|
|
Installing Netscape Directory
Services for SIMS High Availability
|
SIMS 4.0 supports both the Netscape Directory Services (NSDS) 4.1 and the Sun Directory Services 3.1. The NSDS is the preferred directory server to use with the SIMS High Availability 4.0 in the SPARC/Solaris operating environment.
This chapter provides you with step-by-step instructions to install NSDS 4.1 and configure it for the SIMS High Availability system. It also gives you the guidelines to install SIMS/HA 4.0 with NSDS 4.1 and shows the post installation configuration that you may need to perform if you installed SIMS/HA before installing NSDS.
Topics in this chapter include:
|
|
Overview of the Netscape Directory installation |
|
|
Installing Netscape Directory Services 4.1 |
|
|
Configuring Netscape Directory Services 4.1 |
|
|
Disabling the Netscape Directory Services uid uniqueness |
|
|
Guidelines for installing SIMS/HA with the Netscape Directory |
|
|
Post SIMS/HA installation configuration |
To install Netscape Directory Services 4.1 with SIMS/HA 4.0:
| |
1. |
Install Netscape Directory Services 4.1. |
| |
2. |
Configure Netscape Directory Services 4.1. |
| |
3. |
Disable the NSDS uid Uniqueness. |
Note - You are required to install NSDS before installing SIMS 4.0.
After you install NSDS, read "Guidelines for Installing SIMS/HA with the Netscape Directory" on page 132 for the specific information for which you will be asked by the SIMS installation GUI while installing SIMS/HA with the Netscape Directory.
If, however, you install NSDS after you installed SIMS/HA 4.0, read "Post SIMS Installation Configuration for High Availability" on page 136 for instructions that you can use to manually configure the Netscape configuration.
Caution - If you have Sun Directory Services installed, please remove it prior to installing NSDS. To uninstall, type pkgrm SUNWsds and SUNWsdsc at the command prompt.
To install NSDS 4.1, you must first display the Netscape Directory Server Installation page. While installing NSDS, you may need to accept the default values for all fields, except the following, which you will be using during the SIMS/HA installation:
|
|
Installation Location |
|
|
Computer Name |
|
|
Directory Server Network Port |
|
|
Directory Server Identifier |
|
|
Administrator ID |
|
|
Suffix |
|
|
Directory Manager |
To install NSDS for SIMS/HA:
| |
1. |
Ensure that you have set the DISPLAY variable. |
| |
2. |
To install NSDS 4.1, insert the NSDS 4.1 CD-ROM (included in the SIMS 4.0 packaging) into the disk drive. |
| |
3. |
Untar the directry.tar file on the NSDS CD into a temporary directory.
|
% tar -xvf /cdrom/directry_41ue/solaris/directory/directry.tar
|
|
| |
4. |
Change to this temporary directory. |
| |
5. |
At the command line, execute the setup command as root.
|
This displays the NSDS installation page.
| |
6. |
Enter the values to all the questions asked: |
Note - You need to record the information to the following six questions so that you can use the answers while installing SIMS/HA with NSDS. You may either accept the default values or enter different information. In either case, you must record this data.
| |
a. |
Installation Location [<shared-file-system>/NSDS] - The directory path to which
the NSDS files will be copied. You need to change this path, otherwise
/usr/netscape/server4 will be the default directory where the NSDS files
will be installed. Shared-file-system is the shared disk where your information will
be stored.
|
| |
b. |
Computer Name [<ha-logical-hostname>.<domainame>] - The combination of
the logical hostname and the domain comprises a fully qualified domain name
(FQDN) of the directory server on which you are installing the Netscape
Directory Services software. Make a note of this name.
|
| |
c. |
Directory Server Network Port [portnumber] - The port number on which the
Netscape Directory server will be running. By default, the LDAP directory should
run on port 389. If this port is being used by another directory server, you will see
a different port number assigned. Make a note of this number.
|
| |
|
Directory Server Network Port is the same as the LDAP Port field on the Directory Services Information page of the SIMS/HA installation GUI. |
| |
d. |
Directory Server Identifier [<ha-logical-hostname>.<domainame>] - By default,
the host name of the machine on which you are installing NSDS is appended to
the word slapd (slapd-<ha-logical-hostname>) to create a sub-directory
under the Installation Location directory path (specified in 5.a above), where the
NSDS files will be installed. For example, <shared-file-system>/NSDS/
slapd-<ha-logical-hostname> will be an instance name of this directory
path.
|
| |
e. |
Administrator ID (admin) - Either accept the default (admin) or enter another
name. Enter a password for this administrator as well. You will be using the
Administrator ID later to log into the Netscape Console that will be explained
later in this chapter.
|
| |
f. |
Suffix - The Directory Component (DC) tree root. Enter o=internet instead of
accepting the default value if you are using the SIMS DC tree with the default
value internet. Suffix is the same as the Domain Component Tree Root field that
appears on the first configuration page of the SIMS/HA installation GUI. Make a
note of this entry.
|
| |
g. |
Directory Manager - The directory administrator name. Either accept the default
value or change to another name. Enter a password for this administrator. This
password must be at least eight characters. For example, you may enter
nssecret. Make a note of this entry.
|
| |
|
Directory Manager is the same as Directory Administrator Name that appears on the first configuration page of the SIMS/HA installation GUI. |
You have now installed NSDS 4.1. The next step is to configure your Netscape configuration files.
To configure your Netscape Directory you need to:
|
|
Copy the SIMS/HA configurations files to the NSDS configuration directory. |
|
|
Append the SIMS/HA indexes to the NSDS configuration file. |
To configure NSDS:
| |
1. |
Copy the SIMS/HA 4.1 schema files to the NSDS configuration directory.
|
# cp /cdrom/sun_internet_mail_4_0/nsschema/sims*.conf
<shared-file-system>/NSDS/slapd-<ha-logical-hostname>/config
|
|
| |
|
slapd-<ha-logical-hostname> is an instance name assigned to this directory name. |
| |
2. |
Stop the Netscape Directory Server.
|
# <shared-file-system>/NSDS/slapd-<ha-logical-hostname>/stop-slapd
|
|
| |
3. |
Open the NSDS' slapd.conf configuration file using an editor of your choice.
|
# vi <shared-file-system>/NSDS/slapd-<ha-logical-hostname>/
config/slapd.conf
|
|
| |
4. |
Include the SIMS/HA 4.1 schema files into the slapd.conf file. |
| |
|
Find the last
|
include "<shared-file-system>/NSDS/slapd-<ha-logical-hostname>/
config/sims-sisp.at.conf"
include "<shared-file-system>/NSDS/slapd-<ha-logical-hostname>/
config/sims-sisp.oc.conf"
include "<shared-file-system>/NSDS/slapd-<ha-logical-hostname>/
config/sims.at.conf"
include "<shared-file-system>/NSDS/slapd-<ha-logical-hostname>/
config/sims.oc.conf"
|
include statement and then insert the following four lines after that line. |
Note - The sequence of the include statements are important. The at.conf files must precede the oc.conf files.
| |
5. |
Save the slapd.conf file and exit. |
| |
6. |
Append the SIMS/HA indexes to the NSDS configuration files.
|
# cat /cdrom/sun_internet_mail_4_0/nsschema/nsds.index.conf >>
<shared-file-system>/NSDS/slapd-<hostname>/config/
slapd.ldbm.conf
|
|
| |
7. |
Start the Netscape Directory Server
|
# <shared-file-system>/NSDS/slapd-<ha-logical-hostname>/start-slapd
|
. |
Once you have completed configuring the Directory Services you will need to set up the Netscape Directory Services Administration server.
To set up the NSDS Administration server:
| |
1. |
Look up the Netscape server IP address.
|
# <shared-file-system>/NSDS/shared/bin/ldapsearch -p <portnumber>
-b "o=NetscapeRoot" -D "cn=<Directory Manager>" -w <PASSWD>
"(&(cn=configuration) (objectclass=nsConfig))"
|
|
| |
|
Check for the current nsserveraddress attribute. If this attribute is the physical address, continue on to step 2; otherwise, skip to step 4. |
Make sure that your LD_LIBRARY_PATH includes <shared-file-system>NSDS/lib.
| |
2. |
Change the nsserveraddress to the logical address for the system.
|
# <shared-file-system>/NSDS/shared/bin/ldapmodify -p <portnumber>
-D "cn=<Directory Manager>" -w <PASSWD>
dn: cn=configuration, cn=admin-serv-<ha-logical-hostname>,
cn=Netscape Administration Server, cn=Server Group, cn=<ha-
logical-hostname>, ou=<root domain name>, o=NetscapeRoot
|
|
| |
|
Where <root domain name> is the root domain name for the server. |
| |
|
After pressing Return, enter the following information pressing Return after each entry.
|
changetype: modify
replace: nsserveraddress
nsserveraddress: <ha-logical-host-ipaddress>
|
|
| |
3. |
Once you have completed the modification, press Control+C to exit the command |
| |
|
You will now be presented with a shell prompt. |
| |
4. |
Restart the Netscape Directory Server
|
# <shared-file-system>/NSDS/slapd-<ha-logical-hostname>/stop-
slapd
# <shared-file-system>/NSDS/slapd-<ha-logical-hostname>/start-
slapd
|
. |
| |
5. |
Restart the Administration server. Look up the Netscape server address.
|
# <shared-file-system>/NSDS/stop-admin
# <shared-file-system>/NSDS/start-admin
|
|
After installing and configuring NSDS, the next step is to disable the uid uniqueness feature in the NSDS configuration.
By default, NSDS enforces unique user IDs throughout its entire directory tree (that is, from the root tree at the o=internet node down).
Since SIMS/HA 4.0 provides domain hosting, it must be able to use the same user ID within different domains. For this reason, you need to disable the uid uniqueness settings here.
Note - If you are going to use SIMS/HA within one domain and will not be using it for domain hosting or with multiple domains, you may bypass the instructions in this section.
To disable NSDS uid uniqueness:
| |
1. |
Start the Netscape Console.
|
# <shared-file-system>/NSDS/startconsole &
|
|
| |
2. |
Log into the Netscape Console. |
-
The login uid and password are the same as the Administrator ID that you entered in step 5.e in "Installing Netscape Directory Services 4.1 for SIMS/HA" on page 122.
-
To choose the logical host at the Console, replace the URL physical host name with the logical host name.
| |
3. |
Expand <ha-logical-hostname>.<domainame> on the Netscape Console screen. |
| |
|
Where <ha-logical-hostname>.<domainame> is the domain name in which the host name is located. |
| |
5. |
Double click Directory Server. |
| |
6. |
Select the Configuration tab. |
| |
9. |
Uncheck Enable Plugin. |
| |
11. |
Select Console->Exit. |
| |
12. |
Restart the Netscape Directory Server
|
# <shared-file-system>/NSDS/slapd-<ha-logical-hostname>/stop-slapd
# <shared-file-system>/NSDS/slapd-<ha-logical-hostname>/start-slapd
|
. |
| |
1. |
Install the following three SunCluster HA-NSDS packages on both nodes using pkgadd. |
Note - These packages are available on the Sun Cluster CD-Rom.
| |
2. |
Enter the following command
|
# /opt/SUNWcluster/bin/hadsconfig
|
. |
| |
|
This begins the configuration process. |
| |
3. |
Select option 1 from the configuration menu. Where option 1 is: |
| |
|
nsldap - HA-LDAP for Netscape |
| |
4. |
Select option 1 from the next screen. Where option 1 is: |
| |
5. |
In the screens that follow, enter the information outlined here. |
Note - The above listed items may be altered to suit your needs.
| |
|
Name of the instance: NSDS |
| |
|
Logical host: <ha-logical-hostname> |
| |
|
Base directory of product installation: <shared-file-system>/NSDS |
| |
|
Server Port Number: [389] |
| |
|
Time between probes (sec): [60] |
| |
|
Time out value for the probe (sec): [30] |
| |
|
Add this instance to configuration (yes/no): [yes] |
| |
|
Update configuration from workfile (yes/no): [yes] |
Note - If you receive the following prompt; "Please manually copy the file /etc/opt/SUNWscnsl/hadsconf to <mcm-up>," it simply means that <mcm-up> is the other physical node. All that needs to be done is to follow the instruction, and copy the file to the same directory on that node. The most convenient way of copying these files is by using FTP.
| |
6. |
You now need to edit the /SUNWcluster/ha/nsldap_svc_stop script on both nodes. |
| |
|
Make the following change to the method_timeout line. |
method_timeout='hareg -q nsldap -T stop'
method_timeout='hareg -q NSDS -T stop'
| |
7. |
Create the appropriate links using the following commands.
|
# ln -s <shared-file-system>/NSDS/slapd-<ha-logical-hostname>/
start-slapd <shared-file-system>/NSDS/start
# ln -s <shared-file-system>/NSDS/slapd-<ha-logical-hostname>/
stop-slapd <shared-file-system>/NSDS/stop
|
|
Since Netscape Directory Services software is installed separately, the specific information about the setup of NSDS is not available to SIMS/HA. This section lists the criteria specific to Netscape Directory Services that you will need to enter during the installation of SIMS/HA.
Use the notes in this section in accordance with Chapter 7, "Installing SIMS 4.0," which covers the instructions for installing SIMS.
The following is a summary of the questions that you will be asked by the SIMS installation GUI while installing SIMS with NSDS. The instructions cover the specific fields on the Directory Services Information and Configuration Page 1 of the SIMS installation GUI, which is shown in FIGURE B-1.
To install SIMS with the Netscape Directory:
| |
1. |
Make sure that the LDAP Server Name assigned to the Directory Services Server Name on the Directory Services Information page is where your NSDS software is located. |
FIGURE B-1 SIMS Installation Directory Services Information Page
-
By default, SIMS assumes that you have installed your NSDS software on the same machine that you are installing SIMS. If you have installed NSDS on a remote machine, you need to enter the fully qualified name of the server where NSDS resides.
| |
2. |
Type the Directory Services Server Port, which is the port number that you used during the NSDS installation. |
| |
3. |
Select netscape as the Directory Services Server Type that appears on the Directory Services Information page of the SIMS 4.0 Installation GUI. |
| |
4. |
Make sure that the name assigned to the Directory Administrator Name on the Configuration Page 1 is specified as Directory Manager, as shown in FIGURE B-2. |
FIGURE B-2 SIMS Installation Configuration Page 1
| |
5. |
Type the password for the Directory Administrator Password. |
| |
6. |
Make sure that the Domain Component tree root is specified as internet, if you are using the SIMS DC tree with the default value internet. |
Note - If you need to enter this name, do not use the o=internet syntax. Instead, type internet, because o= is automatically prepended to the entry.
The following steps take you through the process of registering NSDS with the HA framework.
| |
1. |
Stop the SIMS/HA service
|
# /opt/SUNWhadf/bin/hareg -n Sun_Internet_Mail
|
. |
| |
2. |
Unregister the SIMS/HA service
|
# /opt/SUNWhadf/bin/hareg -u Sun_Internet_Mail
|
. |
| |
3. |
Register the NSDS/HA service
|
# /opt/SUNWhadf/bin/hareg -r NSDS -b /opt/SUNWcluster/ha/nsldap -
m START=nsldap_svc_start,STOP=nsldap_svc_stop -t
START=120,STOP=90
|
. |
| |
4. |
Start the NSDS/HA service
|
# /opt/SUNWhadf/bin/hareg -y NSDS
|
. |
| |
5. |
Re-register the SIMS/HA service.
|
# /opt/SUNWhadf/bin/hareg -r Sun_Internet_Mail -b /opt/SUNWimha/
clust_proga -m START_NET=imha_start_net, STOP_NET=imha_stop_net -
t START_NET=120,STOP_NET=30 -v 4.0 -d NSDS
|
|
| |
6. |
Start the SIMS/HA service.
|
# /opt/SUNWhadf/bin/hareg -y Sun_Internet_Mail
|
|
Note - The NSDS Admin server needs to be manually started after a failover.
The SIMS installation procedure automatically creates the Directory Information Tree (DIT) that SIMS supports and adds the access control instructions (ACIs) to your NSDS configuration files.
If you have installed SIMS before installing NSDS, the SIMS installation will be unable to create this DIT and add the ACIs to the NSDS configuration.
This section describes the commands that you can type manually to:
|
|
Add the SIMS Directory Information Tree (DIT) |
|
|
Add the Access Control Instructions (ACIs) |
Note - The steps covered in this section are only applicable if for any reason SIMS installation has not added the DIT and ACIs.
Adding the SIMS Directory Information Tree (DIT) for High Availability
Type the following command to create the DIT for your directory:
# <shared-file-system>/NSDS/shared/bin/ldapmodify -a -c -h
<ha-logical-hostname> -p <portnumber> -D "cn=<Directory
Manager>" -w <passwd> -f /etc/opt/SUNWmail/slapd.ldif
|
See Chapter 6, "Domain Hosting with SIMS," in the Sun Internet Mail Server 4.0 Concepts Guide for a definition of the DIT and how the information is mapped out.
Adding the Access Control Instructions for High Availability
Access control is the mechanism by which you can set permissions for the entire directory, a subset of the directory, specific entries in the directory, a specific set of entry attributes, or configuration tasks for any 4.x Netscape Server. When the server evaluates an incoming request, it determines the access type based on the access control instructions (ACIs) that you define. The collection of ACIs within a single suffix (The DC tree root) is called an access control list (ACL). See the Netscape documentation for more information about ACIs.
To add the ACIs to your Netscape Directory configuration:
| |
1. |
Add the ACIs.
# <shared-file-system>/NSDS/shared/bin/ldapmodify -h <ha-logical-
hostname>
-p <portnumber> -D "cn=<Directory Manager>" -w <passwd>
-f /etc/opt/SUNWmail/nsds.acl.ldif
|
|
It is recommended that you remove the NSDS Data Service prior to uninstalling SIMS from your system.
To remove the NSDS Data Service:
| |
1. |
Stop the SIMS/HA service
|
# /opt/SUNWhadf/bin/hareg -n Sun_Internet_Mail
|
. |
| |
2. |
Unregister the SIMS/HA service
|
# /opt/SUNWhadf/bin/hareg -u Sun_Internet_Mail
|
. |
| |
3. |
Stop the NSDS/HA service.
|
# /opt/SUNWhadf/bin/hareg -n NSDS
|
|
| |
4. |
Unregister the NSDS/HA service
|
# /opt/SUNWhadf/bin/hareg -u NSDS
|
. |
| |
|
Once you have completed these steps, you may now use the uninstall command. |
Copyright © 1999 Sun Microsystems, Inc. All Rights Reserved.