Sun ONE Meta-Directory 5.1.1 Administration Guide |
Chapter 12
Starting and Stopping ComponentsThe process of starting, stopping and restarting Meta-Directory components is key to refreshing data entries and keeping records current. This process is handled by a Perl script that creates a file named start.conf. This chapter contains the following sections:
About start.conf FileThe start.conf file is a text file; there is one start.conf file for each Meta-Directory component. The files can be found at:
NETSITE_ROOT/component_directory/config/start.conf
where component_directory is a variable to be replaced by one of the following component name placeholders: Join Engine, ADC, NTDC, or UTC.
At startup, the objective of a Meta-Directory component is to connect to the data server as well as validate the distinguished name and password (referred to as authenticationDetails) needed to open access to it. Initially, the start.conf file contains only the URL of the server. At the implementation of Start Server for the specified component, the distinguished name and password are retrieved from the Administration Server and written to the start.conf file. With this information, the component is able to bind to the data server specified as well as read and confirm the authentication details thus allowing itself to start.
Shortly after startup, the component reopens the start.conf file and erases the distinguished name and password so that, once again, it contains only the URL of the data server. (Specifically, the password is overwritten with white space characters and truncated to zero length.) This process maximizes security.
Note
If the component is unable to erase the authentication details from start.conf, a warning message will be logged although the component will continue to function properly.
Starting Meta-Directory ComponentsOn Windows NT systems, you can start Meta-Directory components using the Console or the Meta-Admin command-line tool. On Solaris systems, you can start Meta-Directory components using the Console or the Meta-Admin command-line tool. If you are unable to start any of the components, log files recorded to each component’s directory can be viewed at the following location to determine the problem:
NETSITE_ROOT/component_directory/logs/
Using the Console
You can start the Join Engine or connectors on a Windows NT or Solaris system by using either the Sun ONE Console or Meta-Directory console.
To start from the Sun ONE Console navigation tree
- Open Sun ONE Console by clicking Start and choosing Programs >Sun ONE Server Products > Sun ONE Console.
- Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to start.
- Select the instance and right-click. A context menu appears.
- Select Start Server. A message appears stating that the server has been started.
To start from the Meta-Directory Console navigation tree
- Open Sun ONE Console by clicking Start and choosing Programs >Sun ONE Server Products > Sun ONE Console.
- Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to start.
- Select the instance and click Open in the upper right corner of the window.
- Select the instance from the Meta-Directory console navigation tree and right-click on it. A context menu appears.
- Select Start Server. A message appears stating that the server has been started.
Using the Meta-Admin Command-Line Tool
You can also start the Join Engine or connectors by using the Meta-Admin command-line tool. Because the Meta-Admin Command-line tool works in conjunction with an instance of Administration Server, the Administration Server can be used to start components remotely. For information on this tool, you can read Chapter 15, "Command-Line Administration."
Stopping Meta-Directory ComponentsOn Windows NT systems, you can stop Meta-Directory components with the Sun ONE Console, the Meta-Admin command-line tool. On Solaris systems, you can stop Meta-Directory components with the Sun ONE Console or the Meta-Admin command-line tool.
Using the Console
You can stop the Join Engine or connectors either by way of Sun ONE Console or Meta-Directory console.
To stop from the Sun ONE Console navigation tree
- Open Sun ONE Console by clicking Start and choosing Programs > Sun ONE Server Products > Sun ONE Console.
- Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to stop.
- Select the instance and right-click. A context menu appears.
- Select Stop Server. A message appears stating that the server has been stopped.
To stop from the Meta-Directory Console navigation tree
- Open Sun ONE Console by clicking Start and choosing Programs > Sun ONE Server Products > Sun ONE Console.
- Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to stop.
- Select the instance and click Open in the upper right corner of the window.
- Select the instance from the Meta-Directory console navigation tree and right-click. A context menu appears.
- Select Stop Server. A message appears stating that the server has been stopped.
Using the Meta-Admin Command-Line Tool
You can stop the Join Engine or connectors by using the Meta-Admin command-line tool. As the Meta-Admin Command-line tool works in conjunction with an instance of Administration Server, the Administration Server can be used to start components remotely. For information on this tool, you can read Chapter 15, "Command-Line Administration."
Using Windows NT Services
You can stop the Join Engine or connectors from the Services Control Manager control panel in Windows NT.
Checking a Component Operational StatusThe following procedure allows you to check whether a specific component is in operational mode.
For more information on the Operations panel, see "Operations" of Chapter 13, "Monitoring Meta-Directory Components."
Automated RestartsTo automate a server restart, the administrator can prevent the erasure of start.conf as explained in "About start.conf File". By preventing the erasure of the distinguished name and password, the file can be reused. The first two procedures described are the simplest way to automate a server restart but, offer relatively little or no server security. The last procedure offers a higher level of server security. Once the start.conf file is re-configured, a script can be written to detect a shutdown and restart the component.
Automating a restart on Windows NT systems
To automate a server restart on Windows NT, you need to prevent the server from erasing the authentication details in the start.conf file. To do this:
This procedure allows for the reuse of the authentication details from the last start request. A script can be written to detect whether the component is down and restart if necessary.
Automating a restart on Solaris systems
To automate a server restart on the Solaris environment, you need to prevent the server from erasing the authentication details in the start.conf file. To do this enter the command:
chmod ugo-w start.conf
This procedure allows for the reuse of the authentication details from the last start request. A script can be written to detect whether the component is down and restart if necessary.
Automating a restart with High Security on Windows NT systems
To allow for automated restarts on Windows NT while achieving the highest level of security possible:
- Create a login account for your system that will have exclusive permissions to read the start.conf file.
- Configure all four Meta-Directory components (Join Engine, NT Domain connector, Active Directory connector, and Universal connector) to run as that administration account.
The four components are configured by selecting from the Windows NT Start menu. Choose Settings > Control Panels > Services. From there select the component to be configured and select Startup. Check Log On As: and use the information created for the trustee account.