Deployment

Once the mapping files have been customized to reflect the state of the LDAP repository, they can be deployed. If the schema of the LDAP server already contains the required object classes and attributes, the script createServiceTree can be run directly, otherwise the script deployApoc must be run.

The deployApoc script is targeted for use with Sun Java^TM System Directory Servers. It will copy the provided schema extension file to the proper directory and cycle the LDAP server, then invoke the createServiceTree script. It must be run as a user with permissions to copy files in the schema repository and restart the server and be invoked by:

./deployApoc <Directoy Server Directory>

The <Directoy Server Directory> parameter must be the path to the slapd-<server name> subdirectory of a Directory Server installation. Assuming the installation used the default directories and the server is named myserver.mydomain, that directory would be /var/Sun/mps/slapd-myserver.mydomain.

The createServiceTree script, whether invoked directly or from the deployApoc script, will prompt the user for the location of the LDAP server (host name, port number and base DN) and for the definition of a user with administrative rights (full DN and password). The script then creates a bootstrap service tree in the LDAP server and stores the mapping files in it. It can be run as any user and is invoked by:

./createServiceTree

The user is then prompted for:

• Host name (default: localhost): host name of the LDAP server,

• Port number (default: 389): port number of the LDAP server,

• Base DN: base DN of the LDAP repository,

• User DN (default: cn=Directory Manager): full DN of a user with enough permissions to create new entries under the base DN,

• Password: password of that user,

An entry whose DN is:

ou=ApocRegistry,ou=default,ou=OrganizationConfig,ou=1.0,ou=ApocService,ou=services, <baseDN>

is created and filled with the contents of the two mapping files.

As mentioned previously, the operations performed by the deployApoc script assume an LDAP server whose installation directories, layout, and schema extension procedure closely match Sun Java System Directory Server's one. Other directories will require a manual extension of the schema before being able to run the createServiceTree script. For further information concerning the use of OpenLDAP and ActiveDirectory, refer to Appendix C, Using OpenLDAP and Active Directory with the Configuration Manager.

The created tree, which matches the one which will hold configuration data associated to entities, is aligned with the structure of the trees used for service management in Sun Java System Identity Server.