Sun Java System Directory Server 6.0 as an LDAP Naming Service: Part 1 – Installation and ConfigurationOctober, 2007 This document provides instructions for deploying Sun Java System Directory Server 6.0 as a naming service; Part 1 covers installation and configuration. How to Leave Comments or Tag Pages1. Register. |
|
The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.
Comments (12)
Nov 08, 2007
philforrest says:
I have a few problems following this example: in "Configuring the Sun Java We...I have a few problems following this example:
under Step 3: Create the suffix, there seems to be a typo. The command called for is:
However, the space after "bin" above causes the command to fail
Also, when I run this command immediately after DSEE6 installation (and after steps 1 and 2), I get:
Console service is already running
start: server (pid 11731) already running
Unable to bind securely on "myserver.mysubdomain.mycompany.tld:389".
The "create-suffix" operation failed on "myserver.mysubdomain.mycompany.tld:389".
The only way I can get this to work is to go into the DSCC (after enabling it) and creating the server first. This step is not mentioned in this example.
Nov 19, 2007
kperkins says:
The reader feedback above was incorporated into the article on BigAdmin. Check o...The reader feedback above was incorporated into the article on BigAdmin. Check out the revised article here.
Nov 21, 2007
screen1984 says:
"Environment Requirements There is no existing NIS/NIS+ environment." Is nis ..."Environment Requirements
Is nis migration possible? And what about auto.home files in your configuration?
thanks for your very intersting article
Nov 27, 2007
JoGersh says:
Thank you for your comment... An NIS migration is certainly possible. See many ...Thank you for your comment...
An NIS migration is certainly possible.
See many links and docs in the first bullet point "1. Configure Sun Java Directory Server" in this blog entry:
http://blogs.sun.com/jo/entry/integrating_microsoft_ad_unix_and
Especially these docs: http://docs.sun.com/app/docs/doc/816-4556/ldapsecure-1?a=viewread the section "NIS-to-LDAP Service Overview"
Secondly, auto.home is certainly possible and is well documented in the above links, but was not a use case for the bigadmin document.
Sincerely,
Jonathan Gershater
Jan 01, 2008
enriqueflores says:
In the "Tuning Settings" section, under the /etc/system settings, you list: set...In the "Tuning Settings" section, under the /etc/system settings, you list:
set tcp:tcp_conn_hash_size=32768
The tcp_conn_hash_size parameter is obsolete in Solaris 10. Is there an equivalent parameter that should be set?
Thanks.
-EHF
Jan 02, 2008
JoGersh says:
The following article mentions that tcp_conn_hash_size is now set dynamically ba...The following article mentions that tcp_conn_hash_size is now set dynamically based on memory detected at boot time and other details of Solaris10 networking, including some of the new fanout settings
http://www.sun.com/bigadmin/features/articles/solaris_networking.jsp
Jan 04, 2008
SolarisSAinPA says:
JSDS 6.2 Solaris10 UNIX User Authentication Over SSL Connection: I have UNIX Use...JSDS 6.2 Solaris10 UNIX User Authentication Over SSL Connection: I have UNIX User account authentication working in simple / simple;tls:simple - no other authenticationMethod works for me; using proxy credentialLevel. I have client machines able to communitcate to server via SSL. I can run ldapsearch from client specifying server, port 389 as target of search. When I disable server port 389 and restart server on port 636, UNIX user authentication no longer works. Client and server are still able to communicate via ssl (ldapsearch specifying server, port 636 works).
Your document shows creation of client profile using tls:simple authenticationMethod. My unix users cannot login to client when client is configured this way - I haven't been successful in making this work. I've tried with server running on 389 and 636. I'm equating tls with ssl - is that correct?
Have I missed something or is this setup - unix user authentication using ssl - not supported?
Thanks.
Jan 04, 2008
JoGersh says:
SolarisSAinPA, Port 389 is required even for clients over SSL, see here: http:/...SolarisSAinPA,
Port 389 is required even for clients over SSL, see here: http://blogs.sun.com/vl/entry/native_solaris_ldap_client_over
"Even if Directory Server is SSL configured, anyway non-secure port also MUST be open, moreover it MUST be default (389), otherwise ldap_cachemgr(1M) during its startup will be just keep querying 389 port (which is closed) for some time and eventually ends up with "maintenance" mode, of course ... "
You will find many resources in the forums:
example: http://forum.java.sun.com/thread.jspa?threadID=5138423&messageID=9521305
As for disabling port 389, here is a better alternative: http://www.directorymanager.org/blogs/disabling_non_ssl.html
regards,
Jonathan
Jan 30, 2008
virdee says:
Hi I have followed you guide to create a netgroup on Ds6.2. The netgroup has b...Hi
I have followed you guide to create a netgroup on Ds6.2. The netgroup has been created but now I am unabe to loginto the client using the user defined in the netgroup. Client is sol10, getent passwd returns the user defined in the netgroup but no other directory users. ID failes to retrieve user info and su failes along with login to the host. This all started to happen as soon as I updated my nsswitch.conf with the compat entries for passwd/group. Any ideas to why this is happening ??
Jan 30, 2008
JoGersh says:
Virdee, Thank you for viewing the article. The information you provided is insuf...Virdee,
Thank you for viewing the article.
The information you provided is insufficient to diagnose the problem. Logs, configuration & output is required...
Secondly, the forum is a better place to ask your question: http://forum.java.sun.com/forum.jspa?forumID=761
You may want to search the forum (& Internet in general)first to see if the question has been resolved.
thank you
Jonathan Gershater
May 15, 2008
Anonymous6 says:
the article gives no clues about creating system accounts (users that can login)...the article gives no clues about creating system accounts (users that can login).
the default user account that dcc offers you doesn't add any posix attributes (home, shell, uid, etc), so i needed to create a custom object, add posixaccount objectclass and use it as template when creating new entry.
May 15, 2008
JoGersh says:
hello Anonymous6 thanks for reading my paper Sun Java Directory Editor http://ww...hello Anonymous6
thanks for reading my paper
Sun Java Directory Editor http://www.sun.com/software/products/directory_srvr_ee/dir_editor/index.xml is a good tool to add posix users.