Fight­ing with the Ora­cle Direc­to­ry Serv­er 7 (DSEE7) on Solaris 10 update 9

After mov­ing our sec­ondary man­age­ment site (our team is split up into 2 dif­fer­ent loca­tions) to a new build­ing, we decid­ed to clean-up some things. One of those things involves mov­ing the LDAP to a dif­fer­ent machine (more or less a new serv­er for the new site, it is inde­pen­dent regard­ing LDAP/homes/… from the pri­ma­ry site). While I am at it, I take the oppor­tu­ni­ty to move from DSEE5 to DSEE7 (my pre­vi­ous post about the DSEE6 migra­tion was at the pri­ma­ry site). This time I took the pack­age dis­tri­b­u­tion instead of the zip dis­tri­b­u­tion (the main rea­son is that I can get patch-listings with an auto­mat­ic tool, and the sec­ondary man­age­ment site has no disaster-recovery require­ments for the appli­ca­tions… we just will set­up a new sec­ondary site some­where else if necessary).

Here my expe­ri­ences with the instal­la­tion instruc­tions of DSEE7.

  • The install instruc­tions refer to the web inter­face for the DSEE7 man­age­ment, but I have not seen some­thing which tells you first have to set­up an appli­ca­tion serv­er (this was bet­ter in the DSEE6 instructions).
  • When using the Glass­fish appli­ca­tion serv­er which comes with Solaris 10 for the web inter­face, you will get an excep­tion after deploy­ing the dscc7.war, as it is using an out­dat­ed JVM. After some fight­ing and Googling, I found that I have to change the AS_JAVA val­ue in /usr/appserver/config/asenv.conf to a more recent JVM as it is point­ing to the very out­dat­ed j2se 1.4.x. I point­ed it to /usr/java (which is a sym­link to the most recent ver­sion installed as a pack­age). Instead of the orig­i­nal excep­tion I got anoth­er one now (after a redi­rec­tion in the web-browser), some­thing that it can not find the AntMain class (Glass­fish uses ANT from /usr/sfw, this is the one which comes with Solaris 10 update 9). I tried with Java 5 instead of Java 6, but I get the same error. In the net there are some dis­cus­sions about such errors (it is even a FAQ at the ANT site), but this Glassfish/DSEE7 thing is a black box for me, so what am I sup­posed to do here (I do not want to put the sys­tem into an unof­fi­cial state by installing my own ANT for Glassfish/DSEE7)?
    It was not men­tioned in the Appen­dix of the DSEE7 install instruc­tions which explains how to install the .war in Glass­fish that you have to change to a more recent JVM, and I still fight with the AntMain prob­lem (hey Ora­cle, there is room for improve­ment in the prod­uct com­pat­i­bil­i­ty test­ing and doc­u­men­ta­tion ver­i­fi­ca­tion process).

I will update this post­ing when I make some advance­ments. For now I let the web inter­face in the bad state as it is and con­cen­trate on fin­ish­ing the LDAP move to the new sys­tem (installing an DSEE on a back­up sys­tem, con­fig­ur­ing repli­ca­tion, switch­ing the clients to them). The web inter­face is inde­pen­dent enough to han­dle it lat­er (hints wel­come, that is the main pur­pose why I write this pos­ing in the mid­dle of the work).

Fight­ing with the SUN LDAP server

At work we decid­ed to update our LDAP infra­struc­ture. From SUN Direc­to­ry Serv­er 5.2 to 6.3(.1). The per­son doing this is: me.

We have some require­ments for the appli­ca­tions we install, we want them in spe­cif­ic loca­tions so that we are able to move them between servers more eas­i­ly (no need to search all stuff in the entire sys­tem, just the gener­ic loca­tion and some stuff in /etc needs to be tak­en care of… in the best case). SUN offers the DSEE 6.3.1 as a pack­age or as a ZIP-distribution. I decid­ed to down­load the ZIP-distribution, as this implies less stuff in non-conforming places.

The instal­la­tion went OK. After the ini­tial hur­dles of search­ing the SMF man­i­fest ref­er­enced in the docs (a com­mand shall install it) but not find­ing them because the ZIP-distribution does not con­tain this func­tion­al­i­ty (I see no tech­ni­cal rea­son; I installed the man­i­fest by hand), I had the new serv­er up, the data import­ed, and a work­sta­tion con­fig­ured to use this new server.

The next step was to set­up a sec­ond serv­er for multi-master repli­ca­tion. The docs for DSEE tell to use the web inter­face to con­fig­ure the repli­ca­tion (this is pre­ferred over the com­mand line way). I am more a com­mand line guy, but OK, if it is that much rec­om­mend­ed, I decid­ed to give it a try… and the web inter­face had to be installed any­way, so that the less com­mand line affine peo­ple in our team can have a look in case it is needed.

The bad news, it was hard to get the webin­ter­face up and run­ning. In the pack­age dis­tri­b­u­tion all this is sup­posed to be very easy, but in the ZIP-distribution I stum­bled over a lot of hur­dles. The GUI had to be installed in the java appli­ca­tion serv­er by hand instead of the more auto­mat­ic way when installed as a pack­age. When fol­low­ing the instal­la­tion pro­ce­dure, the appli­ca­tion serv­er wants a pass­word to start the web inter­face. The pack­age ver­sion allows to reg­is­ter it in the solaris man­age­ment inter­face, the ZIP-distribution does not (direct access to it works, off course). Adding a serv­er to the direc­to­ry serv­er web inter­face does not work via the web inter­face, I had to reg­is­ter it on the com­mand line. Once it is reg­is­tered, not every­thing of the LDAP serv­er is acces­si­ble, e.g. the error mes­sages and sim­i­lar. This may or may not be relat­ed to the fact that it is not very clear which programs/daemons/services have to run, for exam­ple do I need to use the cacaoadm of the sys­tem, or the one which comes with DSEE? In my tests it looks like they are dif­fer­ent beasts inde­pen­dent from each oth­er, but I did not try all pos­si­ble com­bi­na­tions to see if this affects the behav­ior of the web inter­face or not.

All the prob­lems may be doc­u­ment­ed in one or two of the DSEE doc­u­ments, but at least in the instal­la­tion doc­u­ment there is not enough doc­u­men­ta­tion regard­ing all my ques­tions. Seems I have to read a lot more doc­u­men­ta­tion to get the web inter­face run­ning… which is a shame, as the man­age­ment inter­face which is sup­posed to make the admin­is­tra­tion more easy needs more doc­u­men­ta­tion than the prod­uct it is sup­posed to manage.

Oh, yes, once I had both LDAP servers reg­is­tered in the web inter­face, set­ting up the repli­ca­tion was very easy.