What is the domain name? For example, in the name mycomputer.organizationname.madisonparc.com, the domain name is madisonparc.com

    What is the DSAME Management and Policy Services port? Enter a port number for the Web Server that runs the DSAME services. The default port is 58080.

    Web Server Administration user id: This is the server administrator who has access to the Web Server that runs DSAME services. The default user id is admin.

    Admin password (8 chars minimum): Enter a password for the Web Server Administrator.

    Re-enter Admin password: Re-enter the Web Server Administrator password to confirm it.

    What is the Web Server admin port? Enter a port number for administering the Web Server. The default port number is 58888.

    System User: This is the user the Directory Server will run as. If you have a Directory Server already running, enter the same System User used by that Directory Server. The default is nobody.

    System Group: This is the group the user (above) belongs to. The default is nobody.

    Will you be using an existing DIT and schema? Enter n for No.

    What is the DSAME root of your directory tree? This is the DSAME root suffix, or the point in your directory where you want DSAME to start managing entries. Enter a distinguished name (DN) that includes at least one type=value pair.

    Examples:

    o=isp

    o=madisonparc

    dc=sun,dc=com

    If you want the default organization to be the root suffix, enter a period (.).


    Note

    The default organization uses the organization (o) object class. If you want to use a different naming attribute such as dc, you must follow the installation instructions in Chapter 5 "Using an Existing Directory Server".


    The default is o=isp.

    What is your organization name? Enter a name for the first organization to be created in your DSAME Directory Information Tree (DIT). This name will be displayed in the DSAME graphical user interface. Examples: iPlanet or iplanet.com. The default is iplanet.com.

    Do you want to use an existing iPlanet Directory Server? Enter n for No.

    What directory do you want to install the Directory Server in? Enter the path to the directory where Directory Server will be installed. Do not install Directory Server in the same directory as DSAME Services. Ideally, you would install DSAME Services and Directory Server on different computer systems. The default directory is /usr/iplanet/servers.

    <Path> does not exist, create? If this prompt displays, DSAME can automatically creates a new for you. Enter y for Yes.

    What port should the LDAP server use? The following is an excerpt from iPlanet Directory Server Installation Guide regarding this topic:

    "Port numbers can be any number from 1 to 65535. Keep the following in mind when choosing a port number for your Directory Server:

    The standard Directory Server (LDAP) port number is 389.

    Port 636 is reserved for LDAP over SSL. Therefore, do not use port number 636 for your standard LDAP installation, even if 636 is not already in use. You can also use LDAP over TLS on the standard LDAP port.

    Make sure the ports you choose are not already in use.

    If you are using both LDAP and LDAPS communications, make sure the port numbers chosen for these two types of access are not identical."

    Directory Server Administration user id: Administration Server user id is used only when the Directory Server is down and you are unable to log in as the configuration directory administrator. The existence of this user id means that you can access Administration Server and perform disaster recovery activities such as starting Directory Server, reading log files, and so forth. The default user id is admin.

    Normally, Administration Server user and password should be identical to the configuration directory administrator ID and password.

    Admin password (8 chars minimum): Enter a password for the Directory Server administrator.

    Re-enter Admin password: Enter the password again to confirm it.

    What is the Directory Server admin port? The default port number is 58900.

    Directory Manager DN: The Directory Server administrative user, or Directory Manager, is the administrator who has unlimited access to Directory Server data and configuration. The default DN for the Directory Manager is cn=Directory Manager

    Directory Manager password (8 chars minimum): Enter a password for the Directory Manager.

    Re-enter Directory Manager password: Enter the password again to confirm it.

    What is the deployment URI prefix for the DSAME Management and Policy Services? The Universal Resource Identifier (URI) prefix tells the Web Server where to look for HTML pages associated with a service and also for other web application specific information like classes and jars.

    For example, an authentication service may store a customized login page for each organization in the enterprise. If you are an employee of the Jones Company, you'll see an HTML login page with the Jones logo. If you are an employee of the Smith Company, you'll see an HTML login page with the Smith logo. The HTML pages for each company should be stored in different locations.

    The default URI prefix is /amserver. You can enter a different name.

    What is the deployment URI prefix for the DSAME Administration Console? The Universal Resource Identifier (URI) prefix tells the Web Server where to look for HTML pages that an administration console needs to display and also for other web application specific information like classes and jars.

    The default URI prefix is /amconsole. You can enter a different name.

    The Top-Level Administrator user id is amAdmin: This is the Administrator who has unlimited access to all entries managed by DSAME. The Top-Level Administrator user id is hard coded amAdmin. This ensures that the DSAME administrator role and its privileges are created and mapped properly in the Directory Server so that you can log into DSAME product immediately after installation. Since this is an administrator role, you can add other users to this role after installation.

    Admin password (8 chars minimum): Enter a password for the Super Administrator.

    Re-enter Admin password: Enter the Super Administrator password again to confirm it.

    Do you want to start the iPlanet Directory Server Access Management Edition Server when installation is complete? If you enter y for Yes, DSAME will automatically start up immediately after installation. If you enter n for No, you must start DSAME manually after installation.

    To start DSAME manually, at the command line enter the following command:

    /DSAME_root/SUNWam/bin/amserver start

  7. Are all settings correct? If the settings displayed are not correct, enter n for No and the installation program will start again from close to the beginning. If the settings are correct, enter y for Yes to continue with the installation.

    Select which component to install: When you see the following options displayed, enter 5 to exit the installation program.
    Select which component to install:

    1) DSAME Management and Policy Services
    2) iPlanet Directory Server 5.1
    3) iPlanet Directory Server Configuration for DSAME
    4) DSAME Cross Domain Single Sign-On
    5) Exit

  8. Check the installation log file for errors: The installation log file was indicated after agreeing to the license terms in Step 3. If you have forgotten the file name, the installation log files are in /var/opt/SUNWam/install, and the most recent one can be identified by entering the command:

    ls -ltr /var/opt/SUNWam/install



Installing iPlanet Directory Server 5.1

You can use the DSAME product CD to install iPlanet Directory Server as a stand-alone product. For example, you might want to install Directory Server by itself when you need to upgrade to version 5.1 or when you want to install multiple servers for directory replication. For your convenience, there is a stand-alone version of iPlanet Directory Server 5.1 that you can install by running the DSAME installation program; the DSAME package format is installed automatically. On the DSAME product CD, there is also a Directory Server 5.1 installation program. When you run the Directory Server installation program, the DSAME package format is not installed.


Installing Directory Server With the DSAME Package Format

When you use the DSAME installation program, if you choose the iPlanet Directory Server 5.1 option, Directory Server is installed with the package format. When you use this installation option, you can only install one Directory Server per computer host. If you need to install more than one Directory Server on a single computer, see "Installing Directory Server Without the DSAME Package Format".


To Install iPlanet Directory Server With Package Format

You must have root permissions when you run the DSAME installation program. Be sure all web browsers are closed before starting the installation program.

  1. If you're installing DSAME from the product CD, insert the CD into the drive of the system on which you want to install the software.

    If you've downloaded the product, unpack the product binaries file using the following command:

    gunzip -dc dsame-5.1-domestic-us.sparc-sun-solaris2.8.tar.gz | tar -xvof -

  2. Run the aminstall program. On the product CD, you'll find the program in the directory /cdrom/DSAME_51. If you've downloaded the product binaries, you'll find the program in the directory where you untarred the binary files.

    At the command line, enter aminstall.

    The aminstall command accepts the following -v [verbose] option. The verbose option gives brief progress messages as the actions of the install program take place. Otherwise, installation messages are written to log files in the following directory:

    /var/opt/SUNWam/install

  3. Read the License Agreement. At the prompt, Do you agree to the license terms? enter y for Yes.

  4. If the following message does not display, then skip to the step 5.
    One or more components that are part of DSAME 5.1 have been detected on this system.
    ...
    If you are going to install components which already exist, you must uninstall them first.

    What would you like to do?
    1) Remove existing components, then continue installation.
    2) Continue installation without removing existing components.
    3) Exit

    • If the message (above) is displayed, and Directory Server 5.1 is listed in the message, then enter 1 to remove it. After uninstallation, the installation program will automatically start again from the beginning and you can re-install all DSAME components.

    • If the above message is displayed, and Directory Server 5.1 is not listed in the message, then enter 2 to proceed to the next step.

  5. The following options are displayed.
    Select which component to install:

    1) DSAME Management and Policy Services
    2) iPlanet Directory Server 5.1
    3) iPlanet Directory Server Configuration for DSAME
    4) DSAME Cross Domain Single Sign-On
    5) Exit

    When prompted, provide the following information:

    Select which component to install: Enter 2.

    What directory do you want to install the Directory Server in? Enter the path to the directory where Directory Server will be installed. Do not install Directory Server in the same directory as DSAME Services. Ideally, you would install DSAME Services and Directory Server on different computer systems.

    <Path> does not exist, create? If this prompt displays, DSAME can automatically create a new for you. Enter y for Yes.

    What is the host name of the machine where the Directory Server will run? For example, in the fully qualified domain name mymachine.organizationname.madisonparc.com, the host computer system name is mymachine.

    What is the sub-domain name ("." for none)? For example, in the name mycomputer.organizationname.madisonparc.com, the sub-domain name is organizationname. If your host computer does not have a sub-domain, enter a period (.).

    What is the domain name? For example, in the name mycomputer.organizationname.madisonparc.com, the domain name is madisonparc.com

    What port should the LDAP server use? The following is an excerpt from iPlanet Directory Server Installation Guide regarding this topic:

    "Port numbers can be any number from 1 to 65535. Keep the following in mind when choosing a port number for your Directory Server:

    • The standard Directory Server (LDAP) port number is 389.

    • Port 636 is reserved for LDAP over SSL. Therefore, do not use port number 636 for your standard LDAP installation, even if 636 is not already in use. You can also use LDAP over TLS on the standard LDAP port.

    • Make sure the ports you choose are not already in use.

    • If you are using both LDAP and LDAPS communications, make sure the port numbers chosen for these two types of access are not identical."

    Directory Server Administration userid: Administration Server user ID is used only when the Directory Server is down and you are unable to log in as the configuration directory administrator. The existence of this user ID means that you can access Administration Server and perform disaster recovery activities such as starting Directory Server, reading log files, and so forth.

    Normally, Administration Server user and password should be identical to the configuration directory administrator ID and password.

    Admin password (8 chars minimum): Enter a password for the Directory Server administrator.

    Re-enter Admin password: Enter the password again to confirm it.

    What is the Directory Server admin port? The default port number is 58900

    System User: This is the user the Directory Server will run as. If you have a Directory Server already running, enter the same System User used by that Directory Server. Example: nobody

    System Group: This is the group the user (above) belongs to. Example: nobody.

    What is the root suffix of your directory tree? This is the DSAME root suffix, or the point in your directory where you want DSAME to start managing entries. Enter a distinguished name (DN) that includes at least one equals sign (=).

    Examples:

    o=isp

    o=madisonparc

    dc=sun,dc=com

    If you want the default organization to be the root suffix, enter a period (.).

    Do you want to configure this Directory Server for use by DSAME? If you want to install DSAME schema, enter y for Yes. If you do not want to install DSAME schema, enter n for No.

    Directory Manager DN: The Directory Server administrative user, or Directory Manager, is the administrator who has unlimited access to Directory Server data and configuration. The default DN for the Directory Manager is cn=Directory Manager. Enter the DN you specified when you first installed Directory Server.

    Directory Manager password (8 chars minimum): Enter a password for the Directory Manager. Confirm the password when prompted.

    Do you want to start the iPlanet Directory Server Access Management Edition iDS when installation is complete? If you enter y for Yes, then Directory Server will automatically start up immediately after installation. If you enter n for No, then you must restart DSAME manually after installation.

    To restart Directory Server, enter the commands with root permissions:

    cd Directory_Server_root/slapd-instance_name

    start-slapd

    Are all settings correct? Confirm that the settings are correct. If they are not, choose n for no and the installation program will prompt you for the setting information again.

  6. Enter 5 to exit the installation program.


Installing Directory Server Without the DSAME Package Format

When you use the Directory Server setup program, Directory Server is installed without the DSAME package format. You can use the setup program to install multiple Directory Servers on a single computer host.

If you plan to use directory replications, you'll need to install stand-alone versions of Directory Server 5.1 on more than one computer system. If you want to set up your replications before you install DSAME schema, you can use the Directory Server setup program that comes on the DSAME product CD.


To Install Directory Server Without DSAME Package Format

You must have root privileges when installing Directory Server.

  1. Locate the Directory Server setup program.

    • If you're installing from the DSAME product CD, insert the CD into the drive of the machine where you want to install Directory Server.

    • If you've downloaded the product, unpack the product binaries file using the following command:

      gunzip -dc dsame-5.1-domestic-us.sparc-sun-solaris2.8.tar.gz | tar -xvof -

  2. In the DSAME directory, at the command line, enter the following commands:

    cd SUNWamds/reloc/*/

    cp directory.5.1.us.sparc-solaris.tar /tmp

    cd /tmp

    tar -xvof directory.5.1.us.sparc-solaris.tar

    setup

For detailed installation instructions, see the iPlanet Directory Server Installation Guide that comes with the product. Or access the documentation on the Internet at http://docs.iplanet.com/docs/manuals/directory.html


Previous     Contents     Index          Next     
Copyright 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated May 13, 2002