Solaris(TM) Extensions for Netscape Directory Server 4.11 Release Notes Solaris Extensions for Netscape Directory Server mainly provide NIS synchronization tools and a RADIUS server that operate with Netscape Directory Server 4.11. This product is available for Solaris SPARC platforms. Product Contents ================ The Solaris Extensions for Netscape Directory Server product contains the following packages: SUNWdsnis NIS synchronization tools SUNWdsrad RADIUS server and PAM module SUNWdsutl Administration utilities The product also includes an automatic startup script, S72ns-slapd, that automatically starts the directory server when the host machine is rebooted. Compatibility and Requirements ============================== Hardware: -------- Solaris Extensions for Netscape Directory Server run on Solaris SPARC platforms and require a minimum of 128 Mbytes RAM. Software: -------- Solaris Extensions for Netscape Directory Server require the following software: - Solaris 2.6 or Solaris 8 operating environment - An X Windows System(TM) if you want to use the graphical user interfaces - Netscape Directory Server 4.11 - Solstice(TM) Enterprise Manager(TM), Solstice Site Manager(TM) or Solstice Domain Manager(TM) if you want to use SNMP monitoring Patches: ------- If installing Solaris Extensions for Netscape Directory Server on a Solaris 2.6 system, you should install the Recommended Solaris 2.6 Patch Cluster and, optionally, the Year 2000 Solaris 2.6 Recommended Patch Cluster. Disk Space ========== The disk space required by the product packages, when installed in their default locations, is as follows: Product Package /etc /opt /var --------------- SUNWdsnis 68kb 7Mb - SUNWdsrad 74kb 7Mb - SUNWdsutl 3kb 3Mb - Note that you must allow space in the /var directory for log files. By default, you can have up to 10 log files of 1Mb for the RADIUS server and for the NIS daemons, which means that the size of the log files can reach 20 Mb. Known Product Limitations ========================= This section lists the known limitations in the Solaris Extensions for Netscape Directory Server product. Interoperability with Netscape Directory Server 4.11 ---------------------------------------------------- If you plan to use the NIS/LDAP synchronization service, the Netscape Directory Server daemon, ns-slapd, must run as root. If it doesn't, the NIS initialization script, dsypinstall, will fail. Therefore, during the setup process for the Netscape Directory Server, do not accept the default (nobody) in response to the question about which user to run the directory server as. You cannot use customer initiated replication (CIR) on NIS information. This is because the NIS service is implemented as a plug-in of the directory server, and the directory server does not call plug-ins during the CIR process. RADIUS Server ------------- The RADIUS server daemon dsradiusd does not automatically re-bind to the directory server daemon ns-slapd, when ns-slapd is stopped and restarted. You must restart dsradiusd manually. The RADIUS server does not poll the LDAP directory to search for new NAS entries. Therefore, if you add a network access server (NAS or RAS) to your network, and the corresponding NAS entry in the LDAP directory, you must restart or refresh the dsradiusd daemon. If you don't, the RADIUS server will silently ignore all connection requests transmitted through the new NAS. Each time you do a refresh of the RADIUS server, it provokes a memory leak. because the previous configuration is stored in memory. If you often do refresh operations, once in a while you must stop and start the RADIUS server to free the memory. In the dsradiusd.conf file, make sure that the line containing the ldap_bind_dn field does not end with a tab. A tab in the bind DN used by the RADIUS server to bind to the LDAP server will cause the bind to fail. The README provided in the /opt/SUNWconn/ldap/samples/pam directory is out-of-date. For information on enabling the RADIUS server to use PAM authentication, refer to the configuration section of the RADIUS Extensions Guide. NIS Synchronization Service --------------------------- The NIS administrator is not automatically created by the dsypinstall initialization script. If the NIS administrator is different from the Directory Manager for the Netscape directory contents, you must create an entry in the directory for the NIS administrator with the proper permissions on the NIS subtrees in the directory. When creating the ACI granting these permissions, you might have to create the subtree for the NIS information, if it does not already exist. The dsypsync process which is used to resynchronize NIS maps with NIS entries in the directory exits before the update to the NIS maps has completed. Therefore, you might need to allow a little time after running dsysync before checking that the NIS maps have been correctly updated. The following parameters controlling NIS logs are set by default and cannot be modified: Parameter Value --------- ----- LogDir /var/opt/SUNWconn/ldap/log/dsnis.log LdapLogLevel 0 LogLevel 0 LogSize 500 Kb The dsimport utility looks for a bind DN and bind password in the dsserv.conf file on the server when this information is not specified on the command line. The dsserv.conf file does not exist in this release of the product. You can either specify at least the bind DN on the command line (you will be prompted to supply a bind password), or specify the location of the nis.conf file by using the -c option of dsimport. Whenever the yppush process runs, a status message is displayed on the slave server console. If you find these messages superfluous, you can prevent them from being displayed by redirecting them to /dev/null: 1- Stop the NIS synchronization service. As root type: # /etc/init.d/dsyp stop 2- If using sh, as root type the following command: # /etc/init.d/dsyp start > /dev/null 2>&1 If using csh, as root type the following command: # /etc/init.d/dsyp start >& /dev/null Deja Directory Editor --------------------- A memory leak in Deja can induce abnormal behavior when browsing the directory tree. If this happens, restart Deja. You cannot use Deja to browse the services.byname map. If you use the Java Runtime Environment (JRE) 1.1.x release, you might experience window refreshing problems with Deja. These can be solved by using JRE 1.2, which comes with the Solaris 8 operating environment. Documentation ------------- The product does not contain man pages. ------------------------------------------------------------------------------------ Copyright © 1999 Sun Microsystems, Inc. Some preexisting portions Copyright © 1999 Netscape Communications Corp. All rights reserved.