Previous     Contents     Index     Next     
iPlanet Directory Server Access Management Edition Installation and Configuration Guide



Chapter 9   Simple Installations with
No Existing Directory Server


This chapter provides instructions for installing iPlanet Directory Server Access Management Edition (DSAME) for evaluation purposes, or for deploying a DSAME directory and services for the first time. The instructions here assume that you don't already have a Directory Server installed and deployed.

Topics in this chapter include:


Note

If you plan to use DSAME with an existing Directory Server that is already provisioned with users, see Chapter 10 "Using an Existing Directory Server on page 181.




Installing DSAME Services and Directory Server


Use these instructions when you want to do a quick and simple installation for the purpose of evaluating or exploring the product, and when you're not concerned with connecting to an existing Directory Server or existing user data. When you choose this option, the following components are installed:

  • Directory Server 5.1

  • DSAME Policy service and Management service

  • A Web Server that runs the DSAME Policy and Management services


To Install DSAME Services with a New Directory Server

You must have Administrator privileges when you run the DSAME installation program. Be sure all web browsers are closed before starting the installation program.

  1. If you're installing DSAME from the product CD, insert the CD into the drive of the system on which you want to install the software. If you've downloaded the product, unzip the product binaries file.

  2. Run the setup.exe program. You'll find the program in the root directory of the CD-ROM. If you've downloaded the product binariers, you'll find the program in the directory where you unzipped the binary files.

    Double-click the setup.exe icon.

    Installation messages are written to log files in the following directory:

      C:\Documents and Settings\username.hostname.*\
            Local Setting\Temp\

  3. Read the License Agreement. When prompted, Do you agree to the license terms? Enter y for Yes.

  4. In the Installation Directory, provide the following information:

    Install DSAME in this directory: Enter the path to the directory where DSAME Services will be installed. Plan to install the DSAME Services and Directory Server in different directories. Ideally, you would install DSAME Services and Directory Server on different computer systems.

  5. In the Components to Be Installed/Uninstalled window, select the following components:

    • iPlanet Directory Server

    • DSAME Management and Policy Services

Figure 9-1    Installing DSAME Services with a New Directory Server.

  1. The Installation program installs iPlanet Web Server to run the Management and Policy services. In the iPlanet Web Server Information window, provide the following information about the Web Server that will run DSAME services, and then click Next:

    Administrator: Enter at user name for the administrator who will access and manage the Web Server when necessary.

    Port: Enter a port number. Typically, the default is 8888.

    Password: Enter the password for the Administrator specified above. The Password must be a minimum of 8 characters in length.

    Confirm Password: To confirm the Administrator password, enter it again.

  2. In The Web Server that Runs DSAME Services window, provide the following information, and then click Next:

    Host: This is the computer system where a DSAME components and a dedicated web server will be installed together.

    Port: Enter a port number for the Web Server that runs the DSAME services.

    Protocol: If the Web Server will not be using the Secure Socket Layer (SSL) protocol, then select HTTP. If it will be enabled for SSL, then select HTTPS.

    Domain: Enter the domain name of the computer system where DSAME Services will be installed.

    Deployment URI: The Universal Resource Identifier (URI) prefix tells the Web Server where to look for HTML pages associated with a service.

    For example, an authentication service may store a customized login page for each organization in the enterprise. If you are an employee of the Jones Company, you'll see an HTML login page with the Jones logo. If you are an employee of the Smith Company, you'll see an HTML login page with the Smith logo. The HTML pages for each company should be stored in different locations.

    The default URI prefix is amserver. You can enter a different name.

  3. In the Directory Schema window, provide the following information, and then click Next:

    Do you want DSAME to run in iPlanet-compliance mode? In most cases, select No. The iPlanet-compliant DIT uses specialized directory objects, and its tree structure is optimized for use by hosting companies. For detailed information about iPlanet-compliance mode, see "Compliant vs. Default DIT".

  4. In the Directory Schema window, provide the following information, and then click Next:

    Root Suffix: This is the point in your directory where you want DSAME to start managing entries. Enter a relative distinguished name (RDN) that contains at least one naming_Attribute=value pair. Examples:

      o=isp

      o=madisonparc

      dc=sun,dc=com,l=us

    If you want the default organization to be the root suffix, then enter a period (.).

    Organization Name: Enter a name for the first organization to be used or created in your DSAME Directory Information Tree (DIT). This name will be displayed in the DSAME graphical user interface. Examples: iPlanet or iplanet.com.

    Directory Component Node: Enter the point in the DIT where DSAME will start managing entries. Example: o=isp.

  5. In the iPlanet Directory Server Information window, enter the following, and then click Next.

    Host: Enter the fully qualified domain name of the computers system where Directory Server is installed.

    Port: Enter the Directory Server port number.

    Installation Directory: Enter the full path to the directory where Directory Server is installed.

    Directory Manager: Enter the DN of the user who has restricted access to Directory Server. Example: cn=Directory Manager.

    Password: Enter the password for Directory Manager. The password must be a minimum of eight characters in length.

    Confirm Password: To confirm the Directory Manager password, enter it again.

  6. In the Administration Server that Manages Directory Server window, provide the following information, and then click Next:

    Administrator: Enter the user name of the administrator who will have access to the Administration Server that manages iPlanet Directory Server.

    Port: Enter a port number for the Administration Server that manages Directory Server. By default, this port is set at 8900.

    Password: Enter the password for the user amAdmin. the password must be a minimum of 8 characters in length.

    Confirm Password: To confirm the amAdmin password, enter it again.

  7. In the DSAME Super Administrator Information window, provide the following information, and then click Next:

    User name: The user name for the Super administrator is amAdmin This name cannot be reconfigured.

    Password: Enter the password for the user amAdmin. the password must be a minimum of 8 characters in length.

    Confirm Password: To confirm the amAdmin password, enter it again.

  8. In the Currently Selected Settings window, review the configuration information that you've entered. If you need to make changes, click Back. Otherwise, click Next to proceed.

  9. In the Ready to Install window, review the installation information. If you need to make changes, click Back. Otherwise, click Next to begin the installation.

  10. In the Installation Summary window, click Details for a detailed summary of the configuration information that was processed during Installation. Then click Exit to end the program.



Installing a Stand-Alone iPlanet Directory Server

You can use the DSAME product CD to install iPlanet Directory Server as a stand-alone product that does not contain DSAME schema. This is useful when you need to modify the DIT or configuration before adding DSAME schema. For example, you might want to install a stand-alone Directory Server when you are upgrading an existing Directory Server to version 5.1, or when you are setting up directory replication.

If you plan to use directory replication, you'll need to install stand-alone versions of Directory Server 5.1 on more than one computer system. If you want to set up replication before you install DSAME schema, you can use the Directory Server setup program that comes on the DSAME product CD.


To Install a Stand-Alone iPlanet Directory Server

  1. Run the setup.exe program. You'll find the program in the root directory of the CD-ROM. If you've downloaded the product binariers, you'll find the program in the directory where you unzipped the binary files.

    Double-click the setup.exe icon.

    Installation messages are written to log files in the following directory:

       C:\Documents and Settings\username.hostname.*\
          Local Settings\Temp

  2. Read the License Agreement. When prompted, Do you agree to the license terms? Enter y for Yes.

  3. In the Installation Directory, provide the following information:

    Install DSAME in this directory: Enter the full path to the directory where you want to install DSAME components. Plan to install the DSAME Services and Directory Server in different directories. Ideally, you would install DSAME Services and Directory Server on different computer systems.

  4. In the Components to Be Installed/Uninstalled window, select only iPlanet Directory Server. De-select all other components.

  5. In the Directory Schema window, provide the following information, and then click Next:

    Root Suffix: This is the point in your directory where you want DSAME to start managing entries. Enter a relative distinguished name (RDN) that includes at least one equals sign. Examples:

      o=isp

      o=madisonparc

      dc=sun,dc=com,l=us

    If you want the default organization to be the root suffix, then enter a period (.).

    Install DSAME Schema: If you want to install DSAME schema along with the Directory Server, then click the checkbox until a checkmark displays.

  6. In the iPlanet Directory Server Information window, provide the following information, and then click Next:

    Host: Enter the fully qualified domain name for the computer system where Directory Server will be installed.

    Port: Enter a port number. Directory Server typically uses port 389.

    Installation Directory: Enter the full path to the directory where Directory Server will be installed.

    Directory Manager: Enter the distinguished name (DN) of the user who has unrestricted access to Directory Server. Example: cn=Directory Manager.

    Password: Enter a password for the Directory Server administrator.The password must be at least eight characters in length.

    Confirm Password: Enter the password again to confirm it.

  7. In The Administration Server that Manages Directory Server window, provide the following information, and then click Next:

    Administrator: This administrator user ID is used only when the Directory Server is down and you are unable to log in as the configuration directory administrator (typically, cn=Directory Manager). The existence of this user ID means that you can access Administration Server and perform disaster recovery activities such as starting Directory Server, reading log files, and so forth.

    Normally, Administration Server user and password should be identical to the configuration directory administrator ID and password.

    Port: Enter a port number. The Administration Server that manages Directory Server typically uses port 8900.

    Password: Enter a password for the Directory Server administrator. The password must be minimum eight characters in length.

    Confirm Password: To confirm the Administrator password, enter it again.

  8. In the Currently Selected Settings window, review the configuration information that you've entered. If you need to make changes, click Back. Otherwise, click Next to proceed.

  9. In the Ready to Install window, review the installation information. If you need to make changes, click Back. Otherwise, click Next to begin the installation.

  10. In the Installation Summary window, click Details for a detailed summary of the configuration information that was processed during Installation. Then click Exit to end the program.

Once you've exited the installation program, iPlanet recommends that you optimize the Directory Server for use with the DSAME Policy service and Management service as described in th following section.



Optimizing Directory Server for DSAME


You can optimize DSAME page handling and search performance by modifying the Directory Server configuration. The following measures are necessary when any organization in your directory exceeds 4000 users:

  • Add indexes for the memberof, and uid attributes.

  • Reset the lookthroughlimit parameter.


To Add Appropriate Indexes to Your Directory

  1. Start the Directory Server console. In the directory where Directory Server is installed, double-click the startconsole.exe icon, and then log in.

  2. In iPlanet Console, in the navigation tree, double-click the Directory Server icon.

  3. In the Directory Server console, click the Configuration tab.

  4. In the navigation tree, click the Data icon, and then click Database Settings.

  5. In the right pane, click Default Indexes.

  6. To add the memberof attribute, click Add Attribute, and then do the following:

    1. In the Select Attributes window, select the memberof attribute and then click OK.

    2. In the Default Indexes list, select the memberof attribute and then check the boxes for Equality, Presence, and Substring.

  7. To add a substring index for the uid attribute, in the Default Indexes list:

    1. Select the uid attribute.

    2. Check the boxes for Equality, Presence, and Substring.

  8. Click Save.


To Reset the Lookthroughlimit

  1. In iPlanet Console, in the navigation tree, locate and double -click the Directory Server icon.

  2. In the Directory Server console, click the Configuration tab.

  3. In the navigation tree, click the Data icon and then click the Database Settings.

  4. In the right pane, click LDBM Plug-in Settings.

  5. In the Look Through Limit field, enter a number greater than the number of entries you want the Directory Server to check in response to a search request.

  6. Click Save.



Configuring an Existing Directory Server 5.1 to Work with DSAME

Use this Installation option only after you've installed or upgraded to Directory Server 5.1, and need to install DSAME schema. When you use these instructions, only the DSAME schema is installed. None of your data is overwritten; no other server or services are installed.


To Configure an Existing Directory Server

You must have root permissions when you run the DSAME installation program. Be sure all web browsers are closed before starting the installation program.

  1. Run the setup.exe program. You'll find the program in the root directory directory on the CD-ROM. If you've downloaded the product binariers, you'll find the program in the directory where you unzipped the binary files.

    Double-click the setup.exe icon.

    Installation messages are written to log files in the following directory:

      C:\Documents and Settings\username.hostname.*\
          Local Settings\Temp\

  2. Read the License Agreement. When prompted, Do you agree to the license terms? Enter y for Yes.

  3. In the Installation Directory, provide the following information:

    Install DSAME in this directory: Enter the path to the directory where DSAME Services will be installed. Plan to install the DSAME Services and Directory Server in different directories. Ideally, you would install DSAME Services and Directory Server on different computer systems.

  4. In the Components to Be Installed window, select only Configure an Existing Directory Server. De-select all other components. Then click Next.

  5. In the Currently Selected Settings window, review the configuration information that you've entered. If you need to make changes, click Back. Otherwise, click Next to proceed.

  6. In the Ready to Install window, review the installation information. If you need to make changes, click Back. Otherwise, click Next to begin the installation.

  7. In the Installation Summary window, click Details for a detailed summary of the configuration information that was processed during Installation. Then click Exit to end the program.


Previous     Contents     Index     Next     
Copyright 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated March 27, 2002