(Conditional) NICI 2.7 and eDirectory 8.8 support key sizes up to 4096 bits. If you want to use a 4 KB key size, every server must be upgraded to eDirectory 8.8eDirectory 8.8. In addition, every workstation using the management utilities, for example, iManager and ConsoleOne, must have NICI 2.7 installed on it.

When you upgrade your Certificate Authority (CA) server to eDirectory 8.8, the key size will not change; it will be 2 KB. The only way to create a 4 KB key size is recreate the CA on an eDirectory 8.8 server. In addition, you would have to change the default from 2 KB to 4 KB for the key size, during the CA creation.

The package containing NICI 2.7 is named NOVLniu0-2.7 on Solaris.

For more information, refer to Installing NICI.

SLP should be installed and configured.

With eDirectory 8.8, SLP does not get installed as part of the eDirectory installation.

If you are a root user, you need to install and configure SLP before proceeding with the eDirectory installation.

If you are a nonroot user, SLP should be installed and configured before you proceed with the eDirectory installation. A nonroot user cannot install SLP.

For more information on installing SLP, refer to Using SLP with eDirectory.

Enable the Solaris host for multicast routing.

To check if the host is enabled for multicast routing, enter the following command:

/bin/netstat -nr

The following entry should be present in the routing table:

224.0.0.0 host_IP_address

If the entry is not present, log in as root, and enter the following command to enable multicast routing:

route add -net 224.0.0.0 -net 224.0.0.0 netmask 240.0.0.0 hme0

For more information on multicast and broadcast routes, refer to the OpenSLP User Guide.

If you have more than one server in the tree, the time on all the network servers should be synchronized.

Use Network Time Protocol's (NTP) xntpd to synchronize time.

To avail all the functionality of eMBox such as dsmerge, you need to install the latest Solaris patch - 12 March 2009 or later.

(Conditional) If you are installing a secondary server, all the replicas in the partition that you install the product on should be in the On state.

(Conditional) If you are installing a secondary server into an existing tree as a nonadministrator user, ensure that you have the following rights:

(Conditional) If you are installing a secondary server into an existing tree as a nonadministrator user, ensure that at least one of the servers in the tree has the same or higher eDirectory version as that of the secondary being added as container admin. In case the secondary being added is of later version, then the schema needs to be extended by the admin of the tree before adding the secondary using container admin.

While configuring eDirectory, you must enable SLP services and an NCP™ port (the default is 524) in the firewall to allow the secondary server addition. Additionally, you can enable the following service ports based on your requirements:

In case, if you have enabled user-defined ports, you must mention these ports while configuring eDirectory.

During eDirectory upgrade, if SecretStore has not already been configured with the previous versions, or you do not want to configure SecretStore, use the -m no_ss option with the nds-install utility.