Installation Guide Netscape Directory Server Version 6.
Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.
Contents About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Prerequisite Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Directory Server Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Conventions Used In This Guide . . . . . . . . .
Chapter 3 Computer System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary of Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting File Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Tuning TCP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 DNS and NIS Requirements (UNIX Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Chapter 4 Silent Installation and Instance Creation . . . . . . . . . . . . . . . . . . .
After You Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Chapter 7 Uninstalling Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Removing a Directory Server Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Uninstalling Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
About This Guide Welcome to Netscape Directory Server (Directory Server). This manual provides a high-level overview of design and planning decisions you need to make before installing the Directory Server, and describes the different installation methods that you can use.
Conventions Used In This Guide • Directory Server Console—An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. The directory console is part of Netscape Console, the common management framework for Netscape servers. • SNMP Agent—Permits you to monitor your directory server in real time using the Simple Network Management Protocol (SNMP).
Related Information All paths specified in this manual are in UNIX format. If you are using a Windows-based Directory Server, you should assume the equivalent file paths whenever UNIX file paths are shown in this guide. Related Information The document set for Directory Server also contains the following guides: • Netscape Directory Server Administrator’s Guide. Contains procedures for the day-to-day maintenance of your directory service. Includes information on configuring server-side plug-ins.
Related Information 10 Netscape Directory Server Installation Guide • December 2003
Chapter 1 Preparing for a Directory Server Installation Before you begin installing Netscape Directory Server (Directory Server), you should have an understanding of the various Directory Server components and the design and configuration decisions you need to make.
Configuration Decisions • Netscape Administration Server—Administration Server is a common front-end to all Netscape servers. It receives communications from Netscape Console and passes those communications on to the appropriate Netscape server. Your site will have at least one Administration Server for each server root in which you have installed an Netscape server. • Directory Server—Directory Server is Netscape’s LDAP implementation.
Configuration Decisions Choosing Unique Port Numbers Port numbers can be any number from 1 to 65535. Keep the following in mind when choosing a port number for your Directory Server: • The standard Directory Server (LDAP) port number is 389. • Port 636 is reserved from LDAP over SSL. Therefore, do not use port number 636 for your standard LDAP installation, even if 636 is not already in use. You can also use LDAP over TLS on the standard LDAP port.
Configuration Decisions By default, the server root directory is one of the following: • /usr/netscape/servers (on UNIX systems) • c:\netscape\servers (on Windows systems) Deciding the User and Group for Your Netscape Servers (UNIX only) For security reasons, it is always best to run UNIX-based production servers with normal user privileges. That is, you do not want to run Directory Server with root privileges.
Configuration Decisions Defining Authentication Entities As you install Directory Server and Administration Server, you will be asked for various user names, distinguished names (DN), and passwords. This list of login and bind entities will differ depending on the type of installation that you are performing: • Directory Manager DN and password. The Directory Manager DN is the special directory entry to which access control does not apply. Think of the directory manager as your directory’s superuser.
Configuration Decisions Normally, Administration Server user and password should be identical to the configuration directory administrator ID and password. Determining Your Directory Suffix A directory suffix is the directory entry that represents the first entry in a directory tree. You will need at least one directory suffix for the tree that will contain your enterprise’s data. It is common practice to select a directory suffix that corresponds to the DNS host name used by your enterprise.
Configuration Decisions Because the configuration directory normally experiences very little traffic, you can allow its server instance to coexist on a machine with another more heavily loaded Directory Server instance. However, for very large sites that are installing a large number of Netscape servers, you may want to dedicate a low-end machine to the configuration directory so as to not hurt the performance of your other production servers.
Configuration Decisions Between your user directory and your configuration directory, it is your user directory that will receive the overwhelming percentage of the directory traffic. For this reason, you should give the user directory the greatest computing resources. Because the configuration directory should receive very little traffic, it can be installed on a machine with very low-end resources (such as a minimally-equipped Pentium).
Installation Process Overview For many installations, you can have just one administration domain. In this case, choose a name that is representative of your organization. For other installations, you may want different domains because of the demands at your site. In the latter case, try to name your administration domains after the organizations that will control the servers in that domain.
Installation Process Overview Beyond determining which type of installation process you will use, the process for installing Directory Server is as follows: 1. Plan your directory service. By planning your directory tree in advance, you can design a service that is easy to manage and easy to scale as your organization grows. For guidance on planning your directory service, refer to the Netscape Directory Server Deployment Guide. 2. Install your Directory Server as described in this manual. 3.
Installation Privileges On Windows, unzip the product binaries. Installation Privileges On UNIX you must install as root if you choose to run the server on a port below 1024, such as the default LDAP ports: 389 and 636 (LDAP over SSL). If you choose port numbers higher than 1024, you can install using any valid UNIX login. On Windows, you must run the installation as administrator.
Installation Privileges 22 Netscape Directory Server Installation Guide • December 2003
Chapter 2 Using Express and Typical Installation This chapter describes how to perform basic installation activities. This chapter contains the following sections: • Using Express Installation (page 23) • Using Typical Installation (page 25) Using Express Installation Use express installation if you are installing Directory Server to evaluate or test the product.
Using Express Installation where filename corresponds to the product binaries you want to unpack. On a Windows system, unzip the product binaries. 5. Run the setup program. You can find it in the directory in which you untarred or unzipped the binary files. On a UNIX system, issue the following command: ./setup Select “yes” to continue with installation, then select “yes” to agree to the license. 6. When you are asked what you would like to install, select the default, Netscape Servers. 7.
Using Typical Installation ❍ o=NetscapeRoot Do not modify the contents of the directory under the o=NetscapeRoot suffix. Either create data under the first suffix or create a new suffix to be used for this purpose. For details on how to create new suffixes for your Directory Server, see the Netscape Directory Server Administrator’s Guide. Using Typical Installation Most first time installations of Directory Server can be performed using the Typical Installation option of the setup program.
Using Typical Installation 7. Next, the setup program asks you if you agree to the license terms. Press “y” to agree with the license terms. 8. When you are asked what you would like to install, press Enter to select the default, Netscape Servers. 9. When you are asked what type of installation you would like to perform, press Enter to select the default, Typical Installation. 10. For server root, enter a full path to the location where you want to install your server.
Using Typical Installation CAUTION Note that the default hostname may be incorrect if the installer cannot locate a DNS name in your system. For example, you might not have a DNS name if your system uses NIS. The hostname must be a fully qualified host and domain name. If the default hostname is not a fully qualified host and domain name, installation will fail. Refer to “Common Installation Problems,” on page 119 for more information about entering a fully qualified domain name. 18.
Using Typical Installation 23. For Configuration Directory Administrator ID and password, enter the name and password that you will log in as when you want to authenticate to the console with full privileges. 24. For a directory suffix, enter a distinguished name (DN) meaningful to your enterprise. This string is used to form the name of all your organization’s directory entries. Therefore, pick a name that is representative of your organization.
Using Typical Installation 29. For the user you want to run Administration Server as, enter root. This is the default. For information on why you should run Administration Server as root, see “Deciding the User and Group for Your Netscape Servers (UNIX only),” on page 14. The server is then unpackaged, minimally configured, and started. You are told what host and port number Administration Server is listening on. The server is configured to use the following suffixes: • The suffix that you configured.
Using Typical Installation 7. For configuration directory, select the default if this directory will host your o=NetscapeRoot tree. Otherwise, enter the appropriate contact information for the configuration directory. If this Directory Server instance is not the configuration directory, then the configuration directory must exist and be running before you can continue this installation. 8.
Using Typical Installation NOTE Any DN must be entered in the UTF-8 character set encoding. Older encodings such as ISO-8859-1 are not supported. In former releases of Directory Server, the Directory Manager was known as the root DN. This is the entry that you bind to the directory as when you want access control to be ignored. This DN can be short and does not have to conform to any suffix configured for your directory. However, it should not correspond to an actual entry stored in your directory. 15.
Using Typical Installation 32 Netscape Directory Server Installation Guide • December 2003
Chapter 3 Computer System Requirements Before you can install Netscape Directory Server (Directory Server), you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements.
Summary of Supported Platforms Table 3-1 Supported Platforms (Continued) Memory/RAM 256 MB. However, you should plan from 512 MB to 1 GB of RAM for best performance on large production systems. Storage Space/Hard Disk Approximately 300 MB of disk space for a minimal installation. For production systems, you should plan at least 2 GB to support the product binaries, databases, and log files (log files require 1 GB by default); 4GB and greater may be required for very large directories.
Summary of Supported Platforms Table 3-1 Supported Platforms (Continued) Storage Space/Hard Disk Approximately 300 MB of disk space for a minimal installation. For production systems, you should plan at least 2 GB to support the product binaries, databases, and log files (log files require 1 GB by default); 4GB and greater may be required for very large directories. Other Requirements You must install as root in order to use well-known port numbers (such as 389) that are less than 1024.
Hardware Requirements Hardware Requirements On all platforms, you will need: • Roughly 200 MB of disk space for a minimal installation. For production systems, you should plan at least 2GB to support the product binaries, databases, and log files (log files require 1 GB by default); 4GB and greater may be required for very large directories. • 256 MB of RAM. However, you should plan from 256 MB to 1 GB of RAM for best performance on large production systems.
Operating System Requirements dsktune Utility For UNIX platforms, Directory Server provides a utility named dsktune that can help you verify whether you have the appropriate patches installed on your system. The utility also provides useful information and advice on how to tune your kernel parameters for best performance. To enable you to run dsktune before installing the Directory Server, the utility is placed, along with the setup program, in the directory where you unpack product binaries.
Operating System Requirements Verifying Required System Modules Directory Server is not supported on HP-UX 10 or earlier versions. The minimum system module required is HP-UX 11. Directory Server may be used on a 64 bit HP-UX 11 environment, but will run as a 32 bit process, and is limited to 1 GB of process memory. For best results, Directory Server requires an HP 9000 architecture with a PA-RISC 1.1 or PA-RISC 2.0 CPU.
Operating System Requirements • • PHSS_16587: HP aC++ runtime libraries PHKL_20335: boot,Jfs;IO perf;PA8600;3GB data;NFS;bcache PHKL_20174: Allow sam to set maxdsize patch PHCO_21187: Cumulative SAM/ObAM patch Install the patches listed below; Netscape Console uses the Abstract Window Tool (AWT) kit and requires you to install these patches.
Operating System Requirements • Set max_thread_proc to 512 (the old value was 64). • Set maxusers to 64 (the old value was 32). • Set maxuprc to 512 (the old value was 75). • Set nproc to 750, a new value which is not based on a formula (the old formula was 20+8*MAXUSERS, which evaluated to 276). Typically, client applications that do not properly shut down the socket cause it to linger in a TIME_WAIT state. To prevent this, you should consider changing the TIME_WAIT setting to a reasonable value.
Operating System Requirements Microsoft Windows 2000 Advanced Server If you plan to install Directory Server on a machine running the Windows 2000 Advanced Server operating system (OS), follow the recommendations outlined in these sections: • Configuring a Machine to Run Directory Server • Verifying Required System Modules • Installing Windows 2000 Server • Installing Third-Party Utilities • Ensuring System Clock Accuracy • Installing Windows Service Packs and Hotfixes • Configuring the System
Operating System Requirements Installing Windows 2000 Server During the installation of Windows 2000, observe the following: • If there is already an operating system present on the computer, choose to perform a fresh install rather than an upgrade. • Format the drives with NTFS rather than FAT, as NTFS allows access controls to be set on files and directories. • Specify that the computer will be a standalone server and will not be a member of any existing domain or workgroup.
Operating System Requirements Before downloading the font, read the READMEfirst.txt and ReadMe.htm files. Ensuring System Clock Accuracy To facilitate the correlation of date and time stamps in log files with those of other computer systems, keep your system clock reasonably in sync.
Operating System Requirements • Change the upper range of ephemeral from the default value, which is 4999, to 65534. To do this, at Registry HKEY_LOCAL_MACHINE\System\CurrectControlSet\services\Tcpip\Pa rameters, create a key MaxUserPort with value 65534. Red Hat Linux 7.3 Operating System If you plan to install Directory Server on a machine running the Linux 7.
Operating System Requirements Default glibc - glibc-2.2.5-34 glibc used for certification - glibc-2.2.5-43 ❍ Required Filesytem: ext3 (LARGEFILES support enabled) filesystem has been used for the certification process. Installing System Patches Directory Server has been certified on Red Hat Linux 7.3 with kernel revisions 2.4.18-27.7.x (kernel-2.4.18-27.7.x.i686.rpm) / glibc version 2.2.5-43 (glibc-2.2.5-43.i686.rpm). Table 3-2 provides the list of .
Operating System Requirements Table 3-2 Red Hat Linux 7.3 Patch List (Continued) file-3.39-8.7x.i386.rpm losetup-2.11n-12.7.3.i386.rpm fileutils-4.1-10.1.i386.rpm LPRng-3.8.9-4.i386.rpm gaim-0.59.1-0.7.3.i386.rpm mew-2.2-5.7x.i386.rpm gal-0.19.2-3.7x.i386.rpm mew-common-2.2-5.7x.i386.rpm gal-devel-0.19.2-3.7x.i386.rpm mm-1.1.3-11.i386.rpm galeon-1.2.6-0.7.3.i386.rpm mm-devel-1.1.3-11.i386.rpm gcc-2.96-113.i386.rpm modutils-2.4.18-3.7x.i386.rpm gcc-c++-2.96-113.i386.rpm mount-2.11n-12.7.3.
Operating System Requirements Table 3-2 Red Hat Linux 7.3 Patch List (Continued) kdeartwork-screensavers-3.0.3-0.7.1.i386.rpm openldap-devel-2.0.27-2.7.3.i386.rpm kdebase-3.0.3-0.7.2.i386.rpm openssh-3.1p1-6.i386.rpm kdebase-devel-3.0.3-0.7.2.i386.rpm openssh-askpass-3.1p1-6.i386.rpm kdegames-3.0.3-0.7.i386.rpm openssh-askpass-gnome-3.1p1-6.i386.rpm kdegames-devel-3.0.3-0.7.i386.rpm openssh-clients-3.1p1-6.i386.rpm kdelibs-3.0.3-0.7.2.i386.rpm openssh-server-3.1p1-6.i386.rpm kdelibs-devel-3.
Operating System Requirements Table 3-2 Red Hat Linux 7.3 Patch List (Continued) kernel-smp-2.4.18-27.7.x.i686.rpm sendmail-cf-8.11.6-25.73.i386.rpm kfloppy-3.0.3-0.7.i386.rpm sendmail-devel-8.11.6-23.73.i386.rpm khexedit-3.0.3-0.7.i386.rpm sendmail-devel-8.11.6-25.73.i386.rpm kit-3.0.3-0.7.2.i386.rpm shadow-utils-20000902-9.7.i386.rpm kjots-3.0.3-0.7.i386.rpm tar-1.13.25-4.7.1.i386.rpm kljettool-3.0.3-0.7.i386.rpm tetex-1.0.7-47.1.i386.rpm klpq-3.0.3-0.7.i386.rpm tkinter-1.5.2-43.73.i386.
Operating System Requirements Tuning the System This section contains some basic system tuning information. Keep in mind that changing any of the following kernel tuning parameters requires a system reboot. • NFS Tuning—This tuning is recommended if you are using Directory Server to write to NFS mounted drives. On Linux, NFS is typically recommended to be done over TCP and not over UDP. Make the following change to the /etc/rc.d/init.
Operating System Requirements Red Hat Linux Advanced Server 2.1 Operating System If you plan to install Directory Server on a machine running the Linux Advanced Server 2.
Operating System Requirements ❍ Required Filesytem: ext3 (LARGEFILES support enabled) filesystem has been used for the certification process. Installing System Patches Directory Server has been certified on Red Hat Linux Advanced Server 2.1 with kernel revisions 2.4.9-e.16 (kernel-2.4.9-e.16.i686.rpm) / glibc version 2.2.4-31.7 (glibc-2.2.4-31.7.i686.rpm). Table 3-3 provides the list of .
Operating System Requirements Table 3-3 Red Hat Linux Advanced Server 2.1 Patch List (Continued) iputils-20001110-6.AS21.2.i386.rpm sendmail-8.11.6-26.72.i386.rpm kde-i18n-Japanese-3.0.3-2.noarch.rpm sendmail-cf-8.11.6-24.72.i386.rpm kdebase-2.2.2-6.i386.rpm sendmail-cf-8.11.6-26.72.i386.rpm kdelibs-2.2.2-6.i386.rpm shadow-utils-20000902-9.7.i386.rpm kdelibs-sound-2.2.2-6.i386.rpm tar-1.13.25-4.AS21.0.i386.rpm kdenetwork-2.2.2-3.i386.rpm tkinter-1.5.2-43.72.i386.rpm kdepim-2.2.2-4.i386.
Operating System Requirements Tuning the System This section contains some basic system tuning information. Keep in mind that changing any of the following kernel tuning parameters requires a system reboot. • NFS Tuning—This tuning is recommended if you are using Directory Server to write to NFS mounted drives. On Linux, NFS is typically recommended to be done over TCP and not over UDP. Make the following change to the /etc/rc.d/init.
Operating System Requirements Sun Solaris 8 Operating System If you plan to install Directory Server on a machine running the Solaris 8 operating system (OS), follow the recommendations outlined in these sections: • Verifying Disk Space Requirements • Verifying Required System Modules • Installing Patches • Tuning the System • Setting File Descriptors • Tuning TCP Parameters In addition to these recommendations, be sure to check the OS vendor’s web site for the latest information pertaining to
Operating System Requirements Installing Patches You must use Solaris 8 with the Sun recommended patches. The Sun recommended patch clusters can be obtained from your Solaris support representative, or from the http://sunsolve.sun.com site. Solaris patches are generally identified by two numbers, for example 108434-10. The first number (108434) identifies the patch itself. The second number identifies the version of the patch, in the example above the patch is version number 10.
Operating System Requirements Table 3-4 56 Solaris 8 Patch List (Continued) 108949-07: CDE 1.4: libDtHelp/libDtSvc patch 108968-08: SunOS 5.8: vol/vold/rmmount/dev_pcmem.so.1 patch 108974-25: SunOS 5.8: dada, uata, dad, sd and scsi drivers patch 108975-06: SunOS 5.8: /usr/bin/rmformat and /usr/sbin/format patch 108977-01: SunOS 5.8: libsmedia patch 108981-10: SunOS 5.8: /kernel/drv/hme and /kernel/drv/sparcv9/hme patch 108985-03: SunOS 5.8: /usr/sbin/in.rshd patch 108987-12: SunOS 5.
Operating System Requirements Table 3-4 Solaris 8 Patch List (Continued) 109805-15: SunOS 5.8: /usr/lib/security/pam_krb5.so.1 patch 109862-03: X11 6.4.1 Font Server patch 109882-06: SunOS 5.8: eri header files patch 109885-09: SunOS 5.8: glm patch 109888-20: SunOS 5.8: platform drivers patch 109898-05: SunOS 5.8: /kernel/drv/arp patch 109951-01: SunOS 5.8: jserver buffer overflow 110075-01: SunOS 5.8: /kernel/drv/devinfo and /kernel/drv/sparcv9/devinfo patch 110283-06: SunOS 5.
Operating System Requirements Table 3-4 58 Solaris 8 Patch List (Continued) 110916-03: SunOS 5.8: sort patch 110934-11: SunOS 5.8: pkgtrans, pkgadd, pkgchk and libpkg.a patch 110939-01: SunOS 5.8: /usr/lib/acct/closewtmp patch 110943-01: SunOS 5.8: /usr/bin/tcsh patch 110945-07: SunOS 5.8: /usr/sbin/syslogd patch 110951-03: SunOS 5.8: /usr/sbin/tar and /usr/sbin/static/tar patch 110957-02: SunOS 5.8: /usr/bin/mailx patch 111069-01: SunOS 5.
Operating System Requirements Table 3-4 Solaris 8 Patch List (Continued) 111879-01: SunOS 5.8: Solaris Product Registry patch SUNWwsr 111881-03: SunOS 5.8: /usr/kernel/strmod/telmod patch 111883-14: SunOS 5.8: Sun GigaSwift Ethernet 1.0 driver patch 111958-02: SunOS 5.8: /usr/lib/nfs/statd patch 112138-01: SunOS 5.8:: usr/bin/domainname patch 112218-01: SunOS 5.8:: pam_ldap.so.1 patch 112237-07: SunOS 5.8: mech_krb5.so.1 patch 112254-01: SunOS 5.
Operating System Requirements Setting File Descriptors The system-wide maximum file descriptor table size setting will limit the number of concurrent connections that can be established to Directory Server. The governing parameter, rlim_fd_max, is set in the /etc/system file. By default, if this parameter is not present, the maximum is 1024. It can be raised to 4096 by adding to /etc/system a line set rlim_fd_max=4096 and rebooting the system.
Operating System Requirements ndd -set /dev/tcp tcp_conn_req_max_q0 1024 ndd -set /dev/tcp tcp_conn_req_max_q 1024 The tcp_keepalive_interval specifies the interval in seconds between keepalive packets sent by Solaris for each open TCP connection. This can be used to remove connections to clients that have become disconnected from the network. The tcp_rexmit_interval_initial value should be inspected when performing server performance testing on a LAN or high speed MAN or WAN.
Operating System Requirements http://sunsolve.sun.com Verifying Disk Space Requirements Ensure that you have sufficient disk space before downloading the Directory Server software. Current working directory: 120 MB Partition containing /usr/netscape: 2 GB Verifying Required System Modules Directory Server requires the use of a SPARC v8+ or an UltraSPARC (SPARC v9) processor, as these processors include support for high performance and multiprocessor systems. Earlier SPARC processors are not supported.
Operating System Requirements Table 3-5 Solaris 9 Patch List 112233-04: SunOS 5.9: Kernel Patch 112601-04: SunOS 5.9: PGX32 Graphics 112764-04: SunOS 5.9: Sun Quad FastEthernet qfe driver 112785-12: X11 6.6.1: Xsun patch 112808-03: OpenWindows 3.6.3: Tooltalk patch 112817-06: SunOS 5.9: Sun GigaSwift Ethernet 1.0 driver patch 112834-02: SunOS 5.9: patch scsi 112875-01: SunOS 5.9: patch /usr/lib/netsvc/rwall/rpc.rwalld 112902-08: SunOS 5.9: kernel/drv/ip Patch 112907-01: SunOS 5.
Operating System Requirements Table 3-5 Solaris 9 Patch List (Continued) 113923-02: X11 6.6.1: security font server patch 113993-01: SunOS 5.9: mkfs Patch 114135-01: SunOS 5.9: at utility Patch Tuning the System Basic Solaris tuning guidelines are available from several books, including Sun Performance and Tuning: Java and the Internet (ISBN 0-13-095249-4).
Operating System Requirements Tuning TCP Parameters By default, the TCP/IP implementation in a Solaris kernel is not correctly tuned for Internet or Intranet services. The following /dev/tcp tuning parameters should be inspected and, if necessary, changed to fit the network topology of the installation environment. The tcp_time_wait_interval in Solaris 9 specifies the number of milliseconds that a TCP connection will be held in the kernel’s table after it has been closed.
Operating System Requirements The DNS resolver is typically set by the file /etc/resolv.conf. However, also check the file /etc/nsswitch.conf, and on Solaris /etc/netconfig, to ensure that the DNS resolver will be used for name resolution. If you are not already using NIS, you will also need to set the default NIS domain name. Typically this is done by placing the NIS domain name in the file /etc/defaultdomain and rebooting or by using the domainname command.
Chapter 4 Silent Installation and Instance Creation Silent installation allows you to use a file to predefine all the answers that you would normally supply to the setup program interactively; this provides you with the ability to script the installation of multiple instances of Netscape Directory Server (Directory Server). Instance creation enables you to use an existing Directory Server instance to create additional instances of the server under the same server root.
Using Silent Installation 2. Create a new directory: # mkdir ds # cd ds 3. If you have not already done so, download the product binaries file to the installation directory. 4. On Windows machines, unzip the product binaries. On UNIX, unpack the product binaries file using the following command: # gunzip -dc filename.tar.gz | tar -xvof- where filename corresponds to the product binaries file that you want to unpack. 5. Prepare the file that will contain your installation directives.
Using Silent Installation You will have to make some modifications to this file before you use it. Specifically, ensure that you have done the following: • FullMachineName—Set this directive to a value that is appropriate for the machine on which Directory Server will be installed, if it’s not to be the local machine. In most circumstances, it is best not to use this directive because FullMachineName will then default to the local host name.
Using Silent Installation You can find a definition of the individual installation directives in “Specifying Silent Installation Directives” on page 73. NOTE The silent.inf file provided with the Directory Server is merely a template, an example of how to write your own. For the file to work, many of the parameters (host name, ports, paths, and so on) in the file must be replaced with appropriate values.
Using Silent Installation [admin] SysUser= root Port= 23611 ServerIpAddress= 111.11.11.11 ServerAdminID= admin ServerAdminPwd= admin Components= admin,admin-client [base] Components= base,base-client,base-jre [nsperl] Components= nsperl561 [perldap] Components= perldap14 Sample File for Using an Existing Configuration Directory The following is an example of the install.
Using Silent Installation AddSampleEntries= No InstallLdifFile= suggest AddOrgEntries= Yes DisableSchemaChecking= No RootDNPwd= admin123 Components= slapd,slapd-client [admin] SysUser= root Port= 33646 ServerIpAddress= 111.11.11.
Using Silent Installation Specifying Silent Installation Directives This section describes the basic format of the file used for silent installation. It then describes the directives that are available for each area of the silent installation file.
Using Silent Installation [General] Installation Directives [General] installation directives specify information of global interest to the Netscape servers installed at your site. That is, the information you provide here will be common to all your Netscape servers. The [General] installation directives are listed in Table 4-1. Table 4-1 [General] Installation Directives Directive Description Components Specifies components to be installed.
Using Silent Installation Table 4-1 [General] Installation Directives (Continued) Directive Description ConfigDirectoryLdapURL Specifies the LDAP URL that is used to connect to your configuration directory. LDAP URLs are described in the Netscape Directory Server Administrator’s Guide. This directive is required. AdminDomain Specifies the administration domain under which this server will be registered.
Using Silent Installation Table 4-2 Required and Optional [slapd] Installation Directives Required Directive Description Components Specifies the slapd components to be installed. The components are: • slapd—Install Directory Server. • slapd-client—Install Directory Server Console. This directive is required. It is recommended that you always install both components any time you install the Directory Server. ServerPort Specifies the port the server will use for LDAP connections.
Using Silent Installation Table 4-2 Required and Optional [slapd] Installation Directives (Continued) Required Directive Description AddOrgEntries If set to Yes, this directive causes the new Directory Server instance to be created with a suggested directory structure and access control. If this directive is used and InstallLdifFile is also used, then this directive has no effect. Default is no. InstallLdifFile Causes the contents of the LDIF file to be used to populate your directory.
Using Silent Installation Table 4-3 [admin] Installation Directives (Continued) Directive Description Port Specifies the port that the Administration Server will use. Note that the Administration Server’s host name is given by the FullMachineName directive. For more information on FullMachineName, see Table 4-1. ServerAdminID Specifies the administration ID that can be used to access this Administration Server if the configuration directory is not responding.
Using Silent Instance Creation [nsperl] Installation Directives There is only one [nsperl] installation directive and it allows you to determine whether nsPerl is to be installed. Table 4-5 lists the directive. Table 4-5 [nsperl] Installation Directive Directive Description Components Specifies whether nsPerl that is bundled with Directory Server is to be installed. This nsPerl is CPAN perl, built and maintained for use by Netscape server products. • nsperl561—Install nsPerl version 5.6.1.
Using Silent Instance Creation Because all instances of Directory Server under a server root use the same Administration Server, the instance creation process does not install Administration Server binaries; you cannot create two instances of Administration Server in one server root. Having multiple instances in a single server root is useful for testing and for when one host is used for multiple purposes.
Using Silent Instance Creation SlapdConfigForMC= No UseExistingMC= Yes UseExistingUG= No SecurityOn= No UseReplication= No SetupSupplier= No SetupConsumer= No AddSampleEntries= No InstallLdifFile= suggest AddOrgEntries= Yes DisableSchemaChecking= No Chapter 4 Silent Installation and Instance Creation 81
Using Silent Instance Creation 82 Netscape Directory Server Installation Guide • December 2003
Chapter 5 Post Installation This chapter describes the post-installation procedures for launching the online help and populating the directory tree. This chapter has the following sections: • Launching the Help System (page 83) • Populating the Directory Tree (page 84) Launching the Help System The help system for Directory Server is dependent upon Netscape Administration Server.
Populating the Directory Tree 5. Restart Administration Server. You can now launch the online help by clicking any of the Help buttons in the Directory Server Console. Proxy authorized on Administration Server. If you use proxies for your HTTP connections on the client machine running Directory Server Console, you need to do one of the following: • Remove proxies on the machine running Directory Server Console. This allows the client machine to access Administration Server directly.
Populating the Directory Tree • Start your Directory Server with an empty database and import data over LDAP—This method requires you to populate your directory using an LDAP client such as Directory Server Gateway or the ldapmodify command-line utility. Use this method if you have just a few entries to add at a time. For information on setting up the Directory Server Gateway, check the Netscape Directory Server Gateway Customization Guide.
Populating the Directory Tree 86 Netscape Directory Server Installation Guide • December 2003
Chapter 6 Migrating and Upgrading From Previous Versions If you have a previous installation of Directory Server, depending on it’s version, you can migrate or upgrade to Netscape Directory Server 6.x. Migration refers to the process of migrating Directory Server 4.x or 5.x files to Directory Server 6.x. Upgrade refers to the process of updating Directory Server 6.0x files to Directory Server 6.x.
Migration Prerequisites The migration script performs the following tasks in sequence: • Checks the schema configuration files and notifies you of any changes between the standard configuration files and the ones present on your system; see • Creates a database for each suffix stored in the legacy Directory Server. (In Directory Server 5.x and 6.x you can have multiple databases, but just one suffix per database).
Migration Prerequisites • Do not install the new Directory Server on top of an existing Directory Server installation. Install your new Directory Server in a separate directory. Migrate your legacy directory data into your new directory and when you are satisfied with the result of the migration, remove your legacy Directory Server.
Migration Prerequisites • Windows only. If you are migrating a Directory Server 5.x multi master replicated (MMR) environment to Directory Server 6.2, before you run the migration script, export all exports from the old server’s backend databases using the db2ldif -r option. • When you run the migration script, it migrates the configuration files or configuration entries, database instances, and schema with minimum manual intervention.
Migration Procedure 2. Move your custom schema elements to the following files: serverRoot/slapd-serverID/config/slapd.user_at.conf and serverRoot/slapd-serverID/config/slapd.user_oc.conf These file names are recommended because the 4.x schema configuration editor writes to them. However, you can use any file name you like.
Migration Procedure This section contains the following information: • Migrating a Standalone Server • Migrating a 4.x Replicated Site • Migrating a 5.x Replicated Site • Migrating a 5.x Multi-Master Deployment • Managing Console Fail Over Migrating a Standalone Server Once you have backed up your critical configuration information, do the following to migrate a server: 1. Stop your legacy Directory Server. If you do not stop the legacy Directory Server, the migration script does it for you. 2.
Migration Procedure ❍ rootDN is the Directory Server 6.x user DN with root permissions, such as Directory Manager. ❍ password is the password for Directory Manager in Directory Server 6.x. ❍ port is the LDAP port number assigned to Directory Server 6.x. ❍ ❍ oldInstancePath is the path to the installation directory of the legacy Directory Server (for example, /usr/netscape/server4/slapd-serverID). newInstancePath is the path to the installation directory of Directory Server 6.
Migration Procedure oldHome:/export/home/jdoe/50-latest/slapd-bart, oldConfDir: /export/home/jdoe/50-latest/slapd-bart/config/, ldif_rep: /export/home/jdoe/50-latest/slapd-bart/config//ldif/, rootDN: cn=directory manager, Port: 11440, Newname: bart Shutdown the legacy Directory Server instance: /usr/netscape/servers/ds50/slapd-bart Shutting down server slapd-bart . . . . . . Name of the old LDAP Name of the new LDAP 6.0 localuser: jdoe, 5.x localuser: jdoe, server: bart.netscape.com server: bart.netscape.
Migration Procedure Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: Param: nsslapd-timelimit values To migrate: 3600 nsslapd-timelimit new current values: 3600 nsconcurrentbindlimit values To migrate: 10 nsconcurrentbindlimit new current values: 10 nsbindconnectionslimit values To migrate: 3 nsbindconnectionslimit new current values: 3 nsc
Migration Procedure Existing data will be exported under /export/home/jdoe/61-latest/slapd-bart/db_backup/backend1.ldif Continue Yes/No [No] ? y Now baking up database backend1 in /export/home/jdoe/61-latest/slapd-bart/db_backup/backend1.ldif Shutting down server slapd-bart . . . ldiffile: /export/home/jdoe/61-latest/slapd-bart/db_backup/backend1.ldif [12/Jun/2002:10:32:05 -0700] - export backend1: Processed 3 entries (100%).
Migration Procedure *** MAPPING_TREE exists *** Migration will *** MAPPING_TREE exists *** Migration will cn="dc=backend1,dc=com",cn=mapping tree,cn=config already not add the suffix cn="dc=backend2,dc=com",cn=mapping tree,cn=config already not add the suffix MAPPING_TREE - Add successfull: cn="dc=backend3,dc=com",cn=mapping tree,cn=config *** MAPPING_TREE - cn="dc=netscape,dc=com",cn=mapping tree,cn=config already exists *** Migration will not add the suffix ---------------------------------------------
Migration Procedure ldiffile: /export/home/jdoe/50-latest/slapd-bart/config//ldif/backend2.ldif [12/Jun/2002:10:33:29 -0700] - export backend2: Processed 3 entries (100%). [12/Jun/2002:10:33:29 -0700] - Waiting for 1 database threads to stop [12/Jun/2002:10:33:30 -0700] - All database threads now stopped ldiffile: /export/home/jdoe/50-latest/slapd-bart/config//ldif/backend3.
Migration Procedure [12/Jun/2002:10:33:51 -0700] - import backend3: Finished scanning file "/export/home/jdoe/50-latest/slapd-bart/config//ldif/backend3.ldif" (2 entries) [12/Jun/2002:10:33:51 -0700] - import backend3: Workers finished; cleaning up... [12/Jun/2002:10:33:54 -0700] - import backend3: Workers cleaned up. [12/Jun/2002:10:33:54 -0700] - import backend3: Cleaning up producer thread... [12/Jun/2002:10:33:54 -0700] - import backend3: Indexing complete. Post-processing...
Migration Procedure • Migrating a Replicated 4.x Site - Approach 1 • Migrating a Replicated 4.x Site - Approach 2 Migrating a Replicated 4.x Site - Approach 1 Given the constraints, an approach to migrating a replication topology of 4.x servers is to: 1. Install the 6.x Directory Server and configure it both: ❍ ❍ As a read-write replica, the role the server will fulfill once the migration process is completed, that logs changes.
Migration Procedure To migrate this topology using Approach 1, follow these steps: 1. Install Directory Server 6.x on a new server, ServerD. 2. Configure ServerD for the role it will fulfill in the migrated replication topology, that is as a read-write replica that logs changes. This procedure is explained in Chapter 8, “Managing Replication” of the Netscape Directory Server Administrator’s Guide. 3. Then configure ServerD to be a legacy consumer.
Migration Procedure 4. Migrate consumers one at a time. After each migration, recreate migration agreements and re-initialize the migrated consumers. To better understand Approach 2, consider a fairly simple replication topology: • One supplier server, ServerA. • Two consumer servers, ServerB and ServerC. • ServerA has a supplier-initiated replication agreement to ServerB and to ServerC. • ServerA, ServerB, and ServerC are 4.x Directory Servers.
Migration Procedure Migrating a 5.x Replicated Site If you are upgrading from Directory Server 5.x to Directory Server 6.x, your replication configuration is automatically migrated when you run the migrateInstance6 script. To migrate a 5.x replicated site: 1. Stop your Directory Server 5.x. 2. Install Directory Server 6.x. 3. Run the migration script as shown in section “Migrating a Standalone Server” on page 92. 4. Once your 5.
Migration Procedure 3. Migrate the first master; see section “Master Migration” on page 104. 4. Verify that writes and changes are being replicated through the servers. 5. Migrate the second master; see section “Master Migration” on page 104. 6. Verify that writes and changes are being replicated through the servers. 7. Migrate the hubs (if any); see section “Hub Migration” on page 104. 8. Verify that writes and changes are being replicated through the servers. 9.
Migration Procedure 2. Install Directory Server 6.x, registering against the first master’s configuration instance. 3. Run the migration script following the instructions in “Migrating a Standalone Server” on page 92. 4. Once your hub is migrated, test replication and make sure that it is working correctly. 5. After you finish this process for the first hub, repeat the steps for any additional hubs. Consumer Migration To migrate a 5.x consumer server: 1. Stop the 5.x Directory Server. 2.
Upgrading From Directory Server 6.x Versions serverRoot/shared/config/dbswitch.conf:directory default ldap://configHostname:configPort/o%3DNetscapeRoot serverRoot/slapd-serverID/config/dse.ldif:nsslapd-pluginarg0: ldap://configHostname:configPort/o%3DnetscapeRoot 3. Turn off the pass through authentication (PTA) plug-in on Server2 by editing its dse.ldif file. a. In a text editor, open this file: serverRoot/slapd-serverID/config/dse.ldif b.
Upgrading From Directory Server 6.x Versions Upgrading The steps below show how to perform an upgrade using the Typical mode of installation on UNIX: 1. On your Directory Server 6.0x or 6.1x host machine, log in as root or superuser (su). 2. Stop the server. # serverRoot/slapd-serverID/stop-server 3. Create a new directory, for example: # mkdir ds62 # cd ds62 4. Download the Directory Server product binaries file to the directory you created. 5.
Upgrading From Directory Server 6.x Versions 12. When prompted to enter the server root (or the installation directory), enter the full path to the location where your Directory Server 6.0x or 6.1x is installed. By default, the setup program provides the following path: /usr/netscape/servers If your 6.0x or 6.1x Directory Server is installed in a different path, be sure to select that path. Once you supply the correct path, press Enter. 13. The setup program starts upgrading your server.
Chapter 7 Uninstalling Directory Server You may need to remove an instance of Netscape Directory Server (Directory Server) or uninstall the entire server altogether. The Directory Server provides a utility that enables you to uninstall the software as a whole or to remove selected components.
Uninstalling Directory Server 3. From the Object menu, select Stop; you can also right-click to choose this option from the pop-up menu. 4. When the server has stopped, from the Object menu, choose Remove Server. You can also right-click to choose this option from the pop-up menu. 5. When prompted, confirm that you want to remove the server instance. Uninstalling Directory Server To uninstall Directory Server from a machine, use the uninstallation utility.
Uninstalling Directory Server 4. Select the default, All, to remove all components of Directory Server. Alternately, you may choose to remove individual components by selecting them from the list that appears on the screen: 5. ❍ Administration Services ❍ Netscape Directory Suite ❍ Server Core Components ❍ nsPerl ❍ PerLDAP When prompted, enter the administrator ID and password for the configuration directory to authorize removal of Directory Server.
Uninstalling Directory Server 3. Locate and double-click the uninstallation utility, uninst.exe. The Netscape Uninstall window appears, showing a list of components: 4. ❍ Administration Services ❍ Netscape Directory Suite ❍ Server Core Components ❍ nsPerl ❍ PerLDAP Select the components you want to remove and click Uninstall. To remove specific subcomponents, select the component and click Sub Components. This will open a list of subcomponents of the selected component.
Uninstalling Directory Server 3. Locate and select the entry for Netscape Directory Server. The entry is of the form Netscape Server Products version_number server_root, where version_number is your Directory Server’s version number and server_root is your Directory Server’s installation directory. 4. Click Add/Remove. The Netscape Uninstall window appears, showing a list of components: 5.
Uninstalling Directory Server 114 Netscape Directory Server Installation Guide • December 2003
Chapter 8 Troubleshooting This chapter describes the most common installation problems and how to solve them. It also provides some tips on checking patch levels and kernel parameter settings for your system. This chapter has the following sections: • Running dsktune (page 115) • Common Installation Problems (page 119) Running dsktune The dsktune utility provides an easy and reliable way of checking the patch levels and kernel parameter settings for your system.
Running dsktune The following is an example of output that dsktune generates. Note that dsktune does not itself make any changes to the system. Netscape Directory Server system tuning analysis version 15-MAY-2003. NOTICE : System is usparc-SUNW,Ultra-5_10-solaris5.8_s28s_u7wos_08a (1 processor). ERROR : Patch 108528-18 is present, but 108528-19 (Feb/21/2003: SunOS 5.8: kernel update patch) is a more recent version. ERROR : Patch 108727-19 is present, but 108727-22 (Feb/21/2003: SunOS 5.
Running dsktune ERROR : Patch 110934-10 is present, but 110934-11 (Feb/20/2003: SunOS 5.8: pkgtrans, pkgadd, pkgchk and libpkg.a patch) is a more recent version. ERROR : Patch 111874-05 is present, but 111874-06 (Jan/23/2003: SunOS 5.8: usr/bin/mail patch) is a more recent version. ERROR : Patch 111879-01 (Aug/27/2001: SunOS 5.8: Solaris Product Registry patch SUNWwsr) is required but not installed. ERROR : Patch 112237-06 is present, but 112237-07 (Jan/15/2003: SunOS 5.8: mech_krb5.so.
Running dsktune NOTICE : The NDD tcp_rexmit_interval_initial is currently set to 3000 milliseconds (3 seconds). This may cause packet loss for clients on Solaris 2.5.1 due to a bug in that version of Solaris. If the clients are not using Solaris 2.5.1, no problems should occur. NOTICE : If the directory service is intended only for LAN or private high-speed WAN environment, this interval can be reduced by adding to /etc/init.
Common Installation Problems WARNING: There are only 256 file descriptors (soft limit) available, which limit the number of simultaneous connections. Additional file descriptors, up to 1024 (hard limit), are available by issuing 'ulimit' ('limit' for tcsh) command with proper arguments. ulimit -n 4096 ERROR : The above errors MUST be corrected before proceeding. Common Installation Problems Clients cannot locate the server. First, try using the host name.
Common Installation Problems 5. Next to the label “Primary DNS Suffix of this computer,” enter the appropriate domain name. The port is in use. You probably did not shut down a server before you upgraded it. Shut down the old server, then manually start the upgraded one. Another installed server might be using the port. Make sure the port you have chosen is not already being used by another server. LDAP authentication error causes install to fail.
Common Installation Problems [18/Jun/2002:10:56:39] failure ( 4322): Configuration initialization failed: Error running init function load-modules: dlopen of /export/dstest/bin/https/lib/libNSServletPlugin.so failed (libstdc++-libc6.1-1.so.2: cannot open shared object file: No such file or directory) For more information on RPM, check the JRE’s release notes at this URL: http://java.sun.com/j2se/1.4/install-linux.html I have forgotten the Directory manager DN and password.
Common Installation Problems uninst.log, is stored in the system TEMP directory. On UNIX, this directory is usually /tmp or /var/tmp. On Windows, check the system properties to see the value assigned to the TEMP environment variable (alternatively, you can open a command window and type echo %TEMP%).
Glossary access control instruction See ACI. ACI Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list ACL See ACL. Access control list. The mechanism for controlling access to your directory. access rights In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory.
attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list object class. A list of required and optional attributes for a given entry type or authenticating directory server In pass-through authentication (PTA), the authenticating directory server is the directory server that contains the authentication credentials of the requesting client.
browser Software, such as Netscape Navigator, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server. browsing index Otherwise known as the virtual view index, speeds up the display of entries in the Directory Server Console. Browsing indexes can be created on any branchpoint in the directory tree to improve display performance. CA See Certificate Authority.
ciphertext Encrypted information that cannot be read by anyone without the proper key to decrypt the information. CIR See consumer-initiated replication. class definition Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory. class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes. client See LDAP client.
daemon A background process on a Unix machine that is responsible for a particular system task. Daemon processes do not need human intervention to continue functioning. DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory. Data Master The server that is the master source of a particular piece of data. database link An implementation of chaining. The database link behaves like a database but has no persistent storage.
DNS Domain Name System. The system used by machines on a network to associate standard IP addresses (such as 198.93.93.10) with hostnames (such as www.example.com). Machines normally get the IP address for a hostname from a DNS server, or they look it up in tables maintained on their systems. DNS alias A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases.
general access When granted, indicates that all authenticated users can access directory information. hostname A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, www.example.com is the machine www in the subdomain example and com domain. HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web.
ISO International Standards Organization knowledge reference databases. Pointers to directory information stored in different LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms. LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format LDAP client Software used to request and view LDAP entries from an LDAP Directory Server. See also browser.
management information base See MIB. mapping tree A data structure that associates the names of suffixes (subtrees) with databases. master agent See SNMP master agent. matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. MD5 A message digest algorithm by RSA Data Security, Inc.
name collisions nested role Multiple entries with the same distinguished name. Allow you to create roles that contain other roles. network management application Network Management Station component that graphically displays information about SNMP managed devices (which device is up or down, which and how many error messages were received, etc.). network management station See NMS. NIS Network Information Service.
password file A file on Unix machines that stores Unix user login names, passwords, and user ID numbers. It is also known as /etc/passwd, because of where it is kept. A set of rules that govern how passwords are used in a given password policy directory. permission In the context of access control, the permission states whether access to the directory information is granted or denied, and the level of access that is granted or denied. See access rights. PDU Protocol Data Unit.
RAM Random access memory. The physical semiconductor-based memory in a computer. Information stored in RAM is lost when the computer is shut down. rc.local A file on Unix machines that describes programs that are run when the machine starts. It is also called /etc/rc.local because of its location. RDN Relative distinguished name. The name of the actual entry itself, before the entry’s ancestors have been appended to the string to form the full distinguished name.
role An entry grouping mechanism. Each role has members, which are the entries that possess the role. role-based attributes Attributes that appear on an entry because it possesses a particular role within an associated CoS template. root The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine. root suffix The parent of one or more sub suffixes. A directory tree can contain more than one root suffix.
service A background process on a Windows NT machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning. SIE Server Instance Entry, the ID assigned to an instance of Directory Server during installation. Simple Network Management Protocol See SNMP. single-master replication The most basic replication scenario in which two servers each hold a copy of the same read-write replicas to consumer servers.
suffix The name of the entry at the top of the directory tree, below which data is stored. Multiple suffixes are possible within the same directory. Each database only has one suffix. superuser The most privileged user available on Unix machines (also called root). The superuser has complete access privileges to all files on the machine. supplier Server containing the master copy of directory trees or subtrees that are replicated to consumer servers.
uid A unique number associated with each user on a Unix system. URL Uniform Resource Locator. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is [protocol]://[machine:port]/[document]. The port number is necessary only on selected servers, and it is often assigned by the server, freeing the user of having to place it in the URL.
Index A administration domain, defined 18 administration port number 28 administration server 12 administration server user 15 authentication entities 15 dsktune utility 37, 55, 62, 115 E express install defined 19 using 23 C configuration decisions 12 configuration directory administrator 15 configuration directory, defined 16 conventions, in this book 8 creating instances under the same server root 80 creating silent install files 68 custom install, defined 19 F fonts, in this book 8 G glossary of t
I O install.inf 68 installation components 11 configuration decisions 12 preparing for 11 process overview 19 new installations 19 requirements 33 installation directory, default 14 operating systems 33 L LDAP Data Interchange Format (LDIF) creating databases using 84 LDIF, See LDAP Data Interchange Format M migrating 4.x replicated sites 99 5.x MMR deployment 103 5.
perldap 79 slapd 75 silent install directives general 74 silent install files 68 silent install, defined 19 silent install, examples 69 typical install 70 silent install, using 67 styles, in this book 8 supported platforms 33 T terms, in this book 8, 123–138 typical install, defined 19 typical install, using on NT 29 on UNIX 25 U uninstalling the directory server 109 upgrade 20 defined 87 upgrading prerequisites for 106 user and groups to run servers as 14 user directory, defined 17 Index 141
Netscape Directory Server Installation Guide • December 2003