Page
Page
1 Preparing for a Directory Server installation
2 System requirements
3 Setting up HP-UXDirectory Server
3 Setting up
HP-UX
5 General usage information
6 Migrating or upgrading to HP-UXDirectory Server from Netscape or Red Hat
Migrating from Netscape Directory Server 6.x, or from Red Hat Directory Server
Upgrading from Red Hat Directory Server
6.2.2 Performing the upgrade to HP-UXDirectory Server
Index
Page
Directory Server administrator guide
Directory Server 8.1 is comprised of several components, which work in tandem:
•Directory Server
•Directory Server Console
•Administration Server
NOTE:
netstat
setup-ds-admin.pl
init
setuid
1.2.4 Directory administrator
ldapadd
Password policies do apply to the administrator, but you can set a
1.2.5 Administration Server user
1.2.6 Directory suffix
setup file (see
1.2.7 Configuration directory
o=NetscapeRoot
o=NetscapeRoot
•Always back up the configuration directory after setting up a new instance
•DNS must be properly configured on the target system
•The host server must have a static IP address
Table 2-1detailsthe hardware requirements for HP-UXDirectory Server:
Table 2-1Hardware requirements
Table 2-1Hardware requirements (continued)
Directory Server runs on a 64-bit HP-UX11i environment as a 64-bitprocess
“HP-UX
system configuration” (page 13)
•http://www.software.hp.com/SUPPORT_PLUS/qpk.html
http://itrc.hp.com/service/home/home.do
Select patch database under maintenance and support (hp products)
Select
under
•“Perl prerequisites”
2.4.3 TIME_WAIT setting
TIME_WAIT
#ndd -set /dev/tcptcp_time_wait_interval
This limits the socket TIME_WAIT state to 60 seconds
2.4.4 Large file support
Installing and configuring HP-UXDirectory Server on HP-UXhas four major steps:
Ensure that you have the required version of
2.Install the required version of the Java® Runtime Environment (JRE)
4.Install the Directory Server package
CAUTION:
To download and install JRE for Java 2 platform
1.Go to the following web site: http://www.hp.com/go/java
•Itanium® JRE 5.0.11 - Nov
•PA-RISCJRE 5.0.11 - Nov
2.Complete the form and choose Download
Responding to prompts and navigating between screen prompts
Specifying parameter values or a setup file at the command line
Setup script command line options
Table 3-1 setup-ds-adminoptions (continued)
3.6.3 Interactive setup modes
only, not for production deployments. Also, express setups can fail if default
The default and most common setup mode. This prompts you to supply more
The most detailed setup mode. This provides more control over Administration
Table 3-2Comparison of setup types
Table 3-2Comparison of setup types (continued)
3.6.4Performing express setup
Chapter 6 “Migrating or upgrading to
Directory Server from Netscape or Red Hat Directory Server”
/etc/resolv.conf
yes
ldap://ldap.example.com:389/o=NetscapeRoot
To use TLS/SSL, set the protocol as ldaps:// instead of ldap:
The Configuration Directory Server administrator's user DN; by default, this is
•The administrator user's password
Get the Administration Server port number from the
Listen
console.conf
2.Using the Administration Server port number, launch the Console
hpds-idm-console
7.Set the administrator password and confirm it
Set the administration domain. This defaults to the host's domain. For example:
Administration Domain [example.com]:
Enter the Directory Server port number. The default is
Directory server network port [30860]:
13.Set the Directory Manager password and confirm it
Enter the Administration Server port number. The default is
Administration port [9830]:
3.6.6 Performing custom setup
The custom setup has the following steps:
2.When asked to choose the setup type, enter 3 to perform a custom setup
/etc/ hosts
/etc/ resolv.conf
SchemaFile
.inf
The default option is none, which does not import any data
Set the user that the Administration Server process will run as. The default is
Run Administration Server as [www]:
3.6.7 Performing silent setup
setup.inf
1.Install the Directory Server package
3.6.7.1 Setup file structure
3.6.7.2 Setup file directives
Table 3-3[General] directives (continued)
Table 3-4 describes the directives for the [slapd] section of the .setup file
Table 3-4[slapd] directives
Table 3-4[slapd] directives (continued)
Table 3-5 describes the directives for the [admin] section of the .setup file
Table 3-5[admin] directives
3.6.7.3 Sample setup files
Example 3-2Example of setup file for a typical setup
ConfigDirectoryLdapURL= ldap://dir.example.com:25389/o=NetscapeRoot
3.6.8 Sending parameters in the command line
•General (host server)
•slapd (LDAP server)
ConfigDirectoryLdapURL
ServerIdentifier
#/opt/dirsrv/sbin/setup-ds-admin.pl -s
The ConfigFile parameter is set in the [slapd] section of the setup file
replica.ldif
4.1.1 Configuring IP authorization on the Administration Server
Edit
IP Addresses
This allows all IP addresses to access the Administration Server
6.Restart the Administration Server
4.1.2Configuring proxy servers for the Administration Server
4.2.1 Creating a new Directory Server instance interactively
Chapter 3 “Setting up
Directory Server ”
itsasecret
4.2.2Creating a new Directory Server instance silently
/opt/dirsrv/sbin/setup-ds.pl
setup-ds-admin
setup-ds
register-ds-admin
#/opt/dirsrv/sbin/register-ds-admin.pl
4.4.2 Uninstalling the HP-UXDirectory Server
To uninstall HP-UXDirectory Server entirely, perform the following steps:
and actual Directory Server instances (for
o=netscapeRoot
cd /opt/dirsrv/ ADMINPASS="admin-password
Page
Table 5-1File and directory locations
•/opt/dirsrv/bin/ldapsearch
•/opt/dirsrv/bin/ldapmodify
•/opt/dirsrv/bin/ldapdelete
To launch the Directory Server Console, use the hpds-idm-console script :
#/opt/dirsrv/bin/hpds-idm-console
http://hostname:9830
If the Administration Server is using TLS/SSL, the URL begins with https://)
“Getting the Administration Server port number” (page 44)
1.Stop the Directory Server
#/opt/dirsrv/slapd-instance/stop-slapd
Generate a new, hashed password using
pwdhash
/opt/dirsrv/bin
Page
6.1.1.1 Configuring the Directory Server Console
1.Shut down the Administration Server and Directory Server
Change the
adm.conf
ldapurl: ldap://server2.example.com:389/o=NetscapeRoot
serverRoot
Table 6-1 migrate-ds-adminOptions and Argument (continued)
oldsroot
General.ConfigDirectoryAdminPwd
The following is an example using the required option and argument:
#/opt/dirsrv/sbin/migrate-ds-admin.pl
6.1.3.1Migrating a server or single instance
6.1.3.2Migrating replicated servers
6.1.3.3Migrating a Directory Server from one machine to another
6.1.3.4Migrating a Directory Server from one platform to another
.ldif
Run the migration script as
--actualsroot option
option
/etc/opt/ dirsrv
/etc/opt/dirsrv
bak2db
#/opt/dirsrv/slapd-instance_name/stop-slapd
#cd /etc/opt/dirsrv
#tar xvf /home/files/rhds80cfg.tar
7.1.1 Information to collect before contacting HP
7.1.2How to contact HP technical support
7.1.3HP authorized resellers
7.1.4Documentation feedback
docsfeedback@hp.com
•HP-UXDirectory Server administration server guide
•HP-UXDirectory Server configuration, command, and file reference
•HP-UXDirectory Server console guide
•HP-UXDirectory Server deployment guide
•HP-UXDirectory Server installation guide
7.2.3Troubleshooting resources
http://itrc.hp.com
Areas of peer problem solving
http://forums.itrc.hp.com
•“Troubleshooting” (page 45)
Page
access control
See ACI
ACI
instruction
access control list
bind
See bind DN
bind DN
bind rule
branch entry
CoS definition
entry
affects
CoS template
Contains a list of the shared attribute values
file type
extension (for example, .GIF or .HTML)
filter
filtered role
role
LDAP
and across multiple platforms
LDAP client
Software used to request and view LDAP entries from an LDAP Directory Server
See also browser
determine which server holds the most recent version
multiplexor
n + 1 directory
problem
resulting in increased hardware and personnel costs
presence index
Allows searches for entries that contain a specific indexed attribute
protocol
A set of rules that describes how devices on a network exchange information
protocol data unit
SASL
Simple
Authentication and Security Layer
schema
access the directory may be unable to display the proper results
superuser
privileges to all files on the machine. Also called root
supplier
servers
supplier server
Page
Symbols