 |
Installation
Guide Netscape Directory Server |
| Previous |
Contents |
Index |
DocHome | Next |
Before you can install Netscape Directory Server (Directory Server), you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements.
Directory Server 7.0 is compiled as a 64-bit application for some platforms, meaning Directory Server 7.0 now supports deployments with memory cache sizes larger than 4Gbytes and limited only by available memory.
It is still possible to use Directory Server as a
32-bit application on supported 32-bit platforms. Even on on 64-bit
platforms, if the memory cache size is smaller than 4Gbytes, it is
recommended that you run the 32-bit application of Directory Server
since this may improve performance. The 32-bit and 64-bit applications
are separately available; be sure that you have the correct application
for your Directory Server deployment.
These requirements are described in detail for each platform in the following sections:
This release of Directory Server is supported on the platforms listed in Table 2-1 and Table 2-2. The sections that follow provide information that is specific to each of the supported platforms which are divided into two sections:
Before you install Directory Server, check the required patches and kernel parameter settings, as described in the sections that follow. Also, ensure that DNS is properly configured on the system and that the system has a static IP address.
|
Windows 2000 Advanced Server with Service Pack 4. For details, see Microsoft Windows 2000 Advanced Server. |
|
|
256 MB. However, you should plan for 1Gbyte of RAM for best performance on large production systems. |
|
|
Approximately 300Mbyte of disk space for a minimal installation. For production systems, you should plan at least 2Gbyte to support the product binaries, databases, and log files (log files require 1Gbyte by default); 4Gbyte and greater may be required for very large directories. |
|
|
You must install as Administrator or a user with Administrator privileges (that is, the user must be in the Administrators group). For additional details, see Microsoft Windows 2000 Advanced Server. |
|
|
Linux Advanced Server 3 (x86) with relevant upgrades/patches. For details, see Red Hat Linux Advanced Server 3 Operating System. |
|
|
256 MB. However, you should plan 1Gbyte of RAM for best performance on large production systems. |
|
|
Approximately 300Mbyte of disk space for a minimal installation. For production systems, you should plan at least 2Gbyte to support the product binaries, databases, and log files (log files require 1Gbyte by default); 4Gbyte and greater may be required for very large directories. To support database files that are larger than 2Gbyte, the machine must be configured to support large files. |
|
|
You must install as root in order to use well-known port numbers (such as 389) that are less than 1024. If you do not plan to use port numbers less than 1024, you do not need to install as root. If you plan to run as root, you should also install as root and specify nobody as the default run-as user and group. |
|
|
Solaris 9 with relevant patches. For details, see See Sun Solaris 9 Operating System. Solaris bits can run in 32-bit or 64-bit operating system mode. |
|
|
256 MB. However, you should plan 1Gbyte of RAM for best performance on large production systems. |
|
|
Approximately 300Mbyte of disk space for a minimal installation. For production systems, you should plan at least 2Gbyte to support the product binaries, databases, and log files (log files require 1Gbyte by default); 4Gbyte and greater may be required for very large directories. To support database files that are larger than 2Gbyte, the machine must be configured to support large files; you can do this by choosing largefile. |
|
|
You must install as root in order to use well-known port numbers (such as 389) that are less than 1024. If you do not plan to use port numbers less than 1024, you do not need to install as root. If you plan to run as root, you should also install as root and specify nobody, or a similar user ID that has very few privileges, as the default run-as user and group. |
|
|
HP-UX 11i; must be fully patched. For details, see HP-UX 11i Operating System. |
|
|
256 MB. However, you should plan 1Gbyte of RAM for best performance on large production systems. |
|
|
Approximately 300Mbyte of disk space for a minimal installation. For production systems, you should plan at least 2Gbyte to support the product binaries, databases, and log files (log files require 1Gbyte by default); 4Gbyte and greater may be required for very large directories. To support
database files that are
larger than 2Gbyte, the machine must be configured to support large
files; you can do this by choosing
vxfs filesystem with
largefiles option. See the fsadm
documentation for more information. |
|
|
You must install as root in order to use well-known port numbers (such as 389) that are less than 1024. If you do not plan to use port numbers less than 1024, you do not need to install as root. If you plan to run as root, you should also install as root and specify nobody, or a similar user ID that has very few privileges, as the default run-as user and group. |
|
|
Solaris 9 with relevant patches. For details, see Sun Solaris 9 Operating System. Solaris bits can run in 32-bit or 64-bit operating system mode. |
|
|
256 MB. However, you should plan 1Gbyte of RAM for best performance on large production systems. |
|
|
Approximately 300Mbyte of disk space for a minimal installation. For production systems, you should plan at least 2Gbyte to support the product binaries, databases, and log files (log files require 1Gbyte by default); 4Gbyte and greater may be required for very large directories. To support database files that are larger than 2Gbyte, the machine must be configured to support large files; you can do this by choosing largefile. |
|
|
You must install as root in order to use well-known port numbers (such as 389) that are less than 1024. If you do not plan to use port numbers less than 1024, you do not need to install as root. If you plan to run as root, you should also install as root and specify nobody, or a similar user ID that has very few privileges, as the default run-as user and group. |
|
On all platforms, you will need:
The table below contains some guidelines for disk space and memory requirements depending on the number of entries managed by your Directory Server. This assumes entries in the LDIF file are approximately 100 bytes in size and only the recommended indexes are configured. If you are using larger entries, make sure that at least four times the size of the LDIF file is available on disk.
This section contains information on operating-system versions and patches required for installing Directory Server:
For UNIX platforms, Directory Server provides a utility named dsktune that can help you verify whether you have the appropriate patches installed on your system. The utility also provides useful information and advice on how to tune your kernel parameters for best performance.
To enable you to run dsktune before installing the Directory Server, the utility is placed, along with the setup program, in the directory where you unpack product binaries. The setup program allows specifying of a pre-pre-installation program to be run before the Directory Server installation begins; in the slapd.inf file, a new field named PrePreInstall is defined for specifying the path to the executable, which must be relative to the setup program. By default, the PrePreInstall field is set to the dsktune utility path, enabling you to run the utility as a part of the Directory Server installation.
After you've installed the Directory Server, you can find the utility in this directory:
For information on running
dsktune, see chapter
8, "Troubleshooting."
This section contains the following information:
Ensure that you have sufficient disk space before downloading the software.
Directory Server is not supported on HP-UX 10 or earlier versions. The minimum system module required is HP-UX 11. Directory Server may only be used on a 64-bit HP-UX 11 environment as a 64-bit process and may contain up to 8Gbytes of process memory.
For best results, Directory Server requires an HP 9000 architecture with a PA-RISC 2.0 CPU.
Before you install Directory Server, ensure that the host system is updated with the latest patches recommended by the operating-system vendor. Because the list of recommended patches changes with time, you must always check the operating system vendor's site for a list of patches that you may need to install. Listed below are two URLs to aid you in this effort:
http://welcome.hp.com/country/us/eng/support.htm
http://www.hp.com/products1/unix/java/
Here are some recommendations:
|
PHSS_30966: |
ld(1) and linker tools cumulative patch |
|
GOLDAPPS11i: |
B.11.11.0406.5 Gold Applications Patches for HP-UX 11i v1, June 2004 |
|
GOLDBASE11i: |
B.11.11.0406.5 Gold Base Patches for HP-UX 11i v1, June 2004 |
Set your kernel parameters as follows:
Typically, client applications that do not properly shut down the socket cause it to linger in a TIME_WAIT state. To prevent this, you should consider changing the TIME_WAIT setting to a reasonable value. For example, setting
ndd -set /dev/tcp tcp_time_wait_interval 60000
will limit the TIME_WAIT state of sockets to 60 seconds.
You also need to turn on large file support in order for Directory Server to work properly. To change an existing file system (from one that has no large files to one that accepts large files):
You will need the gunzip utility to unpack the Directory Server software. The GNU gzip and gunzip programs are described in more detail at http://www.gnu.org/software/gzip/gzip.html and can be obtained from many software distribution sites.
You may need Adobe Acrobat Reader to read the documentation. If you do not have it installed, you can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you plan to install Directory Server on a machine running the Windows 2000 Advanced Server operating system (OS), follow the recommendations outlined in these sections:
In addition to these recommendations, be sure to check the OS vendor's web site for the latest information pertaining to your OS version. Below are two URLs that you may find useful:
http://www.microsoft.com/technet/
Directory Server must be installed with a static IP address on a computer that is isolated from the public Internet by a network-level firewall. This is necessary to protect the operating system from IP-based attacks.
No other network functions should be provided by this computer. The computer should not be a dual-booting system or run other operating systems. At a minimum, the computer system should have at least 256Mbyte of RAM, 2Gbyte of disk, a Pentium 3 or later processor, and a 100MBps Ethernet connection.
Ensure that you have sufficient disk space before downloading the software.
Directory Server is not supported on Windows 2000 Pro or Windows 2000 DataCenter Server.
During the installation of Windows 2000, observe the following:
You need an UNZIP utility to unpack the directory server software. There are many commercially licensed, free, and shareware tools available, such as PKZIP or Winzip. Shareware unregistered versions of PKZIP 2.70 maintain a TCP/IP connection to an Internet advertising service, so it may not be suitable for installation on this system.
You may need Adobe Acrobat Reader to read the documentation. If you do not have it installed, you can download it from http://www.adobe.com/products/acrobat/readstep2.html
To edit the server configuration file, you will need a text editor that is capable of handling large text files (Notepad and Wordpad are not suitable). If you are already familiar with Emacs text editor on UNIX, a port to Windows can be downloaded from ftp://ftp.cs.washington.edu/pub/ntemacs/. There are many other shareware and commercial text editors available.
To display non-English characters using any Netscape browser, you can obtain general internationalization advice and more specific information about the Bitstream Cyberbit font from the following URL:
http://developer.netscape.com/software/jdk/i18n.html
To download the Bitstream Cyberbit font use the following FTP link:
ftp://ftp.netscape.com/pub/communicator/extras/fonts/windows
Before downloading the font, read the READMEfirst.txt and ReadMe.htm files.
To facilitate the correlation of date and time stamps in log files with those of other computer systems, keep your system clock reasonably in sync. As the NET TIME command requires NetBIOS, which will be disabled during post-installation system configuration, either a TCP/IP based NTP client should be installed (such as the shareware program Tardis) or a time radio receiver attached. See http://www.ntp.org for more information on NTP clients for Windows.
Windows 2000 Service Packs include key fixes that are needed to maintain the security and reliability of the operating system. The hotfix series contains important changes for problems discovered after the service pack has been released.
Directory Server is certified with Service Pack 4 and security patches released by the OS vendor at the time of this certification. It is recommended that you install the latest service pack and all hotfixes and patches recommended by the OS vendor.
The Windows 2000 environment requires tuning to provide optimum performance for Directory Server in an operational environment. Consult the Windows 2000 system administrator's documentation or support channel for information on Windows 2000 tuning for multi-threaded internet services.
It is recommended that you set the LargeSystemCache registry key to 0 to limit the growth of system cache. The LargeSystemCache has a default value of 1, which is not suitable for applications such as Directory Server, which do caching internally.
Also, if there will be a lot of connections from clients, change the following:
If you plan to install Directory Server on a machine running the Linux Advanced Server 3 operating system (OS), follow the recommendations outlined in these sections:
In addition to these recommendations, be sure to check the OS vendor's web site for the latest information pertaining to your OS version:
http://www.redhat.com/apps/support/
Ensure that you have sufficient disk space before downloading the software.
Directory Server is certified to work on:
Directory Server has been certified on Red Hat Linux Advanced Server 3 with kernel revisions 2.4.21-4.EL (kernel-2.4.21-4.EL.i686.rpm) / glibc version 2.3.2-95.20 (glibc-2.3.2-95.20.i686.rpm). It is recommended that you use these kernel and glibc versions. If the machine is a single CPU machine, the corresponding kernel would be of the form kernel-x.x.x.x. If the machine is a multi-CPU machine, the corresponding kernel would be of the form kernel-smp-x.x.x.x.
You can get the list of installed software,
including patches, on your system by running rpm -qa.
This section contains some basic system tuning information. Keep in mind that changing any of the following kernel-tuning parameters requires a system reboot.
You will need the gunzip utility to unpack the Directory Server software. The GNU gzip and gunzip programs are described in more detail at http://www.gnu.org/software/gzip/gzip.html and can be obtained from many software distribution sites.
You may need Adobe Acrobat Reader to read the documentation. If you do not have it installed, you can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you plan to install Directory Server on a machine running the Solaris 9 operating system (OS), follow the recommendations outlined in these sections:
In addition to these recommendations, be sure to check the OS vendor's web site for the latest information pertaining to your OS version. For example, you should read the Solaris Operating Environment Security Sun Blueprint at http://www.sun.com/blueprints/0100/security.pdf for advice on guarding against potential security threats.
Below are two URLs that you may find useful:
Ensure that you have sufficient disk space before downloading the Directory Server software.
Current working directory: 120Mbyte
Partition containing /usr/netscape:
2Gbyte
Directory Server requires the use of an UltraSPARC (SPARC v9) processor, as this processor includes support for high performance and multiprocessor systems. Earlier SPARC processors are not supported.
If you run Directory Server on a 64-bit Sun Solaris 8 UltraSPARC machine, it will run as a 32-bit application.
You must use Solaris 9 with the Sun recommended patches. The Sun recommended patch clusters can be obtained from your Solaris support representative or from the http://sunsolve.sun.com site.
Solaris patches are identified by two numbers; for example, 112233-04. The first number (112233) identifies the patch itself. The second number identifies the version of the patch; in the example above, the patch is version number 04.
Table 2-3 provides the list of Solaris 9 patches that were used during the testing of this release of Directory Server. You must install these patches on your machine before installing the Directory Server product. (The command showrev -p will list the patches that have been installed on your machine.)
Also, keep in mind that Directory Server provides a utility named dsktune that can help you verify whether you have the appropriate patches installed on your system. For details, see dsktune Utility.
In addition to the patches listed in Table 2-3 and the patches identified by the dsktune utility, we recommend that you check the operating system vendor's web site for information on installing the latest version of the patch clusters to benefit from the latest fixes.
You will need to reboot your machine after
installing the patches.
Table 2-3
Solaris 9 Patch List
Basic Solaris tuning guidelines are available from several books, including Sun Performance and Tuning: Java and the Internet (ISBN 0-13-095249-4) . Advanced tuning information is available in the Solaris Tunable Parameters Reference Manual (816-7137), which can be obtained from http://docs.sun.com/db/doc/816-7137
The system-wide maximum file descriptor table size setting will limit the number of concurrent connections that can be established to Directory Server. The governing parameter, rlim_fd_max, is set in the /etc/system file. By default, if this parameter is not present, the maximum is 1024. It can be raised to 4096 by adding a line such as
to
/etc/system and rebooting the system.
|
|
|
|
This parameter should not be raised above 4096 without first consulting your Sun Solaris support representative since it may affect the stability of the system.
|
|
|
|
|
You should also set the soft limit for file descriptors:
ulimit -n
in csh limit
desc 1024
Use the dsktune utility (see dsktune Utility) to check about the hard and soft limits for file descriptors.
By default, the TCP/IP implementation in a Solaris kernel is not correctly tuned for Internet or Intranet services. The following /dev/tcp tuning parameters should be inspected and, if necessary, changed to fit the network topology of the installation environment.
The tcp_time_wait_interval in Solaris 9 specifies the number of milliseconds that a TCP connection will be held in the kernel's table after it has been closed. If its value is above 30000 (30 seconds) and the directory is being used in a LAN, MAN, or under a single network administration, it should be reduced by adding a line to the /etc/init.d/inetinit file similar to the following:
ndd -set /dev/tcp tcp_time_wait_interval 30000
The tcp_conn_req_max_q0 and tcp_conn_req_max_q parameters control the maximum backlog of connections that the kernel will accept on behalf of the Directory Server process. If the directory is expected to be used by a large number of client hosts simultaneously, these values should be raised to at least 1024 by adding a line to the /etc/init.d/inetinit file similar to the following:
ndd -set /dev/tcp
tcp_conn_req_max_q0 1024
ndd -set
/dev/tcp tcp_conn_req_max_q 1024
The tcp_keepalive_interval specifies the interval in seconds between keepalive packets sent by Solaris for each open TCP connection. This can be used to remove connections to clients that have become disconnected from the network.
The tcp_rexmit_interval_initial value should be inspected when performing server performance testing on a LAN or high speed MAN or WAN. For operations on the wide area Internet, its value need not be changed.
The tcp_smallest_anon_port controls the number of simultaneous connections that can be made to the server. When rlim_fd_max has been increased to above 4096, this value should be decreased by adding a line to the /etc/init.d/inetinit file similar to the following :
ndd -set /dev/tcp tcp_smallest_anon_port 8192
The tcp_slow_start_initial parameter should be inspected if clients will predominately be using the Windows TCP/IP stack.
Prior to installation, it is necessary to have configured the DNS resolver and NIS domain name.
The DNS resolver is typically set by the file /etc/resolv.conf. However, also check the file /etc/nsswitch.conf and, on Solaris, /etc/netconfig to ensure that the DNS resolver will be used for name resolution.
If you are not already using NIS, you will also need to set the default NIS domain name. Typically, this is done by placing the NIS domain name in the file /etc/defaultdomain and rebooting or by using the domainname command.
| Previous |
Contents |
Index |
DocHome | Next |