Page 1: Installation Guide
Installation Guide Netscape Directory Server Version 7.0 October 2004...
Page 2 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law.
Page 3: Table Of Contents
Contents Contents ............... 3 About This Guide .
Page 4 Chapter 2 Computer System Requirements ........23 Summary of Supported Platforms .
Page 5 Chapter 4 Silent Installation and Instance Creation ....... . . 53 Using Silent Installation .
Page 6 Chapter 8 Troubleshooting ........... . 97 Running dsktune .
Page 7: About This Guide
About This Guide Welcome to Netscape Directory Server (Directory Server). This manual provides a high-level overview of design and planning decisions you need to make before installing the Directory Server and describes the different installation methods that you can use. This preface contains the following sections: •...
Page 8: Conventions Used In This Guide
Conventions Used in This Guide • Directory Server Console — An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. The directory console is part of Netscape Console, the common management framework for Netscape servers. •...
Page 9: Related Information
Related Information • All paths specified in this manual are in UNIX format. If you are using a Windows-based Directory Server, you should assume the equivalent file paths whenever UNIX file paths are shown in this guide. Related Information The document set for Directory Server also contains the following guides: •...
Page 10 Related Information For the latest information about Directory Server, including current release notes, complete product documentation, technical notes, and deployment information, check this site: http://enterprise.netscape.com/docs Netscape Directory Server Installation Guide • October 2004...
Page 11: Chapter 1 Preparing For A Directory Server Installation
Chapter 1 Preparing for a Directory Server Installation Before you begin installing Netscape Directory Server (Directory Server), you should have an understanding of the various Directory Server components and the design and configuration decisions you need to make. To help you prepare for your Directory Server installation, you should be familiar with the concepts contained in the following sections: •...
Page 12: Configuration Decisions
Configuration Decisions • Netscape Administration Server — Administration Server is a common front-end to all Netscape servers. It receives communications from Netscape Console and passes those communications on to the appropriate Netscape server. Your site will have at least one administration server for each server root in which you have installed a Netscape server.
Page 13: Choosing Unique Port Numbers
Configuration Decisions Choosing Unique Port Numbers Port numbers can be any number from . Keep the following in mind 65535 when choosing a port number for your Directory Server: • The standard Directory Server (LDAP) port number is • Port is reserved from LDAP over SSL.
Page 14: Deciding The User And Group For Your Netscape Servers (Unix Only)
Configuration Decisions By default, the server root directory is one of the following: • (on UNIX systems) /usr/netscape/servers • (on Windows systems) c:\netscape\servers Deciding the User and Group for Your Netscape Servers (UNIX only) For security reasons, it is always best to run UNIX-based production servers with normal user privileges.
Page 15: Defining Authentication Entities
Configuration Decisions Defining Authentication Entities As you install Directory Server and Administration Server, you will be asked for various user names, distinguished names (DN), and passwords. This list of login and bind entities will differ depending on the type of installation that you are performing: •...
Page 16: Determining Your Directory Suffix
Configuration Decisions Normally, Administration Server user and password should be identical to the configuration directory administrator ID and password. Determining Your Directory Suffix A directory suffix is the directory entry that represents the first entry in a directory tree. You will need at least one directory suffix for the tree that will contain your enterprise’s data.
Page 17: Determining The Location Of The User Directory
Configuration Decisions Because the configuration directory normally experiences very little traffic, you can allow its server instance to coexist on a machine with another more heavily loaded Directory Server instance. However, for very large sites that are installing a large number of Netscape servers, you may want to dedicate a low-end machine to the configuration directory so as not to hurt the performance of your other production servers.
Page 18: Determining The Administration Domain
Configuration Decisions Between your user directory and your configuration directory, it is your user directory that will receive the overwhelming percentage of the directory traffic. For this reason, you should give the user directory the greatest computing resources. Because the configuration directory should receive very little traffic, it can be installed on a machine with very low-end resources (such as a minimally-equipped Pentium).
Page 19: Installation Process Overview
Installation Process Overview For many installations, you can have just one administration domain. In this case, choose a name that is representative of your organization. For other installations, you may want different domains because of the demands at your site. In the latter case, try to name your administration domains after the organizations that will control the servers in that domain.
Page 20: Migration And Upgrade Process
Installation Process Overview Beyond determining which type of installation process you will use, the process for installing Directory Server is as follows: Plan your directory service. By planning your directory tree in advance, you can design a service that is easy to manage and easy to scale as your organization grows.
Page 21: Starting The Slapd Process (Unix Only)
Installation Privileges On Windows, unzip the product binaries. Starting the slapd Process (Unix Only) On UNIX systems, you will need to write an script to start the process, as slapd it does not start automatically when the system boots. Installation Privileges On UNIX you must install as if you choose to run the server on a port below root...
Page 22 Installation Privileges Netscape Directory Server Installation Guide • October 2004...
Page 23: Chapter 2 Computer System Requirements
Chapter 2 Computer System Requirements Before you can install Netscape Directory Server (Directory Server), you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements. Directory Server 7.0 is compiled as a 64-bit application for some platforms, meaning Directory Server now supports deployments with memory cache sizes larger than 4Gbytes and limited only by available memory.
Page 24: 32-Bit Process
Summary of Supported Platforms Before you install Directory Server, check the required patches and kernel parameter settings, as described in the sections that follow. Also, ensure that DNS is properly configured on the system and that the system has a static IP address. 32-bit Process Table 2-1 Supported Platforms - 32-bit...
Page 25: 64-Bit Process
Summary of Supported Platforms Table 2-1 Supported Platforms - 32-bit (Continued) Other Requirements You must install as in order to use well-known port numbers (such as root 389) that are less than 1024. If you do not plan to use port numbers less than 1024, you do not need to install as .
Page 26: Hardware Requirements
Hardware Requirements Table 2-2 Supported Platforms - 64-bit HP-UX® Platform Requirements Storage Space/Hard Disk Approximately 300Mbyte of disk space for a minimal installation. For production systems, you should plan at least 2Gbyte to support the product binaries, databases, and log files (log files require 1Gbyte by default);...
Page 27: Operating System Requirements
Operating System Requirements • Roughly 200 of disk space for a minimal installation. For production Mbyte systems, you should plan at least 2 to support the product binaries, Gbyte databases, and log files (log files require 1 by default); 4 and greater Gbyte Gbyte...
Page 28: Dsktune Utility
Operating System Requirements dsktune Utility For UNIX platforms, Directory Server provides a utility named that can dsktune help you verify whether you have the appropriate patches installed on your system. The utility also provides useful information and advice on how to tune your kernel parameters for best performance.
Page 29: Verifying Required System Modules
Operating System Requirements Download drive: 120 Mbyte Installation drive: 2 Gbyte Verifying Required System Modules Directory Server is not supported on HP-UX 10 or earlier versions. The minimum system module required is HP-UX 11. Directory Server may only be used on a 64-bit HP-UX 11 environment as a 64-bit process and may contain up to 8Gbytes of process memory.
Page 30: Tuning The System
Operating System Requirements • Run the utility to see if you need to install any other patches. The dsktune utility helps you to verify whether you have the appropriate patches installed on your system and provides useful information and advice on how to tune your kernel parameters for best performance.
Page 31: Installing Third-Party Utilities
Operating System Requirements Installing Third-Party Utilities You will need the utility to unpack the Directory Server software. The gunzip programs are described in more detail at gzip gunzip and can be obtained from http://www.gnu.org/software/gzip/gzip.html many software distribution sites. You may need Adobe Acrobat Reader to read the documentation. If you do not have it installed, you can download it from http://www.adobe.com/products/acrobat/readstep2.html Microsoft Windows 2000 Advanced Server...
Page 32: Verifying Required System Modules
Operating System Requirements No other network functions should be provided by this computer. The computer should not be a dual-booting system or run other operating systems. At a minimum, the computer system should have at least 256 of RAM, 2 Mbyte Gbyte disk, a Pentium 3 or later processor, and a 100 MBps Ethernet connection.
Page 33: Ensuring System Clock Accuracy
Operating System Requirements To edit the server configuration file, you will need a text editor that is capable of handling large text files (Notepad and Wordpad are not suitable). If you are already familiar with Emacs text editor on UNIX, a port to Windows can be downloaded from .
Page 34: Red Hat Linux Advanced Server 3 Operating System
Installing Third-Party Utilities In addition to these recommendations, be sure to check the OS vendor’s web site for the latest information pertaining to your OS version: http://www.redhat.com/apps/support/ Verifying Disk Space Requirements Ensure that you have sufficient disk space before downloading the software.
Page 35: Verifying Required System Modules
Operating System Requirements Verifying Required System Modules Directory Server is certified to work on: • The Intel Pentium series processors [i686]. • The default revisions that comes along with Red Hat Linux kernel/glibc Advanced Server 3 and the other kernel revisions with their corresponding glibc revisions as mentioned below.
Page 36: Tuning The System
Operating System Requirements Tuning the System This section contains some basic system tuning information. Keep in mind that changing any of the following kernel-tuning parameters requires a system reboot. • NFS Tuning — This tuning is recommended if you are using Directory Server to write to NFS mounted drives.
Page 37: Sun Solaris 9 Operating System
Operating System Requirements Sun Solaris 9 Operating System If you plan to install Directory Server on a machine running the Solaris 9 operating system (OS), follow the recommendations outlined in these sections: • Verifying Disk Space Requirements • Verifying Required System Modules •...
Page 38: Installing Patches
Operating System Requirements Installing Patches You must use Solaris 9 with the Sun recommended patches. The Sun recommended patch clusters can be obtained from your Solaris support representative or from the site. http://sunsolve.sun.com Solaris patches are identified by two numbers; for example, 112233-04. The first number (112233) identifies the patch itself.
Page 39: Tuning The System
Operating System Requirements Table 2-3 Solaris 9 Patch List (Continued) 113033-04: SunOS 5.9: patch /kernel/drv/isp and /kernel/drv/sparcv9/isp 112601-09: SunOS 5.9: PGX32 Graphics 113923-02: X11 6.6.1: security font server Patch 112817-18: SunOS 5.9: Sun GigaSwift Ethernet 1.0 driver Patch 113718-02: SunOS 5.9: usr/lib/utmp_update Patch 114135-01: SunOS 5.9: at utility Patch 112834-04:...
Page 40: Tuning Tcp Parameters
Operating System Requirements CAUTION This parameter should not be raised above without first 4096 consulting your Sun Solaris support representative since it may affect the stability of the system. You should also set the soft limit for file descriptors: ulimit -n in csh limit desc 1024 Use the utility (see “dsktune Utility,”...
Page 41: Dns And Nis Requirements (Unix Only)
Operating System Requirements controls the number of simultaneous connections tcp_smallest_anon_port that can be made to the server. When has been increased to above rlim_fd_max , this value should be decreased by adding a line to the 4096 file similar to the following : /etc/init.d/inetinit ndd -set /dev/tcp tcp_smallest_anon_port 8192 parameter should be inspected if clients will...
Page 42 Operating System Requirements Netscape Directory Server Installation Guide • October 2004...
Page 43: Chapter 3 Using Express And Typical Installation
Chapter 3 Using Express and Typical Installation This chapter describes how to perform basic installation activities. This chapter contains the following sections: • Using Express Installation (page 43) • Using Typical Installation (page 45) Using Express Installation Use express installation if you are installing Directory Server to evaluate or test the product.
Page 44 Using Express Installation On a Windows system, unzip the product binaries. Run the program. You can find it in the directory in which you setup untarred or unzipped the binary files. On a UNIX system, issue the following command: ./setup Select “yes”...
Page 45: Using Typical Installation
Using Typical Installation o=NetscapeRoot Do not modify the contents of the directory under the o=NetscapeRoot suffix. Either create data under the first suffix or create a new suffix to be used for this purpose. For details on how to create new suffixes for your Directory Server, see the Netscape Directory Server Administrator’s Guide.
Page 46 Using Typical Installation Next, the program asks you if you agree to the license terms. Press setup agree with the license terms. When you are asked what you would like to install, press Enter to select the default, Netscape Servers. When you are asked what type of installation you would like to perform, press Enter to select the default, Typical Installation.
Page 47 Using Typical Installation CAUTION The default hostname may be incorrect if the installer cannot locate a DNS name in your system. For example, you might not have a DNS name if your system uses NIS. The hostname must be a fully qualified host and domain name. If the default hostname is not a fully qualified host and domain name, installation will fail.
Page 48 Using Typical Installation For configuration directory administrator ID and password, enter the name and password that you will log in as when you want to authenticate to the console with full privileges. For a directory suffix, enter a distinguished name (DN) meaningful to your enterprise.
Page 49: Using Typical Installation On Windows
Using Typical Installation For the user you want to run Administration Server as, enter . This is the root default. For information on why you should run Administration Server as , see root “Deciding the User and Group for Your Netscape Servers (UNIX only),” on page 14.
Page 50 Using Typical Installation For configuration directory, select the default if this directory will host your tree. Otherwise, enter the appropriate contact information o=NetscapeRoot for the configuration directory. If this Directory Server instance is not the configuration directory, then the configuration directory must exist and be running before you can continue this installation.
Page 51 Using Typical Installation For Directory Manager DN, enter the DN that you will use when managing the contents of your directory with unlimited privileges. NOTE Any DN must be entered in the UTF-8 character set encoding. Older encodings such as ISO-8859-1 are not supported. In former releases of Directory Server, the Directory Manager was known as .
Page 52 Using Typical Installation Netscape Directory Server Installation Guide • October 2004...
Page 53: Chapter 4 Silent Installation And Instance Creation
Chapter 4 Silent Installation and Instance Creation Silent installation allows you to use a file to predefine all the answers that you would normally supply to the program interactively; this provides you with setup the ability to script the installation of multiple instances of Netscape Directory Server (Directory Server).
Page 54: Preparing Silent Installation Files
Using Silent Installation Create a new directory: # mkdir ds # cd ds If you have not already done so, download the product binaries file to the installation directory. On Windows machines, unzip the product binaries. On UNIX, unpack the product binaries file using the following command: # gunzip -dc filename.tar.gz | tar -xvof- where...
Page 55 Using Silent Installation You will have to make some modifications to this file before you use it. Specifically, ensure that you have done the following: • — Set this directive to a value that is appropriate for the FullMachineName machine on which Directory Server will be installed if it’s not to be the local machine.
Page 56: Sample File For Typical Installation
Using Silent Installation • Sample File for Installing the Standalone Netscape Console You can find a definition of the individual installation directives in "Specifying Silent Installation Directives‚" on page 59. NOTE file provided with the Directory Server is merely a silent.inf template, an example of how to write your own.
Page 57: Sample File For Using An Existing Configuration Directory
Using Silent Installation Components= slapd,slapd-client [admin] SysUser= root Port= 23611 ServerIpAddress= 111.11.11.11 ServerAdminID= admin ServerAdminPwd= admin Components= admin,admin-client [base] Components= base,base-client,base-jre [nsperl] Components= nsperl561 [perldap] Components= perldap14 Sample File for Using an Existing Configuration Directory The following is an example of the file that is generated when you install.inf perform a typical installation and you choose to use an existing Directory Server as...
Page 58: Sample File For Installing The Standalone Netscape Console
Using Silent Installation UseReplication= No AddSampleEntries= No InstallLdifFile= suggest AddOrgEntries= Yes DisableSchemaChecking= No RootDNPwd= admin123 Components= slapd,slapd-client [admin] SysUser= root Port= 33646 ServerIpAddress= 111.11.11.11 ServerAdminID= admin ServerAdminPwd= admin Components= admin,admin-client [base] Components= base,base-client,base-jre [nsperl] Components= nsperl561 [perldap] Components= perldap14 Sample File for Installing the Standalone Netscape Console The following is an example of the file that is generated when you install.inf...
Page 59: Specifying Silent Installation Directives
Using Silent Installation Specifying Silent Installation Directives This section describes the basic format of the file used for silent installation. It then describes the directives that are available for each area of the silent installation file. • Silent Installation File Format •...
Page 60: [General] Installation Directives
Using Silent Installation [General] Installation Directives ] installation directives specify information of global interest to the General Netscape servers installed at your site. That is, the information you provide here will be common to all your Netscape servers. The [ ] installation directives are listed in Table 4-1.
Page 61: [Slapd] Installation Directives
Using Silent Installation Table 4-1 [General] Installation Directives (Continued) Directive Description Specifies the LDAP URL that is used to connect to your ConfigDirectoryLdapURL configuration directory. LDAP URLs are described in the Netscape Directory Server Administrator’s Guide. This directive is required. Specifies the administration domain under which this AdminDomain server will be registered.
Page 62 Using Silent Installation Table 4-2 Required and Optional [slapd] Installation Directives Required Directive Description Specifies the slapd components to be installed. The Components components are: • slapd — Install Directory Server. • slapd-client — Install Directory Server Console. This directive is required. It is recommended that you always install both components any time you install the Directory Server.
Page 63: [Admin] Installation Directives
Using Silent Installation Table 4-2 Required and Optional [slapd] Installation Directives (Continued) Required Directive Description If set to yes, this directive causes the new Directory AddOrgEntries Server instance to be created with a suggested directory structure and access control. If this directive is used and InstallLdifFile is also used, then this directive has no effect.
Page 64: [Base] Installation Directives
Using Silent Installation Table 4-3 [admin] Installation Directives (Continued) Directive Description Specifies the port that the Administration Server will Port use. Note that the Administration Server’s host name is given by the FullMachineName directive. For more information on FullMachineName, see Table 4-1. Specifies the administration ID that can be used to access ServerAdminID this Administration Server if the configuration directory...
Page 65: [Nsperl] Installation Directives
Using Silent Instance Creation [nsperl] Installation Directives There is only one [ ] installation directive and it allows you to determine nsperl whether nsPerl is to be installed. Table 4-5 lists the directive. ] Installation Directive Table 4-5 nsperl Directive Description Specifies whether nsperl that is bundled with Directory Components...
Page 66 Using Silent Instance Creation Because all instances of Directory Server under a server root use the same Administration Server, the instance creation process does not install Administration Server binaries; you cannot create two instances of Administration Server in one server root. Having multiple instances in a single server root is useful for testing and for when one host is used for multiple purposes.
Page 67 Using Silent Instance Creation Suffix= dc=europe,dc=example,dc=com SlapdConfigForMC= No UseExistingMC= Yes UseExistingUG= No SecurityOn= No UseReplication= No SetupSupplier= No SetupConsumer= No AddSampleEntries= No InstallLdifFile= suggest AddOrgEntries= Yes DisableSchemaChecking= No Chapter 4 Silent Installation and Instance Creation...
Page 68 Using Silent Instance Creation Netscape Directory Server Installation Guide • October 2004...
Page 69: Chapter 5 Post Installation
Chapter 5 Post Installation This chapter describes the post-installation procedures for launching the online help and populating the directory tree. This chapter has the following sections: • Launching the Help System (page 69) • Populating the Directory Tree (page 70) Launching the Help System The help system for Directory Server is dependent upon Netscape Administration Server.
Page 70: Populating The Directory Tree
Populating the Directory Tree Restart Administration Server. You can now launch the online help by clicking any of the Help buttons in the Directory Server Console. Proxy authorized on Administration Server. If you use proxies for your HTTP connections on the client machine running Directory Server Console, you need to do one of the following: Remove proxies on the machine running Directory Server Console.
Page 71 Populating the Directory Tree • Start your Directory Server with an empty database and import data over LDAP — This method requires you to populate your directory using an LDAP client such as Directory Server Gateway or the command-line ldapmodify utility.
Page 72 Populating the Directory Tree Netscape Directory Server Installation Guide • October 2004...
Page 73: Chapter 6 Migrating From Previous Versions
Chapter 6 Migrating from Previous Versions If you have a previous installation of Directory Server, depending on its version, you can migrate or upgrade to Netscape Directory Server 7.x. Migration refers to the process of moving Directory Server 6.x files to Directory Server 7.x. Upgrade refers to the process of updating Directory Server files;...
Page 74: Migration Prerequisites
Migration Prerequisites • Creates a database for each suffix stored in the legacy Directory Server. (In current releases of Directory Server, you can have multiple databases but just one suffix per database.) • Checks if any database exists and, if it does, gives you the option to save the database (by exporting it to a file), skip the database, or overwrite the database.
Page 75: Migration Procedure
Migration Procedure • If you want to continue to run your legacy Directory Server, when you install the new Directory Server, choose different ports for LDAP traffic and for secured connections than the ones used by your legacy Directory Server. If you will not be running your legacy Directory Server, use the same port numbers to ensure that any directory clients that have static configuration information (including Directory Server port numbers) will continue to work.
Page 76: Migrating A Standalone Server
Migration Procedure • Read sections "Migration Overview‚" on page 73, and "Migration Prerequisites‚" on page 74. • The migration script will automatically back up your Directory Server configuration if it’s in the default location. If you are migrating from Directory Server 6.x, all of the configuration files in the directory /usr/netscape/servers/slapd-serverID/config...
Page 77 Migration Procedure Run the migration script. user (on UNIX) or (on Windows), change directory to root administrator . Then enter the following command: serverRoot/bin/slapd/admin/bin On UNIX: migrateInstance7 -D rootDN -w password -p port -o oldInstancePath -n newInstancePath On Windows (see also "Migrating Windows‚" on page 87): perl migrateInstance7 -D rootDN -w password -p port -o oldInstancePath -n newInstancePath -d "oldDataDirectoryPath"...
Page 78 Migration Procedure Follow the prompts. For example, if you’re prompted to provide a path and filename for your backup directory, enter one or accept the default. The migration process starts. At the end of migration, your legacy Directory Server is migrated. Additionally, as a result of this migration, a new Directory Server 7.x instance is installed using the configuration information obtained from your legacy Directory Server;...
Page 79 Migration Procedure Backup /export/home/jdoe/70-latest/slapd-bart/config on /export/home/jdoe/70-latest/slapd-bart/config_backup ... Where do you want to back up your configuration directory [/export/home/jdoe/70-latest/slapd-bart/config_backup] ? Migrate the schema... Connected to 7.0 LDAP server ------------------------------------------------------------------------- Parse the old DSE ldif file: /export/home/jdoe/611-latest/slapd-bart/config/dse.ldif ***** This may take a while ... Migrate DSE entries...
Page 80 Migration Procedure Param: nsbindtimeout values To migrate: 15 Param: nsbindtimeout new current values: 15 Param: nsabandonedsearchcheckinterval values To migrate: 2 Param: nsabandonedsearchcheckinterval new current values: 2 Param: nsconcurrentoperationslimit values To migrate: 10 Param: nsconcurrentoperationslimit new current values: 10 Param: nschecklocalaci values To migrate: off Param: nschecklocalaci new current values: off Param: nshoplimit values To migrate: 10 Param: nshoplimit new current values: 10...
Page 81 Migration Procedure *** LDBM_BACKEND_INSTANCE - cn=backend2,cn=ldbm database,cn=plugins,cn=config already exists *** Migration will overwrite existing database Do you want to continue Yes/No [No] ? y Do you want to export the existing data Yes/No [Yes] ? n We should add the backend instance cn=backend3,cn=ldbm database,cn=plugins,cn=config LDBM_BACKEND_INSTANCE - Add successfull: cn=backend3,cn=ldbm database,cn=plugins,cn=config...
Page 82 Migration Procedure Migrate replicas... ------------------------------------------------------------------------- Migrate replication agreements... ------------------------------------------------------------------------- Migrate key/cert databases... ------------------------------------------------------------------------- Migrate Certmap.conf... Where do you want to back up the file /export/home/jdoe/611-latest/shared/config/certmap.conf [/export/home/jdoe/611-latest/shared/config/certmap.conf_backup] ? ***** Close the LDAP connection to the new Directory Server instance ***** Shutting down server slapd-bart ..
Page 83 Migration Procedure [12/Jun/2002:10:33:40 -0700] - import backend1: Cleaning up producer thread... [12/Jun/2002:10:33:40 -0700] - import backend1: Indexing complete. Post-processing... [12/Jun/2002:10:33:40 -0700] - import backend1: Flushing caches... [12/Jun/2002:10:33:40 -0700] - import backend1: Closing files... [12/Jun/2002:10:33:40 -0700] - import backend1: Import complete. Processed 3 entries in 3 seconds.
Page 84: Migrating A 6.X Replicated Site
Migration Procedure ***** Migrate MultiplexorBindDN entries... ****** End of migration ****** Migrating a 6.x Replicated Site If you are upgrading from Directory Server 6.x to Directory Server 7.x, your replication configuration is automatically migrated when you run the script. migrateInstance7 To migrate a 6.x replicated site: Stop your Directory Server 6.x.
Page 85: Supplier Migration
Migration Procedure The migration process can be summarized into these steps: Stop directory writes on both suppliers. It is imperative that there are no entries being written or changed on the suppliers during the migration. After both the suppliers are migrated, writes can resume.
Page 86: Hub Migration
Migration Procedure Once your supplier is migrated, test replication to make sure that it is working correctly. After you finish this process for the first supplier, repeat the steps for the other suppliers. You may wish to set up multi-master replication for o=NetscapeRoot between the instances on the suppliers.
Page 87: Managing Console Failover
Migration Procedure Managing Console Failover If you have a multi-master installation with replicated between o=NetscapeRoot your two suppliers, server1 and server2, you can modify the Console on the second server (server2) so that it uses server2’s instance instead of server1’s. (By default, writes with server2’s Console would be made to server1 then replicated over.) To accomplish this, you must: Shut down the Administration Server and Directory Server.
Page 88: Migrating A Single Instance
Migration Procedure Migrating a Single Instance Archive the old Directory Server installation. Create a data directory, and export all data to LDIF files in that directory by running the option: db2ldif.pl -r nsperl db2ldif.pl -D "cn=Directory Manager" -w secret -p 389 -n userroot -r -a c:\data\userroot.ldif -s "dc=example,dc=com"...
Page 89 Migration Procedure replication agreement and use the Connection tab to change the password. After you change the password, replication will automatically resume with no need for a reinitialization. The password does not need to be reconfigured in the Replication Manager entry in dse.ldif NOTE You must import your database LDIF files at the time of migration...
Page 90 Migration Procedure To migrate a Windows hub: Archive the old Directory Server installation. Create a data directory, and export all data to LDIF files in that directory by running the option. db2ldif -r Do this separately for each instance of the old Directory Server. The data directory should contain one LDIF file for each backend;...
Page 91: Chapter 7 Uninstalling Directory Server
Chapter 7 Uninstalling Directory Server You may need to remove an instance of Netscape Directory Server (Directory Server) or uninstall the entire server altogether. The Directory Server provides a utility that enables you to uninstall the software as a whole or to remove selected components.
Page 92: Uninstalling Directory Server
Uninstalling Directory Server From the Object menu, select Stop; you can also right-click to choose this option from the pop-up menu. When the server has stopped, go to the Object menu, and choose Remove Server. You can also right-click to choose this option from the pop-up menu. When prompted, confirm that you want to remove the server instance.
Page 93: Uninstalling Directory Server On Windows Systems
Uninstalling Directory Server Select the default, , to remove all components of Directory Server. Alternately, you may choose to remove individual components by selecting them from the list that appears on the screen: Administration Services Netscape Directory Suite Server Core Components nsPerl PerLDAP When prompted, enter the administrator ID and password for the...
Page 94: Using Windows Add/Remove Programs Utility
Uninstalling Directory Server Locate and double-click the uninstallation utility, uninst.exe The Netscape Uninstall window appears, showing a list of components: Administration Services Netscape Directory Suite Server Core Components nsPerl PerLDAP Select the components you want to remove, and click Uninstall. To remove specific subcomponents, select the component, and click Sub Components.
Page 95 Uninstalling Directory Server Locate and select the entry for Netscape Directory Server. The entry is in the form version_number Netscape Server Products server_root, where version_number is your Directory Server’s version number and server_root is your Directory Server’s installation directory. Click Add/Remove. The Netscape Uninstall window appears, showing a list of components: Administration Services Netscape Directory Suite...
Page 96 Uninstalling Directory Server Netscape Directory Server Installation Guide • October 2004...
Page 97: Chapter 8 Troubleshooting
Chapter 8 Troubleshooting This chapter describes the most common installation problems and how to solve them. It also provides some tips on checking patch levels and kernel parameter settings for your system. This chapter has the following sections: • Running dsktune (page 97) •...
Page 98 Running dsktune The following is an example of output that generates. does not dsktune dsktune itself make any changes to the system. Netscape Directory Server system tuning analysis version 15-MAY-2003. NOTICE : System is usparc-SUNW,Ultra-5_10-solaris5.8_s28s_u7wos_08a (1 processor). ERROR : Patch 108528-18 is present, but 108528-19 (Feb/21/2003: SunOS 5.8: kernel update patch) is a more recent version.
Page 99 Running dsktune ERROR : Patch 110934-10 is present, but 110934-11 (Feb/20/2003: SunOS 5.8: pkgtrans, pkgadd, pkgchk and libpkg.a patch) is a more recent version. ERROR : Patch 111874-05 is present, but 111874-06 (Jan/23/2003: SunOS 5.8: usr/bin/mail patch) is a more recent version. ERROR : Patch 111879-01 (Aug/27/2001: SunOS 5.8: Solaris Product Registry patch SUNWwsr) is required but not installed.
Page 100 Running dsktune NOTICE : The NDD tcp_rexmit_interval_initial is currently set to 3000 milliseconds (3 seconds). This may cause packet loss for clients on Solaris 2.5.1 due to a bug in that version of Solaris. If the clients are not using Solaris 2.5.1, no problems should occur. NOTICE : If the directory service is intended only for LAN or private high-speed WAN environment, this interval can be reduced by adding to /etc/init.d/inetinit:...
Page 101: Common Installation Problems
Common Installation Problems WARNING: There are only 256 file descriptors (soft limit) available, which limit the number of simultaneous connections. Additional file descriptors, up to 1024 (hard limit), are available by issuing 'ulimit' ('limit' for tcsh) command with proper arguments. ulimit -n 4096 ERROR : The above errors MUST be corrected before proceeding.
Page 102 (RPM) be installed when compat-libstdc++-6.2 running the server on Redhat Advanced Server. The RPM may or may not be installed depending on the options that were chosen when the operating system was installed. If the RPM is not installed, you will get an error similar to the one shown below.
Page 103 Common Installation Problems [18/Jun/2002:10:56:39] failure ( 4322): Configuration initialization failed: Error running init function load-modules: dlopen of /export/dstest/bin/https/lib/libNSServletPlugin.so failed (libstdc++-libc6.1-1.so.2: cannot open shared object file: No such file or directory) For more information on RPM, check the JRE’s release notes at this URL: http://java.sun.com/j2se/1.4/install-linux.html I have forgotten the Directory manager DN and password.
Page 104 Common Installation Problems system TEMP directory. On UNIX, this directory is usually . On /tmp /var/tmp Windows, check the system properties to see the value assigned to the TEMP environment variable (alternatively, you can open a command window and type echo %TEMP% Netscape Directory Server Installation Guide •...
Page 105: Glossary
Glossary access control instruction See ACI. ACI Also Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list See ACL. ACL Also Access Control List. The mechanism for controlling access to your directory.
Page 106 attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list A list of required and optional attributes for a given entry type or object class.
Page 107 browser Software, such as Netscape Navigator, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server. browsing index Also virtual view index. Speeds up the display of entries in the Directory Server Console.
Page 108 CIR See consumer-initiated replication. class definition Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory. class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes.
Page 109 DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory. data master The server that is the master source of a particular piece of data. database link An implementation of chaining. The database link behaves like a database but has no persistent storage.
Page 110 DNS alias A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as might point to a real machine called www.yourdomain.domain where the server currently exists.
Page 111 hostname A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, is the machine www.example.com in the subdomain domain. example HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Netscape Navigator how to display text, position graphics, and form items and to display links to other pages.
Page 112 knowledge reference Pointers to directory information stored in different databases. LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms. LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format.
Page 113 mapping tree A data structure that associates the names of suffixes (subtrees) with databases. master agent See SNMP master agent. matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use.
Page 114 nested role Allows the creation of roles that contain other roles. network management application Network Management Station component that graphically displays information about SNMP managed devices (which device is up or down, which and how many error messages were received, etc.). network management station See NMS.
Page 115 password file A file on Unix machines that stores Unix user login names, passwords, and user ID numbers. It is also known as because of /etc/passwd where it is kept. password policy A set of rules that governs how passwords are used in a given directory.
Page 116 RAM Random access memory. The physical semiconductor-based memory in a computer. Information stored in RAM is lost when the computer is shut down. rc.local A file on Unix machines that describes programs that are run when the machine starts. It is also called because of its location.
Page 117 role An entry grouping mechanism. Each role has members, which are the entries that possess the role. role-based attributes Attributes that appear on an entry because it possesses a particular role within an associated CoS template. root The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine.
Page 118 service A background process on a Windows machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning. SIE Server Instance Entry. The ID assigned to an instance of Directory Server during installation. Simple Authentication and Security Layer See SASL.
Page 119 suffix The name of the entry at the top of the directory tree, below which data is stored. Multiple suffixes are possible within the same directory. Each database only has one suffix. superuser The most privileged user available on Unix machines. The superuser has complete access privileges to all files on the machine.
Page 120 uid A unique number associated with each user on a Unix system. URL Uniform Resource Locator. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is .
Page 121: Index
Index NUMERICS 32-bit OS requirements 24 default server root 13 64-bit 23 directory manager 15 64-bit OS requirements 25 directory server 12 directory suffix 16 directory tree configuring 70 ds_create 66 dsktune utility 28, 38, 97 administration domain, defined 18 administration port number 48 administration server 12 administration server user 15...
Page 122 install.inf 54 operating systems 23 installation components 11 configuration decisions 12 preparing for 11 process overview 19 new installations 19 port numbers requirements 23 selecting 13 installation directory, default 14 troubleshooting 102 preparing for installation 11 PrePreInstall field 28 prerequisites migration 74 LDAP Data Interchange Format (LDIF) creating databases using 70...
Page 123 silent install directives general 60 silent install files 54 silent install, defined 19 silent install, examples 55 typical install 56 silent install, using 53 styles, in this book 8 supported platforms 23 terms, in this book 8 typical install, defined 19 typical install, using on NT 49 on UNIX 45...
Page 124 Netscape Directory Server Installation Guide • October 2004...

Netscape DIRECTORY SERVER 7.0 Installation Manual

Contents

About this Guide

Chapter 1 Preparing for a Directory Server Installation

Chapter 2 Computer System Requirements

Chapter 3 Using Express and Typical Installation

Chapter 4 Silent Installation and Instance Creation

Chapter 5 Post Installation

Chapter 6 Migrating from Previous Versions

Chapter 7 Uninstalling Directory Server

Chapter 8 Troubleshooting

Glossary

Index

Quick Links

Installation Guide

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 7.0

Summary of Contents for Netscape NETSCAPE DIRECTORY SERVER 7.0

Table of Contents