Index          Next     
iPlanet Directory Server Access Management Edition Installation and Configuration Guide



Contents


About This Guide
What You Are Expected to Know
The iPlanet Directory Server Access Management Edition Documentation Set
Documentation Conventions Used in This Manual
Typographic Conventions
Terminology
Related Information

Part 1 Read This First




Chapter 1 Introducing iPlanet Directory Server Access Management Edition

iPlanet Products Form the DSAME Solution
Directory Server
Policy Service
Single Sign-On
Management Service
Cross-Domain Single Sign-On
Web Server
Key Features and Benefits
Chapter 2 Deployment Considerations
Directory Issues
If You Already Have an Existing Directory
DSAME Schema
Default DITs
Unsupported DITs
Directory Replication
Policy Management Issues
Roles
Policies and URL Policy Agents
Service Attributes
Installing Other Products for Use With DSAME Services
Remote Web Servers
iPlanet Application Server
URL Policy Agent
Multiple Directory Servers for Failover and High Availability
LDAP Load-Balancers
Hardware and Software Requirements
Optimal Hardware Requirements
Recommended Hardware Configurations
Operating System Requirements
Remote Web Server Requirements
Application Server Requirements
Web Browser Requirements

Part 2 Solaris Installation Instructions




Chapter 3 The DSAME Installation Program for Solaris

Before You Begin
Installation Program Options
Determining Which Installation Options to Use
Starting DSAME Services
Logging In to DSAME
Uninstalling DSAME
To Uninstall DSAME Components
Chapter 4 Simple Installations With No Existing Directory Server
Installing DSAME Services
To Install DSAME Services with Directory Server
Installing iPlanet Directory Server 5.1
Installing Directory Server With the DSAME Package Format
Installing Directory Server Without the DSAME Package Format
Chapter 5 Using an Existing Directory Server
Before You Begin
Supported DITs and Unsupported DITs
Background for Examples Used in This Chapter
Step 1: Install Directory Server 5.1 and Configure it to Work with DSAME
Step 2: Install DSAME Services
Step 3: (Optional) Add Your Custom Object Classes to DSAME Schema
Step 4: (Optional) Configure Alternative Naming Attributes
Step 5: Load DSAME LDIF into Your Directory
Step 6: Load DSAME Service Attributes into Your Directory
Step 7: (Optional) Add DSAME ACIs to Your Default Organization
Step 8: Start DSAME
Step 9: Add DSAME Object Classes and Attributes to Existing Directory Entries
Step 10: Load the Modified LDIF Files
Results of DSAME and Directory Modifications
Chapter 6 Basic Configurations
Installing the Cross-Domain Single Sign-On Component
Installation Overview
To Install the CDSSO Component
To Configure the CDSSO Component
To Configure DSAME Web Agents to Work With the CDSSO Component
Installing Multiple DSAME Instances Against the Same Directory Server
Support for Directory Replication and High Availability
Replication Considerations
Configuring DSAME to Support Directory Replication
Configuring a LDAP Load-Balancers to Work With DSAME
Secure Sockets Layer (SSL)
Step 1: Enable LDAP Over SSL
Step 2: Enable DSAME to Run in SSL Mode
Configuring DSAME Instance to SSL

Part 3 Windows 2000 Installation Instructions




Chapter 7 The DSAME Installation Program for Windows 2000

Before You Begin
Installation Program Options
Silent Installation
To Generate a StateFile
To Run the Silent Installation Program
Determining Which Installation Options to Use
Starting DSAME Services
Logging In to DSAME
Uninstalling DSAME
Chapter 8 Simple Installations With No Existing Directory Server
Installing DSAME Services and Directory Server
To Install DSAME Services with a New Directory Server
Installing a Stand-Alone iPlanet Directory Server
To Install a Stand-Alone iPlanet Directory Server
Chapter 9 Using an Existing Directory Server
Before You Begin
Supported DITs and Unsupported DITs
Background for Examples Used in This Chapter
Step 1: Install Directory Server 5.1 and Configure it to Work With DSAME
Step 2: Install DSAME Services
Step 3: (Optional) Add Your Custom Object Classes to DSAME Schema
Step 4: (Optional) Configure Alternative Naming Attributes
Step 5: Load DSAME LDIF Into Your Directory
Step 6: Load DSAME Service Attributes into Your Directory
Step 7: (Optional) Add DSAME ACIs to Your Default Organization
Step 8: Start DSAME
Step 9: Add DSAME Object Classes and Attributes to Existing Directory Entries
Step 10: Load the Modified LDIF Files
Results of DSAME and Directory Modifications
Chapter 10 Basic Configurations
Installing the Cross-Domain Single Sign-On Component
Installation Overview
To Install the CDSSO Component
To Configure the CDSSO Component
To Configure DSAME Web Agents to Work with the CDSSO Component
Support for Directory Replication and High Availability
Replication Considerations
Configuring DSAME to Support Directory Replication
Configuring a Load-Balancer to Work With DSAME
Secure Sockets Layer (SSL)
Step 1: Enable LDAP Over SSL
Step 2: Enable DSAME to Run in SSL Mode

Part 4 Appendixes




Appendix A DSAME ObjectClasses and Attributes

Using DSAME Object Classes as Markers
Using Alternative Naming Attributes
DITs That Cannot Be Managed by DSAME
Limitations to Consider
Examples of Unsupported DITs
Object Class and Attribute Descriptions
Organization
Container (Organizational Unit)
People Container
Static Group
Assignable Dynamic Group
Filtered Group
User
Appendix B Securing Your Web Server
Requiring Authentication
Creating a Trust Database
Requesting and Installing a VeriSign Certificate
Requesting and Installing Other Server Certificates
Migrating Certificates When You Upgrade
Managing Certificates
Installing and Managing CRLs and CKLs
Setting Security Preferences
Using External Encryption Modules
Setting Client Security Requirements
Setting Stronger Ciphers
Considering Additional Security Issues
Appendix C Managing SSL
Introduction to SSL in the Directory Server
Obtaining and Installing Server Certificates
Activating SSL
Setting Security Preferences
Using Certificate-Based Authentication
Configuring LDAP Clients to Use SSL
Index

Index          Next     
Copyright 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated May 13, 2002