Basic Installation

First locate a system that meets Netscape's minimum requirements. Netscape Directory Server runs on several popular Unix platforms, including Sun Solaris, as well as on Microsoft Windows 2000 Server. Details of the specific system requirements can be found in the Netscape Directory Server 6 Installation Guide . This chapter provides detailed installation instructions for Solaris and Microsoft Windows 2000 Server. Table 4.1 summarizes the system requirements for both.

Once you have located a suitable system, place a copy of the Netscape Directory Server 6 installation package on that computer. For production use you must purchase the software, in which case you receive the software on CD-ROM from Netscape. A full-featured version can also be downloaded for evaluation purposes from the AOL Strategic Business Solutions Netscape Enterprise Web site at http://enterprise.netscape.com. The remainder of this section assumes that you have placed the installation package in the /export directory on a system running Solaris 8 or on a Windows 2000 system in the root of the C: drive.

A basic installation of Netscape Directory Server requires three steps:

Step 1. Extract and start the setup program.

Step 2. Answer a series of installation questions.

Step 3. Complete the installation and load data.

Table 4.1. System Requirements for Running Netscape Directory Server

	Requirement
System Feature	Solaris	Windows 2000 Server
Operating system	Sun Solaris 8 with Sun's recommended patches	Windows 2000 Server or Advanced Server with Microsoft's latest service pack
Processor	UltraSPARC or better	Pentium II or better
Free disk space	200MB	200MB
Free RAM	256MB	256MB
Extraction utility	GNU zip (gzip)	Info -ZIP's UnZip, Nico Mak Computing's WinZip, or a similar utility to extract the contents of `.zip` files
Installation package filename for version 6.01	`directory-6.01-us.sparc-sun-solaris2.8.tar.gz`	`d601diu.zip`

To allow the directory server to accept LDAP connections on a TCP port below 1024 (such as the standard port, 389), you must execute the installation as the system superuser (root) on Solaris. On Windows 2000 you should perform the installation as a user that has administrator privileges.

Extracting and Starting the Setup Program

To extract and launch the setup program on Solaris, execute these commands:

 su root mkdir /export/dsinstall cd /export/dsinstall gzip -dc ../directory-6.01-us.sparc-sun-solaris2.8.tar.gz  tar -xvof - ./setup

To do the same on Windows 2000, execute these commands from the Windows command prompt:

 md \dsinstall cd dsinstall unzip c:\d601diu.zip setup

Figure 4.1 shows the first screen that is presented by the Netscape setup program on Solaris.

Figure 4.1. The First Netscape Directory Server Setup Screen on Solaris

Answering Installation Questions

Netscape supports three installation modes:

Express . Minimal options; used for product evaluation only.
Typical . Recommended for most first-time installations.
Custom . For advanced installations.

In this section the Typical mode is used, which is the default choice. The setup program presents a series of installation- related questions you must answer. On Solaris, follow these steps:

Step 1. Accept the default answers on each setup screen (except on the license screen, where you must type "Yes") until you see a prompt for "Install Location." Type "/export/ds6".

Step 2. Continue and accept the default answers on each setup screen until you see a prompt for "Directory Server Identifier." Type "example".

Step 3. On the next screen, which asks for an "Administrator ID," accept the default ID of "admin" and choose a password (the password is case sensitive). The administrator identity is given full administrative rights to the configuration data in all directory servers.

Step 4. The next screen asks for your directory suffix; this is the base DN, or naming context , under which all of your directory's data resides (additional suffixes may be added later). Type "dc=example,dc=com" for the suffix.

Step 5. Accept the default directory manager DN on the next screen ( cn=Directory Manager ) and use the password "secret389" to ensure that the examples in the rest of this chapter work correctly.

Step 6. Accept the default answers for the remaining setup questions.

You are done when you reach a screen that says, "Extracting Netscape core components ." Wait for the setup program to finish placing the directory server files on the disk.

On Microsoft Windows, follow these steps:

Step 1. Accept the default answers until you see a dialog box like the one shown in Figure 4.2 titled Directory Server 6.0 Server Settings . Type in "example" as the server identifier, "389" as the server port, and "dc=example,dc=com" as the suffix (naming context).

Figure 4.2. The Directory Server Settings Dialog Box on Windows

Note

By default, Netscape Directory Server is configured to listen for incoming LDAP connections on TCP port 389, and the commands shown in this chapter assume port 389. If another server is already installed that is using port 389, disable or uninstall the other server (which is probably another LDAP server) before installing the Netscape server. If that is not possible, specify a different port in Netscape's Directory Server settings dialog during installation and remember what you chose. Then adjust the LDAP commands used later in this chapter as necessary to specify the port you chose (most commands use port 389 by default). For example, if you choose port 3389 when installing the server, you need to add -p 3389 to the command-line parameters when issuing an ldapsearch or ldapmodify command.

Step 2. On the next dialog box, accept the default directory server administrator ID ("admin") and choose a password (the password is case sensitive).

Step 3. Accept the defaults on the remaining dialog boxes, except for the "Directory Server Manager" dialog box, where you should use a password of "secret389" to ensure that the examples in the rest of this chapter work correctly.

Step 4. When you arrive at the final Configuration Summary screen, double-check that everything looks correct, and press the Enter key or click the Install button.

Step 5. Wait for the setup program to finish placing the directory server files on the disk.

Completing the Installation and Loading Sample Data

Once the files have been installed on the disk, the Netscape setup program automatically starts Directory Server as well as Administration Server, which is a specialized HTTP server. Netscape Directory Server can be configured and managed with a variety of command-line utilities or through use of a graphical point-and-click console interface named Netscape Console.

Step 1. Start Netscape Console by double-clicking on the Netscape Console icon on Microsoft Windows, or by typing these commands on Solaris:

 cd /export/ds6 ./startconsole

Netscape Console is a Java application, and it functions and looks the same on all platforms. Figure 4.3 shows the console login screen.

Figure 4.3. The Netscape Console Login Screen

Step 2. Log in with a user ID of "cn=Directory Manager" and a password of "secret389." Do not change the administration URL; it should be correct by default. After the main console window opens, expand the nodes within the Servers and Applications topology tree on the left side of the window until you see a node labeled Directory Server (example) . Double-click it. Figure 4.4 shows the Directory Server console window that opens.

Figure 4.4. The Netscape Directory Server Console

Step 3. Load some sample data from the Example.ldif file that Netscape ships with its directory server. Click the Import Databases task button and type the path for the Example.ldif file. On Solaris, it is

 /export/ds6/slapd-example/ldif/Example.ldif

On Microsoft Windows, the correct path is

 C:\Netscape\Servers\slapd-example\ldif\Example.ldif

Step 4. Click the OK button to import the data. You should see a message that reads "152 objects imported, 8 objects rejected." Ignore the rejected entries; the setup program created default entries with the same name as the eight rejected ones, and those entries will work for our purposes. The console import task does not overwrite existing data. After the data has been imported, use a text editor to look at the contents of the Example.ldif file. Listing 4.1 shows a few entries from Example.ldif .

Listing 4.1 A Few Entries from Netscape's `Example.ldif` File

 dn: dc=example,dc=com objectclass: top objectclass: domain dc: example aci: (target ="ldap:///dc=example,dc=com")(targetattr !=  "userPassword")(version 3.0;acl "Anonymous read-search access";  allow (read, search, compare)(userdn = "ldap:///anyone");) aci: (target="ldap:///dc=example,dc=com") (targetattr =   "*")(version 3.0; acl "allow all Admin group"; allow(all) groupdn =   "ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";) dn: ou=People, dc=example,dc=com objectclass: top objectclass: organizationalunit ou: People aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr =  "userpassword  telephonenumber  facsimiletelephonenumber")(version 3.0;  acl "Allow self entry modification";allow (write)(userdn = "ldap:///self");) aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=  "cn  sn  uid")(targetfilter ="(ou=Accounting)")(version 3.0;  acl "Accounting Managers Group Permissions";allow (write) (groupdn =   "ldap:///cn=Accounting Managers,ou=groups,dc=example,dc=com");) aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=  "cn  sn  uid")(targetfilter ="(ou=Human Resources)")(version 3.0;  acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR Managers,  ou=groups,dc=example,dc=com");) aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=  "cn sn  uid")(targetfilter ="(ou=Product Testing)")(version 3.0;  acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA Managers,  ou=groups,dc=example,dc=com");) aci: (target ="ldap:///ou=People,dc=example,dc=com")(targetattr !=  "cn  sn  uid")(targetfilter ="(ou=Product Development)")(version 3.0;  acl "Engineering Group Permissions";allow (write)(groupdn = "ldap:///  cn=PD Managers,ou=groups,dc=example,dc=com");) dn: uid=bjensen, ou=People, dc=example,dc=com cn: Barbara Jensen cn: Babs Jensen sn: Jensen givenname: Barbara objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson ou: Product Development ou: People L: Cupertino uid: bjensen mail: bjensen@example.com telephonenumber: +1 408 555 1862 facsimiletelephonenumber: +1 408 555 1992 roomnumber: 0209 userpassword: hifalutin

The aci attributes hold Netscape-specific access control information. The access control features of Netscape Directory Server are discussed later in this chapter. Finally, let's confirm that the sample data has been loaded.

Step 5. Click the Directory tab near the top of the Netscape Console window to see a tree view of the directory information tree (DIT). Click to expand the node labeled example (which is a domain entry) and select the People container (an organizationalUnit entry) by clicking on it. A list of user IDs will appear in the right-hand side of the window. The list contains the relative distinguished names (RDNs) of all the entries that are children of the ou=People,dc=example,dc=com entry. Double-click any ID to see the attributes of that person. Figure 4.5 shows bjensen 's (Barbara Jensen's) entry.

Figure 4.5. Viewing the Barbara Jensen Sample Entry

Step 6. To see all of the LDAP attributes and values in tabular form, click the Advanced... button.

Congratulations! You have managed to find first gear, pull away from the curb, and start the car moving down the street.