Sun ONE Directory Server 5.2 Installation and Tuning Guide |
Chapter 1
Installing Sun ONE Directory ServerThis chapter is designed to guide you through initial Sun ONE Directory Server software installation and uninstallation. It contains the following sections:
Before You Start
Before you install Directory Server for use in a production environment, ensure the system is minimally equipped and configured to run directory services. At minimum, familiarize yourself with the concepts discussed in Sun ONE Directory Server Deployment Guide.
Note To achieve optimal performance, also follow the tuning and configuration instructions provided throughout this guide.
Planning Your Directory Deployment
Perform the following steps, referring to the operating system documentation for tasks related to the underlying platform.
- Plan the deployment of directory services.
Refer to the Sun ONE Directory Server Deployment Guide for instructions.
- If the deployment involves centralized administration of server configuration, users, and groups for multiple directory installations, determine configuration and user directory locations.
The configuration directory or Configuration Directory Server (CDS) stores information about how Directory Server itself is configured. This directory is generally installed first, and every subsequent server registers with it. A single configuration directory provides for centralized administration of all servers.
The user directory stores entries for users and groups who access directory services. The user directory is generally unique to the network domain, and other servers access it for user and group information. A single user directory provides for centralized administration of users and groups.
For small deployments, it is possible to install configuration, user, and other directories on the same directory instance. For larger deployments, consider placing the configuration and user directories on separate servers.
Refer to the Sun ONE Server Console Server Management Guide for details on appropriate location of configuration, user, and group data.
- Ensure the host system runs a supported platform on a supported architecture, as summarized in Table 1-1.
- Ensure the host system meets at least minimum disk space and memory requirements, as summarized briefly in Table 4-1.
- Restrict physical access to the host system.
- Ensure the host system uses a static IP address.
- If the Directory Server instance is not itself providing a naming service for the network or if the deployment involves remote administration of Directory Server, ensure a naming service and the domain name for the host are properly configured.
Obtaining Directory Server Software
After performing the procedure outlined in "Planning Your Directory Deployment", complete the following steps.
- Ensure an unzip utility is installed so you can unpack the software.
- Download the software. At the time of this writing, you can download from:
- Unpack the software into a directory other than the directory where you intend to install Directory Server.
Installation
Which Directory Server installation steps you follow depends on your specific deployment requirements. With these specific deployment requirements in mind, proceed according to the appropriate sections:
- Determining What to Install
- Determining How to Install
- Preparing Installation Information
- Installing on Solaris Systems
- Installing on Other UNIX Systems
- Installing on Windows Systems
Determining What to Install
You have a number of alternatives to evaluate before you decide which software to install. Consider these questions:
- Do you need large cache capabilities for a high-volume deployment?
If so, consider using a platform on which Directory Server can run as a 64-bit process, and install the 64-bit version.
If your Directory Server deployment is relatively small, with a database size of less than 500 MB, consider installing only 32-bit support, even on platforms that support 64-bit versions.
- Do you plan to administer Directory Server through the graphical user interface?
If so, install Sun ONE Server Console and Sun ONE Administration Server.
If you intend to administer Directory Server through the command-line interface only, then you may choose not to install the Console and Administration Server.
If you intend to use the system for remote management through the graphical user interface, you may choose to install only the Console and Administration Server.
- Do you intend to deploy Directory Server on Sun Cluster software?
If so, refer to Appendix C "Installing Sun Cluster HA for Directory Server," for instructions.
Determining How to Install
You also have alternatives to evaluate before you decide which packaging best fits your deployment, and whether you intend to install interactively. Consider these questions:
- Do you want tighter integration with Solaris system administration processes? Do you want to share components among multiple Sun ONE servers on the same system?
If so, consider installing using Solaris Packages.
- Do you want to install without first becoming super user? Do you want to install multiple independent sets of Directory Server binaries on the same system?
If so, consider installing from a compressed archive, even on Solaris systems.
- Do you want to install quickly to evaluate Directory Server? Is this your first time installing this version of Directory Server?
If so, consider installing interactively.
- Do you want to script installation? Do you want to install many systems with similar configurations?
If so, consider using the silent installation process.
Preparing Installation Information
Preparing information in advance can help you complete the installation process quickly. Before performing interactive installations, consider creating a work sheet to hold the installation information, as summarized for a typical installation in Table 1-2.
Table 1-2    Basic Information Required During Typical Installation
Description
Examples
Your Answers...
Administration domain
example.com
Administration Server port number
5201
Directory Administrator ID
admin
Directory Administrator password
$3kReT4wD
Directory Manager DN1 (super user for the directory)
cn=Directory Manager
Directory Manager password (at least 8 characters)
#$8Yk$-%&
Directory Server port number (1-65535, inclusive)2
389 (default LDAP)
636 (default LDAP/SSL)
Fully qualified host distinguished name
dirserv.example.com
(Optional) Configuration directory host, port, bind ID and password if using an existing configuration directory
config.example.com
389
admin
$3kReT4wD
(Optional) User directory host, port, bind DN, password, and suffix if using an existing user directory
usergroup.example.com
389
cn=Directory Manager
#$8Yk$-%&
dc=example, dc=com
Server ID (No periods or spaces allowed)
dirserv
Server suffix (At least one to hold directory content)
dc=example,dc=com
ServerRoot (software installation directory; refer to "Default Paths and Filenames" for more information)
Do not install on top of an existing earlier version.
Do not install Sun ONE Web Server in the same ServerRoot as Directory Server.
(UNIX platforms) No spaces allowed.
/var/mps/serverroot
/var/Sun/mps
C:\Program Files\Sun\MPS
(UNIX platforms) Server group ID3
Use the name, rather than the group ID number.
noaccess
(UNIX platforms) Server user ID
Use the name, rather than the user ID number.
diruser
(Windows) Administrator password
(Optional, other platforms) super user password
Ask your system administrator.
When providing information for Directory Administrator and Directory Manager accounts, recall that Directory Administrator access rights may be managed using Directory Server access control mechanisms. Recall also that Directory Server access control does not apply for the Directory Manager account.
Silent installation configuration files contain similar information.
Installing on Solaris Systems
How you install Directory Server software depends on which packaging you decide to use, and on whether you want to interact with the install program. Proceed according to instructions in the appropriate sections:
- Preparing For Installation From Solaris Packages
- Performing Interactive Installation Using Solaris Packages
- Performing Silent Installation Using Solaris Packages
- Preparing For Installation From a Compressed Archive
- Performing Interactive Installation From a Compressed Archive
- Performing Silent Installation From a Compressed Archive
- Completing the Installation Process
When installing Directory Server in a Sun Cluster system, follow the instructions in Appendix C "Installing Sun Cluster HA for Directory Server."
Preparing For Installation From Solaris Packages
- (Optional) Create a user and group account for Directory Server.
Directory Server runs as the user and group you specify during installation. Set permissions that prevent unauthorized access to the directory and to other resources on the system. Refer to "(UNIX Platforms) Users and Groups" for more information.
- (Optional) Allow access to the display using the xhost(1) command.
When you set the DISPLAY environment variable appropriately and perform installation as a user having access to the display, the installation program displays the graphical user interface by default.
If the installation program cannot display the graphical user interface, it starts installation in command-line mode.
- Before installing using a locale other than US English, set the LANG environment variable to C.
- Ensure the required packages listed in Table 1-3 are installed, in addition to all Solaris packages installed by default with a basic system.
Table 1-3    Prerequisite Solaris Packages
Package
Description
Required for 32-Bit Directory Server
Required for 64-Bit Directory Server
SUNWj3rt1
J2SDK 1.4 runtime environment
Yes
Yes
SUNWzlib
The Zip compression library
Yes
Yes
SUNWzlibx
The Zip compression library (64-bit)
No
Yes
It is strongly recommended that you use a Java Runtime Environment version 1.4.1 or later.
Performing Interactive Installation Using Solaris Packages
Perform the steps in the following procedures.
Installing Solaris Packages
You install Solaris packages using the pkgadd(1M) utility. Use pkginfo(1) to determine which packages are already installed, when performing an upgrade for example. When installing packages on multiple hosts, you may define default installation actions through the installation defaults file described in admin(4). In any case, all packages must share the same basedir.
Refer to the Solaris Operating Environment system administration documentation for further information on handling software packages.
- Consider the full list of packages listed in Table 1-4 or Table 1-5.
It is recommended that you use a writable basedir such as /var when installing all packages. Notice when relocating packages that SUNWasvr and SUNWdsvr place startup and shutdown scripts in basedir/etc.
- Use the hints in Table 1-6 to determine which packages to install.
Table 1-6    Which Packages to Install
Configuration
List of Packages to Install1
32-bit Directory Server, Administration Server, and Console
SUNWascv SUNWasvcp SUNWasvr SUNWasvu SUNWdsvcp SUNWdsvh SUNWdsvpl SUNWdsvr SUNWdsvu SUNWicu SUNWjss SUNWldk SUNWpr SUNWsasl SUNWtls
32-bit Directory Server only (no Console)
SUNWasvu SUNWdsvh SUNWdsvpl SUNWdsvr SUNWdsvu SUNWicu SUNWjss SUNWldk SUNWpr SSUNWsasl SUNWtls
64-bit Directory Server, 32-bit Administration Server, and Console
SUNWascv SUNWasvcp SUNWasvr SUNWasvu SUNWdsvcp SUNWdsvh SUNWdsvhx SUNWdsvpl SUNWdsvr SUNWdsvu SUNWdsvx SUNWicu SUNWicux SUNWjss SUNWldk SUNWldkx SUNWpr SUNWprx SUNWsasl SUNWsaslx SUNWtls SUNWtlsx
64-bit Directory Server only (no Console)
SUNWasvu,SUNWdsvh SUNWdsvhx SUNWdsvpl SUNWdsvr SUNWdsvu SUNWdsvx SUNWicu SUNWicux SUNWjss SUNWldk SUNWldkx SUNWpr SUNWprx SUNWsasl SUNWsaslx SUNWtls SUNWtlsx
Cluster node
Add SUNWasha SUNWdsha
Sun ONE Server Console and
Administration Server only
(no Directory Server, remote management only)SUNWasvc SUNWasvcp SUNWasvr SUNWasvu SUNWdsvcp SUNWjss SUNWldk SUNWpr SUNWsasl SUNWtls
Packages SUNWdsvh (32-bit) and SUNWdsvhx (64-bit) are required by Directory Server only on Solaris 8 systems.
- Verify that the packages you want are not yet installed.
Do not reinstall packages that have already been installed on the system.
- Become super user.
- Use the pkgadd(1M) utility to transfer product packages to the system.
Packages SUNWicu, and SUNWicux depend on the version of Solaris running on the system where you install Directory Server.
Furthermore, refer to the subsequent section, "Installing Required Patches," for more information about installing and patching component packages SUNWpr, SUNWprx, SUNWsasl, SUNWsaslx, SUNWtls, and SUNWtlsx.
- After quitting pkgadd, verify that all required product packages are installed.
When upgrading from iPlanet Directory Server 5.1 installed using IPLT* Solaris packages, the 5.1 /usr/sbin/directoryserver command is renamed to /usr/sbin/directoryserver.51bak. You may manage the 5.1 version using the renamed command.
Installing Required Patches
Directory Server relies on packages SUNWpr, SUNWprx, SUNWsasl, SUNWsaslx, SUNWtls, and SUNWtlsx that have been updated to include recent fixes, and on recommended system patches.
- Using pkginfo(1) with the -x option, determine which of these packages are installed on your system. Verify specifically that the appropriate package versions have been installed for your system, as shown in Table 1-7.
- Using showrev(1M) with the -p option, determine whether the appropriate patches listed in Table 1-7 have been applied for your platform.
- Use the hints in Table 1-8 to determine whether to patch components.
Table 1-8    Whether to Patch Components
On your system...
Do this...
The packages are already installed, and the patches have been applied.
Proceed to Step 4.
The packages are already installed, but the patches have not been applied.
Apply the appropriate patches for your platform provided with Directory Server.
The packages are not yet installed.
Install the packages and appropriate patches provided with Directory Server.
- Run the following command as super user:
root# /usr/sbin/directoryserver idsktune -q > idsktune.out
idsktune suggests changes you may make to the system. The subcommand itself makes no changes to the system.
- Fix at least all ERROR conditions indicated.
If you do not fix ERROR conditions, installation may fail. Notice that the idsktune subcommand reports as missing all patches recommended at the time of release and not installed on the system, even patches for packages not installed on the system.
You may download patches from http://sunsolve.sun.com/.
Refer to Chapter 5 "Tuning the Operating System" for more information.
Configuring Directory Server
- Start the configuration program.
To use the graphical user interface:
root# /usr/sbin/directoryserver configure
To use the command-line interface:
root# /usr/sbin/directoryserver configure -nodisplay
The first installation screen appears.
- Follow the instructions on each screen using the work sheet you made when "Preparing Installation Information".
Configuring Administration Server
- Start the configuration program.
To use the graphical user interface:
root# /usr/sbin/mpsadmserver configure
To use the command-line interface:
root# /usr/sbin/mpsadmserver configure -nodisplay
The first installation screen appears.
- Follow the instructions on each screen using the work sheet you made when "Preparing Installation Information".
Proceed to "Completing the Installation Process".
Performing Silent Installation Using Solaris Packages
Complete the steps in the following procedures.
Installing Solaris Packages
Follow the instructions in "Installing Solaris Packages".
Installing Required Patches
Follow the instructions in "Installing Required Patches".
Creating Specification Files
To perform full silent installation, you must first create two files containing installation specifications, one for Directory Server, one for Administration Server. For a Directory Server installation specification file template, refer to /usr/ds/v5.2/setup/typical.ins. For Administration Server, refer to /usr/sadm/mps/admin/v5.2/setup/admin/typicalInstall.ins.
Note Specification files may contain passwords in clear text. Protect such files with appropriate file permissions.
You may create a silent installation specification file either by editing a copy of the template file by hand, or by performing interactive configuration using the Directory Server and Administration Server configuration programs.
To create silent installation specification files for Directory Server and for Administration Server interactively, follow these steps:
- Perform Directory Server configuration using the -saveState option.
root# /usr/sbin/directoryserver configure -saveState dirserv-file
to create the specification file, dirserv-file.
- Perform Administration Server configuration using the -saveState option.
root# /usr/sbin/mpsadmserver configure -saveState admserv-file
to create the specification file, admserv-file.
- Adjust the specification files, dirserv-file and admserv-file, before using them to install on other systems.
Some silent installation specification file directives, such as FullMachineName, depend directly on the underlying host system and so cannot be generated generically.
Silent installation specification files contain a checksum string corresponding to the build version of the install program. To reuse a silent installation specification file with a different build or release of the install program, update the checksum string in lines beginning with [STATE_BEGIN and [STATE_DONE. The updated checksums are in /usr/ds/v5.2/setup/typical.ins for Directory Server and in /usr/sadm/mps/admin/v5.2/setup/admin/typicalInstall.ins for Administration Server. Code Example 1-1 shows a sample checksum.
Code Example 1-1    Silent Installation Checksum Line
[STATE_BEGIN Sun ONE Directory Distribution a7cc64b2f71a0452899e1c3b853ecead72027b3b]
Installing Using the Specification Files
To configure Directory Server and Administration Server interactively, follow these steps:
- Verify the changes made to the silent installation specification file.
- Perform Directory Server configuration in silent mode.
root# /usr/sbin/directoryserver configure -f dirserv-file
Here dirserv-file is the silent installation configuration file.
- Perform Administration Server configuration in silent mode.
root# /usr/sbin/mpsadmserver configure -f admserv-file
Here admserv-file is the silent installation configuration file.
Proceed to "Completing the Installation Process".
Preparing For Installation From a Compressed Archive
- From the directory containing the software you unpacked as described in "Obtaining Directory Server Software", run the idsktune utility. idsktune checks for appropriate patches and verifies the system is tuned to support high directory service performance.
As super user, enter the following command:
root# ./idsktune -q > idsktune.out
Perform suggested changes to the system manually. idsktune itself makes no changes to the system.
- Fix at least all ERROR conditions indicated by idsktune. If you do not fix ERROR conditions, installation may fail. Notice that idsktune reports as missing all patches recommended at the time of release and not installed on the system, even patches for packages not installed on the system.
You may download patches from http://sunsolve.sun.com/.
Refer to Chapter 5 "Tuning the Operating System" for more information.
- (Optional) Create a user and group account for Directory Server.
Directory Server runs as the user and group you specify during installation. Set permissions that prevent unauthorized access to the directory and to other resources on the system. Refer to "(UNIX Platforms) Users and Groups" for more information.
- (Optional) When installing interactively as another user, allow access to the display using the xhost(1) command.
When you set the DISPLAY environment variable appropriately and perform installation as a user having access to the display, the installation program displays the graphical user interface by default.
If the installation program cannot display the graphical user interface, it starts installation in command line mode.
- Before installing using a locale other than US English, set the LANG environment variable to C.
Performing Interactive Installation From a Compressed Archive
- Start the installation program in the directory containing the unpacked software.
For the graphical user interface:
root# ./setup
For command-line interface:
root# ./setup -nodisplay
The first installation screen appears.
- Follow the instructions on each screen using the work sheet you made when "Preparing Installation Information".
Note To install a 32-bit Directory Server, ensure you clear the check box next to Sun ONE Directory Suite > Sun ONE Directory Server (64-bit support) in the wizard screen titled Select Components.
Do not install this version in the same directory as an earlier version of the Directory Server. If you must reuse the same directory location, first uninstall the earlier version. Refer to Chapter 2 "Upgrading From Previous Versions," for further information.
Performing Silent Installation From a Compressed Archive
Complete the steps in the following procedures.
Creating Specification Files
To perform a silent installation, you must first create a file containing installation specifications. For a silent installation specification file template, refer to setup_data/typical.ins under the directory where you unpacked the software.
Note Specification files may contain passwords in clear text. Protect such files with appropriate file permissions.
You may create a silent installation specification file either by editing a copy of the template file by hand, or by performing interactive configuration using the installation program.
- Become super user.
- Start the installation program with the -saveState option.
root# ./setup -saveState filename
to create the specification file, filename.
- Perform interactive installation.
- Adjust the specification file, filename, before using it to install on other systems.
Some silent installation specification file directives, such as FullMachineName, depend directly on the underlying host system and so cannot be generated generically.
Silent installation specification files contain a checksum string corresponding to the build version of the install program. To reuse a silent installation specification file with a different build or release of the install program, update the checksum string in lines beginning with [STATE_BEGIN and [STATE_DONE. The updated checksum can be found in typical.ins. Code Example 1-1 shows a sample checksum.
Installing Using the Specification Files
- Verify the changes made to the installation specification file.
- Start the installation program in silent mode.
root# ./setup -noconsole -nodisplay -state filename
Here filename is the silent installation specification file.
Completing the Installation Process
- Ensure that access permissions for the files under ServerRoot/alias have been set to prevent access by all users other than servers you install under ServerRoot.
- (Optional) If you installed from a compressed archive, add support to start Directory Server on system reboot. This support is included in the Solaris package version.
Refer to the Solaris system administration documentation for details.
- (Optional) Enable core file generation.
If you have installed Directory Server as super user, but have set the user and group ID to that of another account, the Directory Server may not be able to generate a core file during a crash. It is strongly recommended that you plan enough space for core files, and allow Directory Server to generate them during a crash.
You may administer core file generation using coreadm(1M), allowing Directory Server to generate core files as follows, for example:
root# coreadm -e proc-setid
Refer to "(UNIX Platforms) Core Files" for further information.
- (Optional) Many command-line scripts written in Perl can now read the bind password interactively (-w - option). To enable this functionality:
- Install the Term::ReadKey Perl module, available separately from CPAN.
- Edit each Perl script to read the bind password interactively by uncommenting the appropriate lines.
All other Perl script functionality remains available without the Term::ReadKey module.
Directory Server is now minimally configured and started.
Installing on Other UNIX Systems
Proceed according to instructions in the appropriate sections:
- Preparing For Installation
- Performing Interactive Installation
- Performing Silent Installation
- Completing the Installation Process
Preparing For Installation
Proceed according to instructions in the appropriate sections:
- Instructions For All UNIX Platforms
- Additional Instructions For AIX Systems
- Additional Instructions For HP-UX Systems
Instructions For All UNIX Platforms
- Run the idsktune utility, which you find in the directory containing the unpacked software. idsktune checks for appropriate patches and verifies the system is tuned to support high directory service performance.
As super user, enter the following command:
root# ./idsktune -q > idsktune.out
Perform suggested changes to the system manually. idsktune itself makes no changes to the system.
- Fix at least all ERROR conditions indicated by idsktune. If you do not fix ERROR conditions, installation may fail.
Table 1-9 suggests where to look for official patches not yet installed on your system.
Table 1-9    Where to Obtain Patches, By Platform
Platform
Browse...
Hewlett Packard HP-UX
IBM AIX
Red Hat Linux
Refer to Chapter 5 "Tuning the Operating System" starting on page 97 for more information.
- (Optional) Create a user and group account for Directory Server.
Directory Server runs as the user and group you specify during installation. Set permissions that prevent unauthorized access to the directory and to other resources on the system. Refer to "(UNIX Platforms) Users and Groups" for more information.
- (Optional) When installing interactively as another user, allow access to the display using the xhost(1) command.
When you set the DISPLAY environment variable appropriately and perform installation as a user having access to the display, the installation program displays the graphical user interface by default.
If the installation program cannot display the graphical user interface, it starts installation in command-line mode.
- Before installing using a locale other than US English, set the LANG environment variable to C.
Additional Instructions For AIX Systems
- If you plan to use the Console, install the X11.adt package.
This package is not part of the standard bundle, but may be obtained from IBM.
Additional Instructions For HP-UX Systems
- Ensure that support for IPv6 is installed, even if you do not intend to use IPv6 interfaces with Directory Server.
- Before installing remotely using a locale with fonts not supported for US English, ensure you can access font aliases for remote sessions.
Refer to the operating system documentation for instructions.
Performing Interactive Installation
- Start the installation program in the directory containing the unpacked software.
For the graphical user interface:
root# ./setup
For the command-line interface:
root# ./setup -nodisplay
The first installation screen appears.
- Follow the instructions on each screen using the work sheet you made when "Preparing Installation Information".
Do not install this version in the same directory as an earlier version of the Directory Server. If you must reuse the same directory location, first uninstall the earlier version. Refer to Chapter 2 "Upgrading From Previous Versions," for further information.
Proceed to "Completing the Installation Process".
Performing Silent Installation
Complete the steps in the following procedures.
Creating Specification Files
To perform a silent installation, you must first create a file containing installation specifications. For a silent installation specification file template, refer to setup_data/typical.ins under the directory where you unpacked the software.
Note Specification files may contain passwords in clear text. Protect such files with appropriate file permissions.
You may create a silent installation specification file either by editing a copy of the template file by hand, or by performing interactive configuration using the installation program.
- Become super user.
- Start the installation program with the -saveState option.
root# ./setup -saveState filename
to create the specification file, filename.
- Perform interactive installation.
- Adjust the specification file, filename, before using it to install on other systems.
Some silent installation specification file directives, such as FullMachineName, depend directly on the underlying host system and so cannot be generated generically.
Silent installation specification files contain a checksum string corresponding to the build version of the install program. To reuse a silent installation specification file with a different build or release of the install program, update the checksum string in lines beginning with [STATE_BEGIN and [STATE_DONE. The updated checksum can be found in typical.ins. Code Example 1-1 shows a sample checksum.
Installing Using the Specification Files
- Verify the changes made to the installation specification file.
- Start the installation program in silent mode.
root# ./setup -noconsole -nodisplay -state filename
Here filename is the silent installation specification file.
Completing the Installation Process
- Ensure that access permissions for files under ServerRoot/alias have been set to prevent access by all users other than servers you install under ServerRoot.
- (Optional) Add support to start Directory Server on system reboot.
Refer to the operating system documentation for details.
- (Optional) Enable core file generation.
If you have installed Directory Server as super user, but have set the user and group ID to that of another account, the Directory Server may not be able to generate a core file during a crash. It is strongly recommended that you plan enough space for core files, and allow Directory Server to generate them during a crash.
Refer to "(UNIX Platforms) Core Files" for further information.
- (Optional) Many command-line scripts written in Perl can now read the bind password interactively (-w - option). To enable this functionality:
- Install the Term::ReadKey Perl module, available separately from CPAN.
- Edit each Perl script to read the bind password interactively by uncommenting the appropriate lines.
All other Perl script functionality remains available without the Term::ReadKey module.
Directory Server is now minimally configured and started.
Installing on Windows Systems
Proceed according to instructions in the appropriate sections:
- Preparing For Installation
- Performing Interactive Installation
- Performing Silent Installation
- Completing the Installation Process
Preparing For Installation
- When installing Windows 2000, specify that the computer is a stand-alone server, not a member of any existing domain or workgroup, to reduce dependencies on network security services.
- Apply Service Pack 3.
- Ensure the display driver supports at least 256 colors.
- Log on as a user with Administrator privileges.
- Set the TEMP environment variable to a valid folder for temporary files.
Performing Interactive Installation
- Double click setup.exe in the folder containing the unpacked software.
The first installation screen appears.
- Follow the instructions on each screen using the work sheet you made when "Preparing Installation Information".
Do not install this version in the same folder as an earlier version of the Directory Server. If you must reuse the same folder, first uninstall the earlier version. Refer to Chapter 2 "Upgrading From Previous Versions," for further information.
Proceed to "Completing the Installation Process".
Performing Silent Installation
Perform the steps in the following procedures.
Creating Specification Files
To perform a silent installation, you must first create a file containing installation specifications. For a silent installation specification file template, refer to setup_data\typical.ins in the folder where you unpacked the software.
Note Specification files may contain passwords in clear text. Protect such files with appropriate file permissions.
You may create a silent installation specification file either by editing a copy of the template file by hand, or by performing interactive configuration using the installation program.
- Log on as a user with Administrator privileges.
- Start the installation program with the -saveState option.
From the folder where you unpacked the product, enter
Prompt>setup -saveState filename
to create the specification file, filename.
- Perform interactive installation.
- Adjust the specification file, filename, before using it to install on other systems.
Some silent installation specification file directives, such as FullMachineName, depend directly on the underlying host system and so cannot be generated generically.
Silent installation specification files contain a checksum string corresponding to the build version of the install program. To reuse a silent installation specification file with a different build or release of the install program, update the checksum string in lines beginning with [STATE_BEGIN and [STATE_DONE. The updated checksum can be found in typical.ins. Code Example 1-1 shows a sample checksum.
Installing Using the Specification Files
- Verify the changes made to the installation specification file.
- Start the installation program in silent mode.
From the folder where you unpacked the product, enter
Prompt>setup -noconsole -nodisplay -state filename
Here filename is the silent installation specification file.
Completing the Installation Process
- Ensure that access permissions for files under ServerRoot\alias have been set to prevent access by all users other than servers you install under ServerRoot.
- After installation, manually set special access permissions for the following files such that only the user and group running the Administration Server has read-write access, and all other users have no access.
- ServerRoot\admin-serv\config\adm.conf
- ServerRoot\admin-serv\config\admpw
- ServerRoot\admin-serv\config\magnus.conf
- ServerRoot\admin-serv\config\obj.conf
- ServerRoot\admin-serv\config\secmod.db
- ServerRoot\admin-serv\config\server.xml
Refer to Windows help for instructions on setting special access permissions for files. This modification prevents unauthorized users from modifying Administration Server configuration data.
- (Optional) Many command-line scripts written in Perl can now read the bind password interactively (-w - option). To enable this functionality:
- Install the Term::ReadKey Perl module, available separately from CPAN.
- Edit each Perl script to read the bind password interactively by uncommenting the appropriate lines.
All other Perl script functionality remains available without the Term::ReadKey module.
Directory Server is now minimally configured and started.
Uninstallation
Uninstallation removes the software and associated data from a computer. Directory Server becomes unavailable and you lose all settings and data.
Uninstallation removes not only server software, but also registry data stored on the system. If you delete files manually before using the uninstallation program, you may corrupt your registry. To avoid corrupting the registry, use the uninstallation program before deleting any product files manually.
Proceed according to the appropriate section:
Uninstalling on Solaris Systems
How you remove Directory Server software depends on which packaging was used during the installation process, and on whether you want to interact with the uninstall program. Proceed according to instructions in the appropriate section:
- Performing Interactive Uninstallation After Installing Using Solaris Packages
- Performing Interactive Uninstallation After Installing From a Compressed Archive
- Performing Silent Uninstallation After Installing Using Solaris Packages
- Performing Silent Uninstallation After Installing From a Compressed Archive
Performing Interactive Uninstallation After Installing Using Solaris Packages
Proceed according to instructions in the appropriate sections:
- Uninstalling Previous Directory Server Versions
- Unconfiguring Administration Server
- Unconfiguring Directory Server
- Removing Packages
Uninstalling Previous Directory Server Versions
- Important If you are completing the upgrade of Directory Server 5.1 on a Solaris system to 5.2, and the 5.1 version was installed from IPLT* Solaris packages, then perform uninstallation for the 5.1 version:
root# /usr/sbin/directoryserver.51bak uninstall
Unconfiguring Administration Server
- Delete the Administration Server configuration.
root# /usr/sbin/mpsadmserver unconfigure
The first uninstallation screen appears. Follow the instructions on each screen.
Unconfiguring Directory Server
- Delete the Directory Server configuration.
root# /usr/sbin/directoryserver unconfigure
The first uninstallation screen appears. Follow the instructions on each screen.
Removing Packages
- Using the pkgrm(1M) utility, remove the Directory Server-specific packages installed in "Performing Interactive Installation Using Solaris Packages".
CAUTION: Remove only those packages whose descriptions begin with "Sun ONE". Do NOT remove the other packages listed in these tables. Doing so can render your system unbootable.
Performing Interactive Uninstallation After Installing From a Compressed Archive
- In the ServerRoot directory, start the uninstall program.
root# ./uninstall_dirserver
The first uninstallation screen appears.
- Follow the instructions on each screen.
The selected software is now removed. If the uninstallation program cannot remove all files under the ServerRoot directory, it displays a message. You may manually remove files remaining under ServerRoot.
Performing Silent Uninstallation After Installing Using Solaris Packages
- Edit uninstall specification file, ServerRoot/setup/uninstall.ins, to include the appropriate administrator identifiers and passwords.
- If you are completing the upgrade of Directory Server 5.1 on a Solaris system to 5.2, and the 5.1 version was installed from IPLT* Solaris packages, then perform uninstallation for the 5.1 version:
root# /usr/sbin/directoryserver.51bak uninstall -f 51-uninstaller-file
- Delete the Administration Server configuration using the unconfigure subcommand.
root# /usr/sbin/mpsadmserver unconfigure -f ServerRoot/setup/uninstall.ins
- Delete the Directory Server configuration using the unconfigure subcommand.
root# /usr/sbin/directoryserver unconfigure -f ServerRoot/setup/uninstall.ins
- Using the pkgrm(1M) utility, remove the packages installed in "Performing Silent Installation Using Solaris Packages".
You may remove remaining files manually after uninstallation completes.
Performing Silent Uninstallation After Installing From a Compressed Archive
- Edit uninstall specification file, ServerRoot/setup/uninstall.ins, as shown in Code Example 1-2 to include the appropriate administrator identifiers and passwords.
- Run the uninstallation program in silent mode.
root# cd ServerRoot
root# ./uninstall_dirserver -noconsole -nodisplay -state setup/uninstall.insYou may remove remaining files manually after uninstallation completes.
Uninstalling on Other UNIX Systems
Proceed according to instructions in the appropriate section.
Performing Interactive Uninstallation
- In the ServerRoot directory, start the uninstall program.
root# ./uninstall_dirserver
The first uninstallation screen appears.
- Follow the instructions on each screen.
The selected software is now removed. If the uninstallation program cannot remove all files under the ServerRoot directory, it displays a message. You may manually remove files remaining under ServerRoot.
Performing Silent Uninstallation
- Edit uninstall specification file, ServerRoot/setup/uninstall.ins, as shown in Code Example 1-2 to include the appropriate administrator identifiers and passwords.
- Run the uninstallation program in silent mode.
root# cd ServerRoot
root# ./uninstall_dirserver -noconsole -nodisplay -state setup/uninstall.insYou may remove remaining files manually after uninstallation completes.
Uninstalling on Windows Systems
Proceed according to instructions in the appropriate section.
Performing Interactive Uninstallation
- Click Start, and then choose Settings > Control Panel.
- Double-click Add/Remove Programs.
- In the Add/Remove Programs window, select Directory Server, then click Remove.
- Follow the instructions in the Sun ONE Uninstall window.
If you have upgraded Directory Server, use custom uninstallation mode, and choose not to remove Basic System Libraries, which include .dll files shared with the new Directory Server instance.
Performing Silent Uninstallation
- Edit uninstall specification file, ServerRoot\setup\uninstall.ins, as shown in Code Example 1-2 to include the appropriate administrator identifiers and passwords.
- Run the uninstallation program in silent mode.
Prompt>cd ServerRoot
Prompt>uninstall_dirserver -noconsole -nodisplay -state setup\uninstall.insYou may remove remaining files manually after uninstallation completes.
It is strongly recommended that you reboot the Windows system after uninstallation.
Troubleshooting
Table 1-10    Common Installation Problems With Solutions
Problem
Possible Solutions
I get a message about missing libraries.
Run idsktune and fix at least all ERROR conditions, installing all recommended patches.
Installation did not work, and now I cannot uninstall. What do I do?
Removing the product registry file unless doing so would negatively impact other products:
- /var/sadm/install/productregistry on Solaris systems when installing as super user
- /var/tmp/productregistry on other UNIX systems
- productregistry in the system32 folder under the Windows system folder, for example C:\WINNT\system32\productregistry, on Windows
Next, remove the partially installed files by hand before reinstalling.
Installation failed and I do not know why. Is there an installation log somewhere?
Yes. The log can be found under the following location:
Clients cannot locate the server.
Try using the host name such as dirserv.
If that does not work, make sure the server is listed in the name service you are using such as DNS, and try the fully qualified domain name such as dirserv.example.com.
If that does not work, try using the IP address for the host such as 192.168.0.30.
The port is in use.
If upgrading, you probably did not shut down Directory Server before you upgraded it. Shut down the old server, then manually start the upgraded one.
Otherwise, another server might be using the port. Examine which ports are in use with an appropriate tool such as the netstat(1M) utility with the -a option on UNIX systems to determine which ports remain available.
An LDAP authentication error causes installation to fail.
You may have provided the incorrect fully qualified domain name during installation, such as dirserv.nisDomain.Example.COM instead of dirserv.example.com.
I have forgotten the Directory Manager DN and password.
The Directory Manager DN is recorded as the value of nsslapd-rootdn in ServerRoot/slapd-serverID/config/dse.ldif.
The Directory Manager password is recorded as the value of nsslapd-rootpw in dse.ldif. If the password is not encrypted we strongly recommend you encrypt it! then it appears in dse.ldif in clear text, not prefixed with an encryption scheme identifier such as {SSHA}.
If the password is encrypted, you must fix the problem manually.
- Stop Directory Server.
- Change the value of nsslapd-rootpw in dse.ldif, taking care not to add trailing spaces.
- Save and close dse.ldif.
- Restart the server.
- Login as Directory Manager using the value you assigned to nsslapd-rootpw.
- Set an encryption scheme for the Directory Manager password as described in the Sun ONE Directory Server Administration Guide, and then change the password again.
I installed the 32-bit version of the Directory Server by mistake.
How do I run the 64-bit version instead?
- Export all suffixes to LDIF as described in the Sun ONE Directory Server Administration Guide.
- Remove all database files.
Database files are found under the path indicated by the value of nsslapd-directory on cn=config,cn=ldbm database,cn=plugins,cn=config for the instance.
- Install 64-bit components if you have not done so already.
- Make ServerRoot/bin/slapd/server/64/ns-slapd executable.
- If the operating system is running in 32-bit mode, reboot it in 64-bit mode.
- If necessary, change cache size settings to work in 32-bit mode.
Refer to Chapter 6 "Tuning Cache Sizes," for further information.
- Initialize all suffixes with the LDIF you exported as described in the Sun ONE Directory Server Administration Guide.
- Restart the server.
I installed the 64-bit version of the Directory Server by mistake.
How do I run the 32-bit version instead?
- Export all suffixes to LDIF as described in the Sun ONE Directory Server Administration Guide.
- Remove all database files.
Database files are found under the path indicated by the value of nsslapd-directory on cn=config,cn=ldbm database,cn=plugins,cn=config for the instance.
- Change the mode of ServerRoot/bin/slapd/server/64/ns-slapd so it is not executable.
- Initialize all suffixes with the LDIF you exported as described in the Sun ONE Directory Server Administration Guide.
- Restart the server.
I wrote a script to handle installation. When I tried installing using my script, the installer returned 73, rather than 0.
What is going on here?
The installation program return codes are as follows:
0 - SUCCESS
1 - WARNING_REBOOT_REQUIRED
2 - WARNING_PLATFORM_SUPPORT_LIMITED
3 - WARNING_RESOURCE_NOT_FOUND
4 - WARNING_CANNOT_WRITE_LOG
5 - WARNING_LOCALE_NOT_SUPPORTED
50 - ERROR_FATAL
51 - ERROR_ACCESS
52 - ERROR_PLATFORM_NOT_SUPPORTED
53 - ERROR_NO_WINDOWING_SYSTEM_AVAILABLE
54 - ERROR_RESOURCE_NOT_FOUND
55 - ERROR_TASK_FAILURE
56 - ERROR_USER_EXIT
57 - ERROR_CANNOT_UPGRADE
58 - ERROR_NOTHING_TO_DO
59 - ERROR_IN_SERIALIZATION
60 - ERROR_ABNORMAL_EXIT
61 - ERROR_INCOMPATIBLE_STATEFILE
62 - ERROR_UNKNOWN_COMMANDLINE_OPTION
70 - ERROR_NOT_INSTALLED
71 - PARTIALLY_UNINSTALLED
72 - FULLY_UNINSTALLED
73 - INSTALLED
74 - ERROR_FAILED
75 - ERROR_STOPPED
76 - ERROR_STOPPED_ON_ERROR
77 - PARTIALLY_INSTALLEDIn other words, 73 indicates successful installation.