The CA Directory server component is known as DXserver for short.
DXserver can be operated as a directory in a standalone mode similar to other LDAP servers. DXserver can also be configured to operate in a distributed environment as a full-featured X.500 Directory System Agent (DSA) supporting all the powerful X.500 features such as chaining, parallel searching, distributed management and advanced security.
DXgrid supports many communications protocols and management facilities, including:
- User access protocols (DAP, LDAP)
- System (inter server) protocols (DSP, DISP)
- Management protocols (SNMP)
- Input commands (from script files or management console)
- Logging Services (alarms, traces, management responses)
Configuration Files
CA Directory stores configuration information in a structured directory tree. The easy-to-use, hierarchical tree defines the conventions and the strategy for managing the directory system that can extend to multiple servers, multiple machines, and multiple platforms.
The configuration files should be managed from a central station. The directories are shared across all servers to ensure consistency in system operation. This architecture also lets you manage versions of the configuration files, because you can store these files in a document or source control system.
DXgrid contains a working example DSA configuration. The example contains three DXgrid configurations - Router, Democorp and UNSPSC and can be installed when DXgrid is installed.
Initialization File
Each server's initialization file sources (refers to and reads) selected files from the config subdirectories. This is the standard initialization (.dxi) file written by dxnewdsa using server name "democorp".
#
# Initialization file written by DXnewdsa
#
# logging and tracing
source "../logging/default.dxc";
# schema
clear schema;
source "../schema/default.dxg";
# knowledge
clear dsas;
source "../knowledge/democorp.dxc";
# operational settings
source "../settings/default.dxc";
# service limits
source "../limits/default.dxc";
# access controls
clear access;
source "../access/default.dxc";
# ssl
source "../ssld/default.dxc";
# replication agreements (rarely used)
# source "../replication/";
# multiwrite DISP recovery.
set multi-write-disp-recovery = false;
# grid configuration
set dxgrid-db-location = "../data/";
set dxgrid-db-size = 10;
set cache-index = all-attributes;
set lookup-cache = true;
The logging file creates a "warn" log and sets the tracing to "error". The schema file is a group (.dxg) file because it includes a number of schema files, like x500.dxc. The settings and limits files have some defaults, but these lines may be removed from the initialization file if the defaults are suitable. The access controls file has no commands in it. The ssl file contains this command
set ssl = { cert-dir = "config/ssld/personalities" ca-file = "config/ssld/trusted.pem" };
The file "trusted.pem" contains the trusted root certificates and the directory "personalities" contains the certificates and private keys to enable SSL/TLS communications. These are set up by the tool "dxcertgen".
The cache configuration defines the location of the datastore (../data), the size of the datastore (10 MB), and the indexes to create (all). The "set lookup-cache" commands causes the datastore to be mapped and the values to be indexed.
So the only file that needs to be created is the knowledge file, here "democorp.dxc".
Knowledge File
This is what democorp.dxc looks like
# CA DXserver/config/knowledge/
#
# Knowledge configuration file written by dxnewdsa
#
set dsa "democorp" =
{
prefix = <c AU><o DemoCorp>
dsa-name = <cn "democorp">
dsa-password = "secret"
address = tcp "hostname" port 19389
disp-psap = DISP
snmp-port = 19389
console-port = 19390
auth-levels = anonymous, clear-password
};
Now, when we type "dxserver start democorp" on the command line, DXserver/DXgrid opens the file "config/servers/democorp.dxi" and reads the commands and files contained there, including the file "config/knowledge/democorp.dxc". The name ("democorp") in the "set dsa" command matches the server name in the "dxserver" command, so an instance of DXgrid is started with the connection information in the "set dsa" command and the settings contained in the other commands.
Note that, if using SSL, the "dsa-name" field will have to match the subject field in the certificate for the DSA.