Sun Java System Directory Server Enterprise Edition on Debian/GNU Linux HOWTO

Greg Schenzel <inittab AT unixdev DOT net>

Copyright 2009
GNU Free Documentation License

This document details the setup of a Sun Directory Server on Debian as a standalone, primary master replica, or secondary master replica. This procedure also includes optional instructions for creating nightly backups and assigning a CA-issued SSL certificate. Please use common sense and adjust items in green to suit your needs.

  1. Install The Software
    1. apt-get install libstdc++5
    2. Download and extract the latest DSEE ZIP distribution for RedHat AS 4 Linux from Sun, currently version 6.3.1.
    3. cd DSEE_ZIP_Distribution; ./dsee_deploy install -i /opt/SUNWdsee (it will fail on Cacao)
    4. /opt/SUNWdsee/ds6/bin/dsadm create /var/ldap-ds
    5. /opt/SUNWdsee/ds6/bin/dsadm start /var/ldap-ds
    6. /opt/SUNWdsee/ds6/bin/dsconf create-suffix dc=example,dc=com
  2. Populate The Directory (Choose ONE of the following 2 strategies)
    1. Standalone Server or Primary Master Replica - Populated From LDIF
      1. /opt/SUNWdsee/ds6/bin/dsconf import /home/me/example.ldif dc=example,dc=com
    2. Secondary Master Replica - Populated From Primary
      1. On Pre-Existing Primary
        1. /opt/SUNWdsee/ds6/bin/dsconf enable-repl -d 1 master dc=example,dc=com
        2. /opt/SUNWdsee/ds6/bin/dsconf create-repl-agmt dc=example,dc=com DEBIAN-IP:389
        3. /opt/SUNWdsee/ds6/bin/dsconf list-repl-agmts
      2. On Debian Secondary
        1. /opt/SUNWdsee/ds6/bin/dsconf enable-repl -d 2 master dc=example,dc=com
        2. /opt/SUNWdsee/ds6/bin/dsconf create-repl-agmt dc=example,dc=com PRIMARY-IP:389
        3. /opt/SUNWdsee/ds6/bin/dsconf list-repl-agmts
      3. On Pre-Existing Primary
        1. /opt/SUNWdsee/ds6/bin/dsconf init-repl-dest dc=example,dc=com DEBIAN-IP:389
        2. /opt/SUNWdsee/ds6/bin/dsconf show-repl-agmt-status dc=example,dc=com DEBIAN-IP:389
  3. Set up system initialization/shutdown scripts
    1. Create the following init script as /etc/init.d/SUNWdsee: 
      #!/bin/sh

LDAP=/var/ldap-ds
RETVAL=0

case "$1" in
  start)
    echo "Starting Sun Java System Directory Server: $LDAP"
    /opt/SUNWdsee/ds6/bin/dsadm start "$LDAP"

    if [ $? -ne 0 ]; then
      echo "$0: unable to start the Directory Server: '$LDAP'"
      RETVAL=$?
    fi
    ;;
  stop)
    echo "Stopping Sun Java System Directory Server: $LDAP"
    /opt/SUNWdsee/ds6/bin/dsadm stop "$LDAP"

    if [ $? -ne 0 ]; then
      echo "$0: unable to stop the Directory Server: $LDAP"
      RETVAL=$?
    fi
    ;;
  restart)
    echo "Restarting Sun Java System Directory Server: $LDAP"
    /opt/SUNWdsee/ds6/bin/dsadm restart "$LDAP"

    if [ $? -ne 0 ]; then
      echo "$0: unable to restart the Directory Server: $LDAP"
      RETVAL=$?
    fi
    ;;
  info)
    /opt/SUNWdsee/ds6/bin/dsadm info "$LDAP"

    if [ $? -ne 0 ]; then
      RETVAL=$?
    fi
    ;;
  *)
    echo "Usage: $0 start|stop|restart|info"
    ;;
esac

exit $RETVAL
    2. chmod +x /etc/init.d/SUNWdsee
    3. ln -s ../init.d/SUNWdsee /etc/rc0.d/K80dsee
    4. ln -s ../init.d/SUNWdsee /etc/rc1.d/K80dsee
    5. ln -s ../init.d/SUNWdsee /etc/rc2.d/S19dsee
    6. ln -s ../init.d/SUNWdsee /etc/rc3.d/S19dsee
    7. ln -s ../init.d/SUNWdsee /etc/rc4.d/S19dsee
    8. ln -s ../init.d/SUNWdsee /etc/rc5.d/S19dsee
    9. ln -s ../init.d/SUNWdsee /etc/rc6.d/K80dsee
  4. Enable Backups (Optional)
    1. echo "Directory_Manager_PASSWORD_FROM_STEP_1.4" > /var/ldap-ds/.secret
    2. chmod 600 /var/ldap-ds/.secret
    3. Create the following backup script as /etc/cron.daily/backups-dsee: 
      #!/bin/sh

## Backup Sun Directory Server
SRC=127.0.0.1
DATE=`date +%m-%d-%Y`
DIR="/data/backups/dsee"
DEST="${DIR}/${DATE}"

set -e

[ -d "$DIR" ] || mkdir -p "$DIR"

echo "[-] Backing up ${SRC}:(dsconf export) to ${DEST}.ldif"
/opt/SUNWdsee/ds6/bin/dsconf export -h "$SRC" -p 389 -D "cn=Directory Manager" -w /var/ldap-ds/.secret dc=example,dc=com "${DEST}.ldif"

echo "[-] Backing up ${SRC}:(dsconf backup) to ${DEST}"
/opt/SUNWdsee/ds6/bin/dsconf backup -h "$SRC" -p 389 -D "cn=Directory Manager" -w /var/ldap-ds/.secret "${DEST}"
    4. chmod +x /etc/cron.daily/backups-dsee
  5. Add a CA-signed SSL Certificate (Optional)
    1. openssl pkcs12 -export -in /etc/ssl/certs/server.pem -inkey /etc/ssl/private/server.key -out /etc/ssl/private/server.pkcs12 -name Server-Cert
    2. /opt/SUNWdsee/ds6/bin/dsadm import-cert /var/ldap-ds /etc/ssl/private/server.pkcs12
    3. Next, add your CA certificate to all replicas (Example for GoDaddy):
      1. wget -O /etc/ssl/certs/gd-class2-root.crt http://certs.godaddy.com/repository/gd-class2-root.crt
      2. wget -O /etc/ssl/certs/gd_intermediate.crt http://certs.godaddy.com/repository/gd_intermediate.crt
      3. /opt/SUNWdsee/ds6/bin/dsadm add-cert -C /var/ldap-ds CAcert /etc/ssl/certs/gd-class2-root.crt
      4. /opt/SUNWdsee/ds6/bin/dsadm add-cert -C /var/ldap-ds CAcert2 /etc/ssl/certs/gd_intermediate.crt
    4. /etc/init.d/SUNWdsee stop
    5. /etc/init.d/SUNWdsee start
    6. /opt/SUNWdsee/ds6/bin/dsconf set-server-prop -e -p 389 ssl-rsa-cert-name:Server-Cert
    7. /etc/init.d/SUNWdsee stop
    8. /etc/init.d/SUNWdsee start