Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
15.  iPlanet Directory Server 5.1 Setup (Tasks) Using Service Search Descriptors to Modify Client Access to Various Services Setting Up SSDs Using idsconfig  Previous   Contents   Next 
   
 

Running idsconfig


Note - You do not need special rights to run idsconfig, nor do you need to be an LDAP naming client. Remember to create a checklist as mentioned in "Creating a Checklist Based on Your Server Installation" in preparation for running idsconfig. You don not have to run idsconfig from a server or an LDAP naming service client machine. You can run idsconfig from any Solaris machine on the network.



Caution - idsconfig sends the Directory Manager's password in the clear. If you do not want this to happen, you must run idsconfig on the directory server itself, not on a client.


How to Configure the iPlanet Directory Server Using idsconfig

  1. Make sure the target iPlanet Directory Server 5.1 is up and running.

  2. Run idsconfig.

    # /usr/lib/ldap/idsconfig

  3. Answer the questions prompted. Note that 'no' [n] is the default user input. If you need clarification on any given question, type
    h
    and a brief help paragraph will appear.

Refer to the following example run of idsconfig using the definitions listed in the server and client checklists at the beginning of this chapter in "Creating a Checklist Based on Your Server Installation". It is an example of a simple setup, without modifying many of the defaults. The most complicated method of modifying client profiles is by creating SSDs. Refer to "Using Service Search Descriptors to Modify Client Access to Various Services" for a detailed discussion.

A carriage return sign after the prompt means that you are accepting the [default] by hitting enter.


Example 15-1 Running idsconfig for the Example, Inc. Network

(sysadmin@test) [3:10pm] ns_ldap [31] % sh idsconfig.sh

It is strongly recommended that you BACKUP the directory server
before running idsconfig.sh.

Hit Ctrl-C at any time before the final confirmation to exit.

Do you wish to continue with server setup (y/n/h)? [n] Y
Enter the iPlanet Directory Server's (iPlanet Directory Server) 
hostname to setup: IPDSERVER
Enter the port number for iPlanet Directory Server (h=help): [389] 
Enter the directory manager DN: [cn=Directory Manager] 
Enter passwd for cn=Directory Manager : 
Enter the domainname to be served (h=help): [west.example.com] 
Enter LDAP Base DN (h=help): [dc=west,dc=example,dc=com] 
Enter the profile name (h=help): [default] 
Default server list (h=help): [192.168.0.0] 
Preferred server list (h=help): 
Choose desired search scope (one, sub, h=help):  [one] 
The following are the supported credential levels:
  1  anonymous
  2  proxy
  3  proxy anonymous
Choose Credential level [h=help]: [1] 2
The following are the supported Authentication Methods:
  1  none
  2  simple
  3  sasl/DIGEST-MD5
  4  tls:simple
  5  tls:sasl/DIGEST-MD5
Choose Authentication Method (h=help): [1] 2
Current authenticationMethod: simple

Do you want to add another Authentication Method? N
Do you want the clients to follow referrals (y/n/h)? [n] Y
Do you want to modify the server timelimit value (y/n/h)? [n] Y
Enter the time limit for iPlanet Directory Server (current=3600): [-1]
Do you want to modify the server sizelimit value (y/n/h)? [n] Y
Enter the size limit for iPlanet Directory Server (current=2000): [-1]
Do you want to store passwords in "crypt" format (y/n/h)? [n] Y
Do you want to setup a Service Authentication Methods (y/n/h)? [n]
Client search time limit in seconds (h=help): [30] 
Profile Time To Live in seconds (h=help): [43200] 
Bind time limit in seconds (h=help): [10] 2
Do you wish to setup Service Search Descriptors (y/n/h)? [n] 
 
              Summary of Configuration

  1  Domain to serve               : west.example.com
  2  Base DN to setup              : dc=west,dc=example,dc=com
  3  Profile name to create        : default
  4  Default Server List           : 192.168.0.0
  5  Preferred Server List         : 
  6  Default Search Scope          : one
  7  Credential Level              : proxy
  8  Authentication Method         : simple
  9  Enable Follow Referrals       : TRUE
 10  iPlanet Directory Server Time Limit                : -1
 11  iPlanet Directory Server Size Limit                : -1
 12  Enable crypt password storage : TRUE
 13  Service Auth Method pam_ldap  : 
 14  Service Auth Method keyserv   : 
 15  Service Auth Method passwd-cmd: 
 16  Search Time Limit             : 30
 17  Profile Time to Live          : 43200
 18  Bind Limit                    : 2
 19  Service Search Descriptors Menu

Enter config value to change: (1-19 0=commit changes) [0] 
Enter DN for proxy agent:[cn=proxyagent,ou=profile,dc=west,dc=example,dc=com]
Enter passwd for proxyagent: 
Re-enter passwd: 
 
WARNING: About to start committing changes. (y=continue, n=EXIT) Y
1. Changed timelimit to -1 in cn=config.
  2. Changed sizelimit to -1 in cn=config.
  3. Changed passwordstoragescheme to "crypt" in cn=config.
  4. Schema attributes have been updated.
  5. Schema objectclass definitions have been added.
  6. Created DN component dc=west.
  7. NisDomainObject added to dc=west,dc=example,dc=com.
  8. Top level "ou" containers complete.
  9. Nis maps: auto_home auto_direct auto_master auto_shared processed.
  10. ACI for dc=west,dc=example,dc=com modified to disable self modify.
  11. Add of VLV Access Control Information (ACI).
  12. Proxy Agent cn=proxyagent,ou=profile,dc=west,dc=example,dc=com added.
  13. Give cn=proxyagent,ou=profile,dc=west,dc=example,dc=com read permission for 
password.
  14. Generated client profile and loaded on server.
  15. Processing eq,pres indexes:
      ipHostNumber (eq,pres)   Finished indexing.                  
      uidNumber (eq,pres)   Finished indexing.                  
      ipNetworkNumber (eq,pres)   Finished indexing.                  
      gidnumber (eq,pres)   Finished indexing.                  
      oncrpcnumber (eq,pres)   Finished indexing.                  
  16. Processing eq,pres,sub indexes:
      membernisnetgroup (eq,pres,sub)   Finished indexing.                  
      nisnetgrouptriple (eq,pres,sub)   Finished indexing.                  
  17. Processing VLV indexes:
      getgrent vlv_index   Entry created
      gethostent vlv_index   Entry created
      getnetent vlv_index   Entry created
      getpwent vlv_index   Entry created
      getrpcent vlv_index   Entry created
      getspent vlv_index   Entry created

idsconfig.sh: Setup of iPlanet Directory Server server ipdserver is complete.


Note: idsconfig has created entries for VLV indexes.  Use the 
      directoryserver(1m) script on ipdserver to stop
      the server and then enter the following vlvindex
      sub-commands to create the actual VLV indexes:

  directoryserver -s ipdserver vlvindex -n userRoot -T getgrent
  directoryserver -s ipdserver vlvindex -n userRoot -T gethostent
  directoryserver -s ipdserver vlvindex -n userRoot -T getnetent
  directoryserver -s ipdserver vlvindex -n userRoot -T getpwent
  directoryserver -s ipdserver vlvindex -n userRoot -T getrpcent
  directoryserver -s ipdserver vlvindex -n userRoot -T getspent

 
 
 
  Previous   Contents   Next