Basic Installation
First locate a system that meets Netscape''''s minimum requirements. Netscape Directory Server runs on several popular Unix platforms, including Sun Solaris, as well as on Microsoft Windows 2000 Server. Details of the specific system requirements can be found in the
Netscape Directory Server 6 Installation Guide . This chapter provides detailed installation instructions for Solaris and Microsoft Windows 2000 Server. Table 4.1 summarizes the system requirements for both.
Once you have located a suitable system, place a copy of the Netscape Directory Server 6 installation package on that computer. For production use you must purchase the software, in which case you receive the software on CD-ROM from Netscape. A full-featured version can also be downloaded for evaluation purposes from the AOL Strategic Business Solutions Netscape Enterprise Web site at http://enterprise.netscape.com. The remainder of this section assumes that you have placed the installation package in the /export directory on a system running Solaris 8 or on a Windows 2000 system in the root of the C: drive.
A basic installation of Netscape Directory Server requires three steps:
- Step 1. Extract and start the setup program.
- Step 2. Answer a series of installation questions.
- Step 3. Complete the installation and load data.
Requirement | ||
---|---|---|
System Feature | Solaris | Windows 2000 Server |
Operating system | Sun Solaris 8 with Sun''''s recommended patches | Windows 2000 Server or Advanced Server with Microsoft''''s latest service pack |
Processor | UltraSPARC or better | Pentium II or better |
Free disk space | 200MB | 200MB |
Free RAM | 256MB | 256MB |
Extraction utility | GNU zip (gzip) | Info-ZIP''''s UnZip, Nico Mak Computing''''s WinZip, or a similar utility to extract the contents of .zip files |
Installation package filename for version 6.01 | directory-6.01-us.sparc-sun-solaris2.8.tar.gz | d601diu.zip |
To allow the directory server to accept LDAP connections on a TCP port below 1024 (such as the standard port, 389), you must execute the installation as the system superuser (root) on Solaris. On Windows 2000 you should perform the installation as a user that has administrator privileges.
Extracting and Starting the Setup Program
To extract and launch the setup program on Solaris, execute these commands:
su root
mkdir /export/dsinstall
cd /export/dsinstall
gzip -dc ../directory-6.01-us.sparc-sun-solaris2.8.tar.gz | tar -xvof -
./setup
To do the same on Windows 2000, execute these commands from the Windows command prompt:
md \dsinstall
cd dsinstall
unzip c:\d601diu.zip
setup
Figure 4.1 shows the first screen that is presented by the Netscape setup program on Solaris.
Figure 4.1. The First Netscape Directory Server Setup Screen on Solaris

Answering Installation Questions
Netscape supports three installation modes:
Express .
Minimal options; used for product evaluation only.
Typical .
Recommended for most first-time installations.
Custom .
For advanced installations.
In this section the Typical mode is used, which is the default choice. The setup program presents a series of installation-related questions you must answer. On Solaris, follow these steps:
- Step 1. Accept the default answers on each setup screen (except on the license screen, where you must type "Yes") until you see a prompt for "Install Location." Type "/export/ds6".
- Step 2. Continue and accept the default answers on each setup screen until you see a prompt for "Directory Server Identifier." Type "example".
- Step 3. On the next screen, which asks for an "Administrator ID," accept the default ID of "admin" and choose a password (the password is case sensitive). The administrator identity is given full administrative rights to the configuration data in all directory servers.
- Step 4. The next screen asks for your directory suffix; this is the base DN, or
naming context , under which all of your directory''''s data resides (additional suffixes may be added later). Type "dc=example,dc=com" for the suffix. - Step 5. Accept the default directory manager DN on the next screen (cn=Directory Manager) and use the password "secret389" to ensure that the examples in the rest of this chapter work correctly.
- Step 6. Accept the default answers for the remaining setup questions.
You are done when you reach a screen that says, "Extracting Netscape core components." Wait for the setup program to finish placing the directory server files on the disk.
On Microsoft Windows, follow these steps:
- Step 1. Accept the default answers until you see a dialog box like the one shown in Figure 4.2 titled
Directory Server 6.0 Server Settings . Type in "example" as the server identifier, "389" as the server port, and "dc=example,dc=com" as the suffix (naming context).Figure 4.2. The Directory Server Settings Dialog Box on Windows
Note
By default, Netscape Directory Server is configured to listen for incoming LDAP connections on TCP port 389, and the commands shown in this chapter assume port 389. If another server is already installed that is using port 389, disable or uninstall the other server (which is probably another LDAP server) before installing the Netscape server. If that is not possible, specify a different port in Netscape''''s Directory Server settings dialog during installation and remember what you chose. Then adjust the LDAP commands used later in this chapter as necessary to specify the port you chose (most commands use port 389 by default). For example, if you choose port 3389 when installing the server, you need to add -p 3389 to the command-line parameters when issuing an ldapsearch or ldapmodify command. - Step 2. On the next dialog box, accept the default directory server administrator ID ("admin") and choose a password (the password is case sensitive).
- Step 3. Accept the defaults on the remaining dialog boxes, except for the "Directory Server Manager" dialog box, where you should use a password of "secret389" to ensure that the examples in the rest of this chapter work correctly.
- Step 4. When you arrive at the final
Configuration Summary screen, double-check that everything looks correct, and press the
Enter key or click the
Install button. - Step 5. Wait for the setup program to finish placing the directory server files on the disk.
Completing the Installation and Loading Sample Data
Once the files have been installed on the disk, the Netscape setup program automatically starts Directory Server as well as Administration Server, which is a specialized HTTP server. Netscape Directory Server can be configured and managed with a variety of command-line utilities or through use of a graphical point-and-click console interface named Netscape Console.
- Step 1. Start Netscape Console by double-clicking on the
Netscape Console icon on Microsoft Windows, or by typing these commands on Solaris:
cd /export/ds6
./startconsole
Netscape Console is a Java application, and it functions and looks the same on all platforms. Figure 4.3 shows the console login screen.Figure 4.3. The Netscape Console Login Screen
- Step 2. Log in with a user ID of "cn=Directory Manager" and a password of "secret389." Do not change the administration URL; it should be correct by default. After the main console window opens, expand the nodes within the
Servers and Applications topology tree on the left side of the window until you see a node labeled
Directory Server (example) . Double-click it. Figure 4.4 shows the Directory Server console window that opens.Figure 4.4. The Netscape Directory Server Console
- Step 3. Load some sample data from the Example.ldif file that Netscape ships with its directory server. Click the
Import Databases task button and type the path for the Example.ldif file. On Solaris, it is
/export/ds6/slapd-example/ldif/Example.ldif
On Microsoft Windows, the correct path is
C:\Netscape\Servers\slapd-example\ldif\Example.ldif - Step 4. Click the
OK button to import the data. You should see a message that reads "152 objects imported, 8 objects rejected." Ignore the rejected entries; the setup program created default entries with the same name as the eight rejected ones, and those entries will work for our purposes. The console import task does not overwrite existing data. After the data has been imported, use a text editor to look at the contents of the Example.ldif file. Listing 4.1 shows a few entries from Example.ldif.Listing 4.1 A Few Entries from Netscape''''s Example.ldif File
dn: dc=example,dc=com
objectclass: top
objectclass: domain
dc: example
aci: (target ="ldap:///dc=example,dc=com")(targetattr !=
"userPassword")(version 3.0;acl "Anonymous read-search access";
allow (read, search, compare)(userdn = "ldap:///anyone");)
aci: (target="ldap:///dc=example,dc=com") (targetattr =
"*")(version 3.0; acl "allow all Admin group"; allow(all) groupdn =
"ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";)
dn: ou=People, dc=example,dc=com
objectclass: top
objectclass: organizationalunit
ou: People
aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr =
"userpassword || telephonenumber || facsimiletelephonenumber")(version 3.0;
acl "Allow self entry modification";allow (write)(userdn = "ldap:///self");)
aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=
"cn || sn || uid")(targetfilter ="(ou=Accounting)")(version 3.0;
acl "Accounting Managers Group Permissions";allow (write) (groupdn =
"ldap:///cn=Accounting Managers,ou=groups,dc=example,dc=com");)
aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=
"cn || sn || uid")(targetfilter ="(ou=Human Resources)")(version 3.0;
acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR Managers,
ou=groups,dc=example,dc=com");)
aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=
"cn ||sn || uid")(targetfilter ="(ou=Product Testing)")(version 3.0;
acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA Managers,
ou=groups,dc=example,dc=com");)
aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=
"cn || sn || uid")(targetfilter ="(ou=Product Development)")(version 3.0;
acl "Engineering Group Permissions";allow (write)(groupdn = "ldap:///
cn=PD Managers,ou=groups,dc=example,dc=com");)
dn: uid=bjensen, ou=People, dc=example,dc=com
cn: Barbara Jensen
cn: Babs Jensen
sn: Jensen
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
L: Cupertino
uid: bjensen
mail: bjensen@example.com
telephonenumber: +1 408 555 1862
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 0209
userpassword: hifalutin
The aci attributes hold Netscape-specific access control information. The access control features of Netscape Directory Server are discussed later in this chapter. Finally, let''''s confirm that the sample data has been loaded. - Step 5. Click the
Directory tab near the top of the
Netscape Console window to see a tree view of the directory information tree (DIT). Click to expand the node labeled
example (which is a domain entry) and select the
People container (an organizationalUnit entry) by clicking on it. A list of user IDs will appear in the right-hand side of the window. The list contains the relative distinguished names (RDNs) of all the entries that are children of the ou=People,dc=example,dc=com entry. Double-click any ID to see the attributes of that person. Figure 4.5 shows bjensen''''s (Barbara Jensen''''s) entry.Figure 4.5. Viewing the Barbara Jensen Sample Entry
- Step 6. To see all of the LDAP attributes and values in tabular form, click the
Advanced... button.
Congratulations! You have managed to find first gear, pull away from the curb, and start the car moving down the street.