Fight­ing with the SUN LDAP serv­er

At work we de­cided to up­date our LDAP in­fra­struc­ture. From SUN Dir­ect­ory Serv­er 5.2 to 6.3(.1). The per­son do­ing this is: me.

We have some re­quire­ments for the ap­plic­a­tions we in­stall, we want them in spe­cif­ic loc­a­tions so that we are able to move them between serv­ers more eas­ily (no need to search all stuff in the en­tire sys­tem, just the gen­er­ic loc­a­tion and some stuff in /​etc needs to be taken care of… in the best case). SUN of­fers the DSEE 6.3.1 as a pack­age or as a ZIP-​distribution. I de­cided to down­load the ZIP-​distribution, as this im­plies less stuff in non-​conforming places.

The in­stall­a­tion went OK. After the ini­tial hurdles of search­ing the SMF mani­fest ref­er­enced in the docs (a com­mand shall in­stall it) but not find­ing them be­cause the ZIP-​distribution does not con­tain this func­tion­al­ity (I see no tech­nic­al reas­on; I in­stalled the mani­fest by hand), I had the new serv­er up, the data im­por­ted, and a work­sta­tion con­figured to use this new serv­er.

The next step was to setup a second serv­er for multi-​master rep­lic­a­tion. The docs for DSEE tell to use the web in­ter­face to con­fig­ure the rep­lic­a­tion (this is pre­ferred over the com­mand line way). I am more a com­mand line guy, but OK, if it is that much re­com­men­ded, I de­cided to give it a try… and the web in­ter­face had to be in­stalled any­way, so that the less com­mand line af­fine people in our team can have a look in case it is needed.

The bad news, it was hard to get the webin­ter­face up and run­ning. In the pack­age dis­tri­bu­tion all this is sup­posed to be very easy, but in the ZIP-​distribution I stumbled over a lot of hurdles. The GUI had to be in­stalled in the java ap­plic­a­tion serv­er by hand in­stead of the more auto­mat­ic way when in­stalled as a pack­age. When fol­low­ing the in­stall­a­tion pro­ced­ure, the ap­plic­a­tion serv­er wants a pass­word to start the web in­ter­face. The pack­age ver­sion al­lows to re­gister it in the sol­ar­is man­age­ment in­ter­face, the ZIP-​distribution does not (dir­ect ac­cess to it works, off course). Adding a serv­er to the dir­ect­ory serv­er web in­ter­face does not work via the web in­ter­face, I had to re­gister it on the com­mand line. Once it is re­gistered, not everything of the LDAP serv­er is ac­cess­ible, e.g. the er­ror mes­sages and sim­il­ar. This may or may not be re­lated to the fact that it is not very clear which programs/​dae­mons/​services have to run, for ex­ample do I need to use the ca­caoadm of the sys­tem, or the one which comes with DSEE? In my tests it looks like they are dif­fer­ent beasts in­de­pend­ent from each oth­er, but I did not try all pos­sible com­bin­a­tions to see if this af­fects the be­ha­vi­or of the web in­ter­face or not.

All the prob­lems may be doc­u­mented in one or two of the DSEE doc­u­ments, but at least in the in­stall­a­tion doc­u­ment there is not enough doc­u­ment­a­tion re­gard­ing all my ques­tions. Seems I have to read a lot more doc­u­ment­a­tion to get the web in­ter­face run­ning… which is a shame, as the man­age­ment in­ter­face which is sup­posed to make the ad­min­is­tra­tion more easy needs more doc­u­ment­a­tion than the product it is sup­posed to man­age.

Oh, yes, once I had both LDAP serv­ers re­gistered in the web in­ter­face, set­ting up the rep­lic­a­tion was very easy.

3 thoughts on “Fight­ing with the SUN LDAP serv­er”

  1. Pingback: SUN OpenStorage presentation « The Daily BSD
  2. Thanks for the valu­able feed­back!

    When you have some time, would you mind hav­ing a look at the DSEE 7 In­stall­a­tion Guide (‑4807) and let­ting us know wheth­er this im­proves the user ex­per­i­ence, or wheth­er you feel that there are still changes to be made in this re­gard?

    Thanks again,
    Lana Frost (Dir­ect­ory Serv­er Doc­u­ment­a­tion Team)

    1. I re­viewed the DSEE 7 docs. Some parts are a little bit im­proved, but my main con­cerns are not ad­dressed (or can not be tested, as I do not have the DSEE 7 soft­ware). A more in deep re­view has been sent privately to the DSEE 7 doc­u­ment­a­tion team.

Leave a Reply

Your email address will not be published. Required fields are marked *