Tuesday, February 15, 2011

Running DSCC as Non-root User

A student in a recent class complained that he could not start or stop Directory Servers (DS) or read the logs using the Directory Server Control Center (DSCC). After a few more questions, it became obvious that he did not have root access to that machine.

Background: Sun Directory Server Enterprise Edition 6.3 and 7.0 as well as the re-branded Oracle Directory Server Enterprise Edition 11gR1 come with two sets of administrative tools, the command-line tools and the Web-based DSCC. Users authenticate to the DSCC using accounts stored in the DSCC Registry directory server (default: port 3998). However, when the admin tries to execute certain operations, they are challenged for the authentication of the owner of the DS process. In this student's example, the process was owned by root, the student could not provide the root authentication and so could not execute the particular operation.

To avoid this issue, on a new installation create a service account and service group; assume they are "dsuser" and "dsgroup". To run the DSCC as a non-root user, you need to make sure dsuser and dsgroup own a) the installation directory and all of its files and subdirectories, b) the instance directory and all of its files and subdirectories, and c) the DSCC Registry DS must installed using dsuser. (Depending on which brand of web container you are using, you MAY need to make ownership adjustments on the dscc.war file and/or its deployment. I usually use TomCat and have seen no ownership issues.)

Step c above is often done as part of executing the "dsccsetup initialize" command. However, this command can only be run as root. So, instead of running this command, run the individual commands called by initialize, remembering to run the "dsccsetup ads-create" command as dsuser (Step 2 in the following documentation):

http://download.oracle.com/docs/cd/E19424-01/820-4807/deploy-war/index.html

Remember, any ldif file you intend on importing using the DSCC must be readable by dsuser and/or dsgroup!
Posted by at No comments:

Thursday, February 3, 2011

Finding Sun Stuff, Part 2

More links to Sun middleware stuff now that they have been moved into the Oracle Technology Network:

Software Downloads

  • ODSEE 11gR1 - Oracle Directory Server Enterprise Edition (rebranded from Sun Directory Server Enterprise Edition)
    http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html
  • Oracle Identity Analytics (formerly Sun Role Manager)
    http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html
  • Oracle Waveset (formerly Sun Identity Manager)
    http://www.oracle.com/technetwork/middleware/ias/downloads/101401-099957.html
  • Oracle OpenSSO (formerly Sun OpenSSO)
    http://www.oracle.com/technetwork/middleware/ias/downloads/101401-099957.html
  • OpenSSO Fedlet
    http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html
  • Glassfish 2.1.1 and 3.0.1
    http://www.oracle.com/technetwork/middleware/glassfish/downloads/index.html
  • Java EE 6 Reference Implimentation
    http://www.oracle.com/technetwork/middleware/glassfish/downloads/index.html
  • Oracle iPlanet Web Server 7.0.9 (formerly Sun Web Server 7.0.9; Oracle's web server is called Oracle HTTP Server)
    http://www.oracle.com/technetwork/java/webtier/downloads/index.html

    Note: Oracle has decided to release 7.0 Update 10 through http://support.oracle.com. You will need to sign-in to support.oracle.com and click on Patches & Updates link at the top and search for the following patch-id corresponding to your platform:
    145843-01 Oracle iPlanet Web Server 7.0 Sun Solaris SPARC (32-bit)
    145844-01 Oracle iPlanet Web Server 7.0 Sun Solaris x86 (32-bit)
    145845-01 Oracle iPlanet Web Server 7.0 Linux x86
    145846-01 Oracle iPlanet Web Server 7.0 Linux (amd64)
    145847-01 Oracle iPlanet Web Server 7.0 Microsoft Windows (32-bit)
    145848-01 Oracle iPlanet Web Server 7.0 IBM_AIX_POWER32 IBM AIX on POWER Systems
    145849-01 Oracle iPlanet Web Server 7.0 HP-UX PA-RISC

Product Documentation

  • Sun Middleware:
    http://www.oracle.com/technetwork/documentation/legacy-sun-identity-mgmt-193462.html
  • Other Sun Products
    Brad Diggs has done a great job putting together a list of links to all Sun Products Documentation (formerly docs.sun.com):
    http://www.thezonemanager.com/2011/01/docssuncom-otn-docs.html
Posted by at No comments:
Subscribe to: Posts (Atom)