Changes between Version 1 and Version 2 of LDAPInstall


Ignore:
Timestamp:
06/02/13 07:17:58 (11 years ago)
Author:
uaguest_SPatel1@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • LDAPInstall

    v1 v2  
    6666Directory Server must be restarted for changes to take effect. 
    6767}}} 
     68 
     69 
     7010.  Restart directory 
     71 
     72{{{ 
     73[oracle@grinnell ~]$ /srv/dsee7/bin/dsadm restart /srv/servers/slapd-grouper-test 
     74Directory Server instance '/srv/servers/slapd-grouper-test' stopped 
     75Directory Server instance '/srv/servers/slapd-grouper-test' started: pid=17197 
     76}}} 
     77 
     7811.  Check config 
     79 
     80{{{ 
     81[oracle@grinnell ~]$ /srv/dsee7/bin/dsadm info /srv/servers/slapd-grouper-test/ 
     82Instance Path:     /srv/servers/slapd-grouper-test 
     83Owner:             oracle(oinstall) 
     84Non-secure port:   1389 
     85Secure port:       1636 
     86Bit format:        64-bit 
     87State:             Running 
     88Server PID:        17197 
     89DSCC url:          - 
     90Instance version:  D-A30 
     91}}} 
     92 
     9312.  Set server properties.   This is based on existing UA documentation the production directory servers. 
     94 
     95{{{ 
     96[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 look-through-limit:unlimited 
     97Enter "cn=Directory Manager" password: 
     98[oracle@grinnell ~]$ 
     99[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 pwd-check-enabled:on 
     100Enter "cn=Directory Manager" password: 
     101Enabling "pwd-check-enabled" property automatically sets the value of "pwd-accept-hashed-pwd-enabled" property to "off". 
     102[oracle@grinnell ~]$ 
     103[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 pwd-lockout-duration:30m 
     104Enter "cn=Directory Manager" password: 
     105[oracle@grinnell ~]$ 
     106[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 pwd-lockout-enabled:on 
     107Enter "cn=Directory Manager" password: 
     108[oracle@grinnell ~]$ 
     109[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 pwd-max-age:57w1d 
     110Enter "cn=Directory Manager" password: 
     111[oracle@grinnell ~]$ 
     112[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 pwd-max-failure-count:5 
     113Enter "cn=Directory Manager" password: 
     114[oracle@grinnell ~]$ 
     115[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 pwd-max-history-count:5 
     116Enter "cn=Directory Manager" password: 
     117[oracle@grinnell ~]$ 
     118[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 pwd-min-length:8 
     119Enter "cn=Directory Manager" password: 
     120[oracle@grinnell ~]$ 
     121[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 pwd-must-change-enabled:off 
     122Enter "cn=Directory Manager" password: 
     123[oracle@grinnell ~]$ 
     124[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 pwd-root-dn-bypass-enabled:on 
     125Enter "cn=Directory Manager" password: 
     126[oracle@grinnell ~]$ 
     127[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 pwd-user-change-enabled:off 
     128Enter "cn=Directory Manager" password: 
     129[oracle@grinnell ~]$ 
     130[oracle@grinnell ~]$  /srv/dsee7/bin/dsconf set-server-prop -p 1389 search-size-limit:unlimited 
     131Enter "cn=Directory Manager" password: 
     132}}} 
     133 
     13413.  Copy production schema.  (Assume that grinnell has a copy of the production "config" directory located at /srv/tmp/config.) 
     135 
     136{{{ 
     137mv /srv/servers/slapd-grouper-test/config/schema/99user.ldif /srv/tmp/99user.ldif.orig 
     138cp /srv/tmp/config/schema/99user.ldif /srv/servers/slapd-grouper-test/config/schema/ 
     139chown oracle:oinstall /srv/servers/slapd-grouper-test/config/schema/99user.ldif 
     140}}} 
     141 
     14214.  Configure attribute uniqueness plugin. 
     143 
     144{{{ 
     145[oracle@grinnell ~]$ /srv/dsee7/bin/dsconf create-plugin -p 1389 -H /srv/dsee7/lib64/uid-plugin.so -F NSUniqueAttr_Init -Y preoperation "ARSCSystemID Uniqueness" 
     146Enter "cn=Directory Manager" password: 
     147[oracle@grinnell ~]$ /srv/dsee7/bin/dsconf set-plugin-prop -p 1389 "ARSCSystemID Uniqueness" desc:"Enforce unique attribute values..." version:7.0 vendor:"Sun Microsystems, Inc." depends-on-type:database 
     148Enter "cn=Directory Manager" password: 
     149Directory Server must be restarted for changes to take effect. 
     150[oracle@grinnell ~]$ /srv/dsee7/bin/dsconf enable-plugin -p 1389 "ARSCSystemID Uniqueness" 
     151Enter "cn=Directory Manager" password: 
     152Directory Server must be restarted for changes to take effect. 
     153[oracle@grinnell ~]$ /srv/dsee7/bin/dsconf set-plugin-prop -p 1389 "ARSCSystemID Uniqueness" argument:"ARSCSystemID" argument:"dc=alaska,dc=edu" 
     154Enter "cn=Directory Manager" password: 
     155Directory Server must be restarted for changes to take effect. 
     156 
     157[oracle@grinnell ~]$ /srv/dsee7/bin/dsconf create-plugin -p 1389 -H /srv/dsee7/lib64/uid-plugin.so -F NSUniqueAttr_Init -Y preoperation "UASystemID Uniqueness" 
     158Enter "cn=Directory Manager" password: 
     159[oracle@grinnell ~]$ /srv/dsee7/bin/dsconf set-plugin-prop -p 1389 "UASystemID Uniqueness" desc:"Enforce unique attribute values..." version:7.0 vendor:"Sun Microsystems, Inc." depends-on-type:database 
     160Enter "cn=Directory Manager" password: 
     161Directory Server must be restarted for changes to take effect. 
     162[oracle@grinnell ~]$ /srv/dsee7/bin/dsconf enable-plugin -p 1389 "UASystemID Uniqueness" 
     163Enter "cn=Directory Manager" password: 
     164Directory Server must be restarted for changes to take effect. 
     165[oracle@grinnell ~]$ /srv/dsee7/bin/dsconf set-plugin-prop -p 1389 "UASystemID Uniqueness" argument:"UASystemID" argument:"dc=alaska,dc=edu" 
     166Enter "cn=Directory Manager" password: 
     167Directory Server must be restarted for changes to take effect. 
     168 
     169 
     170[oracle@grinnell ~]$ /srv/dsee7/bin/dsadm restart /srv/servers/slapd-grouper-test     
     171Directory Server instance '/srv/servers/slapd-grouper-test' stopped 
     172Directory Server instance '/srv/servers/slapd-grouper-test' started: pid=27485 
     173}}} 
     174 
     17515.  The top of the dse.ldif file contains ACIs.  Copy the ACIs from the production dse.ldif file to the dse.ldif file on grinnell at /srv/servers/slapd-grouper-test/config/dse.ldif. 
     176 
     177{{{ 
     178aci: (targetattr != "aci") (targetscope = "base") (version 3.0;  aci "Enable r 
     179 ead access to rootdse for anonymous users";  allow(read,search,compare) user 
     180 dn="ldap:///anyone"; ) 
     181aci: (targetattr = "*") (version 3.0;  acl "Enable full access for Administrat 
     182 ors group";  allow (all)(groupdn = "ldap:///cn=Administrators,cn=config"); ) 
     183aci: (targetattr = "userPassword") ( version 3.0; acl "allow userpassword self 
     184  modification";  allow (write) userdn = "ldap:///self";) 
     185aci: (targetattr = "*") (version 3.0; acl "Enable full access for Directory Se 
     186 rvices Managers"; allow (all)(userdn = "ldap:///cn=*,cn=Administrators,cn=ds 
     187 cc");) 
     188aci: (targetattr = "aci") (targetscope = "base") (version 3.0; acl "Enable roo 
     189 t ACI modification by Directory Services Managers"; allow (all)(userdn = "ld 
     190 ap:///cn=*,cn=Administrators,cn=dscc");) 
     191}}}