test

Sun Java System Reference Configuration Series: Portal Service on Application Server Cluster

ProcedureTo Register Your Directory Server Instances With DSCC

To manage your Directory Server instances, you must register your instances with the DSCC. Doing so modifies the Directory Server instance's cn=config tree.

To complete this task, you work in both the command-line and the DSCC Web Console interfaces.

  1. Start a Browser.

  2. Go to the Web Console login page.

    https://ds1.pstest.com:6789

    The Web Console login page opens.

  3. Log in to the Web Console by typing the following values and clicking Login.

    Input Field 

    Value 

    User ID 

    root

    (Any authorized user can log in to the Web Console, but you must log in as root to register the DSCC. 

    password 

    root-password

    The DSCC main page in Web Console opens.

  4. In the DSCC main page, locate the list of services and click the link for the Directory Server Control Center.

    The Directory Server Control Center page opens.

  5. Type the following values and click Login.

    Input Field 

    Value 

    User ID 

    admin

    Password 

    directory-admin-password

    The Directory Service Control Center Common Tasks panel appears.

  6. Interrupt the registration procedure to Enable DSCC audit logging.

    The audit logs will show the DSCC entries to be added in the registration steps that follow.

    1. Run the following command on ds1:

      # /opt/SUNWdsee/ds6/bin/dsconf set-log-prop -p 389 audit enabled:on

      You are prompted to accept a certificate.

    2. Type Y to accept the certificate and press Return.

    3. When prompted, type the directory-manager-password and press Return.

      The response should resemble the following:


      time: 20080220175511
dn: cn=config
changetype: modify
replace: nsslapd-auditlog-logging-enabled
nsslapd-auditlog-logging-enabled: on

  7. Returning to the Web Console, click the Directory Servers tab.

    The Directory Servers tab is displayed, and the Enter Host Info panel opens.

  8. Register the Directory Server instance on ds1.

    1. In the Directory Servers tab, locate the More Server Actions drop-down menu and select Register Existing Server.

      The Register Existing Directory Server wizard opens, displaying the Step 1. Enter Host and Server Information panel.

    2. In the Enter Host and Server Information panel, type the following values and click Next.

      Otherwise, keep the default values.

      Input Field 

      Value 

      Instance Path 

      /var/opt/SUNWdsee/ds-inst-ds1

      Description 

      ds-inst-ds1

      The Review Server Certificate panel opens.

    3. Click Next to accept the certificate.

      The Provide Authentication Information panel opens. Keep the default values.

    4. Type the directory-manager-password and click Next.

      The Summary panel opens stating that a restart is required

    5. Click Finish.

      Your Directory Server instance (ds-inst-ds1) restarts and registers with the DSCC.

    6. When the registration process is complete, click Close.

      The Register Existing Directory Server wizard closes.

  9. Register the Directory Server instance on ds2.

    Repeat Step 8, except replace all occurrences of ds1 with ds2 (for example, in the instance name, ds-inst-ds2).

    You now see your Directory Server instances (ds-inst-ds1 and ds-inst-ds2) in the DSCC's list of registered servers.

  10. Check the audit logs for both Directory Server instances.

    # tail -100 /var/opt/SUNWdsee/ds-inst-ds1/logs/audit

    # tail -100 /var/opt/SUNWdsee/ds-inst-ds2/logs/audit

    The audit logs should resemble the following:


    time: 20080421170848
dn: cn=pass through authentication,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginarg0
nsslapd-pluginarg0: ldap://localhost:3998/cn=dscc
- replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
- replace: modifiersname
modifiersname: cn=directory manager
- replace: modifytimestamp
modifytimestamp: 20080421160847Z
- 
time: 20080421170848
dn:
changetype: modify
add: aci
aci: (targetattr = "*") (version 3.0; acl "Enable full access for Directory Services Managers";
 allow (all)(userdn = "ldap:///cn=*,cn=Administrators,cn=dscc");)
aci: (targetattr = "aci") (targetscope = "base") (version 3.0; acl "Enable root ACI modification
 by Directory Services Managers"; allow (all)(userdn = "ldap:///cn=*,cn=Administrators,cn=dscc");)

  11. Check the audit logs for the DSCC registry instance.

    # tail -100 /var/opt/SUNWdsee/dscc6/dcc/ads/logs/audit