3. using barcode printing for none control to generate, create none image in none applications. Visual Studio 2005 Security Models CHAPTER iPlanet Directory Server Installation and Configuration As part of the Solaris 8 media kit, Sun ships the iPlanet Directory Server software on one of the Bonus Software CDs. Since this software is not part of the Solaris installation mechanism, it needs to be installed separately after the operating system is installed. Even though the iPlanet Directory Server can be installed on Solaris releases prior to version 8, the software is only licensed to run with the Solaris 8 operating environment.

Therefore, this chapter assumes a Solaris 8 installation, even though the installation procedure is similar when installing software on earlier Solaris releases. Copackaged with the iPlanet Directory Server is an administration framework with a GUI-based management tool that you can use to configure the server and perform routine administration functions. Although you can administer the iPlanet Directory Server without this set of tools, you will appreciate having the tools if you are an inexperienced LDAP administrator, so we discuss their installation.

Once you complete the initial installation, you must perform a number of postinstallation procedures. This chapter presents the most common of these procedures..

Product Architecture Before starting the iPlanet Directory Server installation, you should understand the product s architecture so that the installation options will be more meaningful. Besides the Directory Server, two other components are available for installation. These are:.

Administration Server Console Netscape (iPlanet) Console The Administrat ion Server Console is actually a daemon, called ns-admin, that runs on the same system as the Directory Server Console and acts as a controller. It can also be the control point for servers other than the directory server, but this chapter focuses only on its use with the directory server. The Netscape Console connects to the administration server when it starts.

Note The iPlanet Directory Server is derived from the Netscape Directory Server, so many references to Netscape exist in the software and product documentation. For the purposes of this chapter, think of Netscape Directory Server and iPlanet Directory Server as interchangeable terms.

Administration Domains One of the installation options is the creation of or the joining of an administrative domain. An administration domain allows a common login to work across several servers. If this is the only server you are setting up or if you do not wish to manage several servers as a group, then a domain of one is established. The procedures in this chapter assume that a new administration domain is being established.

The procedures in this chapter assume that a new administration domain is being established.. Configuration Data Configuration d ata for both the administration server and directory server is maintained in the directory database under the o=NetscapeRoot suffix, which is automatically created during the installation process. Information about administration domains and preferences used by the administration server is kept here. An interesting feature is that critical configuration data for the administration server, such as the admin login account, is kept in the directory database.

This means that the directory server must be running before the administration server starts. During the installation, the directory server is already running when the administration server is started, so this requirement is not an issue. However, the directory server is not automatically started when the system is rebooted unless a startup script is added manually.

A script to generate a custom startup script is included in Postinstallation Procedures on page 83, which starts the directory and the administration servers in the correct order. A sample startup script is also included in the Solaris Extensions package..

FIGURE 4-1 show none for none s the layout of the NetscapeRoot portion of the directory tree as viewed from the Directory Server Console.. Solaris and LDAP Naming Services FIGURE 4-1. Layout of the NetscapeRoot Portion of the Directory Tree Login Accounts Two accounts ar e created during the installation: admin and Directory Manager. The admin account is the account generally used to log into the Netscape Console. This account can do most of the configuration and administration functions required to maintain the directory server.

The Directory Manager account is akin to the superuser in the Solaris environment and can perform special functions such as establishing directory-wide access control policies. Functions that require Directory Manager authority are noted throughout this chapter, otherwise assume the admin login..

