Getting Started

Document created by birjo05 Employee on Oct 5, 2012Last modified by birjo05 Employee on Jun 13, 2014
Version 4Show Document
  • View in full screen mode

The CA Directory server component is known as DXserver for short.

DXserver can be operated as a directory in a standalone mode similar to other LDAP servers. DXserver can also be configured to operate in a distributed environment as a full-featured X.500 Directory System Agent (DSA) supporting all the powerful X.500 features such as chaining, parallel searching, distributed management and advanced security.

DXgrid supports many communications protocols and management facilities, including:

  • User access protocols (DAP, LDAP)
  • System (inter server) protocols (DSP, DISP)
  • Management protocols (SNMP)
  • Input commands (from script files or management console)
  • Logging Services (alarms, traces, management responses)

Configuration Files 

CA Directory stores configuration information in a structured directory tree. The easy-to-use, hierarchical tree defines the conventions and the strategy for managing the directory system that can extend to multiple servers, multiple machines, and multiple platforms.

The configuration files should be managed from a central station. The directories are shared across all servers to ensure consistency in system operation. This architecture also lets you manage versions of the configuration files, because you can store these files in a document or source control system.

DXgrid contains a working example DSA configuration. The example contains three DXgrid configurations - Router, Democorp and UNSPSC and can be installed when DXgrid is installed.

Initialization File 

Each server's initialization file sources (refers to and reads) selected files from the config subdirectories. This is the standard initialization (.dxi) file written by dxnewdsa using server name "democorp".

 # Initialization file written by DXnewdsa
 # logging and tracing
 source "../logging/default.dxc";

 # schema
 clear schema;
 source "../schema/default.dxg";

 # knowledge
 clear dsas;
 source "../knowledge/democorp.dxc";

 # operational settings
 source "../settings/default.dxc";

 # service limits
 source "../limits/default.dxc";

 # access controls
 clear access;
 source "../access/default.dxc";

 # ssl
 source "../ssld/default.dxc";

 # replication agreements (rarely used)
 # source "../replication/";

 # multiwrite DISP recovery.
 set multi-write-disp-recovery = false;

 # grid configuration
 set dxgrid-db-location = "../data/";
 set dxgrid-db-size = 10;
 set cache-index = all-attributes;
 set lookup-cache = true;

The logging file creates a "warn" log and sets the tracing to "error". The schema file is a group (.dxg) file because it includes a number of schema files, like x500.dxc. The settings and limits files have some defaults, but these lines may be removed from the initialization file if the defaults are suitable. The access controls file has no commands in it. The ssl file contains this command

 set ssl = { cert-dir = "config/ssld/personalities" ca-file = "config/ssld/trusted.pem" };

The file "trusted.pem" contains the trusted root certificates and the directory "personalities" contains the certificates and private keys to enable SSL/TLS communications. These are set up by the tool "dxcertgen".

The cache configuration defines the location of the datastore (../data), the size of the datastore (10 MB), and the indexes to create (all). The "set lookup-cache" commands causes the datastore to be mapped and the values to be indexed.

So the only file that needs to be created is the knowledge file, here "democorp.dxc".

Knowledge File

This is what democorp.dxc looks like

 # CA DXserver/config/knowledge/
 # Knowledge configuration file written by dxnewdsa

 set dsa "democorp" =
     prefix        = <c AU><o DemoCorp>
     dsa-name      = <cn "democorp">
     dsa-password  = "secret"
     address       = tcp "hostname" port 19389
     disp-psap     = DISP
     snmp-port     = 19389
     console-port  = 19390
     auth-levels   = anonymous, clear-password

Now, when we type "dxserver start democorp" on the command line, DXserver/DXgrid opens the file "config/servers/democorp.dxi" and reads the commands and files contained there, including the file "config/knowledge/democorp.dxc". The name ("democorp") in the "set dsa" command matches the server name in the "dxserver" command, so an instance of DXgrid is started with the connection information in the "set dsa" command and the settings contained in the other commands.

Note that, if using SSL, the "dsa-name" field will have to match the subject field in the certificate for the DSA.