Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Portal Server 6.1 Installation Guide

Appendix D
Setting Up LDAP Replication for the Sun ONE Portal Server

The main reason for using LDAP replication for your Sun™ ONE Portal Server is to provide higher availability.

This procedure requires that you install the Sun™ ONE Directory Server software on all the machines you want to use for replication, then set up the replication. Next, you install the application server and Portal Server software. The application and Portal Server software can be installed on the machines to be used for replication or on separate machines. Before using the portal server software, you need to update a number of configuration files.

The following instructions are for setting up two machines: one machine with Sun ONE Portal Server software (ps-server) including LDAP and one machine with just LDAP (x-ldap-server). Replication is set up between the two machines and LDAP failover is set up on the machine with the Sun ONE Portal Server software.

For more details and other replication set ups, see Chapter 8, Managing Replication in the Sun ONE Directory Server Administrator’s Guide.

These instructions assume that the default values are used except where specifically noted.

On both machines, install the directory server.

  1. In a terminal window on the machine that will have the portal server installation, as root, go to the directory where the portal server software is and type:

    2. # ./pssetup

  2. Select 2, Install Directory Server only.
  3. Remember the passphase.

Setting Up Replication on the Sun ONE Portal Server Machine

  1. As root, in a terminal window start the directory server console by typing:

    2. # /usr/ldap/startconsole

  2. In the login window that is displayed, enter admin as the user name and the passphrase you chose earlier.
  3. In the left pane of the console, expand the directory.
  4. Select Directory Server (ps-server).
  5. In the right pane, click Open.

    6. A pop-up window is displayed.

  6. Select the Configuration tab.
  7. Expand Replication in the left pane.
  8. Select Replication.
  9. Check Enable Changelog check box in the right pane.
  10. Click Use default button in the right pane.

    11. The default directory value is entered in the Changelog database directory text field.

  11. Click Save.
  12. Select userRoot in the left pane.
  13. Check Enable Replica check box in the right pane.
  14. Select Multiple Master.
  15. Enter a number (1-255) in the Replica ID box. This number needs to be unique for each master.
  16. Enter cn=Directory Manager in the Enter the Supplier DN box.
  17. Click Save.
  18. In the tool bar, click Object and select New Replication Agreement.
  19. Enter a name (you can use the name of the x-ldap-server) for the replication agreement. Add a brief description.
  20. Click Next.
  21. Select Other and insert the fully qualified distinguished name of the machine to be connected to with the port number (default 389).
  22. Click OK.
  23. For Bind as, use cn=Directory Manager and insert the password for the directory server on the x-ldap-server machine being connected to.
  24. Click Next.
  25. Click Next again.
  26. Select Do Not Initialize Consumer and click Next.

    27. The replication agreement is displayed.

  27. Click Done if it is correct.
  28. Click OK.

Setting Up Replication on the Dedicated LDAP Machine

  1. As root, in a terminal window start the directory server console by typing:

    2. # /usr/ldap/startconsole

  2. In the login window that is displayed, enter admin as the user name and the passphrase you chose earlier.

    3. The console is displayed.

  3. In the left pane of the console, expand the directory.
  4. Select Directory Server (x-ldap-server).
  5. In the right pane, click Open.

    6. A pop-up window is displayed.

  6. Select the Configuration tab.
  7. Expand the Replication in the left pane.
  8. Select Replication.
  9. Check Enable Changelog check box in the right pane.
  10. Click Use default button in the right pane.

    11. The default directory value is entered in the Changelog database directory text field.

  11. Click Save.
  12. Select userRoot in the left pane.
  13. Check Enable Replica check box in the right pane.
  14. Select Multiple Master.
  15. Enter a number (1-255) in the Replica ID box. This number needs to be unique for each master.
  16. Enter cn=Directory Manager in the Enter the Supplier DN box.
  17. Click Save.
  18. In the tool bar, click Object and select New Replication Agreement.
  19. Enter a name (you can use the name of the ps-server) for the replication agreement. Add a brief description.
  20. Click Next.
  21. Select Other and insert the fully qualified distinguished name of the machine to be connected to with the port number (default 389).
  22. Click OK.
  23. For Bind as, use cn=Directory Manager and insert the password for the directory server on the ps-server machine being connected to.
  24. Click Next.
  25. Click Next again.
  26. Select Initialize consumer now and click Next.

    27. The replication agreement is displayed.

  27. Click Done if it is correct.
  28. Click OK.

    Note

    To check replication status, select the Status tab. Select Replication Status in the left pane. The right pane displays the name of your replication agreement. You may need to click the Refresh button if you are using multiple replication agreements.

  29. In this set up the Sun ONE Portal Server machine’s LDAP is a consumer of this LDAP and this LDAP is a consumer of the portal server machine’s LDAP. So for each additional consumer portal server machine, repeat Steps 20 to 30.
  30. Stop each LDAP that has been initialized (Step 26), then restart. For example, log into the supplier machine (ps-server) as root and type:

    31. # /usr/ldap/slapd-servername/stop-slapd
    # /usr/ldap/slapd-servername/start-slapd

    Note

    To check replication on the consumer, start the directory server console, expand the directory in the left pane and select Directory Server. Click Open and select the Directory tab on the pop-up window. Expand the entry for the root suffix (default isp). Note that there are few nodes. After installing Sun ONE Application Server and Portal Server software, and starting replication, check isp again. If replication is set up correctly, there should be many nodes.

Adding More Suppliers

When making the replication agreements, each master must have an agreement with every other master. Any supplier you initialize, you need to restart.

Configuring the Sun ONE Portal Server Software

  1. Install the Sun ONE Portal Server software. See Chapter 2, "Installing Sun ONE Portal Server."

Note

The directory server should already be installed. When installing the Sun ONE Portal Server, select the option to use an existing Directory Server and use the directory manager password for that server.

  1. Go to the S1PSBaseDir/config/ums/serverconfig.xml file. Set the configuration to point to the local LDAP.
    1. Copy the Server1 line right below itself.
    2. Edit the lines so they have these values:

      3. <Server name="Server1" host="full-ps-servername" port="389" type="SIMPLE" />

      <Server name="Server2" host="x-ldap-fullservername" port="389" type="SIMPLE" />

    3. If you have multiple suppliers, add similar lines for each one.

      4. <Server name="Server3" host="x-ldap-fullservername2" port="389" type="SIMPLE" />

  2. Go to the S1PSBaseDir/lib/AmConfig.properties file (the default is /opt/SUNWappserver7/SUNWam/lib/AmConfig.properties).
    1. Check that this line is correct:

      2. com.iplanet.am.directory.host=full-ps-servername

    2. Change com.iplanet.am.replica.enable=false to com.iplanet.am.replica.enable=true.
    3. If appropriate, change com.iplanet.am.session.failover.enabled=false to com.iplanet.am.session.failover.enabled=true
  3. Stop the web application container instance.
  4. Stop and restart the amserver.

    5. # /etc/init.d/amserver stop

    # /etc/init.d/amserver start

  5. In a terminal window, restart the web application container instance.
  6. Log in to the Sun ONE Identity Server admin console as administrator.

    7. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  7. Select User Management in the View menu and click on the organization name link in the navigation pane.
  8. Select Services in the Show menu in the navigation pane.
  9. Click on the Properties arrow next to LDAP Authentication in the navigation pane.
  10. Check that the Primary LDAP box only has the full-ps-servername listed. If you have multiple LDAP servers, the Primary LDAP box should list localhost or full-ps-servername|full-ps-servername:389.
  11. To the Secondary LDAP box Add the x-ldap-fullservername to the list.
  12. Click Save to save the configuration.
  13. If you have a number of portal server installations, complete Step 15 to Step 19. If not, you are finished.
  14. Return to the root level by clicking root suffix (default isp) in the location pane.
  15. In the View menu, select Service Management.
  16. Click on the Properties arrow next to Platform in the navigation pane.
  17. Check that the Server List has all of the portal server machines listed using the full-ps-servername for each server.
  18. Click Save.



Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.