Sun Java System Directory Server Enterprise Edition on Debian/GNU Linux HOWTO

Greg Schenzel <inittab AT unixdev DOT net>

Copyright 2009
GNU Free Documentation License

This document details the setup of a Sun Directory Server on Debian as a standalone, primary master replica, or secondary master replica. This procedure also includes optional instructions for creating nightly backups and assigning a CA-issued SSL certificate. Please use common sense and adjust items in green to suit your needs.

  1. Install The Software
    1. apt-get install libstdc++5
    2. Download and extract the latest DSEE ZIP distribution for RedHat AS 4 Linux from Sun, currently version 6.3.1.
    3. cd DSEE_ZIP_Distribution; ./dsee_deploy install -i /opt/SUNWdsee (it will fail on Cacao)
    4. /opt/SUNWdsee/ds6/bin/dsadm create /var/ldap-ds
    5. /opt/SUNWdsee/ds6/bin/dsadm start /var/ldap-ds
    6. /opt/SUNWdsee/ds6/bin/dsconf create-suffix dc=example,dc=com
  2. Populate The Directory (Choose ONE of the following 2 strategies)
    1. Standalone Server or Primary Master Replica - Populated From LDIF
      1. /opt/SUNWdsee/ds6/bin/dsconf import /home/me/example.ldif dc=example,dc=com
    2. Secondary Master Replica - Populated From Primary
      1. On Pre-Existing Primary
        1. /opt/SUNWdsee/ds6/bin/dsconf enable-repl -d 1 master dc=example,dc=com
        2. /opt/SUNWdsee/ds6/bin/dsconf create-repl-agmt dc=example,dc=com DEBIAN-IP:389
        3. /opt/SUNWdsee/ds6/bin/dsconf list-repl-agmts
      2. On Debian Secondary
        1. /opt/SUNWdsee/ds6/bin/dsconf enable-repl -d 2 master dc=example,dc=com
        2. /opt/SUNWdsee/ds6/bin/dsconf create-repl-agmt dc=example,dc=com PRIMARY-IP:389
        3. /opt/SUNWdsee/ds6/bin/dsconf list-repl-agmts
      3. On Pre-Existing Primary
        1. /opt/SUNWdsee/ds6/bin/dsconf init-repl-dest dc=example,dc=com DEBIAN-IP:389
        2. /opt/SUNWdsee/ds6/bin/dsconf show-repl-agmt-status dc=example,dc=com DEBIAN-IP:389
  3. Set up system initialization/shutdown scripts
    1. Create the following init script as /etc/init.d/SUNWdsee:
      #!/bin/sh
      
      LDAP=/var/ldap-ds
      RETVAL=0
      
      case "$1" in
        start)
          echo "Starting Sun Java System Directory Server: $LDAP"
          /opt/SUNWdsee/ds6/bin/dsadm start "$LDAP"
      
          if [ $? -ne 0 ]; then
            echo "$0: unable to start the Directory Server: '$LDAP'"
            RETVAL=$?
          fi
          ;;
        stop)
          echo "Stopping Sun Java System Directory Server: $LDAP"
          /opt/SUNWdsee/ds6/bin/dsadm stop "$LDAP"
      
          if [ $? -ne 0 ]; then
            echo "$0: unable to stop the Directory Server: $LDAP"
            RETVAL=$?
          fi
          ;;
        restart)
          echo "Restarting Sun Java System Directory Server: $LDAP"
          /opt/SUNWdsee/ds6/bin/dsadm restart "$LDAP"
      
          if [ $? -ne 0 ]; then
            echo "$0: unable to restart the Directory Server: $LDAP"
            RETVAL=$?
          fi
          ;;
        info)
          /opt/SUNWdsee/ds6/bin/dsadm info "$LDAP"
      
          if [ $? -ne 0 ]; then
            RETVAL=$?
          fi
          ;;
        *)
          echo "Usage: $0 start|stop|restart|info"
          ;;
      esac
      
      exit $RETVAL
      
    2. chmod +x /etc/init.d/SUNWdsee
    3. ln -s ../init.d/SUNWdsee /etc/rc0.d/K80dsee
    4. ln -s ../init.d/SUNWdsee /etc/rc1.d/K80dsee
    5. ln -s ../init.d/SUNWdsee /etc/rc2.d/S19dsee
    6. ln -s ../init.d/SUNWdsee /etc/rc3.d/S19dsee
    7. ln -s ../init.d/SUNWdsee /etc/rc4.d/S19dsee
    8. ln -s ../init.d/SUNWdsee /etc/rc5.d/S19dsee
    9. ln -s ../init.d/SUNWdsee /etc/rc6.d/K80dsee
  4. Enable Backups (Optional)
    1. echo "Directory_Manager_PASSWORD_FROM_STEP_1.4" > /var/ldap-ds/.secret
    2. chmod 600 /var/ldap-ds/.secret
    3. Create the following backup script as /etc/cron.daily/backups-dsee:
      #!/bin/sh
      
      ## Backup Sun Directory Server
      SRC=127.0.0.1
      DATE=`date +%m-%d-%Y`
      DIR="/data/backups/dsee"
      DEST="${DIR}/${DATE}"
      
      set -e
      
      [ -d "$DIR" ] || mkdir -p "$DIR"
      
      echo "[-] Backing up ${SRC}:(dsconf export) to ${DEST}.ldif"
      /opt/SUNWdsee/ds6/bin/dsconf export -h "$SRC" -p 389 -D "cn=Directory Manager" -w /var/ldap-ds/.secret dc=example,dc=com "${DEST}.ldif"
      
      echo "[-] Backing up ${SRC}:(dsconf backup) to ${DEST}"
      /opt/SUNWdsee/ds6/bin/dsconf backup -h "$SRC" -p 389 -D "cn=Directory Manager" -w /var/ldap-ds/.secret "${DEST}"
              
    4. chmod +x /etc/cron.daily/backups-dsee
  5. Add a CA-signed SSL Certificate (Optional)
    1. openssl pkcs12 -export -in /etc/ssl/certs/server.pem -inkey /etc/ssl/private/server.key -out /etc/ssl/private/server.pkcs12 -name Server-Cert
    2. /opt/SUNWdsee/ds6/bin/dsadm import-cert /var/ldap-ds /etc/ssl/private/server.pkcs12
    3. Next, add your CA certificate to all replicas (Example for GoDaddy):
      1. wget -O /etc/ssl/certs/gd-class2-root.crt http://certs.godaddy.com/repository/gd-class2-root.crt
      2. wget -O /etc/ssl/certs/gd_intermediate.crt http://certs.godaddy.com/repository/gd_intermediate.crt
      3. /opt/SUNWdsee/ds6/bin/dsadm add-cert -C /var/ldap-ds CAcert /etc/ssl/certs/gd-class2-root.crt
      4. /opt/SUNWdsee/ds6/bin/dsadm add-cert -C /var/ldap-ds CAcert2 /etc/ssl/certs/gd_intermediate.crt
    4. /etc/init.d/SUNWdsee stop
    5. /etc/init.d/SUNWdsee start
    6. /opt/SUNWdsee/ds6/bin/dsconf set-server-prop -e -p 389 ssl-rsa-cert-name:Server-Cert
    7. /etc/init.d/SUNWdsee stop
    8. /etc/init.d/SUNWdsee start