Alexander Leidinger

Just another weblog


Fight­ing with the SUN LDAP server

At work we decided to update our LDAP infra­struc­ture. From SUN Direc­tory Server 5.2 to 6.3(.1). The per­son doing this is: me.

We have some require­ments for the appli­ca­tions we install, we want them in spe­cific loca­tions so that we are able to move them between servers more eas­ily (no need to search all stuff in the entire sys­tem, just the generic loca­tion and some stuff in /etc needs to be taken care of… in the best case). SUN offers the DSEE 6.3.1 as a pack­age or as a ZIP-distribution. I decided to down­load the ZIP-distribution, as this implies less stuff in non-conforming places.

The instal­la­tion went OK. After the ini­tial hur­dles of search­ing the SMF man­i­fest ref­er­enced in the docs (a com­mand shall install it) but not find­ing them because the ZIP-distribution does not con­tain this func­tion­al­ity (I see no tech­ni­cal rea­son; I installed the man­i­fest by hand), I had the new server up, the data imported, and a work­sta­tion con­fig­ured to use this new server.

The next step was to setup a sec­ond server for multi-master repli­ca­tion. The docs for DSEE tell to use the web inter­face to con­fig­ure the repli­ca­tion (this is pre­ferred over the com­mand line way). I am more a com­mand line guy, but OK, if it is that much rec­om­mended, I decided to give it a try… and the web inter­face had to be installed any­way, so that the less com­mand line affine peo­ple in our team can have a look in case it is needed.

The bad news, it was hard to get the webin­ter­face up and run­ning. In the pack­age dis­tri­b­u­tion all this is sup­posed to be very easy, but in the ZIP-distribution I stum­bled over a lot of hur­dles. The GUI had to be installed in the java appli­ca­tion server by hand instead of the more auto­matic way when installed as a pack­age. When fol­low­ing the instal­la­tion pro­ce­dure, the appli­ca­tion server wants a pass­word to start the web inter­face. The pack­age ver­sion allows to reg­is­ter it in the solaris man­age­ment inter­face, the ZIP-distribution does not (direct access to it works, off course). Adding a server to the direc­tory server web inter­face does not work via the web inter­face, I had to reg­is­ter it on the com­mand line. Once it is reg­is­tered, not every­thing of the LDAP server is acces­si­ble, e.g. the error mes­sages and sim­i­lar. This may or may not be related to the fact that it is not very clear which programs/dae­mons/services have to run, for exam­ple do I need to use the cacaoadm of the sys­tem, or the one which comes with DSEE? In my tests it looks like they are dif­fer­ent beasts inde­pen­dent from each other, but I did not try all pos­si­ble com­bi­na­tions to see if this affects the behav­ior of the web inter­face or not.

All the prob­lems may be doc­u­mented in one or two of the DSEE doc­u­ments, but at least in the instal­la­tion doc­u­ment there is not enough doc­u­men­ta­tion regard­ing all my ques­tions. Seems I have to read a lot more doc­u­men­ta­tion to get the web inter­face run­ning… which is a shame, as the man­age­ment inter­face which is sup­posed to make the admin­is­tra­tion more easy needs more doc­u­men­ta­tion than the prod­uct it is sup­posed to manage.

Oh, yes, once I had both LDAP servers reg­is­tered in the web inter­face, set­ting up the repli­ca­tion was very easy.


Tags: , , , , , , , , ,

3 Responses to “Fight­ing with the SUN LDAP server”

  1. SUN OpenStorage presentation « The Daily BSD Says:

    […] Fight­ing with the SUN LDAP server […]

  2. Lana Frost Says:

    Thanks for the valu­able feedback!

    When you have some time, would you mind hav­ing a look at the DSEE 7 Instal­la­tion Guide (‑4807) and let­ting us know whether this improves the user expe­ri­ence, or whether you feel that there are still changes to be made in this regard?

    Thanks again,
    Lana Frost (Direc­tory Server Doc­u­men­ta­tion Team)

  3. netchild Says:

    I reviewed the DSEE 7 docs. Some parts are a lit­tle bit improved, but my main con­cerns are not addressed (or can not be tested, as I do not have the DSEE 7 soft­ware). A more in deep review has been sent pri­vately to the DSEE 7 doc­u­men­ta­tion team.

Leave a Reply