Documente Academic
Documente Profesional
Documente Cultură
OTDS160000-CCS-EN-02
OpenText™ Directory Services
Tenant Management Guide
OTDS160000-CCS-EN-02
Rev.: 2016-July-21
This documentation has been created for software version 16.0.
It is also valid for subsequent software versions as long as no new document version is shipped with the product or is
published at https://knowledge.opentext.com.
Open Text SA
Tel: 35 2 264566 1
Tel: +1-519-888-7111
Toll Free Canada/USA: 1-800-499-6544 International: +800-4996-5440
Fax: +1-519-888-0677
Support: http://support.opentext.com
For more information, visit https://www.opentext.com
Copyright © 2016 Open Text SA or Open Text ULC (in Canada). All Rights Reserved.
Trademarks owned by Open Text SA or Open Text ULC (in Canada).
Disclaimer
Every effort has been made to ensure the accuracy of the features and techniques presented in this publication. However,
Open Text Corporation and its affiliates accept no responsibility and offer no warranty whether expressed or implied, for the
accuracy of this publication.
Table of Contents
1 OpenText™ Directory Services Tenant Management ............ 5
1.1 To Add a Tenant ............................................................................... 7
1.2 To Remove a Tenant ......................................................................... 7
1.3 To Disable a Tenant .......................................................................... 8
1.4 To Enable a Tenant ........................................................................... 8
1.5 To Rebuild a Degraded Index ............................................................ 9
1.6 To Replicate a Tenant to a New Replica Server .................................. 9
1.7 To Stop Replicating a Tenant ........................................................... 10
1.8 To Remove the Current Server from the Replication Topology ........... 10
1.9 To Remove a Replica ...................................................................... 11
1.10 To Reinitialize a Tenant ................................................................... 11
1.11 To Access a Tenant ........................................................................ 12
1.12 To Reset the OpenDJ Account Password ......................................... 13
Beginning with OpenText™ Directory Services (OTDS) 10.5 SP1, support has been
added for multi-tenancy. Multi-tenancy has been implemented in OTDS to ensure
that a single OTDS server can accommodate multiple OpenDJ back-ends. OTDS now
supports multiple tenants on a single system running in a single Tomcat or
WebSphere instance.
Each OpenDJ back-end has its own set of OTDS data: resources, user partitions,
access roles, authentication handlers, and system attributes. There is no shared
information between tenants, and no single-sign on between tenants. The current
OTDS administrator becomes the tenant administrator.
However, all tenants share the resources of the single server without any
prioritizations. Examples of resources can include Tomcat, WebSphere, CPU, and
memory. It may or may not be appropriate for all tenants to share those resources.
Consequently, multi-tenancy is not suitable as a solution for separate development,
test, and production environments. If Tomcat or WebSphere is stopped, OTDS is
stopped for all tenants. Multi-tenancy is intended for:
A default installation of Directory Services will set up a single, default, tenant back-
end, (dc=identity,dc=opentext,dc=net), that ensures that OTDS functions as
previous versions. The new command line, multi-tenancy interface is available to
create, delete, disable, enable, replicate, and reinitialize tenants. In addition, you can
rebuild the index data for a tenant.
In a given OTDS deployment, all tenants will be replicated across all servers in the
topology. Separate OTDS deployments can be created for hosting different QOS
levels for tenants. When a tenant is added or removed and a replication server exists
in your topology, you will be prompted to replicate the action to all replicas.
If a new OTDS server is added to a replication topology, and you wish to replicate
existing tenants to the new server, see “To Replicate a Tenant to a New Replica
Server” on page 9.
If a replica has been offline for an extended period of time, for example for more
than 3 days, or if there appear to be inconsistencies in a replica's LDAP back-end,
you can reinitialize the replica from one of the other servers in the replication
topology. For more information, see “To Reinitialize a Tenant” on page 11.
Configuration Requirements
Due to security considerations, the HTTP whitelist must be configured. After adding
a resource, the redirect URL for the resource must be added to the global HTTP
whitelist.
If this is not the case in your deployment, OpenDJ commands must be manually
executed to configure replication of tenants.
1. If you are working in a replicated environment, ensure that, before you begin,
you are on one of the servers that will host the tenant.
2. Open a command window, and then change directory to the OTDS installation
path:
cd <OTDS_installdir>\install
where:
<tenant_name>
is the unique name you have chosen for this tenant. The <tenant_name> is
lower case.
<tenant_Admin_password>
is the password for the tenant-specific otadmin@otds.admin account.
Caution
Do not use the same password as the cn=Directory Manager
account. No tenant should ever have access to this account.
1. If you are working in a replicated environment, ensure that, before you begin,
you are on the server that is hosting the tenant you want removed.
2. Open a command window, and then change directory to the OTDS installation
path:
cd <OTDS_installdir>\install
where:
<tenant_name>
is the name of the tenant you want to remove. The <tenant_name> is lower
case.
Note: This will only remove the tenant from the system. The tenant's data
is still maintained in the <OpenDJ>\db directory. If the data must be
deleted, delete the corresponding directory from the <OpenDJ>\db
directory manually.
1. If you are working in a replicated environment, ensure that, before you begin,
you are on the server that is hosting the tenant you want disabled.
2. Open a command window, and then change directory to the OTDS installation
path:
cd <OTDS_installdir>\install
where:
<tenant_name>
is the name of the tenant you want to disable. The <tenant_name> is lower
case.
Note: This disables the tenant. HTTP calls to any OTDS URL will result in
“403” status. Synchronized partitions will be stopped.
1. If you are working in a replicated environment, ensure that, before you begin,
you are on the server that is hosting the tenant you want enabled.
2. Open a command window, and then change directory to the OTDS installation
path:
cd <OTDS_installdir>\install
where:
<tenant_name>
is the name of the tenant you want to enable. The <tenant_name> is lower
case.
1. If you are working in a replicated environment, ensure that, before you begin,
you are on the server that is hosting the tenant whose indexes you want rebuilt.
2. Open a command window, and then change directory to the OTDS installation
path:
cd <OTDS_installdir>\install
where:
<tenant_name>
is the name of the tenant whose indexes you want rebuilt. The
<tenant_name> is lower case.
Note: You can use userRoot for the <tenant_name> in order to rebuild
indexes for the default back-end (dc=identity,dc=opentext,dc=net)
1. Open a command window, and then change directory to the OTDS installation
path:
cd <OTDS_installdir>\install
where:
<tenant_name>
is the name of the tenant you want to replicate. The <tenant_name> is lower
case.
<from_server>
is the name of the server from which you want to replicate the tenant.
<to_server>
is the name of the server to which you want to replicate the tenant.
<replication_port>
is the replication port number.
Note: You can use userRoot for the <tenant_name> in order to reinitialize
the default back-end (dc=identity,dc=opentext,dc=net)
1. If you are working in a replicated environment, ensure that, before you begin,
you are on the server that is hosting the tenant whose replication you want
stopped.
2. Open a command window, and then change directory to the OTDS installation
path:
cd <OTDS_installdir>\install
where:
<tenant_name>
is the name of the tenant whose replication you want to stop. The
<tenant_name> is lower case.
1. If you are working in a replicated environment, ensure that, before you begin,
you are on the server that you want to remove.
2. Open a command window, and then change directory to the OTDS installation
path:
cd <OTDS_installdir>\install
otdstenant -removeReplica
2. Open a command window, and then change directory to the OTDS installation
path:
cd <OTDS_installdir>\install
3. For each server that no longer exists, remove that server from cn=Servers,
cn=admin data.
4. For each server that no longer exists, remove that server from uniqueMember in
cn=all-servers,cn=Server Groups,cn=admin data.
1. If you are working in a replicated environment, ensure that, before you begin,
you are on the server that is hosting the tenant you want reinitialized.
2. Open a command window, and then change directory to the OTDS installation
path:
cd <OTDS_installdir>\install
where:
<tenant_name>
is the name of the tenant you want to reinitialize. The <tenant_name> is
lower case.
<from_server>
is the name of the server from which you want to reinitialize the tenant.
<to_server>
is the name of the server to which you want to reinitialize the tenant.
<replication_port>
is the replication port number.
Note: You can use userRoot for the <tenant_name> in order to rebuild
indexes for the default back-end (dc=identity,dc=opentext,dc=net)
<otds_server>
is the name you chose, during installation, of the OTDS server.
<port_number>
is the port number you chose during the installation of the OTDS server.
<otds_server>
is the name you chose, during installation, of the OTDS server.
<port_number>
is the port number you chose during the installation of the OTDS server.
<tenant_name>
is the name you chose for the tenant when it was created. The <tenant_name>
is lower case.
Note: Additional tenants can only be administered using the new web
administration client.
<otds_server>
is the name you chose, during installation, of the OTDS server.
<port_number>
is the port number you chose during the installation of the OTDS server.
<tenant_name>
is the name of the tenant you want to access. The <tenant_name> is lower
case.
1. Open a command window, and then change directory to the OTDS installation
path:
cd <OTDS_installdir>\install
where:
<password>
is the new password for the OpenDJ cn=Directory Manager account.
How do I identify that the entry count between a master and a replica(s) has
become out of sync?
It is possible that the entry count between a master and a replica(s) can become
out of sync. You can identify whether this has happened by running the
following command from the OpenDJ executable directory on the master server:
dsreplication status
How do I reset the entry count between a master and a replica(s) when they have
become out of sync?
In the event that you confirm that the entry count has become out of sync, you
can clear and rebuild the replica:
1. From the OpenDJ executable directory on the master server, run the
following command: dsreplication
2. When prompted, select option 3: “Initialize Replication on one Server”
3. When prompted for the source, specify the master server.
4. When prompted for the replica, specify the replication server that has
become out of sync with the master.