Installing OpenDS on my MacBook Pro in a cinch

« A useful script for... | Main | Troubleshooting ISW... »

Thursday Jul 24, 2008

After downloading the OpenDS zip file, I unzipped the file and exeucte setup in command line mode (not the graphical interface). This utility can be used to setup the Directory Server. Here are the global setup options:

Usage: setup {options}

where {options} include:

-i, --cli

Use the command line install. If not specified the graphical interface will be launched. The rest of the options (excluding help and version) will only be taken into account if this option is specified

-b, --baseDN {baseDN}

Base DN for user information in the Directory Server. Multiple base DNs may be provided by using this option multiple times

-a, --addBaseEntry

Indicates whether to create the base entry in the Directory Server database

-l, --ldifFile {ldifFile}

Path to an LDIF file containing data that should be added to the Directory Server database. Multiple LDIF files may be provided by using this option multiple times

-R, --rejectFile {rejectFile}

Write rejected entries to the specified file

--skipFile {skipFile}

Write skipped entries to the specified file

-d, --sampleData {numEntries}

Specifies that the database should be populated with the specified number of sample entries

-p, --ldapPort {port}

Port on which the Directory Server should listen for LDAP communication

-x, --jmxPort {jmxPort}

Port on which the Directory Server should listen for JMX communication

-S, --skipPortCheck

Skip the check to determine whether the specified ports are usable

-D, --rootUserDN {rootUserDN}

DN for the initial root user for the Directory Server

-w, --rootUserPassword {rootUserPassword}

Password for the initial root user for the Directory Server

-j, --rootUserPasswordFile {rootUserPasswordFile}

Path to a file containing the password for the initial root user for the Directory Server

-O, --doNotStart

Do not start the server when the configuration is completed

-q, --enableStartTLS

Enable StartTLS to allow secure communication with the server using the

LDAP port

-Z, --ldapsPort {port}

Port on which the Directory Server should listen for LDAPS communication. The LDAPS port will be configured and SSL will be enabled only if this argument is explicitly specified

--generateSelfSignedCertificate

Generate a self-signed certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation

--usePkcs11Keystore

Use a certificate in a PKCS#11 token that the server should use when accepting SSL-based connections or performing StartTLS negotiation

--useJavaKeystore {keyStorePath}

Path of a Java Key Store (JKS) containing a certificate to be used as the server certificate

--usePkcs12keyStore {keyStorePath}

Path of a PKCS#12 key store containing the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation

-W, --keyStorePassword {keyStorePassword}

Certificate key store PIN. A PIN is required when you specify to use an existing certificate (JKS, PKCS#12 or PKCS#11) as server certificate

-u, --keyStorePasswordFile {keyStorePasswordFile}

Certificate key store PIN file. A PIN is required when you specify to use an existing certificate (JKS, PKCS#12 or PKCS#11) as server certificate

-N, --certNickname {nickname}

Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation

Utility Input/Output Options

-n, --no-prompt

Perform an installation in non-interactive mode. If some data in the command is missing the user will not be prompted and the tool will fail

-Q, --quiet

Run setup in quiet mode. Quiet mode will not output progress information to standard output

-v, --verbose

Use verbose mode

--propertiesFilePath {propertiesFilePath}

Path to the file containing default property values used for command line arguments

--noPropertiesFile

No properties file will be used to get default command line argument values

General Options

-V, --version

Display Directory Server version information

-?, -H, --help

Display this usage information

Since my install is a development environment I selected the following options:

-i – command line mode

-b – base DN of "dc=example,dc=com"

-a - create the baseDN

-d 500 – five hundred sample users

-p 1389 – insecure port 1389

-D "cn=directory manager" – directory administrator user

-w password – directory administrator password

-q -Z 1390 - secure port 1390

-v – verbose output

Herewith the installation session:

pcp002880pcs:~/opends/OpenDS-1.0.0 /$ ./setup -i -b "dc=example,dc=com" -a -d 500 -p 1389 -D "cn=directory manager" -w password -q -Z 1390 -v

OpenDS Directory Server 1.0.0

Please wait while the setup program initializes...

Certificate server options:

1) Generate self-signed certificate (recommended for testing purposes

only)

2) Use an existing certificate located on a Java Key Store (JKS)

3) Use an existing certificate located on a PKCS#12 key store

4) Use an existing certificate on a PKCS#11 token

Enter choice [1]:

Do you want to start the server when the configuration is completed? (yes /

no) [yes]:

Setup Summary

=============

LDAP Listener Port: 1389

LDAP Secure Access: Enable StartTLS

Enable SSL on LDAP Port 1390

Create a new Self-Signed Certificate

Root User DN: cn=directory manager

Directory Data: Create New Base DN dc=example,dc=com.

Base DN Data: Import Automatically-Generated Data (500 Entries)

Start Server when the configuration is completed

What would you like to do?

1) Setup the server with the parameters above

2) Provide the setup parameters again

3) Cancel the setup

Enter choice [1]:

Configuring Directory Server ..... Done.

Configuring Certificates ..... Done.

-----------------------------------------------------------------

Importing Automatically-Generated Data (500 Entries):

[24/Jul/2008:10:01:28 -0700] category=JEB severity=NOTICE msgID=8847544 msg=Available buffer memory 4479254 bytes is below the minimum value of 10485760 bytes. Setting available buffer memory to the minimum

[24/Jul/2008:10:01:28 -0700] category=JEB severity=NOTICE msgID=8847545 msg=Setting DB cache to 26875526 bytes and internal buffer to 10485760 bytes

[24/Jul/2008:10:01:29 -0700] category=JEB severity=NOTICE msgID=8847533 msg=OpenDS Directory Server 1.0.0 starting import (build 20080610152800Z, R4337)

[24/Jul/2008:10:01:29 -0700] category=JEB severity=NOTICE msgID=8847449 msg=Import Thread Count: 8 threads

[24/Jul/2008:10:01:29 -0700] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381713 msg=JVM Information: 1.5.0_13-b05-241 by Apple Computer, Inc., 32-bit architecture, 66650112 bytes heap size

[24/Jul/2008:10:01:29 -0700] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381714 msg=JVM Host: pcp002880pcs.visa.com, running Mac OS X 10.4.11 i386, 4294967296 bytes physical memory size, number of processors available 2

[24/Jul/2008:10:01:29 -0700] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381715 msg=JVM Arguments: "-Dorg.opends.server.scriptName=setup"

[24/Jul/2008:10:01:29 -0700] category=JEB severity=NOTICE msgID=8847518 msg=Processing LDIF

[24/Jul/2008:10:01:30 -0700] category=JEB severity=NOTICE msgID=8847519 msg=End of LDIF reached

[24/Jul/2008:10:01:31 -0700] category=JEB severity=NOTICE msgID=8847537 msg=Begin substring buffer flush of 15913 elements. Buffer total access: 30458 buffer hits: 14545

[24/Jul/2008:10:01:31 -0700] category=JEB severity=NOTICE msgID=8847538 msg=Substring buffer flush completed in 1 seconds

[24/Jul/2008:10:01:31 -0700] category=JEB severity=NOTICE msgID=8847539 msg=Begin final cleaner run

[24/Jul/2008:10:01:31 -0700] category=JEB severity=NOTICE msgID=8847541 msg=Cleaner run took 0 seconds 0 logs removed

[24/Jul/2008:10:01:31 -0700] category=JEB severity=NOTICE msgID=8847454 msg=Processed 502 entries, imported 502, skipped 0, rejected 0 and migrated 0 in 1 seconds (average rate 255.1/sec)

[24/Jul/2008:10:01:31 -0700] category=JEB severity=NOTICE msgID=8847455 msg=Number of index values that exceeded the entry limit: 0

[24/Jul/2008:10:01:31 -0700] category=JEB severity=NOTICE msgID=8847536 msg=Import LDIF environment close took 0 seconds

-----------------------------------------------------------------

Starting Directory Server:

[24/Jul/2008:10:01:33 -0700] category=CORE severity=INFORMATION msgID=132 msg=The Directory Server is beginning the configuration bootstrapping process

[24/Jul/2008:10:01:35 -0700] category=CORE severity=NOTICE msgID=458886 msg=OpenDS Directory Server 1.0.0 (build 20080610152800Z, R4337) starting up

[24/Jul/2008:10:01:35 -0700] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381713 msg=JVM Information: 1.5.0_13-b05-241 by Apple Computer, Inc., 32-bit architecture, 132775936 bytes heap size

[24/Jul/2008:10:01:35 -0700] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381714 msg=JVM Host: pcp002880pcs.visa.com, running Mac OS X 10.4.11 i386, 4294967296 bytes physical memory size, number of processors available 2

[24/Jul/2008:10:01:35 -0700] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381715 msg=JVM Arguments: "-Xserver", "-Dorg.opends.server.scriptName=start-ds"

[24/Jul/2008:10:01:39 -0700] category=ACCESS_CONTROL severity=INFORMATION msgID=12582978 msg=Added 8 Global Access Control Instruction (ACI) attribute types to the access control evaluation engine

[24/Jul/2008:10:01:41 -0700] category=JEB severity=NOTICE msgID=8847402 msg=The database backend userRoot containing 502 entries has started

[24/Jul/2008:10:01:41 -0700] category=PROTOCOL severity=MILD_WARNING msgID=2163134 msg=The directory /Users/jgershater/Documents/Work/ISO images/opends/OpenDS-1.0.0/config/auto-process-ldif referenced by the LDIF connection handler defined in configuration entry cn=LDIF Connection Handler,cn=Connection Handlers,cn=config does not exist. The LDIF connection handler will start, but will not be able to process any changes until this directory is created

[24/Jul/2008:10:01:42 -0700] category=PROTOCOL severity=MILD_ERROR msgID=2294036 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 1390

[24/Jul/2008:10:01:42 -0700] category=PROTOCOL severity=MILD_ERROR msgID=2294036 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 1389

[24/Jul/2008:10:01:42 -0700] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully

[24/Jul/2008:10:01:42 -0700] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887): The Directory Server has started successfully

See /tmp/opends-setup-11588.log for a detailed log of this operation.

To see basic server configuration status and configuration you can launch /opends/OpenDS-1.0.0/bin/status

I now view the status of the server, per the final line of the installation session:

pcp002880pcs:~/opends/OpenDS-1.0.0/$ cd bin

pcp002880pcs:~/opends/OpenDS-1.0.0/bin/$./status

>>>> Specify OpenDS LDAP connection parameters

How do you want to connect?

1) LDAP

2) LDAP with SSL

3) LDAP with StartTLS

Enter choice [1]:

Administrator user bind DN [cn=Directory Manager]: