This section describes the steps you need to perform in order to configure Sun Java System Directory to use it as an Enterprise Server security manager and configuration repository. Micro Focus has developed and tested under Sun Java System Directory Server Enterprise Edition 6.1. Later revisions of Sun Java System Directory should be compatible with Enterprise Server Security Manager and Configuration Repository but this is not guaranteed. Micro Focus will review any issues found in later releases of Sun Java System Directory but cannot guarantee compatibility.
The commands in this section make the following assumptions:
You will need to change the commands if your installation uses settings other than these.
When configuring an external Security Manager connection on Solaris, it is possible to specify the use of the Sun-provided LDAP client module for LDAP communications with the external Security Manager. The following configuration text is required in the Security Manager Configuration Information area:
[LDAP] provider=/usr/lib/libldap.so
dsadm create -p 3880 /usr/local/dsee/var/example
The following information is displayed: Choose the Directory Manager password:
The following information is displayed: Confirm the Directory Manager Password
The following information is displayed: Use 'dsadm start '/usr/local/dsee/var/example'' to start the instance.
dsadm start /usr/local/dsee/var/example
The following information is displayed: Server started: pid=24879
dsadm info /usr/local/dsee/var/example
Instance Path | /usr/local/dsee/var/example |
Owner | hub(staff) |
Non-secure port | 3880 |
Secure port | 1636 |
Bit format | 64-bit |
State | Running |
Server PID | 24879 |
DSCC url | - |
SMF application name | - |
Instance version | D-A00 |
dn:cn=schema objectClasses:(1.2.840.113556.1.3.23 NAME 'container' SUP top STRUCTURAL MUST (cn))
mfds -l DC=X 3 /usr/local/dsee/var/example/config/schema/99microfocus.ldif
dsadm restart /usr/local/dsee/var/example
/usr/local/dsee/dsrk6/bin/ldapsearch -b cn=schema -v -h 127.0.0.1 -p 3880 -D "cn=Directory Manager" -w password "objectclass=*" > schema.txt
This command dumps the active schema to a file called schema.txt . You can search this file to confirm that it includes the expected "container" and "microfocus" attributeTypes and objectClasses.
dsconf create-suffix -p 3880 dc=example,dc=com
The following information is displayed: Enter "cn=Directory Manager" password:
dsconf list-suffixes -p 3880
The following information is displayed: Enter "cn=Directory Manager" password:
The following information is displayed: dc=example,dc=com
dsconf import -p 3880 /usr/local/dsee/ds6/ldif/Example.ldif dc=example,dc=com
The following information is displayed: Enter "cn=Directory Manager" password:
The following information is displayed:
New data will override existing data of the suffix "dc=example,dc=com".
Initialization will have to be performed on replicated suffixes.
Do you want to continue [y/n] ?
The following information is displayed:
## Index buffering enabled with bucket size 40 |
## Beginning import job... |
## Processing file "/usr/local/dsee/ds6/ldif/Example.ldif" |
## Finished scanning file "/usr/local/dsee/ds6/ldif/Example.ldif" (160 entries) |
## Workers finished; cleaning up... |
## Workers cleaned up. |
## Cleaning up producer thread... |
## Indexing complete. |
## Starting numsubordinates attribute generation. This may take a while, please wait for further activity reports. |
## Numsubordinates attribute generation complete. Flushing caches... |
## Closing files... |
## Import complete. Processed 160 entries in 4 seconds. (40.00 entries/sec) |
Task completed (slapd exit code: 0). |
dn: cn=Micro Focus,dc=example,dc=com cn: Micro Focus objectClass: container dn: cn=Micro Focus,dc=example,dc=com cn: Micro Focus objectClass: container dn: cn=Enterprise Server Users,cn=Micro Focus,dc=example,dc=com cn: Enterprise Server Users objectClass: container dn: cn=Enterprise Server User Groups,cn=Micro Focus,dc=example,dc=com cn: Enterprise Server User Groups objectClass: container dn: cn=MFDS Repository,cn=Micro Focus,dc=example,dc=com cn: MFDS Repository objectClass: container
/usr/local/dsee/dsrk6/bin/ldapmodify -a -v -h 127.0.0.1 -p 3880 -D "cn=Directory Manager" -w password -f /home/hub/staff/example/mf-containers-sun.ldif
The following information is displayed:
bin_ldapmodify: started Wed Sep 19 16:31:26 2007 |
ldap_init( 127.0.0.1, 3880 ) |
add cn: |
Micro Focus |
add objectClass: |
container |
adding new entry cn=Micro Focus,dc=example,dc=com |
modify complete |
add cn: |
Enterprise Server Resources |
add objectClass: |
container |
adding new entry cn=Enterprise Server Resources,cn=Micro Focus,dc=example,dc=com |
modify complete |
add cn: |
Enterprise Server Users |
add objectClass: |
container |
adding new entry cn=Enterprise Server Users,cn=Micro Focus,dc=example,dc=com |
modify complete |
add cn: |
Enterprise Server User Groups |
add objectClass: |
container |
adding new entry cn=Enterprise Server User Groups,cn=Micro Focus,dc=example,dc=com |
modify complete |
add cn: |
MFDS Repository |
add objectClass: |
container |
adding new entry cn=MFDS Repository,cn=Micro Focus,dc=example,dc=com |
modify complete |
mfds -e "cn=Micro Focus,dc=example,dc=com" "cn=Enterprise Server Users" "cn=Enterprise Server User Groups" "cn=Enterprise Server Resources" 2 "/home/hub/staff/example/mfds-users-sun.ldif"
There is no difference between the OpenLDAP and Sun syntax for the generated LDIF file, so no Directory Server changes have been required.
/usr/local/dsee/dsrk6/bin/ldapmodify -a -v -h 127.0.0.1 -p 3880 -D "cn=Directory Manager" -w password -f /home/hub/staff/example/mf-users-sun.ldif
Name | Sun Directory 6.1 machine-address:3880 |
Module | mldap_esm |
Connection Path | machine-address:3880 |
Authorized ID | cn=Directory Manager |
Description | Test Sun Directory ESM |
Configuration Information | [LDAP] |
Base=cn=Micro Focus,DC=example,dc=com | |
user container=CN=Enterprise Server Users | |
group container=CN=Enterprise Server User Groups | |
resource container=CN=Enterprise Server Resources |