{"id":7704,"date":"2013-05-21T09:45:01","date_gmt":"2013-05-21T14:45:01","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=7704"},"modified":"2013-07-06T11:08:16","modified_gmt":"2013-07-06T16:08:16","slug":"install-redhat-ds","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=7704","title":{"rendered":"Install redhat-ds"},"content":{"rendered":"<div class='toc wptoc'>\n<h2>Contents<\/h2>\n<ol class='toc-odd level-1'>\n\t<li>\n\t\t<a href=\"#DS_Components\">DS Components<\/a>\n\t\t<ol class='toc-even level-2'>\n\t\t\t<li>\n\t\t\t\t<a href=\"#DS\">DS<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#DS_Console\">DS Console<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Admin_Server\">Admin Server<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t<li>\n\t\t<a href=\"#Default_Accounts\">Default Accounts<\/a>\n\t\t<ol class='toc-even level-2'>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Directory_Manager\">Directory Manager<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Directory_Administrator\">Directory Administrator<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t<li>\n\t\t<a href=\"#Other_Concepts\">Other Concepts<\/a>\n\t\t<ol class='toc-even level-2'>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Directory_Suffix\">Directory Suffix<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Config_Directory\">Config Directory<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Administration_Domain\">Administration Domain<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#setup-ds-admin.pl_Script\">setup-ds-admin.pl Script<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t<li>\n\t\t<a href=\"#Install_Environment\">Install Environment<\/a>\n\t<\/li>\n\t<li>\n\t\t<a href=\"#Installs\">Installs<\/a>\n\t\t<ol class='toc-even level-2'>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Install_OpenJDK\">Install OpenJDK<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Install_DS_Packages:_redhat-ds_and_redhat-ds-confole\">Install DS Packages: redhat-ds and redhat-ds-confole<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Offline_Install\">Offline Install<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Silent_Setup\">Silent Setup<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Silent_setup_for_DS_instance_only_No_AS\">Silent setup for DS instance only (No AS)<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t<li>\n\t\t<a href=\"#Operation\">Operation<\/a>\n\t\t<ol class='toc-even level-2'>\n\t\t\t<li>\n\t\t\t\t<a href=\"#startstoprestart_Directory_Server\">start\/stop\/restart Directory Server<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#startstoprestart_Admin_Server\">start\/stop\/restart Admin Server<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Auto_Start_dirsrv\">Auto Start dirsrv<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Config_iptables\">Config iptables<\/a>\n\t\t\t<\/li>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Run_ldif_File\">Run ldif File<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t<li>\n\t\t<a href=\"#References\">References<\/a>\n\t<\/li>\n<\/ol>\n<\/ol>\n<\/div>\n<div class='wptoc-end'>&nbsp;<\/div>\n<span id=\"DS_Components\"><h2>DS Components<\/h2><\/span>\n<span id=\"DS\"><h3>DS<\/h3><\/span>\n<p>* Core LDAP server daemon (default port: 389 or 636)<br \/>\n* LDAP v3 compliant<br \/>\n* Inlcudes<br \/>\n&#8211; CLI server management<br \/>\n&#8211; Admin programs, scripts such as export\/backup databases<\/p>\n<span id=\"DS_Console\"><h3>DS Console<\/h3><\/span>\n<p>* Admin GUI<\/p>\n<span id=\"Admin_Server\"><h3>Admin Server<\/h3><\/span>\n<p>* Default port: 9830<br \/>\n* Acts as a management agent<br \/>\n* Mandatory for each machine<br \/>\n* Communicates with DS console and performs operations on DS instances<\/p>\n<span id=\"Default_Accounts\"><h2>Default Accounts<\/h2><\/span>\n<span id=\"Directory_Manager\"><h3>Directory Manager<\/h3><\/span>\n<p>* DN defaults to <em>cn=Directory Manager<\/em><br \/>\n* Used to administer all user and config tasks<br \/>\n* No directory entry for Directory Manager:<br \/>\n&#8211; purely used for authentication<br \/>\n&#8211; Cannot create an actual Directory Server entry that uses the same DN as the Directory Manager DN<br \/>\n* No need to conform to<br \/>\n&#8211; DS config suffix<br \/>\n&#8211; access controls<br \/>\n&#8211; password policy<br \/>\n&#8211; database limits for size, time and look-through limits<\/p>\n<span id=\"Directory_Administrator\"><h3>Directory Administrator<\/h3><\/span>\n<p>* User name defaults to admin<br \/>\n* Superuser used specifically to manage Directory Server and Admin Server<br \/>\n* Can <em>NOT<\/em> create top level entries for a new suffix (only Directory Manager can)<br \/>\n* Do apply to administrator (NOT to Directory Manager):<br \/>\n&#8211; Password policies<br \/>\n&#8211; Size, time and look-through limits<\/p>\n<span id=\"Other_Concepts\"><h2>Other Concepts<\/h2><\/span>\n<span id=\"Directory_Suffix\"><h3>Directory Suffix<\/h3><\/span>\n<p>* Recommend: matches organization&#8217;s DNS domain name<\/p>\n<span id=\"Config_Directory\"><h3>Config Directory<\/h3><\/span>\n<p>* Main directory where config information is stored: log files, config files, port numbers<br \/>\n* Stored in o=NetscapeRoot tree<br \/>\n* Need to be backuped<\/p>\n<span id=\"Administration_Domain\"><h3>Administration Domain<\/h3><\/span>\n<p>* Allows servers to be grouped together logically when splitting administrative tasks<br \/>\n* Each admin domain must have an admin domain owner<br \/>\n* All servers must share the same config directory hence Configuration Directory Administrator has complete access to all installed DSs, regardless of the domain<br \/>\n* Servers on two different domains can use different user directories for authentication and user management<\/p>\n<span id=\"setup-ds-admin.pl_Script\"><h3>setup-ds-admin.pl Script<\/h3><\/span>\n<p>* Used to create and config instances of<br \/>\n&#8211; Directory Server<br \/>\n&#8211; Admin Server<br \/>\n* Use setup-ds.pl to create DS ONLY<br \/>\n* Config values can be provided from inf file or command line. Command line overrides inf file values.<br \/>\n* Silent install:<\/p>\n<pre lang=\"bash\">\r\nsetup-ds-admin.pl -s -f \/export\/files\/install.inf\r\nsetup-ds-admin.pl -s -f common.inf General.FullMachineName=ldap01 slapd.ServerIdentifier=ldap01\r\n<\/pre>\n<p>* Use <em>Control-B<\/em> and Enter to go back to previous screen<br \/>\n* Log file is located in <em>\/tmp<\/em> directory<\/p>\n<span id=\"Install_Environment\"><h2>Install Environment<\/h2><\/span>\n<pre lang=\"bash\">\r\n# cat \/etc\/redhat-release\r\nRed Hat Enterprise Linux Server release 6.4 (Santiago)\r\n\r\n# java -version\r\njava version \"1.6.0_24\"\r\nOpenJDK Runtime Environment (IcedTea6 1.11.9) (rhel-1.57.1.11.9.el6_4-x86_64)\r\nOpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)\r\n\r\n# cat \/proc\/sys\/fs\/file-max\r\n188758\r\n<\/pre>\n<span id=\"Installs\"><h2>Installs<\/h2><\/span>\n<span id=\"Install_OpenJDK\"><h3>Install OpenJDK<\/h3><\/span>\n<pre lang=\"bash\">\r\nyum install java-1.6.0-openjdk\r\n\/usr\/sbin\/alternatives --config java\r\n<\/pre>\n<span id=\"Install_DS_Packages:_redhat-ds_and_redhat-ds-confole\"><h3>Install DS Packages: redhat-ds and redhat-ds-confole<\/h3><\/span>\n<pre lang=\"bash\">\r\nyum install redhat-ds\r\n\r\n# \/usr\/sbin\/setup-ds-admin.pl\r\n<\/pre>\n<span id=\"Offline_Install\"><h3>Offline Install<\/h3><\/span>\n<p>* Install dependencies<\/p>\n<pre lang=\"bash\">\r\nyum install 389-ds-base\r\nyum install mod_nss\r\nyum install perl-CGI\r\nyum install jss\r\nyum install ldapjdk\r\n<\/pre>\n<p>* Download redhat-ds media from Redhat<br \/>\n* Install RPM packages<\/p>\n<pre lang=\"bash\">\r\ncd Pacakges\r\nls *.rpm | egrep -iv -e devel -e debuginfo | xargs rpm -ivh\r\n<\/pre>\n<span id=\"Silent_Setup\"><h3>Silent Setup<\/h3><\/span>\n<p>* Silent setup for DS and AS<\/p>\n<pre lang=\"bash\">\r\n\/usr\/sbin\/setup-ds-admin.pl -s -f \/export\/ds-inf\/setup.inf\r\n<\/pre>\n<p>* Setup.inf:<\/p>\n<pre lang=\"bash\">\r\n[General]\r\nFullMachineName= ldap.example.com\r\nSuiteSpotUserID= nobody\r\nSuiteSpotGroup= nobody\r\nAdminDomain= sec.example.com\r\nConfigDirectoryAdminID= admin\r\nConfigDirectoryAdminPwd= secret\r\nConfigDirectoryLdapURL= ldap:\/\/ldap.example.com:389\/o=NetscapeRoot\r\n\r\n[slapd]\r\nSlapdConfigForMC= Yes\r\nUseExistingMC= 0\r\nServerPort= 389\r\nServerIdentifier= secldap\r\nSuffix= dc=sec,dc=example,dc=com\r\nRootDN= cn=Directory Manager\r\nRootDNPwd= mypass\r\nAddOrgEntries= No\r\nAddSampleEntries= No\r\nInstallLdifFile= suggest\r\n\r\n[admin]\r\nSysUser= nobody\r\nPort= 9830\r\nServerAdminID= admin\r\nServerAdminPwd= secret\r\n<\/pre>\n<span id=\"Silent_setup_for_DS_instance_only_No_AS\"><h3>Silent setup for DS instance only (No AS)<\/h3><\/span>\n<p>* AS must already be configured and running<\/p>\n<pre lang=\"bash\">\r\n\/usr\/sbin\/setup-ds-admin.pl -s -f \/export\/ds-inf\/setup-ds.inf\r\n<\/pre>\n<p>* setup-ds.inf<\/p>\n<pre lang=\"bash\">\r\n[General]\r\nFullMachineName= ldap.example.com\r\nSuiteSpotUserID= nobody\r\nSuiteSpotGroup= nobody\r\n[slapd]\r\nServerPort= 389\r\nServerIdentifier= myldap\r\nSuffix= dc=example,dc=com\r\nRootDN= cn=Directory Manager\r\nRootDNPwd= secret\r\nds_bename= exampleDB\r\nSlapdConfigForMC= Yes\r\nUseExistingMC= 0\r\nAddSampleEntries= No\r\n<\/pre>\n<span id=\"Operation\"><h2>Operation<\/h2><\/span>\n<span id=\"startstoprestart_Directory_Server\"><h3>start\/stop\/restart Directory Server<\/h3><\/span>\n<pre lang=\"bash\">\r\n\/etc\/init.d\/dirsrv start \r\n\/etc\/init.d\/dirsrv stop\r\n\/etc\/init.d\/dirsrv restart \r\n<\/pre>\n<span id=\"startstoprestart_Admin_Server\"><h3>start\/stop\/restart Admin Server<\/h3><\/span>\n<pre lang=\"bash\">\r\nservice dirsrv-admin start\r\nservice dirsrv-admin stop\r\nservice dirsrv-admin restart\r\n<\/pre>\n<span id=\"Auto_Start_dirsrv\"><h3>Auto Start dirsrv<\/h3><\/span>\n<pre lang=\"bash\">\r\nchkconfig dirsrv on\r\n<\/pre>\n<span id=\"Config_iptables\"><h3>Config iptables<\/h3><\/span>\n<p>* Add to \/etc\/sysconfig\/iptables<\/p>\n<pre lang=\"bash\">\r\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT\r\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT\r\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT\r\n<\/pre>\n<p>* Restart iptalbes firewall:<\/p>\n<pre lang=\"bash\">\r\nservice iptables restart\r\n<\/pre>\n<span id=\"Run_ldif_File\"><h3>Run ldif File<\/h3><\/span>\n<pre lang=\"bash\">\r\nldapmodify -D \"cn=directory manager\" -w mypass -h localhost -p 389 -x -f my.ldif\r\n<\/pre>\n<span id=\"References\"><h2>References<\/h2><\/span>\n<p>* <a href=\"https:\/\/access.redhat.com\/site\/documentation\/Red_Hat_Directory_Server\/\">https:\/\/access.redhat.com\/site\/documentation\/Red_Hat_Directory_Server\/<\/a><br \/>\n* <a href=\"?p=5761\">Setting up 389 Directory Server on CentOS 6.2<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>DS Components DS * Core LDAP server daemon (default port: 389 or 636) * LDAP v3 compliant * Inlcudes &#8211; CLI server management &#8211; Admin programs, scripts such as export\/backup databases DS Console * Admin GUI Admin Server * Default &hellip; <a href=\"https:\/\/jianmingli.com\/wp\/?p=7704\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[301,379],"tags":[141,637,343],"class_list":["post-7704","post","type-post","status-publish","format-standard","hentry","category-redhat","category-redhat-ds","tag-install","tag-redhat-ds","tag-rhel"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-20g","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/7704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7704"}],"version-history":[{"count":7,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/7704\/revisions"}],"predecessor-version":[{"id":7756,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/7704\/revisions\/7756"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}