![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to maintenance.tex CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / doc / whitepages / administrator|
Return to maintenance.tex CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / doc / whitepages / administrator |
1.1 root 1: % run this through LaTeX with the appropriate wrapper
2:
3:
\chapter {Maintenance}
4: Now that your Level-1 DSA has successfully joined the pilot project DMD,
5: you must maintain your portion of the Directory tree.
6:
7:
\section {A file you should know about}
8: The file \file{quiputailor} file in the \file{quipu/wildlife/} directory
9: contains runtime configuration for your Level-1 DSA.
10: It was automatically created earlier.
11:
12: Section~13.3 of \volfive/ discusses the options available for run-time
13: tailoring.
14: Typically,
15: you will not need to edit this file.
16:
17:
\section {Nightly Maintenance}
18: One of the last tasks performed when you Level-1 DSA joined the pilot project
19: DMD was to direct your system to run a shell script, \file{nightly.sh}.
20: This script performs two tasks:
21: \begin{itemize}
22: \item it mails your logs to the pilot project sponsors
23: (this is only a temporary measure to aid our understanding of
24: how the software is behaving);
25: and,
26:
27: \item it cycles your logs.
28: \end{itemize}
29: You might wish to modify this script so that you are also informed of the
30: activities of your Level-1 DSA.
31: Actually, the logs record only crude information.
32: During the course of the pilot project,
33: the pilot software might be upgraded to provide more meaningful information.
34: This will be examined as experience is gained.
35:
36: \subsection {Logs}
37: The pilot software does a lot of logging.
38: There are two logs which are generated,
39: the first,
40: \file{dsap.log},
41: contains information on general DSA activity,
42: whilst the second,
43: \file{stats.log},
44: contains statistical information on the DSA.
45:
46: \subsection {Limiting the size of Logs}
47: If your Level-1 DSA is particularly busy,
48: it may generate large logs.
49: As such,
50: you might find it desirable to limit the maximum size that a log may grow to.
51: Since two logs are generated,
52: one for DSA activity and the other for statistics,
53: you will need to make two edits.
54:
55: Look at the \file{quiputailor} file in the \file{quipu/wildlife/} directory.
56: There should be four lines similar to this:
57: \begin{quote}\small\begin{verbatim}
58: # minimal logging
59: dsaplog level=exceptions dflags=tty file=dsap.log
60:
61: # full statistics
62: stats level=all dflags=tty file=stats.log
63: \end{verbatim}\end{quote}
64: Add the string \verb"size=100" at the end of the two lines,
65: e.g.,
66: \begin{quote}\small\begin{verbatim}
67: # minimal logging
68: dsaplog level=exceptions dflags=tty file=dsap.log size=100
69:
70: # full statistics
71: stats level=all dflags=tty file=stats.log size=100
72: \end{verbatim}\end{quote}
73: This will limit the size of each log to 100~Kbytes.
74: If you wish other limits,
75: change the value \verb"100" accordingly.
76:
77: \subsection {Reading Logs}
78: This is currently a black art.
79: When the sponsors of the pilot project have mastered this,
80: \theguide/ will be updated accordingly.
81: In the meantime,
82: if you figure something out,
83: share it with the \verb"wpp-camayocs" list.
84: Have fun.
85:
86:
\section {Adding Entries}
87: Now comes the fun part:
88: entering data into the Directory.
89: In general,
90: there are two kinds of activities:
91: small, incremental changes are best made using \man dish(1c).
92: However,
93: for the wholesale entry of massive amounts of data,
94: the easiest way is to run your favorite text editor and create EDB files
95: manually.
96: (In a future release of the pilot project software,
97: more management tools will be available to automate this process somewhat.)
98:
99: Note that if you edit the EDB files directly,
100: you {\bf must\/} tell your DSA to re-read these files after you are done
101: editing.
102: This is accomplished by either killing and restarting the DSA
103: or using the \switch"refresh" option to the \pgm{dish} command
104: \verb"dsacontrol".
105:
106: To aid the process,
107: a number of templates for the objects you might add are found in the directory
108: \file{quipu/templates/}:
109: \begin{quote}\begin{tabular}{rl}
110: \file{alias}& \verb"alias" object\\
111: \file{dsa}& Level-2 DSA\\
112: \file{person}& \verb"pilotPerson" object\\
113: \file{role}& \verb"organizationalRole" object\\
114: \file{unit}& \verb"organizationalUnit" object
115: \end{tabular}\end{quote}
116: Each of these files contains editing instructions.
117:
118: In the \file{quipu/} source directory,
119: there is a program called \pgm{testedb},
120: which can be used to check EDB files for correctness:
121: \begin{quote}\small\begin{verbatim}
122: % cd quipu/
123: % ./make testedb
124: % ./testedb < EDB
125: \end{verbatim}\end{quote}
126: The \pgm{testedb} program will find the vast majority of errors in an EDB file.
127: It can not however,
128: find errors due to schema violation
129: (i.e., not conforming to the \verb"treeStructure" attribute of the EDB's
130: parent).
131: If your DSA fails to boot properly,
132: the log will indicate:
133: \begin{quote}\small\begin{verbatim}
134: DSA Halted
135: \end{verbatim}\end{quote}
136: In this case,
137: invoke the DSA interactively to determine the cause of the problem,
138: e.g.,
139: \begin{quote}\small\begin{verbatim}
140: % $(SBINDIR)ros.quipu -t ./quiputailor
141: Schema error in entry ending line 16...
142: *** Attribute error ***
143: <<DN of entry in error>>
144: Attribute type objectClass - Constrain violation
145: File ...wildlife/c=US/o=O_i/EDB not loaded
146: FATAL ERROR: DSA Halted
147: \end{verbatim}\end{quote}
148:
149: \subsection {Using Dish}
150: If you use the first approach,
151: then your Level-1 DSA will automatically update the database directory.
152: Thus,
153: all you need be able to do is run one of the user interfaces.
154:
155: First, identify yourself to \pgm{dish} as the manager of the DSA holding the
156: entries you want to modify:
157: \begin{quote}\small\begin{verbatim}
158: % dish -c "wildlife name" -user "c=US@o=O_i@cn=Manager"
159: Enter password for "c=US@o=O_i@cn=Manager": secret
160: Dish ->
161: \end{verbatim}\end{quote}
162: You can now use the \verb"add" and \verb"modify" commands as appropriate.
163: For the \verb"add" command,
164: it is suggested you start with one of the supplied templates, e.g.,
165: \begin{quote}\small\begin{verbatim}
166: Dish -> add ou=Corporate -template $(ETCDIR)quipu/templates/unit
167: \end{verbatim}\end{quote}
168: will create a new organizational unit under the current node.
169:
170: The only tricky part is when objects of class \verb"organizationalUnit" or
171: \verb"dsa" are added.
172:
173:
\section {Adding organizationalUnits}
174: When an organizational unit is added,
175: you must also modify the entries for the DSAs holding MASTER or SLAVE copies
176: of the subordinates of the organizational unit.
177: \[\fbox{\begin{tabular}{lp{0.8\textwidth}}
178: \bf NOTE:& At the present time, the pilot sponsors strongly recommend
179: against adding Level-2 DSAs.
180:
181: A Level-2 DSA should be added only when a Level-1 DSA is too
182: large to run on an available system. In this case,
183: a Level-2 DSA can be used to reduce the memory requirements
184: on the system running the Level-1 DSA.
185: \end{tabular}}\]
186:
187: If the organizational unit is to be mastered by your Level-1 DSA,
188: then the procedure is straight-forward:
189: First,
190: create a directory in your \file{wildlife/c=US/o=O\_i/} directory with
191: the name of the organizational unit, e.g.,
192: \begin{quote}\smaller\begin{verbatim}
193: wildlife/c=US/o=NYSERNet Inc./ou=Corporate
194: \end{verbatim}\end{quote}
195: Second,
196: create an \file{EDB} file in this \unix/ directory containing information on
197: the entries in that organizational unit.
198: Third,
199: create an entry for that organizational unit in the Directory,
200: e.g., by running \pgm{dish}, moving to your organization's entry,
201: typing:
202: \begin{quote}\small\begin{verbatim}
203: Dish -> add ou=Corporate -template $(ETCDIR)quipu/templates/unit
204: \end{verbatim}\end{quote}
205: and then following the editing instructions in the file.
206:
207:
\section {Adding a Level-2 DSA}
208: There are three aspects to adding a Level-2 DSA:
209: first, the entry for your organization and Level-1 DSA must be modified,
210: and an entry for your Level-2 DSA must be created;
211: second,
212: the Level-2 DSA must be configured;
213: and,
214: third,
215: parts of the Directory tree mastered by the Level-1 DSA may be moved over to
216: be mastered by the Level-2 DSA.
217:
218: First, you must choose a name for your new Level-2 DSA.
219: Since there will probably be more Level-2 DSAs then endangered species of
220: South American Wildlife,
221: you do not have to use a wildlife name for a Level-2 DSA.
222: Choose something associated with your organization or state.
223:
224: For the purposes of the pilot project,
225: the name of each Level-2 DSA taks the form:
226: \begin{quote}\small\begin{verbatim}
227: c=US@o=O_i@cn=wildlife name
228: \end{verbatim}\end{quote}
229: As usual,
230: you will have to pick a ``sanitized'' name that will be used for the \unix/
231: directory which will contain the database for your Level-2 DSA.
232:
233: To remain consistent with the discussion on configuring a Level-1 DSA,
234: we'll call the name of the DSA \verb"wildlife name" and the directory will be
235: called \file{wildlife/}.
236:
237: \subsection {Modifying the Level-1 DSA}
238: To the entry for your Level-1 DSA,
239: you will need to add these lines:
240: \begin{quote}\small\begin{verbatim}
241: eDBinfo= # # c=US@o=O_i@cn=wildlife name
242: eDBinfo= c=US # # c=US@o=O_i@cn=wildlife name
243: eDBinfo= c=US@o=O_i # # c=US@o=O_i@cn=wildlife name
244: \end{verbatim}\end{quote}
245: This says that your Level-1 DSA provide copies of the ROOT, \verb"c=US" and
246: your organization's EDBs to your Level-2 DSA.
247:
248: This addition is done using the \verb"modify" command to \pgm{dish}:
249: \begin{quote}\small\begin{verbatim}
250: Dish -> modify "@c=US@cn=wildlife name"
251: \end{verbatim}\end{quote}
252:
253: Note that even though your Level-2 DSA will contain a slave copy of the EDB
254: for your organization,
255: you do not add a \verb"slaveDSA" attribute to your organization's entry to
256: reflect this.
257: In order to contact your Level-2 DSA,
258: it is necessary to find its \verb"presentationAddress" attribute by asking the
259: directory.
260: Since the entry for your Level-2 DSA is kept beneath your organization's
261: entry, anyone asking for information about your Level-2 DSA would already have
262: information on your organization!
263:
264: Finally,
265: you need to add an entry for your Level-2 DSA to the EDB for your organization:
266: \begin{quote}\small\begin{verbatim}
267: Dish -> add "cn=wildlife name" -template $(ETCDIR)quipu/templates/dsa
268: \end{verbatim}\end{quote}
269: The template file contains these editing instructions:
270: \begin{enumerate}
271: \item Change each occurrence of \verb"O_i" to your organization's name; e.g.,
272: \begin{quote}\small\begin{verbatim}
273: NYSERNet Inc.
274: \end{verbatim}\end{quote}
275:
276: \item Change each occurrence of \verb"wildlife name" to the common name of
277: your DSA; e.g.,
278: \begin{quote}\small\begin{verbatim}
279: beeblebrox
280: \end{verbatim}\end{quote}
281:
282: \item For each organizational unit, \verb"U_j", this DSA will master,
283: add a line:
284: \begin{quote}\small\begin{verbatim}
285: eDBinfo = c=US@o=O_i@ou=U_j # # c=US@cn=level-1 DSA
286: \end{verbatim}\end{quote}
287: where \verb"c=US@cn=level-1 DSA" is the name of your Level-1 DSA.
288:
289: \item Change the value of the \verb"presentationAddress" attribute to
290: contain the IP address of the host running the Level-2 DSA,
291: and select an unused TCP port at this IP address
292: (port~17010 is suggested for Level-2 DSAs);
293: e.g.,
294: \begin{quote}\small\begin{verbatim}
295: '0101'H/Internet=130.117.118.3+17010
296: \end{verbatim}\end{quote}
297: If other Level-2 DSAs are to be run on this host,
298: it is suggested that ascending port numbers, starting at 17011, be assigned.
299: However,
300: running multiple Level-2 DSAs on a single host is not recommended.
301:
302: \item Change the value of the \verb"description" attribute for your
303: Level-2 DSA accordingly.
304: The first value should be the wildlife description.
305: Note that you should fully explain the meaning of the Level-2 DSA's
306: common name.
307: Another description value should be added for each organizational
308: unit mastered by this DSA, e.g.,
309: \begin{quote}\small\begin{verbatim}
310: Master DSA for U_j under O_i
311: \end{verbatim}\end{quote}
312: \end{enumerate}
313:
314: \subsection {Configuring a Level-2 DSA}
315: Configuring a Level-2 DSA is currently a pain as \pgm{dsaconfig} is not
316: currently used for this task.
317: Before following the steps below,
318: drop a note to the \verb"wpp-camayocs" list and ask if a new version of
319: \pgm{dsaconfig} is available!
320:
321: Start by copying the database directory for your Level-2 DSA:
322: \begin{quote}\small\begin{verbatim}
323: # cd quipu/
324: # cp -r level-1-dsa wildlife
325: # chmod 700 wildlife
326: # find wildlife -exec chown daemon {} \;
327: # find wildlife -exec chgrp daemon {} \;
328: # su daemon
329: # cd wildlife/
330: \end{verbatim}\end{quote}
331:
332: \subsubsection {Editing the DSA tailoring file}
333: Now edit the \file{quiputailor} file in the \file{quipu/wildlife/} directory.
334: There are three things to do:
335: \begin{enumerate}
336: \item Change the \verb"mydsaname" variable to reflect the Distinguished Name
337: of the DSA.
338: For example:
339: \begin{quote}\small\begin{verbatim}
340: mydsaname "c=US@o=O_icn=wildlife name"
341: \end{verbatim}\end{quote}
342: becomes
343: \begin{quote}\small\begin{verbatim}
344: mydsaname "c=US@o=NYSERNet Inc.@cn=beeblebrox"
345: \end{verbatim}\end{quote}
346:
347: \item Change the \verb"logdir" variable to reflect the \unix/ directory where
348: QUIPU log files are to reside.
349: For example:
350: \begin{quote}\small\begin{verbatim}
351: logdir $(ETCDIR)quipu/wildlife/
352: \end{verbatim}\end{quote}
353: becomes
354: \begin{quote}\small\begin{verbatim}
355: logdir $(ETCDIR)quipu/beeblebrox/
356: \end{verbatim}\end{quote}
357: (Note the trailing slash.)
358:
359: \item Change the \verb"treedir" variable to reflect the \unix/ directory
360: where the DSA's database resides.
361: For example:
362: \begin{quote}\small\begin{verbatim}
363: logdir $(ETCDIR)quipu/wildlife
364: \end{verbatim}\end{quote}
365: becomes
366: \begin{quote}\small\begin{verbatim}
367: logdir $(ETCDIR)quipu/beeblebrox
368: \end{verbatim}\end{quote}
369: (Note the lack of a trailing slash.)
370: \end{enumerate}
371:
372: Section~13.3 of \volfive/ discusses the options available for run-time
373: tailoring.
374: You will have no need of editing this file.
375:
376: \subsubsection {Editing the DSA startup file}
377: Now edit the \file{startup.sh} file in the \file{quipu/wildlife/} directory.
378: There are two things to do:
379: \begin{enumerate}
380: \item Change the \verb"W" variable to reflect the wildlife name of the DSA.
381: For example:
382: \begin{quote}\small\begin{verbatim}
383: W=wildlife
384: \end{verbatim}\end{quote}
385: becomes
386: \begin{quote}\small\begin{verbatim}
387: W="Beeblebrox"
388: \end{verbatim}\end{quote}
389:
390: \item Change the \verb"D" variable to reflect the \unix/ directory where
391: the DSA's database resides.
392: For example:
393: \begin{quote}\small\begin{verbatim}
394: D=$(ETCDIR)quipu/wildlife
395: \end{verbatim}\end{quote}
396: becomes
397: \begin{quote}\small\begin{verbatim}
398: D=$(ETCDIR)quipu/beeblebrox
399: \end{verbatim}\end{quote}
400: \end{enumerate}
401:
402: \subsubsection {Building an Initial Database}
403: The directory database you created with the \pgm{cp} command earlier has done
404: virtually all the work for you.
405: Now all you need do is edit each EDB file to initially mark each as a
406: SLAVE copy.
407: A simple way of doing this is:
408: \begin{quote}\small\begin{verbatim}
409: # find . -name EDB -a -exec vi {} \;
410: \end{verbatim}\end{quote}
411: which will run \pgm{vi} on each EDB file.
412: If the first line of this file says \verb"MASTER",
413: change it to \verb"SLAVE".
414: Otherwise the first line should say \verb"SLAVE"
415: (if the first line of the EDB file says \verb"CACHE",
416: then contact a \camayoc/ for assistance.)
417:
418: \subsubsection {Testing the Level-2 DSA}
419: At this point,
420: your Level-2 DSA should be configured and you should start and test it:
421: \begin{quote}\small\begin{verbatim}
422: # $(SBINDIR)ros.quipu -t ./quiputailor &
423: \end{verbatim}\end{quote}
424: If your DSA is configured properly,
425: it will print out something like:
426: \begin{quote}\small\begin{verbatim}
427: -- '0101'H/Internet=130.117.128.3+17010 --
428: DSA Started
429: \end{verbatim}\end{quote}
430: If your Level-2 DSA does not boot for some reason,
431: consult Section~\ref{dsa:failure} on page~\pageref{dsa:failure}.
432:
433: You should now try connecting to the Level-2 DSA.
434: \begin{quote}\small\begin{verbatim}
435: % dish -c "wildlife name"
436: Welcome to Dish (DIrectory SHell)
437: Dish ->
438: \end{verbatim}\end{quote}
439: indicates that the DUA connected to your Level-1 DSA.
440: Otherwise consult Section~\ref{dua:failure} on
441: page~\pageref{dua:failure} and try to debug the problem.
442:
443: \subsubsection {Editing the DUA tailoring file}
444: Once your Level-2 DSA is operational,
445: you should edit the file \file{dsaptailor} in the ISODE \verb"ETCDIR"
446: directory so that your DUAs
447: will know about this DSA.
448: This is done by adding this line
449: \begin{quote}\smaller\begin{verbatim}
450: dsa_address "wildlife name" '0101'H/Internet=aaa.bbb.ccc.ddd+port
451: \end{verbatim}\end{quote}
452: {\em after\/} the \verb"dsa_address" line for your Level-1 DSA
453: and then making these edits:
454: \begin{enumerate}
455: \item Substitute the common name of your DSA for \verb"wildlife name"; e.g.,
456: \begin{quote}\small\begin{verbatim}
457: Beeblebrox
458: \end{verbatim}\end{quote}
459:
460: \item Change the IP address and TCP port number to correspond to the
461: OSI presentation address you defined earlier in the entry for the
462: DSA;
463: e.g.,
464: \begin{quote}\small\begin{verbatim}
465: '0101'H/Internet=130.117.118.3+17010
466: \end{verbatim}\end{quote}
467: \end{enumerate}
468:
469: Now run the \man dish(1c) program again,
470: telling it to connect to your Level-1 DSA.
471: \begin{quote}\small\begin{verbatim}
472: % dish -c "wildlife name"
473: Welcome to Dish (DIrectory SHell)
474: Dish ->
475: \end{verbatim}\end{quote}
476: indicates that the DUA connected to your Level-1 DSA.
477: Otherwise consult Section~\ref{dua:failure} on
478: page~\pageref{dua:failure} and try to debug the problem.
479:
480: Now look around the Directory tree using \pgm{dish}.
481: Descend to \verb"c=US@o=O_i" to check on your own entries.
482: A good test to run is to try and bind to your own entry,
483: but to do so by dereferencing the alias for the Manager of your DMD:
484: \begin{quote}\small\begin{verbatim}
485: Dish -> bind -user "c=US@o=O_i@cn=Manager"
486: Enter password for "c=US@o=O_i@cn=Manager":
487: Dish ->
488: \end{verbatim}\end{quote}
489: Indicates that you are now bound to the directory as that DN.
490: Instead, if you see:
491: \begin{quote}\small\begin{verbatim}
492: Dish -> bind -user "c=US@o=O_i@cn=Manager"
493: Enter password for "c=US@o=O_i@cn=Manager":
494: Security Error - check name and password
495: \end{verbatim}\end{quote}
496: then either you may have entered the DN or password wrong.
497: Try again.
498: If not,
499: or if you encounter some other problem,
500: contact a \camayoc/ for assistance.
501:
502: \subsection {Moving portions of the Directory Tree}
503: For each organizational unit, \verb"ou=U_j", the Level-2 DSA will master,
504: you now need to do two things:
505: \begin{itemize}
506: \item tell your Level-1 DSA that it no longer masters the EDB;
507: and,
508:
509: \item tell your Level-2 DSA that it now masters the EDB.
510: \end{itemize}
511: The first step is done as follows.
512: Begin by using \pgm{dish} to bind to the Level-1 DSA:
513: \begin{quote}\small\begin{verbatim}
514: % dish -c "Level-1 DSA" -user "c=US@o=O_i@cn=Manager"
515: \end{verbatim}\end{quote}
516: Next:
517: \begin{enumerate}
518: \item Modify the entry for the organizational unit which is held by your
519: Level-1 DSA.
520: Change the \verb"masterDSA" attribute of the entry corresponding to that
521: unit from:
522: \begin{quote}\small\begin{verbatim}
523: masterDSA= c=US@cn=Level-1 DSA
524: \end{verbatim}\end{quote}
525: to:
526: \begin{quote}\small\begin{verbatim}
527: masterDSA= c=US@o=O_i@cn=wildlife name
528: \end{verbatim}\end{quote}
529: You will also need to add a \verb"slaveDSA" attribute to this entry:
530: \begin{quote}\small\begin{verbatim}
531: slaveDSA= c=US@cn=Level-1 DSA
532: \end{verbatim}\end{quote}
533:
534: These additions are done using \pgm{dish}:
535: \begin{quote}\small\begin{verbatim}
536: Dish -> modify "@c=US@o=O_i@ou=U_j"
537: \end{verbatim}\end{quote}
538:
539: \item Modify the entry for your Level-1 DSA.
540: Change the line that says:
541: \begin{quote}\small\begin{verbatim}
542: eDBinfo= c=US@o=O_i@ou=U_j # #
543: \end{verbatim}\end{quote}
544: to:
545: \begin{quote}\small\begin{verbatim}
546: eDBinfo= c=US@o=O_i@ou=U_j # c=US@o=O_i@cn=wildlife name #
547: \end{verbatim}\end{quote}
548: This says that your Level-1 DSA will receive copies of the EDB for each
549: organizational unit held by your Level-2 DSA.
550:
551: This change is done using the \verb"modify" command to \pgm{dish}:
552: \begin{quote}\small\begin{verbatim}
553: Dish -> modify "@c=US@cn=wildlife name"
554: \end{verbatim}\end{quote}
555:
556: \item Lock the Level-1 DSA's copy of the EDB file:
557: \begin{quote}\small\begin{verbatim}
558: Dish -> dsacontrol -lock "c=US@o=O_i@ou=U_j"
559: \end{verbatim}\end{quote}
560:
561: \item Edit the EDB file kept in the {\bf Level-1\/} DSA's directory
562: database by changing the first line from \verb"MASTER" to \verb"SLAVE".
563: (If the first line of this file does not say \verb"MASTER",
564: then you are editing the {\bf wrong\/} directory database.)
565:
566: \item Unlock the Level-1 DSA's copy of the EDB file:
567: \begin{quote}\small\begin{verbatim}
568: Dish -> dsacontrol -refresh "c=US@o=O_i@ou=U_j"
569: Dish -> dsacontrol -unlock "c=US@o=O_i@ou=U_j"
570: \end{verbatim}\end{quote}
571: \end{enumerate}
572:
573: The second step is done as follows.
574: Begin by using \pgm{dish} to bind to the Level-2 DSA:
575: \begin{quote}\small\begin{verbatim}
576: % dish -c "Level-2 DSA" -user "c=US@o=O_i@cn=Manager"
577: \end{verbatim}\end{quote}
578: Next:
579: \begin{enumerate}
580: \item Modify the entry for the for organizational unit which is to be
581: mastered by your Level-2 DSA.
582: Change the \verb"masterDSA" attribute of the entry corresponding to that
583: unit from:
584: \begin{quote}\small\begin{verbatim}
585: masterDSA= c=US@cn=Level-1 DSA
586: \end{verbatim}\end{quote}
587: to:
588: \begin{quote}\small\begin{verbatim}
589: masterDSA= c=US@o=O_i@cn=wildlife name
590: \end{verbatim}\end{quote}
591: You will also need to add a \verb"slaveDSA" attribute to this entry:
592: \begin{quote}\small\begin{verbatim}
593: slaveDSA= c=US@cn=Level-1 DSA
594: \end{verbatim}\end{quote}
595:
596: These additions are done using \pgm{dish}:
597: \begin{quote}\small\begin{verbatim}
598: Dish -> modify "@c=US@o=O_i@ou=U_j"
599: \end{verbatim}\end{quote}
600:
601: \item Modify the entry for your Level-2 DSA.
602: Add this line:
603: \begin{quote}\small\begin{verbatim}
604: eDBinfo= c=US@o=O_i@ou=U_j # # c=US@cn=Level-1 DSA
605: \end{verbatim}\end{quote}
606: This says that your Level-1 DSA will receive copies of the EDB for each
607: organizational unit held by your Level-2 DSA.
608:
609: This change is done using the \verb"modify" command to \pgm{dish}:
610: \begin{quote}\small\begin{verbatim}
611: Dish -> modify "@c=US@o=O_i@cn=wildlife name"
612: \end{verbatim}\end{quote}
613:
614: \item Lock the Level-2 DSA's copy of the EDB file:
615: \begin{quote}\small\begin{verbatim}
616: Dish -> dsacontrol -lock "@c=US@o=O_i@ou=U_j"
617: \end{verbatim}\end{quote}
618:
619: \item Edit the EDB file kept in the {\bf Level-2\/} DSA's directory
620: database by changing the first line from \verb"SLAVE" to \verb"MASTER".
621: (If the first line of this file does not say \verb"SLAVE",
622: then you are editing the {\bf wrong\/} directory database.)
623:
624: \item Unlock the Level-2 DSA's copy of the EDB file:
625: \begin{quote}\small\begin{verbatim}
626: Dish -> dsacontrol -unlock "@c=US@o=O_i@ou=U_j"
627: \end{verbatim}\end{quote}
628: \end{enumerate}
629: You should now reboot your Level-2 DSA and then try to connect to it using
630: \pgm{dish}.
631: Once this is successfully,
632: you should reboot your Level-1 DSA and also use \pgm{dish} to connect to it.
633:
634: When you restart the Level-2 DSA,
635: it will try to update its ROOT,
636: \verb"c=US",
637: and \verb"o=O_i" EDB files from your Level-1 DSA.
638: The first two should be the same as what your Level-2 is running,
639: so no update will take place.
640: The third will be different however,
641: so you should see a file \file{c=US/o=O\_i/EDB.bak} created.
642:
643: When you restart the Level-1 DSA,
644: in addition to trying to reload its ROOT and \verb"c=US" EDB files from the
645: Level-0 DSAs,
646: it will try to reload the EDB file for each organizational unit mastered by
647: the Level-2 DSA.
648: Since these will be the same,
649: initially no update will take place.
650:
651: \subsubsection {Editing the DUA tailoring file}
652: You now edit the \file{dsaptailor} file one more time.
653: Move the \verb"dsa_address" line for your Level-2 DSA above the line for your
654: Level-1 DSA.
655: This will tell your DUAs to contact the Level-2 DSA by default,
656: rather than the Level-1 DSA.
657:
658: \subsubsection {System Administration}
659: Once everything checks out,
660: its time to restart the DSA in the background.
661: Use \pgm{dish} to abort the DSA and then run the \file{startup.sh} script:
662: \begin{quote}\small\begin{verbatim}
663: % $(ETCDIR)quipu/wildlife/startup.sh
664: \end{verbatim}\end{quote}
665: Take a look at the log files it creates and once you're satisfied
666: that it is operational,
667: use \pgm{dish} one last time before considering things up and running.
668:
669: Finally,
670: it's time for the last bit of system administration:
671: \begin{enumerate}
672: \item Add an entry to the file \file{/etc/rc.local}:
673: \begin{quote}\smaller\begin{verbatim}
674: if [ -d $(ETCDIR)quipu/wildlife ]; then
675: $(ETCDIR)quipu/wildlife/startup.sh & \
676: (echo -n ' wildlife') > /dev/console
677: fi
678: \end{verbatim}\end{quote}
679: in the section where the network servers are started.
680: If your \file{rc.local} file starts \man tsapd(8c),
681: then place this entry after the one which starts \pgm{tsapd}.
682:
683: \item Edit the file \file{quipu/wildlife/nightly.sh},
684: by looking for these three lines
685: \begin{quote}\smaller\begin{verbatim}
686: W="dsa name from dsaptailor, e.g., Beeblebrox"
687: D="wildlife directory, e.g., $(ETCDIR)quipu/beeblebrox"
688: \end{verbatim}\end{quote}
689: and editing them appropriately.
690:
691: \item Based on the time that the \verb"c=US" manager gave you for your
692: Level-1 DSA, add one hour and modify the \file{crontab} file according; e.g.,
693: \begin{quote}\small\begin{verbatim}
694: 0 5 * * * $(ETCDIR)quipu/wildlife/nightly.sh
695: \end{verbatim}\end{quote}
696: If the directory database for the Level-2 DSA is owned by a user-ID other
697: than \verb"root" (e.g., \verb"daemon"),
698: then instead the line should look something like this:
699: \begin{quote}\small\begin{verbatim}
700: 0 5 * * * su daemon < $(ETCDIR)quipu/wildlife/nightly.sh
701: \end{verbatim}\end{quote}
702: \end{enumerate}
703:
704: Congratulations!
705: Your Level-2 DSA has now joined the pilot DMD.
706:
707:
\section {Miscellaneous Topics}
708: Here is information on a wide range of topics,
709: arranged in no particular order.
710:
711: \subsection {Moving a Level-1 DSA}
712: For various reasons you might need to move your DSA from one host to another.
713: In OSI terminology,
714: you need to change the presentation address of the DSA.
715: The steps to do this are:
716: \begin{enumerate}
717: \item Modify the \verb"presentationAddress" attribute of your DSA using
718: \pgm{dish} to include the second host.
719: Also edit your \file/{dsaptailor} file to include this new address.
720: In both cases, you simply add the string:
721: \begin{quote}\small\begin{verbatim}
722: |Internet=aaa.bbb.ccc.ddd+portno
723: \end{verbatim}\end{quote}
724: to the address.
725: So, if the old address was
726: \begin{quote}\small\begin{verbatim}
727: '0101'H/Internet=192.33.4.20+17003
728: \end{verbatim}\end{quote}
729: the new address might be
730: \begin{quote}\small\begin{verbatim}
731: '0101'H/Internet=192.33.4.20+17003|Internet=130.117.128.2+17003
732: \end{verbatim}\end{quote}
733:
734: \item Edit your DSA's entry in the \file{c=US/EDB} file and remove the line
735: \begin{quote}\small\begin{verbatim}
736: eDBinfo= c=US # cn=Alpaca #
737: \end{verbatim}\end{quote}
738: This will prevent your DSA from seeing this change to it's presentation
739: address,
740: which is necessary since your DSA can't listen on the new address at the
741: moment.
742:
743: \item Now wait a couple of days for this new information to propagate.
744: This is important to avoid a transient service outage.
745:
746: \item Stop the DSA and move its hierarchy over to the new host.
747:
748: \item Edit the \file{c=US/EDB} file and change your
749: DSA's \verb"presentationAddress" attribute to have only the new address, e.g.,
750: \begin{quote}\small\begin{verbatim}
751: presentationAddress= '0101'H/Internet=130.117.128.2+17003
752: \end{verbatim}\end{quote}
753:
754: \item Start the DSA on the new host and verify that it is working okay.
755:
756: \item Modify the \verb"presentationAddress" attribute to remove the first
757: host address for your DSA using \pgm{dish}
758: The presentation address will now match the value in the \file{c=US/EDB} file
759: you have locally.
760: Also edit your \file{dsaptailor} file to have only the new address.
761:
762: \item Edit your DSA's entry in the \file{c=US/EDB} file and add the line
763: \begin{quote}\small\begin{verbatim}
764: eDBinfo= c=US # cn=Alpaca #
765: \end{verbatim}\end{quote}
766: This will resume the automatic downloading of information for your DSA.
767:
768: \item Don't forget to edit \file{/etc/rc.local} and \file{/usr/lib/crontab}
769: on both systems.
770: \end{enumerate}
771:
772: \subsection {Running a SLAVE Level-1 DSA}
773: {\em to be supplied$\ldots$}
774:
775: %%% register at c=US
776: %%% copy edb files
777: %%% change masters to slaves
778: %%% for each master add
779: %%% eDBinfo= dn # master # to slave DSA entry
780: %%% eDBinfo= dn # # slave to master entry
781: %%% slaveDSA= slave to dn entry
782:
783: \subsection {A Final Word on DSAs and Knowledge Information}
784: It is important to appreciate that a DSA may hold knowledge
785: (have local \file{EDB} files)
786: even though the DIT does not indicate this
787: (no corresponding \verb"slaveDSA" attribute for that portion of the tree).
788: This is a feature.
789:
790: For example,
791: if you wish to speed access to certain parts of the tree for your users,
792: then to the entry of the DSA which MASTERs that information,
793: you add this attribute:
794: \begin{quote}\small\begin{verbatim}
795: eDBinfo = interesting_EDB # # slave_DSA_name
796: \end{verbatim}\end{quote}
797: to the entry of the DSA which is to have a copy,
798: you add this attribute:
799: \begin{quote}\small\begin{verbatim}
800: eDBinfo = interesting_EDB # master_DSA_name #
801: \end{verbatim}\end{quote}
802: And you do {\bf not\/} add any \verb"slaveDSA" attribute to the entry
803: corresponding that EDB.
804:
805: This configuration has the effect that any user contacting the slave DSA,
806: will find that information local,
807: but, since this DSA is not listed in the \verb"slaveDSA" attribute,
808: then other DSAs won't bother it asking for information.
809:
810: \subsection {Naming People}\label{naming:people}
811: As noted earlier,
812: entries in the Directory are uniquely named by their
813: Relative Distinguished Name (RDN).
814: In the pilot software,
815: the RDN is represented as the first line of each entry in the \file{EDB} file
816: for its immediate parent.
817: Thus,
818: within an \file{EDB} file,
819: all RDNs must be unique.
820:
821: The simplest way of doing this is to use:
822: \begin{quote}\small\begin{verbatim}
823: cn=FirstName LastName
824: \end{verbatim}\end{quote}
825: as the RDN.
826: However,
827: in organizations with large numbers of people,
828: this may not be sufficient to be unique.
829: So, there are four alternative strategies:
830: \begin{enumerate}
831: \item Use
832: \begin{quote}\small\begin{verbatim}
833: cn=FirstName LastName
834: \end{verbatim}\end{quote}
835: whenever possible.
836: However,
837: whenever ambiguity occurs, use either
838: \begin{quote}\small\begin{verbatim}
839: cn=FirstName MiddleInitial LastName
840: \end{verbatim}\end{quote}
841: or
842: \begin{quote}\small\begin{verbatim}
843: cn=FirstName MiddleName LastName
844: \end{verbatim}\end{quote}
845: Note that,
846: the shorter forms should also be included to aid in searching.
847: Hence,
848: the first three lines of an entry might look like:
849: \begin{quote}\small\begin{verbatim}
850: cn=FirstName MiddleName LastName
851: cn= FirstName MiddleInitial LastName
852: cn= FirstName LastName
853: \end{verbatim}\end{quote}
854: The first value is used for the RDN,
855: and the other two for searching.
856:
857: \item Always use
858: \begin{quote}\small\begin{verbatim}
859: cn=FirstName MiddleName LastName
860: \end{verbatim}\end{quote}
861: as the RDN for all entries,
862: and include the shorter forms whenever possible.
863:
864: \item Always generate a uniquely constructed string
865: \begin{quote}\small\begin{verbatim}
866: cn=FML1
867: \end{verbatim}\end{quote}
868: and include whatever real naming information is available for searching
869: purposes:
870: \begin{quote}\small\begin{verbatim}
871: cn= FirstName MiddleName LastName
872: cn= FirstName MiddleInitial LastName
873: cn= FirstName LastName
874: \end{verbatim}\end{quote}
875: The only caveat with this approach is that each time the EDB file is
876: generated, it is best not to change the RDNs for entries which previously
877: existed.
878:
879: \item Use a multi-valued RDN ({\em deus ex machina\/} formed by a
880: \verb"commonName" attribute and some other distinguishing attribute:
881: \begin{quote}\small\begin{verbatim}
882: cn=FirstName MiddleName LastName%userid=Lastname
883: \end{verbatim}\end{quote}
884: The \verb"`%'"-sign is used to concatenate attributes when forming an RDN.
885: Hence,
886: if the first line of an entry is
887: \begin{quote}\small\begin{verbatim}
888: cn=Marshall Rose%userid=mrose
889: \end{verbatim}\end{quote}
890: then the entry's RDN really has two parts:
891: the most significant part is a \verb"commonName" attribute,
892: and the next significant part is a \verb"userid" attribute.
893: Other good choices besides \verb"userid" are things like \verb"localityName".
894:
895: Of course,
896: the \verb"`%'"-notation can be used only on the first line of an entry,
897: as it is used only for RDNs.
898: \end{enumerate}
899: In all cases,
900: regardless of the actual RDN chosen,
901: it is strongly recommended to include as many alternate forms as possible,
902: in order to aid searching.
903:
904: \subsection {Installing the Software on other hosts}
905: You may wish to install the interfaces to the Directory,
906: on other systems,
907: whilst running a DSA on a single host.
908: If the hardware/software configuration of the new hosts are the same as the
909: initial host,
910: then you can simply install the compiled binaries.
911: Usually this is done by mounting the source hierarchy over the network,
912: logging in to the new host,
913: and using:
914: \begin{quote}\small\begin{verbatim}
915: # ./make inst-all inst-quipu
916: # (cd others/quipu; ./make inst-pilot)
917: \end{verbatim}\end{quote}
918: Then,
919: you must copy over two files from the ISODE \verb"ETCDIR" directory on the
920: original host: \file{dsaptailor} and \file{fredrc}.
921:
922: If, however, you wish to change the software configuration,
923: then after moutning the source hierarchy,
924: you must clean the existing binaries in the source hierarchy,
925: then select the new configuration files and go through the generation and
926: installation process:
927: \begin{quote}\small\begin{verbatim}
928: % ./make distribution
929: % ./make once-only all all-quipu
930: % (cd others/quipu; ./make pilot)
931: # ./make inst-all inst-quipu
932: # (cd others/quipu; ./make inst-pilot)
933: \end{verbatim}\end{quote}
934: Next, you must then copy over the \file{dsaptailor} and \file{fredrc} files
935: from the ISODE \verb"ETCDIR" directory on the original host.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.