DeveloperNet University Home > Online Courses > Introduction to DirXML

eBook (Printable PDF format)

DirXML Installation and Demonstration

For the lab demonstration, the eDirectory to eDirectory DirXML driver will be installed and run. The eDirectory to eDirectory driver is installed in both trees. The driver in one tree communicates with the driver in the other tree (and vice versa). More specifically, the Subscriber in the first tree communicates with the Publisher in the second tree, and the subscriber in the second tree communicates with the publisher in the first tree. Therefore, the setup steps for the eDirectory to eDirectory driver must be performed for the driver in each tree.

Certificate Installation

To use the eDirectory to eDirectory driver, the Novell Certificate Server must be running on each server that will host the eDirectory to eDirectory driver. In addition, the instructions in this section assume you will use the Certificate Authority from the tree containing the eDirectory to eDirectory driver to issue the certificates used for SSL. If your tree does not have a Certificate Authority, you will need to create one to use these instructions unchanged. It is possible to use an external Certificate Authority; the steps to do so are similar to the steps in this page except that all Key Material Objects (KMOs are used in NDS to store certificate and public/private key data) will be created using the Custom method and all certificates (including trusted root certificates) will be obtained from the external Certificate Authority.

The following configuration tasks need to be performed to configure the eDirectory to eDirectory drivers.

Create Certificate for First Tree

Figure 14: Exporting TrustedRoot from first tree.

1. Export TrustedRoot from first tree and click Export.
   
   

Figure 15: Choosing Certificate type.

2. Choose DER format, choose filename and path then click Export.
   
   

Figure 16: Creating KMO object.

3. Highlight container where the server is and create a KMO object.
   
   

Figure 17: Selecting Certificate information.

4. Choose the server and create a certificate name. Under Creating method select standard then click Next.
   
   
5. A screen showing certificate parameters should appear. Click Finish.
   
   

Create Certificate for Second Tree

Figure 18: Highlighting container in second tree.

1. Highlight container in second tree where the server is and create a KMO object.
   
   

Figure 19: Selecting certificate Creation method.

2. Choose the server, create a certificate name. Under Creation method select custom then click Next.
   
   

Figure 20: Selecting external certificate authority.

3. Choose External certificate authority and click Next.
   
   
4. Choose the RSA applicable bit size and click Next.
   
   
5. See certificate parameters and click Next.
   
   
6. See more certificate parameters. Click Finish to generate Certificate Signing Request (CSR).
   
   

Figure 21: Saving certificate.

7. Choose System clipboard in Base64 format. Click Save.
   
   

Issuing Certificate for the First Tree

Figure 22: Issuing Certificate for the first tree.

1. Left-click server object in first tree, find Tools from the menu and choose Issue Certificate.
   
   
2. Ctrl+V (paste) in the CSR created above and click Next.
   
   
3. Click Next on screen to specify CA.
   
   

Figure 23: Selecting key type and use.

4. Select SSL or TLS for key-type for SSL authentication and click Next.
   
   
5. Choose the certificate validity period and click Next.
   
   
6. View parameters then click Finish to create certificate.
   
   

Figure 24: Selecting save type for Certificate.

7. Select system clipboard in Base64 format and click Save.
   
   

Importing the Certificate in to the Second Tree

Figure 25: Importing Public Key.

1. Right-click KMO in second tree, select properties, select Certificate tab and choose Public Key. Click Import.
   
   

Figure 26: Saving public key.

2. Click Read From File button and find the TrustedRoot exported from the first tree and click Next.
   
   
3. Ctrl+V (paste) the certificate created by the first tree's CA. Click Finish.
   
   

Reset the DirXML Driver

Figure 27: Setting DirXML Driver to Start Manually.

1. Right-click the driverset-> Properties, then select the driver, then Properties button to see driver properties.
   
   
2. Select the Startup Option tab and select Manual then click apply, OK.
   
   
3. Repeat on the driverSet in the other tree.
   
   

Restart eDirectory

Figure 28: Shutting Down and Restarting eDirectory.

1. Shutdown and restart eDirectory services on both servers.
   
   
2. Refresh the ConsoleOne screen (or restart it).
   
   

Figure 29: Shutting driver trace level.

3. Right-click driverSet->Properties, Other tab, and set DirXML-DriverTraceLevel to 4 (you may need to add the attribute to do this click add and browse for it).
   
   
4. Repeat in other tree.
   
   

Troubleshooting the DirXML Drivers

1. Start DSTrace on both servers.
   
   

Figure 30: Selecting NDS events to trigger.

2. On DSTrace screen (both servers), select Edit->Options from the menu, then click Clear All button and select the DirXML items. Click OK.
   
   

Figure 31: Starting the driver.

3. Right-click driverSet->Properties, choose the driver and click the Start button.
   
   
4. Start the driver in the other tree as well.
   
   
5. Start creating some users, organizations, etc. These should be mirrored on the other tree and visa versa.
   
   
6. If you have problems check the DS trace screen.
   
   

DirXML Installation

Next we will go through the DirXML installation. To install DirXML complete the following.

Figure 32: DirXML product installation.

1. Bring up the DirXML install screen. Accept the license agreement.
   
   

Figure 33: Select drives.

2. Select the eDirectory to eDirectory driver and select Next.
   
   

Figure 34: Summary of products to be installed.

3. You will see the Products to be installed screen press Finish.
   
   

The product will go through installation, which will shutdown and restart eDirectory. If a screen asks if you'd like to overwrite newer file, choose no.

Figure 35: DirXML Installation.

4. Installation continues.
   
   

Figure 36: Installation complete.

Installation will complete and ConsoleOne will start "automagically". Authenticate as admin.

Figure 37: Application Driver Configuration Wizard.

1. Select Application Driver Configuration wizard and OK.
   
   

Figure 38: Application Driver Creating Wizard.

2. Select a new driverSet if you don't have on. Select Next.
   
   

Figure 39: Name your driverSet.

3. Give your driverSet a name, browse for your context where driver will reside, select the server and Next.
   
   

Figure 40: Preconfigured driver.

4. Browse to find the preconfigured driver to install. Select Next.
   
   

Figure 41: Driver Configuration- interactive import/export.

5. Type in the other server's IP address and select Accept.
   
   

Figure 42: Entering KMO.

6. Type in the KMO you created on this tree. Click Accept.
   
   

Figure 43: Entering path to mirror for Server 1.

7. Type in the path to the part of the other tree that you want to mirror (tree, O, and OU). Select Accept.
   
   

Figure 44: Entering path to mirror for Server 2.

8. Type in the path to the part of the this tree that you want to mirror (tree, O, and OU). Select Accept.
   
   
9. Reenter the info for this servers IP, KMO, this and other tree information as the screens are presented.
   
   
10. When asked to define security equivalences, choose Yes and add in the server Admin user.
    
    

Figure 45: Driver summary.

11. The driver summary is displayed. Check everything for accuracy and select Finish.
    
    

Figure 46: ConsoleOne shot of some of the DirXML objects created.

Figure 46 shows some of the DirXML objects that are in the server's eDirectory tree.

Now, install DirXML and the driver on the other server by going through all the DirXML installation steps again.