install.book Page 1 Wednesday, November 24, 2004 11:30 AM Installation Guide Netscape Directory Server Version 7.
install.book Page 2 Wednesday, November 24, 2004 11:30 AM Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.
install.book Page 3 Wednesday, November 24, 2004 11:30 AM Contents Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Prerequisite Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
install.book Page 4 Wednesday, November 24, 2004 11:30 AM 4 Chapter 2 Computer System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary of Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-bit Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64-bit Process . . . . . . . . . .
install.book Page 5 Wednesday, November 24, 2004 11:30 AM Chapter 4 Silent Installation and Instance Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Silent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing Silent Installation Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
install.book Page 6 Wednesday, November 24, 2004 11:30 AM Chapter 8 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Running dsktune . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Common Installation Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Glossary . .
install.book Page 7 Wednesday, November 24, 2004 11:30 AM About This Guide Welcome to Netscape Directory Server (Directory Server). This manual provides a high-level overview of design and planning decisions you need to make before installing the Directory Server and describes the different installation methods that you can use.
install.book Page 8 Wednesday, November 24, 2004 11:30 AM Conventions Used in This Guide • Directory Server Console — An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. The directory console is part of Netscape Console, the common management framework for Netscape servers. • SNMP Agent — Permits you to monitor your directory server in real time using the Simple Network Management Protocol (SNMP).
install.book Page 9 Wednesday, November 24, 2004 11:30 AM Related Information • All paths specified in this manual are in UNIX format. If you are using a Windows-based Directory Server, you should assume the equivalent file paths whenever UNIX file paths are shown in this guide. Related Information The document set for Directory Server also contains the following guides: • Netscape Directory Server Administrator’s Guide. Contains procedures for the day-to-day maintenance of your directory service.
install.book Page 10 Wednesday, November 24, 2004 11:30 AM Related Information For the latest information about Directory Server, including current release notes, complete product documentation, technical notes, and deployment information, check this site: http://enterprise.netscape.
install.book Page 11 Wednesday, November 24, 2004 11:30 AM Chapter 1 Preparing for a Directory Server Installation Before you begin installing Netscape Directory Server (Directory Server), you should have an understanding of the various Directory Server components and the design and configuration decisions you need to make.
install.book Page 12 Wednesday, November 24, 2004 11:30 AM Configuration Decisions • Netscape Administration Server — Administration Server is a common front-end to all Netscape servers. It receives communications from Netscape Console and passes those communications on to the appropriate Netscape server. Your site will have at least one administration server for each server root in which you have installed a Netscape server. • Directory Server — Directory Server is Netscape’s LDAP implementation.
install.book Page 13 Wednesday, November 24, 2004 11:30 AM Configuration Decisions Choosing Unique Port Numbers Port numbers can be any number from 1 to 65535. Keep the following in mind when choosing a port number for your Directory Server: • The standard Directory Server (LDAP) port number is 389. • Port 636 is reserved from LDAP over SSL. Therefore, do not use port number 636 for your standard LDAP installation, even if 636 is not already in use.
install.book Page 14 Wednesday, November 24, 2004 11:30 AM Configuration Decisions By default, the server root directory is one of the following: • /usr/netscape/servers (on UNIX systems) • c:\netscape\servers (on Windows systems) Deciding the User and Group for Your Netscape Servers (UNIX only) For security reasons, it is always best to run UNIX-based production servers with normal user privileges. That is, you do not want to run Directory Server with root privileges.
install.book Page 15 Wednesday, November 24, 2004 11:30 AM Configuration Decisions Defining Authentication Entities As you install Directory Server and Administration Server, you will be asked for various user names, distinguished names (DN), and passwords. This list of login and bind entities will differ depending on the type of installation that you are performing: • Directory Manager DN and password. The Directory Manager DN is the special directory entry to which access control does not apply.
install.book Page 16 Wednesday, November 24, 2004 11:30 AM Configuration Decisions Normally, Administration Server user and password should be identical to the configuration directory administrator ID and password. Determining Your Directory Suffix A directory suffix is the directory entry that represents the first entry in a directory tree. You will need at least one directory suffix for the tree that will contain your enterprise’s data.
install.book Page 17 Wednesday, November 24, 2004 11:30 AM Configuration Decisions Because the configuration directory normally experiences very little traffic, you can allow its server instance to coexist on a machine with another more heavily loaded Directory Server instance. However, for very large sites that are installing a large number of Netscape servers, you may want to dedicate a low-end machine to the configuration directory so as not to hurt the performance of your other production servers.
install.book Page 18 Wednesday, November 24, 2004 11:30 AM Configuration Decisions Between your user directory and your configuration directory, it is your user directory that will receive the overwhelming percentage of the directory traffic. For this reason, you should give the user directory the greatest computing resources. Because the configuration directory should receive very little traffic, it can be installed on a machine with very low-end resources (such as a minimally-equipped Pentium).
install.book Page 19 Wednesday, November 24, 2004 11:30 AM Installation Process Overview For many installations, you can have just one administration domain. In this case, choose a name that is representative of your organization. For other installations, you may want different domains because of the demands at your site. In the latter case, try to name your administration domains after the organizations that will control the servers in that domain.
install.book Page 20 Wednesday, November 24, 2004 11:30 AM Installation Process Overview Beyond determining which type of installation process you will use, the process for installing Directory Server is as follows: 1. Plan your directory service. By planning your directory tree in advance, you can design a service that is easy to manage and easy to scale as your organization grows. For guidance on planning your directory service, refer to the Netscape Directory Server Deployment Guide. 2.
install.book Page 21 Wednesday, November 24, 2004 11:30 AM Installation Privileges On Windows, unzip the product binaries. Starting the slapd Process (Unix Only) On UNIX systems, you will need to write an rc script to start the slapd process, as it does not start automatically when the system boots. Installation Privileges On UNIX you must install as root if you choose to run the server on a port below 1024, such as the default LDAP ports: 389 and 636 (LDAP over SSL).
install.
install.book Page 23 Wednesday, November 24, 2004 11:30 AM Chapter 2 Computer System Requirements Before you can install Netscape Directory Server (Directory Server), you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements. Directory Server 7.
install.book Page 24 Wednesday, November 24, 2004 11:30 AM Summary of Supported Platforms Before you install Directory Server, check the required patches and kernel parameter settings, as described in the sections that follow. Also, ensure that DNS is properly configured on the system and that the system has a static IP address. 32-bit Process Table 2-1 Supported Platforms - 32-bit Microsoft Windows® Platform Requirements OS Version Windows 2000 Advanced Server with Service Pack 4.
install.book Page 25 Wednesday, November 24, 2004 11:30 AM Summary of Supported Platforms Supported Platforms - 32-bit (Continued) Table 2-1 Other Requirements You must install as root in order to use well-known port numbers (such as 389) that are less than 1024. If you do not plan to use port numbers less than 1024, you do not need to install as root. If you plan to run as root, you should also install as root and specify nobody as the default run-as user and group.
install.book Page 26 Wednesday, November 24, 2004 11:30 AM Hardware Requirements Table 2-2 Supported Platforms - 64-bit HP-UX® Platform Requirements Storage Space/Hard Disk Approximately 300Mbyte of disk space for a minimal installation. For production systems, you should plan at least 2Gbyte to support the product binaries, databases, and log files (log files require 1Gbyte by default); 4Gbyte and greater may be required for very large directories.
install.book Page 27 Wednesday, November 24, 2004 11:30 AM Operating System Requirements • Roughly 200Mbyte of disk space for a minimal installation. For production systems, you should plan at least 2Gbyte to support the product binaries, databases, and log files (log files require 1Gbyte by default); 4Gbyte and greater may be required for very large directories. • 256Mbyte of RAM. However, you should plan for 1Gbyte of RAM for best performance on large production systems.
install.book Page 28 Wednesday, November 24, 2004 11:30 AM Operating System Requirements dsktune Utility For UNIX platforms, Directory Server provides a utility named dsktune that can help you verify whether you have the appropriate patches installed on your system. The utility also provides useful information and advice on how to tune your kernel parameters for best performance.
install.book Page 29 Wednesday, November 24, 2004 11:30 AM Operating System Requirements Download drive: 120Mbyte Installation drive: 2Gbyte Verifying Required System Modules Directory Server is not supported on HP-UX 10 or earlier versions. The minimum system module required is HP-UX 11. Directory Server may only be used on a 64-bit HP-UX 11 environment as a 64-bit process and may contain up to 8Gbytes of process memory.
install.book Page 30 Wednesday, November 24, 2004 11:30 AM Operating System Requirements • Run the dsktune utility to see if you need to install any other patches. The utility helps you to verify whether you have the appropriate patches installed on your system and provides useful information and advice on how to tune your kernel parameters for best performance. For information on the dsktune utility, see “dsktune Utility,” on page 28.
install.book Page 31 Wednesday, November 24, 2004 11:30 AM Operating System Requirements Installing Third-Party Utilities You will need the gunzip utility to unpack the Directory Server software. The GNU gzip and gunzip programs are described in more detail at http://www.gnu.org/software/gzip/gzip.html and can be obtained from many software distribution sites. You may need Adobe Acrobat Reader to read the documentation. If you do not have it installed, you can download it from http://www.adobe.
install.book Page 32 Wednesday, November 24, 2004 11:30 AM Operating System Requirements No other network functions should be provided by this computer. The computer should not be a dual-booting system or run other operating systems. At a minimum, the computer system should have at least 256Mbyte of RAM, 2Gbyte of disk, a Pentium 3 or later processor, and a 100 MBps Ethernet connection. Ensure that you have sufficient disk space before downloading the software.
install.book Page 33 Wednesday, November 24, 2004 11:30 AM Operating System Requirements To edit the server configuration file, you will need a text editor that is capable of handling large text files (Notepad and Wordpad are not suitable). If you are already familiar with Emacs text editor on UNIX, a port to Windows can be downloaded from ftp://ftp.cs.washington.edu/pub/ntemacs/. There are many other shareware and commercial text editors available.
install.book Page 34 Wednesday, November 24, 2004 11:30 AM Operating System Requirements It is recommended that you set the LargeSystemCache registry key to 0 to limit the growth of system cache. The LargeSystemCache has a default value of 1, which is not suitable for applications such as Directory Server, which do caching internally. Also, if there will be a lot of connections from clients, change the following: • tcp_time_wait_interval from its default value, which is 240 seconds, to 60 seconds.
install.book Page 35 Wednesday, November 24, 2004 11:30 AM Operating System Requirements Verifying Required System Modules Directory Server is certified to work on: • The Intel Pentium series processors [i686]. • The default kernel/glibc revisions that comes along with Red Hat Linux Advanced Server 3 and the other kernel revisions with their corresponding glibc revisions as mentioned below. ❍ ❍ ❍ • Default kernel - kernel-2.4.21-3.EL Kernel used for certification - kernel 2.4.21-4.
install.book Page 36 Wednesday, November 24, 2004 11:30 AM Operating System Requirements Tuning the System This section contains some basic system tuning information. Keep in mind that changing any of the following kernel-tuning parameters requires a system reboot. • NFS Tuning — This tuning is recommended if you are using Directory Server to write to NFS mounted drives. On Linux, NFS is typically recommended to be done over TCP and not over UDP. Make the following change to the /etc/rc.d/init.
install.
install.book Page 38 Wednesday, November 24, 2004 11:30 AM Operating System Requirements Installing Patches You must use Solaris 9 with the Sun recommended patches. The Sun recommended patch clusters can be obtained from your Solaris support representative or from the http://sunsolve.sun.com site. Solaris patches are identified by two numbers; for example, 112233-04. The first number (112233) identifies the patch itself.
install.book Page 39 Wednesday, November 24, 2004 11:30 AM Operating System Requirements Table 2-3 Solaris 9 Patch List (Continued) 113033-04: SunOS 5.9: patch /kernel/drv/isp and /kernel/drv/sparcv9/isp 112601-09: SunOS 5.9: PGX32 Graphics 113923-02: X11 6.6.1: security font server Patch 112817-18: SunOS 5.9: Sun GigaSwift Ethernet 1.0 driver Patch 113718-02: SunOS 5.9: usr/lib/utmp_update Patch 114135-01: SunOS 5.9: at utility Patch 112834-04: SunOS 5.9: patch scsi 112907-03: SunOS 5.
install.book Page 40 Wednesday, November 24, 2004 11:30 AM Operating System Requirements CAUTION This parameter should not be raised above 4096 without first consulting your Sun Solaris support representative since it may affect the stability of the system. You should also set the soft limit for file descriptors: ulimit -n in csh limit desc 1024 Use the dsktune utility (see “dsktune Utility,” on page 28) to check about the hard and soft limits for file descriptors.
install.book Page 41 Wednesday, November 24, 2004 11:30 AM Operating System Requirements The tcp_smallest_anon_port controls the number of simultaneous connections that can be made to the server. When rlim_fd_max has been increased to above 4096, this value should be decreased by adding a line to the /etc/init.
install.
install.book Page 43 Wednesday, November 24, 2004 11:30 AM Chapter 3 Using Express and Typical Installation This chapter describes how to perform basic installation activities. This chapter contains the following sections: • Using Express Installation (page 43) • Using Typical Installation (page 45) Using Express Installation Use express installation if you are installing Directory Server to evaluate or test the product.
install.book Page 44 Wednesday, November 24, 2004 11:30 AM Using Express Installation On a Windows system, unzip the product binaries. 5. Run the setup program. You can find it in the directory in which you untarred or unzipped the binary files. On a UNIX system, issue the following command: ./setup Select “yes” to continue with installation, then select “yes” to agree to the license. 6. When you are asked what you would like to install, select the default, Netscape Servers. 7.
install.book Page 45 Wednesday, November 24, 2004 11:30 AM Using Typical Installation ❍ o=NetscapeRoot Do not modify the contents of the directory under the o=NetscapeRoot suffix. Either create data under the first suffix or create a new suffix to be used for this purpose. For details on how to create new suffixes for your Directory Server, see the Netscape Directory Server Administrator’s Guide.
install.book Page 46 Wednesday, November 24, 2004 11:30 AM Using Typical Installation 7. Next, the setup program asks you if you agree to the license terms. Press y to agree with the license terms. 8. When you are asked what you would like to install, press Enter to select the default, Netscape Servers. 9. When you are asked what type of installation you would like to perform, press Enter to select the default, Typical Installation. 10.
install.book Page 47 Wednesday, November 24, 2004 11:30 AM Using Typical Installation CAUTION The default hostname may be incorrect if the installer cannot locate a DNS name in your system. For example, you might not have a DNS name if your system uses NIS. The hostname must be a fully qualified host and domain name. If the default hostname is not a fully qualified host and domain name, installation will fail.
install.book Page 48 Wednesday, November 24, 2004 11:30 AM Using Typical Installation 23. For configuration directory administrator ID and password, enter the name and password that you will log in as when you want to authenticate to the console with full privileges. 24. For a directory suffix, enter a distinguished name (DN) meaningful to your enterprise. This string is used to form the name of all your organization’s directory entries.
install.book Page 49 Wednesday, November 24, 2004 11:30 AM Using Typical Installation 29. For the user you want to run Administration Server as, enter root. This is the default. For information on why you should run Administration Server as root, see “Deciding the User and Group for Your Netscape Servers (UNIX only),” on page 14. The server is then unpackaged, minimally configured, and started. You are told on what host and port number Administration Server is listening.
install.book Page 50 Wednesday, November 24, 2004 11:30 AM Using Typical Installation 7. For configuration directory, select the default if this directory will host your o=NetscapeRoot tree. Otherwise, enter the appropriate contact information for the configuration directory. If this Directory Server instance is not the configuration directory, then the configuration directory must exist and be running before you can continue this installation. 8.
install.book Page 51 Wednesday, November 24, 2004 11:30 AM Using Typical Installation 14. For Directory Manager DN, enter the DN that you will use when managing the contents of your directory with unlimited privileges. NOTE Any DN must be entered in the UTF-8 character set encoding. Older encodings such as ISO-8859-1 are not supported. In former releases of Directory Server, the Directory Manager was known as the root DN.
install.
install.book Page 53 Wednesday, November 24, 2004 11:30 AM Chapter 4 Silent Installation and Instance Creation Silent installation allows you to use a file to predefine all the answers that you would normally supply to the setup program interactively; this provides you with the ability to script the installation of multiple instances of Netscape Directory Server (Directory Server).
install.book Page 54 Wednesday, November 24, 2004 11:30 AM Using Silent Installation 2. Create a new directory: # mkdir ds # cd ds 3. If you have not already done so, download the product binaries file to the installation directory. 4. On Windows machines, unzip the product binaries. On UNIX, unpack the product binaries file using the following command: # gunzip -dc filename.tar.gz | tar -xvof- where filename corresponds to the product binaries file that you want to unpack. 5.
install.book Page 55 Wednesday, November 24, 2004 11:30 AM Using Silent Installation You will have to make some modifications to this file before you use it. Specifically, ensure that you have done the following: • FullMachineName — Set this directive to a value that is appropriate for the machine on which Directory Server will be installed if it’s not to be the local machine. In most circumstances, it is best not to use this directive because FullMachineName will then default to the local host name.
install.book Page 56 Wednesday, November 24, 2004 11:30 AM Using Silent Installation • Sample File for Installing the Standalone Netscape Console You can find a definition of the individual installation directives in "Specifying Silent Installation Directives‚" on page 59. NOTE The silent.inf file provided with the Directory Server is merely a template, an example of how to write your own.
install.book Page 57 Wednesday, November 24, 2004 11:30 AM Using Silent Installation Components= slapd,slapd-client [admin] SysUser= root Port= 23611 ServerIpAddress= 111.11.11.11 ServerAdminID= admin ServerAdminPwd= admin Components= admin,admin-client [base] Components= base,base-client,base-jre [nsperl] Components= nsperl561 [perldap] Components= perldap14 Sample File for Using an Existing Configuration Directory The following is an example of the install.
install.book Page 58 Wednesday, November 24, 2004 11:30 AM Using Silent Installation UseReplication= No AddSampleEntries= No InstallLdifFile= suggest AddOrgEntries= Yes DisableSchemaChecking= No RootDNPwd= admin123 Components= slapd,slapd-client [admin] SysUser= root Port= 33646 ServerIpAddress= 111.11.11.
install.book Page 59 Wednesday, November 24, 2004 11:30 AM Using Silent Installation Specifying Silent Installation Directives This section describes the basic format of the file used for silent installation. It then describes the directives that are available for each area of the silent installation file.
install.book Page 60 Wednesday, November 24, 2004 11:30 AM Using Silent Installation [General] Installation Directives [General] installation directives specify information of global interest to the Netscape servers installed at your site. That is, the information you provide here will be common to all your Netscape servers. The [General] installation directives are listed in Table 4-1. Table 4-1 [General] Installation Directives Directive Description Components Specifies components to be installed.
install.book Page 61 Wednesday, November 24, 2004 11:30 AM Using Silent Installation Table 4-1 [General] Installation Directives (Continued) Directive Description ConfigDirectoryLdapURL Specifies the LDAP URL that is used to connect to your configuration directory. LDAP URLs are described in the Netscape Directory Server Administrator’s Guide. This directive is required. AdminDomain Specifies the administration domain under which this server will be registered.
install.book Page 62 Wednesday, November 24, 2004 11:30 AM Using Silent Installation Table 4-2 Required and Optional [slapd] Installation Directives Required Directive Description Components Specifies the slapd components to be installed. The components are: • slapd — Install Directory Server. • slapd-client — Install Directory Server Console. This directive is required. It is recommended that you always install both components any time you install the Directory Server.
install.book Page 63 Wednesday, November 24, 2004 11:30 AM Using Silent Installation Table 4-2 Required and Optional [slapd] Installation Directives (Continued) Required Directive Description AddOrgEntries If set to yes, this directive causes the new Directory Server instance to be created with a suggested directory structure and access control. If this directive is used and InstallLdifFile is also used, then this directive has no effect. Default is no.
install.book Page 64 Wednesday, November 24, 2004 11:30 AM Using Silent Installation Table 4-3 [admin] Installation Directives (Continued) Directive Description Port Specifies the port that the Administration Server will use. Note that the Administration Server’s host name is given by the FullMachineName directive. For more information on FullMachineName, see Table 4-1.
install.book Page 65 Wednesday, November 24, 2004 11:30 AM Using Silent Instance Creation [nsperl] Installation Directives There is only one [nsperl] installation directive and it allows you to determine whether nsPerl is to be installed. Table 4-5 lists the directive. Table 4-5 [nsperl] Installation Directive Directive Description Components Specifies whether nsperl that is bundled with Directory Server is to be installed.
install.book Page 66 Wednesday, November 24, 2004 11:30 AM Using Silent Instance Creation Because all instances of Directory Server under a server root use the same Administration Server, the instance creation process does not install Administration Server binaries; you cannot create two instances of Administration Server in one server root. Having multiple instances in a single server root is useful for testing and for when one host is used for multiple purposes.
install.
install.
install.book Page 69 Wednesday, November 24, 2004 11:30 AM Chapter 5 Post Installation This chapter describes the post-installation procedures for launching the online help and populating the directory tree. This chapter has the following sections: • Launching the Help System (page 69) • Populating the Directory Tree (page 70) Launching the Help System The help system for Directory Server is dependent upon Netscape Administration Server.
install.book Page 70 Wednesday, November 24, 2004 11:30 AM Populating the Directory Tree 5. Restart Administration Server. You can now launch the online help by clicking any of the Help buttons in the Directory Server Console. Proxy authorized on Administration Server. If you use proxies for your HTTP connections on the client machine running Directory Server Console, you need to do one of the following: 1. Remove proxies on the machine running Directory Server Console.
install.book Page 71 Wednesday, November 24, 2004 11:30 AM Populating the Directory Tree • Start your Directory Server with an empty database and import data over LDAP — This method requires you to populate your directory using an LDAP client such as Directory Server Gateway or the ldapmodify command-line utility. Use this method if you have just a few entries to add at a time. For information on setting up the Directory Server Gateway, check the Netscape Directory Server Gateway Customization Guide.
install.
install.book Page 73 Wednesday, November 24, 2004 11:30 AM Chapter 6 Migrating from Previous Versions If you have a previous installation of Directory Server, depending on its version, you can migrate or upgrade to Netscape Directory Server 7.x. Migration refers to the process of moving Directory Server 6.x files to Directory Server 7.x. Upgrade refers to the process of updating Directory Server files; upgrade to Directory Server 7.0 is not supported.
install.book Page 74 Wednesday, November 24, 2004 11:30 AM Migration Prerequisites • Creates a database for each suffix stored in the legacy Directory Server. (In current releases of Directory Server, you can have multiple databases but just one suffix per database.) • Checks if any database exists and, if it does, gives you the option to save the database (by exporting it to a file), skip the database, or overwrite the database. • Migrates the server parameters and database parameters.
install.book Page 75 Wednesday, November 24, 2004 11:30 AM Migration Procedure • If you want to continue to run your legacy Directory Server, when you install the new Directory Server, choose different ports for LDAP traffic and for secured connections than the ones used by your legacy Directory Server.
install.book Page 76 Wednesday, November 24, 2004 11:30 AM Migration Procedure • Read sections "Migration Overview‚" on page 73, and "Migration Prerequisites‚" on page 74. • The migration script will automatically back up your Directory Server configuration if it’s in the default location. ❍ ❍ If you are migrating from Directory Server 6.
install.book Page 77 Wednesday, November 24, 2004 11:30 AM Migration Procedure 3. Run the migration script. As root user (on UNIX) or administrator (on Windows), change directory to serverRoot/bin/slapd/admin/bin.
install.book Page 78 Wednesday, November 24, 2004 11:30 AM Migration Procedure 4. Follow the prompts. For example, if you’re prompted to provide a path and filename for your backup directory, enter one or accept the default. The migration process starts. At the end of migration, your legacy Directory Server is migrated. Additionally, as a result of this migration, a new Directory Server 7.
install.book Page 79 Wednesday, November 24, 2004 11:30 AM Migration Procedure Backup /export/home/jdoe/70-latest/slapd-bart/config on /export/home/jdoe/70-latest/slapd-bart/config_backup ... Where do you want to back up your configuration directory [/export/home/jdoe/70-latest/slapd-bart/config_backup] ? Migrate the schema... Connected to 7.0 LDAP server ------------------------------------------------------------------------Parse the old DSE ldif file: /export/home/jdoe/611-latest/slapd-bart/config/dse.
install.
install.
install.book Page 82 Wednesday, November 24, 2004 11:30 AM Migration Procedure Migrate replicas... ------------------------------------------------------------------------Migrate replication agreements... ------------------------------------------------------------------------Migrate key/cert databases... ------------------------------------------------------------------------Migrate Certmap.conf... Where do you want to back up the file /export/home/jdoe/611-latest/shared/config/certmap.
install.book Page 83 Wednesday, November 24, 2004 11:30 AM Migration Procedure [12/Jun/2002:10:33:40 -0700] - import backend1: Cleaning up producer thread... [12/Jun/2002:10:33:40 -0700] - import backend1: Indexing complete. Post-processing... [12/Jun/2002:10:33:40 -0700] - import backend1: Flushing caches... [12/Jun/2002:10:33:40 -0700] - import backend1: Closing files... [12/Jun/2002:10:33:40 -0700] - import backend1: Import complete. Processed 3 entries in 3 seconds. (1.
install.book Page 84 Wednesday, November 24, 2004 11:30 AM Migration Procedure ***** Migrate MultiplexorBindDN entries... ****** End of migration ****** Migrating a 6.x Replicated Site If you are upgrading from Directory Server 6.x to Directory Server 7.x, your replication configuration is automatically migrated when you run the migrateInstance7 script. To migrate a 6.x replicated site: 1. Stop your Directory Server 6.x. 2. Install Directory Server 7.x. 3.
install.book Page 85 Wednesday, November 24, 2004 11:30 AM Migration Procedure The migration process can be summarized into these steps: 1. Stop directory writes on both suppliers. It is imperative that there are no entries being written or changed on the suppliers during the migration. After both the suppliers are migrated, writes can resume. 2. After stopping provisioning, make sure all changes have been replicated from the server to migrate to all of its consumers.
install.book Page 86 Wednesday, November 24, 2004 11:30 AM Migration Procedure 5. Once your supplier is migrated, test replication to make sure that it is working correctly. 6. After you finish this process for the first supplier, repeat the steps for the other suppliers. You may wish to set up multi-master replication for o=NetscapeRoot between the instances on the suppliers. Hub Migration To migrate a 6.x hub: 1. Stop your Directory Server 6.x. 2. Install Directory Server 7.
install.book Page 87 Wednesday, November 24, 2004 11:30 AM Migration Procedure Managing Console Failover If you have a multi-master installation with o=NetscapeRoot replicated between your two suppliers, server1 and server2, you can modify the Console on the second server (server2) so that it uses server2’s instance instead of server1’s. (By default, writes with server2’s Console would be made to server1 then replicated over.) To accomplish this, you must: 1.
install.book Page 88 Wednesday, November 24, 2004 11:30 AM Migration Procedure Migrating a Single Instance 1. Archive the old Directory Server installation. 2. Create a data directory, and export all data to LDIF files in that directory by running the db2ldif.pl -r option: nsperl db2ldif.pl -D "cn=Directory Manager" -w secret -p 389 -n userroot -r -a c:\data\userroot.ldif -s "dc=example,dc=com" Do this separately for each instance of the old Directory Server.
install.book Page 89 Wednesday, November 24, 2004 11:30 AM Migration Procedure replication agreement and use the Connection tab to change the password. After you change the password, replication will automatically resume with no need for a reinitialization. The password does not need to be reconfigured in the Replication Manager entry in dse.ldif. NOTE You must import your database LDIF files at the time of migration using the -d option.
install.book Page 90 Wednesday, November 24, 2004 11:30 AM Migration Procedure To migrate a Windows hub: 1. Archive the old Directory Server installation. 2. Create a data directory, and export all data to LDIF files in that directory by running the db2ldif -r option. Do this separately for each instance of the old Directory Server. The data directory should contain one LDIF file for each backend; for example, userRoot.ldif, exampleRoot.ldif, and so on. 3. Uninstall the old Directory Server. 4.
install.book Page 91 Wednesday, November 24, 2004 11:30 AM Chapter 7 Uninstalling Directory Server You may need to remove an instance of Netscape Directory Server (Directory Server) or uninstall the entire server altogether. The Directory Server provides a utility that enables you to uninstall the software as a whole or to remove selected components.
install.book Page 92 Wednesday, November 24, 2004 11:30 AM Uninstalling Directory Server 3. From the Object menu, select Stop; you can also right-click to choose this option from the pop-up menu. 4. When the server has stopped, go to the Object menu, and choose Remove Server. You can also right-click to choose this option from the pop-up menu. 5. When prompted, confirm that you want to remove the server instance.
install.book Page 93 Wednesday, November 24, 2004 11:30 AM Uninstalling Directory Server 4. Select the default, All, to remove all components of Directory Server. Alternately, you may choose to remove individual components by selecting them from the list that appears on the screen: 5.
install.book Page 94 Wednesday, November 24, 2004 11:30 AM Uninstalling Directory Server 3. Locate and double-click the uninstallation utility, uninst.exe. The Netscape Uninstall window appears, showing a list of components: 4. ❍ Administration Services ❍ Netscape Directory Suite ❍ Server Core Components ❍ nsPerl ❍ PerLDAP Select the components you want to remove, and click Uninstall. To remove specific subcomponents, select the component, and click Sub Components.
install.book Page 95 Wednesday, November 24, 2004 11:30 AM Uninstalling Directory Server 3. Locate and select the entry for Netscape Directory Server. The entry is in the form Netscape Server Products version_number server_root, where version_number is your Directory Server’s version number and server_root is your Directory Server’s installation directory. 4. Click Add/Remove. The Netscape Uninstall window appears, showing a list of components: 5.
install.
install.book Page 97 Wednesday, November 24, 2004 11:30 AM Chapter 8 Troubleshooting This chapter describes the most common installation problems and how to solve them. It also provides some tips on checking patch levels and kernel parameter settings for your system.
install.book Page 98 Wednesday, November 24, 2004 11:30 AM Running dsktune The following is an example of output that dsktune generates. dsktune does not itself make any changes to the system. Netscape Directory Server system tuning analysis version 15-MAY-2003. NOTICE : System is usparc-SUNW,Ultra-5_10-solaris5.8_s28s_u7wos_08a (1 processor). ERROR : Patch 108528-18 is present, but 108528-19 (Feb/21/2003: SunOS 5.8: kernel update patch) is a more recent version.
install.book Page 99 Wednesday, November 24, 2004 11:30 AM Running dsktune ERROR : Patch 110934-10 is present, but 110934-11 (Feb/20/2003: SunOS 5.8: pkgtrans, pkgadd, pkgchk and libpkg.a patch) is a more recent version. ERROR : Patch 111874-05 is present, but 111874-06 (Jan/23/2003: SunOS 5.8: usr/bin/mail patch) is a more recent version. ERROR : Patch 111879-01 (Aug/27/2001: SunOS 5.8: Solaris Product Registry patch SUNWwsr) is required but not installed.
install.book Page 100 Wednesday, November 24, 2004 11:30 AM Running dsktune NOTICE : The NDD tcp_rexmit_interval_initial is currently set to 3000 milliseconds (3 seconds). This may cause packet loss for clients on Solaris 2.5.1 due to a bug in that version of Solaris. If the clients are not using Solaris 2.5.1, no problems should occur. NOTICE : If the directory service is intended only for LAN or private high-speed WAN environment, this interval can be reduced by adding to /etc/init.
install.book Page 101 Wednesday, November 24, 2004 11:30 AM Common Installation Problems WARNING: There are only 256 file descriptors (soft limit) available, which limit the number of simultaneous connections. Additional file descriptors, up to 1024 (hard limit), are available by issuing 'ulimit' ('limit' for tcsh) command with proper arguments. ulimit -n 4096 ERROR : The above errors MUST be corrected before proceeding. Common Installation Problems Clients cannot locate the server.
install.book Page 102 Wednesday, November 24, 2004 11:30 AM Common Installation Problems 5. Next to the label “Primary DNS Suffix of this computer,” enter the appropriate domain name. The port is in use. You probably did not shut down a server before you upgraded it. Shut down the old server, then manually start the upgraded one. Another installed server might be using the port. Make sure the port you have chosen is not already being used by another server.
install.book Page 103 Wednesday, November 24, 2004 11:30 AM Common Installation Problems [18/Jun/2002:10:56:39] failure ( 4322): Configuration initialization failed: Error running init function load-modules: dlopen of /export/dstest/bin/https/lib/libNSServletPlugin.so failed (libstdc++-libc6.1-1.so.2: cannot open shared object file: No such file or directory) For more information on RPM, check the JRE’s release notes at this URL: http://java.sun.com/j2se/1.4/install-linux.
install.book Page 104 Wednesday, November 24, 2004 11:30 AM Common Installation Problems system TEMP directory. On UNIX, this directory is usually /tmp or /var/tmp. On Windows, check the system properties to see the value assigned to the TEMP environment variable (alternatively, you can open a command window and type echo %TEMP%).
install.book Page 105 Wednesday, November 24, 2004 11:30 AM Glossary access control instruction See ACI. ACI Also Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list See ACL. ACL Also Access Control List. The mechanism for controlling access to your directory. access rights In the context of access control, specify the level of access granted or denied.
install.book Page 106 Wednesday, November 24, 2004 11:30 AM attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list A list of required and optional attributes for a given entry type or object class.
install.book Page 107 Wednesday, November 24, 2004 11:30 AM browser Software, such as Netscape Navigator, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server. browsing index Also virtual view index. Speeds up the display of entries in the Directory Server Console. Browsing indexes can be created on any branchpoint in the directory tree to improve display performance. CA See Certificate Authority.
install.book Page 108 Wednesday, November 24, 2004 11:30 AM CIR See consumer-initiated replication. class definition Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory. class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes. client See LDAP client.
install.book Page 109 Wednesday, November 24, 2004 11:30 AM DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory. data master The server that is the master source of a particular piece of data. database link An implementation of chaining. The database link behaves like a database but has no persistent storage. Instead, it points to data stored remotely. default index One of a set of default indexes created per database instance.
install.book Page 110 Wednesday, November 24, 2004 11:30 AM DNS alias A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as www.yourdomain.domain might point to a real machine called realthing.yourdomain.domain where the server currently exists. See Directory Server Gateway.
install.book Page 111 Wednesday, November 24, 2004 11:30 AM hostname A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, www.example.com is the machine www in the subdomain example and com domain. HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web.
install.book Page 112 Wednesday, November 24, 2004 11:30 AM knowledge reference databases. Pointers to directory information stored in different LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms. LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format. LDAP client Software used to request and view LDAP entries from an LDAP Directory Server. See also browser.
install.book Page 113 Wednesday, November 24, 2004 11:30 AM mapping tree A data structure that associates the names of suffixes (subtrees) with databases. master agent See SNMP master agent. matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. MD5 A message digest algorithm by RSA Data Security, Inc.
install.book Page 114 Wednesday, November 24, 2004 11:30 AM nested role Allows the creation of roles that contain other roles. network management application Network Management Station component that graphically displays information about SNMP managed devices (which device is up or down, which and how many error messages were received, etc.). network management station See NMS. NIS Network Information Service.
install.book Page 115 Wednesday, November 24, 2004 11:30 AM password file A file on Unix machines that stores Unix user login names, passwords, and user ID numbers. It is also known as /etc/passwd because of where it is kept. A set of rules that governs how passwords are used in a given password policy directory. permission In the context of access control, permission states whether access to the directory information is granted or denied and the level of access that is granted or denied.
install.book Page 116 Wednesday, November 24, 2004 11:30 AM RAM Random access memory. The physical semiconductor-based memory in a computer. Information stored in RAM is lost when the computer is shut down. rc.local A file on Unix machines that describes programs that are run when the machine starts. It is also called /etc/rc.local because of its location. RDN Also Relative Distinguished Name.
install.book Page 117 Wednesday, November 24, 2004 11:30 AM role An entry grouping mechanism. Each role has members, which are the entries that possess the role. role-based attributes Attributes that appear on an entry because it possesses a particular role within an associated CoS template. root The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine. root suffix The parent of one or more sub suffixes.
install.book Page 118 Wednesday, November 24, 2004 11:30 AM service A background process on a Windows machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning. SIE Server Instance Entry. The ID assigned to an instance of Directory Server during installation. Simple Authentication and Security Layer Simple Network Management Protocol See SASL. See SNMP.
install.book Page 119 Wednesday, November 24, 2004 11:30 AM suffix The name of the entry at the top of the directory tree, below which data is stored. Multiple suffixes are possible within the same directory. Each database only has one suffix. superuser The most privileged user available on Unix machines. The superuser has complete access privileges to all files on the machine. Also called root.
install.book Page 120 Wednesday, November 24, 2004 11:30 AM uid A unique number associated with each user on a Unix system. URL Uniform Resource Locator. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is protocol://machine:port/document. The port number is necessary only on selected servers, and it is often assigned by the server, freeing the user of having to place it in the URL.
install.
install.book Page 122 Wednesday, November 24, 2004 11:30 AM I O install.inf 54 installation components 11 configuration decisions 12 preparing for 11 process overview 19 new installations 19 requirements 23 installation directory, default 14 operating systems 23 L LDAP Data Interchange Format (LDIF) creating databases using 70 LDIF, See LDAP Data Interchange Format M migrating 5.x MMR deployment 84 5.
install.
install.