![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to configuration.tex CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / doc / whitepages / administrator|
Return to configuration.tex CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / doc / whitepages / administrator |
1.1 ! root 1: % run this through LaTeX with the appropriate wrapper ! 2: ! 3: \chapter {Installation and Configuration}\label{installation} ! 4: This chapter describes how to install, configure, and test the pilot project ! 5: software. ! 6: Upon completion, ! 7: your Level-1 DSA will have successfully joined the pilot project DMD! ! 8: ! 9: \section {Software} ! 10: The software supporting the pilot project is the QUIPU implementation ! 11: of the OSI Directory, ! 12: which is a part of the ISO Development Environment (ISODE). ! 13: ! 14: QUIPU was originally developed as a part of the INCA project ! 15: (under the auspices of the ESPRIT initiative of the EEC). ! 16: The Inca of Peru did not have writing. ! 17: Instead, ! 18: they stored information on strings, ! 19: carefully knotted in a specific manner with colored thread, ! 20: and attached to a larger rope. ! 21: Such a device was known as a {\em Quipu\/} ! 22: (pronounced {\em kwip-ooo}). ! 23: The encoding was obscure, ! 24: and could only be read by selected trained people: ! 25: the {\em Quipucamayocs}. ! 26: The Quipu was a key component of Inca society, ! 27: as it contained information about property and locations throughout ! 28: the extensive Inca empire. ! 29: ! 30: The pilot sponsors and the administrators of the participating organizations ! 31: form the {\em camayocs\/} for the pilot project. ! 32: There is a special mailing list ! 33: \begin{quote}\small\begin{verbatim} ! 34: [email protected] ! 35: \end{verbatim}\end{quote} ! 36: which each \camayoc/ belongs to. ! 37: ! 38: \[\fbox{\begin{tabular}{lp{0.8\textwidth}} ! 39: \bf NOTE:& This is the official mailing list for administrators of the ! 40: pilot project. ! 41: If you have a problem, send mail! ! 42: \end{tabular}}\] ! 43: ! 44: \subsection {Selecting a Machine} ! 45: The machine you run the software on should support the Berkeley variant of ! 46: \unix/. ! 47: Although the software is known to run on other variants of \unix/, such as ! 48: those from AT\&T and HP, ! 49: these configurations are not supported by the pilot sponsors. ! 50: ! 51: You should plan on the DSA consuming 2Kbytes of memory {\em per\/} entry kept ! 52: in your DMD ! 53: This is called the QUIPU {\em 2K rule}. ! 54: Make sure that your machine has available memory for the DSA. ! 55: A memory-constrained (or worse yet, paging DSA) performs extremely poorly. ! 56: Find an unloaded system to run your DSA. ! 57: This investment might seem large, ! 58: just think of it as a sunk cost. ! 59: ! 60: \subsection {Files} ! 61: Regardless of how you install QUIPU and the ISODE, ! 62: the number of files needed for the pilot project are quite small. ! 63: ! 64: In ISODE's \verb"BINDIR" directory, ! 65: typically \file{/usr/local/bin/}, ! 66: there are a few programs of interest: ! 67: \begin{describe} ! 68: \item[dish:] The DIrectory SHell\\ ! 69: This is a interface to the OSI Directory which can be used to ! 70: access the full functionality of the Directory service. ! 71: This program is not directly run by the ``users'' of the pilot ! 72: project, rather various front-ends access \pgm{dish}. ! 73: In addition, ! 74: the administrators employ this program directly to perform ! 75: routine maintenance and diagnostics. ! 76: ! 77: \item[bind:] Shell interface to \pgm{dish}\\ ! 78: There are actually several links to a program called ! 79: \pgm{bind}. ! 80: These act to export the \pgm{dish} interface to the \unix/ ! 81: shell. ! 82: As such, ! 83: you can issue commands to \pgm{dish} from the shell, ! 84: rather than running \pgm{dish} directly. ! 85: \begin{quote} ! 86: \begin{tabular}{l} ! 87: add\\ ! 88: compare\\ ! 89: delete\\ ! 90: dsacontrol\\ ! 91: list\\ ! 92: modify\\ ! 93: modifyrdn\\ ! 94: moveto\\ ! 95: search\\ ! 96: showentry\\ ! 97: showname\\ ! 98: squid ! 99: \end{tabular} ! 100: \end{quote} ! 101: ! 102: \item[fred:] A white pages user interface\\ ! 103: This is the interface for the users of the pilot project. ! 104: ! 105: \item[editentry:] Edit a Directory entry\\ ! 106: This is a simple shell script that \pgm{dish} invokes when you ! 107: ask \pgm{dish} to edit an entry in the Directory. ! 108: ! 109: \item[unbind:] Unbind from \pgm{dish}\\ ! 110: This command is used to terminate \pgm{dish}. ! 111: \end{describe} ! 112: In ISODE's \verb"SBINDIR" directory, ! 113: typically \file{/usr/etc/}, ! 114: the DSA resides: ! 115: \begin{describe} ! 116: \item[ros.quipu:] The QUIPU DSA\\ ! 117: This program will be started once, for each DSA you ! 118: are running, from rc.local. ! 119: A script is provided to invoke this program, ! 120: in case you need to restart it. ! 121: ! 122: \item[dsaconfig:] a configurator for Level-1 DSAs. ! 123: \end{describe} ! 124: In ISODE's \verb"ETCDIR" directory, ! 125: also typically \file{/usr/etc/}, ! 126: there are a few programs and files of interest: ! 127: \begin{describe}\sloppy ! 128: \item[oidtable.at, oidtable.gen, oidtable.oc:] ! 129: These define the attribute types, ! 130: generic object identifiers, ! 131: and object classes known to the system. ! 132: (An object identifier is a method used to unambiguously ! 133: encode, among other things, ! 134: the names of attributes and object classes.) ! 135: These files you never deal with unless they are ! 136: accidently corrupted. ! 137: ! 138: \item[dsaptailor:] This is the run-time tailor file for the DUAs. ! 139: You will configure this file initially and then ! 140: probably leave it alone. ! 141: ! 142: ! 143: \item[isoaliases, isobjects, isoentities, isomacros, isoservices:] ! 144: These are \\ %%% ! 145: various databases used by the ISODE. ! 146: These files you never deal with unless they are ! 147: accidently corrupted. ! 148: ! 149: \item[isologs:] This script runs nightly under \man cron(8) to ! 150: trim the ISODE log files, kept in ISODE's \verb"LOGDIR" ! 151: directory, ! 152: typically \file{/usr/tmp/}. ! 153: This file you never deal with unless it is ! 154: accidently corrupted. ! 155: ! 156: \item[isotailor:] This is the run-time tailor file for the ISODE. ! 157: You will configure this file initially and then ! 158: probably leave it alone. ! 159: \end{describe} ! 160: There are a few other things kept in a directory called \file{quipu/} ! 161: which resides in ISODE's \verb"ETCDIR" directory. ! 162: The \file{scripts/} directory contains various scripts which may be used for ! 163: maintenance purposes. ! 164: The \file{templates/} directory contains templates of entries. ! 165: ! 166: \subsection {Source Release} ! 167: You should retrieve a copy of the pilot software. ! 168: It is available via anonymous FTP from from host ! 169: \verb"nisc.nyser.net" (\verb"[192.33.4.10]"): ! 170: \begin{quote}\small\begin{verbatim} ! 171: % cd /usr/src/local/ ! 172: % ftp nisc.nyser.net ! 173: Connected to nisc.nyser.net. ! 174: 220 nisc.nyser.net FTP server ready ! 175: Name (nisc.nyser.net:user): anonymous ! 176: Password (nisc.nyser.net:anonymous): guest ! 177: 331 Guest login ok, send ident as password. ! 178: 230 Guest login ok, access restrictions apply. ! 179: ftp> binary ! 180: 200 Type set to I. ! 181: ftp> cd pilot/src ! 182: ftp> get isode-pilot.tar.Z ! 183: ftp> quit ! 184: % uncompress < isode-pilot.tar.Z | tar xfp - ! 185: % rm isode-pilot.tar.Z ! 186: \end{verbatim}\end{quote} ! 187: Note that this is a interim release of the ISODE. ! 188: All of the changes are upwards compatible, ! 189: but you must run this version rather than the standard ISODE~5.0 release. ! 190: ! 191: Now change to the top-level directory. ! 192: \begin{quote}\small\begin{verbatim} ! 193: % cd isode-5.9/ ! 194: \end{verbatim}\end{quote} ! 195: The file \file{READ-ME} in this directory contains instructions on how to ! 196: configure, generate, and install the ISODE. ! 197: ! 198: \[\fbox{\begin{tabular}{lp{0.8\textwidth}} ! 199: \bf NOTE:& The source installation instructions are intended for ! 200: sites which are not already running QUIPU. ! 201: If you are, ! 202: care should be taken to see that your existing Directory ! 203: environment is not compromised. ! 204: For example, ! 205: the DSAs run under the pilot do not provide the ! 206: ``higher performance'' name service, ! 207: nor is it intended that they support application entities ! 208: other than DSAs. ! 209: \end{tabular}}\] ! 210: ! 211: \subsubsection {Configuration of the ISODE} ! 212: As described in the \file{READ-ME} file, ! 213: configuration is straight-forward. ! 214: Here's an example of how it's done on a Sun workstation running SunOS~3.5: ! 215: \begin{quote}\small\begin{verbatim} ! 216: % cp config/sunos3.h h/config.h ! 217: % cp config/sunos3.make config/CONFIG.make ! 218: % cp config/*.local support/ ! 219: \end{verbatim}\end{quote} ! 220: For other systems, ! 221: consult the \file{READ-ME} file to see which templates to use. ! 222: For all systems, ! 223: take a look at ! 224: \[\begin{tabular}{l} ! 225: \file{h/config.h}\\ ! 226: \file{config/CONFIG.make}\\ ! 227: \end{tabular}\] ! 228: to see if things like \verb"BINDIR", ! 229: \verb"SBINDIR", \verb"ETCDIR", and \verb"LOGDIR" are set to your liking. ! 230: ! 231: \subsubsection {Generation of the ISODE} ! 232: Once properly configured, ! 233: generate both the ISODE and QUIPU using this command from the top-level ! 234: directory: ! 235: \begin{quote}\small\begin{verbatim} ! 236: % ./make once-only all all-quipu ! 237: \end{verbatim}\end{quote} ! 238: This takes a while, ! 239: so its best to redirect the output to a file and then go do something else for ! 240: a few hours: ! 241: \begin{quote}\small\begin{verbatim} ! 242: % ./make once-only all all-quipu >& make.out & ! 243: \end{verbatim}\end{quote} ! 244: ! 245: If the make command finishes with a non-zero exit status, ! 246: or if you see a line with: ! 247: \begin{quote}\small\begin{verbatim} ! 248: *** Error code 1 ! 249: \end{verbatim}\end{quote} ! 250: or perhaps ! 251: \begin{quote}\small\begin{verbatim} ! 252: Exit ! 253: \end{verbatim}\end{quote} ! 254: Then something has gone wrong. ! 255: Try and determine what the problem is. ! 256: If you are unable to find the problem, ! 257: drop a note to the Internet Mailbox ! 258: \begin{quote}\begin{verbatim} ! 259: [email protected] ! 260: \end{verbatim}\end{quote} ! 261: Your message should contain your two configuration files, ! 262: the output of the make command, ! 263: and a description of the hardware/software platform you are using. ! 264: ! 265: Keep in mind that the ISODE runs ``flawlessly'' worldwide on many thousands of ! 266: machines running numerous variants of \unix/. ! 267: Failure to complete generation usually indicates a broken configuration file, ! 268: or a non-standard system ! 269: (i.e., one with a broken compiler or a different \pgm{make} command). ! 270: ! 271: Now generate the additional commands needed for the pilot project: ! 272: \begin{quote}\small\begin{verbatim} ! 273: % (cd others/quipu; ./make pilot) ! 274: \end{verbatim}\end{quote} ! 275: ! 276: \subsubsection {Installation of the ISODE}\label{isode:install} ! 277: Once you are satisfied that the generation was successful, ! 278: become the super-user and install both the ISODE and QUIPU. ! 279: First make sure that the directories \verb"BINDIR", ! 280: \verb"SBINDIR", ! 281: \verb"ETCDIR", ! 282: \verb"LOGDIR", ! 283: as defined in \file{config/CONFIG.make} exist. ! 284: If not, create them using \pgm{mkdir}. ! 285: The protection on the \verb"LOGDIR" directory should be 0777. ! 286: ! 287: Next, install the programs, databases, and libraries: ! 288: \begin{quote}\small\begin{verbatim} ! 289: # ./make inst-all inst-quipu ! 290: # (cd others/quipu; ./make inst-pilot) ! 291: \end{verbatim}\end{quote} ! 292: ! 293: Do {\bf not\/} perform any other installation instructions for QUIPU as ! 294: given in the \file{READ-ME} file. ! 295: The remainder of this chapter supercede those instructions. ! 296: ! 297: If you are not planning on doing program development (probably a safe bet), ! 298: you can remove the various libraries and program development tools by using ! 299: \begin{quote}\small\begin{verbatim} ! 300: # ./make zap ! 301: \end{verbatim}\end{quote} ! 302: from the \file{isode-5.9/} directory as the super-user. ! 303: ! 304: \section {Starting the ISODE} ! 305: In order to aid debugging, ! 306: you should keep the ISODE system around in an operational state. ! 307: So, ! 308: you need to do a few more things: ! 309: \begin{enumerate} ! 310: \item Verify that the file \file{/etc/rc.local} has an entry like this: ! 311: \begin{quote}\small\begin{verbatim} ! 312: if [ -f $(SBINDIR)tsapd ]; then ! 313: $(SBINDIR)tsapd -t & (echo -n ' tsap') > /dev/console ! 314: fi ! 315: \end{verbatim}\end{quote} ! 316: in the section where the network servers are started ! 317: (e.g., where \man sendmail(8) is started). ! 318: ! 319: \item Verify that the file \file{/etc/services} has an entry like this: ! 320: \begin{quote}\small\begin{verbatim} ! 321: tsap 102/tcp ! 322: \end{verbatim}\end{quote} ! 323: ! 324: \item Verify that the file \file{/usr/lib/crontab} has an entry similar ! 325: to this: ! 326: \begin{quote}\small\begin{verbatim} ! 327: 0 4 * * * su daemon < $(SBINDIR)isologs ! 328: \end{verbatim}\end{quote} ! 329: or this ! 330: \begin{quote}\small\begin{verbatim} ! 331: 0 4 * * * su daemon -c "/bin/sh $(SBINDIR)isologs" ! 332: \end{verbatim}\end{quote} ! 333: This runs a script to clean-up the logfiles at 4:00am each morning. ! 334: ! 335: \item Start the \man tsapd(8c) daemon by hand: ! 336: \begin{quote}\small\begin{verbatim} ! 337: # $(SBINDIR)tsapd -t >& /dev/null ! 338: \end{verbatim}\end{quote} ! 339: The daemon will automatically detach. ! 340: Instead, ! 341: if its diagnostic output is associated with a terminal, ! 342: then the daemon will not detach and will log informative messages to ! 343: the terminal. ! 344: ! 345: \item Now verify that the ISODE is installed and tailored correctly. ! 346: See Sections~\ref{isode:tailoring} and~\ref{isode:testing}. ! 347: \end{enumerate} ! 348: ! 349: \section {ISODE Tailoring}\label{isode:tailoring} ! 350: Before any DSAs or DUAs are installed, ! 351: the file \file{isotailor} in the ISODE \verb"ETCDIR" directory should be ! 352: properly configured. ! 353: ! 354: Typically source installations have ISODE's \verb"ETCDIR" and \verb"LOGDIR" ! 355: directories hard-wired in during configuration of the ISODE. ! 356: As such, ! 357: the source installation procedures do not install a \file{isotailor} file. ! 358: If a future need arises, ! 359: the \file{isotailor} file may be modified accordingly. ! 360: Initially it is recommended that you use a tailoring file which contains ! 361: no commands; ! 362: copy it from the \file{quipu/scripts/} area: ! 363: \begin{quote}\small\begin{verbatim} ! 364: # cp $(ETCDIR)quipu/scripts/isotailor.empty $(ETCDIR)isotailor ! 365: \end{verbatim}\end{quote} ! 366: ! 367: \section {Testing of the ISODE}\label{isode:testing} ! 368: The easiest way to test the ISODE system is to run ! 369: the \file{isode-test} script in the directory \file{quipu/scripts/} ! 370: under ISODE's \verb"ETCDIR" directory. ! 371: \begin{quote}\small\begin{verbatim} ! 372: % isode-test ! 373: \end{verbatim}\end{quote} ! 374: Prior to termination, ! 375: the script will indicate the number of errors encountered. ! 376: If an error occurs, ! 377: try and determine what the problem is. ! 378: If you are unable to find the problem, ! 379: drop a note to the Internet Mailbox \verb"[email protected]". ! 380: Your message should contain your two configuration files, ! 381: the output of \file{isode-test}, ! 382: and a description of the hardware/software platform you are using. ! 383: ! 384: \section {Configuration of DUAs}\label{dua:configure} ! 385: The first step will be to have the \man dish(1c) program ! 386: try to connect to one of the Level-0 DSAs in the pilot project: ! 387: \begin{quote}\small\begin{verbatim} ! 388: % dish -c "Alpaca" ! 389: Welcome to Dish (DIrectory SHell) ! 390: Dish -> ! 391: \end{verbatim}\end{quote} ! 392: indicates that you are able to connect. ! 393: You might now try some simple commands. ! 394: Figure~\ref{dish-simple} shows a small interaction. ! 395: Chapter~4 of \volfive/ describes \pgm{dish} in considerable detail. ! 396: \tagfigure[tp]{CNF-1}{A Small DISH Interaction}{dish-simple} ! 397: ! 398: \subsection {DUA Failure}\label{dua:failure} ! 399: There are a few reasons why the DUA might fail. ! 400: First verify that the ISODE is operating correctly ! 401: (see Section~\ref{isode:testing} on page~\pageref{isode:testing}.) ! 402: If the ISODE is working, ! 403: then here is the most common error encountered: ! 404: ! 405: If instead of the \verb"Dish ->" prompt, ! 406: you see: ! 407: \begin{quote}\small\begin{verbatim} ! 408: *** Service error : Unable to contact DSA *** ! 409: \end{verbatim}\end{quote} ! 410: then it is likely that there is some problem with the network, ! 411: or you have mistyped the name of the DSA. ! 412: If you see any other diagnostic, ! 413: contact a \camayoc/ for help. ! 414: ! 415: Otherwise, ! 416: first check the spelling of the name you are providing. ! 417: If this is correct, ! 418: then look at the file \file{dsaptailor} in the ISODE \verb"ETCDIR" directory ! 419: for the line which starts with: ! 420: \begin{quote}\small\begin{verbatim} ! 421: dsa_address "Alpaca" ! 422: \end{verbatim}\end{quote} ! 423: You will find an Internet address and TCP port number on the rest of ! 424: the line. ! 425: \begin{enumerate} ! 426: \item Use the \man ping(8c) utility to see if you can reach the IP address. ! 427: ! 428: \item If not, ! 429: then try contacting one of the other DSAs, ! 430: e.g., \verb"Fruit Bat", ! 431: listed in the \file{dsaptailor} file. ! 432: ! 433: Repeat this process until \pgm{dish} successfully contacts a DSA. ! 434: ! 435: \item If \pgm{ping} can reach the IP address, ! 436: then use \pgm{telnet} to try to connect to the TCP port. ! 437: ! 438: \item If you can connect, ! 439: immediately close the connection. ! 440: Something is drastically wrong since \pgm{telnet} can reach the TCP ! 441: address of the DSA, ! 442: but \pgm{dish} can't. ! 443: Contact a \camayoc/ for assistance. ! 444: ! 445: \item If \pgm{telnet} reports an error, ! 446: usually ! 447: \begin{quote}\small\begin{verbatim} ! 448: Connection refused ! 449: \end{verbatim}\end{quote} ! 450: then this indicates that the DSA isn't listening at that TCP ! 451: address. ! 452: Either it is temporarily unavailable or it has moved to a new ! 453: address. ! 454: In either event, ! 455: notify a \camayoc/ of the situation. ! 456: Then go back to Step~2 above. ! 457: \end{enumerate} ! 458: If you exhaust all DSAs listed in the \file{dsaptailor} file, ! 459: contact a \camayoc/ and give up. ! 460: ! 461: \section {An Important Note} ! 462: The configuration instructions contained herein are for sites in the United ! 463: States. ! 464: Depending on the policies of the administrators for other national DMDs, ! 465: these instructions may, or may not, be useful. ! 466: If your DSA is joining a DMD other than that of c=US, ! 467: then you should contact your national administrator to see what turn-key ! 468: procedures exist for joining your national DMD. ! 469: ! 470: Note that the \man dsaconfig(8) program can be used to configure Level-1 DSAs ! 471: residing outside of the c=US DMD. ! 472: At present, ! 473: the current list of supported countries is: ! 474: \[\begin{tabular}{l} ! 475: AU\\ DE\\ ES\\ FI\\ GB\\ IS\\ NO\\ SE ! 476: \end{tabular}\] ! 477: In most cases, ! 478: for the countries listed above, ! 479: you can simply follow the directions below substituting your country code for ! 480: any occurrence of \verb"c=US". ! 481: ! 482: In all cases, ! 483: for DSAs residing outside of the c=US DMD, ! 484: you should always contact your national administrator before proceeding. ! 485: ! 486: \section {Configuring your Level-1 DSA} ! 487: The steps towards configuring a Level-1 DSA are straight-forward. ! 488: For the text that follows, ! 489: any example that includes \verb"O_i" means that the name of your organization ! 490: should be substituted. ! 491: Similarly, ! 492: any occurrance of \verb"U_j" refers to the name of your organizational unit. ! 493: ! 494: \subsection {Choosing a DSA Name} ! 495: First, you must choose a name for your DSA. ! 496: It is a QUIPU convention that DSAs should be named after endangered ! 497: South American wildlife, ! 498: and that the entry for the DSA should contain a description of the animal ! 499: or plant in question. ! 500: Table~\ref{endangered-wildlife}, ! 501: taken from \volfive/ of the ISODE User's Manual, ! 502: contains a partial list of these species. ! 503: You might also want to consult IUCN's {\em Red Book\/} \cite{IUCN.Mammal}. ! 504: \tagtable[tp]{CNF-1}{Endangered South American Wildlife}{endangered-wildlife} ! 505: ! 506: For the purposes of the pilot project, ! 507: the name of each Level-1 DSA takes the form: ! 508: \begin{quote}\small\begin{verbatim} ! 509: c=US@cn=wildlife name ! 510: \end{verbatim}\end{quote} ! 511: So, go to Table~\ref{endangered-wildlife} and pick an unused name. ! 512: Alternately, ! 513: find a name which sounds plausible enough to fool a \camayoc/. ! 514: Prepend \verb"c=US@cn=", ! 515: and this is the Distinguished name of your Level-1 DSA. ! 516: ! 517: To find out what names are already taken, ! 518: do the following: ! 519: \begin{quote}\small\begin{verbatim} ! 520: % dish -c "Alpaca" ! 521: Welcome to Dish (DIrectory SHell) ! 522: Dish -> search @c=US -filter objectClass=dsa -nosizelimit ! 523: \end{verbatim}\end{quote} ! 524: This will print out the list of names already in use. ! 525: ! 526: Since some of the names in Table~\ref{endangered-wildlife} are long, ! 527: it is acceptable to use only part of the wildlife name as the common name ! 528: of your Level-1 DSA. ! 529: For example, ! 530: if the wildlife name is something like \verb"Southern Bearded Saki", ! 531: then it's probably okay to use \verb"Saki" as the name of the DSA, ! 532: e.g., \verb"c=US@cn=Saki". ! 533: ! 534: Now decide upon a ``sanitized'' name that will be used for the ! 535: \unix/ directory which will contain the database for your Level-1 DSA. ! 536: Using all lower case letters and substituting hyphens for spaces is a good ! 537: rule. ! 538: So, if the name of your DSA is \verb"c=US@cn=Spectacled Bear", ! 539: then \file{spectacled-bear/} or just \file{bear/} would be fine. ! 540: For the purpose of discussion, ! 541: let's call this directory \file{wildlife/}. ! 542: ! 543: The owner of the directory should be some maintenance account ! 544: (e.g., \verb"daemon") or \verb"root". ! 545: When the DSA executes, ! 546: it will set its user- and group-IDs based on the owner and group of this ! 547: directory. ! 548: ! 549: \subsection {Editing the DSA configuration file} ! 550: Go to the directory \file{quipu/} under ISODE's \verb"ETCDIR" directory: ! 551: \begin{quote}\small\begin{verbatim} ! 552: # cd $(ETCDIR)quipu/ ! 553: \end{verbatim}\end{quote} ! 554: Now copy the configuration tempate file, e.g., ! 555: \begin{quote}\small\begin{verbatim} ! 556: # cp wildlife.dsa spectacled-bear.dsa ! 557: # chmod 0600 spectacled-bear.dsa ! 558: \end{verbatim}\end{quote} ! 559: Now edit the new file to define the initial configuration for your Level-1 ! 560: DSA. ! 561: Figure~\ref{dsaconfig} shows an example DSA configuration file. ! 562: \tagfigure[tp]{CNF-2}{Example DSA configuration file}{dsaconfig} ! 563: ! 564: Note that when defining information such as \verb"streetaddress", \verb"telephone", ! 565: and \verb"description", you should use the values for your organization, ! 566: not for your own department. ! 567: If you like, ! 568: {\em after\/} your DSA is running, ! 569: you can edit \file{c=US/o=O\_i/EDB} to insert the corresponding ! 570: information for your own department. ! 571: ! 572: Note that if the name of your ganization is long than 30 characters, ! 573: then you will have to manually define a postal address in the configuration ! 574: file for \pgm{dsaconfig}. ! 575: The format is: ! 576: \begin{quote}\small\begin{verbatim} ! 577: postalAddress "item1 $ item2 $ ... $ itemN" ! 578: \end{verbatim}\end{quote} ! 579: where each item is less-than or equal-to 30~characters in length and there are ! 580: no more than six items. ! 581: ! 582: \subsection {Running the DSA configuration program} ! 583: Once the file is edited, ! 584: run the DSA configuration program, \man dsaconfig(8): ! 585: \begin{quote}\small\begin{verbatim} ! 586: # $(SBINDIR)dsaconfig wildlife ! 587: \end{verbatim}\end{quote} ! 588: e.g., ! 589: \begin{quote}\small\begin{verbatim} ! 590: # $(SBINDIR)dsaconfig spectacled-bear ! 591: \end{verbatim}\end{quote} ! 592: This will create the database directory and all requisite files. ! 593: Finally, ! 594: it will set the owner and group of the files appropriately. ! 595: ! 596: It is necessary to explain a little bit about what \pgm{dsaconfig} does. ! 597: Way back in Section~\ref{edb:format} on page~\pageref{edb:format}, ! 598: the ``EDB format'' of the database was described. ! 599: All that is now missing is an explanation how different nodes in the Directory ! 600: tree are structured. ! 601: This is done using the \unix/ directory hierarchy. ! 602: ! 603: Starting at the ROOT, ! 604: at every level in the Directory tree for which your Level-1 DSA holds data, ! 605: there is a single file called \file{EDB}. ! 606: If an entry defined in an \file{EDB} file has children, ! 607: the \file{EDB} file for the children will be found in a subdirectory ! 608: whose name is the string encoded Relative Distinguished Name (RDN) of ! 609: the entry. ! 610: ! 611: For example, ! 612: if a \file{EDB} file has an entry whose RDN is \verb"o=Computer Science", ! 613: and if the entry has children, ! 614: and if your Level-1 DSA stores this information locally, ! 615: then the information can be found in the file \file{o=Computer Science/EDB} ! 616: relative to the current directory. ! 617: Note that: ! 618: \begin{itemize} ! 619: \item QUIPU is case sensitive when it looks for the subordinate \file{EDB} ! 620: file~---~the case of the attribute type ! 621: (e.g., \verb"o") is taken from the file \file{oidtable.at} in the ! 622: ISODE \verb"ETCDIR" directory, ! 623: whilst the case of the attribute value is taken from the superior ! 624: \file{EDB} file; ! 625: and, ! 626: ! 627: \item blanks are {\em actually\/} present in the sub-directory name.% ! 628: \footnote{An interesting example of the maxim {\em can implies shall\/}~---~because ! 629: the Berkeley \unix/ file system {\em can\/} let us have long directory names ! 630: with embedded spaces, we {\em shall\/} make use of that feature.} ! 631: \end{itemize} ! 632: Thus, for a Level-1 DSA, the initial database hierarchy looks like: ! 633: \begin{quote}\begin{tabular}{l} ! 634: \file{EDB}\\ ! 635: \file{c=US/EDB}\\ ! 636: \file{c=US/o=O\_i/EDB}\\ ! 637: \file{c=US/o=O\_i/ou=U\_j/EDB}\\ ! 638: \end{tabular}\end{quote} ! 639: So, ! 640: \pgm{dsaconfig} built these files for you. ! 641: ! 642: \subsection {Testing the stand-alone DSA} ! 643: The first thing to do is to start the DSA interactively so as to see ! 644: that it can successfully load its local EDB files. ! 645: So your Level-1 DSA is started thusly: ! 646: \begin{quote}\small\begin{verbatim} ! 647: # cd wildlife/ ! 648: # $(SBINDIR)ros.quipu -t ./quiputailor & ! 649: \end{verbatim}\end{quote} ! 650: If your DSA is configured properly, ! 651: it will print out something like: ! 652: \begin{quote}\smaller\begin{verbatim} ! 653: DSA wildlife has started on '0101'H/Internet=130.117.128.3+17003 ! 654: \end{verbatim}\end{quote} ! 655: ! 656: \subsection {DSA Failure}\label{dsa:failure} ! 657: Instead, ! 658: if the DSA prints out something like: ! 659: \begin{quote}\smaller\begin{verbatim} ! 660: FATAL ERROR: <<reason>> ! 661: \end{verbatim}\end{quote} ! 662: then something has gone wrong. ! 663: ! 664: There are a few reasons why the DSA might fail. ! 665: First verify that the ISODE is operating correctly ! 666: (see Section~\ref{isode:testing} on page~\pageref{isode:testing}.) ! 667: Next, verify that the DUA is operating correctly ! 668: (see Section~\ref{dua:configure} on page~\pageref{dua:configure}.) ! 669: ! 670: There are generally three causes of failure: ! 671: \begin{itemize} ! 672: \item there is an attribute-related schema problem; ! 673: ! 674: \item there is a structure-related schema problem; ! 675: or, ! 676: ! 677: \item something else is running at the OSI presentation address of the DSA. ! 678: \end{itemize} ! 679: Since you are using files which have been automatically generated, ! 680: the first two errors are unlikely. ! 681: However, ! 682: they might occur due to spelling errors or catastrophic editing ! 683: on your part. ! 684: In order to diagnose the problem, ! 685: you will need to look at the tail of the file \file{dsap.log} in the ! 686: \file{wildlife/} directory. ! 687: ! 688: \subsubsection {Attribute Errors} ! 689: If you misspell the name of an attribute, ! 690: then the diagnostic will look something like this: ! 691: \begin{quote}\small\begin{verbatim} ! 692: line 14: unknown attribute type '<<bad-name>>' ! 693: File ...wildlife/c=US/o=O_i/EDB not loaded ! 694: \end{verbatim}\end{quote} ! 695: Alternately, ! 696: if you specify an illegal attribute for an object ! 697: (a violation of the object's schema), ! 698: then the diagnostic will look something like this: ! 699: \begin{quote}\small\begin{verbatim} ! 700: attribute '<<illegal-name>>' not allowed in the specified objectclass ! 701: Schema error in entry ending line 17... ! 702: File ...wildlife/c=US/o=O_i/EDB not loaded ! 703: \end{verbatim}\end{quote} ! 704: Conversely, ! 705: if you leave out an attribute which is required by an object: ! 706: \begin{quote}\small\begin{verbatim} ! 707: 'Must' attribute missing '<<mandatory-name>>' ! 708: Schema error in entry ending line 16... ! 709: File ...wildlife/c=US/o=O_i/EDB not loaded ! 710: \end{verbatim}\end{quote} ! 711: ! 712: \subsubsection {Structure Errors} ! 713: If a subordinate object belongs to a class which is not permitted by ! 714: the schema of its immediate parent ! 715: (as determined by the parent's \verb"treeStructure" attribute), ! 716: then the diagnostic looks something like this: ! 717: \begin{quote}\small\begin{verbatim} ! 718: Specified object class is not in the tree structure (schema) list ! 719: Schema error in entry ending line 16... ! 720: File ...wildlife/c=US/o=O_i/EDB not loaded ! 721: \end{verbatim}\end{quote} ! 722: Note that this means you have to look in the file \file{wildlife/c=US/EDB} ! 723: to find the \verb"treeStructure" attribute of the parent entry ! 724: and then compare that to the \verb"objectClass" attribute of the entry ! 725: in error. ! 726: ! 727: \subsubsection {Network Errors} ! 728: If the local EDB files are consistent, ! 729: but another process is already listening on the IP address and TCP ! 730: port for the DSA, ! 731: then your DSA will print: ! 732: \begin{quote}\small\begin{verbatim} ! 733: TNetListen: [Congestion at TSAP] start_tcp_server failed: ! 734: Address already in use ! 735: Address: '0101'H/Internet=130.117.128.3+17003 ! 736: ! 737: FATAL ERROR: Couldn't start the DSA!! ! 738: \end{verbatim}\end{quote} ! 739: Perhaps another copy of this DSA is already running ! 740: or the TCP port in the entry for the DSA ! 741: (found in the file \file{wildlife/c=US/EDB/}) ! 742: is wrong. ! 743: It is also possible that an early invocation of the DSA was ungracefully ! 744: terminated and left the TCP port in a \verb"FIN_WAIT_x" state. ! 745: Use the \pgm{netstat} program to find out. ! 746: If so, ! 747: reboot \unix/. ! 748: ! 749: Alternately, you might see: ! 750: \begin{quote}\small\begin{verbatim} ! 751: TNetListen: [Congestion at TSAP] start_tcp_server failed: ! 752: Can't assign requested address ! 753: Address: '0101'H/Internet=130.117.128.3+17003 ! 754: ! 755: FATAL ERROR: Couldn't start the DSA!! ! 756: \end{verbatim}\end{quote} ! 757: This indicates that you mis-identified the IP address of your Level-1 DSA in ! 758: your \pgm{dsaconfig} configuration file. ! 759: ! 760: \subsection {Editing the DUA tailoring file} ! 761: The file \file{dsaptailor} in the ISODE \verb"ETCDIR" directory contains ! 762: run-time tailoring information for the DUAs provided by the pilot software. ! 763: You will need to be the super-user to edit this file. ! 764: ! 765: You should now edit the \file{dsaptailor} file so that your DUAs ! 766: will contact that DSA by default. ! 767: This is done by looking for these two lines in the \file{dsaptailor} file: ! 768: \begin{quote}\smaller\begin{verbatim} ! 769: # the level-1 DSA ! 770: #dsa_address "wildlife name" '0101'H/Internet=aaa.bbb.ccc.ddd+port ! 771: \end{verbatim}\end{quote} ! 772: and then removing the \verb"`#'"-sign at the beginning of the second line. ! 773: ! 774: Next, ! 775: you should also have your DUAs start, by default, in your portion of the ! 776: Directory tree. ! 777: This is done by looking for these two lines in the \file{dsaptailor} file: ! 778: \begin{quote}\small\begin{verbatim} ! 779: local_DIT "c=US" ! 780: #local_DIT "c=US@O_i" ! 781: \end{verbatim}\end{quote} ! 782: and then adding a \verb"`#'"-sign at the beginning of the first line, ! 783: and removing the \verb"`#'"-sign at the beginning of the second line. ! 784: ! 785: Section~12.2 of \volfive/ discusses the options available for run-time ! 786: tailoring. ! 787: Typically, ! 788: you will have no need of further editing this file. ! 789: ! 790: Now run the \man dish(1c) program again, ! 791: telling it to connect to your Level-1 DSA. ! 792: \begin{quote}\small\begin{verbatim} ! 793: % dish -c "wildlife name" ! 794: Welcome to Dish (DIrectory SHell) ! 795: Dish -> ! 796: \end{verbatim}\end{quote} ! 797: indicates that the DUA connected to your Level-1 DSA. ! 798: Otherwise consult Section~\ref{dua:failure} on ! 799: page~\pageref{dua:failure} and try to debug the problem. ! 800: ! 801: Now look around the Directory tree using \pgm{dish}: ! 802: \begin{quote}\small\begin{verbatim} ! 803: Dish -> list ! 804: \end{verbatim}\end{quote} ! 805: A good test to run is to try and bind to your own entry, ! 806: but to do so by dereferencing the alias for the Manager of your DMD: ! 807: \begin{quote}\small\begin{verbatim} ! 808: Dish -> bind -user "@c=US@o=O_i@cn=Manager" ! 809: Enter password for "@c=US@o=O_i@cn=Manager": ! 810: Dish -> ! 811: \end{verbatim}\end{quote} ! 812: Indicates that you are now bound to the directory as that DN. ! 813: Instead, if you see: ! 814: \begin{quote}\small\begin{verbatim} ! 815: Dish -> bind -user "@c=US@o=O_i@cn=Manager" ! 816: Enter password for "@c=US@o=O_i@cn=Manager": ! 817: Security Error - check name and password ! 818: \end{verbatim}\end{quote} ! 819: then either you may have entered the DN or password wrong. ! 820: Try again. ! 821: If not, ! 822: or if you encounter some other problem, ! 823: contact a \camayoc/ for assistance. ! 824: ! 825: \subsection {Joining the Pilot DMD} ! 826: Once your DUA is configured to use your Level-1 DSA and your Level-1 DSA ! 827: appears to be functioning properly in stand-alone mode, ! 828: it is time for it to join the Pilot DMD. ! 829: ! 830: First, ! 831: backup your EDB files: ! 832: \begin{quote}\small\begin{verbatim} ! 833: # cp EDB EDB.stand-alone ! 834: # cp c=US/EDB c=US/EDB.stand-alone ! 835: \end{verbatim}\end{quote} ! 836: ! 837: \subsubsection {Contact the c=US Manager} ! 838: Next, ! 839: contact the Manager of the \verb"c=US" portion of the DMD. ! 840: Use the \pgm{dish} program to get the necessary contact information, e.g., ! 841: \begin{quote}\small\begin{verbatim} ! 842: % dish -c "Alpaca" ! 843: Welcome to Dish (DIrectory SHell) ! 844: Dish -> show @c=US@cn=Manager -fred ! 845: \end{verbatim}\end{quote} ! 846: If this fails, ! 847: contact a \camayoc/ for assistance. ! 848: Otherwise, e-mail the file \file{c=US/EDB} along with your phone number to the ! 849: Manager and await a phone call or message in return. ! 850: Leave your DSA running until you hear from the Manager. ! 851: ! 852: The Manager will enter these into the MASTER \verb"c=US" EDB and then ! 853: try to connect to your DSA to test it out. ! 854: The Manager will also give you a ``time slot'' when your \file{nightly.sh} ! 855: script should run. ! 856: (This is a feeble attempt to prevent multiple systems from ! 857: mailing statistical information simultaneously each night.) ! 858: ! 859: If everything looks fine, ! 860: the Manager will direct you to proceed. ! 861: ! 862: \subsubsection {Connecting In and Checking Out} ! 863: Restart your DSA and use \pgm{dish} to bind as the manager. ! 864: Next, ! 865: direct the DSA to update its slave EDBs: ! 866: \begin{quote}\small\begin{verbatim} ! 867: % dish -user "@c=US@o=O_i@cn=Manager" ! 868: Welcome to Dish (DIrectory SHell) ! 869: Enter password for "@c=US@o=O_i@cn=Manager": ! 870: Dish -> dsacontrol -slave ! 871: Scheduled ! 872: Dish -> quit ! 873: \end{verbatim}\end{quote} ! 874: The \verb"Scheduled" message means that the EDB updates have been scheduled ! 875: for execution. ! 876: The DSA will actually perform these in the background, ! 877: so it may be a few minutes (or longer, depending on DSA/network availability) ! 878: before the EDBs are updated. ! 879: ! 880: To verify that your Level-1 DSA is updating its ROOT and \verb"c=US" EDB ! 881: files, ! 882: look for the files \file{EDB.bak} and \file{c=US/EDB.bak} ! 883: in the \file{quipu/wildlife/} directory. ! 884: If present, ! 885: these indicate that your Level-1 DSA was able to successfully update the EDBs. ! 886: If not, ! 887: look at the \file{dsap.log} log file and contact a \camayoc/ for ! 888: assistance. ! 889: ! 890: Finally, ! 891: check that the global Directory tree knows about your DSA ! 892: (the \verb"c=US" Manager verified this, but you should check anyway). ! 893: Use the \pgm{dish} but connect to a Level-0 DSA: ! 894: \begin{quote}\small\begin{verbatim} ! 895: % dish -c "Alpaca" ! 896: Welcome to Dish (DIrectory SHell) ! 897: Dish -> moveto "@c=US@o=O_i" ! 898: Dish -> list ! 899: ... ! 900: Dish -> list "ou=U_j" ! 901: ... ! 902: \end{verbatim}\end{quote} ! 903: If this succeeds, the Level-0 DSAs know how to talk to your Level-1 DSA. ! 904: ! 905: The other Level-1 DSAs won't know about your organization and Level-1 DSA ! 906: for another day or so. ! 907: (The Manager of the \verb"c=US" may cause a few Level-1 DSAs to immediately ! 908: reload the \verb"c=US" in order to facilitate things.) ! 909: ! 910: \subsubsection {More System Administration} ! 911: Once everything checks out, ! 912: its time to restart the DSA in the background. ! 913: First, edit the \file{quiputailor} file for your DSA by changing the ! 914: line ! 915: \begin{quote}\small\begin{verbatim} ! 916: update off ! 917: \end{verbatim}\end{quote} ! 918: to ! 919: \begin{quote}\small\begin{verbatim} ! 920: update on ! 921: \end{verbatim}\end{quote} ! 922: This tells your DSA to automatically update its SLAVE EDB files on a regular ! 923: basis. ! 924: ! 925: Next, use \pgm{dish} to abort the DSA: ! 926: \begin{quote}\small\begin{verbatim} ! 927: % dish -user "@c=US@o=O_i@cn=Manager" ! 928: Welcome to Dish (DIrectory SHell) ! 929: Enter password for "@c=US@o=O_i@cn=Manager": ! 930: Dish -> dsacontrol -abort ! 931: *** Problem with DSA *** ! 932: Dish -> quit ! 933: \end{verbatim}\end{quote} ! 934: Now run the \file{startup.sh} script: ! 935: \begin{quote}\small\begin{verbatim} ! 936: % $(ETCDIR)quipu/wildlife/startup.sh ! 937: \end{verbatim}\end{quote} ! 938: Take a look at the log files it creates and once you're satisfied ! 939: that it is operational, ! 940: use \pgm{dish} one last time before considering things up and running. ! 941: ! 942: Finally, ! 943: it's time for the last bit of system administration: ! 944: \begin{enumerate} ! 945: \item Add an entry to the file \file{/etc/rc.local}: ! 946: \begin{quote}\smaller\begin{verbatim} ! 947: if [ -d $(ETCDIR)quipu/wildlife ]; then ! 948: $(ETCDIR)quipu/wildlife/startup.sh & \ ! 949: (echo -n ' wildlife') > /dev/console ! 950: fi ! 951: \end{verbatim}\end{quote} ! 952: in the section where the network servers are started. ! 953: If your \file{rc.local} file starts \man tsapd(8c), ! 954: then place this entry after the one which starts \pgm{tsapd}. ! 955: ! 956: The next time your system reboots, ! 957: check to make sure that your DSA started. ! 958: On {\em some\/} systems running Sun's ``Yellow Pages'', ! 959: it has been observed that YP prevents the \pgm{ros.quipu} from starting. ! 960: No cause or cure is known for this. ! 961: The problem just seems to ``go away'' after a while. ! 962: ! 963: \item Based on the time that the \verb"c=US" manager gave you, ! 964: modify the \file{crontab} file according; e.g., ! 965: \begin{quote}\small\begin{verbatim} ! 966: 0 4 * * * $(ETCDIR)quipu/wildlife/nightly.sh ! 967: \end{verbatim}\end{quote} ! 968: If the directory database for the Level-1 DSA is owned by a user-ID other ! 969: than \verb"root" (e.g., \verb"daemon"), ! 970: then instead the line should look something like this: ! 971: \begin{quote}\smaller\begin{verbatim} ! 972: 0 4 * * * su daemon -c "/bin/sh $(ETCDIR)quipu/wildlife/nightly.sh" ! 973: \end{verbatim}\end{quote} ! 974: or perhaps ! 975: this ! 976: \begin{quote}\small\begin{verbatim} ! 977: 0 4 * * * su daemon -c "sh $(ETCDIR)quipu/wildlife/nightly.sh" ! 978: \end{verbatim}\end{quote} ! 979: Be sure that the ownership of the \file{nightly.sh} file matches that of the ! 980: userid that will be running under cron. ! 981: Verify that the user's shell, paths, and so on, are all correct as well. ! 982: \end{enumerate} ! 983: ! 984: Congratulations! ! 985: Your Level-1 DSA has now joined the pilot DMD. ! 986: Further, ! 987: the Manager of \verb"c=US" has elevated you to the role of ! 988: junior \camayoc/ by adding your electronic mail address to the ! 989: \verb"wpp-camayocs" mailing list. ! 990: Each \camayoc/ is expected to share experiences with others so as to ! 991: expand and advance understanding of running a white pages service using the ! 992: OSI Directory. ! 993: ! 994: \section {Configuring the White Pages} ! 995: The very last step you need do is to configure the white pages service which ! 996: resides on top of the OSI Directory. ! 997: ! 998: You should now determine if a substantive portion of your user community does ! 999: not have easy access to a machine running the pilot project software. ! 1000: If this is the case, ! 1001: then you will probably want to make the white pages service available via the ! 1002: network (either via TELNET or by emulating WHOIS) or via electronic mail. ! 1003: ! 1004: \subsection {White Pages via TELNET} ! 1005: Choose a machine in your local environment which is running the pilot project ! 1006: software. ! 1007: This machine will offer the white pages service via TELNET. ! 1008: ! 1009: On this machine, ! 1010: add a line to the \file{/etc/passwd} file for a user called \verb"fred" ! 1011: \begin{quote}\smaller\begin{verbatim} ! 1012: fred::30:30:Anonyous White Pages User:/:$(SBINDIR)fredsh ! 1013: \end{verbatim}\end{quote} ! 1014: where group-id \verb"30" is the \verb"guest". ! 1015: ! 1016: \subsubsection {Fred-only hosts} ! 1017: After bringing up the software for both the Directory and the White Pages, ! 1018: you might wish to copy the executables to other machines, ! 1019: just to make \pgm{fred} available. ! 1020: To do this, you need the following files: ! 1021: \begin{itemize} ! 1022: \item In the ISODE \verb"BINDIR" directory: ! 1023: \begin{quote}\begin{tabular}{l} ! 1024: \pgm{dish}\\ ! 1025: \pgm{editentry}\\ ! 1026: \pgm{fred} ! 1027: \end{tabular}\end{quote} ! 1028: ! 1029: \item In the ISODE \verb"SBINDIR" directory: ! 1030: \begin{quote}\begin{tabular}{l} ! 1031: \file{fredrc}\\ ! 1032: \file{dsaptailor}\\ ! 1033: \file{oidtable.*}\\ ! 1034: \file{isobjects}\\ ! 1035: \file{isologs}\\ ! 1036: \file{isomacros}\\ ! 1037: \file{isotailor} ! 1038: \end{tabular}\end{quote} ! 1039: Note that the \file{isotailor} file need not be present, ! 1040: depending on the dynamic changes to your system configuration. ! 1041: ! 1042: \item In the ISODE \verb"SBINDIR" directory: ! 1043: \begin{quote}\begin{tabular}{l} ! 1044: \pgm{fredsh}\\ ! 1045: \pgm{in.whitepages} ! 1046: \end{tabular}\end{quote} ! 1047: Note that you need \pgm{in.whitepages} only if you plan on using this host to ! 1048: offer the white pages via WHOIS emulation. ! 1049: \end{itemize} ! 1050: ! 1051: \subsection {White Pages via WHOIS}\label{wp:whois} ! 1052: Choose a machine in your local environment which is running the pilot project ! 1053: software. ! 1054: This machine will offer the white pages service via a network port offering an ! 1055: emulation of the WHOIS service. ! 1056: ! 1057: On this machine, ! 1058: edit the file \file{/etc/services} so that it has an entry like this: ! 1059: \begin{quote}\small\begin{verbatim} ! 1060: whitepages 17005/tcp ! 1061: \end{verbatim}\end{quote} ! 1062: ! 1063: Next, ! 1064: edit the file \file{/etc/servers} so that it has an entry like this: ! 1065: \begin{quote}\small\begin{verbatim} ! 1066: whitepages tcp $(SBINDIR)in.whitepages ! 1067: \end{verbatim}\end{quote} ! 1068: Because most user interfaces to WHOIS, ! 1069: e.g., \man whois(1c), ! 1070: do not allow the user to specify a special port, ! 1071: you should probably also add this line as well: ! 1072: \begin{quote}\small\begin{verbatim} ! 1073: whois tcp $(SBINDIR)in.whitepages ! 1074: \end{verbatim}\end{quote} ! 1075: If you already have a line for \verb"whois" in the \file{servers} file, ! 1076: then you are already running a WHOIS service, ! 1077: and you should {\bf not\/} add a second \verb"whois" line. ! 1078: This machine is not a good choice for running the white pages via WHOIS ! 1079: emulation. ! 1080: ! 1081: Note that on newer systems derived from Berkeley \unix/, ! 1082: \file{/etc/servers} is called \file{/etc/inetd.conf}. ! 1083: ! 1084: \subsubsection {The whitepages Command} ! 1085: On those systems which are to access the white pages via the network and not ! 1086: locally ! 1087: (i.e., those systems which are not running the pilot project software), ! 1088: you should determine how a user invokes the WHOIS service via the network. ! 1089: For \unix/ systems, ! 1090: you should provide a shell script like this: ! 1091: \begin{quote}\small\begin{verbatim} ! 1092: : run this script through /bin/sh ! 1093: ! 1094: exec /usr/ucb/whois -h wp.psi.com "$*" ! 1095: \end{verbatim}\end{quote} ! 1096: where the name of a host running the pilot project software is substituted for ! 1097: \verb"whitepages", e.g., \verb"wp.psi.com". ! 1098: This host must have the files \file{/etc/services} and \file{/etc/servers} ! 1099: edited as described above. ! 1100: ! 1101: \subsection {White Pages via mail}\label{wp:mail} ! 1102: In addition, ! 1103: you might want to make the whitepages available via electronic mail. ! 1104: To do this, ! 1105: choose a machine in your local environment which is running the pilot project ! 1106: software. ! 1107: ! 1108: On this machine, ! 1109: edit the file \file{/usr/lib/aliases} so that it has an entry like this: ! 1110: \begin{quote}\small\begin{verbatim} ! 1111: whitepages: "|/usr/local/bin/fred -m" ! 1112: \end{verbatim}\end{quote} ! 1113: After editing the \file{aliases} file, ! 1114: you will need to run the \pgm{newaliases} command as the super-user: ! 1115: \begin{quote}\small\begin{verbatim} ! 1116: # newaliases ! 1117: \end{verbatim}\end{quote} ! 1118: Also make sure that the \file{sendmail.cf} file lists \pgm{sh} and not ! 1119: \pgm{csh} as the \verb"prog" mailer. ! 1120: ! 1121: Once these changes are in place, ! 1122: Whenever someone sends to the address \verb"whitepages" on this machine, ! 1123: the subject line or body of the message will be interrogated for WHOIS-like ! 1124: commands and the appropriate reply generated. ! 1125: ! 1126: Note that on systems not running \man sendmail(8c), ! 1127: a similar procedure is followed. ! 1128: However, ! 1129: it's up to you to figure out how to define aliases that run commands on ! 1130: receipt of mail. ! 1131: ! 1132: You should tell the local PostMaster about the white pages service. ! 1133: In this fashion, ! 1134: when the PostMaster get queries from other sites, ! 1135: they can the sender of the message ! 1136: (and the Postmaster at the sender's site) ! 1137: about the service. ! 1138: ! 1139: \subsection {An Undocumented Feature} ! 1140: In some environments, ! 1141: in which the IP-address of a host is reasonably trustworthy, ! 1142: it may be desirable to have an automatic means of mapping an IP-address into a ! 1143: Distinguished Name. ! 1144: \pgm{fred} provides such a mechanism under the following conditions: ! 1145: \begin{enumerate} ! 1146: \item Create a file called \file{fredmap} in the ISODE \verb"ETCDIR" ! 1147: directory. ! 1148: ! 1149: The syntax of this file is a series of entries, one to a line. ! 1150: Each line contains: ! 1151: \begin{itemize} ! 1152: \item a IP-address mask ! 1153: (in the familiar ``dot'' notation, e.g., \verb"255.255.255.0"); ! 1154: ! 1155: \item a IP-network address ! 1156: (in the familiar ``dot'' notation, e.g., \verb"192.52.180"); ! 1157: ! 1158: \item a Distinguished Name ! 1159: (e.g., \verb|"c=US@o=DMD@cn=anon"|); ! 1160: and, ! 1161: ! 1162: \item the password to use when binding to that DN ! 1163: (e.g, \verb|"secret"|). ! 1164: \end{itemize} ! 1165: Blanks and/or tab characters are used to separate items. ! 1166: However, double-quotes may be used to prevent separation for items containing ! 1167: embedded whitspace. ! 1168: The sharp character (`\verb"#"') at the beginning of a line indicates a ! 1169: commentary line. ! 1170: ! 1171: This file should be mode \verb"0640", owned by user \verb"root" and ! 1172: some previously unused group, e.g., \verb"wp". ! 1173: ! 1174: \item After installing \pgm{fred} with the ! 1175: \begin{quote}\small\begin{verbatim} ! 1176: # (cd others/quipu; ./make inst-pilot) ! 1177: \end{verbatim}\end{quote} ! 1178: command ! 1179: (this was done way back in Section~\ref{isode:install} on ! 1180: page~\pageref{isode:install}), ! 1181: make the group of the binary the same as the \file{fredmap} file, ! 1182: and change the mode to \verb"02755". ! 1183: ! 1184: \item When a local user invokes \pgm{fred} ! 1185: \pgm{fred} looks-up the local IP-address, ! 1186: reads the \file{fredmap} file looking for the first entry satisfying: ! 1187: $$\mbox{(local IP-address)} \land \mbox{(IP-address mask)}\ \equiv\ ! 1188: \mbox{(IP-network address)}$$ ! 1189: Upon finding such an entry, ! 1190: \pgm{fred} will bind to the Directory using the DN and password for that entry. ! 1191: ! 1192: \item When \pgm{fred} is accessed via the network ! 1193: (e.g., with the \verb"in.whitepages" mechanism described in ! 1194: Section~\ref{wp:whois} on page~\pageref{wp:whois}), ! 1195: \pgm{fred} will automatically read the \file{fredmap} file, ! 1196: looking for the first entry satisfying: ! 1197: $$\mbox{(remote IP-address)} \land \mbox{(IP-address mask)}\ \equiv\ ! 1198: \mbox{(IP-network address)}$$ ! 1199: Upon finding such an entry, ! 1200: \pgm{fred} will bind to the Directory using the DN and password for that entry. ! 1201: \end{enumerate} ! 1202: Of course, ! 1203: the ordering of entries in the \file{fredmap} file is important! ! 1204: It is suggested that the file begin with host-specific entries ! 1205: (those with an IP-address mask of \verb"255.255.255.255"), ! 1206: and then entries follow in decreasing order by the number of bits on in the ! 1207: IP-address mask. ! 1208: ! 1209: Although use of a ``default'' entry, ! 1210: one which will match any IP-address, ! 1211: is strongly discouraged, ! 1212: it is possible to define such an entry. ! 1213: This should be the very last entry in the \file{fredmap} file. ! 1214: The format of this entry is simply: ! 1215: \begin{quote}\small\begin{verbatim} ! 1216: 0.0.0.0 0.0.0.0 "some DN" "some password" ! 1217: \end{verbatim}\end{quote} ! 1218: ! 1219: It should be noted that this scheme provides a convenient mechanism for ! 1220: allowing ``local'' users to automatically be authorized as specific entries in ! 1221: the local DMD. ! 1222: By doing so, ! 1223: this eases the administrative burden of assigning passwords to users in an ! 1224: environment which contains read-only but, nonetheless, sensistive information. ! 1225: The information is protected via access control, ! 1226: e.g., ! 1227: \begin{quote}\smaller\begin{verbatim} ! 1228: acl= prefix # c=US@o=DMD # read # attributes # <attribute-list> ! 1229: acl= self # write # attributes # <attribute-list> ! 1230: acl= others # none # attributes # <attribute-list> ! 1231: \end{verbatim}\end{quote} ! 1232: Note that for a writeable environment, ! 1233: whilst the access control scheme is still used, ! 1234: this simplification of locally anonymous DNs usually can not be made. ! 1235: ! 1236: Note that under the current QUIPU access scheme, ! 1237: the access control list above will prevent any user, ! 1238: regardless of the DN they are bound as (including local users), ! 1239: from searching on the values of the attributes named in ! 1240: \verb"<attribute-list>". ! 1241: As such, a less restrictive set of rules might be: ! 1242: \begin{quote}\smaller\begin{verbatim} ! 1243: acl= prefix # c=US@o=DMD # read # attributes # <attribute-list> ! 1244: acl= self # write # attributes # <attribute-list> ! 1245: acl= others # compare # attributes # <attribute-list> ! 1246: \end{verbatim}\end{quote} ! 1247: which will enable searching for all users. ! 1248: However, ! 1249: it will also allow any user to compare specific values against the attributes ! 1250: named in \verb"<attribute-list>". ! 1251: ! 1252: Of course, ! 1253: this simplification is severely limited in that it works only for ! 1254: IP-addresses, and further assumes that such addresses are trustworthy. ! 1255: The trustworthiness depends entire upon the network environment in which ! 1256: \pgm{fred} runs. ! 1257: For example, ! 1258: since IP-addresses can be readily forged, ! 1259: one might rely on routers on the edge of the local environment to simply drop ! 1260: IP datagrams with local source IP-addresses that originate from the outside ! 1261: world. ! 1262: In this case, ! 1263: entries in the \file{fredmap} file containing local IP-addresses can be ! 1264: thought to be ``reasonably'' secure against outside attack. ! 1265: Of course, ! 1266: nothing prevents a local host from forging a local IP-address. ! 1267: If the trust policy is simply to distinguish between local and non-local ! 1268: users, ! 1269: then the \file{fredmap} mechanism is adequite. ! 1270: ! 1271: Given all of these concerns, ! 1272: this ``undocumented feature'' is a useful, albeit non-OSI, local mechanism. ! 1273: ! 1274: \section {Other Services} ! 1275: There are some additional programs that you might wish to install for your ! 1276: user community. ! 1277: ! 1278: \subsection {Faces} ! 1279: When \pgm{fred} and \pgm{dish} display the entry for someone, ! 1280: they check to see if there is a photograph associated with the user. ! 1281: This is stored in facsimile format in the \verb"photo" attribute for the entry. ! 1282: If a photograph is present, ! 1283: then the \file{dsaptailor} file is consulted for directives ! 1284: indicating how the picture should be displayed. ! 1285: The most common entry is: ! 1286: \begin{quote}\small\begin{verbatim} ! 1287: photo xterm Xphoto ! 1288: \end{verbatim}\end{quote} ! 1289: which says that if the user's terminal type is \verb"xterm" then the program ! 1290: \pgm{Xphoto} should be run. ! 1291: ! 1292: Although there are many different programs that can be used to display a ! 1293: photograph, ! 1294: only the \pgm{XPhoto} is supported by the sponsors of the pilot. ! 1295: ! 1296: \subsubsection {XPhoto} ! 1297: To generate the \pgm{XPhoto} program, ! 1298: run the following command: ! 1299: \begin{quote}\small\begin{verbatim} ! 1300: % (cd others/quipu/photo; ./make all XPhoto) ! 1301: \end{verbatim}\end{quote} ! 1302: To install the program, ! 1303: become the super-user and do: ! 1304: \begin{quote}\small\begin{verbatim} ! 1305: # (cd others/quipu/photo; ./make inst-all) ! 1306: \end{verbatim}\end{quote} ! 1307: Next, ! 1308: add this line at the end of the \file{dsaptailor} file: ! 1309: \begin{quote}\small\begin{verbatim} ! 1310: photo xterm Xphoto ! 1311: \end{verbatim}\end{quote} ! 1312: ! 1313: \subsubsection {xwho and xface} ! 1314: There are two other programs which consult the Directory for people's faces. ! 1315: These are \pgm{xwho}, who for X windows; ! 1316: and, ! 1317: \pgm{xface}, face agent for X windows. ! 1318: ! 1319: To generate these programs, ! 1320: first generate \pgm{Xphoto} as described above. ! 1321: next: ! 1322: \begin{quote}\small\begin{verbatim} ! 1323: % (cd others/image; ./make all) ! 1324: \end{verbatim}\end{quote} ! 1325: To install the program, ! 1326: become the super-user and do: ! 1327: \begin{quote}\small\begin{verbatim} ! 1328: # (cd others/image; ./make inst-all) ! 1329: \end{verbatim}\end{quote} ! 1330: ! 1331: The \pgm{xwho} program is free-standing, ! 1332: but requires that the local system run the \man rwhod(8c) daemon. ! 1333: ! 1334: The \pgm{xface} program runs, for each user, in the background. ! 1335: When a mail reading program displays a message, ! 1336: it sends a wake-up call to \pgm{xface} which must then try to find the picture ! 1337: associated with the sender of the message. ! 1338: ! 1339: At present, ! 1340: only one mail reading system has been modified to communicate with ! 1341: \pgm{xface}, ! 1342: the \MH/ system. ! 1343: The file \file{others/image/mhlsbr.c} is a replacement for the ! 1344: \file{uip/mhlsbr.c} in the \MH/ distribution. ! 1345: Once \MH/ has been modified, ! 1346: the manual entry for \man xface(1c) describes how the user tells \MH/ to ! 1347: display faces. ! 1348: ! 1349: Finally, ! 1350: the file \pgm{others/image/READ-ME} describes how images may be collected and ! 1351: placed in the Directory. ! 1352: ! 1353: \subsection {Mail Composition} ! 1354: In addition to using the Directory when messages are being displayed, ! 1355: the White Pages may also be consulted when a message is being composed. ! 1356: ! 1357: At present, ! 1358: only one mail composition system has been modified to use the White Pages, ! 1359: the \MH/ system. ! 1360: ! 1361: The file \file{others/quipu/uips/fred/MH-patches} contains a patch set to \MH/ ! 1362: to use this facility along with instructions for apply the patch set. ! 1363: ! 1364: Once installed, ! 1365: users can specify a name by bracketing a White Pages query between ! 1366: ``\verb"<<"'' and ``\verb">>"'' using the \verb"whois" syntax of the \pgm{fred} ! 1367: command, e.g., ! 1368: \begin{quote}\small\begin{verbatim} ! 1369: To: << rose -org psi >> ! 1370: \end{verbatim}\end{quote} ! 1371: At the \whatnow/ prompt, the user can say \verb"whom" to have the names ! 1372: expanded into addresses. ! 1373: Alternately, the \verb"send" option can be used as well. ! 1374: For each query appearing between ``\verb"<<"'' and ``\verb">>"'', ! 1375: \pgm{fred} will be asked to perform a White Pages resolution. ! 1376: All matches are printed and the user is asked to select one. ! 1377: If one is not selected, ! 1378: the user remains with \pgm{fred}, ! 1379: to make more queries, ! 1380: until eventually one is selected ! 1381: (or the user exits \pgm{fred} to abort the expansion process). ! 1382: ! 1383: Note that expansion can occur only if \verb"whom" or \verb"send" is invoked ! 1384: interactively. ! 1385: If the \verb"push" option is used instead, ! 1386: then the expansion will fail because \pgm{fred} will be unable to query ! 1387: the user to select/confirm the right entry to use for the substitution. ! 1388: ! 1389: \section {Tell The Users!} ! 1390: OK, everything is installed and running, ! 1391: so it's time for you to tell your users about the system! ! 1392: Print out copies of \thebook/ and the accompanying ! 1393: {\em White Pages Quick Reference Sheet}, ! 1394: and start distributing them. ! 1395: Also, encourage your users to subscribe to the ! 1396: \begin{quote}\begin{verbatim} ! 1397: [email protected] ! 1398: \end{verbatim}\end{quote} ! 1399: discussion group. ! 1400: This is done by sending a message to the ! 1401: \begin{quote}\begin{verbatim} ! 1402: [email protected] ! 1403: \end{verbatim}\end{quote} ! 1404: mailbox and asking to be added. ! 1405: ! 1406: \subsection {More New and Exciting Stuff} ! 1407: New and exciting white pages applications are written from time to time. ! 1408: You should contact \verb"wpp-manager" to see if there's something fun that you ! 1409: can try out.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.