Pre-Installation Check List#Before we accept that a server is production ready, we need to make sure the server is setup properly for our use.
eDirectory related administration id's#
Groups#We need the following groups configured.
- ndsgroup(1004)-Main eDirectory administration id group default assignment
cat /etc/passwd|grep nds ndsuser:x:1004:1004:NDS Admin:/admin/home/ndsuser:/bin/bash
|e017122||61039||ndsgroup||John G Johnson Jr|
eDirectory Software Requirements#The following lists the software required to run eDirectory and Identity Manager 2 on Solaris. Novell supports eDirectory on the following versions of Solaris:
- Solaris 8 on Sun SPARC (with patch 108827-20 or later)
- Solaris 9 on Sun SPARC
- All latest recommended set of patches available on the SunSolve Web page (http://sunsolve.sun.com).
The following additional software packages are required:
ndsuser@ino2s021$ pkginfo -i SUNWbash system SUNWbash GNU Bourne-Again shell (bash)
At this time, Directory Engineering can support eDirectory on the following versions of Solaris:
- Solaris 8 on Sun SPARC
- Solaris 9 on Sun SPARC
ndsuser@ino2s021$ uname -a SunOS ino2s021 5.9 Generic_117171-13 sun4u sparc SUNW,Sun-Fire-V440Note: Sun is weird. The 5.9 implies Solaris 9. 5.8 would be Solaris 8.
File System Requirements.#Each file system listed in the table below is assumed to be a separate mount point. For eDirectory, only these mount points are required:
|/var/nds||16 GB||32 GB||ext3/4096||eDirectory database (DIB) and log files|
|/var/ndsbkup||16 GB||32 GB||standard||Used to store backup database files for archival to tape|
Check this by
df -k|grep nds /dev/vx/dsk/SANdg/varnds 104852352 1708168 101532584 2% /var/nds /dev/vx/dsk/datadg/varndsbkup 71673504 268944 70288872 1% /var/ndsbkupThe fist number is the size of the mount point.
NTP (ntpd)#The ntpd service should be set to auto start with the server, and configured to synchronize with a standard NTP source. Use of a reliable external NTP source, such as GPS receiver, is required. Here is an example /etc/ntp.conf file
# Time sources 10.128.1.53:123 and 10.128.2.53:123 server 10.128.1.53 server 10.128.2.53 # Prohibit general access to this service restrict default ignore # Permit time sync with time sources # but prohibit time sources from query or modify restrict 10.128.1.53 noquery nomodify notrap restrict 10.128.2.53 noquery nomodify notrap # Permit all access over loopback device restrict 127.0.0.1
SMTP #The sendmail process should be configured to forward mail to internal SMTP mail relays. The host currently in use is:
Any SMTP Relay that allows messages to be sent to external as well as internal e-mail addresses meets the requirement. This allows scripts on the server to send alerts to e-mail and text pagers.
See also Sendmail Config
bash#It would be preferred to have the bash shell as the default shell for ndsuser and the eDirectory team ids.
perl#The current version of Perl (perl5.xx.xx) is needed perform administrative functions on the server in the eDirectory tree. The following Perl modules (and their dependencies) should also be installed: