Install redhat-ds

Posted on May 21, 2013 by Jianming Li

Contents

  1. DS Components
    1. DS
    2. DS Console
    3. Admin Server
  2. Default Accounts
    1. Directory Manager
    2. Directory Administrator
  3. Other Concepts
    1. Directory Suffix
    2. Config Directory
    3. Administration Domain
    4. setup-ds-admin.pl Script
  4. Install Environment
  5. Installs
    1. Install OpenJDK
    2. Install DS Packages: redhat-ds and redhat-ds-confole
    3. Offline Install
    4. Silent Setup
    5. Silent setup for DS instance only (No AS)
  6. Operation
    1. start/stop/restart Directory Server
    2. start/stop/restart Admin Server
    3. Auto Start dirsrv
    4. Config iptables
    5. Run ldif File
  7. References
 

DS Components

DS

* Core LDAP server daemon (default port: 389 or 636)
* LDAP v3 compliant
* Inlcudes
– CLI server management
– Admin programs, scripts such as export/backup databases

DS Console

* Admin GUI

Admin Server

* Default port: 9830
* Acts as a management agent
* Mandatory for each machine
* Communicates with DS console and performs operations on DS instances

Default Accounts

Directory Manager

* DN defaults to cn=Directory Manager
* Used to administer all user and config tasks
* No directory entry for Directory Manager:
– purely used for authentication
– Cannot create an actual Directory Server entry that uses the same DN as the Directory Manager DN
* No need to conform to
– DS config suffix
– access controls
– password policy
– database limits for size, time and look-through limits

Directory Administrator

* User name defaults to admin
* Superuser used specifically to manage Directory Server and Admin Server
* Can NOT create top level entries for a new suffix (only Directory Manager can)
* Do apply to administrator (NOT to Directory Manager):
– Password policies
– Size, time and look-through limits

Other Concepts

Directory Suffix

* Recommend: matches organization’s DNS domain name

Config Directory

* Main directory where config information is stored: log files, config files, port numbers
* Stored in o=NetscapeRoot tree
* Need to be backuped

Administration Domain

* Allows servers to be grouped together logically when splitting administrative tasks
* Each admin domain must have an admin domain owner
* All servers must share the same config directory hence Configuration Directory Administrator has complete access to all installed DSs, regardless of the domain
* Servers on two different domains can use different user directories for authentication and user management

setup-ds-admin.pl Script

* Used to create and config instances of
– Directory Server
– Admin Server
* Use setup-ds.pl to create DS ONLY
* Config values can be provided from inf file or command line. Command line overrides inf file values.
* Silent install:

setup-ds-admin.pl -s -f /export/files/install.inf
setup-ds-admin.pl -s -f common.inf General.FullMachineName=ldap01 slapd.ServerIdentifier=ldap01

* Use Control-B and Enter to go back to previous screen
* Log file is located in /tmp directory

Install Environment

 
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.4 (Santiago)
 
# java -version
java version "1.6.0_24"
OpenJDK Runtime Environment (IcedTea6 1.11.9) (rhel-1.57.1.11.9.el6_4-x86_64)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)
 
# cat /proc/sys/fs/file-max
188758

Installs

Install OpenJDK

 
yum install java-1.6.0-openjdk
/usr/sbin/alternatives --config java

Install DS Packages: redhat-ds and redhat-ds-confole

 
yum install redhat-ds
 
# /usr/sbin/setup-ds-admin.pl

Offline Install

* Install dependencies

yum install 389-ds-base
yum install mod_nss
yum install perl-CGI
yum install jss
yum install ldapjdk

* Download redhat-ds media from Redhat
* Install RPM packages

cd Pacakges
ls *.rpm | egrep -iv -e devel -e debuginfo | xargs rpm -ivh

Silent Setup

* Silent setup for DS and AS

/usr/sbin/setup-ds-admin.pl -s -f /export/ds-inf/setup.inf

* Setup.inf:

[General]
FullMachineName= ldap.example.com
SuiteSpotUserID= nobody
SuiteSpotGroup= nobody
AdminDomain= sec.example.com
ConfigDirectoryAdminID= admin
ConfigDirectoryAdminPwd= secret
ConfigDirectoryLdapURL= ldap://ldap.example.com:389/o=NetscapeRoot
 
[slapd]
SlapdConfigForMC= Yes
UseExistingMC= 0
ServerPort= 389
ServerIdentifier= secldap
Suffix= dc=sec,dc=example,dc=com
RootDN= cn=Directory Manager
RootDNPwd= mypass
AddOrgEntries= No
AddSampleEntries= No
InstallLdifFile= suggest
 
[admin]
SysUser= nobody
Port= 9830
ServerAdminID= admin
ServerAdminPwd= secret

Silent setup for DS instance only (No AS)

* AS must already be configured and running

/usr/sbin/setup-ds-admin.pl -s -f /export/ds-inf/setup-ds.inf

* setup-ds.inf

[General]
FullMachineName= ldap.example.com
SuiteSpotUserID= nobody
SuiteSpotGroup= nobody
[slapd]
ServerPort= 389
ServerIdentifier= myldap
Suffix= dc=example,dc=com
RootDN= cn=Directory Manager
RootDNPwd= secret
ds_bename= exampleDB
SlapdConfigForMC= Yes
UseExistingMC= 0
AddSampleEntries= No

Operation

start/stop/restart Directory Server

 
/etc/init.d/dirsrv start 
/etc/init.d/dirsrv stop
/etc/init.d/dirsrv restart

start/stop/restart Admin Server

 
service dirsrv-admin start
service dirsrv-admin stop
service dirsrv-admin restart

Auto Start dirsrv

 
chkconfig dirsrv on

Config iptables

* Add to /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT

* Restart iptalbes firewall:

service iptables restart

Run ldif File

 
ldapmodify -D "cn=directory manager" -w mypass -h localhost -p 389 -x -f my.ldif

References

* https://access.redhat.com/site/documentation/Red_Hat_Directory_Server/
* Setting up 389 Directory Server on CentOS 6.2

This entry was posted in redhat, redhat-ds and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.