| | 1 | This document explains the steps to install and configure the Oracle DSEE on grinnell. Note that the DSCC has not been configured on grinnell yet. |
| | 2 | |
| | 3 | 1. Install packages to help with debugging. |
| | 4 | |
| | 5 | |
| | 6 | {{{ |
| | 7 | yum install openldap-clients* |
| | 8 | yum install telnet |
| | 9 | yum install nmap |
| | 10 | }}} |
| | 11 | |
| | 12 | 2. Download the x86-64 bit version of Oracle Directory Server Enterprise Edition (11.1.1.7.0). |
| | 13 | |
| | 14 | 3. Extract contents into /var/tmp/ldap/. |
| | 15 | |
| | 16 | 4. The extracted contents contain a ZIP file called sun-dsee7.zip. Simply unzipping this file installs the Oracle DSEE. |
| | 17 | |
| | 18 | |
| | 19 | {{{ |
| | 20 | unzip -qq sun-dsee7.zip -d /srv/ |
| | 21 | }}} |
| | 22 | |
| | 23 | 5. Install required 32-bit packages. |
| | 24 | |
| | 25 | |
| | 26 | {{{ |
| | 27 | yum install libstdc++-4.4.7-3.el6.i686 |
| | 28 | }}} |
| | 29 | |
| | 30 | 6. Prepare creation of directory server instance. |
| | 31 | |
| | 32 | |
| | 33 | {{{ |
| | 34 | mkdir /srv/servers |
| | 35 | chown oracle /srv/servers/ |
| | 36 | su - oracle |
| | 37 | }}} |
| | 38 | |
| | 39 | 7. Create directory server instance |
| | 40 | |
| | 41 | {{{ |
| | 42 | [oracle@grinnell ~]$ /srv/dsee7/bin/dsadm create /srv/servers/slapd-grouper-test |
| | 43 | Choose the Directory Manager password: |
| | 44 | Confirm the Directory Manager password: |
| | 45 | Use command 'dsadm start '/srv/servers/slapd-grouper-test'' to start the instance |
| | 46 | }}} |
| | 47 | |
| | 48 | 8. Start instance |
| | 49 | |
| | 50 | |
| | 51 | {{{ |
| | 52 | [oracle@grinnell ~]$ /srv/dsee7/bin/dsadm start /srv/servers/slapd-grouper-test |
| | 53 | Directory Server instance '/srv/servers/slapd-grouper-test' started: pid=16604 |
| | 54 | }}} |
| | 55 | |
| | 56 | 9. Set ssl-cipher-family property. This is based on existing UA documentation the production directory servers. |
| | 57 | |
| | 58 | |
| | 59 | {{{ |
| | 60 | [oracle@grinnell ~]$ /srv/dsee7/bin/dsconf set-server-prop -h localhost -p 1389 ssl-cipher-family:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ssl-cipher-family:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ssl-cipher-family:TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ssl-cipher-family:TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA ssl-cipher-family:TLS_DHE_RSA_WITH_AES_256_CBC_SHA ssl-cipher-family:TLS_DHE_DSS_WITH_AES_256_CBC_SHA ssl-cipher-family:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ssl-cipher-family:TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ssl-cipher-family:TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ssl-cipher-family:TLS_RSA_WITH_AES_256_CBC_SHA ssl-cipher-family:TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ssl-cipher-family:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ssl-cipher-family:TLS_ECDHE_RSA_WITH_RC4_128_SHA ssl-cipher-family:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ssl-cipher-family:TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ssl-cipher-family:TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA ssl-cipher-family:TLS_DHE_DSS_WITH_RC4_128_SHA ssl-cipher-family:TLS_DHE_RSA_WITH_AES_128_CBC_SHA ssl-cipher-family:TLS_DHE_DSS_WITH_AES_128_CBC_SHA ssl-cipher-family:TLS_ECDH_RSA_WITH_RC4_128_SHA ssl-cipher-family:TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ssl-cipher-family:TLS_ECDH_ECDSA_WITH_RC4_128_SHA ssl-cipher-family:TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ssl-cipher-family:TLS_RSA_WITH_SEED_CBC_SHA ssl-cipher-family:TLS_RSA_WITH_CAMELLIA_128_CBC_SHA ssl-cipher-family:SSL_RSA_WITH_RC4_128_MD5 ssl-cipher-family:SSL_RSA_WITH_RC4_128_SHA ssl-cipher-family:TLS_RSA_WITH_AES_128_CBC_SHA ssl-cipher-family:TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ssl-cipher-family:TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ssl-cipher-family:SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA ssl-cipher-family:SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA ssl-cipher-family:TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ssl-cipher-family:TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ssl-cipher-family:SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA ssl-cipher-family:SSL_RSA_WITH_3DES_EDE_CBC_SHA ssl-cipher-family:SSL_CK_RC4_128_WITH_MD5 ssl-cipher-family:SSL_CK_RC2_128_CBC_WITH_MD5 ssl-cipher-family:SSL_CK_DES_192_EDE3_CBC_WITH_MD5 ssl-cipher-family:SSL_CK_DES_64_CBC_WITH_MD5 |
| | 61 | Certificate "CN=grinnell.alaska.edu, CN=1636, CN=Directory Server, O=Sun Microsystems" presented by the server is not trusted. |
| | 62 | Type "Y" to accept, "y" to accept just once, "n" to refuse, "d" for more details: Y |
| | 63 | Enter "cn=Directory Manager" password: |
| | 64 | Before setting SSL configuration, export Directory Server data. |
| | 65 | Do you want to continue [y/n] ? y |
| | 66 | Directory Server must be restarted for changes to take effect. |
| | 67 | }}} |
