Understanding and Deploying LDAP Directory Services, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Understanding and Deploying LDAP Directory Services, Second Edition [Electronic resources] - نسخه متنی

Timothy A. Howes, Mark C. Smith, and Gordon S. Good

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید








Basic Installation




First locate a system that meets Netscape''''s minimum requirements. Netscape Directory Server runs on several popular Unix platforms, including Sun Solaris, as well as on Microsoft Windows 2000 Server. Details of the specific system requirements can be found in the


Netscape Directory Server 6 Installation Guide . This chapter provides detailed installation instructions for Solaris and Microsoft Windows 2000 Server. Table 4.1 summarizes the system requirements for both.


Once you have located a suitable system, place a copy of the Netscape Directory Server 6 installation package on that computer. For production use you must purchase the software, in which case you receive the software on CD-ROM from Netscape. A full-featured version can also be downloaded for evaluation purposes from the AOL Strategic Business Solutions Netscape Enterprise Web site at http://enterprise.netscape.com. The remainder of this section assumes that you have placed the installation package in the /export directory on a system running Solaris 8 or on a Windows 2000 system in the root of the C: drive.


A basic installation of Netscape Directory Server requires three steps:




Step 1. Extract and start the setup program.



Step 2. Answer a series of installation questions.



Step 3. Complete the installation and load data.

















































Table 4.1. System Requirements for Running Netscape Directory Server




Requirement




System Feature




Solaris




Windows 2000 Server




Operating system




Sun Solaris 8 with Sun''''s recommended patches




Windows 2000 Server or Advanced Server with Microsoft''''s latest service pack




Processor




UltraSPARC or better




Pentium II or better




Free disk space




200MB




200MB




Free RAM




256MB




256MB




Extraction utility




GNU zip (gzip)




Info-ZIP''''s UnZip, Nico Mak Computing''''s WinZip, or a similar utility to extract the contents of .zip files




Installation package filename for version 6.01




directory-6.01-us.sparc-sun-solaris2.8.tar.gz




d601diu.zip



To allow the directory server to accept LDAP connections on a TCP port below 1024 (such as the standard port, 389), you must execute the installation as the system superuser (root) on Solaris. On Windows 2000 you should perform the installation as a user that has administrator privileges.


Extracting and Starting the Setup Program




To extract and launch the setup program on Solaris, execute these commands:



su root
mkdir /export/dsinstall
cd /export/dsinstall
gzip -dc ../directory-6.01-us.sparc-sun-solaris2.8.tar.gz | tar -xvof -
./setup


To do the same on Windows 2000, execute these commands from the Windows command prompt:



md \dsinstall
cd dsinstall
unzip c:\d601diu.zip
setup


Figure 4.1 shows the first screen that is presented by the Netscape setup program on Solaris.


Figure 4.1. The First Netscape Directory Server Setup Screen on Solaris




Answering Installation Questions




Netscape supports three installation modes:




  1. Express .
    Minimal options; used for product evaluation only.




  2. Typical .
    Recommended for most first-time installations.




  3. Custom .
    For advanced installations.





In this section the Typical mode is used, which is the default choice. The setup program presents a series of installation-related questions you must answer. On Solaris, follow these steps:




Step 1. Accept the default answers on each setup screen (except on the license screen, where you must type "Yes") until you see a prompt for "Install Location." Type "/export/ds6".



Step 2. Continue and accept the default answers on each setup screen until you see a prompt for "Directory Server Identifier." Type "example".



Step 3. On the next screen, which asks for an "Administrator ID," accept the default ID of "admin" and choose a password (the password is case sensitive). The administrator identity is given full administrative rights to the configuration data in all directory servers.



Step 4. The next screen asks for your directory suffix; this is the base DN, or


naming context , under which all of your directory''''s data resides (additional suffixes may be added later). Type "dc=example,dc=com" for the suffix.



Step 5. Accept the default directory manager DN on the next screen (cn=Directory Manager) and use the password "secret389" to ensure that the examples in the rest of this chapter work correctly.



Step 6. Accept the default answers for the remaining setup questions.





You are done when you reach a screen that says, "Extracting Netscape core components." Wait for the setup program to finish placing the directory server files on the disk.


On Microsoft Windows, follow these steps:




Step 1. Accept the default answers until you see a dialog box like the one shown in Figure 4.2 titled


Directory Server 6.0 Server Settings . Type in "example" as the server identifier, "389" as the server port, and "dc=example,dc=com" as the suffix (naming context).


Figure 4.2. The Directory Server Settings Dialog Box on Windows





Note


By default, Netscape Directory Server is configured to listen for incoming LDAP connections on TCP port 389, and the commands shown in this chapter assume port 389. If another server is already installed that is using port 389, disable or uninstall the other server (which is probably another LDAP server) before installing the Netscape server. If that is not possible, specify a different port in Netscape''''s Directory Server settings dialog during installation and remember what you chose. Then adjust the LDAP commands used later in this chapter as necessary to specify the port you chose (most commands use port 389 by default). For example, if you choose port 3389 when installing the server, you need to add -p 3389 to the command-line parameters when issuing an ldapsearch or ldapmodify command.



Step 2. On the next dialog box, accept the default directory server administrator ID ("admin") and choose a password (the password is case sensitive).



Step 3. Accept the defaults on the remaining dialog boxes, except for the "Directory Server Manager" dialog box, where you should use a password of "secret389" to ensure that the examples in the rest of this chapter work correctly.



Step 4. When you arrive at the final


Configuration Summary screen, double-check that everything looks correct, and press the


Enter key or click the


Install button.



Step 5. Wait for the setup program to finish placing the directory server files on the disk.




Completing the Installation and Loading Sample Data




Once the files have been installed on the disk, the Netscape setup program automatically starts Directory Server as well as Administration Server, which is a specialized HTTP server. Netscape Directory Server can be configured and managed with a variety of command-line utilities or through use of a graphical point-and-click console interface named Netscape Console.




Step 1. Start Netscape Console by double-clicking on the


Netscape Console icon on Microsoft Windows, or by typing these commands on Solaris:



cd /export/ds6
./startconsole

Netscape Console is a Java application, and it functions and looks the same on all platforms. Figure 4.3 shows the console login screen.


Figure 4.3. The Netscape Console Login Screen





Step 2. Log in with a user ID of "cn=Directory Manager" and a password of "secret389." Do not change the administration URL; it should be correct by default. After the main console window opens, expand the nodes within the


Servers and Applications topology tree on the left side of the window until you see a node labeled


Directory Server (example) . Double-click it. Figure 4.4 shows the Directory Server console window that opens.


Figure 4.4. The Netscape Directory Server Console





Step 3. Load some sample data from the Example.ldif file that Netscape ships with its directory server. Click the


Import Databases task button and type the path for the Example.ldif file. On Solaris, it is



/export/ds6/slapd-example/ldif/Example.ldif

On Microsoft Windows, the correct path is



C:\Netscape\Servers\slapd-example\ldif\Example.ldif

Step 4. Click the


OK button to import the data. You should see a message that reads "152 objects imported, 8 objects rejected." Ignore the rejected entries; the setup program created default entries with the same name as the eight rejected ones, and those entries will work for our purposes. The console import task does not overwrite existing data. After the data has been imported, use a text editor to look at the contents of the Example.ldif file. Listing 4.1 shows a few entries from Example.ldif.


Listing 4.1 A Few Entries from Netscape''''s Example.ldif File


dn: dc=example,dc=com
objectclass: top
objectclass: domain
dc: example
aci: (target ="ldap:///dc=example,dc=com")(targetattr !=
"userPassword")(version 3.0;acl "Anonymous read-search access";
allow (read, search, compare)(userdn = "ldap:///anyone");)
aci: (target="ldap:///dc=example,dc=com") (targetattr =
"*")(version 3.0; acl "allow all Admin group"; allow(all) groupdn =
"ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";)
dn: ou=People, dc=example,dc=com
objectclass: top
objectclass: organizationalunit
ou: People
aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr =
"userpassword || telephonenumber || facsimiletelephonenumber")(version 3.0;
acl "Allow self entry modification";allow (write)(userdn = "ldap:///self");)
aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=
"cn || sn || uid")(targetfilter ="(ou=Accounting)")(version 3.0;
acl "Accounting Managers Group Permissions";allow (write) (groupdn =
"ldap:///cn=Accounting Managers,ou=groups,dc=example,dc=com");)
aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=
"cn || sn || uid")(targetfilter ="(ou=Human Resources)")(version 3.0;
acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR Managers,
ou=groups,dc=example,dc=com");)
aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=
"cn ||sn || uid")(targetfilter ="(ou=Product Testing)")(version 3.0;
acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA Managers,
ou=groups,dc=example,dc=com");)
aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=
"cn || sn || uid")(targetfilter ="(ou=Product Development)")(version 3.0;
acl "Engineering Group Permissions";allow (write)(groupdn = "ldap:///
cn=PD Managers,ou=groups,dc=example,dc=com");)
dn: uid=bjensen, ou=People, dc=example,dc=com
cn: Barbara Jensen
cn: Babs Jensen
sn: Jensen
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
L: Cupertino
uid: bjensen
mail: bjensen@example.com
telephonenumber: +1 408 555 1862
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 0209
userpassword: hifalutin

The aci attributes hold Netscape-specific access control information. The access control features of Netscape Directory Server are discussed later in this chapter. Finally, let''''s confirm that the sample data has been loaded.



Step 5. Click the


Directory tab near the top of the


Netscape Console window to see a tree view of the directory information tree (DIT). Click to expand the node labeled


example (which is a domain entry) and select the


People container (an organizationalUnit entry) by clicking on it. A list of user IDs will appear in the right-hand side of the window. The list contains the relative distinguished names (RDNs) of all the entries that are children of the ou=People,dc=example,dc=com entry. Double-click any ID to see the attributes of that person. Figure 4.5 shows bjensen''''s (Barbara Jensen''''s) entry.


Figure 4.5. Viewing the Barbara Jensen Sample Entry





Step 6. To see all of the LDAP attributes and values in tabular form, click the


Advanced... button.





Congratulations! You have managed to find first gear, pull away from the curb, and start the car moving down the street.



/ 241