LDAP : Building DSCC
Written by Greg King Sunday, 04 November 2012 00:00
|
DISCLAIMER: This document is nothing more than the musings of the author as he attempts to perform the stated tasks. Conclusions and approaches might very well be incorrect, inefficient or outside of professionally accepted best practices. Use this documentation at your own risk. In this documentation, screen outputs will be presented in green. Where keyboard input is required, the prompt will be as follows: # means you should enter this from the super user prompt, $ means you should be as a non-super user. command is the command you should type at the prompt. #ls -al means you should type ls -al at the super user prompt. |
The first step in building the DSCC is to initialize the DSCC registry
# /opt/SUNWdsee7/bin/dsccsetup ads-create
You will be asked to create a password during this process. The password will be the master password for your directory server, so don't forget it!
Now we will deploy the DSCC WAR file within Tomcat
# /opt/SUNWdsee7/bin/dsccsetup war-file-create
The directory server is installed in /opt/SUNWdsee7
The binary files are in /opt/SUNWdsee7/bin
Now will will register the DSCC agent with cacao
# /opt/SUNWdsee7/bin/dsccsetup cacao-reg
Now we check to see if it is working
# /opt/SUNWdsee7/bin/dsccsetup status
***
DSCC Agent is registered in Cacao
***
DSCC Registry has been created
Path of DSCC registry is /var/opt/SUNWdsee7/dcc/ads
Port of DSCC registry is 3998
***
So far, so good!
Now, we have to get Tomcat to start on reboot. To do this, we are going to create a manifest for SMF
# mkdir -p /var/svc/manifest/application/web
# vi tomcat.xml
paste the following into the vi input screen and save the file.
<?xml version="1.0"?>Now import the manifest
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!-- tomcat_srv.xml : Tomcat service manifest, Greg King-->
<service_bundle type='manifest' name='Tomcat55'>
<service name='application/web/tomcat' type='service' version='1'>
<single_instance /><exec_method
type='method'
name='start'
exec='/usr/apache/tomcat55/bin/startup.sh'
timeout_seconds='30' />
<exec_method
type='method'
name='stop'
exec='/usr/apache/tomcat55/bin/shutdown.sh'
timeout_seconds='30' />
<instance name="default" enabled="false"/>
<stability value='Unstable'/>
<template>
<common_name>
<loctext xml:lang='C'>Apache Tomcat 5.5.27</loctext>
</common_name>
<documentation>
<manpage title='tomcat' section='1' manpath='/usr/man' />
</documentation>
</template>
</service>
</service_bundle>
# svccfg import /var/svc/manifest/application/web/tomcat.xml
# svcadm enable tomcat
# svcs -a|grep tomcat
online* 21:49:54 svc:/application/web/tomcat:default
# export CATALINA_HOME=/usr/apache/tomcat55/
# export CATALINA_BASE=/var/apache/tomcat55/
# export JAVA_HOME=/usr/jdk/lastest
# echo $CATALINA_HOME
/usr/apache/tomcat55/
# echo $CATALINA_BASE
/var/apache/tomcat55/
# echo $JAVA_HOME
/usr/jdk/lastest
# svcadm disable tomcat
# export CATALINA_OPS="-Djava.awt.headless=true"
# mkdir $CATALINA_BASE/webapps/dscc7
# unzip -d $CATALINA_BASE/webapps/dscc7 /var/opt/SUNWdsee7/dscc7.war
# cd $CATALINA_BASE/conf
backup the web.xml file
# cp web.xml web.xml_old
now edit the web.xml file. Around line 242 you will see the jsp servlet block. Add the following into that file right above the </servlet> line.
<init-param>
<param-name>enablePooling</param-name>
<param-value>false</param-value>
</init-param>
and save the fileNow lets start starting services!
# dsadm start /var/opt/SUNWdsee7/dcc/ads
# svcadm enable tomcat
Ensure cacao will start on boot up
# cacaoadm enable
Ensure DSCC will start on bootup
# dsadm stop /var/opt/SUNWdsee7/dcc/ads
# dsadm enable-service -T SMF /var/opt/SUNWdsee7/dcc/ads
# dsadm start '/var/opt/SUNWdsee7/dcc/ads'
# svcs -a|grep ads
online 22:53:22 svc:/application/sun/ds7:ds7-var-opt-SUNWdsee7-dcc-ads
Now to create a directory for our users.
# dsadm create -h 10ADM -p 389 -P 636 /var/opt/SUNWdsee7/sl_users
Choose the Directory Manager password:
Confirm the Directory Manager password:
Use 'dsadm start '/var/opt/SUNWdsee7/sl_users'' to start the instance
# dsadm start '/var/opt/SUNWdsee7/sl_users'# dsadm list-running-instances
PID Instance path
---- ---------------------------
1100 /var/opt/SUNWdsee7/dcc/ads
1144 /var/opt/SUNWdsee7/sl_users
2 running instance(s) found
# dsadm info /var/opt/SUNWdsee7/sl_users/Instance Path: /var/opt/SUNWdsee7/sl_users
Owner: root(root)
Non-secure port: 389
Secure port: 636
Bit format: 64-bit
State: Running
Server PID: 1144
DSCC url: -
SMF application name: -
Instance version: D-A20
# dsconf create-suffix -h 10ADM -p 389 dc=wwwpages,dc=comCertificate "CN=10ADM, CN=636, CN=Directory Server, O=Sun Microsystems" presented by the server is not trusted.
Type "Y" to accept, "y" to accept just once, "n" to refuse, "d" for more details: y
Enter "cn=Directory Manager" password:
# dsccreg add-server -h 10ADM /var/opt/SUNWdsee7/sl_usersEnter DSCC administrator's password:
/var/opt/SUNWdsee7/sl_users is an instance of DS
Enter password of "cn=Directory Manager" for /var/opt/SUNWdsee7/sl_users:
This operation will restart /var/opt/SUNWdsee7/sl_users.
Do you want to continue ? (y/n) y
Connecting to /var/opt/SUNWdsee7/sl_users (using ldap://127.0.0.1:389)
Enabling DSCC access to /var/opt/SUNWdsee7/sl_users
Restarting /var/opt/SUNWdsee7/sl_users
Registering /var/opt/SUNWdsee7/sl_users in DSCC on 10ADM.
Enable the service to be started on bootup# dsadm stop /var/opt/SUNWdsee7/sl_users/
# dsadm enable-service -T SMF /var/opt/SUNWdsee7/sl_users/
# dsadm start '/var/opt/SUNWdsee7/sl_users'
now to build the ids. Note: This next process took 21 minutes on my Sun Blade 2500!
# /usr/lib/ldap/idsconfig (I accepted all of the defaults)
It is strongly recommended that you BACKUP the directory server before running idsconfig.
Hit Ctrl-C at any time before the final confirmation to exit.
Do you wish to continue with server setup (y/n/h)? [n] y
Enter the Directory Server's hostname to setup: 10ADM
Enter the port number for DSEE (h=help): [389]
Enter the directory manager DN: [cn=Directory Manager]
Enter passwd for cn=Directory Manager :
Enter the domainname to be served (h=help): [wwwpages.com]
Enter LDAP Base DN (h=help): [dc=wwwpages,dc=com]
Checking LDAP Base DN ...
Validating LDAP Base DN and Suffix ...
sasl/GSSAPI is not supported by this LDAP server
Enter the profile name (h=help): [default]
Default server list (h=help): [192.168.10.15]
Preferred server list (h=help):
Choose desired search scope (one, sub, h=help): [one]
The following are the supported credential levels:
1 anonymous
2 proxy
3 proxy anonymous
4 self
5 self proxy
6 self proxy anonymous
Choose Credential level [h=help]: [1]
Do you want the clients to follow referrals (y/n/h)? [n]
Do you want to modify the server timelimit value (y/n/h)? [n]
Do you want to modify the server sizelimit value (y/n/h)? [n]
Do you want to store passwords in "crypt" format (y/n/h)? [n]
Do you want to setup a Service Authentication Methods (y/n/h)? [n]
Client search time limit in seconds (h=help): [30]
Profile Time To Live in seconds (h=help): [43200]
Bind time limit in seconds (h=help): [10]
Do you want to enable shadow update (y/n/h)? [n]
Do you wish to setup Service Search Descriptors (y/n/h)? [n]
Summary of Configuration
1 Domain to serve : wwwpages.com
2 Base DN to setup : dc=wwwpages,dc=com
3 Profile name to create : default
4 Default Server List : 192.168.10.15
5 Preferred Server List :
6 Default Search Scope : one
7 Credential Level : anonymous
8 Authentication Method :
9 Enable Follow Referrals : FALSE
10 DSEE Time Limit :
11 DSEE Size Limit :
12 Enable crypt password storage : FALSE
13 Service Auth Method pam_ldap :
14 Service Auth Method keyserv :
15 Service Auth Method passwd-cmd:
16 Search Time Limit : 30
17 Profile Time to Live : 43200
18 Bind Limit : 10
19 Enable shadow update : FALSE
20 Service Search Descriptors Menu
Enter config value to change: (1-20 0=commit changes) [0]
WARNING: About to start committing changes. (y=continue, n=EXIT) y
1. Schema attributes have been updated.
2. Schema objectclass definitions have been added.
3. NisDomainObject added to dc=wwwpages,dc=com.
4. Top level "ou" containers complete.
5. automount maps: auto_home auto_direct auto_master auto_shared processed.
6. ACI for dc=wwwpages,dc=com modified to disable self modify.
7. Add of VLV Access Control Information (ACI).
8. Generated client profile and loaded on server.
9. Processing eq,pres indexes:
uidNumber (eq,pres) Processed 23 entries (100%), 2.3 entries/sec average.
ipNetworkNumber (eq,pres) Processed 23 entries (100%), 2.3 entries/sec average.
gidnumber (eq,pres) Processed 23 entries (100%), 2.3 entries/sec average.
oncrpcnumber (eq,pres) Processed 23 entries (100%), 2.3 entries/sec average.
automountKey (eq,pres) Processed 23 entries (100%), 2.3 entries/sec average.
10. Processing eq,pres,sub indexes:
ipHostNumber (eq,pres,sub) Processed 23 entries (100%), 2.3 entries/sec average.
membernisnetgroup (eq,pres,sub) Processed 23 entries (100%), 2.3 entries/sec average.
nisnetgrouptriple (eq,pres,sub) Processed 23 entries (100%), 2.3 entries/sec average.
11. Processing VLV indexes:
wwwpages.com.getgrent vlv_index Entry created
wwwpages.com.gethostent vlv_index Entry created
wwwpages.com.getnetent vlv_index Entry created
wwwpages.com.getpwent vlv_index Entry created
wwwpages.com.getrpcent vlv_index Entry created
wwwpages.com.getspent vlv_index Entry created
wwwpages.com.getauhoent vlv_index Entry created
wwwpages.com.getsoluent vlv_index Entry created
wwwpages.com.getauduent vlv_index Entry created
wwwpages.com.getauthent vlv_index Entry created
wwwpages.com.getexecent vlv_index Entry created
wwwpages.com.getprofent vlv_index Entry created
wwwpages.com.getmailent vlv_index Entry created
wwwpages.com.getbootent vlv_index Entry created
wwwpages.com.getethent vlv_index Entry created
wwwpages.com.getngrpent vlv_index Entry created
wwwpages.com.getipnent vlv_index Entry created
wwwpages.com.getmaskent vlv_index Entry created
wwwpages.com.getprent vlv_index Entry created
wwwpages.com.getip4ent vlv_index Entry created
wwwpages.com.getip6ent vlv_index Entry created
idsconfig: Setup of DSEE server 10ADM is complete.
Note: idsconfig has created entries for VLV indexes.
For DS5.x, use the directoryserver(1m) script on 10ADM
to stop the server. Then, using directoryserver, follow the
directoryserver examples below to create the actual VLV indexes.
For DSEE6.x or later, use dsadm command delivered with DS on 10ADM
to stop the server. Then, using dsadm, follow the
dsadm examples below to create the actual VLV indexes.
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getgrent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.gethostent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getnetent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getpwent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getrpcent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getspent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getauhoent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getsoluent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getauduent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getauthent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getexecent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getprofent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getmailent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getbootent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getethent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getngrpent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getipnent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getmaskent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getprent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getip4ent
directoryserver -s <server-instance> vlvindex -n wwwpages -T wwwpages.com.getip6ent
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getgrent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.gethostent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getnetent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getpwent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getrpcent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getspent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getauhoent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getsoluent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getauduent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getauthent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getexecent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getprofent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getmailent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getbootent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getethent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getngrpent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getipnent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getmaskent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getprent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getip4ent <directory-instance-path> dc=wwwpages,dc=com
<install-path>/bin/dsadm reindex -l -t wwwpages.com.getip6ent <directory-instance-path> dc=wwwpages,dc=com