IDS 5.x: Is a separate configuration directory server instance even needed?

Similar Messages

• Use of configuration directory server

  Maybe this is a dumb question but since I dont know the answer:
  Does one need to buy a production license of the Directory Server to use as a configuration directory server?
  I will have six web servers in my production environment. But only one or two admin user accounts for secure access.
  Thank,
  -amit

  Both 2005Q1 and 2005Q4 are considered 6.2. I would
  use 2005Q4. Actually, I DID use 2005Q4.
  Why use bits that are already superceeded? Is it the
  cost of 4 CD's?So, can this happen in two separate stages?:
  1. First upgrade all directory servers to 5.2p4 and migrate the current messaging server 5.2 configuration.
  2. At a later date, once directory services have been upgraded and are stable, the upgrade of the messaging server can be done.
  Thanks

• Error configure directory server 5.2

  Hi,
  I'm getting this error when doing issuing
  bash-3.00# directoryserver configure
  after installing Directory Server with Configure Later option
  [slapd-elara]: starting up server ...
  [slapd-elara]: [29/Aug/2009:10:40:37 +0100] - Sun Java(TM) System Directory
  Server/5.2_Patch_4 B2005.230.0041 (64-bit) starting up
  [slapd-elara]: [29/Aug/2009:10:40:38 +0100] - Listening on all interfaces port
  389 for LDAP requests
  [slapd-elara]: [29/Aug/2009:10:40:38 +0100] - slapd started.
  Your new directory server has been started.
  error: can't bind to server:Unable to bind to server. (Invalid credentials (49)
  returned from ldap_simple_bind_s(cn=Directory Manager))
  Could not configure server.
  Configuration of the Directory Server failed.
  Error Directory Server configuration failure
  Error Configuration of the server(s) failed.
  Can someone give me a hint?
  Best regards

  Problem solved.
  1 - uninstalled Directory Server
  /var/sadm/prod/SUNWds-entsys4/uninstall
  2 - removed all the packages used in a manual instalation
  for i in SUNWasha SUNWasvc SUNWasvcp SUNWasvr SUNWasvu SUNWdsha SUNWdsvcp SUNWdsvh SUNWdsvhx SUNWdsvpl SUNWdsvr SUNWdsvu SUNWdsvx SUNWicu SUNWicux SUNWjss SUNWldk SUNWldkx SUNWpr SUNWprx SUNWsasl SUNWsaslx SUNWtls SUNWtlsx; do echo $i;pkgrm $i;done
  3 - re-install it with configure later option
  java_es_05Q4_directory/Solaris_sparc/installer
  4 - Configure Directory Server
  directoryserver -u 5.2 configure
  5 - Configure Administration Server
  mpsadmserver configure
  And everything started working.

• Unxpected error"FAILED TO START DIRECTORY SERVER INSTANCE

  hi
  i was trying to install sun DS 6.3 in my system,everything is going good but while creating directory instance i get errors saying Unxpected error
  "FAILED TO START DIRECTORY SERVER INSTANCE"
  C:/DSEE/VAR/DSCC6/DCC/ADS
  aftre that i get some errors showing
  at "com.sun.directory.dcc.cli.setup.cmd ads create.perform<cmdadscreate.java:129>
  com.sun.directory.dcc.cli.setup.cmd ads create.perform<cmdadscreate.java:59>
  com.sun.directory.dcc.cli.setup.cmd ads create.perform<cmdadscreate.java:35>
  com.sun.directory.dcc.cli.setup.cmd ads create.perform<cmdadsinitialize.java:55>
  ..... and few more errors displaying.
  before that i start up dsccsetup/initialize
  it asks for directory manager password:nnnn
  reenter directory manager password:nnnn
  after that i get the above errors
  at the end it says
  "Software installation is corrupted or incomplete"
  i appreciate if someone can help me in this issue.

  hi,
  thanks for the reply,
  actually i havent known whats the certificate database password,as i'm new to DS 6.3,its hard for me,
  and i installed tomcat 5.0.28,and jva,jre 1,6 ,and i get the when i setup installation it goes fine when i ask for dsccsetup initialize it asks for the token
  A PIN IS REQUIRED TO ACCESS, i tried the same in other system with tomcat 5.5 with same OS XP it goes fine with no errors,i'm not sure that it may be caused by tomcat version,but still will be happy for your suggestion,
  thanking you,
  sasi

• Errors while installation "Failed to start Directory server instance"

  hi
  i was trying to install sun DS 6.3 in my system,everything is going good but while creating directory instance i get errors saying Unxpected error
  "FAILED TO START DIRECTORY SERVER INSTANCE"
  C:/DSEE/VAR/DSCC6/DCC/ADS
  before that i start up dsccsetup/initialize
  it asks for directory manager password:nnnn
  reenter directory manager password:nnnn
  after that i get the above errors
  at the end it says
  "Software installation is corrupted or incomplete"
  i appreciate if someone can help me in this issue.

  Enterprise Linux is designed for industry standard server hardware. It supports a limited and well known range of peripherals in order to provide commercial support and high reliability.
  If you need Linux for any Laptop or Desktop PC, choose a Desktop Linux distribution, like Ubuntu, Fedora, Debian, etc.
  Your best option to run Enterprise Linux on non supported hardware is to use hardware virtualization like free Oracle Virtualbox. More information see http://www.oracle.com/technetwork/community/developer-vm/index.html. IMO, there is no compelling reason to try to install Enterprise Linux using dual boot or relying on 3rd party driver software.

• Can't start Directory Server instance

  I just installed DSEE 6.2 and DSCC on a SPARC based Solaris 10 server. After following the Sun installation guide and accessing the DSCC panel, I tried to start a directory server instance. After entering all of the parameters, I cannot get the server instance started due to the following error.
  Could not contact the DSCC agent on ldap. Use the command cacaoadm to check that the DSCC agent is installed and running on port 11162.
  After this I verified the that cacaoadm was in fact running and operating on port 11162. I then tried changing the port numbers, and received the same error (although on a different port number). Can anyone advise me on a course of action to get this directory server up and running?
  Thanks

  Here is the dir listing:
  -rw------- 1 nobody nobody 0 Oct 28 20:37 import
  -rw------- 1 nobody nobody 16384 Oct 28 20:37 NetscapeRoot_uniquemember.db3
  -rw------- 1 nobody nobody 41 Oct 28 20:37 DBVERSION
  -rw------- 1 nobody nobody 16384 Oct 28 22:21 NetscapeRoot_uid.db3
  -rw------- 1 nobody nobody 16384 Oct 28 22:21 NetscapeRoot_sn.db3
  -rw------- 1 nobody nobody 16384 Oct 28 22:21 NetscapeRoot_givenName.db3
  -rw------- 1 nobody nobody 16384 Oct 31 09:55 NetscapeRoot_parentid.db3
  -rw------- 1 nobody nobody 16384 Oct 31 09:55 NetscapeRoot_objectclass.db3
  -rw------- 1 nobody nobody 16384 Oct 31 09:55 NetscapeRoot_numsubordinates.db3
  -rw------- 1 nobody nobody 90112 Oct 31 09:55 NetscapeRoot_nsuniqueid.db3
  -rw------- 1 nobody nobody 204800 Oct 31 09:55 NetscapeRoot_entrydn.db3
  -rw------- 1 nobody nobody 81920 Oct 31 09:55 NetscapeRoot_cn.db3
  -rw------- 1 nobody nobody 40960 Oct 31 09:55 NetscapeRoot_ancestorid.db3
  -rw------- 1 nobody nobody 16384 Oct 31 09:55 NetscapeRoot_aci.db3
  -rw------- 1 nobody nobody 942080 Oct 31 10:14 NetscapeRoot_id2entry.db3

• Separate configuration directory?

  Is it a common practice to store the directory configuration on another directory server? I seem to have more reasons to do this now.
  If you use a separate directory for directory configuration, how do you do failover? I could set up 2 configuration servers and enable replication but if all my servers are pointed to one and it fails, how do you get them to point to the second server? Is there a way to have automatic failover? Is there a way to manually set the servers to point to the second one?

  Is it a common practice to store the directory
  configuration on another directory server? I seem to
  have more reasons to do this now.
  If you use a separate directory for directory
  configuration, how do you do failover? I could set up
  2 configuration servers and enable replication but if
  all my servers are pointed to one and it fails, how
  do you get them to point to the second server? Is
  there a way to have automatic failover? Is there a
  way to manually set the servers to point to the
  second one?We have two instances on the same directory server, one for the config info (slapd-config) and the other for our actual data (slapd-data). We have four servers, two masters, two consumers, set up in this manner. The config info is not replicated between the the servers, while our actual data is. It is not recommended that you replicate the configuration information between different directory servers. It is a bit of a pain to have to make changes on 4 servers, but it is not overly onerous. If you have more servers such that making changes would take a long time, you could figure out the ldif needed to make the change and script it rather than using the console.
  If you were to have a single config directory, rather than failover, create a multi-master replica and put it behind a load balancer. The load balancer should be able to do a helath chack and send requests to an active host.

• Purpose of Separate Configuration Directory

  I know that Sun best practices recommend that the configuration directory instance be separated (placed on a different physical server) in a directory environment.
  Other than the ability to manage all directories in a single administration domain, what does this accomplish?
  Is there anything in a replicated multi-master environment that would require such a setup, with all master and consumer instances pointing to the same configuration directory?
  Is it possible to set up a replicated multi-master environment with configuration directories on each individual server?
  When do "user" directories need to access the configuration directory instance, other than during initial setup? If the configuration directory is on the WAN relative to a user directory, could inability to access the config directory prevent the user directory from starting/stopping/accepting requests/otherwise functioning?
  Thanks in advance.

  I don't disagree, however I think you can go too far. If everything is in one o=netscapeRoot, it's like putting all your eggs in one basket. If you loose that directory, you loose console access on all SunOne instances. And while having a multi-master config directory aleviates the problem somewhat, usually loosing the config directory does not occurr because of a hardware problem - rather user error or an upgrade gone bad - and the error usually replicates just fine. Backups are key before any operations that changes or could potentially chage the config instance. Personally I like to have one config instance per <Server Root>. It does not take much in resources.

• Configuring Directory server control center after installation..

  Hi,
  We have already installed Sun Java Communication Suite 6.0 on a Sun solaris 10 machine along with Directory Server.
  During installation , we have skipped the directory server control center component. How do we select the same after the installation?
  Any addition inputs for configuration of Directory server control center will be helpful.
  Thanx in advance....
  Edited by: ashish0_0 on Nov 18, 2007 9:40 PM

  Hi,
  We have already installed Sun Java Communication Suite 6.0 on a Sun solaris 10 machine along with Directory Server.
  During installation , we have skipped the directory server control center component. How do we select the same after the installation?
  Any addition inputs for configuration of Directory server control center will be helpful.
  Thanx in advance....
  Edited by: ashish0_0 on Nov 18, 2007 9:40 PM

• Move Configuration directory server

  We are in the process of transitioning from DS5.2 to DS6.3.1. A few of the consumers will be remaining at 5.2 level for some time (budget reasons). Currently they all have their configuration stored on one of our 5.2 masters. When the time comes to take down this old master we'd like to move the configuration directory (the o=NetscapeRoot information) to the individual consumers. Anyone know how to get the config for a particular consumer, upload it (to a file or a newly created o=netscaproot on the consumer), and the configure the admin server to look for it in the new location?
  Thanks for any help.

  Thanks,
  Yes, I do think it will be better to take the whole NetscapeRoot tree instead of trying to get just the host specific data now that I think about it. But the other question of getting the admin servers on the consumers to look for their info in the new location - I tried editing {install-root}/admin-serv/config/adm.conf and changing the 'ldaphost' line to a new host, but even after restart it kept going to the old server. Any ideas on getting this to change?

• How to Configure Directory Server 6 In configure later mode

  Hi ,
  I would like to know how to configure the directory server in configure later mode.
  I have done it in JES4 using the directoryserver command. Which is the command to be used in JES5 for configuring the directory server after the binaries are installed.
  It would be great if anyone could refer me to the documentation for the configure later mode.
  Thanks,

  There has been quite a few posts on blogs.sun.com with regards to configuring DS instances after installation.
  It is part of the installation guide as far as I can remember.
  Check <http://blogs.sun.com/marginNotes/entry/the_version_6_cli%3A_getting>
  Regards
  Ludovic,

• Directory Server Instances

  We are running Sun Directory Server 5 as part of our messageing server on RHEL 4. These systems are in development as a replacement for Netscape 4.X messageing servers that are being used onboard NOAA's research vessel fleet.
  Is there any way to configure mutilple instances of Directory Server on a single Linux platform (without virtualization)?
  Our email systems that are operated aborad reseach vessels may, or may not, have a internet connection while underway; even if they do the bandwith is typically limited to 128KBS per vessel (no directory replication possible).
  As a result we have a requirement to host one directory for the local users on the ship and a second instance that holds the addresses of all
  non local users in the enterprise mail system (Basically a lookup directiry). We periodicly overwrite the second instance (lookup directory) by importing an LDIF file from our shore based systems. Both instances of the Netscape Directory Server run on a single host, using port 389 and port 390.
  Can we configure Sun Directory Server is a similar manner?
  Note:
  We use a custom MTA system to transport the email messages between ship and shore via cell phone, sat phones Inmarsat or sattelitte based WAN connectivity, dependant upon the ship's communications equipment suite. The MTA system provides ship to shore email services as long as one communications system is available.

  Yes you can have multiple intances running.
  You can either start each instance on different port, or
  setup an interface alias (ifconfig eth0:1 IP netmask NETMASK)
  and start the second instance on that IP only.
  I agree with the_dude to go for DS 6.3.
  On 6.3 you can specify the listening interface/ports by using the commands
  dsconf set-server-prop listen-address:127.0.0.1
  dsconf set-server-prop listen-address+:192.168.1.1
  dsconf set-server-prop secure-listen-address:127.0.0.1
  dsconf set-server-prop secure-listen-address+:192.168.1.1
  dsconf set-server-prop ldap-port:389
  dsconf set-server-prop ldap-secure-port:636
  hope it helps,
  Giannis

• Enable plugin - sasl plugin fails i.e directory server instance crashes

  When enabling SASL or password storage plugin in Directory Server 6.3 on restarting the server the server crashes i.e it fails to restart.

  Hi,
  What error message do you get ?
  Which OS ?
  Is this a fresh install of 6.3 or a patch over existing instance ?
  Regards,
  Ludovic.

• Under Sun Directory Server, is phpLDAPadmin needed?

  We use Sun Directory Server 6.3. Do we need phpLDAPadmin? What are the advantages and disadvantages to use?
  Thank you in advance!

  As far as I know, PLA is just a web app that provides you an LDAP client interface, as well as Apache Directory Studio.
  You do not needed any LDAP client interface to administer Sun Directory Server 6.3, in theory (and if you like) you have all the available options via command line (dsadm, dsconf, ldapsearch/ldapmodify), but of course a GUI is something that may ease your tasks.
  Personally I can't see any specific advantages or disadvantages in using a given interface instead of another: it depends on which one fits better to your needs.
  regards,
  marco

• Directory Server SMF tripping over itself (crosspost)

  I've posted this question in the SMF related forum too, so if replies could go there, that would be handy: [http://forums.sun.com/thread.jspa?messageID=10940406]
  We have a working instance of DSEE6.3.1 under Solaris 10 managed via SMF (using the manifest generated by dsadm/dscfg -- I forget which).
  # svcs -a | grep ldap-user
  online         10:47:08 svc:/application/sun/ds:ds--data-ldap-user-instanceAfter a forced shutdown, DSEE starts up and does a self-recovery (as it should). When that's complete, the slapd process is running and the startup script exits with status 221 (ie. Not 0) -- however slapd is running.
  SMF notices that it's !0 and tries to restart DSEE... by issuing another start. This second start then exits almost immediately saying "slapd already running" but this time exits with 0 -- are we ok? No... cos SMF then notices that all the processes it just started have gone away so it calls "stop" followed by another "start".
  This is where it gets a bit hazy as it looks like DSEE never shut down cleanly again so the whole process repeats itself ad infinitum (although I suspect that's a separate issue). :-(
  I guess what I'm asking is -- is there a way to stop SMF from doing that: perhaps treat exit=221 as non-fatal and perform a service check?
  Log file below:
  [ Feb 26 21:40:42 Enabled. ]
  [ Feb 26 21:40:50 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
  Failed to start Directory Server instance '/data/ldap/user/instance'
  Waiting for Directory Server instance '/data/ldap/user/instance' to start...
  Waiting for Directory Server instance '/data/ldap/user/instance' to start...
  Waiting for Directory Server instance '/data/ldap/user/instance' to start...
  Waiting for Directory Server instance '/data/ldap/user/instance' to start...
  Directory Server instance '/data/ldap/user/instance' has detected a disorderly shutdown or a change in cache
  size
  Recovery phase is starting, this may take a while...
  Waiting for Directory Server instance '/data/ldap/user/instance' to start...
  Waiting for Directory Server instance '/data/ldap/user/instance' to start...
  Waiting for Directory Server instance '/data/ldap/user/instance' to start...
  Waiting for Directory Server instance '/data/ldap/user/instance' to start...
  Waiting for Directory Server instance '/data/ldap/user/instance' to start...
  Waiting for Directory Server instance '/data/ldap/user/instance' to start...
  Waiting for Directory Server instance '/data/ldap/user/instance' to start...
  ns-slapd wrote the following lines in the error log (/data/ldap/user/instance/logs/errors):
  ##[26/Feb/2010:22:00:07 +0000] - Sun-Java(tm)-System-Directory/6.3.1 B2008.1121.0156 (64-bit) starting up
  ##[26/Feb/2010:22:00:09 +0000] - WARNING<20488> - Backend Database - conn=-1 op=-1 msgId=-1 -  Detected Diso
  rderly Shutdown last time Directory Server was running, recovering database.
  ##[26/Feb/2010:22:01:38 +0000] - Database recovery is 0% complete.
  ##[26/Feb/2010:22:01:51 +0000] - Database recovery is 100% complete.
  ##[26/Feb/2010:22:01:59 +0000] - WARNING<20805> - Backend Database - conn=-1 op=0 msgId=-1 -  search is not
  indexed base='cn=changelog' filter='(replicationcsn>=4b87f656000000000000)' scope='sub'
  [ Feb 26 22:02:17 Method "start" exited with status 221 ]
  [ Feb 26 22:02:17 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
  Directory Server instance '/data/ldap/user/instance' is already running (pid: 352)
  [ Feb 26 22:02:18 Method "start" exited with status 0 ]
  [ Feb 26 22:02:18 Stopping because all processes in service exited. ]
  [ Feb 26 22:02:18 Executing stop method ("/opt/SUNWdsee/ds6/bin/dsadm stop --exec /data/ldap/user/instance")
  Directory Server instance '/data/ldap/user/instance' stopped
  [ Feb 26 22:02:20 Method "stop" exited with status 0 ]
  [ Feb 26 22:02:20 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
  Failed to start Directory Server instance '/data/ldap/user/instance'
  .......................... repeat ........................

  Well, one way around it is to write your own start script and manage the exit codes yourself.
  I have some doubts about the autorestart configuration of DS, especially in a case like this where the server seems to be crashing. Realistically, you can end up worse off if your server has crashed by automatically restarting it. Your data may be corrupt, and the process may eventually stay up (especially if you work around the current issue), but the DS is not really healthy and it does need an administrator to investigate what's wrong with it. It may also return inconsistent or simply bad data to clients. All in all, I would prefer an instance in such a state to stay down and trigger alarms, assuming it has failover peers that can take on its workload.