Pre-Installation Check List#

Before we accept that a server is production ready, we need to make sure the server is setup properly for our use.

eDirectory related administration id's#

Groups#

We need the following groups configured.

• ndsgroup(1004)-Main eDirectory administration id group default assignment

This can be verified by:

cat /etc/passwd|grep nds
ndsuser:x:1004:1004:NDS Admin:/admin/home/ndsuser:/bin/bash

Users#

ID	uid	Group	Name
ndsuser	1004	ndsgroup
f002014	61041	ndsgroup	Rudy Givan
e017122	61039	ndsgroup	John G Johnson Jr
b003281	64019	ndsgroup	Jim Willeke
e013409	64020	ndsgroup	Mike Moore
f002879	64021	ndsgroup	Walter Hirschberg

eDirectory Software Requirements#

The following lists the software required to run eDirectory and Identity Manager 2 on Solaris. Novell supports eDirectory on the following versions of Solaris:

• Solaris 8 on Sun SPARC (with patch 108827-20 or later)
• Solaris 9 on Sun SPARC
• All latest recommended set of patches available on the SunSolve Web page (http://sunsolve.sun.com).

If you do not update your system with the latest patch before installing eDirectory, you will get the patchadd error.

The following additional software packages are required:

• SUNWbash
• SMCgzip
• SUNWjsnmp
• SUNWsasnm
• SUNWsacom

Check by:

ndsuser@ino2s021$ pkginfo -i SUNWbash  
system      SUNWbash       GNU Bourne-Again shell (bash)

At this time, Directory Engineering can support eDirectory on the following versions of Solaris:

• Solaris 8 on Sun SPARC
• Solaris 9 on Sun SPARC

Check by

ndsuser@ino2s021$ uname -a
SunOS ino2s021 5.9 Generic_117171-13 sun4u sparc SUNW,Sun-Fire-V440

Note: Sun is weird. The 5.9 implies Solaris 9. 5.8 would be Solaris 8.

File System Requirements.#

Each file system listed in the table below is assumed to be a separate mount point. For eDirectory, only these mount points are required:

• /var/nds
• /var/ndsbkup

/var/nds	16 GB	32 GB	ext3/4096	eDirectory database (DIB) and log files
/var/ndsbkup	16 GB	32 GB	standard	Used to store backup database files for archival to tape

Check this by

df -k|grep nds
/dev/vx/dsk/SANdg/varnds 104852352 1708168 101532584     2%    /var/nds
/dev/vx/dsk/datadg/varndsbkup 71673504  268944 70288872     1%    /var/ndsbkup

The fist number is the size of the mount point.

NTP (ntpd)#

The ntpd service should be set to auto start with the server, and configured to synchronize with a standard NTP source. Use of a reliable external NTP source, such as GPS receiver, is required. Here is an example /etc/ntp.conf file

# Time sources 10.128.1.53:123 and 10.128.2.53:123
server 10.128.1.53
server 10.128.2.53
# Prohibit general access to this service
restrict default ignore
 
# Permit time sync with time sources
# but prohibit time sources from query or modify
restrict 10.128.1.53 noquery nomodify notrap
restrict 10.128.2.53 noquery nomodify notrap
 
# Permit all access over loopback device
restrict 127.0.0.1

SMTP #

The sendmail process should be configured to forward mail to internal SMTP mail relays. The host currently in use is:

mailhost.[Directory-Info.com].net

Any SMTP Relay that allows messages to be sent to external as well as internal e-mail addresses meets the requirement. This allows scripts on the server to send alerts to e-mail and text pagers.

See also Sendmail Config

bash#

It would be preferred to have the bash shell as the default shell for ndsuser and the eDirectory team ids.

perl#

The current version of Perl (perl5.xx.xx) is needed perform administrative functions on the server in the eDirectory tree. The following Perl modules (and their dependencies) should also be installed:

• HTTP::Date
• MIME::Base64
• Net::LDAP
• Net::LDAPS

Configuring sudo#

See Configuring sudo

More Information#

There might be more information for this subject on one of the following: ...nobody