|
Installation Guide Netscape Directory Server |
|
||
|
|
This chapter describes the most common installation problems and how to solve them. It also provides some tips on checking patch levels and kernel parameter settings for your system.
This chapter has the following sections:
The
dsktuneutility provides an easy and reliable way of checking the patch levels and kernel parameter settings for your system. You must install the Directory Server before you can rundsktune.dsktuneis not available for Windows platform.On Solaris platform, if you run the
dsktuneutility, you need to be aware that it will report as missing any of the patches from the Sun recommended patch list that are not installed on your system, even if they relate to packages that you have not installed.
- Change to the installation directory for your Directory Server.
- By default, this directory is
/usr/netscape/servers.
- Change to the
bin/slapd/serversubdirectory.- As root, enter the following command:
# ./dsktune
The following is an example of output that
dsktunegenerates. Note thatdsktunedoes not itself make any changes to the system.Netscape Directory Server system tuning analysis version 25-SEP-2001.NOTICE : System is usparc-sun-solaris5.8 (SUNW,Ultra-5_10) (1 processor).NOTICE : Patch 109320-01 is not installed.NOTICE : Patch 108875-04 is present, but 108875-07 is a more recent version.NOTICE : Patch 108652-04 is present, but 108652-13 is a more recent version.NOTICE : Solaris patches can be obtained from http://sunsolve.sun.com or your Solaris support representative.WARNING: The tcp_close_wait_interval is set to 240000 milliseconds (240 seconds). This value should be reduced to allow for more simultaneous connections to the server. A line similar to the following should be added to the /etc/init.d/inetinit file:ndd -set /dev/tcp tcp_time_wait_interval 30000NOTICE : The tcp_conn_req_max_q value is currently 128, which will limit the value of listen backlog which can be configured. It can be raised by adding to /etc/init.d/inetinit, after any adb command, a line similar to:ndd -set /dev/tcp tcp_conn_req_max_q 1024NOTICE : The tcp_keepalive_interval is set to 7200000 milliseconds (120 minutes). This may cause temporary server congestion from lost client connections.NOTICE : The tcp_keepalive_interval can be reduced by adding the following line to /etc/init.d/inetinit:ndd -set /dev/tcp tcp_keepalive_interval 600000NOTICE : The NDD tcp_rexmit_interval_initial is currently set to 3000 milliseconds (3 seconds). This may cause packet loss for clients on Solaris 2.5.1 due to a bug in that version of Solaris. If the clients are not using Solaris 2.5.1, no problems should occur.NOTICE : If the directory is service is intended only for LAN or private high-speed WAN environment, this interval can be reduced by adding to /etc/init.d/inetinit:ndd -set /dev/tcp tcp_rexmit_interval_initial 500NOTICE : The NDD tcp_smallest_anon_port is currently 32768. This allows a maximum of 32768 simultaneous connections. More ports can be made available by adding a line to /etc/init.d/inetinit:ndd -set /dev/tcp tcp_smallest_anon_port 8192WARNING: tcp_deferred_ack_interval is currently 100 milliseconds. This will cause Solaris to insert artificial delays in the LDAP protocol. It should be reduced during load testing.This line can be added to the /etc/init.d/inetinit file:ndd -set /dev/tcp tcp_deferred_ack_interval 5WARNING: There are only 1024 file descriptors available, which limit the number of simultaneous connections. Additional file descriptors, up to 65536, are available by adding to /etc/system a line like set rlim_fd_max=4096NOTICE : / partition has less space available, 245MB, than the largest allowable core file size of 460MB. A daemon process which dumps core could cause the root partition to be filled.
Clients cannot locate the server.
First, try using the host name. If that does not work, use the fully qualified name (such as
www.domain.com), and make sure the server is listed in the DNS. If that does not work, use the IP address.If your NIS domain is different from your DNS domain, the fully qualified host and domain name presented by the installer may be incorrect. These values must be corrected to use the DNS domain name.
Installation cannot determine the Domain Name for this Host. Your network settings may not be correct, or your host may be on a DHCP network.
Windows 2000 requires setting of domain names in two places, one is the default for the whole computer and the other is the one to use for the specific network connection. If you have not specified the domain name to use for the specific network connection, when installing Directory Server, you will notice the warning message shown below:
Setup Warning: Installation cannot determine the Domain Name for this Host. Your network settings may not be correct, or your host may be on a DHCP network. If you are using TCP/IP, your Domain Name must be filed in.
To verify yor Domain Name TCP/IP setting, go to Control Panel Network Settings, and ensure that your TCP/IP DNS properties have the Domain Name filled out. Do you want to continue?
- On the desktop, right click the icon labeled My Computer.
- Click on the Network Identification tab.
- Click the Properties box.
- In the Identification Changes dialog box, click More.
- Next to the label "Primary DNS Suffix of this computer," enter the appropriate domain name.
You probably did not shut down a server before you upgraded it. Shut down the old server, then manually start the upgraded one.
Another installed server might be using the port. Make sure the port you have chosen is not already being used by another server.
LDAP authentication error causes install to fail.
If you are installing Directory Server in a network which uses NIS naming rather than DNS naming, you may get the following error:
ERROR: Ldap authentication failed for url ldap://incorrect.DNS.addressuser id admin (151:Unknown error.)
Fatal Slapd Did not add Directory Server information to Configuration Server.
ERROR. Failure installing Netscape Directory Server. Do you want to continue [n]?This error occurs when a machine is not correctly configured to use DNS naming. The default fully qualified host and domain name presented during installation is not correct. If you accept the defaults, you receive the LDAP authentication error.
To successfully install, you need to provide a fully qualified domain name that consists of a local host name along with its domain name. A host name is the logical name assigned to a computer. For example,
mycomputeris a host name andexample.comis a fully qualified domain name.A fully qualified domain name should be sufficient to determine a unique Internet address for any host on the Internet. The same naming scheme is also used for some hosts that are not on the Internet, but share the same namespace for electronic mail addressing.
I have forgotten the Directory manager DN and password.
You can find out what the Directory Manager DN is by examining serverRoot
/slapd-serverID/config/dse.ldifand looking for thensslapd-rootdnattribute.If you have forgotten the Directory Manager DN password, you can reset it by doing the following:
- Find the
nsslapd-rootpwattribute inslapd.conf. If the attribute value is not encrypted in any way (that is, it does not start with{SHA}or{CRYPT}) then the password is exactly what is shown on the parameter.- If the attribute is encrypted, then delete the attribute value and replace it with some clear text value. For example, if you change the
nsslapd-rootpwattribute so that it is:
nsslapd-rootpw: my_password
- then your Directory Manager DN password will be
my_password.
- Restart your Directory Server.
- Once your server has restarted, login as the Directory Manager and change the password. Make sure you select an encryption scheme when you do so.
For information on changing a Directory Manager password, see the Netscape Directory Server Administrator's Guide.
© 2001 Sun Microsystems, Inc. Portions copyright 1999, 2002 Netscape Communications Corporation. All rights reserved.
Last Updated August 23, 2002