Restriction: This topic applies only when the Enterprise Server feature is enabled.
This section describes the steps you need to perform in order to configure Sun Java System Directory to use it as an Enterprise Server security manager and configuration repository. Micro Focus has developed and tested under Sun Java System Directory Server Enterprise Edition 6.1. Later revisions of Sun Java System Directory should be compatible with Micro Focus Enterprise Server Security Manager and Configuration Repository but this is not guaranteed. Micro Focus will review any issues found in later releases of Sun Java System Directory but cannot guarantee compatibility.
Note:
The commands in this section make the following assumptions:
- You have downloaded and installed Sun Java System Directory Server Enterprise Edition 6.1 as described on the Sun web site.
- You have installed into
/usr/local/dsee.
- You are using port 3880. This is an arbitrarily-chosen port. Check with your system administrator to find out what ports are available on your system.
- You are using the dsadm command-line tool instead of the Sun Java Web Console GUI Directory Service Control Centre.
- You are using the scratch directory /usr/local/dsee/var/example.
You will need to change the commands if your installation uses settings other than these.
When configuring an external Security Manager connection on Solaris, it is possible to specify the use of the Sun-provided LDAP client module for LDAP communications with the external Security Manager. The following configuration text is required in the Security Manager Configuration Information area:
[LDAP]
provider=/usr/lib/libldap.so
Note: A Security Manager connection configured on Solaris is not limited to using Sun Java Directory Server. It can communicate with other LDAP-based external Security Managers such as Microsoft Active Directory or Open LDAP.
- To set up the Sun Directory Server configuration and database directories:
- Enter the following command:
dsadm create -p 3880 /usr/local/dsee/var/example
The following information is displayed:
Choose the Directory Manager password:
- Specify the Directory Manager password.
The following information is displayed:
Confirm the Directory Manager Password
- Confirm the password.
The following information is displayed:
Use 'dsadm start '/usr/local/dsee/var/example'' to start the instance.
- To start the instance and confirm that it is running:
- Enter the following command:
dsadm start /usr/local/dsee/var/example
The following information is displayed:
Server started: pid=24879
- Enter the following command:
dsadm info /usr/local/dsee/var/example
The following information is displayed:
Instance Path
|
/usr/local/dsee/var/example
|
Owner
|
hub(staff)
|
Non-secure port
|
3880
|
Secure port
|
1636
|
Bit format
|
64-bit
|
State
|
Running
|
Server PID
|
24879
|
DSCC url
|
-
|
SMF application name
|
-
|
Instance version
|
D-A00
|
- Use an LDAP browser to connect to the instance at machine-address:3880 using id DN: "cn=Directory Manager" and password "password" to confirm it is running. Currently only the RootDSE data is displayed.
- To extend the schema, create a text file called
99container.ldif
in
/usr/local/dsee/var/example/config/schema. The file should contain the following:
dn:cn=schema
objectClasses:(1.2.840.113556.1.3.23 NAME 'container' SUP top STRUCTURAL MUST (cn))
- To generate the Micro Focus Schema Extension file, enter the following command:
mfds -l DC=X 3 /usr/local/dsee/var/example/config/schema/99microfocus.ldif
- To ensure the Directory Server instance picks up the new schema files, enter the following command:
dsadm restart /usr/local/dsee/var/example
- To confirm the Micro Focus schema has been installed, enter the following command:
/usr/local/dsee/dsrk6/bin/ldapsearch -b cn=schema -v -h 127.0.0.1 -p 3880 -D "cn=Directory Manager" -w password "objectclass=*" > schema.txt
This command dumps the active schema to a file called
schema.txt
. You can search this file to confirm that it includes the expected "container" and "microfocus" attributeTypes and objectClasses.
- To create a default suffix for an example DIT:
- Enter the following command:
dsconf create-suffix -p 3880 dc=example,dc=com
The following information is displayed:
Enter "cn=Directory Manager" password:
- Specify the password.
- To confirm that the new suffix exists:
- Enter the following command:
dsconf list-suffixes -p 3880
The following information is displayed:
Enter "cn=Directory Manager" password:
- Specify the password.
The following information is displayed:
dc=example,dc=com
- To import the standard shipped example LDIF file.
- Enter the following command:
dsconf import -p 3880 /usr/local/dsee/ds6/ldif/Example.ldif dc=example,dc=com
The following information is displayed:
Enter "cn=Directory Manager" password:
- Specify the password.
The following information is displayed:
New data will override existing data of the suffix "dc=example,dc=com".
Initialization will have to be performed on replicated suffixes.
Do you want to continue [y/n] ?
- Press
'Y'
The following information is displayed:
## Index buffering enabled with bucket size 40
|
## Beginning import job...
|
## Processing file "/usr/local/dsee/ds6/ldif/Example.ldif"
|
## Finished scanning file "/usr/local/dsee/ds6/ldif/Example.ldif" (160 entries)
|
## Workers finished; cleaning up...
|
## Workers cleaned up.
|
## Cleaning up producer thread...
|
## Indexing complete.
|
## Starting numsubordinates attribute generation. This may take a while, please wait for further activity reports.
|
## Numsubordinates attribute generation complete. Flushing caches...
|
## Closing files...
|
## Import complete. Processed 160 entries in 4 seconds. (40.00 entries/sec)
|
Task completed (slapd exit code: 0).
|
- Refresh the LDAP browser to ensure that you can see the new DIT contents. There should be a new "example" DC, containing organizational units for groups and people.
- Add the standard Micro Focus containers:create a file
/home/hub/staff/example/mf-containers-sun.ldif containing the following:
dn: cn=Micro Focus,dc=example,dc=com
cn: Micro Focus
objectClass: container
dn: cn=Micro Focus,dc=example,dc=com
cn: Micro Focus
objectClass: container
dn: cn=Enterprise Server Users,cn=Micro Focus,dc=example,dc=com
cn: Enterprise Server Users
objectClass: container
dn: cn=Enterprise Server User Groups,cn=Micro Focus,dc=example,dc=com
cn: Enterprise Server User Groups
objectClass: container
dn: cn=MFDS Repository,cn=Micro Focus,dc=example,dc=com
cn: MFDS Repository
objectClass: container
- Add containers to the DIT:
- Enter the following command:
/usr/local/dsee/dsrk6/bin/ldapmodify -a -v -h 127.0.0.1 -p 3880 -D "cn=Directory Manager" -w password -f /home/hub/staff/example/mf-containers-sun.ldif
The following information is displayed:
bin_ldapmodify: started Wed Sep 19 16:31:26 2007
|
ldap_init( 127.0.0.1, 3880 )
|
add cn:
|
Micro Focus
|
add objectClass:
|
container
|
adding new entry cn=Micro Focus,dc=example,dc=com
|
modify complete
|
add cn:
|
Enterprise Server Resources
|
add objectClass:
|
container
|
adding new entry cn=Enterprise Server Resources,cn=Micro Focus,dc=example,dc=com
|
modify complete
|
add cn:
|
Enterprise Server Users
|
add objectClass:
|
container
|
adding new entry cn=Enterprise Server Users,cn=Micro Focus,dc=example,dc=com
|
modify complete
|
add cn:
|
Enterprise Server User Groups
|
add objectClass:
|
container
|
adding new entry cn=Enterprise Server User Groups,cn=Micro Focus,dc=example,dc=com
|
modify complete
|
add cn:
|
MFDS Repository
|
add objectClass:
|
container
|
adding new entry cn=MFDS Repository,cn=Micro Focus,dc=example,dc=com
|
modify complete
|
- Refresh the LDAP browser to ensure that you can see the new DIT contents. There should be a new "Micro Focus " container with the user "Enterprise Server" subcontainers.
- Add the Directory Server resources and users.
- Enter the following command:
mfds -e "cn=Micro Focus,dc=example,dc=com" "cn=Enterprise Server Users" "cn=Enterprise Server User Groups" "cn=Enterprise Server Resources" 2 "/home/hub/staff/example/mfds-users-sun.ldif"
Note:
There is no difference between the OpenLDAP and Sun syntax for the generated LDIF file, so no Directory Server changes have been required.
- Import the generated mfds_users_sun.ldif file.
- Enter the following command:
/usr/local/dsee/dsrk6/bin/ldapmodify -a -v -h 127.0.0.1 -p 3880 -D "cn=Directory Manager" -w password -f /home/hub/staff/example/mf-users-sun.ldif
- Refresh the LDAP browser to ensure that you can see the new DIT contents. The "Enterprise Server" subcontainers now contain the "Enterprise Server Administration", "schemaadmin" and "#"-prefixed Directory Server default user groups.
- In Directory Server, configure a new external security manager as follows:
Name
|
Sun Directory 6.1 machine-address:3880
|
Module
|
mldap_esm
|
Connection Path
|
machine-address:3880
|
Authorized ID
|
cn=Directory Manager
|
Description
|
Test Sun Directory ESM
|
Configuration Information
|
[LDAP]
|
|
Base=cn=Micro Focus,DC=example,dc=com
|
|
user container=CN=Enterprise Server Users
|
|
group container=CN=Enterprise Server User Groups
|
|
resource container=CN=Enterprise Server Resources
|
- Change the MF Server Directory Security Manager List to use this external security manager and turn on administrative security.