5.1 Creating Directory Server Instances for User Data
This section contains information on creating user data instances on the Directory Server 1 and Directory Server 2 host machines. Use the following list of procedures as a checklist for these tasks.
-
To Create a Base Suffix for the User Data Instance on Directory Server 1
-
To Create a Base Suffix for the User Data Instance on Directory Server 2
To Create a User Data Instance for Directory
Server 1
In this procedure, you create a Directory Server instance named am-users for storing user data on Directory Server 1. The new instance uses the ports for non-root users: 1489 for LDAP and 1736 for LDAPS. This instance will be populated with user information in Chapter 7, Configuring an Access Manager Realm for User Authentication.
Note –
By default, Directory Server always creates a secure LDAP port when creating an instance. We do not use this port.
-
As a root user, log in to the DirectoryServer–1 host machine.
-
Run dsadm create to create a user data instance called am-users.
# cd /var/opt/mps/serverroot/ds6/bin # ./dsadm create -p 1489 -P 1736 /var/opt/mps/am-users Choose the Directory Manager password: d1rm4n4ger Confirm the Directory Manager password: d1rm4n4ger Use 'dsadm start /var/opt/mps/am-users' to start the instance
-
Run dsadm start to start the instance.
# ./dsadm start /var/opt/mps/am-users Server started: pid=10381
-
Run netstat to verify that the new instance is up and running.
# netstat -an | grep 1489 .1489 *.* 0 0 49152 0 LISTEN
-
Run ldapsearch to verify that you can read the root Directory Server entry (DSE) of the new instance.
# ldapsearch -h DirectoryServer-1.example.com -p 1489 -b "" -s base "(objectclass=*)" version: 1 dn: objectClass: top ... supportedLDAPVersion: 3 vendorname: Sun Microsystems, Inc. vendorVersion: Sun-Java(tm)-System-Directory/6.0 ...
To Create a Base Suffix for the User Data
Instance on Directory Server 1
After creating the user data instance, you create a base suffix in which the entries will be stored.
Before You Begin
This procedure assumes you have just completed To Create a User Data Instance for Directory Server 1.
-
As a root user on the DirectoryServer–1 host machine, run dsconf create-suffix to create a base suffix.
# ./dsconf create-suffix -p 1489 -B dbExample -L /var/opt/mps/am-users/db/exampleDS dc=company,dc=com
-
Provide information when prompted.
Certificate "CN=DirectoryServer-1, CN=1736, CN=directory Server, O=Sun Microsystems" presented by the server is not trusted. Type "Y" to accept, "y" to accept just one, "n" to refuese, "d" for more details: Y Enter "cn=Directory Manager" password: d1rm4n4ger
Note –When you enter an uppercase Y, you are not asked for the certificate again in the next steps.
-
Run dsconf list-suffixes to verify that the base suffix was successfully created.
# ./dsconf list-suffixes -p 1489 Enter "cn=Directory Manager" password: d1rm4n4ger dc=company,dc=com
If the base suffix was successfully created, dc=company, dc=com is returned. You can also see am-users in the list of directory instances:
# cd /var/opt/mps # ls am-config am-users serverroot
-
Log out of the DirectoryServer–1 host machine.
To Create a User Data Instance for Directory
Server 2
In this procedure, you create a Directory Server instance named am-users for storing user data on Directory Server 2. The new instance uses the ports for non-root users: 1489 for LDAP and 1736 for LDAPS. This instance will be populated with user information in Chapter 7, Configuring an Access Manager Realm for User Authentication.
Note –
By default, Directory Server always creates a secure LDAP port when creating an instance. We do not use this port.
-
As a root user, log in to the DirectoryServer–2 host machine.
-
Run dsadm create to create a user data instance called am-users.
# cd /var/opt/mps/serverroot/ds6/bin # ./dsadm create -p 1489 -P 1736 /var/opt/mps/am-users Choose the Directory Manager password: d1rm4n4ger Confirm the Directory Manager password: d1rm4n4ger Use 'dsadm start /var/opt/mps/am-users' to start the instance
-
Run dsadm start to start the instance.
# ./dsadm start /var/opt/mps/am-users Server started: pid=10381
-
Run netstat to verify that the new instance is up and running.
# netstat -an | grep 1489 .1489 *.* 0 0 49152 0 LISTEN
-
Run ldapsearch to verify that you can read the root DSE of the new instance.
# ldapsearch -h DirectoryServer-2.example.com -p 1489 -b "" -s base "(objectclass=*)" version: 1 dn: objectClass: top ... supportedLDAPVersion: 3 vendorname: Sun Microsystems, Inc. vendorVersion: Sun-Java(tm)-System-Directory/6.0 ...
To Create a Base Suffix for the User Data
Instance on Directory Server 2
After creating an instance, you must create a base suffix in which the entries will be stored.
Before You Begin
This procedure assumes you have just completed To Create a User Data Instance for Directory Server 2.
-
As a root user on the DirectoryServer–2 host machine, run dsconf create-suffix to create a base suffix.
# ./dsconf create-suffix -p 1489 -B dbExample -L /var/opt/mps/am-users/db/exampleDS dc=company,dc=com
-
Provide information when prompted.
Certificate "CN=DirectoryServer-2, CN=1736, CN=directory Server, O=Sun Microsystems" presented by the server is not trusted. Type "Y" to accept, "y" to accept just one, "n" to refuese, "d" for more details: Y Enter "cn=Directory Manager" password: d1rm4n4ger
Note –When you enter an uppercase Y, you are not asked for the certificate again in the next steps.
-
Run dsconf list-suffixes to verify that the base suffix was successfully created.
# ./dsconf list-suffixes -p 1489 Enter "cn=Directory Manager" password: d1rm4n4ger dc=company,dc=com
If the base suffix was successfully created, dc=company, dc=com is returned. You can also see am-users in the list of directory instances as follows:
# cd /var/opt/mps # ls am-config am-users serverroot
-
Log out of the DirectoryServer–2 host machine.
- © 2010, Oracle Corporation and/or its affiliates