As you all know, Directory Services are key to OpenSSO. We support many of them but, beside OpenDS which we use for our embedded configuration store, one of the best LDAP Directory server out there is Sun’s Directory Server Enterprise Edition (DSEE for short). In a typical deployment you will want to store user data on a separate Directory Service.

I always thought that, starting from a freshly installed Solaris 10 box, the deployment of DSEE is everything but smooth. This post lists the initial steps one has to take to perform such deployment and follow the DSEE Administration guide (your sole reference on the matter) . This was also strongly inspired by some excellent posts (listed at the end).

First a few assumptions:

  • Our starting point is a machine that runs  Solaris 10. I used the latest release (Sept. ’09) available here. All updates were applied after the installation.
  • I’ll assume the installation is done as root. This might not be the optimal approach, security-wise, but I’m keeping it simple here.
  • I’m installing DSEE via the JES 5 installer. JES (Java Enterprise System) is our main delivery system for lots of Sun’s software. The neat thing about JES is that it bundles applications together (e.g. Access Manager 7.1 and DSEE). In the present case I only installed DSEE and DSCC, the DS Control Center (a useful interface to administer DSEE deployments).

Now onto the steps:

  1. The first step to be done is to configure DSCC by performing:
    <dsee install dir>/dscc6/bin/dsccsetup initialize
    Doing so results in an error from cacao: Cannot find property: [cacao embedded].
    The problem here is that JES reverted the version of cacao (Solaris’ Common Agent Container (more info here) to a previous one.
  2. We need to reinstall cacao from the Solaris 10 CD. Look for the 2 following packages: SUNWcacaort, SUNWcacaodtrace To install them, change to the packages directory and enter:
    pkgadd -d . SUNWcacaort
    pkgadd -d . SUNWcacaodtrace
  3. Start cacao: /usr/sbin/cacaoadm start
    You can verify it’s running fine with: cacaoadm status
  4. You can now re-attempt to run the initialization (step 1). You should see a message saying that the DSCC Registry has been created successfully.
  5. If you want to make sure cacao starts upon reboot, enter:
    /usr/sbin/cacaoadm enable
  6. The the admin guide says to access DSCC through the Java Web Console in your browser. Well, we need to make sure it is running first:
    /usr/sbin/smcwebserver status

    Most likely it’s not…
  7. Start the Java Web Server with:
    smcwebserver start
    Now you can access it with your browser and … Oops… it only listens on your localhost (127.0.0.1).
    To fix this, use svccfg:
    # /usr/sbin/svccfg
    # svc:> select system/webconsole
    # svc:/system/webconsole> setprop options/tcp_listen=true
    # svc:
    /system/webconsole>quit
    You’ll have to restart the Java Web Console at this point:
    /usr/sbin/smcwebserver restart
  8. The Java Web Console is now accessible on the standard port 6789 (using https) and VoilĂ , the configuration of DSEE as specified in the Administration guide can now proceed unhindered.

Was this useful? Did you have a different DSEE install experience? If so, please let me know!

Some very useful links I used for this post:

  1. http://oldmangriffous.blogspot.com/2008/10/centralised-authentication-on-solaris_26.html
  2. http://www.tjhsst.edu/admin/livedoc/index.php/Sun_Java_System_Directory_Server