6.3 Using a Container Admin to Install and Configure DSfW

For this procedure, assume that you want to configure DSfW in an existing tree with o=novell,ou=india.o=novell and ou=blr.ou=india.o=novell as root partitions.

Prerequisite:

You must have at least one eDirectory 8.8 SP2 and above server in the tree that holds a writable replica of the root partition.The root partition should be present on the server which is holding the name-mapped container. This is required for creating partitions during DSfW configuration.

To configure a container admin:

  1. Create a container in an already existing tree.

    eg:ou=india.o=novell
    
  2. Create a user cn=localadmin under the container eg:ou=india.o=novell,and ensure the following prerequisite is met:

    The container must be partitioned (before installing the server) by using the admin for the tree.

  3. Assign the following rights to the container admin:

    • Supervisor rights on this partition.

    • Supervisor rights (inherited) for the entry rights to the security container.

    • Read and Write permission for the DNS locator and DNS group object.

    • Read and Write permission for the DNS server object if the DNS server is located in other domain.

    • Supervisor rights (inheritable) on the ou=OESSystemObjects container holding the NCP Server object of the forest root domain, while installing an subsequent domain or an subsequent domain controller as a container admin.

      For example, ou=OESSystemObjects,dc=parent,dc=com where dc=parent,dc=com is the forest root domain.

    • The container admin needs supervisor rights on the configuration partition and schema partition to create a subsequent domain or a subsequent domain controller.

    For information on rights that must be assigned before doing a container admin installation, see Rights Required for Subcontainer Administrators in the OES 2 SP3: Installation Guide.

    For more information on installing a secondary server into an existing tree as a non-administrator user, refer to the eDirectory 8.8 Installation Guide.

  4. Use the tree admin to extend the schema for DSfW:

    1. On an existing OES 2 Linux server, run the Novell Schema tool found in YaST > Open Enterprise Server > Novell Schema Tool and enter the IP address of the eDirectory 8.8 SP5 server with a writable replica of the root.

    2. Specify the tree admin’s password and click Next.

    3. Select Novell Linux User Management (LUM), Novell DNS, Novell Domain Services for Windows, Novell Directory Services, Novell iPrint Services, Novell Storage Services (NSS), Novell NCP Server, Novell SMS, and Novell NMAS.

      It is not necessary to select any of the other items in the list. Wait for the schema changes to be synchronized across the tree before proceeding with the installation of the first DSfW server.

      NOTE:You can use OES schema tool or iManager to extend the schema.

  5. Configure Novell DSfW using YaST with the container admin credentials.

    For information on installing and configuring Novell DNS service, refer to Installing the DNS Server and eDirectory Permissions in the OES 2 SP3: Novell DNS/DHCP Administration Guide.

NOTE:Apart from the tree administrator installation, container administrator installation is the only supported installation scenario. DSfW installation as a DSfW Domain Administrator is not supported.