DNS
OpenDJ replication requires that you use fully qualified domain names, such as opendj.example.com so we'll use,
opendj0.krypton.com and www.opendj0.krypton.com
Ensure that your all dns entries that you use are are in your host file.
Install Required Package
For some reason fontconfig is required for a proper install otherwise you get this error message,
Fontconfig error: Cannot load default config file See /tmp/opends-setup-2789148880898957298.log for a detailed log of this operation.
Install fontconfig
sudo apt-get install fontconfig
Setup Java
In theory and design we should be able to make OpenDJ truly zero footprint and specify the exact version of Java to run via the systems configuration file. However, in actual practice you end up having to setup and Java environment variable to pretty much do anything, so we might as well use a Java environment variable to run OpenDJ.
When you try to run the setup,
cd /opt/opendj.0 ./setup --cli Please set OPENDS_JAVA_HOME to the root of a Java 6 update 10 (or higher) installation or edit the java.properties file and then run the dsjavaproperties script to specify the Java version to be used.
Install Java
Forget about using editing the java.properties. Instead, first install 32-bit JRE per the Zero Footprint Java on Ubuntu instructions using serveradmin. The only slight change is that we will move the JRE into the following folder using a root enabled account,
sudo mv /home/serveradmin/java/ /opt/java-forgerock/ sudo chown -R serveradmin:staff /opt/java-forgerock/ sudo chmod -R 750 /opt/java-forgerock/
Configure Java Environment Path
There is a bug that was resolved in the main start-ds, but as of 2.4.5 still exists with dsjavaproperties, the environment variable should be, OPENDJ_JAVA_HOME but dsjavaproperties still uses OPENDS_JAVA_HOME.
We set the environment variable for serveradmin by editing the user's profile,
cd ~ vi .profile
At the the following to the end of the file,
export OPENDS_JAVA_HOME=/opt/java-forgerock
Command Line Setup
Do everything as the user that will be running OpenDJ. In our tutorial we will use serveradmin unless otherwise indicated,
OpenDJ Download and Prep
First grab the software and unzip,
wget http://download.forgerock.org/downloads/opendj/2.4.5/OpenDJ-2.4.5.zip unzip OpenDJ-2.4.5.zip
Setup folder using a root capable user,
sudo mv /home/serveradmin/OpenDJ-2.4.5/ /opt/opendj/ sudo chown -R serveradmin:staff ./opendj/ sudo chmod -R 750 ./opendj/ sudo mv ./opendj/ ./opendj.0/ # Marking this as the first instance
Start the Setup
Run the command line setup,
cd /opt/opendj.0 ./setup --cli
Unless otherwise indicated select the default option,
What would you like to use as the initial root user DN for the Directory Server? [cn=Directory Manager]: Please provide the password to use for the initial root user: Please re-enter the password for confirmation:
Make sure to use a complex password for the initial root user. We'll use the standard T&R password on "Directory Manager".
On which port would you like the Directory Server to accept connections from LDAP clients? [1389]: On which port would you like the Administration Connector to accept connections? [4444]:
For LDAP client port, unless you are running with root priviledges you cannot use ports 1 through 1024. So rather than use 389, use 1389.
Use the default 4444 port for Administration Connector.
Do you want to create base DNs in the server? (yes / no) [yes]: Provide the base DN for the directory data: [dc=example,dc=com]: cd=krypton,dc=com Options for populating the database: 1) Only create the base entry 2) Leave the database empty 3) Import data from an LDIF file 4) Load automatically-generated sample data Enter choice [1]: Do you want to enable SSL? (yes / no) [no]: Do you want to enable Start TLS? (yes / no) [no]: Do you want to start the server when the configuration is completed? (yes / no) [yes]: no
Do you want to create base DNs in the server, select yes if you have a real DNS or use host entries on the server and client.
I select no to start the server because I like to we can run the status command even if the server is off and verify the configuration.
Setup Summary ============= LDAP Listener Port: 1389 Administration Connector Port: 4444 LDAP Secure Access: disabled Root User DN: cn=Directory Manager Directory Data: Create New Base DN cd=krypton,dc=com. Base DN Data: Only Create Base Entry (cd=krypton,dc=com) Do not start Server when the configuration is completed What would you like to do? 1) Set up the server with the parameters above 2) Provide the setup parameters again 3) Print equivalent non-interactive command-line 4) Cancel and exit Enter choice [1]: See /tmp/opends-setup-998122271824097562.log for a detailed log of this operation. Configuring Directory Server ..... Done. Creating Base Entry cd=krypton,dc=com ..... Done. To see basic server configuration status and configuration you can launch /opt/opendj.0/bin/status
Start and Stop
As a reference,
cd /opt/opendj.0/bin ./start-ds cd /opt/opendj.0/bin ./stop-ds # I think this is verbose mode but not finding docs on it ./start-ds -s
Start the server,
cd /opt/opendj.0/bin ./start-ds See /tmp/opends-setup-7855637320320628455.log for a detailed log of this operation. Configuring Directory Server ..... Done. Creating Base Entry dc=tin-pham,dc=com ..... Done. Starting Directory Server .......... Done. To see basic server configuration status and configuration you can launch /opt/opendj.0/bin/status
Create Data Stores
During the OpenAM installation, two data stores will be are created,
- Configuration
- User
It is recommended by ForgeRock that the configuration use the OpenAM embedded data store for up to 4 OpenAM replicas. ForgeRock further recommends that no more then 4 OpenAM replicas exist for a given installation.
In our own experience, we were not successful when we tried to use OpenDJ for the configuration data store even though we followed the steps to Relax the Restriction on Objects.
References
Not bad but not good manual setup - http://opendj.forgerock.org/docs.html
https://bugster.forgerock.org/jira/browse/OPENDJ-330