Previous Contents Index Next |
iPlanet Meta-Directory Configuration and Administration Guide |
Chapter 13 Starting and Stopping Components
The process of starting, stopping and restarting Meta-Directory components is key to refreshing data entries and keeping records current. This process is handled by a Perl script that creates a file named start.conf. This chapter contains the following sections:
The start.conf File
Starting Meta-Directory Components
Stopping Meta-Directory Components
The start.conf File
The start.conf file is a text file; there is one start.conf file for each Meta-Directory component. The files can be found at:NETSITE_ROOT/component_directory/config/start.conf
where component_directory is a variable to be replaced by one of the following component name placeholders: join-engine, adc, ntdc, or utc.
At startup, the objective of a Meta-Directory component is to connect to the data server as well as validate the distinguished name and password (referred to as authenticationDetails) needed to open access to it. Initially, the start.conf file contains only the URL of the server. At the implementation of Start Server for the specified component, the distinguished name and password are retrieved from the Administration Server and written to the start.conf file. With this information, the component is able to bind to the data server specified as well as read and confirm the authentication details thus allowing itself to start.
Shortly after startup, the component reopens the start.conf file and erases the distinguished name and password so that, once again, it contains only the URL of the data server. (Specifically, the password is overwritten with white space characters and truncated to zero length.) This process maximizes security.
Note If the component is unable to erase the authentication details from start.conf, a warning message will be logged although the component will continue to function properly.
Starting Meta-Directory Components
On Windows NT systems, you can start Meta-Directory components using the Console, the Meta-Admin command-line tool or the Windows NT Service Control Manager. On Solaris systems, you can start Meta-Directory components using the Console or the Meta-Admin command-line tool. If you are unable to start any of the components, log files recorded to each component's directory can be viewed at the following location to determine the problem:NETSITE_ROOT/component_directory/logs/
Starting Components Via the Consoles
You can start the join engine or connectors on a Windows NT or Solaris system by using either the iPlanet Console or Meta-Directory console.
To Start From the iPlanet Console Navigation Tree
Open iPlanet Console by clicking Start and choosing Programs > iPlanet Server Products > iPlanet Console.
Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to start.
Select the instance and right-click.
Select Start Server.
- A message appears stating that the server has been started.
To Start From the Meta-Directory Console Navigation Tree
Open iPlanet Console by clicking Start and choosing Programs > iPlanet Server Products > iPlanet Console.
Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to start.
Select the instance and click Open in the upper right corner of the window.
Select the instance from the Meta-Directory console navigation tree and right-click on it.
Select Start Server.
- A message appears stating that the server has been started.
Starting Components Via the Meta-Admin Command-Line Tool
You can also start the join engine or connectors by using the Meta-Admin command-line tool. Because the Meta-Admin Command-line tool works in conjunction with an instance of Administration Server, the Administration Server can be used to start components remotely. For information on this tool, you can read Chapter 16 "Command-Line Administration." For commands to use with it, you can read Appendix B, "The Meta-Admin Protocol.
Starting Components Via Windows NT Services
Additionally, you can start the join engine or connectors from the Services Control Manager control panel in Windows NT.
Click Start and choose Settings > Control Panel.
In the Control Panel, double-click Services.
Automatic Start-up at Log On
This method of start-up can also be used to automatically start components upon your Windows NT system's startup.
Click Start and choose Settings.
In the Control Panel, double-click Services.
Select the component from the Services window that you would like to startup when you log on.
Click Startup and the Service window appears.
Stopping Meta-Directory Components
On Windows NT systems, you can stop Meta-Directory components with the iPlanet Console, the Meta-Admin command-line tool or the Windows NT Service Control Manager. On Solaris systems, you can stop Meta-Directory components with the iPlanet Console or the Meta-Admin command-line tool.
Stopping Components Via the Console
You can stop the join engine or connectors either by way of iPlanet Console or Meta-Directory console.
To Stop From the iPlanet Console Navigation Tree
Open iPlanet Console by clicking Start and choosing Programs > iPlanet Server Products > iPlanet Console.
Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to stop.
Select the instance and right-click.
Select Stop Server.
- A message appears stating that the server has been stopped.
To Stop From the Meta-Directory Console Navigation Tree
Open iPlanet Console by clicking Start and choosing Programs > iPlanet Server Products > iPlanet Console.
Open the branches of the navigation tree until you find the instance of the Meta-Directory component you would like to stop.
Select the instance and click Open in the upper right corner of the window.
Select the instance from the Meta-Directory console navigation tree and right-click.
Select Stop Server.
- A message appears stating that the server has been stopped.
Stopping Components Via the Meta-Admin Command-Line Tool
You can stop the join engine or connectors by using the Meta-Admin command-line tool. As the Meta-Admin Command-line tool works in conjunction with an instance of Administration Server, the Administration Server can be used to start components remotely. For information on this tool, you can read Chapter 16 "Command-Line Administration." For commands to use with it, see Appendix B, "The Meta-Admin Protocol."
Stopping Components via Windows NT Services
You can stop the join engine or connectors from the Services Control Manager control panel in Windows NT.
Click Start and choose Settings > Control Panel.
Checking a Component's Operational Status
The following procedure allows you to check whether a specific component is in operational mode.
In the Meta-Directory console, click the Status tab.
For more information on the Operations panel, see "Operations" of Chapter 14 "Monitoring Meta-Directory Components."Select either the join engine or a connector from the navigation tree.
- The service status of the component is at the top of this panel. Up refers to a running component while down refers to a component that has stopped.
Automated Restarts
To automate a server restart, the administrator can prevent the erasure of start.conf as explained in "The start.conf File". By preventing the erasure of the distinguished name and password, the file can be reused. The first two procedures described are the simplest way to automate a server restart but, offer relatively little or no server security. The last procedure offers a higher level of server security. Once the start.conf file is re-configured, a script can be written to detect a shutdown and restart the component.
Automating a Restart on Windows NT Systems
To automate a server restart on Windows NT, you need to prevent the server from erasing the authentication details in the start.conf file. To do this:
Select the start.conf file of the component you would like to automate in Windows Explorer.
This procedure allows for the reuse of the authentication details from the last start request. A script can be written to detect whether the component is down and restart if necessary.
Automating a Restart on Solaris Systems
To automate a server restart on the Solaris environment, you need to prevent the server from erasing the authentication details in the start.conf file. To do this enter the command:This procedure allows for the reuse of the authentication details from the last start request. A script can be written to detect whether the component is down and restart if necessary.
Automating a Restart With High Security on Windows NT Systems
To allow for automated restarts on Windows NT while achieving the highest level of security possible:
Create a login account for your system that will have exclusive permissions to read the start.conf file.
Configure all four Meta-Directory components (join engine, NT Domain connector, Active Directory connector, and Universal connector) to run as that administration account.
- The four components are configured by selecting from the Windows NT Start menu. Choose Settings > Control Panels > Services. From there select the component to be configured and select Startup. Check Log On As: and use the information created for the trustee account.
Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated April 08, 2002