4.1 Installing and Configuring Directory Server 1 and Directory Server 2

This section contains the instructions for installing Directory Server on two different host machines and creating the instances in which Access Manager configuration data will be stored. Use the following list of procedures as a checklist for completing the tasks.

1. To Download Sun Java System Directory Server Enterprise Edition 6.0 and Required Patches

2. To Patch the Directory Server Host Machines

3. To Install Directory Server 1

4. To Create an Access Manager Configuration Data Instance for Directory Server 1

5. To Create a Base Suffix for the Directory Server 1 Access Manager Configuration Data Instance

6. To Install Directory Server 2

7. To Create the Access Manager Configuration Data Instance for Directory Server 2

8. To Create a Base Suffix for the Directory Server 2 Access Manager Configuration Data Instance

To Download Sun Java System Directory Server Enterprise Edition 6.0 and Required Patches

Perform this procedure to download the Sun Java System Directory Server 6.0 bits and the required system patches to both the DirectoryServer–1 host machine and the DirectoryServer–2 host machine.

1. Go to http://www.sun.com/software/products/directory_srvr_ee/get.jsp.

2. Provide the following information in the Select product configuration section and click View Downloads.

   Step 1: Select Component

   Directory Server Enterprise Edition

   Step 2: Select Version

   6.0

   Step 3: Select Delivery Type

   Compress Archive (ZIP)

   Step 4: Select Platform

   Choose the platform you are using.

   The Selection Results page will be displayed with links to the download sites for the Directory Server and required patches.

   ---

   Note –

   The patch numbers generated for download on the Selection Results page are based on your input. Check the most recent Directory Server Enterprise Edition 6.0 Release Notes to determine if you need to install other patches based on your machine's architecture and operating system. In this deployment, the Release Notes indicate that based on the hardware and operating system being used, patch 118855–36, patch 119964–08, and patch 122033–05 are required.

   ---

3. Log into the DirectoryServer–1 host machine as a root user.

4. Run the patchadd command to see if the patches are already installed.

   # patchadd -p | grep 118855–36

   No results are returned which indicates that the patch is not yet installed on the system.

   # patchadd -p | grep 119964–08

   No results are returned which indicates that the patch is not yet installed on the system.

   # patchadd -p | grep 122033–05

   No results are returned which indicates that the patch is not yet installed on the system.

   ---

   Note –

   If these patches are already installed on your machine, proceed to step 7.

   ---

5. Make a directory for the patch downloads and change into it.

   # mkdir /export/patches # cd /export/patches

6. Download the patches.

   You can click on the patch links from the Selection Results page or search for patches directly at http://sunsolve.sun.com. If searching directly, navigate to the PatchFinder page and enter the patch number. For each patch you are downloading, click the HTTP link beside the heading Download Signed Patch (xxx bytes).

   ---

   Note –

   Signed patches are downloaded as JAR files. Unsigned patches are downloaded as ZIP files. In this step, ZIP files are downloaded.

   ---

7. Make a directory for the Directory Server download and change into it.

   # mkdir /export/DS6 # cd /export/DS6

8. Download the Directory Server EE 6.0 - Zip Distribution, Multi Language, (DS/DPS/DE/ISW/DSRK) - No Console) bits.

   ---

   Note –

   No Directory Server Administration Console is installed with these bits. This deployment example uses the command line to configure the software.

   ---

9. Log out of the DirectoryServer–1 host machine.

10. Repeat this same procedure on the DirectoryServer–2 host machine.

To Patch the Directory Server Host Machines

If necessary, perform this procedure to patch both the Directory Server 1 host machine and the Directory Server 2 host machine.

1. Log in to the DirectoryServer–1 host machine as a root user.

2. Change into the directory that contains the downloaded patch files.

   # cd /export/patches

3. Unzip the patch files.

   # unzip 118855–36.zip # unzip 119964-08.zip # unzip 122033-05.zip

4. Install the patches.

   # patchadd /export/patches/118855-36 # patchadd /export/patches/119964-08 # patchadd /export/patches/122033-05

   ---

   Tip –

   You can use the -M option to install all patches at once. See the patchadd man page for more information.

   ---

5. Reboot your machine, if requested.

6. After installation is complete, verify that each patch was added successfully.

   # patchadd -p | grep 118855–36

   A series of patch numbers are displayed, and the patch 118855–36 is present.

   # patchadd -p | grep 119964-08

   A series of patch numbers are displayed, and the patch 119964-08 is present.

   # patchadd -p | grep 122033-05

   A series of patch numbers are displayed, and the patch 122033-05 is present.

7. Log out of the DirectoryServer–1 host machine.

8. Repeat this same procedure on the DirectoryServer–2 host machine.

To Install Directory Server 1

Before You Begin

Patch your machine accordingly and download the Directory Server bits to the host machine.

1. As a root user, log in to the DirectoryServer–1 host machine.

2. Resolve the following issues, if necessary.

   • The LD_LIBRARY_PATH environment variable should not be set to the default setting. Change the value to empty as in the following example:

     # setenv LD_LIBRARY_PATH

   • The JAVA_HOME environment variable should be set appropriately for your system architecture. For example:

     # setenv JAVA_HOME /usr/jdk/jdk1.5.0_07

3. Unzip the Directory Server ZIP file.

   # cd /export/DS6 # ls DSEE.6.0Solaris10-X86_AMD64-full.tar.gz # gunzip DSEE.6.0Solaris10-X86_AMD64-full.tar.gz

4. Untar the resulting Directory Server tar file.

   # tar xvf DSEE.6.0Solaris10-X86_AMD64-full.tar

5. From the resulting directory, run dsee_deploy install to install Directory Server.

   # cd DSEE_ZIP_Distribution # ./dsee_deploy install -c DS -i /var/opt/mps/serverroot

   The Licensing Agreement is displayed. At each Type return to continue prompt, press Return to continue.

6. When Do you accept the license terms? is displayed, enter yes to continue.

   Once you accept the license terms, the Directory Server binaries will be installed in the /var/opt/mps/serverroot/ds6 directory.

To Create an Access Manager Configuration Data Instance for Directory Server 1

After installing the binaries, create an instance of Directory Server 1 named am-config on the DirectoryServer–1 host machine. The instance uses the default ports for non-root users: 1389 for LDAP and 1636 for LDAPS. It will be populated with Access Manager configuration data in To Configure Access Manager 1.

By default, Directory Server always creates a secure LDAP port when creating an instance. We do not use this port.

Before You Begin

This procedure assumes you have just completed To Install Directory Server 1.

1. As a root user on the DirectoryServer–1 host machine, run dsadm create to create the instance.

   # cd /var/opt/mps/serverroot/ds6/bin # ./dsadm create -p 1389 -P 1636 /var/opt/mps/am-config Choose the Directory Manager password: d1rm4n4ger Confirm the Directory Manager password: d1rm4n4ger use 'dsadm start /var/opt/mps/am-config' to start the instance

2. Run dsadm start to start the instance.

   # ./dsadm start /var/opt/mps/am-config Server started: pid=10381

3. Run netstat to verify that the new instance is up and running.

   # netstat -an | grep 1389 .1389 *.* 0 0 49152 0 LISTEN

4. Run ldapsearch to verify that you can read the root Directory Server entry (DSE) of the new instance.

   # ldapsearch -h DirectoryServer-1.example.com -p 1389 -b "" -s base "(objectclass=*)" version: 1 dn: objectClass: top ... supportedLDAPVersion: 3 vendorname: Sun Microsystems, Inc. vendorVersion: Sun-Java(tm)-System-Directory/6.0 ...

To Create a Base Suffix for the Directory Server 1 Access Manager Configuration Data Instance

After creating the configuration data instance of DirectoryServer–1, create a base suffix in which the entries will be stored.

Before You Begin

This procedure assumes you have just completed To Create an Access Manager Configuration Data Instance for Directory Server 1.

1. As a root user on the Directory Server 1 host machine, run dsconf create-suffix to create a new base suffix.

   # cd /var/opt/mps/serverroot/ds6/bin # ./dsconf create-suffix -p 1389 -B dbExample -L /var/opt/mps/am-config/db/exampleDS dc=example,dc=com

2. Provide the appropriate information when prompted.

   Certificate "CN=DirectoryServer-1, CN=1636, CN=directory Server, O=Sun Microsystems" presented by the server is not trusted. Type "Y" to accept, "y" to accept just one, "n" to refuse, "d" for more details: Y Enter "cn=Directory Manager" password: d1rm4n4ger

   ---

   Tip –

   When you enter an uppercase Y, you are not asked for the certificate again in the next steps.

   ---

3. Run dsconf list-suffixes to verify that the base suffix was successfully created.

   # ./dsconf list-suffixes -p 1389 Enter "cn=Directory Manager" password: d1rm4n4ger dc=example,dc=com

4. Log out of the Directory Server 1 host machine.

To Install Directory Server 2

Before You Begin

Patch your machine accordingly and download the Directory Server bits to the host machine.

1. As a root user, log in to the Directory Server 2 host machine.

2. Resolve the following issues, if necessary.

   • The LD_LIBRARY_PATH environment variable should not be set to the default setting. Change the value to empty as in the following example:

     # setenv LD_LIBRARY_PATH

   • The JAVA_HOME environment variable should be set appropriately for your system architecture. For example:

     # setenv JAVA_HOME /usr/jdk/jdk1.5.0_07

3. Unzip the Directory Server ZIP file.

   # cd /export/DS6 # ls DSEE.6.0Solaris10-X86_AMD64-full.tar.gz # gunzip DSEE.6.0Solaris10-X86_AMD64-full.tar.gz

4. Untar the resulting Directory Server tar file.

   # tar xvf DSEE.6.0Solaris10-X86_AMD64-full.tar

5. In the resulting directory, run dsee_deploy install to install Directory Server.

   # cd DSEE_ZIP_Distribution # ./dsee_deploy install -c DS -i /var/opt/mps/serverroot

   The Licensing Agreement is displayed. At each Type return to continue prompt, press Return to continue.

6. When Do you accept the license terms? is displayed, enter yes to continue.

   Once you accept the license terms, the Directory Server binaries will be installed in the /var/opt/mps/serverroot/ds6 directory.

To Create the Access Manager Configuration Data Instance for Directory Server 2

After installing the binaries, create an instance of Directory Server 2 named am-config on the DirectoryServer–2 host machine. The instance uses the default ports for non-root users: 1389 for LDAP and 1636 for LDAPS. It will be populated with Access Manager configuration data in To Configure Access Manager 2.

By default, Directory Server always creates a secure LDAP port when creating an instance. We do not use this port.

Before You Begin

This procedure assumes you have just completed To Install Directory Server 2.

1. As a root user on the DirectoryServer–2 host machine, run dsadm create to create the instance.

   # cd /var/opt/mps/serverroot/ds6/bin # ./dsadm create -p 1389 -P 1636 /var/opt/mps/am-config Choose the Directory Manager password: d1rm4n4ger Confirm the Directory Manager password: d1rm4n4ger use 'dsadm start /var/opt/mps/am-config' to start the instance

2. Run dsadm start to start the instance.

   # ./dsadm start /var/opt/mps/am-config Server started: pid=10381

3. Run netstat to verify that the new instance is up and running.

   # netstat -an | grep 1389 .1389 *.* 0 0 49152 0 LISTEN

4. Run ldapsearch to verify that you can read the root DSE of the new instance.

   # ldapsearch -h DirectoryServer-2.example.com -p 1389 -b "" -s base "(objectclass=*)" version: 1 dn: objectClass: top ... supportedLDAPVersion: 3 vendorname: Sun Microsystems, Inc. vendorVersion: Sun-Java(tm)-System-Directory/6.0 ...

To Create a Base Suffix for the Directory Server 2 Access Manager Configuration Data Instance

After creating the configuration data instance of DirectoryServer–2, create a base suffix in which the entries will be stored.

Before You Begin

This procedure assumes you have completed To Create the Access Manager Configuration Data Instance for Directory Server 2.

1. As a root user on the DirectoryServer–2 host machine, run dsconf create-suffix to create a new base suffix.

   # cd /var/opt/mps/serverroot/ds6/bin # ./dsconf create-suffix -p 1389 -B dbExample -L /var/opt/mps/am-config/db/exampleDS dc=example,dc=com

2. Provide the appropriate information when prompted.

   Certificate "CN=DirectoryServer-2, CN=1636, CN=directory Server, O=Sun Microsystems" presented by the server is not trusted. Type "Y" to accept, "y" to accept just one, "n" to refuese, "d" for more details: Y Enter "cn=Directory Manager" password: d1rm4n4ger

   ---

   Tip –

   When you enter an uppercase Y, you are not asked for the certificate again in the next steps.

   ---

3. Run dsconf list-suffixes to verify that the base suffix was successfully created.

   # ./dsconf list-suffixes -p 1389 Enter "cn=Directory Manager" password: d1rm4n4ger dc=example,dc=com

4. Log out of the DirectoryServer–2 host machine.