Chapter 3   Introducing iDAR Consoles


After installing iPlanet Directory Access Router (iDAR), you first configure it to function with your directory deployment, and then on, closely monitor its activities. In administering iDAR, you perform server-specific tasks such as starting, stopping, and restarting the server; creating groups; setting up the server to identify certain events and execute appropriate actions; changing configuration; performing any routine server maintenance tasks; and monitoring logs.

To enable you to accomplish these server-specific tasks quickly and easily, iDAR provides GUI-based administration tools, called the iDAR Server Console and iDAR Configuration Editor Console, both of which are accessible from within the iPlanet Console. This chapter provides an overview of both iPlanet Console and iDAR consoles.

The chapter has the following sections:

• Getting Started with iPlanet Console

• Accessing the iDAR Consoles

  
  

  ---

  Note

  You can use iPlanet Console for managing various network resources. However, this chapter's focus is on using the iPlanet Console for iDAR administration only. For complete information about the iPlanet Console, see Managing Servers with Planet Console, which is included with the iDAR documentation. You can also get a copy of this book from this site: http://docs.iplanet.com/docs/manuals/console.html

  ---

  
  

Getting Started with iPlanet Console

---

The iPlanet Console is a stand-alone Java application that provides a GUI-based front end to all network resources registered in an organization's configuration directory. This unified administration interface simplifies network administration by supplying access points to all iPlanet version 5.x server instances installed across a network. Similarly, it simplifies basic user and group management by providing a unified administration interface to the user directory.

Figure 3-1 shows the "Servers and Applications" tab of the iPlanet Console with an iDAR instance selected.

Figure 3-1    iPlanet Console: Servers and Applications Tab

Servers and Applications Tab

For any given instance of the iPlanet Console, the limits of the network it can administer are defined by the set of resources whose configuration information is stored in the same configuration directory—that is, the maximum set of hosts and servers that can be monitored from the iPlanet Console. The superadministrator (the person who manages the configuration directory) can set access permissions on all network resources registered in the configuration directory. Thus, for a given administrator using the iPlanet Console, the actual number of visible hosts and servers may be fewer, depending on the access permissions set by the superadministrator.

The "Servers and Applications" tab displays all servers registered in a particular configuration directory, giving you a consolidated view of all the server software and resources under your control. What you control is determined by the access permissions the superadministrator has set up for you.

From this view, you can perform tasks across arbitrary groups or a cluster of servers in a single operation. In other words, you can use the "Servers and Applications" tab to manage a single server or multiple servers that are installed on different ports on one machine. Also, you can access individual server consoles (or administration interfaces) by double-clicking the icons for the corresponding server instance entries (SIEs).

You can accomplish various iDAR-specific tasks from the "Servers and Applications" tab:

• Launch the iDAR Server Console.

• Launch the iDAR Configuration Editor Console (so that you can configure a group of iDARs).

• Set access permissions for iDAR.

• Launch the Administration Server Console (so that you can configure an Administration Server instance for administering iDAR).

Users and Groups Tab

The "Users and Groups" tab (shown in Figure 3-2) manages user accounts, group lists, and access control information for individual users and groups. All applications registered within the iPlanet Console framework share core user and group information in the user directory, which typically is a global directory for corporatewide user data.

Figure 3-2    iPlanet Console: Users and Groups Tab

From this tab, you can accomplish various user- and group-specific tasks, such as these:

• Add, modify, and delete user and group information in the user directory.

• Search for specific user and group entries in the user directory.

iPlanet Administration Server

iPlanet Administration Server is a web-based (HTTP) server that enables you to configure all your iPlanet servers, including iDAR, via the iPlanet Console. Administration Server (and the configuration directory) must be running before you can configure any of these servers. Administration Server is included with all the iPlanet servers and is installed when you install your first server in a server group. A server group refers to servers that are installed in a server root directory and that are managed by a single instance of Administration Server.

You access Administration Server by entering its URL in the iPlanet Console login screen; see Step 1. Log In to the iPlanet Console. This URL is based on the computer hostname and the port number you chose when you installed iDAR. The format for the URL looks like this: http://<machine_name>.<your_domain>.<domain>:<port>

Whenever you try to gain access to Administration Server, you will be prompted to authenticate yourself to the configuration directory by entering your user ID and password. These are the administrator user name and password that you specified when you installed iDAR (or the first server in the server group) and Administration Server on your computer. Once Administration Server is running, you can use the iPlanet Console to administer all servers in that group, including iDAR.

For complete details about Administration Server, see Managing Servers with iPlanet Console. To locate an online version of this book in your iDAR installation, open this file: <server-root>/manual/en/admin/ag/contents.htm

You can also get the latest version of this book from this site:

http://docs.iplanet.com/docs/manuals/console.html

Starting Administration Server

The iDAR installation program automatically starts the instance of Administration Server that you identified during installation for monitoring iDAR. If you stopped Administration Server after iDAR installation, you must start it before you can administer iDAR from the iDAR Console.

You can start Administration Server from the command line or from the Windows NT Services panel.

• To start Administration Server from the command line:

  At the prompt, enter the following line: <server-root>/start-admin

• Administration Server runs as a service in a Windows NT system. You can use the Windows NT Services panel to start the service directly.

All the above-mentioned methods start Administration Server at the port number you specified during installation. Once the server is running, you can use the iPlanet Console to access iDAR.

Stopping Administration Server

It is good security practice to shut down Administration Server when you are not using it. This minimizes the chances of someone else changing your configuration. You can shut down the server from the iPlanet Console, the command line, or the Windows NT Services panel.

• To shut down Administration Server from the iPlanet Console:
  1. Log in to the iPlanet Console (see "Step 1. Log In to the iPlanet Console").

  2. In the "Servers and Applications" tab, locate the Administration Server instance that you want to shut down, and double-click the corresponding entry.

     The Administration Server Console appears.

  3. In the Tasks tab, click Stop the Server.

• To shut down Administration Server from the command line:

  At the prompt, enter the following line: <server-root>/stop-admin

• Administration Server runs as a service in a Windows NT system; you can use the Windows NT Services panel to stop the service directly.

Accessing the iDAR Consoles

---

To perform any of the iDAR-administration tasks from the iDAR consoles, you need to open it first.

• Step 1. Log In to the iPlanet Console

• Step 2. Open the Appropriate iDAR Console

Step 1. Log In to the iPlanet Console

You can launch and use the iPlanet Console only when the corresponding configuration directory and Administration Server are running. If the servers are not running, go to the command line and start them. For information on starting Administration Server from the command line, see Starting Administration Server. For information on starting the configuration directory, check the iPlanet Directory Server documentation.

When you launch the iPlanet Console, it displays a login window. You are required to authenticate to the configuration directory by entering your administrator's ID, your password, and the URL (including the port number) of the Administration Server representing a server group to which you have access. You cannot use the iPlanet Console without having access privileges to at least one server group on your network.

1. Open the iPlanet Console application by using the appropriate option:
   • For local access on a UNIX machine, at the command-line prompt, enter the following line: <server-root>/start-console

   • For local access on a Windows NT machine, double-click the iPlanet Console icon on your desktop; this icon was created when you installed your first iPlanet server.

   The iPlanet Console Login window appears.

   
   
   

2. Authenticate yourself to the configuration directory.

   User ID. Type the administrator ID you specified when you installed Administration Server on your machine. You installed Administration Server either when you installed your first iPlanet server or as a part of iDAR installation.

   Password. Type the administrator password that you specified when you installed Administration Server on your computer during iDAR installation.

   Administration URL. This field should show the URL to Administration Server. If it doesn't or if it doesn't have the URL of Administration Server that you want, type the URL in this field. The URL is based on the computer host name and the Administration Server port number you chose when you installed iDAR. Use this format:

   http://<machine_name>.<your_domain>.<domain>:<port_number>

   For example, if your domain name is siroe and you installed Administration Server on a host machine called myHost and specified port number 12345, the URL would look like this: http://myHost.siroe.com:12345

3. Click OK.

   The iPlanet Console appears with a list of all the servers and resources under your control.

   
   
   

Step 2. Open the Appropriate iDAR Console

In the iPlanet Console, you will notice that there are two entries for iDAR, one for the iDAR instance node and another for the iDAR Configurations node. The iDAR instance node corresponds to the iDAR server instance and the iDAR Configurations node corresponds to the configuration shared by multiple iDAR instances.

Each node is associated with a GUI-based administration interface:

• iDAR Server Console—This administration interface enables you to configure and manage an iDAR instance, for example to start it, to stop it, to specify configuration, to monitor logs, and so on. You can use the iDAR Server Console to access the server locally or remotely.

• iDAR Configuration Editor Console—The logic and system configurations can be shared by multiple iDAR instances. The ability of iDAR instances to share configuration information simplifies the task of managing a cluster of iDARs. The iDAR Configuration Editor Console is an administration interface that enables you to configure and manage a cluster of iDARs. Edits made via this interface affect all iDAR instances that use the edited configuration.

Opening the iDAR Server Console

Once you have logged in to the iPlanet Console, you can open the iDAR Server Console: in the navigation tree of the iPlanet Console, expand the hostname that contains the server group to which the iDAR instance belongs, expand the Server Group node, select the entry that corresponds to the iDAR instance of your interest, and click Open. The iDAR Server Console opens (Figure 3-3).

Figure 3-3    iDAR Server Console: Tasks Tab

The iDAR Server Console to has two tabs—Tasks and Configuration—each addressing specific administrative areas.

The Tasks tab enables you to perform common tasks such as starting, stopping, and restarting the server, and distributing or balancing load among various LDAP directories. For details about starting, stopping, and restarting iDAR, see Chapter 4 "Starting, Restarting, and Stopping iDAR." For details about load balancing, see Chapter 7 "Defining and Managing Property Objects."

The Configuration tab (Figure 3-4) enables you to view and modify the configuration.

Figure 3-4    iDAR Server Console: Configuration Tab

The view displays settings related to how this specific instance of iDAR is configured.

Server name. A descriptive name for this instance of iDAR.

Shared configuration. Displays the currently selected configuration from which iDAR will draw its set of network groups, events, actions, properties, and system configurations. A new shared configuration can be specified by selecting an alternate entry from the list of the current set of shared configurations.

Edit. Displays the iDAR Configuration Editor associated with the configuration currently selected in the list box.

System configuration. Displays the available system configuration objects contained in the configuration displayed in "Shared configuration." Changing the shared configuration replaces the items displayed in this list box. Additionally, the tree on the left side reflects information specified by the currently selected system property. Changing this setting may affect the makeup of the tree.

Edit. Displays the dialog for editing the System Configuration currently displayed in the list box.

Opening the iDAR Configuration Editor Console

Once you have logged in to the iPlanet Console, you can open the iDAR Configuration Editor Console: in the navigation tree of the iPlanet Console, expand the iDAR Configurations node, select the entry, and click Open. The iDAR Configuration Editor Console opens (Figure 3-5).

Figure 3-5    iDAR Configuration Editor Console

The navigation tree on the left side contains nodes for each of iDAR's basic configuration objects. Expanding one of the main nodes shows tree nodes for each of object subtype. Clicking a tree node displays a table on the right side containing all current objects of the type indicated by the selected tree node. Object tables whose ordering is important, for example, Network Groups, have a set of up and down buttons that allow individual objects to be raised or lowered in precedence.

Table 3-1 lists the configuration object types shown in the navigation tree.

Table 3-1    Configuration Objects in the iDAR Configuration Editor Console  

Configuration Object Type	Description
Network Groups	Each Network Group object identifies a specific client community, and specifies the restrictions to enforce on clients that match that group. For details, see Chapter 6 "Creating and Managing Groups."
Events	Event objects are used to specify conditions that occur at predetermined states. Conditions can be attached to certain events, on which, if satisfied, iDAR can take certain actions. For details, see Chapter 8 "Creating and Managing Event Objects."
Actions	Actions are used to specify actions to take when an event occurs. For details, see Chapter 9 "Creating and Managing Action Objects."
Properties	Properties are used to describe more specialized restrictions on the client. Each group object may include a set of properties defined by property objects. For details, see Chapter 7 "Defining and Managing Property Objects."
System Configurations	System Configurations are used to define instance-specific configurations for iDAR. For details, see Chapter 5 "Configuring System Parameters."