This part includes the following chapters.
Chapter 1, Installing Directory Server Enterprise Edition 6.3 explains how to install Directory Service Control Center, Directory Proxy Server, Directory Server, and Directory Server Resource Kit on supported systems.
This chapter also covers the step-by-step instructions to upgrade an existing software installation.
Chapter 2, Uninstalling Directory Server Enterprise Edition 6.3 explains how to remove Directory Proxy Server, Directory Server, Directory Server Resource Kit, and Directory Service Control Center.
This chapter also covers the step-by-step instructions to downgrade to the previous software installation.
For help with installation of Identity Synchronization for Windows software, see Part II, Installing Identity Synchronization for Windows.
This guide does not cover installation with other Java Enterprise System (Java ES) products. If you plan to install Directory Server and Directory Service Control Center software with other Java ES software, read the installation instructions for Java ES software at http://docs.sun.com/coll/1286.3.
This guide does not cover the installation of Directory Editor software. If you plan to install Directory Editor software, first read the Known Problems and Limitations in Directory Editor in Sun Java System Directory Server Enterprise Edition 6.3 Release Notes then read the installation instructions in the Sun Java System Directory Editor 1 2005Q1 Installation and Configuration Guide.
Make sure you read Chapter 6, Directory Editor Bugs Fixed and Known Problems.
This chapter guides you in installing Directory Server Enterprise Edition 6.3 software.
This chapter contains the following sections:
Installation Procedure Quick Reference provides you with the complete information on what you require to install or upgrade to Directory Server Enterprise Edition 6.3.
Software Installation provides step by step instructions on how to install Directory Server Enterprise Edition software. It also provides step by step instructions on how to upgrade the Directory Server Enterprise Edition 6.0, 6.1, and 6.2 installations.
Server Instance Creation provides step by step instructions on how to create server instances after you install the software.
Working With Sun Cryptographic Framework on Solaris 10 Systems provides instructions for deployments that use SSL hardware acceleration.
At the end of this chapter, you will have verified that the software that you installed works as expected. You can then continue to configure the software as described in the Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide.
This section provides you with the complete information on what you require to install or upgrade to Directory Server Enterprise Edition 6.3.
From the following table, based on your current installation and the type of distribution you are using for installation, you can directly access the related information to install or upgrade to Directory Server Enterprise Edition 6.3.
Previous Directory Server Enterprise Edition Version |
Software Distribution |
Related Information |
---|---|---|
None or 5.x |
Native (Solaris and Linux) |
Look for the information in the following sequence:
In case of 5.x, you need to migrate Directory Server instances to 6.3. See Sun Java System Directory Server Enterprise Edition 6.3 Migration Guide. |
None or 5.x |
Native (Windows) |
Look for the information in the following sequence:
In case of 5.x, you need to migrate Directory Server instances to 6.3. See Sun Java System Directory Server Enterprise Edition 6.3 Migration Guide. |
None or 5.x |
Zip |
See To Install Directory Server Enterprise Edition 6.3 From Zip Distribution to install Directory Server Enterprise Edition 6.3. Also see, Installing Directory Service Control Center From Zip Distribution In case of 5.x, you need to migrate Directory Server instances to 6.3. See Sun Java System Directory Server Enterprise Edition 6.3 Migration Guide. |
6.0, 6.1, or 6.2 |
Native |
See To Upgrade Directory Server Enterprise Edition Using Native Packages to upgrade to version 6.3. |
6.0, 6.1, or 6.2 |
Zip |
See To Install Directory Server Enterprise Edition 6.3 From Zip Distribution to install Directory Server Enterprise Edition 6.3. Also see, Installing Directory Service Control Center From Zip Distribution |
This section covers basic installation. After you install server software, see Server Instance Creation for instructions on creating server instances.
Installing Directory Server Enterprise Edition Using Native Packages
Installing Directory Server Enterprise Edition Using Zip Distribution
Before you proceed with the installation, check Operating System Requirements in Sun Java System Directory Server Enterprise Edition 6.3 Release Notes
This guide does not cover the installation of Directory Editor software. If you plan to install Directory Editor software, first read the Known Problems and Limitations in Directory Editor in Sun Java System Directory Server Enterprise Edition 6.3 Release Notes then read the installation instructions in the Sun Java System Directory Editor 1 2005Q1 Installation and Configuration Guide.
Directory Server Enterprise Edition is also installed in French, German, Spanish, Japanese, Korean, Simplified Chinese, and Traditional Chinese languages. Instructions to install the multilingual packages are provided in the following sections, wherever required.
To install Directory Server Enterprise Edition 6.3 using native packages, you must have 6.0, 6.1, or 6.2 installed on your computer and then upgrade to 6.3. Refer to the following procedure to install Directory Server Enterprise Edition 6.3 successfully
Install Directory Server Enterprise Edition 6.0, 6.1, or 6.2. In this guide, the installation instructions for Directory Server Enterprise Edition 6.2 are shown.
On Windows, you cannot install Directory Server Enterprise Edition 6.2 directly, so you must install version 6.0 then directly upgrade to 6.3.
Upgrade all the shared components to successfully upgrade to Directory Server Enterprise Edition 6.3. For detailed information, refer to To Upgrade Shared Components Using Patches.
Upgrade your Directory Server Enterprise Edition installation to 6.3 by applying the respective patches as mentioned in To Upgrade Directory Server Enterprise Edition Using Native Packages.
You can install Directory Service Control Center, Directory Server, and Directory Proxy Server on the same host but in the following procedure it is shown as if all the three components are being installed on different computers. If you install all the three components on the same computer, in the components selection screen shown in the following procedure, select all the three components to install.
This procedure covers installation of Directory Server from native packages. You must be root to perform this procedure.
If you installed Directory Service Control Center, you automatically installed Directory Server from native packages. You can use the Directory Server software that is installed alongside DSCC to create your own additional Directory Server instances on the system.
Obtain the Java Enterprise System update 1 distribution for this installation, as shown in the following figure:
Complete the following worksheet for your installation.
Requisite Information |
Hints |
Your Answers |
---|---|---|
Fully qualified hostname of the system where you install Directory Server |
Example: ds.example.com | |
(Optional) Cacao common agent container port number to access from Directory Service Control Center |
Default: 11162 | |
File system paths where you create Directory Server instances |
Example: /local/ds/ Create instances only on local file systems, never on network–mounted file systems such as NFS. Each path is henceforth referred to as an instance-path. | |
LDAP port number |
Default: 389 - root installation; 1389 - non-root installation | |
LDAP/SSL port number |
Default: 636 - root installation; 1636 - non-root installation | |
Directory Manager DN |
Default: cn=Directory Manager | |
Directory Manager password |
Must be at least 8 characters long | |
Base suffix DN |
Example: dc=example,dc=com | |
(UNIX systems) Server user (uid) |
Example: noaccess | |
(UNIX systems) Server group (gid) |
Example: noaccess |
Install prerequisite patches or service packs for your platform.
Using the Java Enterprise System distribution, run the Java ES installer as root.
root# ./installer |
Select the Directory Server component for installation.
If you do not want to install the multilingual packages, deselect the Install multilingual package(s) for all selected components check box.
Choose to configure the software later, as you will upgrade the software to 6.3.
Complete installation with the Java ES installer.
This procedure covers installation of Directory Proxy Server from native packages. You must be root to perform this procedure.
Obtain the Java Enterprise System update 1 distribution for this installation, as shown in the following figure:
Complete the following worksheet for your installation.
Requisite Information |
Hints |
Your Answers |
---|---|---|
Fully qualified hostname of the system where you install Directory Proxy Server |
Example: dps.example.com | |
(Optional) Cacao common agent container port number to access from Directory Service Control Center |
Default: 11162 | |
File system paths where you create Directory Proxy Server instances |
Example: /local/dps/ Create instances only on local file systems, never on network–mounted file systems such as NFS. Each path is henceforth referred to as an instance-path. | |
LDAP port number |
Default: 389 - root installation; 1389 - non-root installation | |
LDAP/SSL port number |
Default: 636 - root installation; 1636 - root installation | |
Directory Proxy Manager DN |
Default: cn=Proxy Manager | |
Directory Proxy Manager password |
Must be at least 8 characters long | |
(UNIX platforms) Server user (uid) |
Example: noaccess | |
(UNIX platforms) Server group (gid) |
Example: noaccess | |
(Optional) Connection information for each server to access through the proxy |
Example: ds1.example.com:1389, ds2.example.com:1636 |
Install prerequisite patches or service packs for your platform.
Using the Java Enterprise System distribution, run the Java ES installer as root.
root# ./installer |
Select the Directory Proxy Server component for installation.
If you do not want to install the multilingual packages, deselect the Install multilingual package(s) for all selected components check box.
Choose to configure the software later, as you will upgrade the software to 6.3.
Complete installation with the Java ES installer.
This procedure covers installation of Directory Service Control Center, also known as DSCC, and remote administration command-line tools.
You must be root to perform this procedure.
You can also install Directory Service Control Center with the Zip distribution by deploying the WAR file provided with the software packages. For more information, see Installing Directory Service Control Center From Zip Distribution.
When you install DSCC, you automatically install Directory Server from native packages. DSCC uses its own local instance of Directory Server to store information about your directory service configuration. The instance is referred to as the DSCC Registry.
You can use the Directory Server software that is installed alongside DSCC to create your own additional Directory Server instances on the system.
Obtain the Java Enterprise System update 1 distribution for this installation, as shown in the following figure:
Complete the following worksheet for your installation.
Requisite Information |
Hints |
Your Answers |
---|---|---|
Hostname of the system where you install DSCC |
| |
root password for the system |
| |
Java Web Console URL |
Default: https://hostname:6789 | |
Directory Service Manager password |
|
Install prerequisite patches or service packs for your platform.
With the Java Enterprise System distribution, run the Java ES installer as root.
# ./installer |
Select the Directory Service Control Center component for installation.
If you do not want to install the multilingual packages, deselect the Install multilingual package(s) for all selected components check box.
Choose to configure the software later, as you will upgrade the software to 6.3.
Complete installation with the Java ES installer.
The native packages are installed on the system.
Before upgrading Directory Server Enterprise Edition to 6.3 using native packages, you must upgrade the shared components. You must be root to perform this procedure.
Using patches, you can upgrade shared components on Solaris, Linux, and Windows. On Linux, to install patches you must use installpatch, when available.
Select the platform as per your requirements and install all the patches specified for that platform. If newer patch revisions become available, use the newer ones instead of those shown in the table.
Description |
Solaris 10 SPARC and Solaris 9 SPARC |
Solaris 10 x86, AMD x64 and Solaris 9 x86 |
Linux |
---|---|---|---|
International Components for Unicode (ICU) |
119810-04 (Solaris 10) 114677-14 (Solaris 9) |
119811-04 (Solaris 10) 114678-14 (Solaris 9) | |
Sun Java Web Console (SJWC) |
125952-05 (Solaris 10) 125950-05 (Solaris 9) |
125953-05 (Solaris 10) 125951-05 (Solaris 9) | |
Network Security Services/Netscape Portable Runtime/Java Security Services (NSS/NSPR/JSS) |
Refer to the table below for complete patch information. |
Refer to the table below for complete patch information. | |
Java Dynamic ManagementTM Kit Runtime | |||
Common Agent Container Runtime | |||
Sun Java Monitoring Framework (MFWK) |
125446-11 (Solaris 10 64–bit and Solaris 10 32–bit) 125445-11 (Solaris 10 32–bit and Solaris 9 32-bit) |
Choose the right NSS/NSPR/JSS patch for your system by getting the package version of SUNWpr and SUNtls on your system.
# pkginfo -l SUNWpr | grep VERSION # pkginfo -l SUNWtls | grep VERSION |
Then choose the right patch series from the table below.
Solaris |
Package Version |
Network Security Services/Netscape Portable Runtime/Java Security Services (NSS/NSPR/JSS) patch |
---|---|---|
Solaris 9 SPARC |
SUNWpr: VERSION=4.1.2,REV=2002.09.03.00.17 SUNWtls: VERSION=3.3.2,REV=2002.09.18.12.49 | |
Solaris 9 x86 |
SUNWpr: VERSION=4.1.3,REV=2003.01.09.13.59 SUNWtls: VERSION=3.3.3,REV=2003.01.09.17.07 | |
Solaris 10 SPARC |
SUNWpr: VERSION=4.5.1,REV=2004.11.05.02.30 SUNWtls: VERSION=3.9.5,REV=2005.01.14.17.27 | |
Solaris 10 x86 |
SUNWpr: VERSION=4.5.1,REV=2004.11.05.03.44 SUNWtls: VERSION=3.9.5,REV=2005.01.14.19.03 | |
Solaris 9 SPARC and Solaris 10 SPARC |
SUNWpr: VERSION=4.6.4,REV=2006.11.16.20.40 SUNWtls: VERSION=3.11.4,REV=2006.11.16.20.40 | |
Solaris 9 x86 and Solaris 10 x86 |
SUNWpr: VERSION=4.6.4,REV=2006.11.16.21.41 SUNWtls: VERSION=3.11.4,REV=2006.11.16.21.41 |
On Windows, before you upgrade Common Agent Container Runtime shared component, you must run the following command:
cacaoadm.exe prepare-uninstall |
Description |
Windows |
---|---|
Windows Installer Patch | |
Sun Java Web Console (SJWC) | |
Network Security Services/Netscape Portable Runtime/Java Security Services (NSS/NSPR/JSS) | |
Common Agent Container Runtime | |
Sun Java Monitoring Framework (MFWK) |
Before upgrading Directory Server Enterprise Edition 6.2 to 6.3, you need to upgrade only the Common Agent Container shared component.
Shut down any processes using the shared components.
If applicable, shut down the shared components.
Obtain the latest upgrade patches as shown in the table above.
For more information on how to obtain the patches, see Getting the Software in Sun Java System Directory Server Enterprise Edition 6.3 Release Notes.
Apply the appropriate patches for the shared components.
Read the README.patchID file for detailed patch installation procedures.
Verify that the patch upgrades were successful.
Read the README.patchID file for verification procedure.
If applicable, restart the shared components.
Make sure all the shared components are up-to-date. For more information, see To Upgrade Shared Components Using Patches.
If you already have Directory Server Enterprise Edition 6.0, 6.1, or 6.2 installed, upgrade to version 6.3 using the following procedure.
You must be root to perform these steps.
All the Directory Server instances, Directory Proxy Server instances, and configuration information remain unaffected after you complete the Directory Server Enterprise Edition upgrade.
The following table displays the patch numbers that are required to upgrade Directory Server Enterprise Edition on different platforms. If newer patch revisions become available, use the newer ones instead of those shown in the table.
Description |
Directory Server Enterprise Edition core |
Directory Server Enterprise Edition localization |
---|---|---|
Patch ID: Solaris SPARC | ||
Patch ID: Solaris 9 x86 | ||
Patch ID: Solaris 10 x86 or AMD x64 | ||
Patch ID: Linux | ||
Patch ID: Windows The Directory Server Enterprise Edition 6.1 patch was not delivered for Windows so this patch is not applicable to upgrade 6.1 installation. |
To make the localized Directory Server Enterprise Edition work successfully, install the localized patches before installing the core patches.
Each localization patch contains all the supported languages for the selected platform.
Stop the DSCC registry.
On Solaris
# dsadm stop /var/opt/SUNWdsee/dscc6/dcc/ads |
On Linux
# dsadm stop /var/opt/sun/dscc6/dcc/ads |
On Windows
dsadm.exe stop C:\Program Files\Sun\JavaES5\DSEE\var\dscc6\dcc\ads |
Stop any running instances of Directory Server and Directory Proxy Server.
Upgrade the shared components. See To Upgrade Shared Components Using Patches.
Download the Directory Server Enterprise Edition 6.3 patch.
See Getting the Software in Sun Java System Directory Server Enterprise Edition 6.3 Release Notes for more details.
Change to the directory where you have saved the patch.
Run the following command to install the patch.
Solaris OS
Before upgrading Directory Server Enterprise Edition, you must install 119254-38 on Solaris 10 SPARC and 119255-38 on Solaris 10 x86. See Getting the Software in Sun Java System Directory Server Enterprise Edition 6.3 Release Notes for information on downloading patches.
Alternatively, use -G with the patchadd command on Solaris 10 SPARC and Solaris 10 x86 while applying the Directory Server Enterprise Edition upgrade patch.
For example, # patchadd -G patch-id
For rest of the Solaris OS, use the following command:
# patchadd patch-id
Linux
Open the directory where the installpatch file is located.
Run installpatch.
# ./installpatch |
During installation, if installpatch reports an error, you must resolve the error and install the patch again.
Windows
Open the folder where the patch-id.exe executable file is located.
Double click patch-id.exe.
The localized patches are delivered within the base patch.
After the successful installation of the patch, run the following commands:
# dsccsetup console-unreg # dsccsetup console-reg |
Start the Directory Server instances and Directory Proxy Server instances, if any.
Restart the DSCC registry.
On Solaris
# dsadm start /var/opt/SUNWdsee/dscc6/dcc/ads |
On Linux
# dsadm start /var/opt/sun/dscc6/dcc/ads |
On Windows
dsadm.exe start C:\Program Files\Sun\JavaES5\DSEE\var\dscc6\dcc\ads |
After installing the software, see Environment Variables.
During the installation process, if dsee_deploy finds that Directory Server Enterprise Edition is already installed on your computer, it upgrades the previous installation automatically. Backup the Directory Server Enterprise Edition installation directory, if any, before upgrading to Directory Server Enterprise Edition 6.3, as later you will not be able to restore any previous Directory Server Enterprise Edition installation.
The zip version of Directory Server Enterprise Edition 6.3 removes any previous partial installation of Directory Server Enterprise Edition.
You can install the zip distribution as non-root user.
On SuSE Linux:
Directory Server Enterprise Edition for SuSE Linux is available only in the zip distribution. Identity Synchronization for Windows and Directory Editor components are not supported.
On SuSE Linux 9, you must have SP4 on your system. If SP4 is not installed on your SuSE Linux 9 computer, upgrade your operating system. You can install Directory Server Enterprise Edition using any of the following procedures:
Install Directory Server Enterprise Edition 6.3 zip distribution directly on SuSE Linux 9 SP4 system as mentioned in this section.
Upgrade the previous Directory Server Enterprise Edition 6.2 zip installation. As Directory Server Enterprise Edition 6.2 supports only SuSE Linux SP3, you must upgrade your operating system to SuSE Linux SP4 before upgrading Directory Server Enterprise Edition to 6.3. For more details, refer to the To Upgrade Directory Server Enterprise Edition From Zip Distribution section.
On SuSE 64-bit, .pam-32bit-9-yyyymmddhhmm.rpm is a prerequisite for cacao to start. You must install it if not already present on your system.
SuSE Linux Enterprise Server provides a set of scripts in /etc/profile.d/ to automatically set the appropriate environment as per the installed software. Therefore, you must reset the following Java environment variables to none before you start working on the product using commands.
JAVA_BINDIR
JAVA_HOME
JRE_HOME
JAVA_ROOT
On HP-UX:
You must have HP-UX 11.23 installed on your computer. If not, you must upgrade your operating system. You can install Directory Server Enterprise Edition using any of the following procedures:
Install Directory Server Enterprise Edition 6.3 zip distribution directly on HP-UX 11.23 system as mentioned in this section.
Upgrade the previous Directory Server Enterprise Edition 6.0 or 6.1 zip installation. As Directory Server Enterprise Edition 6.0 and 6.1 support only HP-UX 11.11, you must upgrade your operating system to HP-UX 11.23 before upgrading Directory Server Enterprise Edition to 6.3. For more details, refer to the To Upgrade Directory Server Enterprise Edition From Zip Distribution section.
Patch Table for Zip Distribution
Refer to the following table for information about the appropriate zip patch for your system. If newer patch revisions become available, use the newer ones instead of those shown in the table.
Operating System |
Patch number |
---|---|
Solaris SPARC | |
Solaris 9 x86 | |
Solaris 10 x86 and AMD x64 | |
Red Hat Linux | |
SuSE Linux | |
HP-UX | |
Windows |
All the multilingual files are included in the above mentioned patches.
Complete the worksheet given below before you start your installation.
By default, the user and group IDs for zip installations are those of the user performing the installation.
Obtain the zip distribution for this installation.
Install the prerequisite patches or service packs for your platform.
Change to the zip distribution directory that contains the dsee_deploy command.
Install the software with the dsee_deploy(1M) command.
$ ./dsee_deploy install -i install-path options |
On Windows, browse to the zip distribution folder that contains the dsee_deploy command and run the following command:
dsee_deploy install -i install-path options |
For example, the following command installs the component in the /local directory, assuming that you have write access to the directory.
$ ./dsee_deploy install -i /local |
You can also use the --no-inter option to install in non-interactive mode, accepting the license without confirmation. Non-interactive mode is particularly useful for silent installation.
This step installs a Common Agent Container, cacao, with the local Directory Service Control Center agent as well, allowing you to use DSCC to create server instances. The previous command works properly only if you have not yet installed a Common Agent Container using the default port, 11162.
If you installed DSCC previously on the same system, a Common Agent Container using the default port is already installed. Specify a different port using the -p option.
$ ./dsee_deploy install -i /local -p 11169 |
During the installation process, a WAR file is saved on your system. The WAR file contains the DSCC web application which when deployed with the application server enables you to access and manage the server instances through web console. The functionality is similar to DSCC in native packages. For more information about WAR file, see Installing Directory Service Control Center From Zip Distribution.
During the installation process, the multilingual packages are also installed.
(Optional) Load sample data in your directory.
Examples that use command-line tools depend on sample data residing under the dc=example,dc=com suffix of your directory.
You can set up part of the data that is required by creating a dc=example,dc=com suffix. You can then populate the suffix with entries from the ds6/ldif/Example.ldif file.
Create a new Directory Server instance and start the instance.
$ dsadm create -p port -P SSL-port instance-path $ dsadm start instance-path |
Read the Example.ldif file to find bind passwords needed in the examples.
Create suffix and load the Example.ldif content into the directory by using the following commands:
$ dsconf create-suffix -h localhost -p 1389 dc=example,dc=com $ dsconf import -h localhost -p 1389 install-path/ds6/ldif/Example.ldif \ dc=example,dc=com |
For more information, see To Create a Directory Server Instance From the Command Line.
Generate test data for examples by using the makeldif(1) command and the following template:
define suffix=dc=example,dc=com define maildomain=example.com branch: ou=test,[suffix] subordinateTemplate: person:100 template: person rdnAttr: uid objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson givenName: <first> sn: <last> cn: {givenName} {sn} initials: {givenName:1}{sn:1} employeeNumber: <sequential> uid: test{employeeNumber} mail: {uid}@[maildomain] userPassword: auth{employeeNumber}{employeeNumber} telephoneNumber: <random> description: This is the description for {cn}.
Copy the template content to template.ldif and use commands such as the following to generate the data in test.ldif and to load the content into the directory.
$ cd install-path/dsrk6/bin/example_files/ $ ../makeldif -t test.template -o test.ldif Processing complete. 101 total entries written. $ ../ldapmodify -a -c -D uid=hmiller,dc=example,dc=com -w - -f test.ldif Enter bind password: … |
If you read Example.ldif, you see that the password for hmiller is hillock.
After installing the software, see Environment Variables.
The Directory Server Enterprise Edition zip distribution includes a WAR file (dscc.war) that contains the Directory Service Control Center (DSCC) web application. The WAR file is deployed with the application server to enable you to do the following tasks:
Connect to DSCC without having an operating system login account on the system hosting DSCC.
Deploy DSCC without root privileges as the application server enables DSCC.
The WAR file supports the following application servers:
Sun Java System Application Server 8.2
Tomcat 5.5
The following two procedures contain information about deploying the WAR file with Sun Java System Application Server and Tomcat respectively.
After you install Directory Server Enterprise Edition, the WAR file, dscc.war, is at the following location:
install-path/var/dscc6/ |
Initialize the DSCC registry.
$ install-path/dscc6/bin/dsccsetup ads-create Choose password for Directory Service Manager: Confirm password for Directory Service Manager: Creating DSCC registry... DSCC Registry has been created successfully |
Create an application server instance.
$ mkdir /local/domainroot $ setenv AS_DOMAINS_ROOT /local/domainroot $ cd app-server-install-path/bin $ asadmin create-domain --domaindir ${AS_DOMAINS_ROOT} --adminport 3737 \ --adminuser boss dscc |
Edit the server.policy file.
Open the server.policy file.
$ vi ${AS_DOMAINS_ROOT}/dscc/config/server.policy |
Add the following statements to the end of the file:
// Permissions for Directory Service Control Center grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/dscc/-" { permission java.security.AllPermission; }; |
This configures the application server to grant all of the Java permissions to the DSCC application.
Deploy the WAR file in your application server instance.
$ asadmin start-domain --domaindir ${AS_DOMAINS_ROOT} --user username dscc $ cp install-path/var/dscc6/dscc.war ${AS_DOMAINS_ROOT}/dscc/autodeploy |
For more information about creating and configuring application server instances and deploying the WAR file, refer to the Sun Java System Application Server Online Help.
Open DSCC.
Use http://hostname:8080/dscc or https://hostname:8181/dscc based on the configuration of your application server.
The Directory Service Manager Login page displays.
After you install Directory Server Enterprise Edition, the WAR file, dscc.war, is at install-path/var/dscc6/.
The dscc.war is installed in the same way as any other web application, except the following settings:
The application needs to communicate with the DSCC registry created using the dsccsetup ads-create command.
You must disable the tag pooling on your Tomcat server instance by setting the enablePooling parameter value to false in web.xml.
The following example shows how to install DSCC in Tomcat on a Solaris 10 system.
Initialize the DSCC registry.
$ install-path/dscc6/bin/dsccsetup ads-create Choose password for Directory Service Manager: Confirm password for Directory Service Manager: Creating DSCC registry... DSCC Registry has been created successfully |
Identify your Tomcat installation and instance.
$ setenv CATALINA_HOME tomcat-install-path $ setenv CATALINA_BASE tomcat-instance-path $ setenv JAVA_HOME jdk-home-dir |
For installing Tomcat and creating instances, refer to the Tomcat documentation.
Deploy the WAR file.
Create the dscc directory as shown below:
$ mkdir ${CATALINA_BASE}/webapps/dscc |
Copy the dscc.war file into newly created dscc folder and unzip the dscc.war file.
$ unzip -d ${CATALINA_BASE}/webapps/dscc install-path/var/dscc6/dscc.war |
Add the emphasized text in the ${CATALINA_BASE}/conf/web.xml file as shown below:
... <servlet> <servlet-name>jsp</servlet-name> <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> <init-param> <param-name>fork</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>xpoweredBy</param-name> <param-value>false</param-value> </init-param> ... <init-param> <param-name>enablePooling</param-name> <param-value>false</param-value> </init-param> <load-on-startup>3</load-on-startup> </servlet> .... |
Verify the permissions of startup.sh (tomcat5.exe on Windows) and run the following command:
$ ${CATALINA_HOME}/bin/startup.sh |
Use http://hostname:8080/dscc to connect to DSCC.
The Directory Service Manager Login page displays.
There is no different procedure to upgrade the Directory Server Enterprise Edition installation rather the dsee_deploy command automatically updates the installation if it finds any previous installation. But in case of SuSE Linux 9 and HP-UX, before upgrading the Directory Server Enterprise Edition installation, you must upgrade the operating system to SuSE Linux 9 SP4 and HP-UX 11.23 respectively. Refer to the following procedure to successfully upgrade your Directory Server Enterprise Edition installation to 6.3.
Stop cacao, Directory Server and Directory Proxy Server running instances that are created using the installation going to be patched. Also stop application server for WAR file and the DSCC registry.
In case of SuSE Linux 9 and HP-UX, upgrade your operating system.
Upgrade SuSE Linux 9 SP3 to SuSE Linux 9 SP4 to upgrade Directory Server Enterprise Edition 6.2 installation to 6.3.
On SuSE 64-bit, .pam-32bit-9-yyyymmddhhmm.rpm is a prerequisite for cacao to start. You must install it if not already present on your system.
Upgrade HP-UX 11.11 to HP-UX 11.23 to upgrade Directory Server Enterprise Edition 6.0 or 6.1 installation to 6.3.
Please refer to the corresponding documentation on how to upgrade the operating system, how to preserve the partition where Directory Server Enterprise Edition is installed, where to get the latest patch bundles.
Upgrade Directory Server Enterprise Edition to 6.3.
Use the dsee_deploy command from Directory Server Enterprise Edition 6.3 zip distribution, with the same install-path, and cacao port that you had for your previous installation. The dsee_deploy command will restart cacao and DSCC registry.
For step by step information, refer to To Install Directory Server Enterprise Edition 6.3 From Zip Distribution.
Deploy the latest dscc.war file in the application server using the following commands:
For step by step information, refer to Step 4 on Sun Java System Application Server and Step 3 on Tomcat application server.
Restart Directory Server and Directory Proxy Server instances, and application server for WAR file.
Start daemons only when both operating system is upgraded and Directory Server Enterprise Edition is installed.
For upgrading Directory Server Enterprise Edition to 6.3 on rest of the supported operating systems, the procedure is similar to the installation procedure. Refer To Install Directory Server Enterprise Edition 6.3 From Zip Distribution for step by step information.
After installing Directory Service Control Center using native packages or zip distribution, use to following procedures to get started and troubleshoot the problems if you get any while accessing Directory Service Control Center.
Initialize DSCC with the dsccsetup initialize command.
For example, on a Solaris system the following command performs initialization.
root# /opt/SUNWdsee/dscc6/bin/dsccsetup initialize *** Registering DSCC Application in Sun Java(TM) Web Console This operation is going to stop Sun Java(TM) Web Console. Do you want to continue ? [y,n] y Stopping Sun Java(TM) Web Console... Registration is on-going. Please wait... DSCC is registered in Sun Java(TM) Web Console Restarting Sun Java(TM) Web Console Please wait : this may take several seconds... Sun Java(TM) Web Console restarted successfully *** Registering DSCC Agent in Cacao... Checking Cacao status... Starting Cacao... DSCC agent has been successfully registered in Cacao. *** Choose password for Directory Service Manager: Confirm password for Directory Service Manager: Creating DSCC registry... DSCC Registry has been created successfully *** |
The dsccsetup command is located in install-path/dscc6/bin/dsccsetup. See Default Paths to determine the default install-path for your system.
On Windows, run the following command:
install-path\dscc6\bin>dsccsetup.exe initialize |
Access DSCC through Java Web Console in your browser.
To access Console in a different locale, set the preferred language for your browser. For information on setting the preferred language for your browser, see the respective browser documentation.
Login to Java Web Console using your operating system login information or server's root login information.
If you do not login to Java Web Console using server's root login information, the system might require you to have the root privileges while performing certain tasks such as starting the server instances.
By default, the URL to access Java Web Console is https://hostname:6789
Click the Directory Service Control Center link.
Login to DSCC as Directory Service Manager.
Directory Service Manager's entry is stored in the DSCC registry. Directory Service Manager has administrator access to DSCC. Directory Service Manager also has administrator access to the server instances registered with DSCC.
Begin managing your servers through Directory Service Control Center.
After Directory Service Control Center is running, enable Java Web Console to restart when the system reboots.
On a Solaris system, the following command enables restart upon reboot.
root# /usr/sbin/smcwebserver enable |
On Windows, the following command enables restart upon reboot.
C:\install-path\share\webconsole\bin>smcwebserver enable |
For the exact location of this command on your system, see Command Locations.
(Optional) Enable the Common Agent Container, cacao, to restart when the operating system reboots.
root# cacaoadm enable |
On Windows, run the following command to enable the cacao:
Native packages installation:
C:\install-path\share\cacao_2\bin>cacaoadm enable -i instance-path -f password.txt |
Zip distribution installation:
C:\install-path\dsee6\cacao_2\bin>cacaoadm enable -i instance-path -f password.txt |
If you decide not to enable the common agent container, the operating system would not be able to use DSCC to communicate with the servers handled by that instance of cacao after rebooting the operating system.
If there is any problem accessing Directory Service Control Center, use the following procedure on the host where you installed Directory Service Control Center using native packages.
You must be root to perform this procedure.
Verify that Directory Service Control Center has been initialized properly.
Native Packages:
root# /opt/SUNWdsee/dscc6/bin/dsccsetup status *** DSCC Application is registered in Sun Java (TM) Web Console *** DSCC Agent is registered in Cacao *** DSCC Registry has been created Path of DSCC registry is /var/opt/SUNWdsee/dscc6/dcc/ads Port of DSCC registry is 3998 *** |
Zip Distribution:
$ install-path/dscc6/bin/dsccsetup status *** Sun Java (TM) Web Console is not installed *** DSCC Agent is registered in Cacao Cacao uses a custom port number (11168) *** DSCC Registry has been created Path of DSCC registry is /var/opt/SUNWdsee/dscc6/dcc/ads Port of DSCC registry is 3998 *** |
On Windows, run the following command to check the status of DSCC:
C:\install-path\dscc6\bin>dsccsetup.exe status |
The default installation path for native packages on Solaris operating systems is /opt/SUNWdsee. For the default installation path on your operating system, see Default Paths.
If you find any initialization problems with DSCC, fix them using the dsccsetup(1M) command.
Native packages installation. Check the status of Java Web Console and start using the smcwebserver command if not already running.
root# /usr/sbin/smcwebserver status Sun Java(TM) Web Console is stopped root# /usr/sbin/smcwebserver start Starting Sun Java(TM) Web Console Version 3.0.2 ... The console is running. |
On Windows, run the following command to check the status of Java Web Console and start, if required.
C:\install-path\share\webconsole\bin>smcwebserver status C:\install-path\share\webconsole\bin>smcwebserver start |
If you see errors that pertain to the DSCC agent, check the Common Agent Container.
The cacaoadm(1M) man page describes the error codes that the command returns. For the exact location of this command on your system, see Command Locations.
You must run the cacaoadm command as root for native packages installation and as the user who performed the installation for zip installation.
root# /usr/sbin/cacaoadm status default instance is DISABLED at system startup. Smf monitoring process: 26129 Uptime: 0 day(s), 3:16 |
After installing Directory Server, the Common Agent Container starts automatically. However, when you reboot, you might have to start the Common Agent Container manually as follows.
# cacaoadm start |
On Windows, check the status of Common Agent Container using the following command:
Native packages
C:\install-path\share\cacao_2\bin>cacaoadm status |
Zip distribution
C:\install-path\dsee6\cacao_2\bin>cacaoadm status |
For more information about the Common Agent Container, see Sun Java Enterprise System 5 Monitoring Guide.
This section lists environment variables that you can set to facilitate creating server instances and using Directory Server Resource Kit and software development kits.
Environment Variable |
Set to include… |
Applies to… |
---|---|---|
Hostname of Directory Proxy Server for administration tools |
dpconf(1M) command |
|
Port number of Directory Proxy Server for administration tools |
dpconf(1M) command |
|
Hostname of Directory Server for administration tools |
dsconf(1M) command |
|
Port number of Directory Server or for administration tools |
dsconf(1M) command |
|
Path to the file that contains the directory administrator password To administer all servers registered with Directory Service Control Center, set this environment variable to a file containing Directory Service Manager password. |
dpconf(1M), dsconf(1M) commands |
|
Directory administrator DN To administer all servers registered with Directory Service Control Center, set this environment variable to cn=admin,cn=Administrators,cn=dscc. If you have not installed DSCC, use cn=admin,cn=Administrators,cn=config for Directory Server, cn=Proxy Manager for Directory Proxy Server. |
dpconf(1M), dsconf(1M) commands |
|
/opt/SUNWdsee/dsee6/man (Solaris SPARC) |
Online manual pages to browse with the man command |
|
Add any of the following sections not in your MANSECT environment variable. 1:1m:4:5dsconf:5dpconf:5dssd:5dsat:5dsoc Alternatively, specify the sections to search explicitly when using the man command. |
The man command can use the MANSECT environment variable to identify the sections to search by default. |
|
install-path/dps6/bin |
Directory Proxy Server commands |
|
install-path/ds6/bin |
Directory Server commands |
|
install-path/dscc6/bin |
Directory Service Control Center commands |
|
install-path/dsrk6/bin |
Directory Server Resource Kit and LDAP client commands |
After installing server software as described in Software Installation, create server instances. This section contains the following sub sections.
Install the component software as described in Software Installation.
Non-root users can create server instances.
Access Directory Service Control Center through Java Web Console.
The default URL for Java Web Console on the local system is https://hostname:6789.
If you have installed Directory Server Enterprise Edition from the zip distribution, use http://hostname:8080/dscc or https://hostname:8181/dscc to access DSCC based on the application server configuration.
Follow the instructions in the Directory Service Control Center New Server wizard to create the server instance.
The instance path does not support non-ASCII characters.
To successfully create an instance on Windows 2003 Primary Domain Controller, enter domainname\username in Runtime User Id.
In this procedure, you create a server instance on the local host using the dsadm command. You then create a suffix that you populate with data using the dsconf command.
Non-root users can create server instances.
A Directory Server instance contains the configuration and data necessary to respond to directory client applications. When you start or stop an instance, you start or stop the server process. The server process is what serves directory client requests corresponding to the data managed by that instance.
The dsadm command enables you to manage a Directory Server instance and the files belonging to that instance on the local host. The command does not let you administer servers over the network, but only directly on the local host. The dsadm command has subcommands for each key management task. For a complete description, see dsadm(1M).
The dsconf command is an LDAP client. The command enables you to configure nearly all server settings on a running Directory Server instance from the command line. You can configure settings whether the server is on the local host or another host that is accessible across the network. The dsconf command has subcommands for each key configuration task. For a complete description, see dsconf(1M).
Install the component software, then set your PATH as described in Software Installation.
Create a new Directory Server instance.
$ dsadm create -p port -P SSL-port instance-path |
For example, the following command creates the ds instance under the existing directory, /local/. The new instance has default ports 389 for LDAP, 636 for LDAPS for root users, and 1389 for LDAP, 1636 for LDAPS for non-root users.
$ dsadm create /local/ds Choose the Directory Manager password: Confirm the Directory Manager password: Use 'dsadm start /local/ds' to start the instance |
The instance is created in a directory on the local file system and not a network file system.
Start the instance.
$ dsadm start instance-path |
For example, the following command starts the instance located under /local/ds/.
$ dsadm start /local/ds Server started: pid=2845 |
Verify that you can read the root DSA Specific Entry (DSE) of the new instance.
$ ldapsearch -h hostname -p 1389 -b "" -s base "(objectclass=*)" version: 1 dn: objectClass: top … supportedLDAPVersion: 2 supportedLDAPVersion: 3 vendorName: Sun Microsystems, Inc. vendorVersion: Sun-Java(tm)-System-Directory/6.3 … |
At this point, you have a working server instance. However, you must further configure the server instance. The instance is not yet registered with Directory Service Control Center.
(Optional) Use the new password policy mode, unless the instance belongs to a replication topology with the Directory Server Enterprise Edition 5 instances.
Your server instance might be standalone. Alternatively, your instance might belong to a replication topology that has already been migrated to the new password policy mode. In either case, perform this step.
$ dsconf pwd-compat -h hostname -p 1389 to-DS6-migration-mode Certificate "CN=hostname, CN=1636, CN=Directory Server, O=Sun Microsystems" presented by the server is not trusted. Type "Y" to accept, "y" to accept just once, "n" to refuse, "d" for more details: Y Enter "cn=Directory Manager" password: ## Beginning password policy compatibility changes. ## Password policy compatibility changes finished. Task completed (slapd exit code: 0). $ dsconf pwd-compat -p 1389 to-DS6-mode Enter "cn=Directory Manager" password: ## Beginning password policy compatibility changes. ## Password policy compatibility changes finished. Task completed (slapd exit code: 0). |
(Optional) Prepare an example suffix.
Create an empty suffix.
For example, the following command creates a suffix with root dc=example,dc=com.
$ dsconf create-suffix -h hostname -p 1389 dc=example,dc=com Enter "cn=Directory Manager" password: $ |
Populate the suffix with LDIF data.
If you plan to populate the suffix with data that is replicated from another Directory Server instance, skip this step.
For example, the following command fills the suffix that you created with sample data from Example.ldif.
$ dsconf import -h hostname -p 1389 install-path/ds6/ldif/Example.ldif \ dc=example,dc=com Enter "cn=Directory Manager" password: New data will override existing data of the suffix "dc=example,dc=com". Initialization will have to be performed on replicated suffixes. Do you want to continue [y/n] ? y ## Index buffering enabled with bucket size 40 ## Beginning import job... ## Processing file "install-path/ds6/ldif/Example.ldif" ## Finished scanning file "install-path/ds6/ldif/Example.ldif" (160 entries) ## Workers finished; cleaning up... ## Workers cleaned up. ## Cleaning up producer thread... ## Indexing complete. ## Starting numsubordinates attribute generation. This may take a while, please wait for further activity reports. ## Numsubordinates attribute generation complete. Flushing caches... ## Closing files... ## Import complete. Processed 160 entries in 4 seconds. (40.00 entries/sec) Task completed (slapd exit code: 0). |
Search for the data in the new instance.
$ ldapsearch -h hostname -p 1389 -b dc=example,dc=com "(uid=bjensen)" version: 1 dn: uid=bjensen, ou=People, dc=example,dc=com cn: Barbara Jensen cn: Babs Jensen sn: Jensen givenName: Barbara objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: Product Development ou: People l: Cupertino uid: bjensen mail: bjensen@example.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 roomNumber: 0209 |
(Optional) Register the server instance with Directory Service Control Center by using either of the following methods.
Login to DSCC, and then use the Register Existing Server action on the Servers tab of the Directory Servers tab.
Access DSCC through the URL https://hostname:6789, http://hostname:8080/dscc, or https://hostname:8181/dscc as per the type of distribution you have installed and the way your application server is configured.
Use the command dsccreg add-server.
$ dsccreg add-server -h hostname --description "My DS" /local/ds Enter DSCC administrator's password: /local/ds is an instance of DS Enter password of "cn=Directory Manager" for /local/ds: This operation will restart /local/ds. Do you want to continue ? (y/n) y Connecting to /local/ds Enabling DSCC access to /local/ds Restarting /local/ds Registering /local/ds in DSCC on hostname. |
See dsccreg(1M) for more information about the command.
(Optional) If you installed from native packages with the Java Enterprise System distribution, enable the server to restart when the operating system reboots.
On Solaris 10 and Windows systems, use the dsadm enable-service command.
root# dsadm enable-service /local/ds |
On Solaris 9 and Red Hat systems, use the dsadm autostart command.
root# dsadm autostart /local/ds |
If you installed with the zip distribution, this step must be done manually, with a script run at system startup time, for example.
You can add more suffixes, configure replication with other server instances, tune the instance, and generally proceed with other configuration operations.
See the online help for Directory Service Control Center for hints on configuring Directory Server through the graphical user interface.
See Part I, Directory Server Administration, in Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide for instructions on configuring Directory Server with command-line administration tools.
Non-root users can create server instances.
Install the component software as described in Software Installation.
Access Directory Service Control Center through Java Web Console.
The default URL for Java Web Console on the local system is https://hostname:6789.
If you have installed Directory Server Enterprise Edition from the zip distribution, use http://hostname:8080/dscc or https://hostname:8181/dscc to access DSCC based on your application server configuration.
Follow the instructions in the Directory Service Control Center New Server wizard to create the server instance.
The instance path does not support non-ASCII characters.
To successfully create an instance on Windows 2003 Primary Domain Controller, enter domainname\username in Runtime User Id.
In this procedure, you create a server instance on the local host using the dpadm command. You then configure the instance using the dpconf command.
Non-root users can create server instances.
A Directory Proxy Server instance must be configured to proxy directory client application requests to data sources through data views. When you start or stop an instance, you start or stop the server process that proxies directory client application requests.
The dpadm command enables you to manage a Directory Proxy Server instance and the files belonging to that instance on the local host. The command does not allow you to administer servers over the network, but only directly on the local host. The dpadm command has subcommands for each key management task. For a complete description, see dpadm(1M).
The dpconf command is an LDAP client. The command enables you to configure nearly all server settings on a running Directory Proxy Server instance from the command line. You can configure settings whether the server is on the local host or another host that is accessible across the network. The dpconf command has subcommands for each key configuration task. For a complete description, see dpconf(1M).
Install the component software, then set your PATH as described in Software Installation.
Create a new Directory Proxy Server instance.
$ dpadm create -p port -P SSL-port instance-path |
For example, the following command creates a Directory Proxy Server instance, under the existing directory, /local/dps. The default ports are 389 for LDAP, 636 for LDAPS for root users, and 1389 for LDAP, 1636 for LDAPS for non-root users.
$ dpadm create -p 1390 -P 1637 /local/dps Choose the Proxy Manager password: Confirm the Proxy Manager password: Use 'dpadm start /local/dps' to start the instance |
Notice that the instance must be created in a directory on the local file system, not a network file system.
Start the instance.
$ dpadm start instance-path |
For example, the following command starts the instance located under /local/dps/.
$ dpadm start /local/dps … Directory Proxy Server instance '/local/dps' started: pid=28732 |
Verify that you can read the root DSE of the new instance.
$ ldapsearch -h hostname -p 1390 -b "" -s base "(objectclass=*)" version: 1 dn: objectClass: top objectClass: extensibleObject supportedLDAPVersion: 2 supportedLDAPVersion: 3 … vendorName: Sun Microsystems, Inc vendorVersion: Directory Proxy Server 6.3 … |
At this point, you have a working server instance. However, you must further configure the server instance. The instance is not yet registered with Directory Service Control Center.
(Optional) Enable the Directory Proxy Server instance to function as an LDAP proxy.
Create an LDAP data source.
For example, the following command creates a data source, My DS, pointing to the directory instance created on the local host in To Create a Directory Server Instance From the Command Line.
$ dpconf create-ldap-data-source -h hostname -p 1390 "My DS" hostname:1389 Certificate "CN=hostname:1390" presented by the server is not trusted. Type "Y" to accept, "y" to accept just once, "n" to refuse, "d" for more details: Y Enter "cn=Proxy Manager" password: |
Create an LDAP data source pool.
$ dpconf create-ldap-data-source-pool -h hostname -p 1390 "My Pool" Enter "cn=Proxy Manager" password: |
Attach the LDAP data source to the LDAP data source pool.
$ dpconf attach-ldap-data-source -h hostname -p 1390 "My Pool" "My DS" Enter "cn=Proxy Manager" password: |
Create an LDAP data view using the LDAP data source pool.
For example, the following command creates a data view, My View, which allows client applications to view the suffix dc=example,dc=com:
$ dpconf create-ldap-data-view -h hostname -p 1390 "My View" \ "My Pool" dc=example,dc=com Enter "cn=Proxy Manager" password: |
Enable the LDAP data source.
$ dpconf set-ldap-data-source-prop -h hostname -p 1390 "My DS" is-enabled:true Enter "cn=Proxy Manager" password: |
Restart the server for the change to take effect.
$ dpadm restart /local/dps |
Enable searches on the LDAP data source.
$ dpconf set-attached-ldap-data-source-prop -h hostname -p 1390 \ "My Pool" "My DS" search-weight:100 Enter "cn=Proxy Manager" password: |
Verify that you can read directory data through the new instance.
$ ldapsearch -h hostname -p 1390 -b dc=example,dc=com "(uid=bjensen)" version: 1 dn: uid=bjensen, ou=People, dc=example,dc=com cn: Barbara Jensen cn: Babs Jensen sn: Jensen givenName: Barbara objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: Product Development ou: People l: Cupertino uid: bjensen mail: bjensen@example.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 roomNumber: 0209 |
Notice that LDAP search operations work for the suffix handled by your data view, but do not work for other suffixes. If you search a suffix for which no data view is configured, the server returns an error.
$ ldapsearch -h hostname -p 1390 -b o=example.com "(uid=bjensen)" ldap_search: Operations error ldap_search: additional info: Unable to retrieve a backend SEARCH connection to process the search request |
For detailed instructions on configuring Directory Proxy Server, see Part II, Directory Proxy Server Administration, in Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide.
(Optional) Register the server instance with Directory Service Control Center by using either of the following methods.
Login to DSCC, and then use the Register Existing Server action on the Proxy Servers tab.
Access DSCC through the URL https://hostname:6789, http://hostname:8080/dscc, or https://hostname:8181/dscc as per the type of distribution you have installed and the way you have configured application server.
Use the command dsccreg add-server.
$ dsccreg add-server -h hostname --description "My Proxy" /local/dps Enter DSCC administrator's password: /local/dps is an instance of DPS Enter password of "cn=Proxy Manager" for /local/dps: Connecting to /local/dps Enabling DSCC access to /local/dps Registering /local/dps in DSCC on hostname. |
See dsccreg(1M) for more information about the command.
(Optional) If you installed from native packages with the Java Enterprise System distribution, enable the server to restart when the operating system reboots.
On Solaris 10 and Windows systems, use the dpadm enable-service command.
root# dpadm enable-service /local/dps |
On Solaris 9 and Red Hat systems, use the dpadm autostart command.
root# dpadm autostart /local/dps |
If you installed with the zip distribution, this step must be done manually, with a script run at system startup time.
You can continue to configure further data sources and data views. You can also configure load balancing, data distribution, and other server capabilities.
See the online help for Directory Service Control Center for hints on configuring Directory Proxy Server through the graphical user interface.
See Part II, Directory Proxy Server Administration, in Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide for instructions on configuring Directory Proxy Server with command-line administration tools.
This section explains briefly how to use Sun Crypto Accelerator cards through the Sun cryptographic framework on Solaris 10 systems with Directory Server, and Directory Proxy Server. For more information about the framework, see the respective documentation.
This procedure is designed for use with Sun Crypto Accelerator hardware. Perform the following procedure as the same user who runs the Directory Server instance.
Set the PIN used to access the cryptographic framework with the pktool setpin command.
Set the PIN as the same user as the one running Directory Server.
Export the current Directory Server certificate to a PKCS#12 file.
The following command shows how to perform this step if the Directory Server instance is located under /local/ds/.
$ dsadm export-cert -o cert-file /local/ds defaultCert |
Configure Directory Server to use the appropriate token when accessing the key material.
Typically, the token is Sun Metaslot.
$ dsconf set-server-prop 'ssl-rsa-security-device:Sun Metaslot' |
Stop Directory Server.
$ dsadm stop /local/ds |
(Optional) If you have no other certificates in the existing certificate database for the Directory Server instance, remove the certificate database.
$ rm -f /local/ds/alias/*.db |
This optional step ensures that no certificates are stored in the software database.
Create a new certificate database backed by the Solaris cryptographic framework.
If you did not remove the certificate database, you do not need to run the modutil -create line in this example.
$ /usr/sfw/bin/64/modutil -create -dbdir /local/ds/alias -dbprefix slapd- $ /usr/sfw/bin/64/modutil -add "Solaris Kernel Crypto Driver" -libfile \ /usr/lib/64/libpkcs11.so -dbdir /local/ds/alias -dbprefix slapd- $ /usr/sfw/bin/64/modutil -enable "Solaris Kernel Crypto Driver" \ -dbdir /local/ds/alias -dbprefix slapd- |
Import the PKCS#12 certificate that you exported.
$ /usr/sfw/bin/64/pk12util -i cert-file \ -d /local/ds/alias -P slapd- -h "Sun Metaslot" $ /usr/sfw/bin/64/certutil -M -n "Sun Metaslot:defaultCert" -t CTu \ -d /local/ds/alias -P slapd- |
If your accelerator board has a FIPS 140-2 keystore, make sure the private key is generated on the device. Sun Crypto Accelerator 4000 and 6000 boards have FIPS 140-2 keystores, for example. The exact process depends on the board.
Create a password file that contains the PIN needed to access the cryptographic framework.
It is required only when the password is changed in step 1.
$ echo "Sun Metaslot:password" > /local/ds/alias/slapd-pin.txt |
Start Directory Server.
$ dsadm start /local/ds |
This procedure is designed for use with Sun Crypto Accelerator hardware. Perform the following procedure as the same user who runs the Directory Proxy Server instance.
Stop Directory Proxy Server.
$ dpadm stop /local/dps |
Turn off certificate database password storage.
$ dpadm set-flags /local/dps cert-pwd-prompt=on Choose the certificate database password: Confirm the certificate database password: |
Set the PIN used to access the cryptographic framework with the pktool setpin command.
Use the same password that you entered when turning off certificate database password storage.
Generate a key pair, using the cryptographic framework as the key store.
$ keytool -genkeypair -alias defaultDPScert -dname "ou=dps server,dc=example,dc=com" -keyalg RSA -sigalg MD5withRSA -validity 3652 -storetype PKCS11 -keystore NONE -storepass pin-password |
Here, pin-password is the password you set as the PIN with the pktool setpin command.
Edit the Directory Proxy Server configuration file, adding the following attributes to the base entry, cn=config.
serverCertificateNickName: defaultDPScert certificateKeyStore: NONE certificateKeyStoreType: PKCS11
Start Directory Proxy Server.
$ dpadm start /local/dps |
This chapter guides you in removing Directory Server Enterprise Edition software.
This chapter contains the following sections:
Server Instance Removal covers removing the server instances that depend on the software to remove.
Software Removal covers how to remove the software after you have removed server instances.
Directory Server Enterprise Edition 6.3 Downgrade Instructions covers how to downgrade the Directory Server Enterprise Edition installation.
Before removing Directory Server Enterprise Edition software used by server instances on the system, you must remove all the server instances.
Access Directory Service Control Center through Java Web Console.
The default URL for Java Web Console on the local system is https://hostname:6789.
If you have installed Directory Server Enterprise Edition from the zip distribution, use http://hostname:8080/dscc or https://hostname:8181/dscc to access DSCC based on your application server configuration.
Delete the server instance with the Delete command in the action drop-down list.
(Optional) If you have used DSCC to manage the server instance, remove registration for the server.
$ dsccreg remove-server -h hostname /local/dps Enter DSCC administrator's password: /local/dps is an instance of DPS Enter password of "cn=Proxy Manager" for /local/dps: Unregistering /local/dps from DSCC on hostname. Connecting to /local/dps Disabling DSCC access to /local/dps |
For details, see dsccreg(1M)
Delete the server instance.
$ dpadm delete /local/dps Directory Proxy Server instance '/local/dps' stopped Directory Proxy Server instance '/local/dps' removed. |
After you have removed all server instances on the system, you can proceed to Software Removal.
Deleting a Directory Server instance completely removes all instance files, including all directory databases managed by the instance. Before you delete an instance, back up your data as described in Chapter 9, Directory Server Backup and Restore, in Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide.
Access Directory Service Control Center through Java Web Console.
The default URL for Java Web Console on the local system is https://hostname:6789.
If you have installed Directory Server Enterprise Edition from the zip distribution, depending on the way you have configured application server, use http://hostname:8080/dscc or https://hostname:8181/dscc to access Directory Service Control Center.
Delete the server instance with the Delete command in the action drop-down list.
Deleting a Directory Server instance completely removes all instance files, including all directory databases managed by the instance. Before you delete an instance, back up your data as described in Chapter 9, Directory Server Backup and Restore, in Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide.
(Optional) If you have used DSCC to manage the server instance, remove registration for the server.
$ dsccreg remove-server -h hostname /local/ds Enter DSCC administrator's password: /local/ds is an instance of DS Enter password of "cn=Directory Manager" for /local/ds: This operation will restart /local/ds. Do you want to continue ? (y/n) y Unregistering /local/ds from DSCC on hostname. Connecting to /local/ds Disabling DSCC access to /local/ds Restarting /local/ds |
For details, see dsccreg(1M)
Delete the server instance.
$ dsadm delete /local/ds Server stopped /local/ds deleted |
After you have removed all server instances on the system, you can proceed to Software Removal.
After you have removed all server instances that depend on the installed product components, you can remove the component software.
To Remove Directory Service Control Center Installed from Native Packages
To Remove Directory Server or Directory Proxy Server Installed From Native Packages
To Force Removal of Software Installed From the Zip Distribution
By removing all of DSCC, you also remove Directory Server packages from the system.
Dismantle DSCC with the dsccsetup dismantle command.
For example, on a Solaris system the following command dismantles DSCC.
root# /opt/SUNWdsee/dscc6/bin/dsccsetup dismantle *** Unregistering DSCC Application from Sun Java(TM) Web Console... This operation is going to stop Sun Java(TM) Web Console. Do you want to continue ? [y,n] y Stopping Sun Java(TM) Web Console... Unregistration is on-going. Please wait... /var/opt/SUNWdsee/dscc6/dcc has not been removed DSCC Application has been unregistered from Sun Java(TM) Web Console Restarting Sun Java(TM) Web Console Please wait : this may take several seconds... Sun Java(TM) Web Console restarted successfully *** |
On Windows, run the following command to dismantle DSCC.
C:\install-path\dscc6\bin>dsccsetup.exe dismantle |
On Solaris, the dsccsetup command is located in install-path/dscc6/bin/dsccsetup. See Default Paths to determine the default install-path for your system.
Remove Directory Service Control Center with the Java ES installer.
For instructions, see the Java Enterprise System documentation at http://docs.sun.com/coll/1286.3.
Directory Service Control Center installed using the zip distribution is not uninstalled using the above procedure. If you need to uninstall DSCC, refer to the respective application server documentation on how to remove a Web application.
Remove the software with the Java ES installer.
For instructions, see the Java Enterprise System documentation at http://docs.sun.com/coll/1286.3.
Remove the software with the dsee_deploy(1M) command.
If zip distribution software was installed by a non-root user, that user can also remove the software.
For example, to remove all Directory Server Enterprise Edition software installed under /local, issue the following command.
$ /local/dsee6/bin/dsee_deploy uninstall -i /local |
On Windows, run the following command to uninstall the software:
C:\install-path\dsee6\bin\dsee_deploy uninstall -i install-path |
For a full list of supported components, see dsee_deploy(1M).
You can force removal by deleting installed files, if you have installed the software from the zip distribution.
If zip distribution software was installed by a non-root user, that user can also remove the software.
Do not directly delete files that are installed from native packages.
Remove components with a system command.
$ rm -rf install-path |
On Windows, run the following commands to remove the components:
C:\>del /s install-path C:\>del install-path |
After you upgrade to Directory Server Enterprise Edition 6.3 you might want to restore your previous Directory Server Enterprise Edition installation. This section provides complete information about how to downgrade the Directory Server Enterprise Edition installation.
Downgrading Directory Server Enterprise Edition restores the previous working copy of your Directory Server Enterprise Edition installation and retains all your configuration information that you had before upgrading to Directory Server Enterprise Edition 6.3.
To downgrade Directory Server Enterprise Edition, do the following steps:
Stop all running server instances.
Run the following command to remove the patch.
Remove the localization patch before you remove the base patch to clean up the system. Refer to Patch Table for Zip Distribution in the To Install Directory Server Enterprise Edition 6.3 From Zip Distribution section for the patch id for each platform.
Solaris OS
# patchrm patch-id
Linux. Go to the directory where the Directory Server Enterprise Edition 6.2, 6.1, or 6.0 .rpm files are stored and run the following command repetitively for all the rpm files as specified in the table below. The set of rpm files that you choose depends on the previous installation of Directory Server Enterprise Edition you had.
Make sure that after downgrading you have all the 6.0, 6.1, or 6.2 rpm files. Downgrading the subset of the rpm files results in corrupted installation.
# rpm -U --oldpackage rpm-file-name |
For example, if you choose to downgrade to Directory Server Enterprise Edition 6.2 base installation, run the above command repetitively with all the rpm files mentioned in the corresponding cell in the table below. Do not alter the order while executing the commands. The following table lists 6.2 and 6.1 base and localized files.
Localized 6.2 rpm files |
|
|
Base 6.2 rpm files |
|
|
Localized 6.1 rpm files |
|
|
Base 6.1 rpm files |
|
Windows. Double-click the Uninstall_patch-id.bat file to remove the patch. The Uninstall_patch-id.bat file is stored in the folder where the patch is saved.
Directory Server Enterprise Edition 6.3 installation does not downgrade to the previous version. If you need to revert to the previous Directory Server Enterprise Edition version, restore the backup copy that you saved before upgrading to Directory Server Enterprise Edition 6.3.
To remove Directory Server Enterprise Edition completely, see To Remove Software Installed From the Zip Distribution.