Page 1: Installation Guide
Installation Guide Netscape Directory Server Version 6.1 August 2002...
Page 2 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.
Page 3: Table Of Contents
Contents About This Guide ............. . . 7 Prerequisite Reading .
Page 4 Verifying Required System Modules ..........26 Installing Patches .
Page 5 Installing the Standalone Netscape Console ..........62 Installation Directives .
Page 6 Chapter 8 Troubleshooting ........... 103 Running dsktune .
Page 7: About This Guide
About This Guide Welcome to Netscape Directory Server (Directory Server). This manual provides a high-level overview of design and planning decisions you need to make before installing the Directory Server, and describes the different installation methods that you can use. This preface contains the following sections: •...
Page 8: Conventions Used In This Guide
Conventions Used In This Guide • Directory Server Console—An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. The directory console is part of Netscape Console, the common management framework for Netscape servers. •...
Page 9: Related Information
Related Information All paths specified in this manual are in UNIX format. If you are using a Windows-based Directory Server, you should assume the equivalent file paths whenever UNIX file paths are shown in this guide. Related Information The document set for Directory Server also contains the following guides: •...
Page 10 Related Information Netscape Directory Server Installation Guide • August 2002...
Page 11: Chapter 1 Preparing For A Directory Server Installation
Chapter 1 Preparing for a Directory Server Installation Before you begin installing Netscape Directory Server (Directory Server), you should have an understanding of the various Directory Server components and the design and configuration decisions you need to make. To help you prepare for your Directory Server installation, you should be familiar with the concepts contained in the following sections: •...
Page 12: Configuration Decisions
Configuration Decisions • Netscape Administration Server—Administration Server is a common front-end to all Netscape servers. It receives communications from Netscape Console and passes those communications on to the appropriate Netscape server. Your site will have at least one Administration Server for each server root in which you have installed an Netscape server.
Page 13: Choosing Unique Port Numbers
Configuration Decisions Choosing Unique Port Numbers Port numbers can be any number from 1 to 65535. Keep the following in mind when choosing a port number for your Directory Server: • The standard Directory Server (LDAP) port number is 389. •...
Page 14: Deciding The User And Group For Your Netscape Servers (Unix Only)
Configuration Decisions By default, the server root directory is one of the following: • (on UNIX systems) /usr/netscape/servers • (on Windows systems) c:\netscape\servers Deciding the User and Group for Your Netscape Servers (UNIX only) For security reasons, it is always best to run UNIX-based production servers with normal user privileges.
Page 15: Defining Authentication Entities
Configuration Decisions Defining Authentication Entities As you install Directory Server and Administration Server, you will be asked for various user names, distinguished names (DN), and passwords. This list of login and bind entities will differ depending on the type of installation that you are performing: •...
Page 16: Determining Your Directory Suffix
Configuration Decisions Normally, Administration Server user and password should be identical to the configuration directory administrator ID and password. Determining Your Directory Suffix A directory suffix is the directory entry that represents the first entry in a directory tree. You will need at least one directory suffix for the tree that will contain your enterprise’s data.
Page 17: Determining The Location Of The User Directory
Configuration Decisions configuration directory so as to not hurt the performance of your other production servers. Netscape server installations result in write activities to the configuration directory. For large enough sites, this write activity could result in a short-term performance hit to your other directory activities. Also, as with any directory installation, consider replicating the configuration directory to increase availability and reliability.
Page 18: Determining The Administration Domain
Configuration Decisions Also, you should use the default directory ports (389 and 636) for the user directory. If your configuration directory is managed by a server instance dedicated to that purpose, you should use some non-standard port for the configuration directory. You cannot install a user directory until you have installed a configuration directory somewhere on your network.
Page 19: Installation Process Overview
Installation Process Overview Installation Process Overview You can use one of several installation processes to install Directory Server. Each one guides you through the installation process and ensures that you install the various components in the correct order. The sections that follow outline the installation processes available, how to upgrade from an earlier release of Directory Server, and how to unpack the software to prepare for installation.
Page 20: Upgrade Process
Installation Process Overview Create the directory suffixes and databases. You do not have to populate your directory now; however, you should create the basic structure for your tree, including all major roots and branch points. For information about the different methods of creating a directory entry, refer to the Netscape Directory Server Administrator’s Guide.
Page 21: Installation Privileges
Installation Privileges Installation Privileges On UNIX you must install as root if you choose to run the server on a port below 1024, such as the default LDAP ports: 389 and 636 (LDAP over SSL). If you choose port numbers higher than 1024, you can install using any valid UNIX login. On Windows, you must run the installation as administrator.
Page 22 Installation Privileges Netscape Directory Server Installation Guide • August 2002...
Page 23: Chapter 2 Computer System Requirements
Chapter 2 Computer System Requirements Before you can install Netscape Directory Server (Directory Server), you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements. These requirements are described in detail for each platform in the following sections: •...
Page 24: Hardware Requirements
Hardware Requirements Hardware Requirements On all platforms, you will need: • Roughly 200 MB of disk space for a minimal installation. For production systems, you should plan at least 2GB to support the product binaries, databases, and log files (log files require 1 GB by default); 4GB and greater may be required for very large directories.
Page 25: Dsktune Utility
Operating System Requirements dsktune Utility For UNIX platforms, Directory Server provides a utility named that can dsktune help you verify whether you have the appropriate patches installed on your system. The utility also provides useful information and advice on how to tune your kernel parameters for best performance.
Page 26: Verifying Required System Modules
Operating System Requirements Verifying Required System Modules Directory Server requires the use of a SPARC v8+ or an UltraSPARC (SPARC v9) processor, as these processors include support for high performance and multiprocessor systems. Earlier SPARC processors are not supported. If you run Directory Server on a 64-bit Sun Solaris 8 UltraSPARC machine, it will run as a 32-bit application.
Page 27 Operating System Requirements Solaris 8 Patch List (Continued) Table 2-1 108991-13: SunOS 5.8: /usr/lib/libc.so.1 patch 108993-03: SunOS 5.8: nss and ldap patch 109091-04: SunOS 5.8: /usr/lib/fs/ufs/ufsrestore patch 109137-01: SunOS 5.8: /usr/sadm/install/bin/pkginstall patch 109181-03: SunOS 5.8: /kernel/fs/cachefs patch 109277-01: SunOS 5.8: /usr/bin/iostat patch 109279-13: SunOS 5.8: /kernel/drv/ip patch 109318-12:...
Page 28: Tuning The System
Operating System Requirements Solaris 8 Patch List (Continued) Table 2-1 110898-02: SunOS 5.8: csh/pfcsh patch 110901-01: SunOS 5.8: /kernel/drv/sgen and /kernel/drv/sparcv9/sgen patch 110934-01: SunOS 5.8: pkgtrans, pkgadd, pkgchk and libpkg.a patch 110939-01: SunOS 5.8: /usr/lib/acct/closewtmp patch 110943-01: SunOS 5.8: /usr/bin/tcsh patch 110945-01: SunOS 5.8: /usr/sbin/syslogd patch 110951-01:...
Page 29: Tuning Tcp Parameters
Operating System Requirements CAUTION This parameter should not be raised above 4096 without first consulting your Sun Solaris support representative as it may affect the stability of the system. Tuning TCP Parameters By default, the TCP/IP implementation in a Solaris kernel is not correctly tuned for Internet or Intranet services.
Page 30: Windows Nt 4.0 Server
Operating System Requirements Windows NT 4.0 Server This section describes how to install Directory Server on Windows NT: • Configuring a Machine to Run Directory Server • Verifying Required System Modules • Installing Windows NT Server • Installing Third-Party Utilities •...
Page 31: Installing Windows Nt Server
Operating System Requirements Installing Windows NT Server During the installation of Windows NT, please observe the following: • If there is already an operating system present on the computer, choose to perform a fresh install rather than an upgrade. • Format the drives with NTFS rather than FAT, as NTFS allows access controls to be set on files and directories.
Page 32: Installing Microsoft Utilities
Operating System Requirements To edit the server configuration file, you will need a text editor that is capable of handling large text files (Notepad and Wordpad are not suitable). If you are already familiar with Emacs on UNIX, a port to Windows can be downloaded from .
Page 33: Ensuring System Clock Accuracy
Operating System Requirements Ensuring System Clock Accuracy So that date and time stamps in log files can be correlated with those of other computer systems, the system clock should be kept reasonably in sync. As the NET TIME command requires NetBIOS, which will be disabled during post-installation system configuration, either a TCP/IP based NTP client should be installed (such as the shareware program Tardis) or a time radio receiver attached.
Page 34 Operating System Requirements From then on, each time the Network Control Panel is used, Windows NT will prompt to install Windows NT Networking. Always answer No to the prompt. • Removing NETBIOS—The server uses only TCP/IP and does not require any Microsoft network services.
Page 35 Operating System Requirements • Enabling Port Filtering—The RPC services are not removed, as it may be necessary for Microsoft software to make RPC connections on the loopback interface. However, the RPC ports must not be accessible to other systems. Open the Network window, select the Protocols tab, select TCP/IP, and click Properties.
Page 36 Operating System Requirements Delete the value of Os2LibPath in this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment Change the value of the Optional item in the following key to the two bytes “ ”: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems Delete the Posix and OS/2values from the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems •...
Page 37 Operating System Requirements Next, under Policies, choose User Rights. Select “Access this computer from the network,” remove Everyone, and add Authenticated Users. Next, under Policies, choose Audit, select Audit These Events, and check the boxes for both Success and Failure for the Logon and Logoff Events. Chapter 2 Computer System Requirements...
Page 38 Operating System Requirements You may wish also to rename the administrator account to something else, making it harder to guess. If you have copied the passprop utility from the NT Server Resource Kit, it can be used to allow lockout of the administrator’s account by running it on the command line as passprop/adminlockout •...
Page 39 Operating System Requirements while it waits for additional control blocks to be created. By increasing the TCB timewait table size, you reduce latency overhead by allowing more client connections to be serviced faster. To adjust this value, add to the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param eters...
Page 40: Windows 2000 Server And Advanced Server
Operating System Requirements Windows NT ships with a variety of transport drivers such as TCP/IP, NBF (NetBEUI), and NWLink. All of these transports export a TDI interface on top and an NDIS (Network Driver Interface Specification) on the bottom. (Windows NT also ships with AppleTalk and DLC, however, these do not have a TDI interface.) If the TCP/IP protocol is first in the bindings list, average connection setup time decreases.
Page 41: Verifying Required System Modules
Operating System Requirements Ensure that you have sufficient disk space before downloading the software. Download drive: 120 MB Installation drive: 200 MB Verifying Required System Modules Directory Server is not supported on Windows 2000 Pro or Windows 2000 DataCenter Server. Installing Windows 2000 Server During the installation of Windows 2000, observe the following: •...
Page 42: Ensuring System Clock Accuracy
Operating System Requirements To edit the server configuration file, you will need a text editor that is capable of handling large text files (Notepad and Wordpad are not suitable). If you are already familiar with Emacs text editor on UNIX, a port to Windows can be downloaded from .
Page 43: Hp-Ux 11.0 Operating System
Operating System Requirements HP-UX 11.0 Operating System This section contains the following information: • Verifying Disk Space Requirements • Verifying Required System Modules • Installing Patches • Tuning the System • Installing Third-Party Utilities Verifying Disk Space Requirements Ensure that you have sufficient disk space before downloading the software. Download drive: 120 MB Installation drive: 2 GB Verifying Required System Modules...
Page 44 Operating System Requirements PHKL_18543: PM/VM/UFS/async/scsi/io/DMAPI/JFS/perf cumulative patch PHCO_23651: fsck_vxfs(1M) cumulative patch PHCO_19666: libpthread cumulative patch PHKL_20228: Large data 7/8 patch PHKL_21039: semget;large data space;msgmnb;SEMMSL PHKL_23409: NFS, Large Data Space, kernel memory leak patch PHCO_16629: libc cumulative patch (superceded by PHCO_20765) PHCO_20765: libc cumulative patch (supercedes PHCO_16629 and is superceded by PHCO_24148)
Page 45: Tuning The System
Operating System Requirements PHNE_26771: Cumulative ARPA Transport patch The following patches are dependencies of patch PHNE_26771: PHKL_21857 and PHNE_22566. • Run the utility and see if you need to install any other patches. The dsktune utility helps you to verify whether you have the appropriate patches installed on your system and provides useful information and advice on how to tune your kernel parameters for best performance.
Page 46: Installing Third-Party Utilities
Operating System Requirements Installing Third-Party Utilities You will need the utility to unpack the directory server software. The GNU gunzip programs are described in more detail at gzip gunzip and can be obtained from http://www.gnu.org/software/gzip/gzip.html many software distribution sites. You may need Adobe Acrobat Reader to read the documentation. If you do not have it installed, you can download it from: http://www.adobe.com/products/acrobat/readstep2.html DNS and NIS Requirements (UNIX only)
Page 47: Chapter 3 Using Express And Typical Installation
Chapter 3 Using Express and Typical Installation This chapter describes how to perform basic installation activities. This chapter contains the following sections: • Using Express Installation (page 47) • Using Typical Installation (page 49) Using Express Installation Use express installation if you are installing Directory Server to evaluate or test the product.
Page 48 Using Express Installation where filename corresponds to the product binaries you want to unpack. On a Windows system, unzip the product binaries. Run the program. You can find it in the directory in which you untarred setup or unzipped the binary files. On a UNIX system, issue the following command: ./setup Select “yes”...
Page 49: Using Typical Installation
Using Typical Installation o=NetscapeRoot Do not modify the contents of the directory under the o=NetscapeRoot suffix. Either create data under the first suffix or create a new suffix to be used for this purpose. For details on how to create new suffixes for your Directory Server, see the Netscape Directory Server Administrator’s Guide.
Page 50 Using Typical Installation Next, the program asks you if you agree to the license terms. Press “y” setup to agree with the license terms. When you are asked what you would like to install, press Enter to select the default, Netscape Servers. When you are asked what type of installation you would like to perform, press Enter to select the default, Typical Installation.
Page 51 Using Typical Installation program then asks you for the System User and the System Group setup names. Enter the identity under which you want the servers to run. For more information on the user and group names that you should use when running Netscape servers, see “Deciding the User and Group for Your Netscape Servers (UNIX only),”...
Page 52 Using Typical Installation For a directory suffix, enter a distinguished name (DN) meaningful to your enterprise. This string is used to form the name of all your organization’s directory entries. Therefore, pick a name that is representative of your organization. It is recommended that you pick a suffix that corresponds to your internet DNS name.
Page 53: Using Typical Installation On Windows
Using Typical Installation The server is configured to use the following suffixes: • The suffix that you configured. • o=NetscapeRoot Do not modify the contents of the directory under the suffix. o=NetscapeRoot Either create data under the first suffix or create a new suffix to be used for this purpose.
Page 54 Using Typical Installation For server identifier, enter a unique value (normally the default is sufficient). This value is used as part of the name of the directory in which the Directory Server instance is installed. For example, if your machine’s host name is then this name is the default and selecting it will cause the phonebook Directory Server instance to be installed into a directory labeled...
Page 55 Using Typical Installation For administration port number, enter a value that is not in use. Be sure to record this value. The server is then unpackaged, minimally configured, and started. You are told which host and port number the Administration Server is listening on. The server is configured to use the following suffixes: •...
Page 56 Using Typical Installation Netscape Directory Server Installation Guide • August 2002...
Page 57: Chapter 4 Silent Installation
Chapter 4 Silent Installation Silent installation allows you to use a file to predefine all the answers that you would normally supply to the setup program interactively. This provides you with the ability to script the installation of your Netscape Directory Servers (Directory Servers).
Page 58: Preparing Silent Installation Files
Preparing Silent Installation Files On Windows machines, unzip the product binaries. Prepare the file that will contain your installation directives. Run the program with the command line options: setup setup -s -f filename where filename is the name of the file that contains your installation directives. The next section shows some examples of the silent install files.
Page 59: Creating Silent Installation Files
Preparing Silent Installation Files Creating Silent Installation Files The best way to create a file for use with silent installation is to use the setup program to interactively create a server instance of the type that you want to duplicate. To do this, run with the flag.
Page 60: A Typical Installation
Preparing Silent Installation Files NOTE Be sure to protect files since they contain passwords in install.inf clear. For complete information on the directives you can use in a silent installation file, see “Installation Directives,” on page 63. A Typical Installation The following is an example of the file that is generated for a typical install.inf...
Page 61: Using An Existing Configuration Directory
Preparing Silent Installation Files Components= admin,admin-client,base-jre [base] Components= base,base-client Using an Existing Configuration Directory The following is an example of the file that is generated when you install.inf perform a typical installation and you choose to use an existing Directory Server as the configuration directory: [General] FullMachineName=...
Page 62: Installing The Standalone Netscape Console
Preparing Silent Installation Files ServerIpAddress= 111.11.11.11 ServerAdminID= admin ServerAdminPwd= admin Components= admin,admin-client,base-jre [base] Components= base,base-client, base-jre [nsperl] Components= nsperl553 [perldap] Components= perldap14 Installing the Standalone Netscape Console The following is an example of the file that is generated when you install.inf install just Netscape Console: [General]...
Page 63: Installation Directives
Installation Directives Installation Directives This section describes the basic format of the file used for silent installation. It then describes the directives that are available for each area of the silent installation file. Specifically, the following sections are provided here: •...
Page 64: [General] Installation Directives
Installation Directives The keywords [ , and are required. They indicate that General] [slapd] [admin] the directives that follow are meant for a specific aspect of the installation. They must be provided in the file in the order indicated above. [General] Installation Directives [General] installation directives specify information of global interest to the Netscape servers installed at your site.
Page 65: [Base] Installation Directives
Installation Directives [General] Installation Directives (Continued) Table 4-1 Directive Description SuiteSpotGroup UNIX only. Specifies the group that Netscape servers will run as. The default is group nobody but this should be changed for most deployments. ConfigDirectoryLdapURL Specifies the LDAP URL that is used to connect to your configuration directory.
Page 66: [Slapd] Installation Directives
Installation Directives Table 4-2 [Base] Installation Directive Directive Description Components Specifies the base components to be installed. The base components are: • base—install the shared libraries used by all Server Consoles. You must install this package if you are also installing some other Netscape server. •...
Page 67: Optional [Slapd] Installation Directives
Installation Directives Table 4-3 Required [slapd] Installation Directives Directive Description Components Specifies the slapd components to be installed. The components are: • slapd—install the Directory Server. • slapd-client—install the Directory Server Console. This directive is required. It is recommended that you always install both components any time you install the Directory Server.
Page 68: [Admin] Installation Directives
Installation Directives Table 4-4 Optional [slapd] Installation Directives Directive Description AddSampleEntries If set to Yes, this directive causes the example.ldif sample directory to be loaded. Use this directive if you are installing the Directory Server for evaluation purposes and you do not already have an LDIF file to populate your directory with.
Page 69 Installation Directives [admin] Installation Directives (Continued) Table 4-5 Directive Description SysUser UNIX only. Specifies the user that the Administration Server will run as. For default installations that use the default Netscape port numbers, this user must be root. Root is the default. For information on what users your servers should run as, see “Deciding the User and Group for Your Netscape Servers (UNIX only),”...
Page 70 Installation Directives Netscape Directory Server Installation Guide • August 2002...
Page 71: Chapter 5 Post Installation
Chapter 5 Post Installation This chapter describes the post-installation procedures for launching the online help and populating the directory tree. This chapter has the following sections: • Launching the Help System (page 71) • Populating the Directory Tree (page 72) Launching the Help System The help system for Directory Server is dependent upon Netscape Administration Server.
Page 72: Populating The Directory Tree
Populating the Directory Tree Proxy authorized on Administration Server. If you use proxies for your HTTP connections on the client machine running Directory Server Console, you need to do one of the following: • Remove proxies on the machine running Directory Server Console. This allows the client machine to access Administration Server directly.
Page 73 Populating the Directory Tree • Start your Directory Server with an empty database and import data over LDAP—This method requires you to populate your directory using an LDAP client such as Directory Server Gateway or the command-line ldapmodify utility. Use this method if you have just a few entries to add at a time. For information on setting up the Directory Server Gateway, check the Netscape Directory Server Gateway Customization Guide.
Page 74 Populating the Directory Tree Netscape Directory Server Installation Guide • August 2002...
Page 75: Chapter 6 Migrating And Upgrading From Previous Versions
Chapter 6 Migrating and Upgrading From Previous Versions If you have a previous installation of Directory Server, depending on it’s version, you can migrate or upgrade to Netscape Directory Server 6.x. Migration refers to the process of migrating Directory Server 4.x or 5.x files to Directory Server 6.x. Upgrade refers to the process of updating Directory Server 6.0x files to Directory Server 6.x.
Page 76: Migration Prerequisites
Migration Prerequisites The migration script performs the following tasks in sequence: • Checks the schema configuration files and notifies you of any changes between the standard configuration files and the ones present on your system; see • Creates a database for each suffix stored in the legacy Directory Server. (In Directory Server 5.x and 6.x you can have multiple databases, but just one suffix per database).
Page 77 Migration Prerequisites • Do not install the new Directory Server on top of an existing Directory Server installation. Install your new Directory Server in a separate directory. Migrate your legacy directory data into your new directory and when you are satisfied with the result of the migration, remove your legacy Directory Server.
Page 78: Identifying Custom Schema
Migration Prerequisites • Check the command syntax for the migration script in chapter “Command-Line Scripts” of the Netscape Directory Server Configuration, Command, and File Reference. • If you have defined custom schema, read the next section, “Identifying Custom Schema,” on page 78. Identifying Custom Schema If you customized the schema in your legacy Directory Server by modifying directly, then the server migration process...
Page 79: Migration Procedure
Migration Procedure Include these files into your file using the slapd.conf userat useroc directives. Place your new directives at the same place in the file as the include statements for other configuration files. The order in which the various configuration files are included is not important.
Page 80: Migrating A Standalone Server
Migration Procedure Migrating a Standalone Server Once you have backed up your critical configuration information, do the following to migrate a server: Stop your legacy Directory Server. If you do not stop the legacy Directory Server, the migration script does it for you.
Page 81 Migration Procedure newInstancePath is the path to the installation directory of Directory Server 6.x (for example, /usr/netscape/servers/slapd-serverID The following is an example of a command you would use on a UNIX machine to migrate an instance of Directory Server 4.11 to Directory Server 6.x: migrateInstance6 -D "cn=Directory Manager"...
Page 82 Migration Procedure Shutdown the legacy Directory Server instance: /usr/netscape/servers/ds50/slapd-bart Shutting down server slapd-bart ..Name of the old LDAP server: bart.netscape.com Name of the new LDAP server: bart.netscape.com 6.0 localuser: jdoe, uid: 9871, gid: 10 5.x localuser: jdoe, uid: 9871, gid: 10 Backup /export/home/jdoe/61-latest/slapd-bart/config on /export/home/jdoe/61-latest/slapd-bart/config_backup ...
Page 83 Migration Procedure Param: nsbindretrylimit values To migrate: 3 Param: nsbindretrylimit new current values: 3 Param: nsoperationconnectionslimit values To migrate: 10 Param: nsoperationconnectionslimit new current values: 10 Param: nsreferralonscopedsearch values To migrate: off Param: nsreferralonscopedsearch new current values: off Param: nsmaxtestresponsedelay values To migrate: 15 Param: nsmaxtestresponsedelay new current values: 15 Param: nsmaxresponsedelay values To migrate: 60 Param: nsmaxresponsedelay new current values: 60...
Page 84 Migration Procedure Now baking up database backend1 in /export/home/jdoe/61-latest/slapd-bart/db_backup/backend1.ldif Shutting down server slapd-bart . . . ldiffile: /export/home/jdoe/61-latest/slapd-bart/db_backup/backend1.ldif [12/Jun/2002:10:32:05 -0700] - export backend1: Processed 3 entries (100%). [12/Jun/2002:10:32:05 -0700] - Waiting for 4 database threads to stop [12/Jun/2002:10:32:07 -0700] - All database threads now stopped try to reconnect to search cn=backend2,cn=ldbm database,cn=plugins,cn=config *** LDBM_BACKEND_INSTANCE - cn=backend2,cn=ldbm database,cn=plugins,cn=config already exists...
Page 85 Migration Procedure MAPPING_TREE - Add successfull: cn="dc=backend3,dc=com",cn=mapping tree,cn=config *** MAPPING_TREE - cn="dc=netscape,dc=com",cn=mapping tree,cn=config already exists *** Migration will not add the suffix ------------------------------------------------------------------------- Migrate default indexes... ------------------------------------------------------------------------- Migrate indexes... ------------------------------------------------------------------------- Migrate replicas... ------------------------------------------------------------------------- Migrate replication agreements... ------------------------------------------------------------------------- Migrate key/cert databases... ------------------------------------------------------------------------- Migrate Certmap.conf...
Page 86 Migration Procedure [12/Jun/2002:10:33:32 -0700] - Waiting for 1 database threads to stop [12/Jun/2002:10:33:33 -0700] - All database threads now stopped Done. [12/Jun/2002:10:33:37 -0700] - import backend1: Index buffering enabled with bucket size 15 [12/Jun/2002:10:33:37 -0700] - import backend1: Beginning import job... [12/Jun/2002:10:33:37 -0700] - import backend1: Processing file "/export/home/jdoe/50-latest/slapd-bart/config//ldif/backend1.ldif"...
Page 87: Migrating A 4.X Replicated Site
Migration Procedure [12/Jun/2002:10:33:54 -0700] - import backend3: Flushing caches... [12/Jun/2002:10:33:54 -0700] - import backend3: Closing files... [12/Jun/2002:10:33:54 -0700] - import backend3: Import complete. Processed 2 entries in 4 seconds. (0.50 entries/sec) ------------------------------------------------------------------------- Migrate Changelog... ------------------------------------------------------------------------- ***** Migrate ReplicaBindDN entries... ------------------------------------------------------------------------- ***** Migrate MultiplexorBindDN entries...
Page 88: Migrating A Replicated 4.X Site - Approach 1
Migration Procedure Migrating a Replicated 4.x Site - Approach 1 Given the constraints, an approach to migrating a replication topology of 4.x servers is to: Install the 6.x Directory Server and configure it both: As a read-write replica, the role the server will fulfill once the migration process is completed, that logs changes.
Page 89: Migrating A Replicated 4.X Site - Approach 2
Migration Procedure Configure ServerD for the role it will fulfill in the migrated replication topology, that is as a read-write replica that logs changes. This procedure is explained in Chapter 8, “Managing Replication” of the Netscape Directory Server Administrator’s Guide. Then configure ServerD to be a legacy consumer.
Page 90 Migration Procedure To better understand Approach 2, consider a fairly simple replication topology: • One supplier server, ServerA. • Two consumer servers, ServerB and ServerC. • ServerA has a supplier-initiated replication agreement to ServerB and to ServerC. • ServerA, ServerB, and ServerC are 4.x Directory Servers. You can migrate a topology where ServerB and ServerC have NOTE consumer-initiated replication (CIR) agreements with ServerA.
Page 91: Migrating A 5.X Replicated Site
Migration Procedure Migrating a 5.x Replicated Site If you are upgrading from Directory Server 5.x to Directory Server 6.x, your replication configuration is automatically migrated when you run the script. migrateInstance6 To migrate a 5.x replicated site: Stop your Directory Server 5.x. Install Directory Server 6.x.
Page 92: Master Migration
Migration Procedure Migrate the first master; see section “Master Migration,” on page 92. Verify that writes and changes are being replicated through the servers. Migrate the second master; see section “Master Migration,” on page 92. Verify that writes and changes are being replicated through the servers. Migrate the hubs (if any);...
Page 93: Consumer Migration
Migration Procedure Install Directory Server 6.x, registering against the first master’s configuration instance. Run the migration script following the instructions in “Migrating a Standalone Server,” on page 80. Once your hub is migrated, test replication and make sure that it is working correctly.
Page 94: Upgrading From Directory Server 6.0X Versions
Upgrading From Directory Server 6.0x Versions serverRoot/shared/config/dbswitch.conf:directory default ldap://configHostname:configPort/o%3DNetscapeRoot serverRoot/slapd-serverID/config/dse.ldif:nsslapd-pluginarg0: ldap://configHostname:configPort/o%3DnetscapeRoot Turn off the pass through authentication (PTA) plug-in on Server2 by editing f file. dse.ldi In a text editor, open the file. serverRoot/slapd-serverID/config/dse.ldif Locate the entry for the the PTA plug-in : dn: cn=Pass Through Authentication,cn=plugins,cn=config Change nsslapd-pluginEnabled: on...
Page 95 Upgrading From Directory Server 6.0x Versions On your Directory Server 6.0x host machine, log in as or superuser (su). root Stop the server. # serverRoot/slapd-serverID/stop-server Create a new directory, for example: # mkdir ds61 # cd ds61 Download the Directory Server 6.1 product binaries file to the directory you created.
Page 96: After You Upgrade
Upgrading From Directory Server 6.0x Versions program starts upgrading your server. Follow the prompts and setup complete the upgrade process. Restart the server. # serverRoot/slapd-serverID/stop-server After You Upgrade To verify that the upgrade process was successful, it is recommended that you check the upgraded server for data consistency and and any custom schema.
Page 97: Chapter 7 Uninstalling Directory Server
Chapter 7 Uninstalling Directory Server You may need to remove an instance of Netscape Directory Server (Directory Server) or uninstall the entire server altogether. The Directory Server provides a utility that enables you to uninstall the software as a whole or to remove selected components.
Page 98: Uninstalling Directory Server
Uninstalling Directory Server From the Object menu, select Stop; you can also right-click to choose this option from the pop-up menu. When the server has stopped, from the Object menu, choose Remove Server. You can also right-click to choose this option from the pop-up menu. When prompted, confirm that you want to remove the server instance.
Page 99: Uninstalling Directory Server On Windows Systems
Uninstalling Directory Server Select the default, , to remove all components of Directory Server. Alternately, you may choose to remove individual components by selecting them from the list that appears on the screen: Administration Services Netscape Directory Suite Server Core Components nsPerl PerLDAP When prompted, enter the administrator ID and password for the...
Page 100: Using Windows Add/Remove Programs Utility
Uninstalling Directory Server Locate and double-click the uninstallation utility, uninst.exe The Netscape Uninstall window appears, showing a list of components: Administration Services Netscape Directory Suite Server Core Components nsPerl PerLDAP Select the components you want to remove and click Uninstall. To remove specific subcomponents, select the component and click Sub Components.
Page 101 Uninstalling Directory Server Locate and select the entry for Netscape Directory Server. The entry is of the form version_number Netscape Server Products server_root, where version_number is your Directory Server’s version number and server_root is your Directory Server’s installation directory. Click Add/Remove. The Netscape Uninstall window appears, showing a list of components: Administration Services Netscape Directory Suite...
Page 102 Uninstalling Directory Server Netscape Directory Server Installation Guide • August 2002...
Page 103: Chapter 8 Troubleshooting
Chapter 8 Troubleshooting This chapter describes the most common installation problems and how to solve them. It also provides some tips on checking patch levels and kernel parameter settings for your system. This chapter has the following sections: • Running dsktune (page 103) •...
Page 104 Running dsktune The following is an example of output that generates. Note that dsktune dsktune does not itself make any changes to the system. Netscape Directory Server system tuning analysis version 25-SEP-2001. NOTICE : System is usparc-sun-solaris5.8 (SUNW,Ultra-5_10) (1 processor). NOTICE : Patch 109320-01 is not installed.
Page 105: Common Installation Problems
Common Installation Problems ndd -set /dev/tcp tcp_smallest_anon_port 8192 WARNING: tcp_deferred_ack_interval is currently 100 milliseconds. This will cause Solaris to insert artificial delays in the LDAP protocol. It should be reduced during load testing. This line can be added to the /etc/init.d/inetinit file: ndd -set /dev/tcp tcp_deferred_ack_interval 5 WARNING: There are only 1024 file descriptors available, which limit the number of simultaneous connections.
Page 106 Common Installation Problems On the desktop, right click the icon labeled My Computer. Click on the Network Identification tab. Click the Properties box. In the Identification Changes dialog box, click More. Next to the label “Primary DNS Suffix of this computer,” enter the appropriate domain name.
Page 107 Common Installation Problems If you have forgotten the Directory Manager DN password, you can reset it by doing the following: Find the attribute in . If the attribute value is not nsslapd-rootpw slapd.conf encrypted in any way (that is, it does not start with ) then the {SHA} {CRYPT}...
Page 108 Common Installation Problems Netscape Directory Server Installation Guide • August 2002...
Page 109: Glossary
Glossary access control instruction See ACI. ACI Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list See ACL. ACL Access control list. The mechanism for controlling access to your directory. access rights In the context of access control, specify the level of access granted or denied.
Page 110 attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list A list of required and optional attributes for a given entry type or object class.
Page 111 browser Software, such as Netscape Navigator, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server. browsing index Otherwise known as the virtual view index, speeds up the display of entries in the Directory Server Console.
Page 112 CIR See consumer-initiated replication. class definition Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory. class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes.
Page 113 DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory. Data Master The server that is the master source of a particular piece of data. database link An implementation of chaining. The database link behaves like a database but has no persistent storage.
Page 114 DNS alias A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as might point to a real machine called www.[yourdomain].[domain] where the server currently exists.
Page 115 HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Netscape Navigator how to display text, position graphics and form items, and display links to other pages. HTTP Hypertext Transfer Protocol.
Page 116 LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format LDAP client Software used to request and view LDAP entries from an LDAP Directory Server. See also browser. LDAP Data Interchange Format See LDAP Data Interchange Format. LDAP URL Provides the means of locating directory servers using DNS and then completing the query via LDAP.
Page 117 matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. MD5 A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data, that is unique with high probability, and is mathematically extremely hard to produce a piece of data that will produce the same message digest.
Page 118 network management station See NMS. NIS Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, file systems, and network parameters throughout a network of computers. NMS Network Management Station.
Page 119 permission In the context of access control, the permission states whether access to the directory information is granted or denied, and the level of access that is granted or denied. See access rights. PDU Protocol Data Unit. Encoded messages which form the basis of data exchanges between SNMP devices.
Page 120 RDN Relative distinguished name. The name of the actual entry itself, before the entry’s ancestors have been appended to the string to form the full distinguished name. referential integrity Mechanism that ensures that relationships between related entries are maintained within the directory. referral (1) When a server receives a search or update request from an LDAP client that it cannot process, it usually sends back to the client a pointer to the LDAP sever that can process the request.
Page 121 root The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine. root suffix The parent of one or more sub suffixes. A directory tree can contain more than one root suffix. schema Definitions describing what types of information can be stored as entries in the directory.
Page 122 single-master replication The most basic replication scenario in which two servers each hold a copy of the same read-write replicas to consumer servers. In a single-master replication scenario, the supplier server maintains a change log. SIR See supplier-initiated replication. slapd LDAP Directory Server daemon or service that is responsible for most functions of a directory except replication.
Page 123 supplier server In the context of replication, a server that holds a replica that is copied to a different server is called a supplier for that replica. supplier-initiated replication Replication configuration where supplier servers replicate directory data to consumer servers. symmetric encryption Encryption that uses the same key for both encrypting and decrypting.
Page 124 virtual list view index Otherwise known as a browsing index, speeds up the display of entries in the Directory Server Console. Virtual list view indexes can be created on any branchpoint in the directory tree to improve display performance. X.500 standard The set of ISO/ITU-T documents outlining the recommended information model, object classes and attributes used by directory server implementations.
Page 125: Index
Index administration domain, defined 18 express install defined 19 administration port number 35, 52 using 47 administration server 12 administration server user 15 authentication entities 15 fonts, in this book 8 configuration decisions 12 configuration directory administrator 15 configuration directory, defined 16 conventions, in this book 8 glossary of terms 109–124 creating silent install files 59...
Page 126 preparing for 11 troubleshooting 106 process overview 19 preparing for installation 11 new installations 19 prerequisites requirements 23 migration 76 installation directory, default 14 removing the directory server 97 LDAP Data Interchange Format (LDIF) replicated site creating databases using 72 migration of 4.x sites 87 LDIF, See LDAP Data Interchange Format migration of 5.x MMR deployment 91...
Page 127 terms, in this book 8, 109–124 typical install, defined 19 typical install, using on NT 53 on UNIX 49 uninstalling the directory server 97 upgrade defined 75 upgrading prerequisites for 94 user and groups to run servers as 14 user directory, defined 17 Index...
Page 128 Netscape Directory Server Installation Guide • August 2002...

Netscape DIRECTORY SERVER 6.1 Installation Manual

About this Guide

Chapter 1 Preparing for a Directory Server Installation

Chapter 2 Computer System Requirements

Chapter 3 Using Express and Typical Installation

Chapter 4 Silent Installation

Chapter 5 Post Installation

Chapter 6 Migrating and Upgrading from Previous Versions

Chapter 7 Uninstalling Directory Server

Chapter 8 Troubleshooting

Glossary

Index

Quick Links

Installation Guide

Need help?

Questions and answers

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.1

Summary of Contents for Netscape NETSCAPE DIRECTORY SERVER 6.1

Table of Contents