Contents


About This Guide

What You Are Expected to Know
The iPlanet Directory Server Access Management Edition Documentation Set
Documentation Conventions Used in This Manual

Typographic Conventions
Terminology

Related Information

Part 1 Read This First

Chapter 1 Introducing iPlanet Directory Server Access Management Edition

iPlanet Products Form the DSAME Solution

Directory Server
Policy Service
Single Sign-On
Management Service
Cross-Domain Single Sign-On
Web Server

Key Features and Benefits

Chapter 2 Deployment Considerations

Directory Issues

If You Already Have an Existing Directory
DSAME Schema
Default DITs
Unsupported DITs
Directory Replication

Policy Management Issues

Roles
Policies and URL Policy Agents
Service Attributes

Installing Other Products for Use With DSAME Services

Remote Web Servers
iPlanet Application Server
URL Policy Agent
Multiple Directory Servers for Failover and High Availability
LDAP Load-Balancers

Hardware and Software Requirements

Optimal Hardware Requirements

Recommended Hardware Configurations

Operating System Requirements
Remote Web Server Requirements
Application Server Requirements
Web Browser Requirements

Part 2 Solaris Installation Instructions

Chapter 3 The DSAME Installation Program for Solaris

Before You Begin
Installation Program Options
Determining Which Installation Options to Use
Starting DSAME Services
Logging In to DSAME
Uninstalling DSAME

To Uninstall DSAME Components

Chapter 4 Simple Installations With No Existing Directory Server

Installing DSAME Services

To Install DSAME Services with Directory Server

Installing iPlanet Directory Server 5.1

Installing Directory Server With the DSAME Package Format
Installing Directory Server Without the DSAME Package Format

Chapter 5 Using an Existing Directory Server

Before You Begin

Supported DITs and Unsupported DITs
Background for Examples Used in This Chapter

Step 1: Install Directory Server 5.1 and Configure it to Work with DSAME
Step 2: Install DSAME Services
Step 3: (Optional) Add Your Custom Object Classes to DSAME Schema
Step 4: (Optional) Configure Alternative Naming Attributes
Step 5: Load DSAME LDIF into Your Directory
Step 6: Load DSAME Service Attributes into Your Directory
Step 7: (Optional) Add DSAME ACIs to Your Default Organization
Step 8: Start DSAME
Step 9: Add DSAME Object Classes and Attributes to Existing Directory Entries
Step 10: Load the Modified LDIF Files
Results of DSAME and Directory Modifications

Chapter 6 Basic Configurations

Installing the Cross-Domain Single Sign-On Component

Installation Overview
To Install the CDSSO Component
To Configure the CDSSO Component
To Configure DSAME Web Agents to Work With the CDSSO Component

Installing Multiple DSAME Instances Against the Same Directory Server
Support for Directory Replication and High Availability

Replication Considerations
Configuring DSAME to Support Directory Replication
Configuring a LDAP Load-Balancers to Work With DSAME

Secure Sockets Layer (SSL)

Step 1: Enable LDAP Over SSL
Step 2: Enable DSAME to Run in SSL Mode
Configuring DSAME Instance to SSL

Part 3 Windows 2000 Installation Instructions

Chapter 7 The DSAME Installation Program for Windows 2000

Before You Begin
Installation Program Options
Silent Installation

To Generate a StateFile
To Run the Silent Installation Program

Determining Which Installation Options to Use
Starting DSAME Services
Logging In to DSAME
Uninstalling DSAME

Chapter 8 Simple Installations With No Existing Directory Server

Installing DSAME Services and Directory Server

To Install DSAME Services with a New Directory Server

Installing a Stand-Alone iPlanet Directory Server

To Install a Stand-Alone iPlanet Directory Server

Chapter 9 Using an Existing Directory Server

Before You Begin

Supported DITs and Unsupported DITs
Background for Examples Used in This Chapter

Step 1: Install Directory Server 5.1 and Configure it to Work With DSAME
Step 2: Install DSAME Services
Step 3: (Optional) Add Your Custom Object Classes to DSAME Schema
Step 4: (Optional) Configure Alternative Naming Attributes
Step 5: Load DSAME LDIF Into Your Directory
Step 6: Load DSAME Service Attributes into Your Directory
Step 7: (Optional) Add DSAME ACIs to Your Default Organization
Step 8: Start DSAME
Step 9: Add DSAME Object Classes and Attributes to Existing Directory Entries
Step 10: Load the Modified LDIF Files
Results of DSAME and Directory Modifications

Chapter 10 Basic Configurations

Installing the Cross-Domain Single Sign-On Component

Installation Overview
To Install the CDSSO Component
To Configure the CDSSO Component
To Configure DSAME Web Agents to Work with the CDSSO Component

Support for Directory Replication and High Availability

Replication Considerations
Configuring DSAME to Support Directory Replication
Configuring a Load-Balancer to Work With DSAME

Secure Sockets Layer (SSL)

Step 1: Enable LDAP Over SSL
Step 2: Enable DSAME to Run in SSL Mode

Part 4 Appendixes

Appendix A DSAME ObjectClasses and Attributes

Using DSAME Object Classes as Markers
Using Alternative Naming Attributes
DITs That Cannot Be Managed by DSAME

Limitations to Consider
Examples of Unsupported DITs

Object Class and Attribute Descriptions

Organization
Container (Organizational Unit)
People Container
Static Group
Assignable Dynamic Group
Filtered Group
User

Appendix B Securing Your Web Server

Requiring Authentication
Creating a Trust Database
Requesting and Installing a VeriSign Certificate
Requesting and Installing Other Server Certificates
Migrating Certificates When You Upgrade
Managing Certificates
Installing and Managing CRLs and CKLs
Setting Security Preferences
Using External Encryption Modules
Setting Client Security Requirements
Setting Stronger Ciphers
Considering Additional Security Issues

Appendix C Managing SSL

Introduction to SSL in the Directory Server
Obtaining and Installing Server Certificates
Activating SSL
Setting Security Preferences
Using Certificate-Based Authentication
Configuring LDAP Clients to Use SSL

Index