Fight­ing with the SUN LDAP server

At work we decid­ed to update our LDAP infra­struc­ture. From SUN Direc­to­ry Serv­er 5.2 to 6.3(.1). The per­son doing this is: me.

We have some require­ments for the appli­ca­tions we install, we want them in spe­cif­ic loca­tions so that we are able to move them between servers more eas­i­ly (no need to search all stuff in the entire sys­tem, just the gener­ic loca­tion and some stuff in /etc needs to be tak­en care of… in the best case). SUN offers the DSEE 6.3.1 as a pack­age or as a ZIP-distribution. I decid­ed to down­load the ZIP-distribution, as this implies less stuff in non-conforming places.

The instal­la­tion went OK. After the ini­tial hur­dles of search­ing the SMF man­i­fest ref­er­enced in the docs (a com­mand shall install it) but not find­ing them because the ZIP-distribution does not con­tain this func­tion­al­i­ty (I see no tech­ni­cal rea­son; I installed the man­i­fest by hand), I had the new serv­er up, the data import­ed, and a work­sta­tion con­fig­ured to use this new server.

The next step was to set­up a sec­ond serv­er for multi-master repli­ca­tion. The docs for DSEE tell to use the web inter­face to con­fig­ure the repli­ca­tion (this is pre­ferred over the com­mand line way). I am more a com­mand line guy, but OK, if it is that much rec­om­mend­ed, I decid­ed to give it a try… and the web inter­face had to be installed any­way, so that the less com­mand line affine peo­ple in our team can have a look in case it is needed.

The bad news, it was hard to get the webin­ter­face up and run­ning. In the pack­age dis­tri­b­u­tion all this is sup­posed to be very easy, but in the ZIP-distribution I stum­bled over a lot of hur­dles. The GUI had to be installed in the java appli­ca­tion serv­er by hand instead of the more auto­mat­ic way when installed as a pack­age. When fol­low­ing the instal­la­tion pro­ce­dure, the appli­ca­tion serv­er wants a pass­word to start the web inter­face. The pack­age ver­sion allows to reg­is­ter it in the solaris man­age­ment inter­face, the ZIP-distribution does not (direct access to it works, off course). Adding a serv­er to the direc­to­ry serv­er web inter­face does not work via the web inter­face, I had to reg­is­ter it on the com­mand line. Once it is reg­is­tered, not every­thing of the LDAP serv­er is acces­si­ble, e.g. the error mes­sages and sim­i­lar. This may or may not be relat­ed to the fact that it is not very clear which programs/daemons/services have to run, for exam­ple do I need to use the cacaoadm of the sys­tem, or the one which comes with DSEE? In my tests it looks like they are dif­fer­ent beasts inde­pen­dent from each oth­er, but I did not try all pos­si­ble com­bi­na­tions to see if this affects the behav­ior of the web inter­face or not.

All the prob­lems may be doc­u­ment­ed in one or two of the DSEE doc­u­ments, but at least in the instal­la­tion doc­u­ment there is not enough doc­u­men­ta­tion regard­ing all my ques­tions. Seems I have to read a lot more doc­u­men­ta­tion to get the web inter­face run­ning… which is a shame, as the man­age­ment inter­face which is sup­posed to make the admin­is­tra­tion more easy needs more doc­u­men­ta­tion than the prod­uct it is sup­posed to manage.

Oh, yes, once I had both LDAP servers reg­is­tered in the web inter­face, set­ting up the repli­ca­tion was very easy.

My own XMPP/Jabber server

In the last week I took some time to set­up my own jab­ber server.

I decid­ed to have a look at ejab­berd. Seems to be nice. The ini­tial con­fig  was done with­out a prob­lem. Then I tried to enable some addi­tion­al stuff and then the docs start­ed to be not clear enough. It seems you have to con­fig­ure addi­tion­al host names if you want to add e.g. the echo ser­vice and an ICQ trans­port. I tried first with just the name of the sys­tem, but this did not work out as expect­ed. Now I have sev­er­al DNS entries to the same sys­tem, just to be able to run a XMPP serv­er with some addi­tion­al fea­tures . The default set­tings of the trans­ports are also to lis­ten on local­host, instead of a real inter­face of the machine.

Not real­ly user­friend­ly, and the docs do not explic­it­ly tell that you have to have those addi­tion­al entries (it is some­how told implic­it­ly, but if you go this way for the first time, it may not be obvious).

To con­fig­ure access via an web fron­tend (via the http_bind/bochs exten­sion), the docs are also not very clear. It is easy to over­look that you have to make a change in the lis­ten part and in the mod­ules part. After get­ting every­thing right, all seems to work good. I already have sev­er­al users and it seems that they are sat­is­fied. The only “bad” thing is that pid­gin does not seem to give a nice UI to add your ICQ (or what­ev­er trans­port you have con­fig­ured addi­tion­al­ly) account. While pid­gin can do ICQ, peo­ple may use the webin­ter­face at some loca­tions, so it would be nice if pid­gin would sup­port this better.