1. Skip to Menu
  2. Skip to Content
  3. Skip to Footer>
Monday Oct 14th     2:11 AM PDT                                  

LDAP : Building DSCC

PDF Print E-mail

Written by Greg King Sunday, 04 November 2012 00:00

DISCLAIMER: This document is nothing more than the musings of the author as he attempts to perform the stated tasks. Conclusions and approaches might very well be incorrect, inefficient or outside of professionally accepted best practices. Use this documentation at your own risk.

In this documentation, screen outputs will be presented in green. Where keyboard input is required, the prompt will be as follows: # means you should enter this from the super user prompt, $ means you should be as a non-super user. command is the command you should type at the prompt.

#ls -al

means you should type ls -al at the super user prompt.


The first step in building the DSCC is to initialize the DSCC registry

# /opt/SUNWdsee7/bin/dsccsetup ads-create

You will be asked to create a password during this process.  The password will be the master password for your directory server, so don't forget it!

Now we will deploy the DSCC WAR file within Tomcat

# /opt/SUNWdsee7/bin/dsccsetup war-file-create


The directory server is installed in /opt/SUNWdsee7
The binary files are in /opt/SUNWdsee7/bin

Now will will register the DSCC agent with cacao

# /opt/SUNWdsee7/bin/dsccsetup cacao-reg

Now we check to see if it is working

# /opt/SUNWdsee7/bin/dsccsetup status


***
DSCC Agent is registered in Cacao
***
DSCC Registry has been created
Path of DSCC registry is /var/opt/SUNWdsee7/dcc/ads
Port of DSCC registry is 3998
***


So far, so good!

Now, we have to get Tomcat to start on reboot.  To do this, we are going to create a manifest for SMF

# mkdir -p /var/svc/manifest/application/web
# vi tomcat.xml


paste the following into the vi input screen and save the file.

<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<!-- tomcat_srv.xml : Tomcat service manifest, Greg King-->
<service_bundle type='manifest' name='Tomcat55'>

<service name='application/web/tomcat' type='service' version='1'>
<single_instance /><exec_method
type='method'

name='start'

exec='/usr/apache/tomcat55/bin/startup.sh'

timeout_seconds='30' />

<exec_method
type='method'

name='stop'
exec='/usr/apache/tomcat55/bin/shutdown.sh'

timeout_seconds='30' />
<instance name="default" enabled="false"/>

<stability value='Unstable'/>
<template>

<common_name>
<loctext xml:lang='C'>Apache Tomcat 5.5.27</loctext>

</common_name>
<documentation>

<manpage title='tomcat' section='1' manpath='/usr/man' />
</documentation>

</template>
</service>

</service_bundle>
Now import the manifest

# svccfg import /var/svc/manifest/application/web/tomcat.xml

# svcadm enable tomcat
# svcs -a|grep tomcat


online*        21:49:54 svc:/application/web/tomcat:default


# export CATALINA_HOME=/usr/apache/tomcat55/

# export CATALINA_BASE=/var/apache/tomcat55/

# export JAVA_HOME=/usr/jdk/lastest

# echo $CATALINA_HOME
/usr/apache/tomcat55/

# echo $CATALINA_BASE
/var/apache/tomcat55/

# echo $JAVA_HOME
/usr/jdk/lastest


# svcadm disable tomcat
# export CATALINA_OPS="-Djava.awt.headless=true"
# mkdir $CATALINA_BASE/webapps/dscc7
# unzip -d $CATALINA_BASE/webapps/dscc7 /var/opt/SUNWdsee7/dscc7.war
# cd $CATALINA_BASE/conf

backup the web.xml file

#
cp web.xml web.xml_old

now edit the web.xml file.  Around line 242 you will see the jsp servlet block.  Add the following into that file right above the </servlet> line.

 <init-param>
 <param-name>enablePooling</param-name>
 <param-value>false</param-value>
 </init-param>
and save the file

Now lets start starting services!


#
dsadm start /var/opt/SUNWdsee7/dcc/ads

# svcadm enable tomcat

Ensure cacao will start on boot up
# cacaoadm enable

Ensure DSCC will start on bootup
# dsadm stop /var/opt/SUNWdsee7/dcc/ads
# dsadm enable-service -T SMF /var/opt/SUNWdsee7/dcc/ads


# dsadm start '/var/opt/SUNWdsee7/dcc/ads'
# svcs -a|grep ads


online         22:53:22 svc:/application/sun/ds7:ds7-var-opt-SUNWdsee7-dcc-ads


Now to create a directory for our users.

# dsadm create -h 10ADM -p 389 -P 636 /var/opt/SUNWdsee7/sl_users
Choose the Directory Manager password:
Confirm the Directory Manager password:
Use 'dsadm start '/var/opt/SUNWdsee7/sl_users'' to start the instance
# dsadm start '/var/opt/SUNWdsee7/sl_users'

# dsadm list-running-instances
 PID    Instance path  
----    ---------------------------  
1100    /var/opt/SUNWdsee7/dcc/ads  
1144    /var/opt/SUNWdsee7/sl_users  
2 running instance(s) found
# dsadm info /var/opt/SUNWdsee7/sl_users/
Instance Path:         /var/opt/SUNWdsee7/sl_users  
Owner:                 root(root)  
Non-secure port:       389  
Secure port:           636  
Bit format:            64-bit  
State:                 Running  
Server PID:            1144  
DSCC url:              -  
SMF application name:  -  
Instance version:      D-A20
 
# dsconf create-suffix -h 10ADM -p 389 dc=wwwpages,dc=com
Certificate "CN=10ADM, CN=636, CN=Directory Server, O=Sun Microsystems" presented by the server is not trusted.
Type "Y" to accept, "y" to accept just once, "n" to refuse, "d" for more details: y
Enter "cn=Directory Manager" password:
# dsccreg add-server -h 10ADM /var/opt/SUNWdsee7/sl_users
Enter DSCC administrator's password:
/var/opt/SUNWdsee7/sl_users is an instance of DS
Enter password of "cn=Directory Manager" for /var/opt/SUNWdsee7/sl_users:
This operation will restart /var/opt/SUNWdsee7/sl_users.
Do you want to continue ? (y/n) y
Connecting to /var/opt/SUNWdsee7/sl_users (using ldap://127.0.0.1:389)
Enabling DSCC access to /var/opt/SUNWdsee7/sl_users
Restarting /var/opt/SUNWdsee7/sl_users
Registering /var/opt/SUNWdsee7/sl_users in DSCC on 10ADM.
Enable the service to be started on bootup

# dsadm stop /var/opt/SUNWdsee7/sl_users/
# dsadm enable-service -T SMF /var/opt/SUNWdsee7/sl_users/
# dsadm start '/var/opt/SUNWdsee7/sl_users'


now to build the ids.  Note: This next process took 21 minutes on my Sun Blade 2500!

# /usr/lib/ldap/idsconfig
(I accepted all of the defaults)


It is strongly recommended that you BACKUP the directory server before running idsconfig.
Hit Ctrl-C at any time before the final confirmation to exit.
Do you wish to continue with server setup (y/n/h)? [n] y
Enter the Directory Server's hostname to setup: 10ADM
Enter the port number for DSEE (h=help): [389]
Enter the directory manager DN: [cn=Directory Manager]
Enter passwd for cn=Directory Manager :
Enter the domainname to be served (h=help): [wwwpages.com]
Enter LDAP Base DN (h=help): [dc=wwwpages,dc=com]
Checking LDAP Base DN ...
 Validating LDAP Base DN and Suffix ...
 sasl/GSSAPI is not supported by this LDAP server
Enter the profile name (h=help): [default]
Default server list (h=help): [192.168.10.15]
Preferred server list (h=help):
Choose desired search scope (one, sub, h=help):  [one]
The following are the supported credential levels:
 1  anonymous
 2  proxy
 3  proxy anonymous
 4  self
 5  self proxy
 6  self proxy anonymous
Choose Credential level [h=help]: [1]
Do you want the clients to follow referrals (y/n/h)? [n]
Do you want to modify the server timelimit value (y/n/h)? [n]
Do you want to modify the server sizelimit value (y/n/h)? [n]
Do you want to store passwords in "crypt" format (y/n/h)? [n]
Do you want to setup a Service Authentication Methods (y/n/h)? [n]
Client search time limit in seconds (h=help): [30]
Profile Time To Live in seconds (h=help): [43200]
Bind time limit in seconds (h=help): [10]
Do you want to enable shadow update (y/n/h)? [n]
Do you wish to setup Service Search Descriptors (y/n/h)? [n]
Summary of Configuration
 1  Domain to serve               : wwwpages.com
 2  Base DN to setup              : dc=wwwpages,dc=com
 3  Profile name to create        : default
 4  Default Server List           : 192.168.10.15
 5  Preferred Server List         :
6  Default Search Scope          : one
 7  Credential Level              : anonymous
 8  Authentication Method         :
9  Enable Follow Referrals       : FALSE
 10  DSEE Time Limit               :
11  DSEE Size Limit               :
12  Enable crypt password storage : FALSE
 13  Service Auth Method pam_ldap  :
14  Service Auth Method keyserv   :
15  Service Auth Method passwd-cmd:
16  Search Time Limit             : 30
 17  Profile Time to Live          : 43200
 18  Bind Limit                    : 10
 19  Enable shadow update          : FALSE
 20  Service Search Descriptors Menu
Enter config value to change: (1-20 0=commit changes) [0]
WARNING: About to start committing changes. (y=continue, n=EXIT) y
 1. Schema attributes have been updated.
 2. Schema objectclass definitions have been added.
 3. NisDomainObject added to dc=wwwpages,dc=com.
 4. Top level "ou" containers complete.
 5. automount maps: auto_home auto_direct auto_master auto_shared processed.
 6. ACI for dc=wwwpages,dc=com modified to disable self modify.
 7. Add of VLV Access Control Information (ACI).
 8. Generated client profile and loaded on server.
 9. Processing eq,pres indexes:
 uidNumber (eq,pres)   Processed 23 entries (100%), 2.3 entries/sec average.                      
 ipNetworkNumber (eq,pres)   Processed 23 entries (100%), 2.3 entries/sec average.                  
 gidnumber (eq,pres)   Processed 23 entries (100%), 2.3 entries/sec average.                  
 oncrpcnumber (eq,pres)   Processed 23 entries (100%), 2.3 entries/sec average.                  
 automountKey (eq,pres)   Processed 23 entries (100%), 2.3 entries/sec average.                  
 10. Processing eq,pres,sub indexes:
 ipHostNumber (eq,pres,sub)   Processed 23 entries (100%), 2.3 entries/sec average.                  
 membernisnetgroup (eq,pres,sub)   Processed 23 entries (100%), 2.3 entries/sec average.                  
 nisnetgrouptriple (eq,pres,sub)   Processed 23 entries (100%), 2.3 entries/sec average.                  
 11. Processing VLV indexes:
 wwwpages.com.getgrent vlv_index   Entry created
 wwwpages.com.gethostent vlv_index   Entry created
 wwwpages.com.getnetent vlv_index   Entry created
 wwwpages.com.getpwent vlv_index   Entry created
 wwwpages.com.getrpcent vlv_index   Entry created
 wwwpages.com.getspent vlv_index   Entry created
 wwwpages.com.getauhoent vlv_index   Entry created
 wwwpages.com.getsoluent vlv_index   Entry created
 wwwpages.com.getauduent vlv_index   Entry created
 wwwpages.com.getauthent vlv_index   Entry created
 wwwpages.com.getexecent vlv_index   Entry created
 wwwpages.com.getprofent vlv_index   Entry created
 wwwpages.com.getmailent vlv_index   Entry created
 wwwpages.com.getbootent vlv_index   Entry created
 wwwpages.com.getethent vlv_index   Entry created
 wwwpages.com.getngrpent vlv_index   Entry created
 wwwpages.com.getipnent vlv_index   Entry created
 wwwpages.com.getmaskent vlv_index   Entry created
 wwwpages.com.getprent vlv_index   Entry created
 wwwpages.com.getip4ent vlv_index   Entry created
 wwwpages.com.getip6ent vlv_index   Entry created
idsconfig: Setup of DSEE server 10ADM is complete.
Note: idsconfig has created entries for VLV indexes.
For DS5.x, use the directoryserver(1m) script on 10ADM
 to stop the server.  Then, using directoryserver, follow the
 directoryserver examples below to create the actual VLV indexes.
 For DSEE6.x or later, use dsadm command delivered with DS on 10ADM
 to stop the server.  Then, using dsadm, follow the
 dsadm examples below to create the actual VLV indexes.
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getgrent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.gethostent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getnetent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getpwent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getrpcent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getspent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getauhoent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getsoluent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getauduent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getauthent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getexecent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getprofent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getmailent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getbootent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getethent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getngrpent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getipnent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getmaskent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getprent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getip4ent
 directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getip6ent
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getgrent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.gethostent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getnetent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getpwent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getrpcent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getspent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getauhoent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getsoluent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getauduent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getauthent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getexecent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getprofent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getmailent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getbootent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getethent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getngrpent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getipnent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getmaskent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getprent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getip4ent <directory-instance-path> dc=wwwpages,dc=com
 <install-path>/bin/dsadm reindex -l -t wwwpages.com.getip6ent <directory-instance-path> dc=wwwpages,dc=com



  Solaris Lab
eXTReMe Tracker
Content View Hits : 427741