This chapter tells you where to download Directory Server Enterprise Edition software, and lists primary installation requirements.
This chapter includes the following sections:
Before you start with the product installation, make sure you read the support and licensing information thoroughly.
Sun Software Service Standard, Premium and Premium Plus plan offerings are available for Sun Java System Directory Server Enterprise Edition and can be purchased either through a Sun sales representative, an authorized Sun reseller, or online at http://www.sun.com/sales/index.jsp. These service plans include telephone and online technical support, on-demand software updates, online system administration resources, support notification services and one-stop interoperability assistance (Premium and Premium Plus plans only). In addition, the Premium Plus plan features a customer advocate and a customer-focused support team.
For complete feature set information, visit: http://www.sun.com/service/serviceplans/software/overview.xml
Customers wishing to buy a maintenance contract for the free 200,000 Directory Server entries included in Solaris can also purchase a Sun Software Service plan through a Sun sales representative or authorized Sun reseller.
You may access the service lists describing all Sun service program offerings at: http://www.sun.com/servicelist
Licenses are provided based on the number of entries you plan to manage using Directory Server Enterprise Edition. After a license is provided, you can replicate the entries as many times as required to get maximum flexibility out of your directory implementation. The only condition is that you do not change any of the replicated entries and store all of the replicated entries on the same operating system. If the replicated entries are stored on any other operating system, you must purchase a license for those entries.
Solaris provides 200,000 free entries for Directory Server. In this case, you only have license for the core directory server component, not for the other Directory Server Enterprise Edition components. You can purchase an upgrade from core directory server component to full Directory Server Enterprise Edition.
You can review the latest license for a given version of a product before downloading it from http://www.sun.com/software/products/directory_srvr_ee/get.jsp.
Directory Server Enterprise Edition 6.2 is a patch release that adds the following new features to the Directory Server Enterprise Edition 6.1 release:
Native distribution for Windows.
Install the zip distribution as any user on Windows.
The console is also available for the zip distribution, see Installing Directory Service Control Center From Zip Distribution in Sun Java System Directory Server Enterprise Edition 6.2 Installation Guide.
Improved performance for some specific deployments.
For the list of new features added in Directory Server Enterprise Edition 6.1, see What’s New at a Glance in Sun Java System Directory Server Enterprise Edition 6.2 Evaluation Guide.
You can download Sun Java System Directory Server Enterprise Edition 6.2 software from the following location.
http://www.sun.com/software/products/directory_srvr_ee/get.jsp
The download page serves as a starting point to direct you to the proper downloads depending on the distribution type you need to download. Directory Server Enterprise Edition 6.2 is available in the following distributions.
Native package distribution
zip distribution
For a comparison of the two distributions, see Directory Server Enterprise Edition Software Distributions in Sun Java System Directory Server Enterprise Edition 6.2 Installation Guide.
Directory Server Enterprise Edition 6.2 is available in the following forms.
Java ES installer — full installer for Solaris and Linux systems native packages.
Native patch — patches to upgrade Directory Server Enterprise Edition 6.0 and 6.1 native packages installed using the Java ES installer.
There is no Native patch delivery for SuSE Linux Enterprise Server in Directory Server Enterprise Edition 6.2.
Zip based distribution — standalone delivery to install Directory Server Enterprise Edition 6.2 or upgrade Directory Server Enterprise Edition 6.0 and 6.1 zip installations.
For information on patch numbers, see Software Installation in Sun Java System Directory Server Enterprise Edition 6.2 Installation Guide.
For the detailed information on what you need to install based on your current installation, refer to the Installation Procedure Quick Reference in Sun Java System Directory Server Enterprise Edition 6.2 Installation Guide.
This section covers hardware requirements for Directory Server Enterprise Edition component products.
Directory Server software requires the following hardware support.
Component |
Platform Requirement |
---|---|
RAM |
1-2 GB for evaluation purposes Minimum 2 GB for production servers |
Local disk space |
300 MB disk space for binaries. By default, binaries installed from native packages are placed in /opt on UNIX® systems. For evaluation purposes, an additional 2 GB local disk space for server software might be sufficient. If you are using Directory Server, consider that entries stored in Directory Server use local disk space. Directory Server does not support logs and databases installed on NFS-mounted file systems. Sufficient space should be provided for the database on a local file system in, for example, /var/opt or /local. For a typical production deployment with a maximum of 250,000 entries and no binary attributes such as photos, 4 GB might be sufficient. Directory Server may use more than 1.2 GB of disk space for its log files. This should be taken into account that 4 GB storage space is only for the databases, not the logs. Directory Server supports SAN disk storage. Before using SAN disk, you need to understand the layout and the design of the disk because the write performance of the system is affected if many applications simultaneously access data from the same disk. |
Directory Proxy Server software requires the following hardware support.
Component |
Platform Requirement |
---|---|
RAM |
1-2 GB for evaluation purposes Minimum 2GB for production servers |
Local disk space |
300 MB disk space for binaries. By default, binaries installed from native packages are placed in /opt on UNIX systems. For evaluation purposes, an additional 2 GB local disk space per server instance is sufficient to hold server logs when the default configuration is used. Directory Proxy Server does not support installation on NFS-mounted file systems. Sufficient space should be provided for the instance, and for all files used by the instance on a local file system in, for example, /var/opt or /local. |
Identity Synchronization for Windows software requires the following hardware support.
Component |
Platform Requirement |
---|---|
RAM |
512 MB for evaluation purposes wherever components are installed. More memory is preferred. |
Local disk space |
400 MB disk space for minimal installation alongside Directory Server. |
Make sure you read Chapter 6, Directory Editor Bugs Fixed and Known Problems in these release notes before you install Directory Editor.
Also, see the Directory Editor documentation at http://docs.sun.com/coll/DirEdit_05q1 for details.
This section covers operating systems, patches and service packs required to support Directory Server Enterprise Edition component products.
Directory Server, Directory Proxy Server, and Directory Server Resource Kit share the same operating system requirements. These software components run on the operating system versions listed here. Certain operating systems require additional service packs or patches as shown in the following table.
Operating System |
Supported OS Versions |
Additional Required Software |
---|---|---|
SolarisTM Operating System |
Solaris 10 Operating System for SPARC®, x86, and AMD x64 architectures |
Patches: |
Solaris 9 Operating System for SPARC and x86 architectures |
Patches: |
|
Red Hat Linux (On 64–bit Red Hat systems, Directory Server runs in 32-bit mode.) |
Red Hat Advanced Server 3.0 U4 for x86 and AMD x64 |
No additional software is required. |
Red Hat Advanced Server 4.0 U2 for x86 and AMD x64 |
The following compatibility libraries are recommended: compat-gcc-32-3.2.3-47.3.i386.rpm compat-gcc-32-c++-3.2.3-47.3.i386.rpm The following compatibility library is required: compat-libstdc++-33-3.2.3-47.3.rpm Even when running Red Hat on a 64-bit system, you install 32-bit system libraries. These compatibility libraries are available from Red Hat media or https://www.redhat.com/rhn/rhndetails/update/. |
|
SuSE (On 64–bit SuSE systems, Directory Server runs in 32-bit mode.) |
SuSE Linux Enterprise Server 9 for x86 and AMD x64 |
Service Pack 3 |
Microsoft Windows (On 64–bit Windows systems, Directory Server runs in 32-bit mode.) |
Windows 2000 Server |
Service Pack 4 |
Windows 2000 Advanced Server |
Service Pack 4 |
|
Windows 2003 Server Standard Edition |
Service Pack 1 |
|
Windows 2003 Server Enterprise Edition |
Service Pack 1 |
Directory Server Enterprise Edition 6.2 does not support HP-UX. But the future version of the product is planned to support HP-UX.
Before you install Directory Server Enterprise Edition 6.2 on SuSE Linux Enterprise Server, you must read the following instructions:
On SuSE Linux, only Directory Server and Directory Proxy Server are supported. This support is available only in the zip distribution.
On SuSE Linux, you must install as root otherwise you cannot use DSCC to manage your servers remotely.
You must apply a patch for Pluggable Authentication Modules (PAM) libraries.
It the patch is not applied, DSCC fails to authenticate the DSCC agent.
On SuSE 64–bit, you must install pam-32bit-9-yyyymmddhhmm.rpm
If pam-32bit-9-yyyymmddhhmm.rpm is not installed, cacaoadm start fails.
The Linux delivery, which works on both Red Hat and SuSE Linux, is labelled for Red Hat only.
You can obtain Solaris patch clusters and avoid downloading most individual patches. To obtain Solaris patch clusters, follow these steps:
Go to the SunSolve patch page at http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage.
Click the Recommended Patch Clusters link.
Download the patch cluster for your Solaris OS and Java ES versions.
Directory Server Enterprise Edition software is validated with full installations of the operating systems listed here, not with reduced “base”, “End User”, or “core” installations.
Directory Server runs in 64–bit mode on the following platforms:
Solaris SPARC
Solaris 10 AMD x64 systems
Directory Server runs in 32-bit mode on the following platforms:
Solaris x86 systems
Solaris 9 AMD x64 systems
Red Hat systems for x86 and AMD x64
SuSE Linux Enterprise Server 9 SP3 for x86 and AMD x64
You must install Directory Server and Directory Proxy Server on Windows NTFS system. The Common Agent Container is not supported on Windows FAT system.
SuSE Linux Enterprise Server provides a set of scripts in /etc/profile.d/ to automatically set the appropriate environment as per the installed software. Therefore, you must reset the following Java environment variables to none before you start working on the product using commands.
JAVA_BINDIR
JAVA_HOME
JRE_HOME
JAVA_ROOT
Identity Synchronization for Windows components run on the operating system versions listed here. Certain operating systems require additional service packs or patches as shown in the following tables.
The following table lists operating system requirements for core components, and connectors for Directory Server and Active Directory.
Operating System |
Supported OS Versions |
Additional Required Software |
---|---|---|
Solaris Operating System |
Solaris 10 Operating System for UltraSPARC®, and x86 (Pentium) architectures |
No additional software is required. |
Solaris 9 Operating System for SPARC architectures |
No additional software is required. |
|
Solaris 8 Operating System for UltraSPARC architectures |
No additional software is required. |
|
Red Hat Linux |
Red Hat Advanced Server 4.0 |
No additional software is required. |
Red Hat Advanced Server 3.0 |
No additional software is required. |
|
Microsoft Windows |
Windows 2000 Server |
Service Pack 4 |
Windows 2000 Advanced Server |
Service Pack 4 |
|
Windows 2003 Server Standard Edition |
Latest security updates |
|
Windows 2003 Server Enterprise Edition |
Latest security updates |
Identity Synchronization for Windows is not supported on SuSE systems.
The following table lists operating system requirements for Windows NT components and connectors.
Operating System |
Supported OS Versions |
Additional Required Software |
---|---|---|
Microsoft Windows |
Windows NT 4.0 Server Primary Domain Controller, x86 architectures |
Service Pack 6A |
Make sure you read Chapter 6, Directory Editor Bugs Fixed and Known Problems in these release notes before you install Directory Editor.
Also, see the Directory Editor documentation at http://docs.sun.com/coll/DirEdit_05q1 for details.
Directory Server relies on the Network Security Services, NSS, layer for cryptographic algorithms. NSS has been validated to work with the Sun cryptographic framework provided on Solaris 10 systems, which supports cryptographic acceleration devices.
On Windows systems, Directory Server requires ActivePerl software to use account activation and manual schema replication commands. Directory Server Enterprise Edition does not provide ActivePerl. The dependency concerns the following commands.
On Windows, you must disable the pop-up blocker to make Directory Service Control Center work properly.
Directory Proxy Server requires a Java runtime environment, JRE, version of at least 1.5.0_09 on Solaris, Red Hat and Windows systems. The zip distribution installs JRE. When you install from the zip distribution with the JAVA_HOME environment variable set, the Java runtime environment specified by JAVA_HOME is used. If JAVA_HOME is set for your environment, make sure the version is up to date.
Directory Proxy Server will work with any LDAPv3 compliant directory servers, but it is tested only with Sun Java System Directory Server.
For virtualization, Directory Proxy Server has been validated with the following JDBC data sources, using the drivers mentioned below. Though Directory Proxy Server works with all the JDBC 3 compliant drivers.
JDBC Data Source |
JDBC Driver |
---|---|
DB2 v9 |
IBM DB2 JDBC Universal Driver Architecture 2.10.27 |
JavaDB 10.2.2.0 |
Apache Derby Network Client JDBC Driver 10.2.2.0 |
MySQL 5.0 |
MySQL-AB JDBC Driver mysql-connector-java-5.0.4 |
Oracle 9i Database Oracle 10g Database |
Oracle JDBC driver 10.2.0.2.0 |
On Windows systems, the dsee_deploy command cannot properly register software with the Common Agent Container, cacao, when you run the command from an MKS shell. This can occur when your MKS PATH does not include the system-drive:\system32 folder. Alternatively, run the command on the Windows native command line.
On Solaris 10, rc.scripts are deprecated so commands like dsadm autostart are not supported. Instead use Solaris 10 Service Management Facility (SMF) to handle these types of requests. For example, dsadm enable-service. For more information on SMF, see Solaris documentation.
Before you can install Identity Synchronization for Windows, you must install the prerequisite Sun Java System software components, including JRE and Message Queue.
No JRE is provided with Identity Synchronization for Windows.
Identity Synchronization for Windows installer requires J2SE or JRE 1.5.0_09.
Identity Synchronization for Windows requires JRE 1.5.0_09 on Windows NT.
The Identity Synchronization for Windows bundle for this release includes Message Queue 3.6.
When installing Identity Synchronization for Windows, you must specify the path to the version of Message Queue to use. The Identity Synchronization for Windows installation program then installs a required broker into Message Queue, so that Identity Synchronization for Windows can use Message Queue for synchronization.
On Windows systems, Identity Synchronization for Windows supports only Message Queue 3.6. You therefore install Message Queue 3.6 provided with the Identity Synchronization for Windows bundle.
Message Queue 3.7 is, however, installed as a Java Enterprise System shared component. On Windows systems by default you can therefore end up with both Message Queue 3.6 and Message Queue 3.7 installed. If you install Java Enterprise System components alongside Identity Synchronization for Windows on a Windows system, be sure Message Queue 3.7 is not selected.
On Windows systems, the JRE installed with Console and Administration Server does not include fixes for daylight savings time changes. You must apply fixes for daylight savings time changes after installation. To fix the JRE, use the tzupdater tool, described at http://java.sun.com/javase/tzupdater_README.html. The JRE to fix is found after installation under ServerRoot/bin/base/jre/ where you installed the Console and Administration Server.
You can run Identity Synchronization for Windows in a firewall environment. The following sections list the server ports that you must expose through the firewall.
By default, Message Queue uses dynamic ports for all services except for its port mapper. To access the Message Queue broker through a firewall, the broker should use fixed ports for all services.
After installing the core, you must set the imq.<service_name>.<protocol_type>.port broker configuration properties. Specifically, you must set the imq.ssljms.tls.port option. Refer to the Message Queue documentation for more information.
The Identity Synchronization for Windows installer must be able to communicate with the Directory Server acting as the configuration directory.
If you are installing an Active Directory connector, the installer must be able to contact Active Directory’s LDAP port, 389.
If you are installing a Directory Server connector or a Directory Server plug-in (subcomponent), the installer must be able to contact the Directory Server LDAP port, default 389.
The Message Queue, system manager, and command line interface must be able to reach the Directory Server where the Identity Synchronization for Windows configuration is stored.
The Identity Synchronization for Windows console must be able to reach the following:
Active Directory over LDAP, port 389, or LDAPS, port 636
Active Directory Global Catalog over LDAP, port 3268, or LDAPS, port 3269
Each Directory Server over LDAP or LDAPS
Administration Server
Message Queue
All connectors must be able to communicate with Message Queue.
In addition, the following connector requirements must be met.
The Active Directory connector must be able to access the Active Directory Domain Controller over LDAP, port 389, or LDAPS, port 636.
The Directory Server connector must be able to access Directory Server instances over LDAP, default port 389, or LDAPS, default port 636.
Each Directory Server plug-in must be able to reach the Directory Server connector’s server port, which was chosen when the connector was installed. Plug-ins that run in Directory Server Master replicas must be able to connect to Active Directory’s LDAP, port 389, or LDAPS, port 636. The plug-ins that run in other Directory Server replicas must be able to reach the master Directory Server LDAP and LDAPS ports.
The following table displays the browsers for each operating system that supports Directory Service Control Center.
Operating System |
Supported Browser |
---|---|
Solaris 10 and Solaris 9 (SPARC and x86) |
NetscapeTM Communicator 7.1, MozillaTM 1.7.12, and Firefox 1.0.7, 1.5, and 2.0 |
Red Hat Linux 4, Red Hat Linux 3 and SuSE Linux |
Mozilla 1.7.12 and Firefox 1.0.7, 1.5, and 2.0 |
Windows XP |
Netscape Communicator 8.0.4, Microsoft Internet Explorer 6.0SP2, Mozilla 1.7.12, and Firefox 1.0.7, 1.5, and 2.0 |
Windows 2000/2003 |
Netscape Communicator 8.0.4, Microsoft Internet Explorer 6.0SP1, Mozilla 1.7.12, and Firefox 1.0.7, 1.5, and 2.0 |
This section covers privileges or credentials required for installation of Directory Server Enterprise Edition component products.
You must have the following privileges when installing Directory Server, Directory Proxy Server, or Directory Service Control Center from the Java Enterprise System native package based distribution.
On Solaris, Red Hat, and SuSE systems, you must install as root.
On Windows systems, you must install as Administrator.
You can install Directory Server, Directory Proxy Server, and Directory Server Resource Kit from the zip distribution without special privileges.
See Directory Server Enterprise Edition Software Distributions in Sun Java System Directory Server Enterprise Edition 6.2 Installation Guide for details.
You must consider the following points before applying the Directory Server Enterprise Edition 6.2 patch.
Native package based distribution. All Directory Server and Directory Proxy Server instances, including the DSCC registry, must be stopped before the DSEE 6.2 patch is applied.
If you apply the patch without stopping the server instances, the instances might crash the next time you restart them.
To use the localized console, apply the Directory Server Enterprise Edition 6.2 patch before the Directory Server Enterprise Edition 6.2 localized patch. Then run the following commands in the specified order.
# dsccsetup console-unreg # dsccsetup console-reg |
Zip based distribution. All Directory Server and Directory Proxy Server instances must be stopped before the DSEE 6.2 zip distribution is applied on top of a DSEE 6.0 and DSEE 6.1 zip installations. This check is done by the dsee_deploy command itself, but it does not work on Windows 2000.
If you apply the patch without stopping the server instances, the instances might crash the next time you restart them.
After applying patches to upgrade Directory Server Enterprise Edition, you must restart Sun Web Console using the following command:
# smcwebserver restart |
To install Identity Synchronization for Windows, you must provide credentials for the following.
Configuration Directory Server.
Directory Server being synchronized.
Active Directory.
See Installing Core in Sun Java System Directory Server Enterprise Edition 6.2 Installation Guide for details.
In addition, you must have the following privileges to install Identity Synchronization for Windows.
On Solaris and Red Hat systems, you must install as root.
On Windows systems, you must install as Administrator.
When you enter passwords by using the text-based installer, the program automatically masks the passwords so passwords are not echoed in the clear. The text-based installer is supported on Solaris and Red Hat systems only.
Before installing fresh bits of Identity Synchronization for Windows, be sure to read Chapter 5, Preparing for Installation, in Sun Java System Directory Server Enterprise Edition 6.2 Installation Guide.
On Windows 2003 Server, the default password policy enforces strict passwords, which is not the default password policy on Windows 2000.