Page 1: Installation Guide
Installation Guide Netscape Directory Server Version 6.01 March 2002...
Page 2 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.
Page 3: Table Of Contents
Contents About This Guide ............. . . 7 Prerequisite Reading .
Page 4 Verifying Required System Modules ..........24 Installing Patches .
Page 5 Installing the Stand-Alone Netscape Console ..........60 Installation Directives .
Page 6 Netscape Directory Server Installation Guide • March 2002...
Page 7: About This Guide
About This Guide Welcome to Netscape Directory Server (Directory Server). This manual provides a high-level overview of design and planning decisions you need to make before installing the Directory Server, and describes the different installation methods that you can use. This preface contains the following sections: •...
Page 8: Conventions Used In This Guide
Conventions Used In This Guide • Directory Server Console—An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. The directory console is part of Netscape Console, the common management framework for Netscape servers. •...
Page 9: Related Information
Related Information Related Information The document set for Directory Server also contains the following guides: • Netscape Directory Server Administrator’s Guide. Contains procedures for the day-to-day maintenance of your directory service. Includes information on configuring server-side plug-ins. • Netscape Directory Server Deployment Guide. Contains procedures for the day-to-day maintenance of your directory service.
Page 10 Related Information Netscape Directory Server Installation Guide • March 2002...
Page 11: Chapter 1 Preparing For A Directory Server Installation
Chapter 1 Preparing for a Directory Server Installation Before you begin installing Netscape Directory Server (Directory Server), you should have an understanding of the various Directory Server components and the design and configuration decisions you need to make. To help you prepare for your Directory Server installation, you should be familiar with the concepts contained in the following sections: •...
Page 12: Configuration Decisions
Configuration Decisions • Netscape Administration Server—Administration Server is a common front-end to all Netscape servers. It receives communications from Netscape Console and passes those communications on to the appropriate Netscape server. Your site will have at least one Administration Server for each server root in which you have installed an Netscape server.
Page 13: Choosing Unique Port Numbers
Configuration Decisions Choosing Unique Port Numbers Port numbers can be any number from 1 to 65535. Keep the following in mind when choosing a port number for your Directory Server: • The standard Directory Server (LDAP) port number is 389. •...
Page 14: Deciding The User And Group For Your Netscape Servers (Unix Only)
Configuration Decisions By default, the server root directory is one of the following: • (on UNIX systems) /usr/netscape/servers • (on Windows NT and Windows 2000 systems) c:\netscape\servers Deciding the User and Group for Your Netscape Servers (UNIX only) For security reasons, it is always best to run UNIX-based production servers with normal user privileges.
Page 15: Defining Authentication Entities
Configuration Decisions Defining Authentication Entities As you install Directory Server and Administration Server, you will be asked for various user names, distinguished names (DN), and passwords. This list of login and bind entities will differ depending on the type of installation that you are performing: •...
Page 16: Determining Your Directory Suffix
Configuration Decisions Normally, Administration Server user and password should be identical to the configuration directory administrator ID and password. Determining Your Directory Suffix A directory suffix is the directory entry that represents the first entry in a directory tree. You will need at least one directory suffix for the tree that will contain your enterprise’s data.
Page 17: Determining The Location Of The User Directory
Configuration Decisions configuration directory so as to not hurt the performance of your other production servers. Netscape server installations result in write activities to the configuration directory. For large enough sites, this write activity could result in a short-term performance hit to your other directory activities. Also, as with any directory installation, consider replicating the configuration directory to increase availability and reliability.
Page 18: Determining The Administration Domain
Configuration Decisions Also, you should use the default directory ports (389 and 636) for the user directory. If your configuration directory is managed by a server instance dedicated to that purpose, you should use some non-standard port for the configuration directory. You cannot install a user directory until you have installed a configuration directory somewhere on your network.
Page 19: Installation Process Overview
Installation Process Overview Installation Process Overview You can use one of several installation processes to install Directory Server. Each one guides you through the installation process and ensures that you install the various components in the correct order. The following sections outline the installation processes available, how to upgrade from an earlier release of Directory Server, and how to unpack the software to prepare for installation.
Page 20: Upgrade Process
Installation Privileges Create the directory suffixes and databases. You do not have to populate your directory now; however, you should create the basic structure for your tree, including all major roots and branch points. For information about the different methods of creating a directory entry, refer to the Netscape Directory Server Administrator’s Guide.
Page 21: Chapter 2 Computer System Requirements
Chapter 2 Computer System Requirements Before you can install Netscape Directory Server (Directory Server), you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements. These requirements are described in detail for each platform in the following sections: •...
Page 22: Hardware Requirements
Hardware Requirements Hardware Requirements On all platforms, you will need: • Roughly 200 MB of disk space for a minimal installation. For production systems, you should plan at least 2GB to support the product binaries, databases, and log files (log files require 1 GB by default); 4GB and greater may be required for very large directories.
Page 23: Dsktune Utility
Operating System Requirements dsktune Utility For UNIX platforms, Directory Server provides a utility that can help you check that you have the appropriate patches installed on your system. It also provides useful information and advice on how to tune your kernel parameters for best performance.
Page 24: Verifying Disk Space
Operating System Requirements Verifying Disk Space Ensure that you have sufficient disk space before downloading the software. Current working directory: 120 MB Partition containing : 2 GB /usr/netscape Verifying Required System Modules Directory Server is optimized for the UltraSPARC chipsets and will not run on SPARCv8 or earlier chipsets Installing Patches You must use Solaris 8 with the Sun recommended patches.
Page 25 Operating System Requirements Solaris 8 Patch List (Continued) Table 2-1 108989-02: SunOS 5.8: /usr/kernel/sys/acctctl and /usr/kernel/sys/exacctsys patch 108991-13: SunOS 5.8: /usr/lib/libc.so.1 patch 108993-03: SunOS 5.8: nss and ldap patch 109091-04: SunOS 5.8: /usr/lib/fs/ufs/ufsrestore patch 109137-01: SunOS 5.8: /usr/sadm/install/bin/pkginstall patch 109181-03: SunOS 5.8: /kernel/fs/cachefs patch 109277-01: SunOS 5.8: /usr/bin/iostat patch...
Page 26: Tuning The System
Operating System Requirements Solaris 8 Patch List (Continued) Table 2-1 110898-02: SunOS 5.8: csh/pfcsh patch 110901-01: SunOS 5.8: /kernel/drv/sgen and /kernel/drv/sparcv9/sgen patch 110934-01: SunOS 5.8: pkgtrans, pkgadd, pkgchk and libpkg.a patch 110939-01: SunOS 5.8: /usr/lib/acct/closewtmp patch 110943-01: SunOS 5.8: /usr/bin/tcsh patch 110945-01: SunOS 5.8: /usr/sbin/syslogd patch 110951-01:...
Page 27: Setting File Descriptors
Operating System Requirements Setting File Descriptors The system-wide maximum file descriptor table size setting will limit the number of concurrent connections that can be established to Directory Server. The governing parameter, , is set in the file. By default if this rlim_fd_max /etc/system parameter is not present the maximum is 1024.
Page 28: Windows Nt 4.0 Server
Operating System Requirements controls the number of simultaneous connections tcp_smallest_anon_port that can be made to the server. When has been increased to above rlim_fd_max 4096, this value should be decreased, by adding a line similar to the following to file: /etc/init.d/inetinit ndd -set /dev/tcp tcp_smallest_anon_port 8192 parameter should be inspected if clients will...
Page 29: Verifying Required System Modules
Operating System Requirements Verifying Required System Modules Directory Server is not supported on Windows NT 3.5.1 or earlier releases, or Windows NT for the Alpha architecture. Neither is it supported on Windows NT Workstation, because this form of the operating system is not suitable for scalable Internet or Intranet server deployments.
Page 30: Installing Third-Party Utilities
Operating System Requirements Installing Third-Party Utilities You need an UNZIP utility to unpack the directory server software. There are many commercially licensed, free and shareware tools available, such as PKZIP or Winzip. Note that shareware unregistered versions of PKZIP 2.70 maintain a TCP/IP connection to an Internet advertising service, and so may not be suitable for installation on this system.
Page 31: Ensuring System Clock Accuracy
Operating System Requirements The Microsoft Security Configuration Manager is located on the Service Pack 6a CD-ROM, or can be downloaded from . This ftp://ftp.microsoft.com/bussys/winnt/winnt-public/tools/scm/ tool is described in Microsoft Knowledge Base article Q195227. Ensuring System Clock Accuracy So that date and time stamps in log files can be correlated with those of other computer systems, the system clock should be kept reasonably in sync.
Page 32: Configuring The System Post Installation
Operating System Requirements Configuring the System Post Installation The Windows environment will require tuning to provide optimum performance for Directory Server in an operational environment. Consult the Windows system administrator's documentation or support channel for information on NT tuning for multi-threaded internet services. The sections that follow provide some guidelines.
Page 33 Operating System Requirements • Enabling Port Filtering—The RPC services are not removed, as it may be necessary for Microsoft software to make RPC connections on the loopback interface. However, the RPC ports must not be accessible to other systems. Open the Network window; select the Protocols tab, then select TCP/IP and click Properties...;...
Page 34 Operating System Requirements Note that after this change has been made, the Microsoft command-line FTP client will no longer operate. This is because the Microsoft client requires the FTP server to establish a connection in the reverse direction, and all non-LDAP ports are blocked.
Page 35 Operating System Requirements • Stopping Unwanted Services—Open the Control Panel, and the Services panel. Stop and disable any running services except for the following: EventLog, Netscape Directory Server, Netscape Administration Server, NT LM Security Support Provider, Plug and Play, Protected Storage, Remote Procedure Call (RPC) Service, and SNMP.
Page 36 Operating System Requirements Next, under Policies, choose User Rights. Select “Access this computer from the network,” remove Everyone, and add Authenticated Users. Netscape Directory Server Installation Guide • March 2002...
Page 37 Operating System Requirements Next, under Policies, choose Audit, select Audit These Events, and check the boxes for both Success and Failure for the Logon and Logoff Events. You may wish also to rename the administrator account to something else, making it harder to guess. If you have copied the passprop utility from the NT Server Resource Kit, it can be used to allow lockout of the administrator’s account by running it on the command line as...
Page 38 Operating System Requirements while it waits for additional control blocks to be created. By increasing the TCB timewait table size, you reduce latency overhead by allowing more client connections to be serviced faster. To adjust this value, add to the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param eters...
Page 39: Windows 2000 Server And Advanced Server
Operating System Requirements Windows NT ships with a variety of transport drivers such as TCP/IP, NBF (NetBEUI), and NWLink. All of these transports export a TDI interface on top and an NDIS (Network Driver Interface Specification) on the bottom. (Windows NT also ships with AppleTalk and DLC, however, these do not have a TDI interface.) If the TCP/IP protocol is first in the bindings list, average connection setup time decreases.
Page 40: Verifying Required System Modules
Operating System Requirements Ensure that you have sufficient disk space before downloading the software. Download drive: 120 MB Installation drive: 200 MB Verifying Required System Modules Directory Server is not supported on Windows 2000 Pro or Windows 2000 DataCenter Server. Installing Windows 2000 Server During the installation of Windows 2000, please observe the following: •...
Page 41: Ensuring System Clock Accuracy
Operating System Requirements To edit the server configuration file, you will need a text editor that is capable of handling large text files (Notepad and Wordpad are not suitable). If you are already familiar with Emacs text editor on UNIX, a port to Windows can be downloaded from .
Page 42: Hp-Ux 11.0 Operating System
Operating System Requirements HP-UX 11.0 Operating System This section contains the following information: • Verifying Disk Space Requirements • Verifying Required System Modules • Installing Patches • Tuning the System • Installing Third-Party Utilities Verifying Disk Space Requirements Ensure that you have sufficient disk space before downloading the software. Download drive: 120 MB Installation drive: 2 GB Verifying Required System Modules...
Page 43: Tuning The System
Operating System Requirements Install the patches listed in Table 2-2. To get a list of the patches, run the utility; it helps you to verify whether you have the appropriate dsktune patches installed on your system and provides useful information and advice on how to tune your kernel parameters for best performance.
Page 44: Installing Third-Party Utilities
Operating System Requirements You also need to turn on large file support in order for Directory Server to work properly. To change an existing file system (from one that has no large files to one that accepts large files): Unmount the system using the command.
Page 45: Chapter 3 Using Express And Typical Installation
Chapter 3 Using Express and Typical Installation This chapter describes how to perform basic installation activities. This chapter contains the following sections: • Using Express Installation (page 45) • Using Typical Installation (page 47) Using Express Installation Use express installation if you are installing Directory Server to evaluate or test the product.
Page 46 Using Express Installation where file_name corresponds to the product binaries you want to unpack. On Windows NT and Windows 2000, unzip the product binaries. Run the setup program. You can find it in the directory in which you untarred or unzipped the binary files. On a UNIX system, issue the following command: ./setup Select “yes”...
Page 47: Using Typical Installation
Using Typical Installation Do not modify the contents of the directory under the suffix. o=NetscapeRoot Either create data under the first suffix, or create a new suffix to be used for this purpose. For details on how to create new suffixes for your Directory Server, see the Netscape Directory Server Administrator’s Guide.
Page 48 Using Typical Installation When you are asked what you would like to install, press Enter to select the default, Netscape Servers (this is item 1). When you are asked what type of installation you would like to perform, press Enter to select the default, Typical Installation. For server root, enter a full path to the location where you want to install your server.
Page 49 Using Typical Installation The setup program then asks you for the System User and the System Group names. Enter the identity under which you want the servers to run. For more information on the user and group names that you should use when running Netscape servers, see “Deciding the User and Group for Your Netscape Servers (UNIX only),”...
Page 50 Using Typical Installation For a directory suffix, enter a distinguished name meaningful to your enterprise. This string is used to form the name of all your organization’s directory entries. Therefore, pick a name that is representative of your organization. It is recommended that you pick a suffix that corresponds to your internet DNS name.
Page 51: Using Typical Installation On Windows Nt And Windows 2000
Using Typical Installation The server is then unpackaged, minimally configured, and started. You are told what host and port number Administration Server is listening on. The server is configured to use the following suffixes: • The suffix that you configured. •...
Page 52 Using Typical Installation For the directory to store data in, you must decide if this Directory Server instance will store your enterprise’s data. For most cases, you can select the default, “Store data in this Directory Server.” However, if this Directory Server instance is intended to be a configuration directory only, then you should select “Store data in an existing Directory Server.”...
Page 53 Using Typical Installation NOTE Any Distinguished Names must be entered in the UTF-8 character set encoding. Older encodings such as ISO-8859-1 are not supported. In former releases of Directory Server, the Directory Manager was known as the root DN. This is the entry that you bind to the directory as when you want access control to be ignored.
Page 54 Using Typical Installation Netscape Directory Server Installation Guide • March 2002...
Page 55: Chapter 4 Silent Installation
Chapter 4 Silent Installation Silent installation allows you to use a file to predefine all the answers that you would normally supply to the setup program interactively. This provides you with the ability to script the installation of your Netscape Directory Servers (Directory Servers).
Page 56: Preparing Silent Installation Files
Preparing Silent Installation Files On Windows NT and Windows 2000, unzip the product binaries. Prepare the file that will contain your installation directives. Run the setup program with the command line options: setup -s -f file_name where file_name is the name of the file that contains your installation directives. The next section in this chapter provides some examples of the silent install files.
Page 57 Preparing Silent Installation Files To do this run setup with the flag. The setup program will create the following file: /<ServerRoot>/setup/install.inf This file contains all the directives that you would use with silent installation to create the server instance. You can then use this file to create other server instances of that type.
Page 58: A Typical Installation
Preparing Silent Installation Files A Typical Installation The following is the file that is generated for a typical installation: install.inf [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody ServerRoot= /usr/netscape/servers AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.com:389/o=NetscapeRoot UserDirectoryAdminID= admin UserDirectoryAdminPwd= admin UserDirectoryLdapURL= ldap://dir.example.com:389/o=example.com Components=...
Page 59: Using An Existing Configuration Directory
Preparing Silent Installation Files Using an Existing Configuration Directory The following is the file that is generated when you perform a typical install.inf installation and you choose to use an existing Directory Server as the configuration directory: [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup=...
Page 60: Installing The Stand-Alone Netscape Console
Installation Directives Components= admin,admin-client,base-jre [base] Components= base,base-client, base-jre [nsperl] Components= nsperl553 [perldap] Components= perldap14 Installing the Stand-Alone Netscape Console The following is the file that is generated when you install just install.inf Netscape Console: [General] FullMachineName= dir.example.com ConfigDirectoryLdapURL= ldap://dir.example.com:389/o=NetscapeRoot SuiteSpotUserID= nobody SuiteSpotGroup= nobody...
Page 61: Silent Installation File Format
Installation Directives • [General] Installation Directives • [Base] Installation Directives • [slapd] Installation Directives • [admin] Installation Directives Silent Installation File Format When you use silent installation, you provide all the installation information in a file. This file is formatted as follows: [General] directive=value directive=value...
Page 62: [General] Installation Directives
Installation Directives [General] Installation Directives [General] installation directives specify information of global interest to the Netscape servers installed at your site. That is, the information you provide here will be common to all your Netscape servers. The [General] installation directives are: Table 4-1 [General] Installation Directives Directive...
Page 63: [Base] Installation Directives
Installation Directives [General] Installation Directives (Continued) Table 4-1 Directive Description ConfigDirectoryLdapURL Specifies the LDAP URL that is used to connect to your configuration directory. LDAP URLs are described in the Netscape Directory Server Administrator’s Guide. This directive is required. AdminDomain Specifies the administration domain under which this server will be registered.
Page 64: [Slapd] Installation Directives
Installation Directives Table 4-2 [Base] Installation Directive Directive Description Components Specifies the base components to be installed. The base components are: • base—install the shared libraries used by all Server Consoles. You must install this package if you are also installing some other Netscape server. •...
Page 65: Optional [Slapd] Installation Directives
Installation Directives Table 4-3 Required [slapd] Installation Directives Directive Description Components Specifies the slapd components to be installed. The slapd components are: • slapd—install the Directory Server. • slapd-client—install the Directory Server Console. This directive is required. It is recommended that you always install both components any time you install the Directory Server.
Page 66: [Admin] Installation Directives
Installation Directives Table 4-4 Optional [slapd] Installation Directives Directive Description AddSampleEntries If set to Yes, this directive causes the example.ldif sample directory to be loaded. Use this directive if you are installing the Directory Server for evaluation purposes and you do not already have an LDIF file to populate your directory with.
Page 67 Installation Directives [admin] Installation Directives (Continued) Table 4-5 Directive Description SysUser UNIX only. Specifies the user that the Administration Server will run as. For default installations that use the default Netscape port numbers, this user must be root. Root is the default. For information on what users your servers should run as, see “Deciding the User and Group for Your Netscape Servers (UNIX only),”...
Page 68 Installation Directives Netscape Directory Server Installation Guide • March 2002...
Page 69: Chapter 5 Post Installation
Chapter 5 Post Installation This chapter describes the post-installation procedures for launching the online help and populating the directory tree. This chapter has the following sections: • Launching the Help System (page 69) • Populating the Directory Tree (page 70) Launching the Help System The help system for Directory Server is dependent upon Netscape Administration Server.
Page 70: Populating The Directory Tree
Populating the Directory Tree Proxy authorized on Administration Server. If you use proxies for your HTTP connections on the client machine running Directory Server Console, you need to do one of the following: • Remove proxies on the machine running Directory Server Console. This allows the client machine to access Administration Server directly.
Page 71 Populating the Directory Tree • Start your Directory Server with an empty database and import data over LDAP—This method requires you to populate your directory using an LDAP client such as Directory Server Gateway or the command-line ldapmodify utility. Use this method if you have just a few entries to add at a time. For information on setting up the Directory Server Gateway, check the Netscape Directory Server Gateway Customization Guide.
Page 72 Populating the Directory Tree Netscape Directory Server Installation Guide • March 2002...
Page 73: Chapter 6 Migrating From Previous Versions
Chapter 6 Migrating From Previous Versions You can upgrade to Netscape Directory Server 6.0 from Directory Server 4.0, 4.1, 4.11, 4.12, 4.13, or 5.0. This chapter describes the upgrade process in the following sections: • Migration Overview (page 73) • Migration Prerequisites (page 74) •...
Page 74: Migration Prerequisites
Migration Prerequisites The migration script performs the following tasks in sequence: • Checks the schema configuration files, and notifies you of any changes between the standard configuration files and the ones present on your system. • Creates a database for each suffix stored in the legacy Directory Server. (In Directory Server 5.0 and 6.0 you can have multiple databases, but just one suffix per database).
Page 75 Migration Prerequisites • If you want to continue to run your legacy Directory Server, when you install Directory Server 6.0 choose different ports for LDAP traffic and for secured connections from the ones used by your legacy Directory Server. If you will not be running your legacy Directory Server, use the same port numbers to ensure that any directory clients that have static configuration information (including directory server port numbers) will continue to work.
Page 76: Identifying Custom Schema
Identifying Custom Schema Identifying Custom Schema If you customized the schema in your legacy Directory Server by modifying directly, then the server migration process slapd.at.conf slapd.oc.conf cannot migrate your custom schema for you. Instead, you are notified during migration that you have modified the standard schema and that you need to manually fix the problem.
Page 77: Migration Procedure
Migration Procedure Then, if you added custom attributes to standard object classes in slapd.oc.conf you must do the following: In the file (or your equivalent), create a new object class slapd.user_oc.conf that includes your custom attributes. Add this new object class to every entry in your directory that uses the custom attributes.
Page 78 Migration Procedure Run the migration script. As root user (UNIX), or administrator (on NT), change directory to . Then /usr/netscape/servers/bin/slapd/admin/bin enter the following command: On UNIX: migrateInstance6 -D rootDN -w passwd -p port -o oldServerPath -n newServerPath ON NT: perl migrateInstance6 -D rootDN -w passwd -p port -o oldServerPath -n newServerPath where: rootDN is the DN for Directory Manager in Directory Server 6.0 passwd is the password for Directory Manager in Directory Server 6.0...
Page 79: Migrating A Replicated Site
Migrating a Replicated Site Update successfully passwordHistory Update global LDBM parameters... Update successfully nsslapd-mode Update specific backend parameters... Migrate DSE entries... Migrate attributes... Migrate objectclasses... Migrate indexes... Migrate plugin’s... Your legacy Directory Server is then migrated. As a result of this migration, a new Directory Server 6.0 instance is installed using the configuration information obtained from your legacy Directory Server.
Page 80: Approach
Migrating a Replicated Site • The 6.0 Directory Server must be configured as a legacy consumer. • The replication agreement between the 4.x supplier server and the 6.0 consumer server must be a 4.x supplier-initiated replication agreement. Approach Given the constraints, the approach to migrating a replication topology of 4.x servers is to: Install the 6.0 Directory Server, configure it both: As a read-write replica that logs changes (the role the server will fulfill...
Page 81 Migrating a Replicated Site NOTE You can migrate a topology where Server B and Server C have CIR replication agreements with Server A. However, you cannot have CIR agreements in the new replication environment because Directory Server 6.0 does not support consumer-initiated replication.
Page 82 Migrating a Replicated Site Netscape Directory Server Installation Guide • March 2002...
Page 83: Chapter 7 Troubleshooting
Chapter 7 Troubleshooting This chapter describes the most common installation problems and how to solve them. It also provides some tips on checking patch levels and kernel parameter settings for your system. This chapter has the following sections: • Running dsktune (page 83) •...
Page 84 Running dsktune Netscape Directory Server system tuning analysis version 25-SEP-2001. Copyright 2001 Sun Microsystems, Inc. Portions copyright 1999, 2001 Netscape Communications Corporation. All rights reserved. NOTICE : System is usparc-sun-solaris5.8 (SUNW,Ultra-5_10) (1 processor). NOTICE : Patch 109320-01 is not installed. NOTICE : Patch 108875-04 is present, but 108875-07 is a more recent version.
Page 85: Common Installation Problems
Common Installation Problems ndd -set /dev/tcp tcp_smallest_anon_port 8192 WARNING: tcp_deferred_ack_interval is currently 100 milliseconds. This will cause Solaris to insert artificial delays in the LDAP protocol. It should be reduced during load testing. This line can be added to the /etc/init.d/inetinit file: ndd -set /dev/tcp tcp_deferred_ack_interval 5 WARNING: There are only 1024 file descriptors available, which limit the number of simultaneous connections.
Page 86 Common Installation Problems This error occurs when a machine is not correctly configured to use DNS naming. The default fully qualified host and domain name presented during installation is not correct. If you accept the defaults, you receive the LDAP authentication error. To successfully install, you need to provide a fully qualified domain name that consists of a local host name along with its domain name.
Page 87: Glossary
Glossary access control instruction See ACI. ACI Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list See ACL. ACL Access control list. The mechanism for controlling access to your directory. access rights In the context of access control, specify the level of access granted or denied.
Page 88 attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list A list of required and optional attributes for a given entry type or object class.
Page 89 browser Software, such as Netscape Navigator, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server. browsing index Otherwise known as the virtual view index, speeds up the display of entries in the Directory Server Console.
Page 90 CIR See consumer-initiated replication. class definition Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory. class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes.
Page 91 DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory. Data Master The server that is the master source of a particular piece of data. database link An implementation of chaining. The database link behaves like a database but has no persistent storage.
Page 92 DNS alias A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as might point to a real machine called www.[yourdomain].[domain] where the server currently exists.
Page 93 HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Netscape Navigator how to display text, position graphics and form items, and display links to other pages. HTTP Hypertext Transfer Protocol.
Page 94 LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format LDAP client Software used to request and view LDAP entries from an LDAP Directory Server. See also browser. LDAP Data Interchange Format See LDAP Data Interchange Format. LDAP URL Provides the means of locating directory servers using DNS and then completing the query via LDAP.
Page 95 matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. MD5 A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data, that is unique with high probability, and is mathematically extremely hard to produce a piece of data that will produce the same message digest.
Page 96 network management station See NMS. NIS Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, file systems, and network parameters throughout a network of computers. NMS Network Management Station.
Page 97 permission In the context of access control, the permission states whether access to the directory information is granted or denied, and the level of access that is granted or denied. See access rights. PDU Protocol Data Unit. Encoded messages which form the basis of data exchanges between SNMP devices.
Page 98 RDN Relative distinguished name. The name of the actual entry itself, before the entry’s ancestors have been appended to the string to form the full distinguished name. referential integrity Mechanism that ensures that relationships between related entries are maintained within the directory. referral (1) When a server receives a search or update request from an LDAP client that it cannot process, it usually sends back to the client a pointer to the LDAP sever that can process the request.
Page 99 root The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine. root suffix The parent of one or more sub suffixes. A directory tree can contain more than one root suffix. schema Definitions describing what types of information can be stored as entries in the directory.
Page 100 single-master replication The most basic replication scenario in which two servers each hold a copy of the same read-write replicas to consumer servers. In a single-master replication scenario, the supplier server maintains a change log. SIR See supplier-initiated replication. slapd LDAP Directory Server daemon or service that is responsible for most functions of a directory except replication.
Page 101 supplier server In the context of replication, a server that holds a replica that is copied to a different server is called a supplier for that replica. supplier-initiated replication Replication configuration where supplier servers replicate directory data to consumer servers. symmetric encryption Encryption that uses the same key for both encrypting and decrypting.
Page 102 virtual list view index Otherwise known as a browsing index, speeds up the display of entries in the Directory Server Console. Virtual list view indexes can be created on any branchpoint in the directory tree to improve display performance. X.500 standard The set of ISO/ITU-T documents outlining the recommended information model, object classes and attributes used by directory server implementations.
Page 103: Index
Index administration domain, defined 18 express install defined 19 administration port number 33, 50 using 45 administration server 12 administration server user 15 authentication entities 15 fonts, in this book 8 configuration decisions 12 configuration directory administrator 15 configuration directory, defined 16 conventions, in this book 8 glossary of terms 87–102 creating silent install files 56...
Page 104 preparing for 11 process overview 19 replicated site new installations 19 migration 79 requirements 21 requirements installation directory, default 14 computer system 21 root DN (directory manager) 15 running server, users and groups 14 LDAP Data Interchange Format (LDIF) creating databases using 70 LDIF, See LDAP Data Interchange Format schema, migrating 76 server root 13...
Page 105 upgrading prerequisites for 74 upgrading schema 76 upgrading the directory server 73 user and groups to run servers as 14 user directory, defined 17 Index...
Page 106 Netscape Directory Server Installation Guide • March 2002...

Netscape DIRECTORY SERVER 6.01 Installation Manual

About this Guide

Chapter 1 Preparing for a Directory Server Installation

Chapter 2 Computer System Requirements

Chapter 3 Using Express and Typical Installation

Chapter 4 Silent Installation

Chapter 5 Post Installation

Chapter 6 Migrating from Previous Versions

Chapter 7 Troubleshooting

Glossary

Index

Quick Links

Installation Guide

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.01

Summary of Contents for Netscape NETSCAPE DIRECTORY SERVER 6.01

Table of Contents