Index Next |
iPlanet Directory Server Access Management Edition Installation and Configuration Guide |
Contents
About This GuideWhat You Are Expected to Know
The iPlanet Directory Server Access Management Edition Documentation Set
Documentation Conventions Used in This Manual
Typographic Conventions
Related Information
Terminology
Part 1 Read This First
Chapter 1 Introducing iPlanet Directory Server Access Management EditioniPlanet Products Form the DSAME Solution
Chapter 2 Deployment Considerations
Directory Server
Key Features and Benefits
Policy Service
Single Sign-On
Management Service
Cross-Domain Single Sign-On
Web Server
Directory Issues
If You Already Have an Existing Directory
Policy Management Issues
DSAME Schema
Default DITs
Unsupported DITs
Directory Replication
Roles
Installing Other Products for Use With DSAME Services
Policies and URL Policy Agents
Service Attributes
Remote Web Servers
Hardware and Software Requirements
iPlanet Application Server
URL Policy Agent
Multiple Directory Servers for Failover and High Availability
LDAP Load-Balancers
Optimal Hardware Requirements
Recommended Hardware Configurations
Operating System Requirements
Remote Web Server Requirements
Application Server Requirements
Web Browser Requirements
Part 2 Solaris Installation Instructions
Chapter 3 The DSAME Installation Program for SolarisBefore You Begin
Chapter 4 Simple Installations With No Existing Directory Server
Installation Program Options
Determining Which Installation Options to Use
Starting DSAME Services
Logging In to DSAME
Uninstalling DSAME
To Uninstall DSAME Components
Installing DSAME Services
Chapter 5 Using an Existing Directory Server
To Install DSAME Services with Directory Server
Installing iPlanet Directory Server 5.1
Installing Directory Server With the DSAME Package Format
Installing Directory Server Without the DSAME Package Format
Before You Begin
Chapter 6 Basic Configurations
Supported DITs and Unsupported DITs
Step 1: Install Directory Server 5.1 and Configure it to Work with DSAME
Background for Examples Used in This Chapter
Step 2: Install DSAME Services
Step 3: (Optional) Add Your Custom Object Classes to DSAME Schema
Step 4: (Optional) Configure Alternative Naming Attributes
Step 5: Load DSAME LDIF into Your Directory
Step 6: Load DSAME Service Attributes into Your Directory
Step 7: (Optional) Add DSAME ACIs to Your Default Organization
Step 8: Start DSAME
Step 9: Add DSAME Object Classes and Attributes to Existing Directory Entries
Step 10: Load the Modified LDIF Files
Results of DSAME and Directory Modifications
Installing the Cross-Domain Single Sign-On Component
Installation Overview
Installing Multiple DSAME Instances Against the Same Directory Server
To Install the CDSSO Component
To Configure the CDSSO Component
To Configure DSAME Web Agents to Work With the CDSSO Component
Support for Directory Replication and High Availability
Replication Considerations
Secure Sockets Layer (SSL)
Configuring DSAME to Support Directory Replication
Configuring a LDAP Load-Balancers to Work With DSAME
Step 1: Enable LDAP Over SSL
Step 2: Enable DSAME to Run in SSL Mode
Configuring DSAME Instance to SSL
Part 3 Windows 2000 Installation Instructions
Chapter 7 The DSAME Installation Program for Windows 2000Before You Begin
Chapter 8 Simple Installations With No Existing Directory Server
Installation Program Options
Silent Installation
To Generate a StateFile
Determining Which Installation Options to Use
To Run the Silent Installation Program
Starting DSAME Services
Logging In to DSAME
Uninstalling DSAME
Installing DSAME Services and Directory Server
Chapter 9 Using an Existing Directory Server
To Install DSAME Services with a New Directory Server
Installing a Stand-Alone iPlanet Directory Server
To Install a Stand-Alone iPlanet Directory Server
Before You Begin
Chapter 10 Basic Configurations
Supported DITs and Unsupported DITs
Step 1: Install Directory Server 5.1 and Configure it to Work With DSAME
Background for Examples Used in This Chapter
Step 2: Install DSAME Services
Step 3: (Optional) Add Your Custom Object Classes to DSAME Schema
Step 4: (Optional) Configure Alternative Naming Attributes
Step 5: Load DSAME LDIF Into Your Directory
Step 6: Load DSAME Service Attributes into Your Directory
Step 7: (Optional) Add DSAME ACIs to Your Default Organization
Step 8: Start DSAME
Step 9: Add DSAME Object Classes and Attributes to Existing Directory Entries
Step 10: Load the Modified LDIF Files
Results of DSAME and Directory Modifications
Installing the Cross-Domain Single Sign-On Component
Installation Overview
Support for Directory Replication and High Availability
To Install the CDSSO Component
To Configure the CDSSO Component
To Configure DSAME Web Agents to Work with the CDSSO Component
Replication Considerations
Secure Sockets Layer (SSL)
Configuring DSAME to Support Directory Replication
Configuring a Load-Balancer to Work With DSAME
Step 1: Enable LDAP Over SSL
Step 2: Enable DSAME to Run in SSL Mode
Part 4 Appendixes
Appendix A DSAME ObjectClasses and AttributesUsing DSAME Object Classes as Markers
Appendix B Securing Your Web Server
Using Alternative Naming Attributes
DITs That Cannot Be Managed by DSAME
Limitations to Consider
Object Class and Attribute Descriptions
Examples of Unsupported DITs
Organization
Container (Organizational Unit)
People Container
Static Group
Assignable Dynamic Group
Filtered Group
User
Requiring Authentication
Appendix C Managing SSL
Creating a Trust Database
Requesting and Installing a VeriSign Certificate
Requesting and Installing Other Server Certificates
Migrating Certificates When You Upgrade
Managing Certificates
Installing and Managing CRLs and CKLs
Setting Security Preferences
Using External Encryption Modules
Setting Client Security Requirements
Setting Stronger Ciphers
Considering Additional Security Issues
Introduction to SSL in the Directory Server
Index
Obtaining and Installing Server Certificates
Activating SSL
Setting Security Preferences
Using Certificate-Based Authentication
Configuring LDAP Clients to Use SSL
Index Next
Copyright 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated May 13, 2002