Sun Java System Directory Editor 1 2004Q4 Installation and Configuration Guide |
Chapter 2
Installing Directory EditorUse the information and procedures described in this chapter to install Directory Editor for use with different application servers. This chapter is organized as follows:
Before You BeginBefore starting the Directory Editor installation process,
Installation StepsUse the following steps to install Directory Editor:
Step 1: Install an Application Server
You must have a Java compiler and a Java Virtual Machine installed on your machine to run the Java classes that perform actions in Directory Editor. Both items are available with the Java 2 Software Developer’s Kit (SDK). (The JRE packages do not provide a compiler.)
You can download the J2SDK from http://java.sun.com and follow the installation instructions provided with the product or many application servers bundle a JDK with their installation.
Step 2: Install Directory Editor
Use the following instructions to download and install the Directory Editor dml.war file.
- Download the DE12004Q4.zip file from the Sun website to a safe location in your deployment directory. This zip file contains the following files:
- Extract these files from the DE12004Q4.zip file.
- From a command window, type java.dml to launch the Directory Editor installer.
- When the Welcome screen is displayed, click Next to open the Directory Editor Software License Agreement.
Figure 2-1 Directory Editor License Agreement
- If you accept the license agreement, the Select Installation Directory screen displays. Enter the directory and path where you want to install the product components (or click Browse to locate and select a directory).
Figure 2-2 Select Installation Directory Screen
- Click Next and the Ready to Install Screen is displayed to provide information about the product.
Figure 2-3 Ready to Install Screen
- When you ready, click Install Now.
An Installing... screen displays briefly during the installation process, and then the Installation Summary screen is displayed to report the installation status.
Figure 2-4 Installation Summary Screen
If necessary, you can click the Details button for additional information.
- Click Close to exit the installer.
Next, you must install and deploy the dml.war file on your application server. Continue to Step 3: Install Directory Editor on an Application Server for instructions:
Step 3: Install Directory Editor on an
Application ServerAfter downloading and installing the Directory Editor dml.war file, use the instructions provided in this section to install and deploy the software on your application server.
The information is organized as follows:
Installing Directory Editor on a Sun Application Server
Use the procedures described in this section to install Directory Editor for use with a Sun Java System Application Server or a Sun ONE Application Server.
The information is organized as follows:
Installing the Sun Application Server Software
Note
The following information is provided for general reference only. For detailed installation instructions, consult the installation instructions provided with your application server product or download the Sun Java System Application Server or Sun ONE Application Server product documentation from http://docs.sun.com.
You may need to perform one or more of these general steps when installing the software:
Configuring the Sun Application Server’s Policy File
You must configure the application server’s policy file to give Directory Editor permission to access the application server.
- Define a dml.home variable as follows:
- Launch and log into the Sun ONE Admin Console.
- On the left side of the Console, click the folder name for the Application Server instance on which Directory Editor will be installed.
- On the left side of the Console, select the JVM settings tab, and then select the JVM Options link.
- Add the following JVM option for dml.home:
-Ddml.home=<SunONEHome>\<domain_name>\<App_Server_Instance>\
applications\j2ee-modules\<idm_1>For example:
-Ddml.home=-Ddml.home=/opt/SUNWappserver7/domain1/server1/
applications/j2ee-modules/dml_1- Add the following line to the <App Server Home>/domains/<Domain Name>/config/server.policy file (see Code Example 2-1):
grant codeBase "file:${dml.home}/-" {
permission java.util.PropertyPermission "*","read,write";
permission java.io.FilePermission"<<ALL FILES>>","execute";
};Code Example 2-1 Example Sun Application Server Policy File
Deploying Directory Editor into a Sun Applications Server
Use the following steps to deploy Directory Editor into the Sun Application Server:
- Launch the Sun Admin Console and log in.
- Navigate to the Web Apps folder icon in the left panel (for example, select
App Server Instance->server1->Applications->Web Apps) and click the folder icon.- In the right panel, select the Deploy tab.
- Enter the file path for the dml.war file, and then click OK.
- When prompted, set both the Web Application Name and the Context Root to dml, and then click OK.
- Open your browser and type http://localhost:<port_number>/dml/ into the URL field. (If you used the defaults at install time and you are not using a Web Server. Also, the port number will vary.)
Note
If you are running your web browser on a host other than the application server you may have to change or adjust the host name.
The Directory Editor Startup Properties page is displayed. Continue to Step 4: Specify the Startup Properties for instructions.
Installing Directory Editor for Tomcat 5.0.x
This section provides general instructions for installing an Apache Tomcat application server, and then explains two methods for installing Directory Editor on an Apache Tomcat application server. The information is organized as follows:
Installing Tomcat
Note
The instructions provided in this section are provided for general reference only. For detailed installation instructions, consult the Apache website (http://jakarta.apache.org/tomcat/) or the reference information provided for the application server software.
If you are installing the application server from the Tomcat installer,
- Download and unpack the Tomcat installation bundle.
- Decide where to install your Tomcat installation.
- Specify to start Tomcat as a service (on Windows only).
- Select a port (default is 8080).
- Modify the Tomcat start-up script as follows:
- On UNIX: Open the $CATALINA_HOME/bin directory and add the following lines to the top of the setclasspath.sh file:
JAVA_HOME=<JDK location>
export JAVA_HOME
- On Windows: Open the $CATALINA_HOME/bin directory and add the following lines to the top of the setclasspath.bat file:
SET JAVA_HOME=<JDK location>
Configuring the Policy File
If you will be running Tomcat with the Security Manager turned on, you must configure the application server’s catalina.policy file (located in $Appserver_home\conf\catalina.policy) to give Directory Editor permission to access the application server. Add the following line to the bottom of the file (see Code Example 2-2):
grant codeBase "file:${catalina.home}/webapps/dml/-" {
permission java.security.AllPermission;
};Code Example 2-2 Example catalina.policy File
Installing Directory Editor Using Tomcat Manager
This section explains how to install Directory Editor using Tomcat Manager:
Note
You must have a manager role in Tomcat to use this installation method. To verify your status, check the following file:
file <Tomcat_base_directory>/conf/tomcat-users.xml
Use the following steps to install Directory Editor using the Tomcat Manager:
- Navigate to the Tomcat bin directory and use one of the following methods to
start Tomcat:- Open your browser and type localhost:<port_number>/manager/html into the URL field.
- You will be prompted for your Tomcat Manager Application user name and password. Enter the information and press OK.
The Tomcat Manager page is displayed.
- Scroll down until you locate the Deploy section called “War file to deploy.”
- Click Browse to locate the Directory Editor dml.war file.
- Select the dml.war file and then click Deploy.
Installing Directory Editor Manually
Use the following steps to install Directory Editor manually:
- Copy the Directory Editor dml.war file from its current location into the Tomcat webapps directory. For example,
C:\Tomcat\jakarta-tomcat-5.0.28\webapps)
- Navigate to the Tomcat bin directory and use one of the following methods to
stop Tomcat:- From the same directory, use one of the following methods to restart Tomcat:
- Open your browser and type localhost:<port_number>/dml/ into the URL field.
The Directory Editor Startup Properties page is displayed. Continue to Step 4: Specify the Startup Properties for instructions.
Installing Directory Editor for WebLogic
Use the procedures described in this section to install Directory Editor for use with the BEA WebLogic application server. The information is organized as follows:
Configuring the WebLogic Software
If necessary, install WebLogic (using that product’s installation instructions) and select the domain that will be referenced when you install Directory Editor.
Installing Directory Editor
Use the following steps to install Directory Editor:
- Copy the Directory Editor dml.war file from its current location into the folder where you want to install Directory Editor.
- The Application Home panel will display the location where Directory Editor will be installed. Click Next to begin installation.
- Navigate to the WebLogic bin directory and use one of the following methods to stop WebLogic:
- From the same directory, restart WebLogic using one of the following methods:
Next you must configure the WebLogic server for use with Directory Editor.
Continue to one of the following sections for instructions:Configuring a WebLogic 7x Server
Use these steps to configure a WebLogic 7x server:
- Start the WebLogic server:
- Start the BEA WebLogic Administration Console.
- In the left panel, expand deployments and then click Web Applications.
The console displays the Web Applications panel.
- Click Configure a new Web Application.
- Using the links, locate the dml folder and select it.
- Select the target server. To do this, select the server from the Available Servers list and move it to the Target Servers area, and then click Configure and Deploy.
- Click Deploy to deploy Directory Editor.
- Open your browser and type localhost:<port_number>/dml into the URL field. (The port number will vary.)
The Directory Editor Startup Properties page is displayed. Continue to Step 4: Specify the Startup Properties for instructions.
Configuring a WebLogic 8.1 SP1Server
Use these steps to configure a WebLogic 8.1 SP1 server:
- Start the WebLogic server:
- Start the BEA WebLogic Administration Console.
- In the left panel, expand Deployments, and then choose Web Application Modules.
The console displays the Web Applications panel.
- Click Deploy a new Web Application Module.
- Using the links under applications, locate the dml folder where you put the dml.war file, and select it.
- Click Target Module.
- Review the Targets, Accessibility and Identity configuration, and make any necessary changes.
- Click Deploy to deploy Directory Editor.
- Open your browser and type localhost:<port_number>/dml into the URL field. (The port number will vary.)
The Directory Editor Startup Properties page is displayed. Continue to Step 4: Specify the Startup Properties for instructions.
Installing Directory Editor for WebSphere 5.1
Use the following steps to install Directory Editor for use with the IBM WebSphere 5.1 (or later) application server.
- Start the application server.
- Start the WebSphere administration console, and then select
Applications –>Install New Application.- Add the dml.war file name in the Path:Local Path field.
- Add the path to the Context Root for the Directory Editor installation (for example, /dml), and then click Next.
- Select the Generate Default Bindings option (using the default selections for Override and Virtual Host), and then click Next.
- Install a new applications page. If you do not want to install the application in WebSphere’s default location, enter the path to a different location into the Directory to Install Application field. For example:
c:\Program Files\WebSphere\AppServer\installedApps\Hostname
- Be sure the Distribute Application and Use Binary Configuration options are selected.
- Be sure the Create Mbeans for Resources and Deploy EJBs options are not selected.
- Enter the name of the application in the Application Name field (the default is dml).
- Selecting the Enable class reloading option is optional. Click Next.
- To prepare for the new application’s installation, make sure the panel displays a line for the current release of Directory Editor, and that it maps to the appropriate virtual host. Click Next.
- Be sure the panel displays a line for the current release of Directory Editor, and that it maps to the appropriate server. Click Next and then click Finish.
- Click Save to Master Configuration to save the configuration.
- Click Save, and then wait for the page to clear.
- Select Applications –>Enterprise Applications, and then click the application name (the name you specified in the Application Name field).
- Be sure the Use Metadata From Binaries option is selected.
- Select PARENT_LAST in the Classloader Mode field.
- Select Application in the WAR Classloader Policy field.
- Click Apply, and then click OK.
- From the menu bar, click Save.
- Click Save to save the changes to the Master Configuration.
- Stop and restart the application server.
- Open your browser and type localhost:<port_number>/dml into the URL field. (The port number will vary.)
Note
With some platforms, there is a performance impact if you use the JCE provided with that platform. If you experience a long start-up time, see (more...) in Chapter 10, "Error Logging and Troubleshooting".
The Directory Editor Startup Properties page is displayed. Continue to Step 4: Specify the Startup Properties for instructions.
Step 4: Specify the Startup Properties
The first time you open Directory Editor, a Startup Properties page is displayed, similar to the following:
Figure 2-5 Startup Properties Page
You will be prompted to specify these Startup properties and Managed Directory properties (described in the next section).
Note
Directory Editor may automatically complete some of the properties fields, but you can change the information if necessary.
Use the following information to complete the Startup Properties page:
- Specify the following Configuration Directory Server parameters:
- Host: Enter the name of the host where your configuration Directory Server is located.
- Port: Enter the port number on which the Directory Server is listening.
- Bind DN: Enter the bind distinguished name used to authenticate to Directory Server in the bind request.
- Password: Enter the password you use to access the configuration directory.
- Configuration Suffix: Specify the base suffix of the naming context where the Directory Editor configuration is stored.
- Specify the optional Startup Options, as follows:
- Allow users to see this page during startup: Enable or disable the checkbox to control whether the Startup Properties page is displayed.
- Allow users to log in anonymously: Enable or disable the checkbox to control whether your users can log in to Directory Editor anonymously.
If users log in anonymously, they can access Directory Editor’s Home, Browse, and Search pages only. They will not have access to the Create or Configure pages.
- Show user detailed message for failed log in attempts: Enable or disable the checkbox to control whether the end-user will see more-detailed failed log-in messages.
For example, if the user enters an invalid password
- The following message displays if this option is disabled:
Authentication Failed: Invalid Credentials
- The following message displays if this option is enabled:
Authentication Failed: Invalid Password
- When you are finished with this page, click the Save and Continue button to save the information.
A Managed Directories page displays (similar to the following figure).
Figure 2-6 Managed Directories Page
Instructions for completing this page are provided in the next section.
Step 5: Specify the Managed Directory Properties
Use the following information to complete the Managed Directory Properties page (Figure 2-6):
- Specify the following parameters:
- Host: Enter the name of the host where your managed directory is located.
- Port: Enter the port number on which the managed directory is listening, and then enable or disable the Secure Port checkbox to control whether this directory must communicate using a secure connection.
- Base Context: Enter the base context of the naming context to be managed.
For example, ou=People,dc=example,dc=com
Note
You must set the base context high enough in the tree to ensure that you have access to all the information you need.
- Manager Group: Enter the name or distinguished name (DN) of an LDAP group under the base context whose members are considered Directory Editor directory managers (administrators). These directory managers will have access rights to all Directory Editor functionality. (For more information, see Configuring Directory Editor.)
- User search authentication: Enter the method by which Directory Editor will search the directory for authenticating users.
- Anonymously: Enable this button if your user objects are visible to anonymous search queries. (The Bind DN and Password text fields will become inactive and you cannot type in those fields.)
- Simple Bind: If your user objects are not visible to anonymous search queries, you must enable this button and provide a Bind DN and Password in the text boxes provided.
- Bind DN: Enter the bind distinguished name used to authenticate to the managed directory in the bind request (not required for anonymous user search authentication). This option is used only to enable Directory Editor to search for users during the login process.
- Password: Enter the password you use to access your managed directory to search for user object DNs (not required for anonymous user search authentication).
- Naming Attributes: Enter the attributes used in the directory tree.
For additional attributes, click the Add button. To remove attributes, click the Rem button.When a user tries to log in, Directory Editor uses the Account ID field on the Log In form to search for a user object that matches one of these naming attributes exactly.
- When you are finished, click Save to save the information and to open the Directory Editor Log In page.
What’s Next?Continue to Chapter 3, "Getting Started" to log-in and begin customizing applications with Directory Editor.