Difference between revisions of "TestPager31231"
(Created page with '{{ambiguous title}} The below Directory Server installation instructions are currently sufficient for basic development, but not for production. Please see the Future Tasks sect…') |
|||
Line 1: | Line 1: | ||
− | |||
− | |||
The below Directory Server installation instructions are currently sufficient for basic development, but not for production. Please see the Future Tasks section for other topics of interest with regard to Directory Server. | The below Directory Server installation instructions are currently sufficient for basic development, but not for production. Please see the Future Tasks section for other topics of interest with regard to Directory Server. | ||
Latest revision as of 14:15, 1 September 2009
The below Directory Server installation instructions are currently sufficient for basic development, but not for production. Please see the Future Tasks section for other topics of interest with regard to Directory Server.
Contents
Pre-Upgraded Virtual Machines
A Sun Solaris x86 10 U7 virtual machine with Sun Java Directory Server Enterprise Edition (DSEE) 6.3.1 and Directory Services Control Center (DSCC) on Glassfish is available at the following URI:
- Sun Solaris U7 with Sun Directory Server 6.3.1 EE VMWare Workstation 6.5.1 Virtual Machine Files
- \\158.114.76.116\extra_storage\vakilbi\documents\virtualmachines\ds-1\
Pre-requisites
- Sun Solaris 05/09 U7 Operating System.
- Sun JDK 1.6
- Make sure JAVA_HOME points correctly to your JDK. Many of the installation programs require it.
- An application server. This document assumes Sun Glassfish (in /opt/glassfish), but contains notes for WebLogic as well.
- Obtain Directory Server 6.3 and 6.3.1 Installation files via Sun's website: http://www.sun.com/software/products/directory_srvr_ee/get1.jsp. Be sure to download the ZIP version, not the native packages version.
DSEE Installation
Java Directory Server EE version 6.3 and version 6.3.1 share a nearly identical installation process, but version 6.3 must be installed first because version 6.3.1 requires 6.3 to be already installed.
Installing DSEE 6.3
bash-3.00# gunzip -c DSEE6.3.1.Solaris10-X86_AMD64-full.tar.gz | tar xf - bash-3.00# mkdir /opt/dsee bash-3.00# ./dsee_ZIP_Distribution/dsee_deploy install -I -i /opt/dsee -p 21162
Notes:
- Your DSEE zip filename might be different depending on architecture.
- The -I option specifies acceptance of the license agreement. Please note this is a capital i.
- The -i option specifies the installation location
- The -p option specifies the Common Agent Component (CAC) port number. Solaris already has a CAC using port 11162, so the DSEE CAC needs an unused port, such as 21162.
Installing DSEE 6.3.1
The process is very similar to installing DSEE 6.3
bash-3.00# gunzip -c DSEE.6.3.1.Solaris10-X86_AMD65-patch.tar.gz | tar xf - bash-3.00# ./126750-05/dsee_deploy install -I -i /opt/dsee -p 21162
Deploying DSCC
The dscc.war file contains the DSCC web application, which provides a web interface for the DSEE administration functions. The DSCC web application requires initializing the DSCC Registry.
Initializing the DSCC Registry
Run the following command to initialize the DSCC registry:
bash-3.00# /opt/dsee/dscc6/bin/dsccsetup ads-create
Deployment on AppServer
1. Create domain in glassfish. Be sure to use the portbase option so that it won't conflict with another domain that we'll create for Sun IdM and OpenSSO. For example, running the following:
bash-3.00# ./asadmin create-domain --interactive=true --portbase 9200 dscc
And enter the admin user name and password.
Please enter the admin user name>admin Please enter the admin password> Please enter the admin password again> Please enter the master password [Enter to accept the default]:> Please enter the master password again [Enter to accept the default]:> Using port 9048 for Admin. Using port 9080 for HTTP Instance. Using port 9076 for JMS. Using port 9037 for IIOP. Using port 9081 for HTTP_SSL. Using port 9038 for IIOP_SSL. Using port 9039 for IIOP_MUTUALAUTH. Using port 9086 for JMX_ADMIN. Domain being created with profile:developer, as specified by variable AS_ADMIN_PROFILE in configuration file. ------ Using Profile [developer] to create the domain ------ XML processing for profile: Base document [/opt/glassfish/lib/install/templates/default-domain.xml.template]. Profile name [developer]. Processing property [domain.xml.style-sheets].
2. Modify domains/dscc/config/server.policy and add the following to the end of the file:
// Permissions for Directory Service Control Center grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/dscc/-" { permission java.security.AllPermission; };
Note that this turns off security policies for any application, so it's not appropriate for production.
3. Deploy the dscc webapp
bash-3.00# asadmin start-domain dscc bash-3.00# cp /opt/dsee/var/dscc6/dscc.war ${AS_DOMAINS_ROOT}/dscc/autodeploy
4. Browse to http://[yourappserver]:[port]/dscc to view the DSCC login page
Deployment on WebLogic
Please note I have not tested deployment on WebLogic, but merely echoing what Ludovic's blog states. According to Sun engineer Ludovic Poitou's blog entry on 9 July 2008, DSCC is supported in WebLogic after a minor tweak. The instructions below are from Ludovic's blog at the following URI: http://blogs.sun.com/Ludo/entry/running_directory_server_console_with
Add the following weblogic.xml file in the WEB-INF folder of the deployed DSCC application.
<?xml version="1.0" encoding="utf-8"?> <weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd"> <container-descriptor> <filter-dispatched-requests-enabled>false</filter-dispatched-requests-enabled> </container-descriptor> </weblogic-web-app>
Configuring Cacao
Run the following commands to configure cacao:
/opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm stop /opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm set-param snmp-adaptor-port=21161 /opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm set-param snmp-adaptor-trap-port=21162 /opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm set-param commandstream-adaptor-port=21163 /opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm set-param rmi-registry-port=21164 /opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm set-param secure-webserver-port=21165 /opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm set-param network-bind-address=A.B.C.D /opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm start
Note that the parameter jmxmp-connector-port should already be set to 21162.
In the last command, replace A.B.C.D with the IP Address.
For instructions on setting the IP address of the virtual machine, please see the Post-Installation Tasks section.
Creating a Sample Directory Server and Enabling Referential Integrity
Create a directory, e.g. /opt/dsee/dsInstances/, to store directory server instances.
- mkdir /opt/dsee/dsInstances
- nohup firefox "http://localhost:8080/dscc &"
- Login
- Username: admin
- Password: password
- Select "Directory Servers"
- Select "New Server"
- In step 1: Enter Required Setings, Enter the following information:
- Host : Known Host: ds-1.dss.com
- LDAP Port : 55555
- LDAP Port : 55556
- Instance Path : /opt/dsee/instances/test-instance
- Directory Manager DN : cn=Directory Manager
- Directory Manager Password : password
- Confirm Password : password
- Runtime User ID : root
- Runtime User Password : password
- DSCC Agent Port : Other: 21162
- Description : Sample DS for demoing "Referential Integrity".
- Press Nexts
- In step 2: Choose Additional Settings, press Next
- In step 3: Summary, press Finish.
- After creating the server, press Close.
- Press the link "ds-1.dss.com:55555" to configure the server
- Select the "Server Configuration" tab in the top row of tabs
- Select the "Plug-ins" tab in the second row of tabs
- Press the forward-arrow button at the bottom of the page to go to page 2
- Click to select the checkbox next to "referential integrity postoperation"
- Press "Enable" in the Plug-ins panel
- After plugin has been enabled, press Close
- Press the "Directory Servers" link in the cookiecrumb navigation below the top header of the page
- Click to check the checkbox next to "ds-1.dss.com:55555"
- Press the drop-down menu "--More Server Actions--" to select "Restart..."
- After server has been restarted, press Close
Post-Installation Tasks
IP Address and Hostname
Please see Resetting IP Address and Hostname on Solaris 10 for IP address and hostname configuration commands.
Startup/Shutdown Scripts
Create the following startup and shutdown scripts on the Desktop:
Startup Script
# start-dsee.sh echo "Starting cacao" /opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm start echo "Starting DSCC Registry" /opt/dsee/ds6/bin/dsadm start /opt/dsee/var/dscc6/dcc/ads echo "Starting Java System Directory Service Enterprise Edition 6.3.1 Directory Services Control Center" asadmin start-domain dscc echo "Please wait for the server to start." echo "A browser window will bring up the DSCC homepage" nohup firefox "localhost:8080/dscc" &
Shutdown Script
#stop-dsee.sh echo "Stopping Java System Directory Service Enterprise Edition 6.3.1 Directory Services Control Center" asadmin stop-domain dscc echo "Stopping DSCC Registry" /opt/dsee/ds6/bin/dsadm stop /opt/dsee/var/dscc6/dcc/ads echo "Stopping cacao" /opt/dsee/dsee6/cacao_2/usr/sbin/cacaoadm stop
Related Documents
- Sun Java System Directory Server Enterprise Edition 6.3 Installation Guide
- A virtual machine with a clean install of Solaris 10 U7
Future Tasks
The above Directory Server installation would work fine for basic development, but not for production. The following topics should be looked into:
- Security
- Setting up Public-Private Key Encryption and Certificates for secure communication
- "Sun Java System Directory Server Enterprise Edition 6.3 Reference: Secure Sockets Layer (SSL)"
- http://docs.sun.com/app/docs/doc/820-2765/gbfkr?l=en&a=view
- Attribute Encryption for secure data storage
- "Sun Java System Directory Server Enterprise Edition 6.3 Reference: Attribute Encryption"
- http://docs.sun.com/app/docs/doc/820-2765/gbghy?l=en&a=view
- Key Encryption
- "Sun Java System Directory Server Enterprise Edition 6.3 Reference: Key Encryption"
- http://docs.sun.com/app/docs/doc/820-2765/gbesy?l=en&a=view
- Setting up Public-Private Key Encryption and Certificates for secure communication
- Fail-over, High-availability, and Load-Balancing
- Directory Server Replication
- Multi-Master Replication
- "Sun Java System Directory Server Enterprise Edition 6.3 Reference: Multi-Master Replication"
- http://docs.sun.com/app/docs/doc/820-2765/aalfp?l=en&a=view&q=replication
- Replica & Hub Servers
- "Sun Java System Directory Server Enterprise Edition 6.2 Administration Guide: Chapter 10 Directory Server Replication"
- http://docs.sun.com/app/docs/doc/820-2491/fhkry?l=en&q=replica+hub&a=view
- Multi-Master Replication
- Directory Server Replication