Choosing the Location of the User Directory

Just as the configuration directory is the iPlanet Directory Server 5.1 that is used for iPlanet server administration, the user directory is the iPlanet Directory Server 5.1 that contains the entries for users and groups in your enterprise.

For most directory configurations, the user directory and the configuration directory should be two separate server instances. These server instances can be installed on the same machine, but for best results you should consider placing the configuration directory on a separate machine.

Between your user directory and your configuration directory, it is your user directory that will receive the overwhelming percentage of the directory traffic. For this reason, you should give the user directory the greatest computing resources. Because the configuration directory should receive very little traffic, it can be installed on a machine with very low-end resources.

Also, you should use the default directory ports (389 and 636) for the user directory. If your configuration directory is managed by a server instance dedicated to that purpose, you should use some non-standard port for the configuration directory.

You cannot install a user directory until you have installed a configuration directory somewhere on your network.

Choosing the Administration Domain

The administration domain allows you to logically group iPlanet servers together so that you can more easily distribute server administrative tasks. A common scenario is for two divisions in a company to each want control of their individual iPlanet servers. However, you may still want some centralized control of all the servers in your enterprise. Administration domains allow you to meet these conflicting goals.

Administration domains have the following qualities.

• All servers share the same configuration directory, regardless of the domain to which they belong

• Servers in two different domains may use two different user directories for authentication and user management

• The configuration directory administrator has complete access to all installed iPlanet servers, regardless of the domain to which they belong

• Each administration domain can be configured with an administration domain owner. This owner has complete access to all the servers in the domain but does not have access to the servers in any other administration domain

• The administration domain owner can grant individual users administrative access on a server by server basis within the domain

For many configurations, you can have just one administration domain. In this case, choose a name that is representative of your organization. For other configurations, you may want different domains because of the demands at your site. In the latter case, try to name your administration domains after the organizations that will control the servers in that domain.

For example, if you are an ISP and you have three customers for whom you are installing and managing iPlanet servers, create three administration domains each named after a different customer.

Configuration Process Overview

You can use one of several configuration processes to install iPlanet Directory Server 5.1. Each one guides you through the configuration process and ensures that you configure the various components in the correct order.

The following sections outline the configuration processes available.

Selecting an Configuration Process

You can configure iPlanet Directory Server 5.1 software using one of the four different configuration methods provided in the setup program.

• Express configuration

  Use this if you are installing for the purposes of evaluating or testing iPlanet Directory Server 5.1. See "Using Express Configuration".

• Typical configuration

  Use this if you are performing a normal install of iPlanet Directory Server 5.1. See "Using Typical Configuration".

• Custom configuration

  In iPlanet Directory Server 5.1, the custom configuration process is very similar to the typical configuration process. The main difference is that the custom configuration process will allow you to import an LDIF file to initialize the user directory database that is created by default.

Beyond determining which type of configuration process you will use, the process for configuring iPlanet Directory Server 5.1 is as follows:

1. Plan your directory service. By planning your directory tree in advance, you can design a service that is easy to manage and easy to scale as your organization grows. For guidance on planning your directory service, refer to the iPlanet Directory Server 5.1 Deployment Guide.

2. Configure your iPlanet Directory Server 5.1 as described in this chapter.

3. Create the directory suffixes and databases. You do not have to populate your directory now; however, you should create the basic structure for your tree, including all major roots and branch points. For information about the different methods of creating a directory entry, refer to the iPlanet Directory Server 5.1 Administrator's Guide.

4. Create additional iPlanet Directory Server 5.1 instances and set up replication agreements between your iPlanet Directory Server 5.1 instances to ensure availability of your data.

Using Express and Typical Configuration

Using Express Configuration

Use express configuration if you are installing iPlanet Directory Server 5.1 to evaluate or test the product. Because express configuration does not offer you the choice of selecting your server port number or your directory suffix, you should not use it for production configurations. To perform an express configuration, do the following.

How to configure iPlanet Directory Server 5.1 using express configuration

1. Become superuser.

2. Run the iPlanet Directory Server 5.1 program by typing the following.

   # /usr/sbin/directoryserver setup

3. When you are prompted for what you want to install, hit enter for [the default] iPlanet servers.

4. When you are prompted for the type of configuration, choose Express.

5. For the user and group to run the servers as, enter the identity that you want this server to run as.

6. For Configuration Directory Administrator ID and password, enter the name and password that you will log in as when you want to authenticate to the console with full privileges. Think of this as the root or superuser identity for the iPlanet Console.

The server is then minimally configured, and started. You are told what host and port number on which the Administration Server is listening.

Note the following about your new iPlanet Directory Server 5.1 configuration.

• The iPlanet Directory Server 5.1 is listening on port 389

• The server is configured to use the following suffixes

  dc=your_machine s_DNS_domain_name

  That is, if your machine is named test.example.com, then you have the suffix dc=example, dc=com configured for this server.

  o=NetscapeRoot

Do not modify the contents of the directory under the o=NetscapeRoot suffix. Either create data under the first suffix, or create a new suffix to be used for this purpose. For details on how to create new suffixes for your iPlanet Directory Server 5.1, see the iPlanet Directory Server 5.1 Administrator's Guide.