Directory Service Control Center: Getting Started

In the entry on Installing Directory Server Enterprise Edition 6.0, I showed you how to install and initialize Directory Service Control Center. This entry takes a look at creating a first instance of Directory Server.

DSCC home page

If you start at the Directory Service Control Center home page, shown here in French, you find one of the quick tasks available is creating a new server instance. By the way, in the documentation and the user interfaces, you find us making the distinction between the server and a server instance. The server instance is an actual server with its files installed on your disk. You can have multiple server instances on a single host system, all using the same installation.

When you click the quick task link to create a Directory Server instance, Directory Service Control Center presents you with a wizard in a separate window. The wizard gathers the information needed to create a Directory Server instance, and then tries to create the instance for you.

Creating a Directory Server instance

Key points:

  • The standard LDAP port is 389. The standard LDAP/SSL port is 636. Those are the ports LDAP applications expect by default. I often use 1389 for LDAP and 1636 for LDAP/SSL because those ports are available for all users to reserve, and because those ports are easy to remember.

  • The default Directory Server root user has DN cn=Directory Manager. Keep track of the Directory Manager password.

  • When you create a Directory Server instance, you put the files on a locally attached disk. Not a network disk.

I have not shown a shot of the following screen, but before you complete the wizard, you see a new self-signed certificate is created for your new server. The certificate is created to allow you to do secure connections out of the box, from the first time you connect to the server, using TLS (Transport Layer Security). The feature is turned off by default on Windows for performance reasons, but is there if you need it.

Here is what I see after successfully creating a Directory Server instance:

Directory Server instance creation successful

After you create a Directory Server instance, even before you start the server, you see that some files are already in place.

Directory Server instance files

When the wizard completes, the Directory Server instance is already running. So I can quickly read the root DSE, the LDAP entry that contains information about the server, to check that everything is working.

Directory Server instance files

My new Directory Server instance does not contain any data. I can import some sample data. I use Directory Service Control Center to create a new suffix, which has base DN dc=example,dc=com. In the Directory Server tab of Directory Service Control Center, I open the suffixes tab, and click the New Suffix button.

Getting to the New Suffix button

Directory Service Control Center opens a wizard in another window. I work through the wizard to create my new suffix, choosing to import 160 sample data entries. When I get to the summary page, here is what I see.

Creating the new suffix

After creating the suffix, I can browse the entries using Directory Service Control Center. Here is how I see the entry for Barbara Jensen, who has user ID bjensen.

Barbara Jensen

As you see, It is easy to set up new Directory Server instances and import directory data with Directory Service Control Center.

Here are a few further notes about Directory Service Control Center and the infrastructure you have seen me set up.

If you recall the discussion about dsccsetup initialize from my entry on installation, you noticed I talked about the Directory Service Manager. Directory Service Manager is the user who can administer servers you set up with Directory Service Control Center. Directory Service Manager has DN cn=admin,cn=Administrators,cn=dscc. Once you use Directory Service Manager to set up servers, you can also use the DN cn=admin,cn=Administrators,cn=dscc and Directory Service Manager password to bind to servers you want to administer.

You can use the Directory Service Manager identity on the command line as well. For instance, you can set environment variables LDAP_ADMIN_USER to cn=admin,cn=Administrators,cn=dscc and LDAP_ADMIN_PWF to point to a file containing only the password for Directory Service Manager. Then, when you use the dsadm and dsconf commands, you do not have to enter either the user identity or the password.

I also wrote about Cacao, the Common Agent Container. Cacao is part of the infrastructure on which Directory Service Control Center relies. Cacao is a service of its own, one that you can start and stop. Cacao also might be used by other Java ES component products you install. Although Cacao has its own command line interface, you can most likely handle Cacao through the dsccsetup cacao-reg and dsccsetup cacao-unreg commands, described in the dsccsetup(1M) man page.

I further wrote that Directory Service Control Center is registered in Sun Java Web Console. Java Web Console is a web application that sits in a web container. Java Web Console gives you access to other web-based management applications, such as Directory Service Control Center, which are registered with Java Web Console. So you can have many web-based management applications all accessible through the same URL.

A good source of answers on the Sun Java Web Console can be found in the Solaris System Administration Guide on Basic Administration.

There is a way of starting over from scratch with Directory Service Control Center. This brute force way wipes out any configuration you have done in Directory Service Control Center, though it does not affect any servers you have created. First, use the dsccsetup dismantle command to tear down Directory Service Control Center completely. Next, use the dsccsetup initialize command to start over with a fresh Directory Service Control Center.


Post a Comment:
  • HTML Syntax: NOT allowed

Mark Craig writes about Directory Services products and technologies. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.


« July 2016