To manage your Directory Server instances, you must register your instances with the DSCC. Doing so modifies the Directory Server instance's cn=config tree.
To complete this task, you work in both the command-line and the DSCC Web Console interfaces.
Start a Browser.
Go to the Web Console login page.
https://ds1.pstest.com:6789
The Web Console login page opens.
Log in to the Web Console by typing the following values and clicking Login.
Input Field |
Value |
---|---|
User ID |
root (Any authorized user can log in to the Web Console, but you must log in as root to register the DSCC. |
password |
root-password |
The DSCC main page in Web Console opens.
In the DSCC main page, locate the list of services and click the link for the Directory Server Control Center.
The Directory Server Control Center page opens.
Type the following values and click Login.
Input Field |
Value |
---|---|
User ID |
admin |
Password |
directory-admin-password |
The Directory Service Control Center Common Tasks panel appears.
Interrupt the registration procedure to Enable DSCC audit logging.
The audit logs will show the DSCC entries to be added in the registration steps that follow.
Run the following command on ds1:
# /opt/SUNWdsee/ds6/bin/dsconf set-log-prop -p 389 audit enabled:on
You are prompted to accept a certificate.
Type Y to accept the certificate and press Return.
When prompted, type the directory-manager-password and press Return.
The response should resemble the following:
time: 20080220175511 dn: cn=config changetype: modify replace: nsslapd-auditlog-logging-enabled nsslapd-auditlog-logging-enabled: on |
Returning to the Web Console, click the Directory Servers tab.
The Directory Servers tab is displayed, and the Enter Host Info panel opens.
Register the Directory Server instance on ds1.
In the Directory Servers tab, locate the More Server Actions drop-down menu and select Register Existing Server.
The Register Existing Directory Server wizard opens, displaying the Step 1. Enter Host and Server Information panel.
In the Enter Host and Server Information panel, type the following values and click Next.
Otherwise, keep the default values.
Input Field |
Value |
---|---|
Instance Path |
/var/opt/SUNWdsee/ds-inst-ds1 |
Description |
ds-inst-ds1 |
The Review Server Certificate panel opens.
Click Next to accept the certificate.
The Provide Authentication Information panel opens. Keep the default values.
Type the directory-manager-password and click Next.
The Summary panel opens stating that a restart is required
Click Finish.
Your Directory Server instance (ds-inst-ds1) restarts and registers with the DSCC.
When the registration process is complete, click Close.
The Register Existing Directory Server wizard closes.
Register the Directory Server instance on ds2.
Repeat Step 8, except replace all occurrences of ds1 with ds2 (for example, in the instance name, ds-inst-ds2).
You now see your Directory Server instances (ds-inst-ds1 and ds-inst-ds2) in the DSCC's list of registered servers.
Check the audit logs for both Directory Server instances.
# tail -100 /var/opt/SUNWdsee/ds-inst-ds1/logs/audit
# tail -100 /var/opt/SUNWdsee/ds-inst-ds2/logs/audit
The audit logs should resemble the following:
time: 20080421170848 dn: cn=pass through authentication,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginarg0 nsslapd-pluginarg0: ldap://localhost:3998/cn=dscc - replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on - replace: modifiersname modifiersname: cn=directory manager - replace: modifytimestamp modifytimestamp: 20080421160847Z - time: 20080421170848 dn: changetype: modify add: aci aci: (targetattr = "*") (version 3.0; acl "Enable full access for Directory Services Managers"; allow (all)(userdn = "ldap:///cn=*,cn=Administrators,cn=dscc");) aci: (targetattr = "aci") (targetscope = "base") (version 3.0; acl "Enable root ACI modification by Directory Services Managers"; allow (all)(userdn = "ldap:///cn=*,cn=Administrators,cn=dscc");) |
Check the audit logs for the DSCC registry instance.
# tail -100 /var/opt/SUNWdsee/dscc6/dcc/ads/logs/audit