Home -> Toolkit -> Docs -> 2.0 -> Mds

MDS 2.1 Server Administration

There are several issues of note when starting/running the OpenLDAP 2.0 slapd server for the GRIS used by MDS.

These issues are the following:

• Certificate and Proxy Locations

• Port Locations

• SASL Dynamic Libraries

• SASL Error Message

These issues are described in detail below.

Certificate and Proxy Locations

As described in MDS 2.1 Installation and Configuration, you start MDS with the following command:

{GLOBUS_LOCATION}./sbin/SXXgris start

This command starts the OpenLDAP 2.0 slapd server for the GRIS. The command does not require environment variables (GLOBUS_LOCATION).

The SXXgris start command is sensitive to the following:

• X509_CERT_DIR
• X509_USER_PROXY
• user proxy in /tmp

The X509_CERT_DIR environment variable should point to the directory where the CA certificates and signing policy files are kept in your specific environment. (Typically this is put in /etc/grid-security/certificates.)

X509_USER_PROXY usually should not be set unless you are an expert. There should be no user proxy in /tmp is you are running SLAPD (SXXgris, daemon). Refer to the GSI documentation (http://www.globus.org/toolkit/security/) for more information on certificates and user proxy.

Port Assignments

Earlier versions of MDS required that a GRIS be configured for the IANA-approved port 2135, while each instance of a GIIS on that same server operate on a different port, leaving the system administrator with the task of selecting appropriate port(s) for the GIIS service(s). With MDS 2.1, MDS introduces a consolidated slapd instance for all GRIS and and GIIS services on a given machine, thus requiring only a single port, which should be 2135. It is highly recommended that port 2135 be used for all MDS services. However, alternate ports can be selected by editing all the 2135 occurrences in install/etc/*.conf.

SASL Dynamic Libraries

MDS 2.1 requires SASL, which requires dynamically loaded libraries at runtime. This dependency is an issue for environments that do not support dynamic libraries, such as the Unicos operating system.  We have identified a feasible workaround, but it remains to be tested. Please contact the MDS group if you believe this will impact your environment.

SASL Error Message

There is an issue with a cryptic SASL error message.  If you get an error message that includes “SASL local bind error” (or something similar), confirm that GSI is functioning properly.  Test GSI with non-MDS commands, confirm that GSI is properly configured, and retry.  Consult the GSI documentation (http://www.globus.org/toolkit/security/).