Sun Java System Directory Server Enterprise Edition 6.2 Installation Guide

ProcedureTo Create a Directory Server Instance From the Command Line

In this procedure, you create a server instance on the local host using the dsadm command. You then create a suffix that you populate with data using the dsconf command.

Non-root users can create server instances.

A Directory Server instance contains the configuration and data necessary to respond to directory client applications. When you start or stop an instance, you start or stop the server process. The server process is what serves directory client requests corresponding to the data managed by that instance.

The dsadm command enables you to manage a Directory Server instance and the files belonging to that instance on the local host. The command does not let you administer servers over the network, but only directly on the local host. The dsadm command has subcommands for each key management task. For a complete description, see dsadm(1M).

The dsconf command is an LDAP client. The command enables you to configure nearly all server settings on a running Directory Server instance from the command line. You can configure settings whether the server is on the local host or another host that is accessible across the network. The dsconf command has subcommands for each key configuration task. For a complete description, see dsconf(1M).

Before You Begin

Install the component software, then set your PATH as described in Software Installation.

  1. Create a new Directory Server instance.

    $ dsadm create -p port -P SSL-port instance-path

    For example, the following command creates the ds instance under the existing directory, /local/. The new instance has default ports 389 for LDAP, 636 for LDAPS for root users, and 1389 for LDAP, 1636 for LDAPS for non-root users.

    $ dsadm create /local/ds
    Choose the Directory Manager password:
    Confirm the Directory Manager password:
    Use 'dsadm start /local/ds' to start the instance

    The instance is created in a directory on the local file system and not a network file system.

  2. Start the instance.

    $ dsadm start instance-path

    For example, the following command starts the instance located under /local/ds/.

    $ dsadm start /local/ds
    Server started: pid=2845
  3. Verify that you can read the root DSA Specific Entry (DSE) of the new instance.

    $ ldapsearch -h localhost -p 1389 -b "" -s base "(objectclass=*)"
    version: 1
    objectClass: top
    supportedLDAPVersion: 2
    supportedLDAPVersion: 3
    vendorName: Sun Microsystems, Inc.
    vendorVersion: Sun-Java(tm)-System-Directory/6.2

    Note –

    At this point, you have a working server instance. However, you must further configure the server instance. The instance is not yet registered with Directory Service Control Center.

  4. (Optional) Use the new password policy mode, unless the instance belongs to a replication topology with the Directory Server Enterprise Edition 5 instances.

    Your server instance might be standalone. Alternatively, your instance might belong to a replication topology that has already been migrated to the new password policy mode. In either case, perform this step.

    $ dsconf pwd-compat -h localhost -p 1389 to-DS6-migration-mode
    Certificate "CN=hostname, CN=1636, CN=Directory Server, O=Sun Microsystems"
     presented by the server is not trusted.
    Type "Y" to accept, "y" to accept just once, "n" to refuse, "d" for more details: Y
    Enter "cn=Directory Manager" password:
    ## Beginning password policy compatibility changes.
    ## Password policy compatibility changes finished.
    Task completed (slapd exit code: 0).
    $ dsconf pwd-compat -p 1389 to-DS6-mode
    Enter "cn=Directory Manager" password:
    ## Beginning password policy compatibility changes.
    ## Password policy compatibility changes finished.
    Task completed (slapd exit code: 0).
  5. (Optional) Prepare an example suffix.

    1. Create an empty suffix.

      For example, the following command creates a suffix with root dc=example,dc=com.

      $ dsconf create-suffix -h localhost -p 1389 dc=example,dc=com
      Enter "cn=Directory Manager" password:
    2. Populate the suffix with LDIF data.

      If you plan to populate the suffix with data that is replicated from another Directory Server instance, skip this step.

      For example, the following command fills the suffix that you created with sample data from Example.ldif.

      $ dsconf import -h localhost -p 1389 install-path/ds6/ldif/Example.ldif \
      Enter "cn=Directory Manager" password:
      New data will override existing data of the suffix "dc=example,dc=com".
      Initialization will have to be performed on replicated suffixes.
      Do you want to continue [y/n] ?  y
      ## Index buffering enabled with bucket size 40
      ## Beginning import job...
      ## Processing file "install-path/ds6/ldif/Example.ldif"
      ## Finished scanning file "install-path/ds6/ldif/Example.ldif" (160 entries)
      ## Workers finished; cleaning up...
      ## Workers cleaned up.
      ## Cleaning up producer thread...
      ## Indexing complete.
      ## Starting numsubordinates attribute generation.
       This may take a while, please wait for further activity reports.
      ## Numsubordinates attribute generation complete. Flushing caches...
      ## Closing files...
      ## Import complete.  Processed 160 entries in 4 seconds. (40.00 entries/sec)
      Task completed (slapd exit code: 0).
    3. Search for the data in the new instance.

      $ ldapsearch -h localhost -p 1389 -b dc=example,dc=com "(uid=bjensen)"
      version: 1
      dn: uid=bjensen, ou=People, dc=example,dc=com
      cn: Barbara Jensen
      cn: Babs Jensen
      sn: Jensen
      givenName: Barbara
      objectClass: top
      objectClass: person
      objectClass: organizationalPerson
      objectClass: inetOrgPerson
      ou: Product Development
      ou: People
      l: Cupertino
      uid: bjensen
      telephoneNumber: +1 408 555 1862
      facsimileTelephoneNumber: +1 408 555 1992
      roomNumber: 0209
  6. (Optional) Register the server instance with Directory Service Control Center by using either of the following methods.

    • Login to DSCC, and then use the Register Existing Server action on the Servers tab of the Directory Servers tab.

      Access DSCC through the URL https://localhost:6789, http://localhost:8080, or https://localhost:8181 as per the type of distribution you have installed and the way your application server is configured.

    • Use the command dsccreg add-server.

      $ dsccreg add-server -h dscchost --description "My DS" /local/ds
      Enter DSCC administrator's password:
      /local/ds is an instance of DS
      Enter password of "cn=Directory Manager" for /local/ds:
      This operation will restart /local/ds.
      Do you want to continue ? (y/n) y
      Connecting to /local/ds
      Enabling DSCC access to /local/ds
      Restarting /local/ds
      Registering /local/ds in DSCC on dscchost.

      See dsccreg(1M) for more information about the command.

  7. (Optional) If you installed from native packages with the Java Enterprise System distribution, enable the server to restart when the operating system reboots.

    On Solaris 10 and Windows systems, use the dsadm enable-service command.

    root# dsadm enable-service /local/ds

    On Solaris 9 and Red Hat systems, use the dsadm autostart command.

    root# dsadm autostart /local/ds

    If you installed with the zip distribution, this step must be done manually, with a script run at system startup time, for example.

Next Steps

You can add more suffixes, configure replication with other server instances, tune the instance, and generally proceed with other configuration operations.

See the online help for Directory Service Control Center for hints on configuring Directory Server through the graphical user interface.

See Part I, Directory Server Administration, in Sun Java System Directory Server Enterprise Edition 6.2 Administration Guide for instructions on configuring Directory Server with command-line administration tools.