|
|
Step 4 of the CSRC installation process is to install an LDAP version 3 compliant directory server. This appendix discusses the Netscape Directory Server (NDS). It provides background information you need to know to install the NDS and it provides installation information specific to CSRC.
Table B-1 lists the disk space requirements for Netscape Directory Server (NDS). The disk requirement for NDS increases as the directory database increases.
| Component | Solaris |
|---|---|
Netscape Directory Server | 108.1 MB |
Cisco has tested and verified that Netscape Directory Server (NDS) versions 4.0 and 4.1 operate properly with CSRC. Cisco does not provide the NDS software package. You must purchase a copy of NDS from Netscape.
To install the directory server, you will need the Netscape Directory Server (NDS) installation kit for Solaris 2.6 available from Netscape.
The following sections describe the installation requirements and how to install NDS.
You must install NDS, CSCOcsrcd, and Perl on the same host. The CSCOcsrcd package provides CSRC LDAP schema and sample data. The CSRC software must be able to access Perl.
As you answer the NDS installer's questions, be sure to indicate the following information on the "CSRC Installation Worksheet" (see Figure 2-1):
If you choose to do so, NDS allows you to save the installation parameters in an ASCII file in the NDSROOT/setup/install.inf file. This file contains the passwords you entered during the NDS installation, viewable in plain text. If security is a concern, you can delete the install.inf file after you have properly installed and configured CSRC, and determined that it is operating properly with the other require software components.
Step 4 of the CSRC installation process is to install an LDAP version 3 compliant directory server. This section discusses installing the Netscape Directory Server (NDS).
To install NDS, do the following:
Step 1 Enter the following command to make the nds directory:
# mkdir nds
Step 2 Enter the following command to change to the nds directory:
# cd nds
Step 3 Copy NDS from the NDS distribution media to the nds directory. For example, if you have NDS version 4.0, enter the following command:
# cp /cdrom/directry_40nd/solaris/directry/directry.tar .
Modify the command line as needed for your version of NDS.
Step 4 Enter the following command to extract the files:
# tar -xvf directry.tar
Step 5 Enter the following command to execute the setup installation program:
# ./setup
Step 6 Select Typical Install and answer the questions for which the NDS installer prompts you. The default answer is appropriate in most cases.
For more information about installing NDS, see the Netscape Directory Server documentation.
You might want to back up the LDAP database using the tools LDAP provides.
To backup the LDAP database, do the following:
Step 1 Navigate to the slapd-servername directory.
Step 2 Enter the following command to stop the servers:
./stop-slapd
Step 3 Enter the following command to create a database backup in the directory you indicate in dirname:
./db2bak dirname
Step 4 Enter the following command to restart the servers:
./start-slapd
The Netscape Directory Server includes replication features that extend your directory service beyond a single server configuration. Although not required for CSRC, replication is useful. You can do the following using replication:
For more information about the replication features and how to implement them, see the Netscape Directory Server Administrator's Guide.
You can use the default admin account for accessing CSRC information when you are using the CSRC applications. However, using this account has security implications if other applications also use the directory server.
You might want to create a separate account for accessing CSRC information. To do this, you must add a user to the Netscape Directory Server (NDS) using the Directory Service Console application.
To add a user to NDS, do the following:
Step 1 Start the Netscape Server Console using the startconsole command.
Step 2 Enter the appropriate administrator username and password.
Step 3 Double-click the hostname entry with the name of your current host computer.
Step 4 Double-click the Server Group folder.
Step 5 Double-click the Directory Server entry. The Directory Service Console window appears.
Step 6 From the Directory Service Console window, select the Directory tab.
Step 7 On the left side of the window, select a node with objectclass=organization. This is the icon with four people on it. This selection represents the organization to which the new user will belong.
Step 8 On the left side of the window, click the People object.
Step 9 In the top menu, select Object, New, and User ... .
Step 10 Enter the requested information on the form.
Step 11 Click OK.
Step 12 To give the new user access to the directory service, switch to the Netscape Console window from the Directory Service Console window.
Step 13 On the Console tab, select the Directory Server entry on the left.
Step 14 Right-click and select the Set Access Permission option.
Step 15 Click Add User.
Step 16 To display the new user you just created, enter the wildcard * in the For field and click Search.
Step 17 In the list of users that appears, select the new user you created and click OK.
The login ID used for authentication is similar to the following:
uid=<username>,ou=People,o=<organization>
Posted: Wed Oct 27 14:06:31 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.