Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.02 - ADMINISTRATOR

Installation Guide

Netscape Directory Server

Version 6.02

May 2002

Summary of content (96 pages)

PAGE 1
Installation Guide Netscape Directory Server Version 6.
PAGE 2
Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.
PAGE 3
Contents About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Prerequisite Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Directory Server Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Conventions Used In This Guide . . . . . . . . .
PAGE 4
Verifying Required System Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tuning the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting File Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
Migrating a Replicated Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example: Detail of Steps . . . . . . . . . .
PAGE 6
Netscape Directory Server Installation Guide • May 2002
PAGE 7
About This Guide Welcome to Netscape Directory Server (Directory Server). This manual provides a high-level overview of design and planning decisions you need to make before installing the Directory Server, and describes the different installation methods that you can use.
PAGE 8
Conventions Used In This Guide • Directory Server Console—An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. The directory console is part of Netscape Console, the common management framework for Netscape servers. • SNMP Agent—Permits you to monitor your directory server in real time using the Simple Network Management Protocol (SNMP).
PAGE 9
Related Information Related Information The document set for Directory Server also contains the following guides: • Netscape Directory Server Administrator’s Guide. Contains procedures for the day-to-day maintenance of your directory service. Includes information on configuring server-side plug-ins. • Netscape Directory Server Deployment Guide. Contains procedures for the day-to-day maintenance of your directory service. Includes information on configuring server-side plug-ins.
PAGE 10
Related Information 10 Netscape Directory Server Installation Guide • May 2002
PAGE 11
Chapter 1 Preparing for a Directory Server Installation Before you begin installing Netscape Directory Server (Directory Server), you should have an understanding of the various Directory Server components and the design and configuration decisions you need to make.
PAGE 12
Configuration Decisions • Netscape Administration Server—Administration Server is a common front-end to all Netscape servers. It receives communications from Netscape Console and passes those communications on to the appropriate Netscape server. Your site will have at least one Administration Server for each server root in which you have installed an Netscape server. • Directory Server—Directory Server is Netscape’s LDAP implementation. The Directory Server runs as the ns-slapd process (on UNIX).
PAGE 13
Configuration Decisions Choosing Unique Port Numbers Port numbers can be any number from 1 to 65535. Keep the following in mind when choosing a port number for your Directory Server: • The standard Directory Server (LDAP) port number is 389. • Port 636 is reserved from LDAP over SSL. Therefore, do not use port number 636 for your standard LDAP installation, even if 636 is not already in use. You can also use LDAP over TLS on the standard LDAP port.
PAGE 14
Configuration Decisions Deciding the User and Group for Your Netscape Servers (UNIX only) For security reasons, it is always best to run UNIX-based production servers with normal user privileges. That is, you do not want to run Directory Server with root privileges. However, you will have to run Directory Server with root privileges if you are using the default Directory Server ports.
PAGE 15
Configuration Decisions • Directory Manager DN and password. The Directory Manager DN is the special directory entry to which access control does not apply. Think of the directory manager as your directory’s superuser. (In former releases of Directory Server, the Directory Manager DN was known as the root DN). The default Directory Manager DN is cn=Directory Manager.
PAGE 16
Configuration Decisions Determining Your Directory Suffix A directory suffix is the directory entry that represents the first entry in a directory tree. You will need at least one directory suffix for the tree that will contain your enterprise’s data. It is common practice to select a directory suffix that corresponds to the DNS host name used by your enterprise. For example, if your organization uses the DNS name example.com, then select a suffix of dc=example,dc=com.
PAGE 17
Configuration Decisions Also, as with any directory installation, consider replicating the configuration directory to increase availability and reliability. See the Netscape Directory Server Deployment Guide for information on using replication and DNS round robins to increase directory availability. CAUTION Corrupting the configuration directory tree can result in the necessity of reinstalling all other Netscape servers that are registered in that configuration directory.
PAGE 18
Installation Process Overview Determining the Administration Domain The administration domain allows you to logically group Netscape servers together so that you can more easily distribute server administrative tasks. A common scenario is for two divisions in a company to each want control of their individual Netscape servers. However, you may still want some centralized control of all the servers in your enterprise. Administration domains allow you to meet these conflicting goals.
PAGE 19
Installation Process Overview The sections that follow outline the installation processes available, how to upgrade from an earlier release of Directory Server, and how to unpack the software to prepare for installation. Selecting an Installation Process You can install Directory Server software using one of the four different installation methods provided in the setup program: • Express Installation. Use this if you are installing for the purposes of evaluating or testing Directory Server.
PAGE 20
Installation Privileges Upgrade Process Directory Server supports migration from previous releases of Directory Server. The migration process is described in Chapter 6, “Migrating From Previous Versions.” For information on migrating servers involved in replication agreements, refer to the Netscape Directory Server Administrator’s Guide. Unpacking the Software If you have obtained Directory Server software from the web site, you will need to unpack it before beginning installation. 1.
PAGE 21
Chapter 2 Computer System Requirements Before you can install Netscape Directory Server (Directory Server), you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements.
PAGE 22
Hardware Requirements Hardware Requirements On all platforms, you will need: • Roughly 200 MB of disk space for a minimal installation. For production systems, you should plan at least 2GB to support the product binaries, databases, and log files (log files require 1 GB by default); 4GB and greater may be required for very large directories. • 256 MB of RAM. However, you should plan from 256 MB to 1 GB of RAM for best performance on large production systems.
PAGE 23
Operating System Requirements dsktune Utility For UNIX platforms, Directory Server provides a utility named dsktune that can help you verify whether you have the appropriate patches installed on your system. The utility also provides useful information and advice on how to tune your kernel parameters for best performance. After you’ve installed Directory Server, you can find the utility in the /usr/netscape/servers/bin/slapd/server directory.
PAGE 24
Operating System Requirements Verifying Required System Modules Directory Server requires the use of a SPARC v8+ or an UltraSPARC (SPARC v9) processor, as these processors include support for high performance and multiprocessor systems. Earlier SPARC processors are not supported. If you run Directory Server on a 64-bit Sun Solaris 8 UltraSPARC machine, it will run as a 32-bit application. Installing Patches You must use Solaris 8 with the Sun recommended patches.
PAGE 25
Operating System Requirements Table 2-1 Solaris 8 Patch List (Continued) 108993-03: SunOS 5.8: nss and ldap patch 109091-04: SunOS 5.8: /usr/lib/fs/ufs/ufsrestore patch 109137-01: SunOS 5.8: /usr/sadm/install/bin/pkginstall patch 109181-03: SunOS 5.8: /kernel/fs/cachefs patch 109277-01: SunOS 5.8: /usr/bin/iostat patch 109279-13: SunOS 5.8: /kernel/drv/ip patch 109318-12: SunOS 5.8: suninstall patch 109320-03: SunOS 5.8: LP patch 109322-07: SunOS 5.8: libnsl patch 109324-02: SunOS 5.
PAGE 26
Operating System Requirements Table 2-1 Solaris 8 Patch List (Continued) 110934-01: SunOS 5.8: pkgtrans, pkgadd, pkgchk and libpkg.a patch 110939-01: SunOS 5.8: /usr/lib/acct/closewtmp patch 110943-01: SunOS 5.8: /usr/bin/tcsh patch 110945-01: SunOS 5.8: /usr/sbin/syslogd patch 110951-01: SunOS 5.8: /usr/sbin/tar and /usr/sbin/static/tar patch 111071-01: SunOS 5.8: cu patch 111111-01: SunOS 5.8: nawk line length limit corrupts patch dependency checking 111232-01: SunOS 5.8: patch in.
PAGE 27
Operating System Requirements CAUTION This parameter should not be raised above 4096 without first consulting your Sun Solaris support representative as it may affect the stability of the system. Tuning TCP Parameters By default, the TCP/IP implementation in a Solaris kernel is not correctly tuned for Internet or Intranet services. The following /dev/tcp tuning parameters should be inspected and, if necessary, changed to fit the network topology of the installation environment.
PAGE 28
Operating System Requirements HP-UX 11.0 Operating System This section contains the following information: • Verifying Disk Space Requirements • Verifying Required System Modules • Installing Patches • Tuning the System • Installing Third-Party Utilities Verifying Disk Space Requirements Ensure that you have sufficient disk space before downloading the software.
PAGE 29
Operating System Requirements • PHKL_18543: PM/VM/UFS/async/scsi/io/DMAPI/JFS/perf cumulative patch PHCO_23651: fsck_vxfs(1M) cumulative patch PHCO_19666: libpthread cumulative patch PHKL_20228: Large data 7/8 patch PHKL_21039: semget;large data space;msgmnb;SEMMSL PHKL_23409: NFS, Large Data Space, kernel memory leak patch PHCO_16629: libc cumulative patch (superceded by PHCO_20765) PHCO_20765: libc cumulative patch (supercedes PHCO_16629 and is superceded by PHCO_24148) PHCO_24148: libc
PAGE 30
Operating System Requirements PHNE_26771: • Cumulative ARPA Transport patch The following patches are dependencies of patch PHNE_26771: PHKL_21857 and PHNE_22566. Run the dsktune utility and see if you need to install any other patches. The utility helps you to verify whether you have the appropriate patches installed on your system and provides useful information and advice on how to tune your kernel parameters for best performance.
PAGE 31
Operating System Requirements Installing Third-Party Utilities You will need the gunzip utility to unpack the directory server software. The GNU gzip and gunzip programs are described in more detail at http://www.gnu.org/software/gzip/gzip.html and can be obtained from many software distribution sites. You may need Adobe Acrobat Reader to read the documentation. If you do not have it installed, you can download it from: http://www.adobe.com/products/acrobat/readstep2.
PAGE 32
Operating System Requirements 32 Netscape Directory Server Installation Guide • May 2002
PAGE 33
Chapter 3 Using Express and Typical Installation This chapter describes how to perform basic installation activities. This chapter contains the following sections: • Using Express Installation (page 33) • Using Typical Installation (page 35) Using Express Installation Use express installation if you are installing Directory Server to evaluate or test the product.
PAGE 34
Using Express Installation 5. Run the setup program. You can find it in the directory in which you untarred or unzipped the binary files. On a UNIX system, issue the following command: ./setup Select “yes” to continue with installation, then select “yes” to agree to the license. 6. When you are asked what you would like to install, select the default, Netscape Servers. 7. When you are asked what type of installation you would like to perform, select Express Installation. 8.
PAGE 35
Using Typical Installation ❍ o=NetscapeRoot Do not modify the contents of the directory under the o=NetscapeRoot suffix. Either create data under the first suffix or create a new suffix to be used for this purpose. For details on how to create new suffixes for your Directory Server, see the Netscape Directory Server Administrator’s Guide. Using Typical Installation Most first time installations of Directory Server can be performed using the Typical Installation option of the setup program.
PAGE 36
Using Typical Installation 9. When you are asked what type of installation you would like to perform, press Enter to select the default, Typical Installation. 10. For server root, enter a full path to the location where you want to install your server. The location that you enter must be some directory other than the directory from which you are running setup. Also, the name of the directory where you install files must not contain any space characters.
PAGE 37
Using Typical Installation 18. The setup program then asks you for the System User and the System Group names. Enter the identity under which you want the servers to run. For more information on the user and group names that you should use when running Netscape servers, see “Deciding the User and Group for Your Netscape Servers (UNIX only),” on page 14. 19. For the configuration directory, select the default if this directory will host your o=NetscapeRoot tree. Otherwise, enter Yes.
PAGE 38
Using Typical Installation 24. For a directory suffix, enter a distinguished name (DN) meaningful to your enterprise. This string is used to form the name of all your organization’s directory entries. Therefore, pick a name that is representative of your organization. It is recommended that you pick a suffix that corresponds to your internet DNS name. Avoid space characters in the suffix. For example, if your organization uses the DNS name example.com, then enter dc=example,dc=com here. 25.
PAGE 39
Using Typical Installation The server is configured to use the following suffixes: • The suffix that you configured. • o=NetscapeRoot Do not modify the contents of the directory under the o=NetscapeRoot suffix. Either create data under the first suffix or create a new suffix to be used for this purpose. For details on how to create new suffixes for your Directory Server, see the Netscape Directory Server Administrator’s Guide.
PAGE 40
Using Typical Installation 40 Netscape Directory Server Installation Guide • May 2002
PAGE 41
Chapter 4 Silent Installation Silent installation allows you to use a file to predefine all the answers that you would normally supply to the setup program interactively. This provides you with the ability to script the installation of your Netscape Directory Servers (Directory Servers).
PAGE 42
Preparing Silent Installation Files 5. Prepare the file that will contain your installation directives; for details, see “Preparing Silent Installation Files,” on page 42. 6. Run the setup program with the -s and -f command line options: setup -s -f filename where the -s option indicates the silent mode of installation and filename specifies the name of the INF file that contains your installation directives. The next section shows some examples of the silent install files.
PAGE 43
Preparing Silent Installation Files NOTE Any distinguished names (DNs) in the files must be in the UTF-8 character set encoding. Creating Silent Installation Files The best way to create a file for use with silent installation is to use the setup program to interactively create a server instance of the type that you want to duplicate. To do this, run setup with the -k flag. The setup program will create the following file: /usr/netscape/servers/setup/install.
PAGE 44
Preparing Silent Installation Files NOTE Be sure to protect install.inf files since they contain passwords in clear. For complete information on the directives you can use in a silent installation file, see “Installation Directives,” on page 46. A Typical Installation The following is the install.inf file that is generated for a typical installation: [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuitespotGroup= nobody ServerRoot= /usr/netscape/servers AdminDomain= example.
PAGE 45
Preparing Silent Installation Files [nsperl] Components= nsperl553 [perldap] Components= perldap14 Using an Existing Configuration Directory The following is the install.inf file that is generated when you perform a typical installation and you choose to use an existing Directory Server as the configuration directory: [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuitespotGroup= nobody ServerRoot= /usr/netscape/servers AdminDomain= example.
PAGE 46
Installation Directives ServerAdminID= admin ServerAdminPwd= admin Components= admin,admin-client [base] Components= base,base-client,base-jre [nsperl] Components= nsperl553 [perldap] Components= perldap14 Installing the Standalone Netscape Console The following is the install.inf file that is generated when you install just Netscape Console: [General] FullMachineName= dir.example.com ConfigDirectoryLdapURL= ldap://dir.example.
PAGE 47
Installation Directives • Silent Installation File Format • [General] Installation Directives • [Base] Installation Directives • [slapd] Installation Directives • [admin] Installation Directives Silent Installation File Format When you use silent installation, you provide all the installation information in a file. This file is formatted as follows: [General] directive=value directive=value directive=value ... [Base] directive=value directive=value directive=value ...
PAGE 48
Installation Directives [General] Installation Directives [General] installation directives specify information of global interest to the Netscape servers installed at your site. That is, the information you provide here will be common to all your Netscape servers. The [General] installation directives are: 48 Table 4-1 [General] Installation Directives Directive Description FullMachineName Specifies the fully qualified domain name of the machine on which you are installing the server.
PAGE 49
Installation Directives Table 4-1 [General] Installation Directives (Continued) Directive Description UserDirectoryAdminPwd Specifies the password for the UserDirectoryAdminID. UserDirectoryLdapURL Specifies the LDAP URL that is used to connect to the directory where your user and group data is stored. If this directive is not supplied, the configuration directory is used for this purpose. LDAP URLs are described in the Netscape Directory Server Administrator’s Guide.
PAGE 50
Installation Directives Table 4-2 [Base] Installation Directive Directive Description Components Specifies the base components to be installed. The base components are: • base—install the shared libraries used by all Server Consoles. You must install this package if you are also installing some other Netscape server. • base-client—install the Java run time environment used by the Server Consoles. • base-jre—causes the Java run time environment to be installed.
PAGE 51
Installation Directives Table 4-3 Required [slapd] Installation Directives (Continued) Directive Description ServerIdentifier Specifies the server identifier. This directive is required. This value is used as part of the name of the directory in which the Directory Server instance is installed. For example, if your machine’s host name is phonebook, then this name is the default and selecting it will cause the Directory Server instance to be installed into a directory labeled slapd-phonebook.
PAGE 52
Installation Directives Table 4-4 Optional [slapd] Installation Directives Directive Description AddSampleEntries If set to Yes, this directive causes the example.ldif sample directory to be loaded. Use this directive if you are installing the Directory Server for evaluation purposes and you do not already have an LDIF file to populate your directory with. Default is no.
PAGE 53
Installation Directives Table 4-5 [admin] Installation Directives (Continued) Directive Description ServerIpAddress Specifies the IP address that the Administration Server will listen to. Use this directive if you are installing on a multi-homed system and you do not want to use the first IP address for your Administration Server. ServerAdminID Specifies the administration ID that can be used to access this Administration Server if the configuration directory is not responding.
PAGE 54
Installation Directives 54 Netscape Directory Server Installation Guide • May 2002
PAGE 55
Chapter 5 Post Installation This chapter describes the post-installation procedures for launching the online help and populating the directory tree. This chapter has the following sections: • Launching the Help System (page 55) • Populating the Directory Tree (page 56) Launching the Help System The help system for Directory Server is dependent upon Netscape Administration Server.
PAGE 56
Populating the Directory Tree Proxy authorized on Administration Server. If you use proxies for your HTTP connections on the client machine running Directory Server Console, you need to do one of the following: • Remove proxies on the machine running Directory Server Console. This allows the client machine to access Administration Server directly. To remove the proxies on the machine running Directory Server Console, you need to alter the proxy configuration of the browser you will use to run the help.
PAGE 57
Populating the Directory Tree • Start your Directory Server with an empty database and import data over LDAP—This method requires you to populate your directory using an LDAP client such as Directory Server Gateway or the ldapmodify command-line utility. Use this method if you have just a few entries to add at a time. For information on setting up the Directory Server Gateway, check the Netscape Directory Server Gateway Customization Guide.
PAGE 58
Populating the Directory Tree 58 Netscape Directory Server Installation Guide • May 2002
PAGE 59
Chapter 6 Migrating From Previous Versions You can upgrade to Netscape Directory Server 6.x from a previous release of Directory Server, for example, from Directory Server versions 4.0, 4.1, 4.11, 4.12, 4.13, or 5.0.
PAGE 60
Migration Prerequisites The migration script performs the following tasks in sequence: • Checks the schema configuration files and notifies you of any changes between the standard configuration files and the ones present on your system. • Creates a database for each suffix stored in the legacy Directory Server. (In Directory Server 5.x and 6.x you can have multiple databases, but just one suffix per database). • Migrates the server parameters and database parameters. (In Directory Server 5.x and 6.
PAGE 61
Identifying Custom Schema • If you want to continue to run your legacy Directory Server, when you install the new Directory Server choose different ports for LDAP traffic and for secured connections from the ones used by your legacy Directory Server. If you will not be running your legacy Directory Server, use the same port numbers to ensure that any directory clients that have static configuration information (including Directory Server port numbers) will continue to work.
PAGE 62
Identifying Custom Schema While the migration will complete in this situation, you will probably find that you cannot modify your data in Directory Server 6.02. Therefore, you are strongly recommended to copy your custom schema into separate files before you perform the migration. You can use the standard slapd.user_oc.conf and slapd.user_at.conf files or any files declared in slapd.conf with the useroc and userat keywords respectively. To separate your custom schema from your standard schema: 1.
PAGE 63
Migration Procedure Migration Procedure The migration script will automatically back up your Directory Server configuration. • If you are migrating from Directory Server 4.x, all of the files with a .conf extension in the /usr/netscape/server4/slapd-serverID directory are backed up. • If you are upgrading from Directory Server 5.0, all of the configuration files in /usr/netscape/servers/slapd-serverID/config will be backed up to a directory named /usr/netscape/servers/slapd-serverID/config_backup.
PAGE 64
Migrating a Replicated Site ❍ ❍ oldServerPath is the path to the legacy Directory Server directory (for example, /usr/netscape/server4/slapd-serverID) newServerPath is the path to the Directory Server 6.02 directory (for example, /usr/netscape/servers/slapd-serverID) The following is an example of a command you would use on a UNIX machine to migrate a 4.11 Directory Server to Directory Server 6.
PAGE 65
Migrating a Replicated Site The manual procedure described in this section explains the migration path that you can follow to migrate a replication topology of 4.x servers to a replication topology of 6.x Directory Servers. You can migrate instances of Directory Server 4.0, 4.1, 4.11, 4.12, and 4.13 because these releases of the Directory Server can replicate to a Directory Server 6.x configured as a consumer.
PAGE 66
Migrating a Replicated Site 4. Retire the 4.x supplier. The Directory Server 6.x that you configured in Step 1 is now the only supplier in the topology. Example: Detail of Steps Consider a fairly simple replication topology: • One supplier Server A • Two consumer servers Server B and Server C • Server A has a supplier-initiated replication agreement to Server B and to Server C • Servers A, B, and C are 4.0, 4.1, 4.11, 4.12, or 4.13 Directory Servers.
PAGE 67
Migrating a Replicated Site 6. Upgrade Server C to Directory Server 6.x, and make it a read-only replica of Server D. 7. Retire Server A. Disable legacy consumer settings on server D. This leaves Server D as the single supplier for consumer servers B and C. When you have completed the migration of your replication topology, you can evolve it to use multi-master replication. To do this, you must add a new Directory Server 6.x that acts as a master to your replication topology.
PAGE 68
Migrating a Replicated Site 68 Netscape Directory Server Installation Guide • May 2002
PAGE 69
Chapter 7 Uninstalling Directory Server You may need to remove an instance of Netscape Directory Server (Directory Server) or uninstall the entire server altogether. The Directory Server provides a utility that enables you to uninstall the software as a whole or to remove selected components.
PAGE 70
Uninstalling Directory Server 3. From the Object menu, select Stop; you can also right-click to choose this option from the pop-up menu. 4. When the server has stopped, from the Object menu, choose Remove Server. You can also right-click to choose this option from the pop-up menu. 5. When prompted, confirm that you want to remove the server instance. Uninstalling Directory Server To uninstall Directory Server from a machine, use the uninstallation utiltiy.
PAGE 71
Uninstalling Directory Server 5. ❍ Server Core Components ❍ nsPerl ❍ PerLDAP When prompted, enter the administrator ID and password for the configuration directory to authorize removal of Directory Server. The uninstallation utility starts removing files. After the utility has finished removing files, a message is displayed indicating that some files have not been removed from your system. 6.
PAGE 72
Uninstalling Directory Server 72 Netscape Directory Server Installation Guide • May 2002
PAGE 73
Chapter 8 Troubleshooting This chapter describes the most common installation problems and how to solve them. It also provides some tips on checking patch levels and kernel parameter settings for your system. This chapter has the following sections: • Running dsktune (page 73) • Common Installation Problems (page 75) Running dsktune The dsktune utility provides an easy and reliable way of checking the patch levels and kernel parameter settings for your system.
PAGE 74
Running dsktune The following is an example of output that dsktune generates. Note that dsktune does not itself make any changes to the system. Netscape Directory Server system tuning analysis version 25-SEP-2001. NOTICE : System is usparc-sun-solaris5.8 (SUNW,Ultra-5_10) (1 processor). NOTICE : Patch 109320-01 is not installed. NOTICE : Patch 108875-04 is present, but 108875-07 is a more recent version. NOTICE : Patch 108652-04 is present, but 108652-13 is a more recent version.
PAGE 75
Common Installation Problems ndd -set /dev/tcp tcp_smallest_anon_port 8192 WARNING: tcp_deferred_ack_interval is currently 100 milliseconds. This will cause Solaris to insert artificial delays in the LDAP protocol. It should be reduced during load testing. This line can be added to the /etc/init.d/inetinit file: ndd -set /dev/tcp tcp_deferred_ack_interval 5 WARNING: There are only 1024 file descriptors available, which limit the number of simultaneous connections.
PAGE 76
Common Installation Problems This error occurs when a machine is not correctly configured to use DNS naming. The default fully qualified host and domain name presented during installation is not correct. If you accept the defaults, you receive the LDAP authentication error. To successfully install, you need to provide a fully qualified domain name that consists of a local host name along with its domain name. A host name is the logical name assigned to a computer.
PAGE 77
Glossary access control instruction See ACI. ACI Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list ACL See ACL. Access control list. The mechanism for controlling access to your directory. access rights In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory.
PAGE 78
attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list object class. A list of required and optional attributes for a given entry type or authenticating directory server In pass-through authentication (PTA), the authenticating directory server is the directory server that contains the authentication credentials of the requesting client.
PAGE 79
browser Software, such as Netscape Navigator, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server. browsing index Otherwise known as the virtual view index, speeds up the display of entries in the Directory Server Console. Browsing indexes can be created on any branchpoint in the directory tree to improve display performance. CA See Certificate Authority.
PAGE 80
CIR See consumer-initiated replication. class definition Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory. class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes. client See LDAP client.
PAGE 81
DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory. Data Master The server that is the master source of a particular piece of data. database link An implementation of chaining. The database link behaves like a database but has no persistent storage. Instead, it points to data stored remotely. default index One of a set of default indexes created per database instance.
PAGE 82
DNS alias A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as www.[yourdomain].[domain] might point to a real machine called realthing.[yourdomain].[domain] where the server currently exists. See Directory Server Gateway (DSGW). DSGW entry A group of lines in the LDIF file that contains information about an object.
PAGE 83
HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Netscape Navigator how to display text, position graphics and form items, and display links to other pages. HTTP Hypertext Transfer Protocol. The method for exchanging information between HTTP servers and clients. HTTPD An abbreviation for the HTTP daemon or service, a program that serves information using the HTTP protocol.
PAGE 84
LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format LDAP client Software used to request and view LDAP entries from an LDAP Directory Server. See also browser. LDAP Data Interchange Format See LDAP Data Interchange Format. LDAP URL Provides the means of locating directory servers using DNS and then completing the query via LDAP. A sample LDAP URL is ldap://ldap.example.
PAGE 85
matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. MD5 A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data, that is unique with high probability, and is mathematically extremely hard to produce a piece of data that will produce the same message digest.
PAGE 86
network management station See NMS. NIS Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, file systems, and network parameters throughout a network of computers. NMS Network Management Station. Powerful workstation with one or more network management applications installed. ns-slapd Netscape’s LDAP Directory Server daemon or service that is responsible for all actions of the Directory Server.
PAGE 87
permission In the context of access control, the permission states whether access to the directory information is granted or denied, and the level of access that is granted or denied. See access rights. PDU Protocol Data Unit. Encoded messages which form the basis of data exchanges between SNMP devices. pointer CoS A pointer CoS identifies the template entry using the template DN only. presence index attribute.
PAGE 88
RDN Relative distinguished name. The name of the actual entry itself, before the entry’s ancestors have been appended to the string to form the full distinguished name. referential integrity Mechanism that ensures that relationships between related entries are maintained within the directory. referral (1) When a server receives a search or update request from an LDAP client that it cannot process, it usually sends back to the client a pointer to the LDAP sever that can process the request.
PAGE 89
root The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine. root suffix The parent of one or more sub suffixes. A directory tree can contain more than one root suffix. schema Definitions describing what types of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory may be unable to display the proper results.
PAGE 90
slapd LDAP Directory Server daemon or service that is responsible for most functions of a directory except replication. See also ns-slapd. SNMP Simple Network Management Protocol. Used to monitor and manage application processes running on the servers, by exchanging data about network activity. SNMP master agent Software that exchanges information between the various subagents and the NMS.
PAGE 91
symmetric encryption Encryption that uses the same key for both encrypting and decrypting. DES is an example of a symmetric encryption algorithm. Cannot be deleted or modified as it is essential to Directory Server system index operations. target In the context of access control, the target identifies the directory information to which a particular ACI applies. target entry The entries within the scope of a CoS. TCP/IP Transmission Control Protocol/Internet Protocol.
PAGE 92
Netscape Directory Server Installation Guide • May 2002
PAGE 93
Index A E administration domain, defined 18 administration port number 38 administration server 12 administration server user 15 authentication entities 14 express install defined 19 using 33 F C configuration decisions 12 configuration directory administrator 15 configuration directory, defined 16 conventions, in this book 8 creating silent install files 43 custom install, defined 19 fonts, in this book 8 G glossary of terms 77–91 H D directory manager 15 directory server 12 directory suffix 16 dir
PAGE 94
preparing for 11 process overview 18 new installations 19 requirements 21 installation directory, default 13 L LDAP Data Interchange Format (LDIF) creating databases using 56 LDIF, See LDAP Data Interchange Format R removing the directory server 69 replicated site migration 65 requirements computer system 21 root DN (directory manager) 15 running server, users and groups 14 S Netscape Console 11 netscape root directory tree 16 nobody user account 14 NSHOME 13 schema, migrating 61 server root 13 setup p
PAGE 95
U uninstalling the directory server 69 upgrading prerequisites for 60 upgrading schema 61 upgrading the directory server 59 user and groups to run servers as 14 user directory, defined 17 Index 95
PAGE 96
Netscape Directory Server Installation Guide • May 2002