CA Directory. Installation Guide. r12

CA Directory Installation Guide r12 This documentation and any related computer software help programs (hereinafter referred to as the “Documentati...
Author: Myra Bates
13 downloads 0 Views 521KB Size
CA Directory

Installation Guide r12

This documentation and any related computer software help programs (hereinafter referred to as the “Documentation”) is for the end user’s informational purposes only and is subject to change or withdrawal by CA at any time. This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. This Documentation is confidential and proprietary information of CA and protected by the copyright laws of the United States and international treaties. Notwithstanding the foregoing, licensed users may print a reasonable number of copies of the documentation for their own internal use, and may make one copy of the related software as reasonably required for back-up and disaster recovery purposes, provided that all CA copyright notices and legends are affixed to each reproduced copy. Only authorized employees, consultants, or agents of the user who are bound by the provisions of the license for the product are permitted to have access to such copies. The right to print copies of the documentation and to make a copy of the related software is limited to the period during which the applicable license for the Product remains in full force and effect. Should the license terminate for any reason, it shall be the user’s responsibility to certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed. EXCEPT AS OTHERWISE STATED IN THE APPLICABLE LICENSE AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED OF SUCH LOSS OR DAMAGE. The use of any product referenced in the Documentation is governed by the end user’s applicable license agreement. The manufacturer of this Documentation is CA. Provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.2277014(b)(3), as applicable, or their successors. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. Copyright © 2007 CA. All rights reserved.

CA Product References This document references the following CA products: „

CA Embedded Entitlements Manager

„

eTrust Policy Compliance Manager

„

CA SiteMinder

Contact Technical Support For online technical assistance and a complete list of locations, primary service hours, and telephone numbers, contact Technical Support at http://ca.com/support.

Command Formatting Conventions In this guide, commands are shown in a different font from the main text, as in this example: get dynamic-group;

Variables that you must replace appear in italic text. In this example, replace assoc-number with the actual association number: abort user assoc-number;

If you must enter only one of a list of options, the options are shown separated by the pipe character |. In this example, you should choose either true or false: set access-controls = true | false;

Optional items are shown enclosed in square brackets, as the tag option is in this example: set admin-user [tag] = own-entry

If items can be repeated, this is shown by a trailing ellipsis ..., for example: item 1 [,item 2 ...]

File Location Convention Throughout this document, the CA Directory installation location is referred to as DXHOME. For example, if an explanation mentions the DXHOME/config/schema directory, this represents the following locations in a default installation: „

Windows: C:\Program Files\CA\Directory\dxserver\config\schema

„

UNIX: /opt/CA/Directory/dxserver/config/schema

Format of Distinguished Names The X.500 and LDAP communities differ in the way they write distinguished names (DNs): X.500 DNs are written from the top of the tree down, as in the following example:

LDAP DNs are written from the leaf entry up, as in the following example: cn=John Citizen, ou=Staff, o=Acme, c=US

If a portion of prefix is more than one word, you can enclose the whole prefix in quotes or just the problem portion. For example, both of these prefixes will work: o=“democorp test”,c=au “o=democorp test,c=au”

Note: Use a pair of quotes (“”) for a null DN.

Contents Chapter 1: CA Directory Components

9

Installation Packages .......................................................................... 9 Ingres Package ........................................................................... 10 Directory Package ........................................................................ 10 Embedded Entitlements Manager Package .................................................. 11 JRE Package .............................................................................. 11 Directory Management Package ............................................................ 11 JXplorer Package ......................................................................... 12 Directory Adaptor Package ................................................................ 13 What to Install on Each Computer ............................................................. 13 How the Recommended Computers Work Together .......................................... 13 Recommended Order of Computer Setup ................................................... 15 Example: A Large Directory Backbone ...................................................... 16 Example: A Test Installation, with Everything on One Computer ............................. 17 Supported Operating Environments ............................................................ 17 File Locations................................................................................. 18 Default Installation Locations on UNIX...................................................... 18 Default Installation Locations on Windows .................................................. 19 Installation Logging ........................................................................... 20

Chapter 2: Installing on Windows

21

Prepare to Install ............................................................................. 21 Design the Disk Configuration ............................................................. 22 Choose an Installation Method ............................................................. 23 User Permissions for Database DXtools on Windows ......................................... 23 Install Using the Product Explorer and Wizards ................................................. 24 Ingres Installation Options ................................................................ 25 Directory Installation Options .............................................................. 27 Embedded Entitlements Manager Installation Options ....................................... 28 Directory Management Installation Options ................................................. 29 Install Silently ................................................................................ 30 Create a Response File .................................................................... 31 Install the Directory Package Silently ....................................................... 32 Install the Directory Management Package Silently [Windows] ............................... 33

Contents 5

Chapter 3: Installing on UNIX

35

Prepare to Install ............................................................................. 35 Design the Disk Configuration ............................................................. 36 Choose an Installation Method ............................................................. 36 Install Using the Script ........................................................................ 37 Ingres Installation Options ................................................................ 38 Install the Directory Package Using a Command [UNIX] ..................................... 39 Embedded Entitlements Manager Installation Options ....................................... 39 Directory Management Installation Options ................................................. 40 Install Silently ................................................................................ 41 Create a Response File .................................................................... 41 Install Silently on UNIX.................................................................... 42 Activate the 64-Bit DXserver .................................................................. 45 Directory Installation Options.................................................................. 46

Chapter 4: Uninstalling on Windows

49

Prepare to Uninstall CA Directory .............................................................. 50 Uninstall Using the Product Explorer ........................................................... 51

Chapter 5: Uninstalling on UNIX

53

Prepare to Uninstall CA Directory .............................................................. 54 Uninstall CA Directory Using the dxuninst.sh Script ............................................. 55 Uninstall Ingres .............................................................................. 56

Chapter 6: Troubleshooting

57

Troubleshooting on UNIX ...................................................................... 57 Troubleshooting on Windows .................................................................. 60

Appendix A: Licenses for Third-Party Products

63

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library ................................ 64 Mozilla Public License v1.1 for xmlsec-nss .................................................. 66 xmlsec-gnutls ............................................................................ 77 Jakarta Velocity 1.3.1 ......................................................................... 78 Apache Software Foundation .................................................................. 80 Microsoft Cabinet File SDK .................................................................... 84 OpenLDAP ................................................................................... 85 OpenSSL ..................................................................................... 87 Original SSLeay License ................................................................... 89 Sun Java™ Web Services Developer Pack, Version 1.3 .......................................... 90

6 Installation Guide

Java Architecture for XML Binding (JAXB) 2.0 ................................................... 90 Libxml2 parser by Daniel Veillard .............................................................. 91

Contents 7

Chapter 1: CA Directory Components This section contains the following topics: Installation Packages (see page 9) What to Install on Each Computer (see page 13) Supported Operating Environments (see page 17) File Locations (see page 18) Installation Logging (see page 20)

Installation Packages CA Directory contains eight installation packages. You can install, upgrade, or uninstall each package separately from the others. The following diagram shows the installation packages (in grey), and which components are included in each package:

CA Directory Components 9

Installation Packages

Ingres Package The Ingres package contains an installation of Ingres, the open-source relational database. You should install this before the Directory package. After you install Ingres, the DXingres Tool runs automatically. This tunes the Ingres installation to work with CA Directory.

Directory Package The following diagram shows the components included in the Directory package:

DXserver DXserver is the central component of CA Directory. Each DSA uses a DXserver process. You can run many DSAs on one computer, but you need to install DXserver only once on each computer. Directory Samples The sample DSAs contain different DSA configurations and show different methods of populating a directory. You can use these samples to explore the CA Directory features before setting up your own directory. The files for the sample DSA are always installed when you install this package, but you need to run a script to set them up. For most directories, you should install the Ingres package on the same computer as the Directory package. The exceptions are for router DSAs and cache-only DSAs.

10 Installation Guide

Installation Packages

Embedded Entitlements Manager Package The Embedded Entitlements Manager package includes only Embedded Entitlements Manager. Embedded Entitlements Manager (CA EEM) is a CA product that secures access to DXmanager and lets you manage user accounts. Other CA products also use EEM, so it may already be installed. If so, DXmanager can use this installation. Ensure that you remember the password you create during installation. You will need this password when you connect DXmanager to Embedded Entitlements Manager.

JRE Package The JRE package contains the Java Runtime Environment, which is required by the Directory Management components and JXplorer. If you connect to DXmanager from a computer that does not have JRE installed, DXmanager automatically tries to download it from the Sun website. To avoid this, install JRE on all computers that you plan to use to connect to DXmanager.

Directory Management Package The following diagram shows the components included in the Directory Management package:

CA Directory Components 11

Installation Packages

The Directory Management components require JRE. DXmanager DXmanager is a web application that lets you monitor, configure, and control DSAs. If you also set up Embedded Entitlements Manager, you can give users permission to monitor only, to stop and start DSAs, or to change the directory configuration. JXweb JXweb is a web-based LDAP browser and editor. You can use JXweb to browse, search, configure, and update the directory. CA Directory Web Server DXmanager, JXweb, and the web samples require this web server. Documentation This is the HTML version of the documentation. This includes information about administration, installation, integration with other products, and reference information. Web Samples This component includes the following sample applications: „

„

„

„

The DSML Server translates between DSML and LDAP, which lets client applications that use DSML communicate with CA Directory without using LDAP directly. The SAML Server is a lightweight SAML attribute server that implements some of the SAML Standard 1.0. The SPML server receives add, modify, and delete, user requests and changes the underlying directory appropriately. The UDDI Server is a UDDI registry that can manage your web service requirements.

JXplorer Package The JXplorer package includes only JXplorer. JXplorer is an open-source Javabased LDAP browser and editor. JXplorer lets you do the following: „

Browse and edit any directory that supports LDAP or DSML

„

Load and unload LDIF files to and from a directory

„

Display directory data by using configurable HTML templates

„

Use SSL to communicate securely and SASL for secure certificate-based authentication

JXplorer requires JRE.

12 Installation Guide

What to Install on Each Computer

Directory Adaptor Package The Directory Adaptor package includes the Directory Adaptor only.

What to Install on Each Computer Before you install CA Directory, you should work out which packages you want to install on each computer. You can install the components on computers with different operating systems. The following diagram shows the computers that we recommend you use to make up your directory backbone, and which packages you should install on each computer:

The packages shown with dotted lines are optional.

How the Recommended Computers Work Together This section describes how the CA Directory components on each of these computers work together.

CA Directory Components 13

What to Install on Each Computer

Administrator's Computer Each administrator and operator uses one of these computers to monitor and maintain the directory. Each administrator and operator connects to DXmanager and JXweb on the Directory Management server. Both of these components require that JRE be installed locally.

Directory Management Server The directory management server is the computer on which you have installed the Directory Management package, which includes DXmanager. The administrator and operators connect to this computer to run DXmanager, JXweb, and the documentation, which are all included in the Directory Management package. DXmanager connects to Embedded Entitlements Manager on the authentication server. JRE must also be installed on this computer because DXmanager requires it.

Authentication Server The authentication server contains Embedded Entitlements Manager, to which DXmanager delegates user authentication and authorization. Embedded Entitlements Manager is used by other CA products, so if it is already installed, you can use that version. Embedded Entitlements Manager uses CA Directory to store user details.

Directory Hosts A host is a single computer with CA Directory installed on it. A single host may serve one or more namespace partitions. You can set up many of these hosts, and distribute and replicate the directory data across them. The Directory and Ingres packages are installed on each of these computers. You can also install JXplorer (which requires JRE).

Shared Files The HTML version of the documentation is included in the Directory Management package. However, because some people prefer to use a PDF version of the documentation, you can install the Documentation package on a shared computer where everyone can access it.

14 Installation Guide

What to Install on Each Computer

Recommended Order of Computer Setup If you use the recommended computers, you should set them up in this order: 1.

Set up the authentication server as follows: a.

Install the Ingres package.

b.

Install the Directory package.

c.

Install the Embedded Entitlements Manager package.

d.

Allow access to TCP port 5250. This is the port that DXmanager will use to communicate with Embedded Entitlements Manager. You may need to manually set your firewall to open this port.

2.

Set up the directory management server as follows: a.

Install the JRE package.

b.

Install the Directory Management package.

c.

(Optional) Allow access to TCP ports 8080 or 8443 (or both). If you plan to access DXmanager using a web browser on another computer, you must open one or both of these ports. Port 8080 allows unsecure access using HTTP, and port 8443 allows secure access using HTTPS.

3.

Set up the directory hosts as follows: a.

(Optional) Install Ingres. Note: If you do not install Ingres, you can run only router and cacheonly DSAs on this computer.

b.

Install the Directory package.

c.

Allow access to TCP port 2123. This standard LDAP port is used for communication between DXadmind and DXmanager. You may need to manually set your firewall to open this port.

4.

d.

(Optional) Install JRE. You need to install this only if you plan to install JXplorer.

e.

(Optional) Install JXplorer.

Install the JRE package on the administrators' computers.

CA Directory Components 15

What to Install on Each Computer

Example: A Large Directory Backbone This example shows you how a company with a huge amount of data implements a large directory backbone. Company A is a huge telecommunications company with more than one hundred million customers. These customer details are stored in a directory that is distributed across fifteen sites in four regions. To maintain this directory backbone, each region has three directory administrators (one is always on shift). Each site has three operators (one is always on shift). The operators monitor the directory. Only the administrators can change the directory configuration. DXmanager is set up to allow the following levels of access to the directory: „

Administrators can monitor, control, and configure the directory.

„

Operators can monitor the directory only.

Computers Used by Company A for the Directory Backbone Company A uses the following types of computers for its directory backbone:

Type of Computer

Number Required

Comments

Directory Hosts

15 (One for each site)

Directory data is replicated between the servers. Some of these servers run on Linux and some run on UNIX.

Directory Management Server

4 (One for each region)

Authentication Server

4 (One for each region)

Each administrator's computer connects to the local directory management server. This server runs on UNIX. Each instance of DXmanager connects to the local authentication server. User data is replicated between the servers. This server runs on Linux.

Administrators' Computer

27

There are three administrators for each of the four regions, each of whom needs their own computer. There are three operators for each of the fifteen sites, but the operators at a site can share a single computer, because only one is on shift at a time. These computers all run on Windows.

16 Installation Guide

Supported Operating Environments

Example: A Test Installation, with Everything on One Computer In this example, a systems administrator wants to see how CA Directory works. To do this, he wants to install all of the CA Directory components on one Windows computer. The administrator should install the following packages on the test computer, in this order: 1.

JRE package

2.

JXplorer package

3.

Ingres package

4.

Directory package

5.

Embedded Entitlements Manager package

6.

Directory Management package

Supported Operating Environments You can install CA Directory on Windows, UNIX, and Linux platforms. Check the Readme for the supported versions. For Solaris, Linux, and Windows, CA supplies a different CD for each. For the other operating environments, you can download the installation packages from CA Support.

File Locations This section lists the file structure and default file locations in CA Directory. For a list of restrictions on the name of the installation directory, see the Readme.

CA Directory Components 17

File Locations

Default Installation Locations on UNIX The following tables list the default locations for the modules in CA Directory on UNIX. The default $DXHOME location is /opt/CA/Directory/dxserver. To customize these locations during installation, you should run a custom installation or use the dxsetup command.

Directory Component

Default Location

DXserver

$DXHOME

DXtools

$DXHOME/bin

Sample DSAs and Tools

$DXHOME/samples

Documentation

$DXHOME/../documentation

DXconsole

$DXHOME/../ttermpro

Web Component

Default Location

DXwebserver

$DXHOME/../dxwebserver

DXmanager

$DXHOME/../dxwebserver/webapps/dxmanager

JXweb

$DXHOME/../dxwebserver/webapps/jxweb

DSML Server

$DXHOME/../dxwebserver/webapps/dsml

Sample Web Applications $DXHOME/../dxwebserver/samples

Default Installation Locations on Windows The following tables list the default locations for the modules in CA Directory on Windows. The default %DXHOME% location is C:\Program Files\CA\Directory\dxserver. To customize these locations during installation, you should run a custom installation or use the dxsetup command.

18 Installation Guide

Directory Component

Default Location

DXserver

%DXHOME%

DXtools

%DXHOME%\bin

Sample DSAs and Tools

%DXHOME%\samples

Documentation

%DXHOME%\..\documentation

DXconsole

%DXHOME%\..\ttermpro

Installation Logging

Web Component

Default Location

DXwebserver

%DXHOME%\..\dxwebserver

DXmanager

%DXHOME%\..\dxwebserver\webapps\dxmanager

JXweb

%DXHOME%\..\dxwebserver\webapps\jxweb

DSML Server

%DXHOME%\..\dxwebserver\webapps\dsml

Sample Web Applications %DXHOME%\..\dxwebserver\samples Supporting Product

Default Location

Ingres

C:\Program Files\CA\Ingres [II]\ingres

Java Runtime Environment

C:\Program Files\Java\JRE-version

Embedded Entitlements Manager

C:\Program Files\CA\SharedComponents\EEM

where JRE-version is the JRE version number.

Installation Logging All installations are logged. The installation log is created in the temporary directory (/tmp on UNIX and %TEMP% on Windows). When the installation or upgrade has completed successfully, the file is copied to the ../DXHOME location. If the DXHOME environment variable is not defined or the installation does not complete successfully, the installation log is left in the temporary directory.

CA Directory Components 19

Chapter 2: Installing on Windows This section contains the following topics: Prepare to Install (see page 21) Install Using the Product Explorer and Wizards (see page 24) Install Silently (see page 30)

Prepare to Install Before you start installing CA Directory, follow these steps: 1.

Back up any existing data. You should back up the directory data, plus any schema files and configuration files that you have customized.

2.

Check the Readme for system requirements.

3.

Design the disk configuration (see page 22).

4.

Ensure that the computer has a CD-ROM drive, or that you can access a remote CD-ROM drive on the same network.

5.

Choose an installation method (see page 23).

6.

Log in as a user with administrative permissions.

Note: For instructions about upgrading to CA Directory r12, see Upgrading to CA Directory r12 in the Administration Guide.

Installing on Windows 21

Prepare to Install

Design the Disk Configuration To improve recovery and performance, you should store the database information on a separate physical disk from the product files. Be sure that the drives you choose are actually on separate physical disks. Do not use a single physical disk partitioned into multiple drives. In Windows Explorer, partitions local to the computer have Local Disk displayed in the Type column. You can configure and view logical and physical drives using the Windows Disk Administrator. In addition to the system requirements listed in the Readme, the disk space required for directory information is approximately 20 times the raw data size. This provides space for backups, journals, indexing, tuning, loading, and preprocessing. For information about disk configurations such as mirrored disks and RAID, contact Customer Support.

Example: Disk Configuration In the following example of the layout of a typical installation, the C and D drives are on separate physical disks: The C drive CA Directory product files Ingres product files Ingres transaction log The D drive Directory information (database files) Ingres checkpoints (database backups) Ingres journals Ingres work area

22 Installation Guide

Prepare to Install

Choose an Installation Method You can install CA Directory on Windows in the following ways: Installation wizard (see page 24) The Product Explorer lets you install each package in CA Directory. Each package has a separate installation wizard. Silent installation (see page 30) You can install the Directory and Directory Management packages silently. This means that no user input is required during the installation process, and no feedback from the installation process appears on the screen. You cannot install the other packages silently.

User Permissions for Database DXtools on Windows CA Directory r12 includes Ingres r3. The security of Ingres r3 is tighter than in previous Ingres versions, which has changed how CA Directory works. For releases of CA Directory before r8.1, any user could run all of the DXtools. This means that any user could load, destroy, or back up databases. Now, any user with Ingres privileges (including users created by the DXadduser tool) can manage databases with the DXtools. However, each Ingres user can manage only those databases they created. This is similar to how CA Directory has always worked on UNIX. The DXserver services now log on as LocalService, which is added as an Ingres user. This applies to the following situations: „

CA Directory r12 installed on a clean computer

„

eTrust Directory r8 SP1 upgraded to CA Directory r12 and Ingres r3

Installing on Windows 23

Install Using the Product Explorer and Wizards

Install Using the Product Explorer and Wizards Using the Product Explorer, you can install any of the CA Directory packages. For Directory and Directory Management, you can instead create a response file to install silently at a later time. To install using the Product Explorer and wizards 1.

Log in as a user with administrator privileges.

2.

Insert the CA Directory installation CD. The Product Explorer starts automatically. If the Product Explorer does not start automatically, navigate to the CD drive and open the PE_i386.EXE file.

3.

From the Product Explorer menu, select the package you want to install.

4.

Click Install and follow the prompts. During the installation, the wizard will prompt you to supply information. The Wizards for Directory and Directory management wizards give you the option of saving the response in a response file. The following sections describe the information you need for each package:

24 Installation Guide

„

Ingres (see page 25)

„

Directory (see page 27)

„

Embedded Entitlements Manager (see page 28)

„

Directory Management (see page 29)

Install Using the Product Explorer and Wizards

Ingres Installation Options The Ingres installation wizard lets you choose between running a complete or custom installation, as follows: Complete installation All components are installed and the default values are used. Custom installation You can change the values of all of the items listed here. We recommend that you choose a custom installation, using the values in the following table:

Ingres Information

Recommendation

Description

Installation Identifier

Accept the default (II).

This identifies this instance of Ingres on this computer. A computer can have more than one instance of Ingres installed on it, and each of these would have a different installation identifier.

License Agreement

Read, and accept it if you agree.

Setup Type

Select Custom.

A custom installation lets you choose which components to install.

Program Features

Clear most components, leaving only these components selected:

If you do not install a component and you later find that you need it, run this installation wizard again and add that component. The rest of the Ingres installation will be unaffected.

„

Ingres DBMS

„

Ingres/Net, TCP/IP

„

Ingres Documentation

Start Ingres Service Automatically at System Startup

Select this check box.

Service Password

Enter the password of the installing user account.

Time Zone

Choose the correct time zone.

Character Set

Accept the default (WIN1252).

Terminal

Accept the default (IBMPCD).

This automatically starts Ingres when you start the computer.

This affects the way times and dates are displayed.

Installing on Windows 25

Install Using the Product Explorer and Wizards

Ingres Information

Recommendation

Description

Install Read Only ODBC Driver Accept the default (not selected). Assign privileges to a user

Select Yes.

The user who installs Ingres must have these privileges.

Database File Locations

Use at least two locations:

You should place the working files (database and work) on a different disk from the backup files (checkpoint, journal, and dump). This will let you recover the database if either of the disks fails.

„

Location A: Database and Work

„

Location B: Checkpoint, Journal, and Dump

Transaction Log File Size

Enter 256 MB.

Transaction Log Location

Accept the default, or enter a different path.

Dual Log Location

Accept the default (not selected).

ANSI/ISO Entry SQL-92

Accept the default (not selected).

After the Ingres installation wizard finishes, the DXingres tool automatically runs. This tool tunes Ingres to work with CA Directory. For information about other installation options, see the Ingres Getting Started and the Ingres Getting Started for Linux documents, which you can download from the Ingres site.

26 Installation Guide

Install Using the Product Explorer and Wizards

Directory Installation Options Before you install the Directory package, ensure that the Ingres package has already been installed. The Directory installation wizard lets you choose between running a complete or custom installation, as follows: Complete installation All components are installed and the default values are used. Custom installation You can change the values of all of the items listed here. We recommend that you choose a custom installation, using the values in the following table:

Directory Information

Recommendation

License Agreement

Read, and accept it if you agree.

Setup Type

Custom

Installation Location

Accept the default.

Program Features

Accept the default, which installs these components: „

Documentation

„

DXserver

Description

A custom installation lets you choose which components to install.

If you do not install a component and you later find that you need it, run this installation wizard again and add that component. The rest of the Directory installation will be unaffected.

Will you be using Ingres?

Yes, unless you know this computer will only host router or cache-only DSAs.

Data DSAs use Ingres. Only router and cache-only DSAs can work without Ingres.

Trusted DXmanager Host

Enter the name of the computer that contains the DXmanager installation that you trust.

This instance of DXmanager can monitor and control the directory.

Port

Accept the default (2123)

This standard LDAP port is used for communication between DXadmind and DXmanager. You will need to enter this port number when you set up a backbone in DXmanager.

Installing on Windows 27

Install Using the Product Explorer and Wizards

Directory Information

Recommendation

Description

Password

Enter the password that DXmanager will This password is used for communicating between DXadmind use when contacting DXadmind on this and DXmanager. computer. You will need to enter this password when you set up a backbone in DXmanager.

Embedded Entitlements Manager Installation Options Before you can install the Embedded Entitlements Manager package, you must install the Ingres package. The following information is required when you install Embedded Entitlements Manager: Destination folder Defines the installation location for Embedded Entitlements Manager. EIAM Admin password Specifies the password for a user account that will be created in Embedded Entitlements Manager. This user account is allowed to create other users.

28 Installation Guide

Install Using the Product Explorer and Wizards

Directory Management Installation Options The Directory Management installation wizard lets you choose between running a complete or custom installation, as follows: Complete installation All components are installed and the default values are used. Custom installation You can change the values of all of the items listed here. We recommend that you choose a custom installation, using the values in the following table:

Directory Management Information

Recommendation

License Agreement

Read, and accept it if you agree.

Setup Type

Custom

Installation Location

Accept the default.

DXwebserver Port Numbers

Accept the defaults, unless one is already in use on this computer:

Program Features

Embedded Entitlements Manager Server Location

„

Secure port: 8443

„

Shutdown port: 8005

Accept the default, which installs all of the following components: „

CA Directory Web Server

„

JXweb

„

DXmanager

„

DSML

„

Documentation

Description

A custom installation lets you choose which components to install.

If you do not install a component and you later find that you need it, run this installation wizard again and add that component. The rest of the Directory Management installation will be unaffected.

Select the location of the Embedded Entitlements Manager that you will use to manage DXmanager users.

Installing on Windows 29

Install Silently

Directory Management Information

Recommendation

Description

Embedded Entitlements Manager Server Superuser Details

Enter the name and password of the DXmanager superuser.

This user will be created in Embedded Entitlements Manager. Later, you will be able to sign in to DXmanager using these details, and receive superuser permissions.

Install Silently In a normal installation, the user enters information during the installation process. In a silent installation, the user's information is stored in a response file. A response file is a text file that supplies information to be used during the installation process. This input would usually be supplied by the user during the installation process. When the installation program requires input, it checks the response file and uses the information there. This means that the installation runs silently; no installation screens appear, and no command prompt is required. Note: If you run an installation from a response file that has errors or omissions, error messages are written to the screen and the installation quits. Before you can install silently, you must create a response file for each of the Directory and Directory Management packages.

30 Installation Guide

Install Silently

Create a Response File You cannot use a text editor to create or edit the data in a response file. To create a new response file, follow these instructions. You should create a response file on a computer that does not have any version of CA Directory installed. To create a response file 1.

Follow the instructions for installing CA Directory using the Product Explorer (see page 24).

2.

On the last screen of the installation wizard, select the Create Response File option, and then click Finish.

3.

Select the location to save the response file.

4.

Save the command by clicking Copy.

5.

(Optional) Continue the installation on this computer by clicking Next, Install.

Installing on Windows 31

Install Silently

Install the Directory Package Silently Before you can install the Directory package silently, you must create a response file (see page 31). To install the Directory package silently 1.

Insert the CA Directory installation CD.

2.

Open a command prompt.

3.

Change to the following directory: CD-ROM\dxserver\windows

4.

Run the dxsetup command, as follows: dxsetup RESPONSE_FILE=fileSpec ETRDIR_DXADMIND_PASSWORD=password

RESPONSE_FILE=fileSpec Specifies the response file, including the path name. If the file specification includes spaces, then enclose it in quotation marks. ETRDIR_DXADMIND_PASSWORD=password Sets the DXadmind user password. This is used for communication between DXmanager and DXadmind. Example: Installing the Directory Package The following example installs the components based on the response file in C:\cadir.rsp: dxsetup RESPONSE_FILE=C:\cadir.rsp ETRDIR_DXADMIND_PASSWORD=dxadmind

32 Installation Guide

Install Silently

Install the Directory Management Package Silently [Windows] Before you can install the Directory Management package silently, you must create a response file (see page 31). To install the Directory Management package silently 1.

Insert the CA Directory installation CD.

2.

Open a command prompt window.

3.

Change to the following directory: CD-ROM\webcomponents\windows

4.

Run the dxwebsetup command as follows: dxwebsetup RESPONSE_FILE_FOLDER=path RESPONSE_FILE_NAME=filename DXMANAGER_PASSWORD=password EIAM_ADMIN_USER_PASSWORD=password

RESPONSE_FILE_FOLDER=path Specifies the location of the response file. RESPONSE_FILE_NAME=filename Specifies the name of the response file. DXMANAGER_PASSWORD=password Specifies the password for the DXmanager superuser. EIAM_ADMIN_USER_PASSWORD=password Specifies the password for the Embedded Entitlements Manager administrative user.

Installing on Windows 33

Chapter 3: Installing on UNIX In this chapter, references to UNIX also include Linux. This section contains the following topics: Prepare to Install (see page 35) Install Using the Script (see page 37) Install Silently (see page 41) Activate the 64-Bit DXserver (see page 45) Directory Installation Options (see page 46)

Prepare to Install Before you start installing CA Directory, follow these steps: 1.

Back up any existing data. You should back up the directory data, plus any schema files and configuration files that you have customized.

2.

Check the Readme for system requirements.

3.

Design the disk configuration (see page 36).

4.

Ensure that the computer has a CD-ROM drive, or that you can access a remote CD-ROM drive on the same network.

5.

Choose an installation method (see page 36).

6.

Log in as root.

Note: For instructions about upgrading to CA Directory r12, see Upgrading to CA Directory r12 in the Administration Guide.

Installing on UNIX 35

Prepare to Install

Design the Disk Configuration To improve recovery and performance, you should store the database information on a separate physical disk from the Ingres installation. Example: Disk Configuration In the following example of the layout of a typical installation, the /local partition is on a separate physical disk: /opt/CA DXserver product files Ingres product files Ingres transaction log /local/CA Directory information (database files) Ingres checkpoints (database backups) Ingres journals Ingres work area For information about disk configurations such as mirrored disks and RAID, contact Technical Support at http://ca.com/support.

Choose an Installation Method You can install CA Directory on UNIX in the following ways: Installation script (see page 37) The installation script lets you install each package in CA Directory. This script prompts you to enter information as the installation progresses. Silent installation (see page 30) You can install the Directory and Directory Management packages silently (or unattended). This means that no user input is required during the installation process, and no feedback from the installation process appears on the screen. You cannot install the other packages silently.

36 Installation Guide

Install Using the Script

Install Using the Script The installation script lets you install any of the CA Directory packages. To install using the script 1.

Log in as root.

2.

(Optional) Mount the CD-ROM drive.

3.

Run the following installation script: ./dxinstall.sh

The following options appear: CA Directory Installation Copyright 2006 CA. All rights reserved. ---- OPTIONS ------------------------------------------------------------1. Install Directory components (DXserver, Docs, Samples) 2. Install Directory Management package (Tomcat, DXmanager) ---- Supporting Products ------------------------------------------------3. Install Ingres 4. Install JRE 5. Install JXplorer 6. Install CA Embedded Entitlements Manager 0. EXIT -------------------------------------------------------------------------Please select an option [1]

4.

Enter a number to select one of the packages. The installation script for the package you selected begins. During the installation, the script will prompt you to supply information. The following sections describe the information you need for each package: „

Ingres (see page 38)

„

Directory (see page 46)

„

Embedded Entitlements Manager (see page 28)

„

Directory Management (see page 40)

Installing on UNIX 37

Install Using the Script

Ingres Installation Options The Ingres installation script lets you choose between running a complete or custom installation, as follows: Complete installation All components are installed and the default values are used. Custom installation You can change the values of all of the items listed here. We recommend that you choose a custom installation, using the values in the following table:

Ingres Information

Recommendation

Description

Time Zone

Choose the correct time zone.

This affects the way times and dates are displayed.

Database File Locations

Use at least two locations:

You should place the data files (database) on a different disk from the working and backup files (work, checkpoint, journal, and dump). This will let you recover the database if either of the disks fails.

Transaction Log Location

„

Location A: Database

„

Location B: Work, Checkpoint, Journal, and Dump

Accept the default, or enter a different path. After the Ingres installation script finishes, the DXingres tool automatically runs. This tool tunes Ingres to work with CA Directory. For information about other installation options, see the Ingres Getting Started and the Ingres Getting Started for Linux documents, which you can download from the Ingres site.

38 Installation Guide

Install Using the Script

Install the Directory Package Using a Command [UNIX] You can install the Directory package using the use dxsetup command To install the Directory package using a command 1.

Log in as root.

2.

Insert the CA Directory installation CD (if required).

3.

Open a command prompt.

4.

Change to the following directory: CD-ROM/dxserver/install

5.

Run the dxsetup script, as follows: ./dxsetup.sh [-nodocs] [-r source_directory]

-nodocs Installs the Directory package without installing the user documentation. -r source_directory Runs dxsetup from a location other than the current directory.

Embedded Entitlements Manager Installation Options Before you can install the Embedded Entitlements Manager package, you must install the Ingres package. The following information is required when you install Embedded Entitlements Manager: Destination folder Defines the installation location for Embedded Entitlements Manager. EIAM Admin password Specifies the password for a user account that will be created in Embedded Entitlements Manager. This user account is allowed to create other users.

Installing on UNIX 39

Install Using the Script

Directory Management Installation Options The Directory Management installation script lets you choose between running a complete or custom installation, as follows: Complete installation All components are installed and the default values are used. Custom installation You can change the values of all of the items listed here. We recommend that you choose a custom installation, using the values in the following table:

Directory Management Information

Recommendation

License Agreement

Read, and accept it if you agree.

Setup Type

Custom

Installation Location

Accept the default.

DXwebserver Port Numbers

Accept the defaults, unless one is already in use on this computer:

Program Features

„

Secure port: 8443

„

Shutdown port: 8005

Accept the default, which installs all components: „

CA Directory Web Server

„

JXweb

„

DXmanager

„

Documentation

Embedded Entitlements Manager Server Location

Select the location of the Embedded Entitlements Manager that you will use to manage DXmanager users.

Embedded Entitlements Manager Server Superuser Details

Enter the name and password of the DXmanager superuser.

40 Installation Guide

Description

A custom installation lets you choose which components to install.

If you do not install a component and you later find that you need it, run this installation wizard again and add that component. The rest of the Directory Management installation will be unaffected.

This user will be created in Embedded Entitlements Manager. Later, you will be able to sign in to DXmanager using these details, and receive superuser permissions.

Install Silently

Install Silently In a normal installation, the user enters information during the installation process. In a silent installation, the user's information is stored in a response file. A response file is a text file that supplies information to be used during the installation process. This input would usually be supplied by the user during the installation process. When the installation program requires input, it checks the response file and uses the information there. This means that the installation runs silently; no installation screens appear, and no command prompt is required. Note: If you run an installation from a response file that has errors or omissions, error messages are written to the screen and the installation quits. Before you can install silently, you must create a response file for each of the Directory and Directory Management packages.

Create a Response File You cannot use a text editor to create or edit the data in a response file. To create a new response file, follow these instructions. You should create a response file on a computer that does not have any version of CA Directory installed. To create a response file, use one of the following commands: „

dxsetup Command—Create a Response File for the Directory Package (see page 42)

„

dxwebsetup Command—Create a Response File for the Directory Management Package (see page 42)

Installing on UNIX 41

Install Silently

dxsetup Command—Create a Response File for the Directory Package [UNIX] Dxsetup creates a response file that you can use to install the Directory package. The default directory for the file dxsetup.sh is dxserver/install/. The installation procedure does not move it. The command has the following format: ./dxsetup.sh [-nodocs][-r source_directory] -write_responses filename [-dxuser [username] -dxadmindpass [password]] -default

-nodocs Install the Directory package without installing the user documentation. -r source_directory Run dxsetup from a location other than the current directory. -write_responses filename Creates a response file at the specified location.

dxwebsetup Command—Create a Response File for the Directory Management Package Dxwebsetup creates a response file that you can use to install the Directory Management package. The command has the following format: ./dxwebsetup.sh [-r source_directory] -write_responses filename

-r source-directory Run dxwebsetup from a location other than the current directory. -write_responses /filename Creates a response file at the specified location.

Install Silently on UNIX To install silently using a response file, use one of the following commands:

42 Installation Guide

„

dxsetup Command—Silently Install the Directory Package (see page 43)

„

dxwebsetup Command—Silently Install the Directory Management Package (see page 44)

Install Silently

dxsetup Command—Install the Directory Package Silently [UNIX] The dxsetup command installs the directory package silently. Note: If the ingres and dsa users did not exist before, this installation creates them without passwords. You should assign passwords to these users. This command has the following format: ./dxsetup.sh -silent -responsefile filename

-silent Installs the package with no user interaction, using the defaults in the response file. If the standard response file is used, the user is still prompted to accept the EULA. If a previously generated response file is used, then the EULA has already been accepted and no user interaction is required. This is identical to the old -default option, which is still valid. -responsefile filename Installs the package using the options listed in the specified response file.

Installing on UNIX 43

Install Silently

dxwebsetup Command—Install the Directory Management Package Silently [UNIX] The dxwebsetup command installs the directory management package silently. This command has the following format: ./dxwebsetup.sh -silent -responsefile filename

-silent Installs the package with no user interaction, using the defaults in the response file. If the standard response file is used, the user is still prompted to accept the EULA. If a previously generated response file is used, then the EULA has already been accepted and no user interaction is required. This is identical to the old -default option, which is still valid. -responsefile /filename Installs the package using the options listed in the specified response file.

44 Installation Guide

Activate the 64-Bit DXserver

Activate the 64-Bit DXserver A 64-bit DXserver is included in those UNIX packages that contain $DXHOME/bin/lp64. To switch from 64-bit back to 32-bit, remove the additional lines from the login scripts. To activate the 64-bit DXserver 1.

For the user dsa, add the path $DXHOME/bin/lp64 to the $PATH variable. To do this, add the following lines to the end of the .dxcshrc login script (by default this is in $DXHOME/install/.dxcshrc): # 64-bit DXserver set path = ($DXHOME/bin/lp64 $path )

2.

Add the following lines to the end of the .dxprofile login script (by default this is in $DXHOME/install/.dxprofile): # 64-bit DXserver PATH=$DXHOME/bin/lp64:${PATH} export PATH

Installing on UNIX 45

Directory Installation Options

Directory Installation Options Before you install the Directory package, ensure that the Ingres package has already been installed. The Directory installation script lets you choose between running a complete or custom installation, as follows: Complete installation All components are installed and the default values are used. Custom installation You can change the values of all of the items listed here. We recommend that you choose a custom installation, using the values in the following table:

Directory Information

Recommendation

License Agreement

Read, and accept it if you agree.

Setup Type

Custom

Installation Location

Accept the default.

Program Features

Accept the default, which installs these components: „

DXserver

„

Documentation

Description

A custom installation lets you choose which components to install.

If you do not install a component and you later find that you need it, run this installation wizard again and add that component. The rest of the Directory installation will be unaffected.

DXadmind Hostname

Accept the default (the name of the local computer).

This is the computer that contains the DXmanager installation that you trust.

DXadmind Port

Accept the default (2123).

This standard LDAP port is used for communication between DXadmind and DXmanager. You will need to enter this port number when you set up a backbone in DXmanager.

46 Installation Guide

Directory Installation Options

Directory Information

Recommendation

Description

DXadmind Password

Enter the password that DXmanager will This password is used for communication between DXadmind use when contacting DXadmind on this and DXmanager. computer. You will need to enter this password when you set up a backbone in DXmanager.

Installing on UNIX 47

Chapter 4: Uninstalling on Windows This section contains the following topics: Prepare to Uninstall CA Directory (see page 50) Uninstall Using the Product Explorer (see page 51)

Uninstalling on Windows 49

Prepare to Uninstall CA Directory

Prepare to Uninstall CA Directory To prevent you from accidentally removing databases which may still be required by other applications, you cannot uninstall CA Directory if any DSAs still exist. If you try to uninstall CA Directory without removing the DSAs and destroying the databases, an error message appears and the uninstallation terminates. If this happens, you have two options: „

If other applications use the databases, you can uninstall just the CA Directory components you no longer need and leave Ingres installed.

„

If you are sure that no other applications use the databases, you can remove all DSAs, remove all SSLDs, and destroy all databases.

To prepare to uninstall CA Directory 1.

(Recommended) Back up all databases.

2.

Stop all DSAs, using the following command: dxserver stop all

3.

Remove all DSAs, using the following command for each DSA listed in the output of the previous command: dxserver remove dsa-name

4.

Stop and remove any SSLD servers that are running, using the following commands: ssld stop all ssld remove all

5.

Stop and remove any TLSclient services that are running, using the following commands: tlsclient stop all tlsclient remove all

6.

Use the following command to list all of the existing databases: dxlistdb

7.

Remove all databases, using the following command for each database listed by the previous command: dxdestroydb database-name

You are now ready to uninstall CA Directory from this computer.

50 Installation Guide

Uninstall Using the Product Explorer

Uninstall Using the Product Explorer The Product Explorer lets you uninstall each package in CA Directory. Each package has a separate uninstallation wizard. To uninstall using the Product Explorer and wizards 1.

Log in as a user with administrator privileges.

2.

Insert the CA Directory installation CD. The Product Explorer starts automatically. If the Product Explorer does not start automatically, navigate to the CD drive and open the PE_i386.EXE file.

3.

From the Product Explorer menu, select the package you want to uninstall.

4.

Click Uninstall and follow the prompts.

Uninstalling on Windows 51

Chapter 5: Uninstalling on UNIX In this chapter, references to UNIX also include Linux. This section contains the following topics: Prepare to Uninstall CA Directory (see page 54) Uninstall CA Directory Using the dxuninst.sh Script (see page 55) Uninstall Ingres (see page 56)

Uninstalling on UNIX 53

Prepare to Uninstall CA Directory

Prepare to Uninstall CA Directory To prevent you from accidentally removing databases which may still be required by other applications, you cannot uninstall CA Directory if any DSAs still exist. If you try to uninstall CA Directory without removing the DSAs and destroying the databases, an error message appears and the uninstallation terminates. If this happens, you have two options: „

If other applications use the databases, you can uninstall just the CA Directory components you no longer need and leave Ingres installed.

„

If you are sure that no other applications use the databases, you can remove all DSAs, remove all SSLDs, and destroy all databases.

To prepare to uninstall CA Directory 1.

(Recommended) Back up all databases.

2.

Stop all DSAs, using the following command: dxserver stop all

3.

Remove all DSAs, using the following command for each DSA listed in the output of the previous command: dxserver remove dsa-name

4.

Stop and remove any SSLD servers that are running, using the following commands: ssld stop all ssld remove all

5.

Stop and remove any TLSclient services that are running, using the following commands: tlsclient stop all tlsclient remove all

6.

Use the following command to list all of the existing databases: dxlistdb

7.

Remove all databases, using the following command for each database listed by the previous command: dxdestroydb database-name

You are now ready to uninstall CA Directory from this computer.

54 Installation Guide

Uninstall CA Directory Using the dxuninst.sh Script

Uninstall CA Directory Using the dxuninst.sh Script The uninstallation script lets you remove any of the CA Directory packages. However, the script does not remove any of the supporting products, including JXplorer, Ingres, JRE, and Embedded Entitlements Manager. You can only uninstall these using commands. To uninstall using the script 1.

Log in as root.

2.

(Optional) Mount the CD-ROM drive.

3.

Run the uninstallation script from DXHOME/uninstall, as follows: ./dxuninst.sh

The following options appear: CA Directory Installation Copyright 2007 CA. All rights reserved. The following eTrust Directory components are installed. 1. [ x ] DXserver

ENTERPRISE

2. [

] Documentation

ENTERPRISE

3. [

] DXserver account

(dsa) only removed if all components selected

Please select the required components to uninstall. Note: Additional Options `more' for a list of available commands. `help' information on how to use the commands `quit' to exit the uninstall program `go'

to uninstall the products selected

Please select an option. [all]

4.

Enter a number to select one of the packages. The uninstallation script for the package that you selected begins. During the uninstallation, the script will prompt you to supply information.

Uninstalling on UNIX 55

Uninstall Ingres

Uninstall Ingres After you have removed CA Directory, you can uninstall Ingres. Important! Before you uninstall Ingres, make sure that you do not have other applications that use it. To uninstall Ingres 1.

Disconnect all Ingres connections.

2.

Stop all Ingres processes, by using the following command: ingstop

3.

Ensure there are no remaining Ingres connections, by using the following command: ps -ef|grep ingres

4.

Identify all Ingres directories, and remove them, as follows: a.

Identify the Ingres directories by using the following commands: ingprenv infodb

b.

Remove the directories and their contents by using the following command: rm -Rf IngresLocation

For example: rm -Rf /opt/CA/IngresEI /local/CA/IngresEI

5.

Remove the ingres user account by using the following command: userdel ingres

56 Installation Guide

Chapter 6: Troubleshooting This chapter describes how to deal with problems that might occur during or after installing or upgrading CA Directory. This section contains the following topics: Troubleshooting on UNIX (see page 57) Troubleshooting on Windows (see page 60)

Troubleshooting on UNIX This section describes how to deal with problems that might occur during or after installing or upgrading CA Directory.

Diagnosing Startup Problems with CA Directory CA Directory is started and stopped at system boot and shutdown through the /etc/init.d/dxserver script. This starts and stops SSL daemons, DXadmind, and any DSAs marked for autostart. This file writes a log called dxserver-rc.log usually in the DXserver logs directory, $DXHOME/logs (if DXHOME is not defined for some reason then look for this file in the /tmp directory). This log shows each of the processes being started or stopped.

Troubleshooting 57

Troubleshooting on UNIX

Unable to connect to DBMS Reason: You may receive this message if Ingres is not started. Action: Do the following steps: 1.

Start Ingres using the following command: ingstart

2.

Check the processes using the following command: ps -ef |grep ingres

Ensure that the following processes are running:

58 Installation Guide

„

iicgn

„

iidbms or iimerge

„

dmfacp

„

dmfrcp

Troubleshooting on UNIX

DXadmind Times Out after Upgrading Reason: This problem occurs because DXadmind is already started. In a standard upgrade for DXserver, DXadmind is stopped and restarted once the upgrade is complete. However, if the installation for DXserver is cancelled during the process, DXadmind may not have stopped and then when it tries to restart, it times out. Action: To check the status of DXadmind, type the following command: dxadmind status

To fix the problem, run the following commands: 1.

Log in as the DXserver administrator (by default, this user is dsa).

2.

Stop DXadmind using the following command: dxadmind stop all

3.

Restart DXadmind using the following command: dxadmind start all

If DXadmind times out again, do the following: 1.

Enter the following command: ps -ef | grep dxadmind

The response includes a line similar to the following: dsa 6204 1 0 21:23:34 ? 0:00 dxadmind start

2.

In the sample, the number 6204 is the process number. You have to end that process with one of the following commands: pkill dxadmind kill 6204

Important! Ensure you type this number correctly. 3.

Restart DXadmind. Enter the following command: dxadmind start all

Note: To run the kill command, you can be logged in as root or dsa. However, you need to be logged in as dsa to run the command dxadmind start.

Troubleshooting 59

Troubleshooting on Windows

Troubleshooting on Windows This section describes how to deal with problems that might occur during or after installing or upgrading CA Directory. For descriptions of messages that can appear during installation, see Installation Error Messages on Windows.

Cannot Connect to CA Directory from Remote Computer (Windows XP SP2) After you install Windows XP SP2, you may not be able to connect to CA Directory from another computer. Reason: This is because the firewall is on by default. If you disable the firewall then you do not need to configure anything (all ports are open). Action: If the Windows XP firewall is on, follow these steps to allow access to all ports used by CA Directory: 1.

Open Control Panel.

2.

Click Windows Firewall.

3.

In the Windows Firewall dialog box, click the Exceptions tab, and then click Add Program.

4.

In the Add a Program dialog box, click Browse to locate dxserver.exe. This opens all the ports that CA Directory uses.

5.

After you select the program, click OK.

6.

On the Exceptions tab, select the check box next to dxserver.exe, and then click OK. If you later decide that you do not want the program to be an exception, clear this check box.

To open a single port, follow these steps:

60 Installation Guide

1.

Open Control Panel.

2.

Click Windows Firewall.

3.

On the Exceptions tab, click Add Port.

4.

In the Add a Port dialog box, type the number of the port that you want to open in the Port Number box. For example, type 2125 for DXadmind, and then click TCP.

Troubleshooting on Windows

5.

Type a name for the port, and then click OK. For example, type DXadmind.

6.

On the Exceptions tab, notice that the new service is listed. To enable the port, click to select the check box next to the service, and then click OK.

To permit connections only to a specific DSA and to block the other DSAs on the computer: 1.

Do not add dxserver.exe to the exception list.

2.

Add the port number for that specific DSA. For example, add port number 19389 for access to the Democorp DSA only.

Troubleshooting 61

Appendix A: Licenses for Third-Party Products CA Directory uses some third-party code. This appendix includes the license agreements for that code. See the Release Notes for a list of the components and version numbers. This section contains the following topics: Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library (see page 64) Jakarta Velocity 1.3.1 (see page 78) Apache Software Foundation (see page 80) Microsoft Cabinet File SDK (see page 84) OpenLDAP (see page 85) OpenSSL (see page 87) Sun Java™ Web Services Developer Pack, Version 1.3 (see page 90) Java Architecture for XML Binding (JAXB) 2.0 (see page 90) Libxml2 parser by Daniel Veillard (see page 91)

Licenses for Third-Party Products 63

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library Terms and Conditions for the Use of Aleksey XML Security Library v.1.2.9 and the xmlsec-nss library: Copyright (C) 2002-2003 Aleksey Sanin. All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of Aleksey Sanin shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from him. xmlsec-nss Library ---------------------------------------------------------------------------This product includes the xmlsec-nss library, which is subject to, among others, the Mozilla Public License v.1.1. You may not use this library except in compliance with such license. Terms and Conditions for the Use of xmlsec-nss: Copyright (C) 2002-2003 Aleksey Sanin. All Rights Reserved. Copyright (c) 2003 America Online, Inc. All rights reserved.

64 Installation Guide

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. Portions of the Software were created using source code and/or APIs governed by the Mozilla Public License (MPL). The MPL is available at http://www.mozilla.org/MPL/MPL-1.1.html. The MPL permits such portions to be distributed with code not governed by MPL, as long as the requirements of MPL are fulfilled for such portions. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of Aleksey Sanin shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from him.

Licenses for Third-Party Products 65

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

Mozilla Public License v1.1 for xmlsec-nss This product includes the xmlsec-nss library, which is subject to, among others, the Mozilla Public License v.1.1. You may not use this library except in compliance with such license. Terms and Conditions for the Use of xmlsec-nss: MOZILLA PUBLIC LICENSE Version 1.1 --------------1. Definitions. 1.0.1. "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. 1.1. "Contributor" means each entity that creates or contributes to the creation of Modifications. 1.2. "Contributor Version" means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. 1.3. "Covered Code" means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. 1.4. "Electronic Distribution Mechanism" means a mechanism generally accepted in the software development community for the electronic transfer of data. 1.5. "Executable" means Covered Code in any form other than Source Code. 1.6. "Initial Developer" means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhibit A. 1.7. "Larger Work" means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. "License" means this document. 1.8.1. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein.

66 Installation Guide

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

1.9. "Modifications" means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. B. Any new file that contains any part of the Original Code or previous Modifications. 1.10. "Original Code" means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. 1.10.1. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. 1.11. "Source Code" means the preferred form of the Covered Code for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable, or source code differential comparisons against either the Original Code or another well known, available Covered Code of the Contributor's choice. The Source Code can be in a compressed or archival form, provided the appropriate decompression or de-archiving software is widely available for no charge. 1.12. "You" (or "Your") means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 6.1. For legal entities, "You" includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. Source Code License. 2.1. The Initial Developer Grant. The Initial Developer hereby grants You a world-wide, royalty-free, nonexclusive license, subject to third party intellectual property claims: (a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, and/or as part of a Larger Work; and

Licenses for Third-Party Products 67

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

(b) under Patents Claims infringed by the making, using or selling of Original Code, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Code (or portions thereof). (c) the licenses granted in this Section 2.1(a) and (b) are effective on the date Initial Developer first distributes Original Code under the terms of this License. (d) Notwithstanding Section 2.1(b) above, no patent license is granted: 1) for code that You delete from the Original Code; 2) separate from the Original Code; or 3) for infringements caused by: i) the modification of the Original Code or ii) the combination of the Original Code with other software or devices. 2.2. Contributor Grant. Subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license (a) under intellectual property rights (other than patent or trademark) Licensable by Contributor, to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof) either on an unmodified basis, with other Modifications, as Covered Code and/or as part of a Larger Work; and (b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions thereof); and 2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of such combination). (c) the licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date Contributor first makes Commercial Use of the Covered Code. (d) Notwithstanding Section 2.2(b) above, no patent license is granted: 1) for any code that Contributor has deleted from the Contributor Version; 2) separate from the Contributor Version; 3) for infringements caused by: i) third party modifications of Contributor Version or ii) the combination of Modifications made by that Contributor with other software (except as part of the Contributor Version) or other devices; or 4) under Patent Claims infringed by Covered Code in the absence of Modifications made by that Contributor. 3. Distribution Obligations.

68 Installation Guide

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

3.1. Application of License. The Modifications which You create or to which You contribute are governed by the terms of this License, including without limitation Section 2.2. The Source Code version of Covered Code may be distributed only under the terms of this License or a future version of this License released under Section 6.1, and You must include a copy of this License with every copy of the Source Code You distribute. You may not offer or impose any terms on any Source Code version that alters or restricts the applicable version of this License or the recipients' rights hereunder. However, You may include an additional document offering the additional rights described in Section 3.5. 3.2. Availability of Source Code. Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone to whom you made an Executable version available; and if made available via Electronic Distribution Mechanism, must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of that particular Modification has been made available to such recipients. You are responsible for ensuring that the Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party. 3.3. Description of Modifications. You must cause all Covered Code to which You contribute to contain a file documenting the changes You made to create that Covered Code and the date of any change. You must include a prominent statement that the Modification is derived, directly or indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code. 3.4. Intellectual Property Matters (a) Third Party Claims. If Contributor has knowledge that a license under a third party's intellectual property rights is required to exercise the rights granted by such Contributor under Sections 2.1 or 2.2, Contributor must include a text file with the Source Code distribution titled "LEGAL" which describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact. If Contributor obtains such knowledge after the Modification is made available as described in Section 3.2, Contributor shall promptly modify the LEGAL file in all copies Contributor makes available thereafter and shall take other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to inform those who received the Covered Code that new knowledge has been obtained.

Licenses for Third-Party Products 69

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

(b) Contributor APIs. If Contributor's Modifications include an application programming interface and Contributor has knowledge of patent licenses which are reasonably necessary to implement that API, Contributor must also include this information in the LEGAL file. (c) Representations. Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor's Modifications are Contributor's original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License. 3.5. Required Notices. You must duplicate the notice in Exhibit A in each file of the Source Code. If it is not possible to put such notice in a particular Source Code file due to its structure, then You must include such notice in a location (such as a relevant directory) where a user would be likely to look for such a notice. If You created one or more Modification(s) You may add your name as a Contributor to the notice described in Exhibit A. You must also duplicate this License in any documentation for the Source Code where You describe recipients' rights or ownership rights relating to Covered Code. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Code. However, You may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear than any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2. The notice must be conspicuously included in any notice in an Executable version, related documentation or collateral in which You describe recipients' rights relating to the Covered Code. You may distribute the Executable version of Covered Code or ownership rights under a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable version does not attempt to limit or alter the recipient's rights in the Source Code version from the rights set forth in this License. If You distribute the Executable version under a different license You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or any Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer.

70 Installation Guide

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

3.7. Larger Works. You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Code. 4. Inability to Comply Due to Statute or Regulation. If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Code due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in Section 3.4 and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. 5. Application of this License. This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. 6. Versions of the License. 6.1. New Versions. Netscape Communications Corporation ("Netscape") may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. 6.2. Effect of New Versions. Once Covered Code has been published under a particular version of the License, You may always continue to use it under the terms of that version. You may also choose to use such Covered Code under the terms of any subsequent version of the License published by Netscape. No one other than Netscape has the right to modify the terms applicable to Covered Code created under this License. 6.3. Derivative Works. If You create or use a modified version of this License (which you may only do in order to apply it to code which is not already Covered Code governed by this License), You must (a) rename Your license so that the phrases "Mozilla", "MOZILLAPL", "MOZPL", "Netscape", "MPL", "NPL" or any confusingly similar phrase do not appear in your license (except to note that your license differs from this License) and (b) otherwise make it clear that Your version of the license contains terms which differ from the Mozilla Public License and Netscape Public License. (Filling in the name of the Initial Developer, Original Code or Contributor in the notice described in Exhibit A shall not of themselves be deemed to be modifications of this License.) 7. DISCLAIMER OF WARRANTY.

Licenses for Third-Party Products 71

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. 8. TERMINATION. 8.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. 8.2. If You initiate litigation by asserting a patent infringement claim (excluding declatory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You file such action is referred to as "Participant") alleging that: (a) such Participant's Contributor Version directly or indirectly infringes any patent, then any and all rights granted by such Participant to You under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually agreeable reasonable royalty for Your past and future use of Modifications made by such Participant, or (ii) withdraw Your litigation claim with respect to the Contributor Version against such Participant. If within 60 days of notice, a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above. (b) any software, hardware, or device, other than such Participant's Contributor Version, directly or indirectly infringes any patent, then any rights granted to You by such Participant under Sections 2.1(b) and 2.2(b) are revoked effective as of the date You first made, used, sold, distributed, or had made, Modifications made by that Participant.

72 Installation Guide

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

8.3. If You assert a patent infringement claim against Participant alleging that such Participant's Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. 8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination. 9. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. 10. U.S. GOVERNMENT END USERS. The Covered Code is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer software" and "commercial computer software documentation," as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Code with only those rights set forth herein. 11. MISCELLANEOUS.

Licenses for Third-Party Products 73

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflict-of-law provisions. With respect to disputes in which at least one party is a citizen of, or an entity chartered or registered to do business in the United States of America, any litigation relating to this License shall be subject to the jurisdiction of the Federal Courts of the Northern District of California, with venue lying in Santa Clara County, California, with the losing party responsible for costs, including without limitation, court costs and reasonable attorneys' fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. 12. RESPONSIBILITY FOR CLAIMS. As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. 13. MULTIPLE-LICENSED CODE. Initial Developer may designate portions of the Covered Code as "MultipleLicensed". "Multiple-Licensed" means that the Initial Developer permits you to utilize portions of the Covered Code under Your choice of the NPL or the alternative licenses, if any, specified by the Initial Developer in the file described in Exhibit A. EXHIBIT A -Mozilla Public License. ``The contents of this file are subject to the Mozilla Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/MPL/ Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code is ______________________________________. The Initial Developer of the Original Code is ________________________. Portions created by ______________________ are Copyright (C) _____________________________. All Rights Reserved.

74 Installation Guide

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

Contributor(s): ______________________________________. Alternatively, the contents of this file may be used under the terms of the _____ license (the "[___] License"), in which case the provisions of [______] License are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of the [____] License and not to allow others to use your version of this file under the MPL, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the [___] License. If you do not delete the provisions above, a recipient may use your version of this file under either the MPL or the [___] License." [NOTE: The text of this Exhibit A may differ slightly from the text of the notices in the Source Code files of the Original Code. You should use the text of this Exhibit A rather than the text found in the Original Code Source Code for Your Modifications.] ============================================= LEGAL form mozilla source code base directory ============================================== Please be apprised of the following Legal Notices: A) The U.S. District Court for the Eastern District of Virginia has ruled that the Netscape Navigator code does not infringe Wang's U.S. Patent No. 4,751,669 ("the '669 Patent") because: 1) HTML is not Videotex as defined by the '669 patent; 2) web servers are not central suppliers; and 3) Navigator does not "connect," as defined by the '669 Patent, to web servers on the Internet. Wang may appeal this decision to the Federal Circuit. Wang contended that its Patent disclosing a "Videotext" system, is infringed by the following functionality in the Netscape Navigator code: 1) the animated logo and status line indicators --See Claims 1,8 and 9; 2) the "File Save As" function --See Claims 23-27; 3) Bookmarks and Rename Bookmarks in the Properties window --See Claims 20-22; 4) storing HTML, GIF, and JPEG files and adding filename extensions --See Claim 38

Licenses for Third-Party Products 75

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

B) Intermind owns pending U.S. patent applications on communications systems which employ metadata ("channel objects") to define a control structure for information transfer. The Netscape code does not infringe as released; however, modifications which utilize channel objects as described by Intermind should be considered carefully. The following is a statement from Intermind: "Intermind's claims fundamentally involve the use of a control structure to automate communications. ...The essence of Intermind's top claim is that two devices sender and receiver have persistent storage, communicate over a network, and exchange a control structure including metadata which describes: 1) what information is to be updated, 2) when to update this information, and 3) how to transfer the updated information. In addition, at least the receiving device must be able to process the metadata in order to perform the update determination and transfer. Any digital communications system which incorporates all of these elements will be covered by Intermind's patents." See Intermind.com. C) Stac, Inc., and its licensing agent Hi/fn, own several patents which disclose data compression methods implementing an LZS compression algorithm, including U.S. Patent Nos. 4,701,745 and 5,016, 009 ("the Stac Patents"). The Netscape Communicator code does not perform compression. If you modify the Netscape source code to perform compression, please take notice of the Stac Patents. D) Netscape Communications Corporation ("Netscape") does not guarantee that any source code or executable code available from the mozilla.org domain is Year 2000 compliant. ================================================ mozilla\security\nss\pkg\solaris\common_files ================================================ The contents of this package are subject to the Mozilla Public License Version 1.1 (the "License"); you may not use this package except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/MPL/ Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code is the Netscape security libraries. The Initial Developer of the Original Code is Netscape Communications Corporation. Portions created by Netscape are Copyright (C) 1994-2000 Netscape Communications Corporation. All Rights Reserved. Contributor(s):

76 Installation Guide

Aleksey XML Security Library v.1.2.9 and the xmlsec-nss Library

Alternatively, the contents of this package may be used under the terms of the GNU General Public License Version 2 or later (the "GPL"), in which case the provisions of the GPL are applicable instead of those above. If you wish to allow use of your version of this package only under the terms of the GPL and not to allow others to use your version of this package under the MPL, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the GPL. If you do not delete the provisions above, a recipient may use your version of this package under either the MPL or the GPL.

xmlsec-gnutls xmlsec-gnutls is an open source library that is used with the CA software. The xmlsec-gnutls library is not owned by CA, Inc. Use, copying, distribution and modification of the xmlsec-gnutls library is governed by the GNU Lesser General Public License v. 2.1. A copy of the LGPL license can be found in the http://opensrcd.ca.com/ips/2584_4/ directory from which the xmlsec-gnutls library is distributed. Additionally, a copy of the LGPL license can be found at http://opensource.org/license/lgpl-license.php or write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. CA makes the source code for the xmlsec-gnutls library available at http://opensrcd.ca.com/ips/2584_4/. Use of the CA software is governed solely by the CA end user license agreement ('EULA'), not by the LGPL license. You cannot use, copy, modify or redistribute any CA code except as may be expressly set forth in the CA EULA. The xmlsec-gnutls library is provided 'AS IS' WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Further details of the disclaimer of warranty with respect to the xmlsec-gnutls library can be found in the LGPL license itself. To the full extent permitted under applicable law, CA disclaims all warranties and liability arising from or related to any use of the xmlsec-gnutls library.

Licenses for Third-Party Products 77

Jakarta Velocity 1.3.1

Jakarta Velocity 1.3.1 This product includes software developed by the Apache Software Foundation (http://www.apache.org/). The Apache software is distributed in accordance with the following license agreement. The Apache Software License, Version 1.1 Copyright (c) 2000-2003 The Apache Software Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The end-user documentation included with the redistribution, if any, must include the following acknowledgement: "This product includes software developed by the Foundation (http://www.apache.org/)."

Apache Software

Alternately, this acknowledgement may appear in the software itself, if and wherever such third-party acknowledgements normally appear. 4. The names "The Jakarta Project", "Velocity", and "Apache Software Foundation" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. 5. Products derived from this software may not be called "Apache", "Velocity" nor may "Apache" appear in their names without prior written permission of the Apache Group.

78 Installation Guide

Jakarta Velocity 1.3.1

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ================================================ This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation. For more information on the Apache Software Foundation, please see .

Licenses for Third-Party Products 79

Apache Software Foundation

Apache Software Foundation Portions of this product include software developed by the Apache Software Foundation (http://www.apache.org/). The Apache software is distributed in accordance with the following license agreement. Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).

80 Installation Guide

Apache Software Foundation

"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, nonexclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:

Licenses for Third-Party Products 81

Apache Software Foundation

(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.

82 Installation Guide

Apache Software Foundation

7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.

Licenses for Third-Party Products 83

Microsoft Cabinet File SDK

You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Microsoft Cabinet File SDK This product contains a copy of the Microsoft Cabinet (CAB) File Software SDK. All title, rights and interests therein is retained by Microsoft Corporation.

84 Installation Guide

OpenLDAP

OpenLDAP This product includes software developed by The OpenLDAP Foundation. The software is distributed in accordance with the following license agreement. The OpenLDAP Public License Version 2.8, 17 August 2003 Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted provided that the following conditions are met: 1. Redistributions in source form must retain copyright statements and notices, 2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution, and 3. Redistributions must contain a verbatim copy of this document. The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by a version number. You may use this Software under terms of this license revision or under the terms of any subsequent revision of the license. THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale, use or other dealing in this Software without specific, written prior permission. Title to copyright in this Software shall at all times remain with copyright holders.

Licenses for Third-Party Products 85

OpenLDAP

OpenLDAP is a registered trademark of the OpenLDAP Foundation. Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy and distribute verbatim copies of this document is granted.

86 Installation Guide

OpenSSL

OpenSSL This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product also includes libraries from an SSL implementation written by Eric Young ([email protected]). LICENSE ISSUES The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [email protected]. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Terms and Conditions for the Use of xmlsec-openssl: OpenSSL License Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. 5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

Licenses for Third-Party Products 87

OpenSSL

6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]).

88 Installation Guide

OpenSSL

Original SSLeay License This product includes software written by Eric Young ([email protected]). Terms and Conditions for the Use of xmlsec-openssl: Copyright (C) 1995-1998 Eric Young ([email protected]) All rights reserved. This package is an SSL implementation written by Eric Young ([email protected]). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]). Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young ([email protected])" The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-). 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson ([email protected])"

Licenses for Third-Party Products 89

Sun Java™ Web Services Developer Pack, Version 1.3

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]

Sun Java™ Web Services Developer Pack, Version 1.3 This product includes code licensed from RSA Data Security.

Java Architecture for XML Binding (JAXB) 2.0 This product contains portions of the "Java Architecture for XML Binding" (JAXB) 2.0 (the "JAXB Component"). Use of the JAXB Component is governed by the Common Development and Distribution License v1.0. The source code for the JAXB Component may be found here: http://opensrcd.ca.com/ips/2584_6 or here https://jaxb.dev.java.net/.

90 Installation Guide

Libxml2 parser by Daniel Veillard

Libxml2 parser by Daniel Veillard Portions of this product include software developed by the Daniel Veillard. The libxml2 software is distributed in accordance with the following license agreement. Copyright (C) 1998-2002 Daniel Veillard. All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE DANIEL VEILLARD BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of Daniel Veillard shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from him.

Licenses for Third-Party Products 91