This section contains information on creating user data instances on the Directory Server 1 and Directory Server 2 host machines. Use the following list of procedures as a checklist for these tasks.
To Create a Base Suffix for the User Data Instance on Directory Server 1
To Create a Base Suffix for the User Data Instance on Directory Server 2
In this procedure, you create a Directory Server instance named am-users for storing user data on Directory Server 1. The new instance uses the ports for non-root users: 1489 for LDAP and 1736 for LDAPS. This instance will be populated with user information in Chapter 7, Configuring an Access Manager Realm for User Authentication.
By default, Directory Server always creates a secure LDAP port when creating an instance. We do not use this port.
As a root user, log in to the DirectoryServer–1 host machine.
Run dsadm create to create a user data instance called am-users.
# cd /var/opt/mps/serverroot/ds6/bin # ./dsadm create -p 1489 -P 1736 /var/opt/mps/am-users Choose the Directory Manager password: d1rm4n4ger Confirm the Directory Manager password: d1rm4n4ger Use 'dsadm start /var/opt/mps/am-users' to start the instance |
Run dsadm start to start the instance.
# ./dsadm start /var/opt/mps/am-users Server started: pid=10381 |
Run netstat to verify that the new instance is up and running.
# netstat -an | grep 1489 .1489 *.* 0 0 49152 0 LISTEN |
Run ldapsearch to verify that you can read the root Directory Server entry (DSE) of the new instance.
# ldapsearch -h DirectoryServer-1.example.com -p 1489 -b "" -s base "(objectclass=*)" version: 1 dn: objectClass: top ... supportedLDAPVersion: 3 vendorname: Sun Microsystems, Inc. vendorVersion: Sun-Java(tm)-System-Directory/6.0 ... |
After creating the user data instance, you create a base suffix in which the entries will be stored.
This procedure assumes you have just completed To Create a User Data Instance for Directory Server 1.
As a root user on the DirectoryServer–1 host machine, run dsconf create-suffix to create a base suffix.
# ./dsconf create-suffix -p 1489 -B dbExample -L /var/opt/mps/am-users/db/exampleDS dc=company,dc=com |
Provide information when prompted.
Certificate "CN=DirectoryServer-1, CN=1736, CN=directory Server, O=Sun Microsystems" presented by the server is not trusted. Type "Y" to accept, "y" to accept just one, "n" to refuese, "d" for more details: Y Enter "cn=Directory Manager" password: d1rm4n4ger |
When you enter an uppercase Y, you are not asked for the certificate again in the next steps.
Run dsconf list-suffixes to verify that the base suffix was successfully created.
# ./dsconf list-suffixes -p 1489 Enter "cn=Directory Manager" password: d1rm4n4ger dc=company,dc=com |
If the base suffix was successfully created, dc=company, dc=com is returned. You can also see am-users in the list of directory instances:
# cd /var/opt/mps # ls am-config am-users serverroot |
Log out of the DirectoryServer–1 host machine.
In this procedure, you create a Directory Server instance named am-users for storing user data on Directory Server 2. The new instance uses the ports for non-root users: 1489 for LDAP and 1736 for LDAPS. This instance will be populated with user information in Chapter 7, Configuring an Access Manager Realm for User Authentication.
By default, Directory Server always creates a secure LDAP port when creating an instance. We do not use this port.
As a root user, log in to the DirectoryServer–2 host machine.
Run dsadm create to create a user data instance called am-users.
# cd /var/opt/mps/serverroot/ds6/bin # ./dsadm create -p 1489 -P 1736 /var/opt/mps/am-users Choose the Directory Manager password: d1rm4n4ger Confirm the Directory Manager password: d1rm4n4ger Use 'dsadm start /var/opt/mps/am-users' to start the instance |
Run dsadm start to start the instance.
# ./dsadm start /var/opt/mps/am-users Server started: pid=10381 |
Run netstat to verify that the new instance is up and running.
# netstat -an | grep 1489 .1489 *.* 0 0 49152 0 LISTEN |
Run ldapsearch to verify that you can read the root DSE of the new instance.
# ldapsearch -h DirectoryServer-2.example.com -p 1489 -b "" -s base "(objectclass=*)" version: 1 dn: objectClass: top ... supportedLDAPVersion: 3 vendorname: Sun Microsystems, Inc. vendorVersion: Sun-Java(tm)-System-Directory/6.0 ... |
After creating an instance, you must create a base suffix in which the entries will be stored.
This procedure assumes you have just completed To Create a User Data Instance for Directory Server 2.
As a root user on the DirectoryServer–2 host machine, run dsconf create-suffix to create a base suffix.
# ./dsconf create-suffix -p 1489 -B dbExample -L /var/opt/mps/am-users/db/exampleDS dc=company,dc=com |
Provide information when prompted.
Certificate "CN=DirectoryServer-2, CN=1736, CN=directory Server, O=Sun Microsystems" presented by the server is not trusted. Type "Y" to accept, "y" to accept just one, "n" to refuese, "d" for more details: Y Enter "cn=Directory Manager" password: d1rm4n4ger |
When you enter an uppercase Y, you are not asked for the certificate again in the next steps.
Run dsconf list-suffixes to verify that the base suffix was successfully created.
# ./dsconf list-suffixes -p 1489 Enter "cn=Directory Manager" password: d1rm4n4ger dc=company,dc=com |
If the base suffix was successfully created, dc=company, dc=com is returned. You can also see am-users in the list of directory instances as follows:
# cd /var/opt/mps # ls am-config am-users serverroot |
Log out of the DirectoryServer–2 host machine.