This chapter describes the tasks that you occasionally need to perform to manage your directory service.
To start the directory server from the Admin Console, choose Start from the LDAP Server menu. You can also start the directory server daemon, dsservd, by typing the following command as root:
# /etc/init.d/dsserv start
To start the web gateway, dswebd, as root type:
# /etc/init.d/dsweb start
To start the directory administration server, dsadm, as root type:
# /etc/init.d/dsadm start
The RADIUS server daemon, dsradiusd, is started at the same time as the dsservd daemon. If you have stopped it independently from dsservd, you can also start it independently. As root type:
#/opt/SUNWconn/ldap/sbin/dsradius start
When you install the Sun Directory Services, these commands are added to the system startup file, so that all the server daemons are started automatically when the machine is rebooted.
To stop the directory server, from the Admin Console, choose Stop from the LDAP Server menu. You can also stop the directory server by typing the following command as root:
# /etc/init.d/dsserv stop
Stopping the directory server automatically stops the replication server. If you have set up a replication schedule, the replication server is restarted automatically when you restart the directory server, and will continue to follow the schedule.
To stop the web gateway, dsweb, as root type:
# /etc/init.d/dsweb stop
To stop the directory administration server, dsadm, as root type:
# /etc/init.d/dsadm stop
The RADIUS server daemon, dsradiusd, is stopped at the same time as the dsservd daemon. If you want to stop it independently from dsservd, as root type:
# /opt/SUNWconn/ldap/sbin/dsradius stop
Sun Directory Services provides two SNMP agents:
The first SNMP agent, dsnmpserv, supports the management information bases (MIBs) defined in the following standards:
Network Services Monitoring MIB (RFC 1565)
X.500 Directory Monitoring MIB (RFC 1567)
These MIBs are part of the messaging and directory management (MADMAN) standards that apply to all messaging and directory applications.
The second SNMP agent, dsnmprad, supports the MIBs defined in the following draft standards:
RADIUS Authentication Server MIB (draft-ietf-radius-auth-servmib-01.txt)
RADIUS Accounting Server MIB (draft-ietf-radius-acc-servmib-01.txt)
For a detailed list of the type of information collected by each agent, refer to "Directory Server Statistics" and "RADIUS Server Statistics".
On a Solaris 2.6 machine, the SNMP agents are started automatically during the installation process. This is possible because the Solaris 2.6 operating environment includes a master SNMP agent, snmpdx that resides on UDP port 161 and relays SNMP traffic to and from all other SNMP agents installed on the machine.
If you need to start or stop an agent manually, use the following commands.
To start the SNMP agent for the directory server, dsnmpserv, as root type:
# /etc/init.d/init.dsnmpserv start
To start the SNMP agent for the RADIUS server, dsnmprad, as root type:
# /opt/SUNWconn/ldap/sbin/init.dsnmprad start
To stop the SNMP agent for the directory server, dsnmpserv, as root type:
# /etc/init.d/init.dsnmpserv stop
To stop the SNMP agent for the RADIUS server, dsnmprad, as root type:
# /opt/SUNWconn/ldap/sbin/init.dsnmprad stop
When you install Sun Directory Services on a Solaris 2.6 machine, configuration information for the dsnmpserv and dsnmprad agents is added to the configuration of the Solaris master agent snmpdx, and all SNMP agents are started. By default, the Sun Directory Services agents report events to the local host. The UDP ports that the agents use are dynamically assigned by the master agent.
In both cases, you can configure the hosts to which the SNMP agents report events. This is done using the dsnmpcfg command as follows (you must be logged in as root):
# /opt/SUNWconn/ldap/sbin/dsnmpcfg configure
You are prompted to provide the hostnames of the machines to which you want each agent to report events. If the agents are running when you perform the configuration, they are restarted to take your changes into account.
This section lists the information collected by the directory server SNMP agent, dsnmpserv, and explains how to display it using the Admin Console.
The information collected by the dsnmpserv SNMP agent can be monitored from a management platform such as SunNet ManagerTM or Solstice Enterprise ManagerTM. The following directory service information is monitored:
Application information
Application name
Application directory name
Application version
Application uptime
Application status (up or down)
Last status change
Number of inbound associations
Number of outbound associations
Accumulated inbound associations
Accumulated outbound associations
Last inbound activity
Last outbound activity
Rejected inbound association
Failed inbound association
Association information
The distinguished name of the remote application
The protocol being used to communicate
The type of the remote application, and whether it is an initiator or responder
The current duration of the association
Directory server operations
Anonymous bind
Unauthenticated bind
Simple authentication bind
Strong authentication bind
Bind security errors
Inbound operations
Read operations
Compare operations
Add Entry operations
Delete Entry operations
Modify Entry operations
List operations
Search operations
One-level search operations
Whole tree search operations
Referrals
Chaining
Security errors
DSA errors
Directory entry information
Master entries
Copy entries
Cached entries
Cache Hits
Slave Hits
Interactions with other directory servers
Distinguished name of remote directory server
Time of creation of remote directory server
Time of last attempt to contact the remote directory server
Time of last successful interaction with the remote directory server
Number of failures since last successful contact
Total number of failures to contact the remote directory server
Total number of successful interactions with the remote directory server
You can view statistics collected by the directory server, dsservd, in five categories:
Global
Detailed
Operations
Associations
Interactions
The statistics available are the same information that is collected by the dsnmpserv SNMP agent. See "Monitoring Directory Services with SNMP" for details of the information collected.
In the Admin Console main window, go to the LDAP section under Services
Click the Show Statistics button.
The LDAP Statistics window is displayed. It presents a snapshot of the statistics available for the directory server.
Click the tab for the category that you want to view.
Click the Update button to get the latest statistics.
To update the statistics at regular intervals:
Set the Refresh Interval field
Click Start Auto Update
The Start Auto Update and Stop Auto Update controls apply to viewing the statistics, not to collecting the data. They only apply while the window is displayed. If you close the window, the refresh interval is reset to the default and automatic updating of the statistics view stops.
This section lists the information collected by the RADIUS server SNMP agent dsnmprad. This information can be monitored from a management platform such as SunNet Manager or Solstice Enterprise Manager.
The following RADIUS authentication service information is monitored:
Server identifier
Uptime
Reset time
Configuration reset
Total access requests
Total invalid requests
Total duplicate access requests
Total access requests
Total access accepts
Total access rejects
Total access challenges
Total malformed access requests
Total bad authenticators
Total packets dropped
Total unknown type
Client entry (contains authentication information monitored for every NAS connected to the server)
Client Index
Client Address
Client ID
Access requests
Duplicate access requests
Access accepts
Access rejects
Access challenges
Malformed access requests
Bad authenticators
Packets dropped
Unknown type
The following RADIUS accounting service information is monitored:
NAS identifier
Uptime
Reset time
Configuration reset
Total requests
Total invalid requests
Total duplicate requests
Total responses
Total malformed requests
Total bad authenticators
Total packets dropped
Total no record
Total unknown type
Client entry (contains accounting information monitored for every NAS connected to the server)
Client Index
Client Address
Client ID
Packets dropped
Requests
Duplicate requests
Responses
Bad authenticators
Malformed requests
No record
Unknown type
You cannot display RADIUS server statistics in the Admin Console. You need a management application such as SunNet Manager or Solstice Enterprise Manager. The files required to interoperate with these management applications are provided with Sun Directory Services:
The directory /opt/SUNWconn/ldap/snmp/snm contains all files necessary for dsnmprad to report events to a SunNet Manager station
The directory /opt/SUNWconn/ldap/snmp/sem contains all files necessary for dsnmprad to report events to a Solstice Enterprise Manager station
The web gateway provides an interface to an LDAP directory from any web browser. You can use this interface to browse the directory, to search for and read entries, and to modify some directory information. This is useful for checking information in the directory.
This section explains how to configure the web gateway to adapt it to the needs of your users, in particular to display new attributes or corporate profiles that you have defined.
Information on using the web gateway is provided in Sun Directory Services 3.1 User's Guide.
The gateway daemon, dswebd, requires the dsservd daemon to be running on the same machine. To enable users to browse the directory from any web browser, you must make sure that the dsservd and dswebd daemons are running. You can check their status in the Status section of the Admin Console. The LDAP service and the Web gateway service must be shown as Running. If they are not, use the Start button to start them.
You can change the default HTTP port (1760) used by the web gateway from the Admin Console. To do so, change the HTTP port number in the Web gateway section under Services.
You can modify the behavior of the web gateway and the way it displays information by editing the following configuration files:
dswebfilter.conf
Controls how the gateway makes a search request to the directory. See the dswebfilter.conf(4) man page for details.
dswebfriendly.conf
Contains user-friendly equivalents of certain attribute values that might be used in the directory. By default, it contains mappings between the ISO country codes and the names of countries.
dsweb.help
Contains help text for the user interface to the web gateway. You can edit this file and change the help text to reflect any changes you make to the user interface.
dsweb.helpattr
Contains an explanation of the directory attributes visible through the user interface to the web gateway.
dsweb.messages
Contains the messages and screen text used in the user interface to the web gateway. You can customize the user interface by changing this file.
dswebtmpl.conf
Contains templates that control how information retrieved from the directory is displayed. If you have modified the schema, especially if you have added object classes and attributes, you must modify this file to be able to display entries that use the new object classes and attributes. See the dswebtmpl.conf(4) man page for details.