Coordination can be performed by registering the directory service with Resource Coordinator VE.
By deleting the registered directory service, the coordination can be released. Use the following procedure to configure the directory service.
Configuring LDAP Servers
Use the following procedure to perform LDAP server configuration.
Import LDIF files
Use the following procedure to import LDIF files.
When using OpenDS (Enclosed with ServerView Operations Manager, individual configuration)
When performing individual configuration, the base name (dc=fujitsu,dc=com) of the actual environment may be different from one described in the LDIF file. Check the base name of the directory service being used, and if the relevant base name is not correct, change it using an editor.
Use the following LDIF files.
[Windows]
Installation_folder\Manager\etc\conf\ssoconf\rcve_opends.ldif
[Linux]
/etc/opt/FJSVrcvmr/conf/ssoconf/rcve_opends.ldif
Execute the following commands, and import the LDIF files.
[Windows]
>"OpenDS_installation_folder\bat\ldapmodify.bat" -p Port_number -f LDIF_file -D Administrator_user_DN -w Password <RETURN> |
[Linux]
>"OpenDS_installation_folder/bin/ldapmodify" -p Port_number -f LDIF_file -D Administrator_user_DN -w Password <RETURN> |
Example
>"C:\Program Files\Fujitsu\ServerView Suite\opends\bat\ldapmodify.bat" -p 1473 -f "C:\Documents and Settings\tamura\My Documents\download\ldap\rcve_opends.ldif" -D "cn=Directory Manager" -w admin Processing ADD request for OU=RCVE,OU=Privileges,OU=Declarations,OU=SVS,dc=fujitsu,dc=com |
Note
Depending on the environment, a JAVA execution error may be displayed.
If a JAVA execution error is displayed, check that the correct JAVA execution path is set in the environment variables.
Configuration when using Active Directory (individual configuration)
Use the following LDIF files.
The base name (dc=fujitsu,dc=com) of the actual environment may be different from the one described in the LDIF file. Check the base name of the directory service being used, and if the relevant base name is not correct, change it using an editor.
When using Linux, copy the LDIF file from a Windows environment where there are Active Directories.
[Windows]
Installation_folder\Manager\etc\conf\ssoconf\rcve_active_directory.ldif
[Linux]
/etc/opt/FJSVrcvmr/conf/ssoconf/rcve_active_directory.ldif
Execute the following commands, and import the LDIF files.
[Windows]
>ldifde -i -e -k -f LDIF_file <RETURN> |
Information
When the ldifde tool is not included in the PATH variable, it is in the %WINDIR%\system32 directory.
Configuration of User Authority Levels
Configure the authority levels of the users registered in the directory service. Add the users as members using the following roles.
Authority Name | Authority Level | LDAP Server Role Name |
|---|---|---|
RcveManage | Administrative user of Resource Coordinator VE | cn=Administrator,OU=AuthorizationRoles, OU=RCVE,OU=Departments,OU=SVS,BaseDN |
RcveMonitor | General user of Resource Coordinator VE | cn=Monitor,OU=AuthorizationRoles, OU=RCVE,OU=Departments,OU=SVS,BaseDN |
For details, follow the configuration methods for the directory service being used.
Manager Configuration
Use the following procedure to configure managers. Perform configuration after stopping manager services.
Start the manager services again after configuration is complete.
For information on starting and stopping managers, refer to the "5.1 Manager" section.
Directory Service Registration
Register the directory service used for ServerView Operations Manager with Resource Coordinator VE.
Use the following procedure to register the directory service.
Execute the following commands to register the directory service.
[Windows]
>"Installation_folder\Manager\bin\rcxadm" authctl register -ip IP_address -port Port_number -base BaseDN -bind Administrator_user_DN -method SSL -passwd Password <RETURN> |
[Linux]
#/opt/FJSVrcvmr/bin/rcxadm authctl register -ip IP_address -port Port_number -base BaseDN -bind Administrator_user_DN -method SSL -passwd Password <RETURN> |
Execute the following commands to check the details of configuration.
[Windows]
>"Installation_folder\Manager\bin\rcxadm" authctl show <RETURN> |
[Linux]
#/opt/FJSVrcvmr/bin/rcxadm authctl show <RETURN> |
Example
>"C:\Program Files\Resource Coordinator VE\Manager\bin\rcxadm" authctl register -ip 192.168.1.10 -port 1474 -base dc=fujitsu,dc=com -bind "cn=Directory Manager" -method SSL -passwd admin |
Import the LDAPS Certificate
Common Settings
Use the following procedure to import the ServerView Operations Manager certificate into Resource Coordinator VE.
Copy the following files:
Files to copy
[Windows]
Installation_folder\Manager\runtime\jre6\lib\security\cacerts
[Linux]
/opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts
Copy destination
[Windows]
Installation_folder\Manager\runtime\jre6\lib\security\cacerts.org
[Linux]
/opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts.org
Note
Ensure that these files are copied, as they are necessary when changing the directory service.
Execute the following commands, and import the ServerView Operations Manager certificate into Resource Coordinator VE.
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -importkeystore -srckeystore "ServerView SuiteInstallation_folder\jboss\server\serverview\conf\pki\keystore" -destkeystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/keystore -destkeystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
The following messages will be displayed when import is successfully completed.
Check the "another name" section.
Example
>"C:\Program Files\Resource Coordinator VE\Manager\runtime\jre6\bin\keytool.exe" -importkeystore -srckeystore "C:\Program Files\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\keystore" -destkeystore "C:\Program Files\Resource Coordinator VE\Manager\runtime\jre6\lib\security\cacerts" |
Execute the following commands, and check if the certificate has been correctly imported.
For the -alias option, specify the "another name" checked in step 3.
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -list -alias Another_name -keystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
The message will be displayed, when the certificate confirmation is successfully completed.
Example
>"C:\Program Files\Resource Coordinator VE\Manager\runtime\jre6\bin\keytool.exe" -list -alias svs_cms -keystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" |
Individual Configuration
When using the configured OpenDS individually.
When using an individually configured OpenDS, it is necessary to import the configured OpenDS server certificate.
Use the following procedure to import the server certificate of the individually configured OpenDS.
The server certificate format is the JKS(Java Key Store) format.
Execute the following commands, and import the OpenDS server certificate into Resource Coordinator VE.
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -importkeystore -srckeystore "OpenDSInstallation_folder\config\keystore" -destkeystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore "OpenDSInstallation_folder/config/keystore" -destkeystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
The following messages will be displayed when import is successfully completed.
Check the "another name" section.
Example
>"C:\Program Files\Resource Coordinator VE\Manager\runtime\jre6\bin\keytool.exe" -importkeystore -srckeystore "C:\win32app\OpenDS-2.2.0\config\keystore" -destkeystore "C:\Program Files\Resource Coordinator VE\Manager\runtime\jre6\lib\security\cacerts" |
Execute the following commands, and check if the certificate has been correctly imported.
For the -alias option, specify the "another name" checked in step 2.
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -list -alias Another_name -keystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
># /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
The message will be displayed, when the certificate confirmation is successfully completed.
Example
>"C:\Program Files\Resource Coordinator VE\Manager\runtime\jre6\bin\keytool.exe" -list -alias server -cert -keystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" |
Configuration when using Active Directory
When using Active Directory, it is necessary to import the Active Directory server certificate.
Use the following procedure to import Active Directory server certificates.
The server certificate format is the DER encoded binary X.509(CER) format.
Execute the following commands, and import Active Directory certificates into Resource Coordinator VE.
For the -alias option, specify "rcve_ldap".
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -importcert -alias rcve_ldap -trustcacerts -file Certificate_path -keystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importcert -alias rcve_ldap -trustcacerts -file Certificate_path -keystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
The following confirmation message is displayed:
When the certificate is trusted, to add it to a key store, enter "yes", to cancel the addition, enter "no".
Do you trust this certificate? [no]: |
Example
>"C:\Program Files\Resource Coordinator VE\Manager\runtime\jre6\bin\keytool.exe" -importcert -alias rcve_ldap -trustcacerts -file c:\1472-VM13-w23r2.serverview.local_svsca.crt -keystore "C:\Program Files\Resource Coordinator VE\Manager\runtime\jre6\lib\security\cacerts" Enter keystore password: changeit
Owner: CN=svsca, DC=serverview, DC=local
Issuer: CN=svsca, DC=serverview, DC=local
Serial number: 22646549ec7ac1994cc3a2b8eff66e27
Valid from: Mon Oct 04 11:19:47 JST 2010 until: Sun Oct 04 11:26:54 JST 2015
Certificate fingerprints:
MD5: 70:E3:CB:23:6F:D1:17:00:56:CA:E2:0D:30:73:14:A8
SHA1: 01:3C:06:81:2D:3F:6D:D9:C3:A6:D4:AA:7B:D5:5E:D5:5F:43:90:E5
Signature algorithm name: SHA1withRSA
Version: 3
...
Trust this certificate? [no]: yes |
The following messages will be displayed, when addition to a key store is successfully completed.
The certificate is added to the key store. |
Execute the following commands, and check if the certificate has been correctly imported.
For the -alias option, specify "rcve_ldap".
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -list -alias rcve_ldap -keystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias rcve_ldap -keystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
The message will be displayed, when the certificate confirmation is successfully completed.
Example
>"C:\Program Files\Resource Coordinator VE\Manager\runtime\jre6\bin\keytool.exe" -list -alias rcve_ldap -keystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" |
Information
"changeit" is configured as the default password for key stores.
