ITDS installation and basic configuration - AIX
This section describes the installation and basic configuration of ITDS 5.2 on the IBM AIX operating system. For the latest information and updates, as well as code downloads, please check the IBM site at:
ITDS 5.2 has several installation options. You can install using an InstallShield graphical user interface (GUI) or use platform-specific installation methods such as the command line or installation tools for the operating system. This chapter focuses on the GUI installation. For more information on the other types of installation options, please refer to the ITDS documentation at:
Before installing, see IBM Tivoli Directory Server Version 5.2 Server Readme, GI11-4151, for any updated information about supported versions of the AIX operating system. The readme file is in the root directory of the CD or the directory where you extracted the server package from the tape archive (tar) image. After installing, the readme file is located in the installpathdoclang directory in files server.txt, server.pdf, and server.htm, where:
•installpath is the location where the IBM Tivoli Directory Server is installed.
•lang is the locale you chose when you installed IBM Tivoli Directory Server; for example, for United States English the locale is en_US.
Also see the IBM Tivoli Directory Server Version 5.2 Readme Addendum, which contains the latest information. The latest version of the Readme Addendum can be found online with the ITDS product documentation:
6.1 Installable components
When you install IBM Tivoli Directory Server, you can install either the client or the server, which requires the client.
In addition, you can install the Web Administration Tool on an application server, with or without the server or the client. You can use the Web Administration Tool to administer IBM Tivoli Directory Server servers either locally or remotely. You can install a single Web Administration console to manage multiple IBM Tivoli Directory Server servers. You can manage servers from previous releases, including SecureWay Directory 3.2.x and IBM Directory Server Versions 4.1 and 5.1. See Requirements for the Web Administration Tool in “Web Administration Tool” on page 132 for a complete list of servers that can be managed.
•Client: (Required) Includes a number of key libraries and command utilities required by the server. The client also includes a “C” Development SDK. This component can be installed standalone and requires no other components to be installed. GSKit must be installed if you require SSL for stronger security.
•Server: (Required) The core LDAP server component. You must install at least the client and DB2 in conjunction with the server.
•IBM GSKit: (Optional) IBM Global Security Kit (GSKit) Version 7a is a software package that is required only if Secure Sockets Layer (SSL) Security or Transport Layer Security (TLS) is required.
•IBM WebSphere Express Application Server: (Optional) To use the Web Administration Tool, an application server is required. The embedded version of IBM WebSphere Application Server - Express V5.0.2 is provided with ITDS as an application server.
•Web Administration Tool: (Optional) A Web-based tool used to manage any number of distributed IBM Tivoli Directory Servers as well as prior versions of IBM’s Directory Server product line. In order to install the Web Administration tool, you will need to have a supported application server already installed or the bundled IBM WebSphere Express Application Server is required.
•DB2: (Required) IBM DB2 Universal Database is used as the underling data storage mechanism for the server.
In order to install the server, at a bare minimum you must install client, server, and DB2. If you want to require secure access over SSL to the LDAP Server or Web Administration Tool, you will also need to install GSKIT. Finally, if you have not yet installed the Web Administration Tool anywhere else, you will need to install it along with a supported application server.
6.2 Installation and configuration checklist
Below you will find an abbreviated checklist that contains a high-level summary of the steps required to install and configure ITDS to the point where you can add your own data. Many of these steps are optional but all are recommended in order to provide a well-tuned, high-performance, and secure directory service environment.
|
ITDS 5.2 installation checklist:
1. Verify that the hardware and operating system meet minimum requirements. See “System and software requirements” on page 129.
2. Obtain product including latest relevant Fixpacks.
3. Operating system configuration and tuning.
4. Basic product installation. See “Installing the server” on page 133.
5. Add Administrator DN and password. See “Configuring the Administrator DN and password” on page 137.
6. Configure database. See “Configuring the database” on page 138.
7. Add suffix. See “Adding a suffix” on page 145.
8. Tune DB2. See “DB2 tuning” on page 491.
9. Tune slapd parameters in ibmslapd.conf. See “Additional slapd and ibmslapd settings” on page 488.
10. Schema customization. See “Modifying the schema” on page 292.
11. Configure ITDS.
c. TCP/IP Ports ITDS uses.
d. Password encryption. See “Password encryption” on page 451.
e. Password policy enforcement. See “Password policy enforcement” on page 437.
f. SSL / TLS, Kerberos, and Digest-MD5. See “SSL/TLS support” on page 455.
g. Log locations and settings. See “Enabling and disabling the change log” on page 148.
12. Add data.
|
6.3 System and software requirements
To install the IBM Tivoli Directory Server client and server packages, administer the server, and use the Global Security Kit (GSKit), your computer must meet the minimum system requirements as outlined in this section.
6.3.1 ITDS Client
The IBM Tivoli Directory Server Client SDK provides the tools required to develop LDAP applications as well as a number of the most commonly used command line utilities for manipulating LDAP data within the directory. The following are provided:
•Client libraries that provide a set of C-language APIs
•C header files for building and compiling LDAP applications
•Documentation that describes the programming interface and the sample programs
•Sample programs in source form
•Executable versions of the sample programs
– ldapmodrdn: LDAP modify relative distinguished name
– ldapdelete: LDAP delete
– ldapmodify: LDAP modify
– ldapsearch: LDAP search
– ldapadd: LDAP add (a renamed version of ldapmodify)
– ldapchangepwd: LDAP change password
– ldapexop.exe: LDAP extended operations
The following are the system and software requirements for the ITDS client on AIX. The client is 32-bit and does not require 64-bit support if installed on a different machine than the ITDS Server component.
•Operating system requirements
– IBM AIX 4.3.3. (The GUI Install is not supported on AIX 4.3.3. Please refer to the IBM Tivoli Directory Server Version 5.2 Installation & Configuration Guide, SC32-1338, for alternative installation methods.)
– IBM AIX 5.1.
– IBM AIX 5.2.
•Memory requirements
A minimum of 128 MB RAM is required. For better results, use 256 MB or more.
•Disk space requirements
You must have at least 100 MB of free space in the /var directory and at least 200 MB of free space in the /tmp directory.
•Other requirements
The following additional requirements may apply:
– The Korn shell is required.
– For AIX 4.3.3 you must install IBM AIX Maintenance Level 8 or later. On AIX 5.1, you must install IBM AIX Maintenance Level 4 or later. On AIX 5.2, you must install IBM AIX Maintenance Level 1 or later.
– The bos.loc.iso.ZH_TW fileset must be installed for the Taiwan locale. The fileset is available from the IBM AIX 4.3.3 installation medium.
– The xlC.rte 6.0.0.0 or later fileset is required for GSKit 7a on AIX 5.1 and 5.2.
– The xlC.aix43.rte 6.0.0.0 or later fileset is required for GSKit 7a on AIX 4.3.3.
– To use GSKit, the IBM JRE or JDK 1.4.1 or an equivalent JRE or JDK is required.
6.3.2 ITDS Server (including client)
The server consists of the following components:
•The server executable: ibmslapd
•Command line import and export utilities
•Web-based GUI for administering the directory: Web Administration Tool
•Server configuration and database utilities GUI for configuring the directory: Configuration Tool (ldapxcfg)
•Online Web Administration Tool and Configuration Tool helps
•The ITDS Client
The following are the system and software requirements for the ITDS Server on AIX. By default, the ITDS Server requires the ITDS client. You must be running on 64-bit hardware and have 64-bit AIX kernel installed.
|
Tip: To verify that your AIX hardware is 64-bit, run the following command:
bootinfo -y
If the command returns 32, your hardware is 32-bit.
In addition, if you type the command lsattr -El proc0, the output of the command returns the type of processor for your server. If you have any of the following, you have 64-bit hardware: RS64 I, II, III, IV, POWER3™, POWER3 II or POWER4™.
To verify that you have the 64 bit kernel (/usr/lib/boot/unix_64) installed and running, run the following command:
bootinfo -K
Go to http://www-1.ibm.com/support/docview.wss?uid=isg1hintsTips0214 for more information on determining if you system has 64-bit hardware and/or a 64-bit kernel.
|
The requirements are:
•Operating system requirements
– IBM AIX 5.1
– IBM AIX 5.2
•Memory requirements
A minimum of 512 MB RAM is required. For better results, have 1 GB or more available.
•Disk space requirements
– You must have at least 100 MB of free space in the /var directory and at least 400 MB in the /tmp directory.
– You will need 460–660 MB of disk space for the ITDS software on the device you choose to install on. If DB2 is already installed, then you will need 160 MB to install the other ITDS components.
– Disk space required for data storage is dependent upon the number and size of database entries. Allow a minimum of 80 MB for your database on AIX systems. Also, ensure that there is approximately another 4 MB of disk space in the home directory of the user who will own the database to create the DB2 instance.
•Other software
– The Korn shell is required.
– On AIX 5.1, you must install IBM AIX Maintenance Level 4 or later. On AIX 5.2, you must install IBM AIX Maintenance Level 1 or later.
– The xlC.aix50.rte 6.0.0.0 or later fileset is required for GSKit 7a.
– To use GSKit, the IBM JRE or JDK 1.4.1 or an equivalent JRE or JDK is required.
– IBM DB2 Universal Database for AIX Version 8.1 Enterprise Server Edition with FixPak 2 (DB2) is included with the IBM Tivoli Directory Server. For AIX, no previous versions of DB2 are supported.
6.3.3 Web Administration Tool
You can install the Web Administration Tool on a computer with or without the client or the server. The Web Administration Tool can be used to administer LDAP servers of the following types:
•IBM Tivoli Directory Server 5.2
•IBM Directory Server 5.1
•IBM Directory Server 4.1
•IBM SecureWay Directory 3.2.2
•IBM OS/400 V5R3
•IBM z/OS R4
Note that for z/OS R4, only the following setups are supported:
•A single TDBM backend
•A single SDBM backend
•One TDBM and SDBM backend
The Web Administration Tool is supported on the following versions of AIX:
•IBM AIX 4.3.3
•IBM AIX 5.1
•IBM AIX 5.2
To use the Web Administration Tool, you also need the following:
•One of the following application servers:
– The embedded version of IBM WebSphere Application Server - Express V5.0 or later. Version 5.0.2 is provided with IBM Tivoli Directory Server 5.2. (iSeries Linux, pSeries Linux, and HP-UX require version 5.0.2.) If you have version 5.0, which was provided with IBM Tivoli Directory Server, installed, see the section titled “Migrating the Web Administration Tool and upgrading the embedded version of WebSphere Application Server - Express” in the IBM Tivoli Directory Server Installation and Configuration Guide version 5.2, SC32-1338.
– IBM WebSphere 5.0 or later. (iSeries Linux, pSeries Linux, and HP-UX require version 5.0.2.)
•One of the following Web browsers on the computer from which you will use the Web Administration Tool. (This might or might not be the computer where the Web Administration Tool is installed.)
– On Windows platforms
Microsoft Internet Explorer Version 6.0
– On AIX
Mozilla 1.3 or 1.4
– On xSeries Linux
Mozilla 1.3 or 1.4
– On iSeries, pSeries, zSeries Linux
No browser support available
– On Solaris 7, 8, or 9
Mozilla 1.3 or 1.4
– On HP-UX
Mozilla 1.3 or 1.4
6.4 Installing the server
Use the information in the following sections to install ITDS 5.2 on AIX using the Installshield GUI.
6.4.1 Create a user ID for ITDS
Before you install, create or be sure that you have created the user ID that will own ITDS’s DB2 database used to store the directory data. You will be asked to provide this user ID and its password during configuration, which runs automatically after installation. Keep the following items in mind when creating the user ID:
•The user must have a home directory and must be the owner of the home directory.
•You should create a group called dbsysadm (if it does not already exist). The group ownership of the user's home directory should be that group. For example, in the case of a user named ldapdb2, the user ID home directory should be owned by ldapdb2:dbsysadm.
•The user root must be a member of the user's primary group (in this case dbsysadm). If root is not a member of this group, add root as a member of the group.
•For best results, the user's login shell should be the Korn shell script (/usr/bin/ksh).
•The user's password must be set correctly and ready to use. For example, the password cannot be expired or waiting for a first-time validation of any kind. (The best way to verify that the password is correctly set is to telnet to the same computer and successfully log in with that user ID and password.)
•When configuring the database, it is not necessary, but customary, to specify the home directory of the user ID as the database location. However, if you specify some other location, the user's home directory still must have 3 to 4 MB of space available. This is because DB2 creates links and adds files into the home directory of the instance owner (that is, the user account) even though the database itself is elsewhere. If you do not have enough space in the home directory, you can either create enough space or specify another directory as the home directory.
6.4.2 Installing ITDS with the Installshield GUI
To install:
1. On the computer where you are installing the IBM Tivoli Directory Server, stop any programs that are running and close all windows, if you have any open.
2. If you are installing from a CD, insert the CD in your CD-ROM drive and mount the CD.
3. If you have downloaded a tape archive (tar) file, go to the directory where you extracted the tar file.
4. From the root directory on the CD or the directory where you extracted the tar file, type ./setup. A language window is displayed.
5. Select the language you want to use during IBM Tivoli Directory Server installation. Click OK.
|
Note: This is the language used in the installation program, not in IBM Tivoli Directory Server. You choose the language used in IBM Tivoli Directory Server in step 10.
|
6. On the Welcome window, click Next.
7. After reading the Software license agreement, select I accept the terms in the license agreement. Click Next.
8. Any preinstalled components and corresponding version levels are displayed. Click Next.
9. To install to the default directory, click Next. You can specify a different directory by clicking Browse.
|
Note: Do not use special characters, such as hyphen (-) and period (.) in the name of the installation directory. If you do not use the default location, use a name such as ldap or ldapdir. Do not use a name such as ldap-dir or ldap.dir.
|
10. Select the language you want to use in IBM Tivoli Directory Server 5.2. Click Next.
11. A window showing the following components for installation is displayed, as shown in Figure 6-1 on page 136:
– Client SDK 5.2
– Web Administration Tool 5.2
– Server 5.2
– IBM WebSphere Application Server - Express 5.0.2
– DB2 V8.1
– GSKit
The components that are not yet installed are preselected. You can choose to reinstall the server, the client, or the Web Administration Tool if they were previously installed.
Figure 6-1 Install component selection window
Figure 6-1 also indicates the amount of disk space required and available on the selected drive.
Be sure the components you want to install are selected, and click Next.
12. The installation program now has enough information to begin installing. A summary window displays the components you selected and the locations where the selected components will be installed. Click Back to change any of your selections. Click Next to begin installation.
13. After the files are installed:
– If you installed the client, the Client Readme file is displayed. Read the file and click Next.
– If you installed the server, the server Readme file is also displayed. Read the file and click Next.
– If you installed the Web Administration Tool, the Web Administration Tool Readme file is also displayed. Read the file and click Next.
At this point in the installation, the ITDS Configuration Tool is automatically executed so that you can complete the server configuration. Before you can use the server, you must set the administrator DN and password and configure the database that will store the directory data.
6.4.3 Configuring the Administrator DN and password
Each ITDS Server has a special “super-user” account associated with it that provides maximum privileges within ITDS. You will need to create this account before you can administer ITDS.
To set the administrator DN and password, refer to Figure 6-2 on page 138 and perform the following steps:
1. In the IBM Tivoli Directory Server Configuration Tool window, click Administrator DN/password in the task list on the left.
2. In the Administrator DN/password window on the right, type a valid DN (or accept the default DN, cn=root) in the Administrator DN field.
The IBM Directory Server administrator DN is the DN used by the administrator of the directory. This administrator is the one user who has full access to all data in the directory.
The default DN is cn=root. DNs are not case sensitive. If you are unfamiliar with X.500 format, or if for any other reason you do not want to define a new DN, accept the default DN.
3. Type the password for the Administrator DN in the Administrator Password field. You must define a password. Passwords are case-sensitive.
Record the password for future reference.
|
Note: Double byte character set (DBCS) characters in the password are not supported.
|
4. Retype the password in the Confirm password field.
5. Click OK.
Figure 6-2 Setting the Administrator DN and password
6.4.4 Configuring the database
Since ITDS uses IBM DB2 Universal Database as the storage repository for all data, prior to adding data to your directory, you will need to configure a database instance that will be associated with ITDS.
To configure the directory database:
1. Before you configure the database that ITDS will use, create or be sure that you have previously created a valid user ID that will own the DB2 database used to store the directory data. You will be asked to provide this user ID and its password during configuration, which runs automatically after the base installation.
|
Note: Verify that the user ID you have created or assigned can successfully log into the system. Check to ensure the password does not expire on first login. Check to see if the account is enabled.
|
2. In the Configuration Tool, click Configure database in the task list on the left.
Figure 6-3 Database configuration - Configuring the database
4. A user ID and password are requested; refer to Figure 6-4 on page 140:
a. Type a user ID in the User ID field. This user ID must already exist before you can configure the database. This is the user ID you created in step 1. Type a password for the user in the Password field. Passwords are case-sensitive.
b. Click Next.
Figure 6-4 Database configuration - Setting the user ID and password for the database
5. Next you will be prompted for a name for the database, as shown in Figure 6-5 on page 141.
Type the name you want to give the DB2 database. The name can be from 1 to 8 characters long. The database will be created in an instance with the same name as the user ID.
6. Click Next.
Figure 6-5 Database configuration - Choose DB2 database name
7. If the database location is requested, as shown in Figure 6-6 on page 142:
a. Type the location for the database in the Database location field. For AIX, this must be a location on the file system, typically the home directory of the user you created earlier in the installation.
Be sure that you have at least 80 MB of free hard disk space in the location you specify and that additional disk space is available to accommodate growth as new entries are added to the directory.
b. Click Next.
Figure 6-6 Database configuration - Choosing an install location (AIX)
8. If a character set selection is requested, as shown in Figure 6-7 on page 143:
a. Click the type of database you want to create. You can create a UCS Transformation Format (UTF-8) database, in which LDAP clients can store UTF-8 character data, or a local code page database, which is a database in the local code page.
|
Note: IBM Tivoli Directory Server supports a wide variety of national language characters through the UTF-8 (UCS Transformation Format) character set. As specified for the LDAP Version 3 protocol, all character data that is passed between an LDAP client and a server is in UTF-8. Consequently, the directory server can be configured to store any national language characters that can be represented in UTF-8. The limitations on what types of characters can be stored and searched for are determined by how the database is created. The database character set can be specified as UTF-8 or it can be set to use the server system's local character set (based on the locale, language, and code page environment).
If you specify UTF-8, you can store any UTF-8 character data in the directory. LDAP clients running anywhere in the world (in any UTF-8 supported language) can access and search the directory. In many cases, however, the client has limited ability to properly display the results retrieved from the directory in a particular language/character set. There is also a performance advantage to using a UTF-8 database because no data conversion is required when storing data to or retrieving data from the database.
|
b. Click Next.
Figure 6-7 Database configuration - Codepage selection
9. In the verification window shown in Figure 6-8, information is displayed about the configuration options you specified. To return to an earlier window and change information, click Back. To begin configuration, click Finish.
Figure 6-8 Configuration final confirmation
Figure 6-9 Database configuration - Results window
6.4.5 Adding a suffix
A suffix (also known as a naming context) is a distinguished name (DN) that identifies the top entry in a locally held directory hierarchy. Because of the relative naming scheme used in LDAP, this DN is also the suffix of every other entry within that directory hierarchy. A directory server can have multiple suffixes, each identifying a locally held directory hierarchy, for example, o=ibm,c=us.
Entries to be added to the directory must have a suffix that matches the DN value, such as ou=Marketing,o=ibm,c=us. If a query contains a suffix that does not match any suffix configured for the local database, the query is referred to the LDAP server that is identified by the default referral. If no LDAP default referral is specified, an Object does not exist result is returned. The server must be stopped before you add or remove suffixes.
Add a suffix
Refer to Figure 6-10 and perform the following steps to add a suffix:
1. In the Configuration Tool, click Manage suffixes in the task list on the left.
2. In the Manage suffixes window, type the suffix you want to add in the SuffixDN field, and click Add.
3. When you have added all the suffixes you want, click OK. When you click Add, the suffix is added to the list in the Current suffix DNs box; however, the suffix is not actually added to the directory until you click OK.
Figure 6-10 Adding a suffix
Removing a suffix
To remove a suffix:
1. In the Configuration Tool, click Manage suffixes in the task list on the left.
2. In the Manage suffixes window, click the suffix you want to remove in the Current suffix DNs box, and click Remove.
3. When you have selected all the suffixes you want to remove, click OK. When you click Remove, the suffix is removed from the list in the Current suffix DNs box; however, the suffix is not actually removed until you click OK.
6.4.6 Removing or reconfiguring a database
At some point you may need to remove the DB2 database instance that is associated with ITDS. The ITDS ldapxcfg tool allows you to unconfigure the database instance, unconifgure and destroy the database instance, and unconfigure, destroy, and delete the database instance.
To unconfigure the database, refer to Figure 6-11 on page 148 and perform the following steps:
1. In the Configuration Tool, click Unconfigure database in the task list on the left.
2. In the Unconfigure database window, click of the following:
– Unconfigure only
Does not destroy any existing LDAP DB2 data. However, the configuration information for the database will be removed from the configuration file (ibmslapd.conf), and the database will be inaccessible to the directory server.
– Unconfigure and destroy database
Removes the existing database and its contents, and removes the configuration information for the database from the configuration file.
– Unconfigure and destroy database and delete instance
Removes the existing database and its contents, removes the configuration information for the database from the configuration file, and deletes the instance in which the database is located.
3. Click Unconfigure.
Figure 6-11 Unconfiguring the DB2 database associated with ITDS
Once you have completed these steps, you may now configure or re-configure a new database instance for use with ITDS. See “Configuring the database” on page 138 for more information.
6.4.7 Enabling and disabling the change log
The change log database is used to record changes to the schema or directory entries in the typical LDAP entry structure that can be retrieved through the LDAP API. The change log records all update operations: Add, delete, modify, and modrdn. The change log enables LDAP client applications to retrieve a set of changes that have been made to an IBM Tivoli Directory Server database. The client might then update its own replicated or cached copy of the data.
The change log function causes all updates to LDAP to be recorded in a separate change log DB2 database (that is, a different database from the one used to hold the LDAP server Directory Information Tree). The change log database can be used by other applications to query and track LDAP updates. The change log function is disabled by default.
Unlike some other directory servers on the market, the change log is not required by ITDS for replication to work successfully. Typically, the change log is enabled so meta-directory sychronization products such as IBM Tivoli Directory Integrator (ITDI) can detect changes occurring within ITDS and then push those changes to other non-ITDS data repositories.
There are some performance considerations when you enable the change log since all changes within ITDS are now logged to a separate a database instance. You should evaluate the impact of enabling the change log during in the pre-deployment phases of your ITDS deployment.
You can use the ldapxcfg Configuration Tool to enable or disable the change log. The server must be stopped before you enable or disable the change log.
To enable the change log, refer to Figure 6-12 on page 150 and perform the following steps:
1. In the Configuration Tool, click Configure/unconfigure changelog in the task list on the left.
2. In the Configure/unconfigure changelog window, select the Enable change log database check box.
3. In the Maximum number of log entries box, click Unlimited if you want an unlimited number of entries in the change log. If you want to limit the number of entries, click Entries and type the maximum number of entries you want recorded. The default is 1,000,000 entries.
4. In the Maximum age box, accept the default of Unlimited if you want entries to remain in the change log indefinitely, or click Age and type the number of days and hours for which you want each entry to be kept.
5. Click Update.
Figure 6-12 Enabling the change log
To disable the change log:
1. In the Configuration Tool, click Configure/unconfigure changelog in the task list on the left.
2. In the Configure/unconfigure changelog window, clear the Enable change log database check box.
3. Click Update.
6.5 Starting ITDS
There are a number of other optional tasks you can perform within the Directory Configuration tool at this point such as adding custom schema and importing data. Those tasks do not have to be completed before you initially start the server. Those topics are covered in subsequent chapters.
The easiest way to start the server is by typing ibmslapd at a AIX command prompt. The output of this command is shown in Example 6-1.
Example 6-1 Starting the Directory Server
test_aix:# ibmslapd
Server starting.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.so.
Plugin of type EXTENDEDOP is successfully loaded from libldaprepl.so.
Plugin of type PREOPERATION is successfully loaded from libDSP.so.
Plugin of type PREOPERATION is successfully loaded from libDigest.so.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.so.
Plugin of type AUDIT is successfully loaded from /lib/libldapaudit.so.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.so.
Plugin of type DATABASE is successfully loaded from /lib/libback-rdbm.so.
Plugin of type REPLICATION is successfully loaded from /lib/libldaprepl.so.
Plugin of type EXTENDEDOP is successfully loaded from /lib/libback-rdbm.so.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type DATABASE is successfully loaded from /lib/libback-config.so.
Plugin of type EXTENDEDOP is successfully loaded from libloga.so.
Non-SSL port initialized to 389.
test_aix:#
After you type ibmslapd at the command prompt, a number of messages will be logged to the screen. One of them should say, IBM Tivoli Directory (SSL) Version 5.2 Server started.
|
Note: There are a number of other ways to start ITDS. Please refer to Chapter 9, “IBM Tivoli Directory Server Distributed Administration” on page 193, for more information.
|
To verify ITDS is indeed running, configured properly, and responding to queries, you can type the following command at Unix command prompt:
ldapsearch -s base -b ““ objectclass=*
The output of this command is shown in Example 6-2.
Example 6-2 Querying the root DSE
# ldapsearch -s base -b "" objectclass=*
namingcontexts=CN=SCHEMA
namingcontexts=CN=LOCALHOST
namingcontexts=CN=PWDPOLICY
namingcontexts=CN=IBMPOLICIES
namingcontexts=O=IBM,C=US
subschemasubentry=cn=schema
supportedextension=1.3.18.0.2.12.1
supportedextension=1.3.18.0.2.12.3
supportedextension=1.3.18.0.2.12.5
supportedextension=1.3.18.0.2.12.6
supportedextension=1.3.18.0.2.12.15
supportedextension=1.3.18.0.2.12.16
supportedextension=1.3.18.0.2.12.17
supportedextension=1.3.18.0.2.12.19
supportedextension=1.3.18.0.2.12.44
supportedextension=1.3.18.0.2.12.24
supportedextension=1.3.18.0.2.12.22
supportedextension=1.3.18.0.2.12.20
supportedextension=1.3.18.0.2.12.28
supportedextension=1.3.18.0.2.12.30
supportedextension=1.3.18.0.2.12.26
supportedextension=1.3.6.1.4.1.1466.20037
supportedextension=1.3.18.0.2.12.35
supportedextension=1.3.18.0.2.12.40
supportedextension=1.3.18.0.2.12.46
supportedextension=1.3.18.0.2.12.37
supportedcontrol=2.16.840.1.113730.3.4.2
supportedcontrol=1.3.18.0.2.10.5
supportedcontrol=1.2.840.113556.1.4.473
supportedcontrol=1.2.840.113556.1.4.319
supportedcontrol=1.3.6.1.4.1.42.2.27.8.5.1
supportedcontrol=1.2.840.113556.1.4.805
supportedcontrol=2.16.840.1.113730.3.4.18
supportedcontrol=1.3.18.0.2.10.15
supportedcontrol=1.3.18.0.2.10.18
security=none
port=389
supportedsaslmechanisms=CRAM-MD5
supportedsaslmechanisms=DIGEST-MD5
supportedldapversion=2
supportedldapversion=3
ibmdirectoryversion=5.2
ibm-ldapservicename=test_aix
ibm-serverId=3d63f6c0-b48f-1027-92b9-ea0c2fc6cccd
ibm-supportedacimechanisms=1.3.18.0.2.26.3
ibm-supportedacimechanisms=1.3.18.0.2.26.4
ibm-supportedacimechanisms=1.3.18.0.2.26.2
vendorname=International Business Machines (IBM)
vendorversion=5.2
ibm-sslciphers=N/A
ibm-slapdisconfigurationmode=FALSE
ibm-slapdSizeLimit=500
ibm-slapdTimeLimit=900
ibm-slapdDerefAliases=always
ibm-supportedAuditVersion=2
ibm-sasldigestrealmname=test_aix
If the suffix you added in “Adding a suffix” on page 145 is displayed in the output of your ldapsearch command in the format namingcontexts=O=IBM,C=US (o=ibm,c=us is the suffix added in this example), then ITDS’s slapd LDAP listener is configured properly and open for business.
6.6 Uninstalling ITDS
To uninstall ITDS, issue the following commands:
1. As the operating system user root, kill ibmslapd if it is running.
2. Type:
su -ldapdb2
3. Type:
cd sqllib
4. Type:
. ./db2profile
Note that there is a period<space> in front of the ./db2profile.
5. Type:
db2stop
6. Type:
exit
7. (Optional) If you want to remove the DB2 Database associated with ITDS, type ldapucfg -d -r -i (select Continue). If you do not remove the database, it will still be available later on if you re-install the ITDS.
8. Type /usr/ldap/_uninst/uninstall. Note that the installer is a X-Windows application and you will need to have a local X-Windows console or have exported your display to another machine that has X-Windows running on it. Follow all the prompts until the uninstallation is complete
The basic uninstallation of ITDS is complete. ITDS does leave files behind in different locations including /opt/IBM/db2, /var/ldap, and /usr/lda.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.