Perl Scripts Offer Quick, Accurate Installation and Configuration of Sun Java System Directory Server

Print-friendly Version

Sun Java System Directory Server Enterprise Edition 6.2 (henceforth, Directory Server) contains an enhanced command-line interface (CLI). This article shows you how to automate the installation and configuration process of Directory Server with the CLI and a Perl script, saving time and effort while avoiding errors.

Note: The configuration described in this article is an example only. Its architecture, which involves five instances of Directory Server and five suffixes per server, might not fit your deployment.

Suppose you are to deploy five instances of Directory Server that are configured in a fully meshed, multimaster replication (MMR). Assume that each instance contains five suffixes. In addition, you are to do the following:

• Set up the pertinent properties, such as password compatibility, log properties, and indexes, for each server instance.
  
  
• Add Access Control Interfaces (ACIs) and a custom schema.
  
  
• Create all 25 replication agreements.
  
  
• Load 1,000 test users with a simple script.

Performing each of the tasks, whether on the Administration Console or on the CLI, is time consuming and might take days.

An efficient, effective way through that chore is to run this Perl script. It accomplishes all of the following and configures and deploys Directory Server:

1. Create five instances of Directory Server.
   
   
2. Register each instance in the Directory Service Control Center (DSCC).
   
   
3. Add a custom schema to each server instance.
   
   
4. Create five suffixes per server.
   
   
5. Enable replication on each suffix.
   
   
6. Create custom indexes.
   
   
7. Create an ACI that enables users to modify their objects but not their passwords.
   
   
8. Set the import cache to 200 Mbytes.
   
   
9. Set log rotation times and intervals.
   
   
10. Set password compatibility to DS6-migration-mode.
    
    
11. Create replication agreements among all five suffixes on all five instances.
    
    
12. Initialize replication.
    
    
13. Import user data.

A test showed that on a SunFire V240 Server on the Solaris 10 OS configured with 8 Gbytes of memory and two processors, all five Directory Server instances were configured to comply with the above requirements in less than 24 minutes. Here is the log generated by the script.

We also tested on a MacBook Pro that runs an early release of the next version of the Solaris OS on a virtual machine. The script executed in only 31 minutes.

Figure 1 illustrates an example of six server instances in fully meshed MMR.

Figure 1: Six Directory Server Instances in Fully Meshed MMR (Click image for larger view.)

Read on for the prerequisites, edits required, and the script syntax.

First, do the following:

1. Install the ZIP version of Directory Server.
   
   This article assumes that you have installed Directory Server at /var/opt/dsee such that—
   
   
   • dsadm and dsconf reside at /var/opt/dsee/ds6/bin.
   • dsccreg resides /var/opt/dsee/dscc6/bin.
   
   
2. Create and install the browser interface DSCC and ensure that it's running.
   
   
3. Install Common Agent Container (CACAO) and ensure that it's running.

Next, edit the Perl script:

1. The script assumes the ZIP installation of Directory Server, so depending on where you installed Directory Server, edit the ldapbase and dsccbase environment variables accordingly:
   
   

   # Location of Directory Server commands my $ldapbase = "/var/opt/dsee/ds6/bin/";

    
   

   # Location of DSCC commands my $dsccbase = "/var/opt/dsee/dscc6/bin/";

    
   
2. Edit the confpath variable to specify the path for the configuration files:
   
   

   # Path for configuration data my $confpath = "/export/home/script/";

    
   
3. Edit the numsuffix variable to specify the number of suffixes you will configure on Directory Server:
   
   

   # Number of suffixes # This is the number of suffixes stored in the two-dimensional array below. # This example contains five suffixes, which translate to four columns since arrays begin at column 0, not 1. my $numsuffix; $numsuffix = 5;

    
   
4. Edit the Directory Server credentials:
   
   Note: The file that contains the password is prefixed by the path in step 2 above.
   
   

   ### Directory Server credentials # Directory Server manager login name my $dm=""; $dm = '"cn=directory manager"'; # File that contains the Directory Server manager password my $dmpassfile=""; $dmpassfile = $confpath."dman.txt";

    
   
5. Edit the instdir variable to specify the location of the Directory Server instances, that is, the directory in which the Directory Server instances will reside:
   
   

   # Location of instances my $instdir = "/var/opt/dsee6/instances/";

    
   
6. Edit the files that contain the custom schema and the LDIF file with the user data to be loaded into each of the Directory Server instances:
   
   

   ### LDIF files # Custom schema added to each Directory Server instance my $schema=""; $schema=$confpath."customschema.ldif"; # LDIF file with user data to be imported into each Directory Server instance my $users=""; $users="users.ldif";

    
   
7. Edit three arrays:
   
   
   • A one-dimensional array with the Directory Server instance names as they appear in the file system
     
     
   • A one-dimensional array with the unique number of each of the suffixes in the replication topology
     
     
   • A two-dimensional array with the names of each of the suffixes and of the secure and nonsecure ports for each instance
   
   

   # One-dimensional array of the Directory Server instances my @instances = ("ins1" ,"ins2", "ins3", "ins4","ins5"); # One-dimensional array of the replica IDs to ensure a unique replica ID for each suffix my @replicaIDs = (1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25); # Two-dimensional array of the suffixes and related data # Each column contains unique values for a suffix # Row 0 - suffix name # Row 1 - LDAP port # Row 2 - LDAPS port my @ldapdata = (["dc=example,dc=com","ou=usa,dc=example,dc=com","ou=eu,dc=example,dc=com","ou=aipac,dc =example,dc=com","ou=americas,dc=example,dc=com"], [11389,2389,3389,4389,5389], [11636,2636,3636,4636,5636],);

    
   

Finally, edit the body of the script with the actual configurations (steps 1-13 in "The Perl Way") your deployment requires.

Here is the syntax of the script:

#perl ds6deplconf.pl hostname

where hostname is the short name, not the fully qualified one, of the host in which you execute, deploy, and configure Directory Server. And here is an example:

#perl ds6deplconf.pl solaris-devx

To delete the Directory Server instances, simply run cleanup.sh and then rerun the Perl script to redeploy.

Running Perl scripts for automation, as suggested by this article, is an effective way to eliminate your manual, repetitive tasks and to ensure accuracy and uniformity. Try it out.

• Sun Java System Directory Server Enterprise Edition
  • Main page
  • Software Forum
  • Documentation
  
  
• The Perl Directory
  
  
• Sun developer services
  • Support
  • Training and certification