Page 1: Installation Guide
Red Hat Directory Server 8.0 Installation Guide Ella Deon Lackey Publication date: January 11, 2010 (Update)
Page 2 Installation Guide Red Hat Directory Server 8.0 Installation Guide Author Ella Deon Lackey Copyright © 2008 Copyright © 2008 Red Hat, Inc.. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/.
Page 3: Table Of Contents
Preface 1. Examples and Formatting ....................v 2. Additional Reading ......................vii 3. Giving Feedback ......................vii 4. Document History ......................viii 1. Preparing for a Directory Server Installation 1.1. Directory Server Components ..................1 1.2. Considerations Before Setting up Directory Server ............1 1.2.1.
Page 4 Installation Guide 6.1.2. Configuring Proxy Servers for the Administration Server ........66 6.2. Working with Directory Server Instances ..............66 6.2.1. Creating a New Directory Server Instance ............66 6.2.2. (Alternate) Installing Directory Server with setup-ds ..........67 6.2.3. Registering an Existing Directory Server Instance with the Configuration Directory Server ......................
Page 5: Preface
Directory Server which comply with Filesystem Hierarchy Standard (FHS). This file layout is very different than previous releases of Directory Server, which installed all of the files and directories in /opt/redhat-ds or /opt/netscape. If you encounter errors during the installation process, look at Section 7.7,...
Page 6 Preface service dirsv start Example 1. Example Command All of the tools for Red Hat Directory Server are located in the /usr/bin directory. These tools can be run from any location without specifying the tool location. There is another important consideration with the Red Hat Directory Server tools. The LDAP tools referenced in this guide are Mozilla LDAP, installed with Red Hat Directory Server in the /usr/lib/ mozldap directory on Red Hat Enterprise Linux 5 (32-bit).
Page 7: Additional Reading
If there is any error in this Installation Guide or there is any way to improve the documentation, please let us know. Bugs can be filed against the documentation for Red Hat Directory Server through Bugzilla, http://bugzilla.redhat.com/bugzilla. Make the bug report as specific as possible, so we can be more effective in correcting any issues: •...
Page 8: Document History
Removing any references to the Directory Server Gateway or Org Chart. Revision 8.0.3 November 4, 2008 Deon Lackey dlackey@redhat.com Changing actualroot to actualsroot in migration chapter, per Bugzilla #467085. Changing some formatting and common content to work with Publican 0.37. Revision 8.0.2...
Page 9: Preparing For A Directory Server Installation
Chapter 1. Preparing for a Directory Server Installation Before you install Red Hat Directory Server 8.0, there are required settings and information that you need to plan in advance. This chapter describes the kind of information that you should provide, relevant directory service concepts Directory Server components, and the impact and scope of integrating Directory Server into your computing infrastructure.
Page 10: Directory Server User And Group
Chapter 1. Preparing for a Directory Server Installation NOTE While the legal range of port numbers is 1 to 65535, the Internet Assigned Numbers Authority (IANA) has already assigned ports 1 to 1024 to common processes. Never assign a Directory Server port number below 1024 (except for 389/636 for the LDAP server) because this may conflict with other services.
Page 11: Directory Manager
Directory Manager execute arbitrary system commands as the root user. Using a non-privileged UID adds another layer of security. Listening to Restricted Ports as Unprivileged Users Even though port numbers less than 1024 are restricted, the LDAP server can listen to port 389 (and any port number less than 1024), as long as the server is started by the root user or by init when the system starts up.
Page 12: Administration Server User
Chapter 1. Preparing for a Directory Server Installation 1.2.5. Administration Server User By default, the Administration Server runs as the same non-root user as the Directory Server. Custom and silent setups provide the option to run the Administration Server as a different user than the Directory Server.
Page 13: About The Setup-Ds-Admin.pl Script
About the setup-ds-admin.pl Script within an organization want individual control of their servers while system administrators require centralized control of all servers. When setting up the administration domain, consider the following: • Each administration domain must have an administration domain owner with complete access to all the domain servers but no access to the servers in other administration domains.
Page 14 Chapter 1. Preparing for a Directory Server Installation “slapd.Suffix=dc=example, dc=com” slapd.ServerPort=389 NOTE Passing arguments in the command line or specifying an .inf sets the defaults used in the interactive prompt unless they are used with the s (silent) option. Argument values containing spaces or other shell special characters must quoted to prevent the shell from interpreting them.
Page 15 About the setup-ds-admin.pl Script Option Alternate Options Description Example -f name --file=name This sets the path /usr/sbin/setup-ds- and name of the file admin.pl -f /export/ which contains the sample.inf configuration settings for the new Directory Server instance. This can be used with the --silent parameter;...
Page 16: Overview Of Setup
Chapter 1. Preparing for a Directory Server Installation Option Alternate Options Description Example information is written to For no log file, set the a temporary file. file name to /dev/ null: -l /dev/null --update This parameter updates existing Directory Server instances.
Page 17 Overview of Setup NOTE Section 6.3.5, It is possible to use y and n with the yes and no inputs described in “About .inf File Parameters”. Setup Screen Parameter Express Typical Custom Silent Setup Input File Parameter Continue with Yes or no setup Accept license Yes or no...
Page 18 Chapter 1. Preparing for a Directory Server Installation Setup Screen Parameter Express Typical Custom Silent Setup Input File Parameter ldap.example.com:389/ o=NetscapeRoot Give the admin [General] Configuration ConfigDirectoryAdminID= Directory admin Server user ID password Give the [General] Configuration ConfigDirectoryAdminPwd= password Directory Server user password Give the...
Page 19 Overview of Setup Setup Screen Parameter Express Typical Custom Silent Setup Input File Parameter RootDN= cn=Directory Manager password Set the [slapd] Directory RootDNPwd= password Manager password Install sample Yes or no [slapd] entries AddSampleEntries= Populate the • Supply the • Equivalent to Directory full path and suggest...
Page 20 Chapter 1. Preparing for a Directory Server Installation This option is only available if you choose not to register the Directory Server instance with a Configuration Directory Server. In that case, the Directory Server being set up is created and configured as a Configuration Directory Server. Table 1.2.
Page 21: System Requirements
Chapter 2. System Requirements Before configuring the default Red Hat Directory Server 8.0 instances, it is important to verify that the host server has the required system settings and configuration: • The system must have the required packages, patches, and kernel parameter settings. •...
Page 22: Using Dsktune
Chapter 2. System Requirements Section 2.2.2, “Red Hat Enterprise Linux 4 and 5” • Section 2.2.3, “HP-UX 11i” • Section 2.2.4, “Sun Solaris 9” • Along with meeting the required operating system patches and platforms, system settings, like the number of file descriptors and TCP information, should be reconfigured to optimize the Directory Server performance.
Page 23: Red Hat Enterprise Linux 4 And 5
Red Hat Enterprise Linux 4 and 5 2.2.2. Red Hat Enterprise Linux 4 and 5 Directory Server is supported on two versions of Red Hat Enterprise Linux: • Red Hat Enterprise Linux 4 AS and ES on x86 and x86_64 platforms •...
Page 24: Red Hat Enterprise Linux System Configuration
Chapter 2. System Requirements Section 2.2.1, “Using kernel parameters for best performance. For information on dsktune, see dsktune”. Criteria Requirements Operating System Red Hat Enterprise Linux 4 AS and ES (x86 and x86_64) Red Hat Enterprise Linux 5 Server (x86 and x86_64) Required Filesystem ext3...
Page 25: Hp-Ux 11I
HP-UX 11i nofile 8192 4. Edit the /etc/pam.d/system-auth, and add this entry: session required /lib/security/$ISA/pam_limits.so 5. Reboot the Linux machine to apply the changes. 2.2.2.2.3. DNS Requirements It is very important that DNS and reverse DNS be working correctly on the host machine, especially if you are using TLS/SSL or Kerberos with Directory Server.
Page 26: Kernel Parameters
Chapter 2. System Requirements 2.2.3.1. HP-UX Patches The HP-UX 11i host must have the correct packages and dependencies installed to run Directory Server. The patch list changes daily, so check the HP site regularly to ensure you have the latest releases: http://www.software.hp.com/SUPPORT_PLUS/qpk.html •...
Page 27 HP-UX 11i Parameter Setting nkthread 1328 max_thread_proc maxuser maxuprc nproc Table 2.6. HP-UX 11i Kernel Parameters 2.2.3.2.3. TIME_WAIT Setting Normally, client applications that shut down correctly cause the socket to linger in a TIME_WAIT state. Verify that the TIME_WAIT entry is set to a reasonable duration. For example: ndd -set /dev/tcp tcp_time_wait_interval 60000 This limits the socket TIME_WAIT state to 60 seconds.
Page 28: Sun Solaris 9
Chapter 2. System Requirements 2.2.4. Sun Solaris 9 Directory Server on Solaris 9 requires an UltraSPARC (SPARC v9) processor, which 64-bit applications as well as high-performance and multi-processor systems. Earlier SPARC processors are not supported. Use the isainfo command to verify that the system has support for sparc9. Verify the system's kernel configuration, install the appropriate modules and patches, and then fine-tune the system to work with Sun Solaris 9.
Page 29 Sun Solaris 9 Patch ID Description 112233-12 SunOS 5.9: Kernel patch 112964-08 SunOS 5.9: /usr/bin/ksh patch 112808 CDE1.5: Tooltalk patch 113279-01 SunOS 5.9: klmmod patch 113278-07 SunOS 5.9: NFS Daemon patch 113023 SunOS 5.9: Broken preremove scripts from S9 ALC packages 112601-09 SunOS 5.9: PGX32 Graphics 113923-02...
Page 30 Chapter 2. System Requirements 2.2.4.2.2. TCP Tuning Edit the Solaris TCP configuration Directory Server can access local system ports better. If tuned properly, this may enhance network connection speeds. The maximum achievable throughput for a single TCP connection is determined by several factors, including the maximum bandwidth on the slowest link on the path, bit errors that limit connections, and the total round-trip time.
Page 31: File Descriptors
Sun Solaris 9 Then, reboot the Solaris machine to apply these changes. 2.2.4.2.4. File Descriptors For a large deployment or to support a large number of concurrent connections, increase the number of file descriptors available for the Directory Server. This requires accessing the system-wide maximum file descriptor table.
Page 33: Setting Up Red Hat Directory Server On Red Hat Enterprise Linux
Chapter 3. Setting up Red Hat Directory Server on Red Hat Enterprise Linux Installing and configuring Red Hat Directory Server on Red Hat Enterprise Linux has three major steps: 1. Install the required version of the Java® Runtime Environment (JRE). 2.
Page 34: Installing The Jre
Red Hat Enterprise Linux tools (yum or up2date) or downloading them from Red Hat Network. The recommended way is to use the Red Hat Enterprise Linux tools. On Red Hat Enterprise Linux 4, use up2date: up2date redhat-ds On Red Hat Enterprise Linux 5, use yum: yum install redhat-ds...
Page 35 Alternatively, download the latest packages from the Red Hat Directory Server 8.0 channel on Red Hat Network, http://rhn.redhat.com. It is also possible to install the Directory Server packages from media: a. Download the packages from Red Hat Network, and burn them to CD or DVD.
Page 36: Express Setup
Chapter 3. Setting up Red Hat Directory Server on Red Hat Enterprise Linux 3.3. Express Setup Use express installation if you are installing Directory Server for an evaluation or trial. Because express installation does not offer the choice of selecting the Directory Server server port number or the directory suffix, among other settings, Red Hat recommends not using it for production deployments.
Page 37 Express Setup NOTE To register the Directory Server instance with an existing Configuration Directory Server, select yes. This continues with the registration process rather than the regular express setup process. Registering a new instance with a Configuration Directory Server requires you to supply information about the Configuration Directory Server: •...
Page 38: Typical Setup
2. Using the Administration Server port number, launch the Console. /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen. 3.4. Typical Setup The typical setup process is the most commonly-used setup process.
Page 39 Typical Setup 2. Select y to accept the Red Hat licensing terms. 3. The dsktune utility runs. Select y to continue with the setup. dsktune checks the available disk space, processor type, physical memory, and other system data and settings such as TCP/IP ports and file descriptor settings. If your system does not meet these basic Red Hat Directory Server requirements, dsktune returns a warning.
Page 40 12. Enter the Directory Server identifier; this defaults to the hostname. Directory server identifier [example]: 13. Enter the directory suffix. This defaults to dc=domain name. For example: Suffix [dc=redhat, dc=com]: 14. Set the Directory Manager username. The default is cn=Directory Manager. 15. Set the Directory Manager password and confirm it.
Page 41: Custom Setup
2. Using the Administration Server port number, launch the Console. /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen. 3.5. Custom Setup Custom setup provides two special configuration options that allow you to add information to the Directory Server databases during the setup period.
Page 42 Chapter 3. Setting up Red Hat Directory Server on Red Hat Enterprise Linux NOTE Run the setup-ds-admin.pl script as root. The custom setup has the following steps: WARNING If Directory Server is already installed on your machine, it is extremely important that you Chapter 8, Migrating perform a migration, not a fresh installation.
Page 43 Directory Server steps 8, 9, and 10. 8. Set the administrator username. The default is admin. 9. Set the administrator password and confirm it. 10. Set the administration domain. This defaults to the host's domain. For example: Administration Domain [redhat.com]:...
Page 44 12. Enter the Directory Server identifier; this defaults to the hostname. Directory server identifier [example]: 13. Enter the directory suffix. This defaults to dc=domain name. For example: Suffix [dc=redhat, dc=com]: 14. Set the Directory Manager username. The default is cn=Directory Manager. 15. Set the Directory Manager password and confirm it.
Page 45 Listen 0.0.0.0:9830 2. Using the Administration Server port number, launch the Console. /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen.
Page 47: Setting Up Red Hat Directory Server On Hp-Ux 11I
Chapter 4. Setting up Red Hat Directory Server on HP-UX 11i Installing and configuring Red Hat Directory Server on HP-UX has three major steps: 1. Install the required version of the Java® Runtime Environment (JRE). 2. Install the Directory Server packages. 3.
Page 48: Installing The Directory Server Packages
Chapter 4. Setting up Red Hat Directory Server on HP-UX 11i NOTE Directory Server 8.0 requires JRE version 1.5.0. Download the JRE from http://www.hp.com/products1/unix/java/, and install it according to the HP Java instructions. Section 4.2, “Installing After installing the JRE, install the Directory Server packages, as described in the Directory Server Packages”.
Page 49 Express Setup the /etc/resolv.conf settings, the setup program cannot use the default hostname option, and setup will fail. WARNING If Directory Server is already installed on your machine, it is extremely important that you Chapter 8, Migrating perform a migration, not a fresh installation. Migration is described in from Previous Versions.
Page 50 Chapter 4. Setting up Red Hat Directory Server on HP-UX 11i To use TLS/SSL, set the protocol as ldaps:// instead of ldap:// For LDAPS, use the secure port (636) instead of the standard port (389), and provide a CA certificate. •...
Page 51: Typical Setup
2. Using the Administration Server port number, launch the Console. /opt/dirsrv/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen. 4.4. Typical Setup The typical setup process is the most commonly-used setup process.
Page 52 Chapter 4. Setting up Red Hat Directory Server on HP-UX 11i 4. Next, choose the setup type. Accept the default, option 2, to perform a typical setup. 5. Set the computer name of the machine on which the Directory Server is being configured. This defaults to the fully-qualified domain name (FQDN) for the host.
Page 53 12. Enter the Directory Server identifier; this defaults to the hostname. Directory server identifier [example]: 13. Enter the directory suffix. This defaults to dc=domain name. For example: Suffix [dc=redhat, dc=com]: 14. Set the Directory Manager username. The default is cn=Directory Manager. 15. Set the Directory Manager password and confirm it.
Page 54: Custom Setup
2. Using the Administration Server port number, launch the Console. /opt/dirsrv/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen. 4.5. Custom Setup Custom setup provides two special configuration options that allow you to add information to the Directory Server databases during the setup period.
Page 55 Custom Setup WARNING If Directory Server is already installed on your machine, it is extremely important that you Chapter 8, Migrating perform a migration, not a fresh installation. Migration is described in from Previous Versions. Section 4.2, “Installing the 1. After the Directory Server packages are installed as described in Directory Server Packages”, then launch the setup-ds-admin.pl script.
Page 56 9. Set the administrator password and confirm it. 10. Set the administration domain. This defaults to the host's domain. For example: Administration Domain [redhat.com]: 11. Enter the Directory Server port number. The default is 389, but if that port is in use, the setup program supplies a randomly generated one.
Page 57 Custom Setup Directory server identifier [example]: 13. Enter the directory suffix. This defaults to dc=domain name. For example: Suffix [dc=redhat, dc=com]: 14. Set the Directory Manager username. The default is cn=Directory Manager. 15. Set the Directory Manager password and confirm it.
Page 58 Listen 0.0.0.0:9830 2. Using the Administration Server port number, launch the Console. /opt/dirsrv/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen.
Page 59: Setting Up Red Hat Directory Server On Sun Solaris
Chapter 5. Setting up Red Hat Directory Server on Sun Solaris Installing and configuring Red Hat Directory Server on Sun Solaris has three major steps: 1. Install the required version of the Java® Runtime Environment (JRE). 2. Install the Directory Server packages. 3.
Page 60: Installing The Directory Server Packages
Chapter 5. Setting up Red Hat Directory Server on Sun Solaris IMPORTANT Solaris requires installing the 32-bit version of the JRE as well as installing the 64-bit http:// version. The 32-bit version is used for the applet and Java Web Start support. Read java.sun.com/j2se/1.5.0/README.html, http://java.sun.com/j2se/1.5.0/ReleaseNotes.html, http://java.sun.com/j2se/1.5.0/jre/install-solaris-64.html before installing the Directory...
Page 61 Installing Individual Packages mkdir /tmp/rhds80 cd /tmp/rhds80 2. Download the Directory Server packages from Red Hat Network. This can be done through a web browser by logging into Red Hat Network and selecting the Red Hat Directory Server 8.0 channel or it can be done using a tool such as curl or wget with information available on the Red Hat Network channel.
Page 62: Installing From An Iso Image
2. Mount the CD on any writable drive: mount -F hsfs -o ro `lofiadm -a /directory/solaris9-rhdirserv-8.0-sparcv9- disc1.iso` /directory/tmp cd /directory/tmp/RedHat/PKGS 3. Translate the package to the Solaris filesystem format: for i in `ls *.pkg`; do yes all | pkgtrans $i /directory/ ; done 4.
Page 63 Express Setup or the directory suffix, among other settings, Red Hat recommends not using it for production deployments. NOTE The setup program gets the host information from the /etc/resolv.conf file. If there are aliases in the /etc/hosts file, such as ldap.example.com, that do not match the /etc/resolv.conf settings, the setup program cannot use the default hostname option, and setup will fail.
Page 64 Chapter 5. Setting up Red Hat Directory Server on Sun Solaris Registering a new instance with a Configuration Directory Server requires you to supply information about the Configuration Directory Server: • The Configuration Directory Server URL, such as ldap:// ldap.example.com:389/o=NetscapeRoot To use TLS/SSL, set the protocol as ldaps:// instead of ldap:// For LDAPS, use the secure port (636) instead of the standard port (389), and provide a CA certificate.
Page 65: Typical Setup
2. Using the Administration Server port number, launch the Console. /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen. 5.4. Typical Setup The typical setup process is the most commonly-used setup process.
Page 66 Chapter 5. Setting up Red Hat Directory Server on Sun Solaris dsktune checks the available disk space, processor type, physical memory, and other system data and settings such as TCP/IP ports and file descriptor settings. If your system does not meet these basic Red Hat Directory Server requirements, dsktune returns a warning.
Page 67 12. Enter the Directory Server identifier; this defaults to the hostname. Directory server identifier [example]: 13. Enter the directory suffix. This defaults to dc=domain name. For example: Suffix [dc=redhat, dc=com]: 14. Set the Directory Manager username. The default is cn=Directory Manager. 15. Set the Directory Manager password and confirm it.
Page 68: Custom Setup
2. Using the Administration Server port number, launch the Console. /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen. 5.5. Custom Setup Custom setup provides two special configuration options that allow you to add information to the Directory Server databases during the setup period.
Page 69 Custom Setup NOTE Run the setup-ds-admin.pl script as root. The custom setup has the following steps: WARNING If Directory Server is already installed on your machine, it is extremely important that you Chapter 8, Migrating perform a migration, not a fresh installation. Migration is described in from Previous Versions.
Page 70 Directory Server steps 8, 9, and 10. 8. Set the administrator username. The default is admin. 9. Set the administrator password and confirm it. 10. Set the administration domain. This defaults to the host's domain. For example: Administration Domain [redhat.com]:...
Page 71 12. Enter the Directory Server identifier; this defaults to the hostname. Directory server identifier [example]: 13. Enter the directory suffix. This defaults to dc=domain name. For example: Suffix [dc=redhat, dc=com]: 14. Set the Directory Manager username. The default is cn=Directory Manager. 15. Set the Directory Manager password and confirm it.
Page 72 Listen 0.0.0.0:9830 2. Using the Administration Server port number, launch the Console. /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen.
Page 73: Advanced Setup And Configuration
There are six steps to configure the Administration Server to accept the client IP address: 1. On the same machine on which the Administration Server is running launch the Console. /usr/bin/redhat-idm-console 2. In the Administration Server Console, click the Configuration tab, then click the Network tab.
Page 74: Configuring Proxy Servers For The Administration Server
Chapter 6. Advanced Setup and Configuration WARNING Adding the client machine proxy IP address to the Administration Server creates a potential security hole. 6.1.2. Configuring Proxy Servers for the Administration Server If there are proxies for the HTTP connections on the client machine running the Directory Server Console, the configuration must be changed in one of two ways: •...
Page 75: Alternate) Installing Directory Server With Setup-Ds
(Alternate) Installing Directory Server with setup-ds NOTE New Directory Server instances can be created through the Directory Server Console; this is described in the Directory Server Administrator's Guide. 6.2.2. (Alternate) Installing Directory Server with setup-ds There is also a command called setup-ds.pl. This command creates an instance of Directory Server that is not managed by the Directory Server Console.
Page 76: Silent Setup For Directory Server And Administration Server
Chapter 6. Advanced Setup and Configuration 6.3.1. Silent Setup for Directory Server and Administration Server Silent setup is useful at sites where many server instances must be created, especially for heavily replicated sites that will create a large number of consumer servers. Silent setup uses the same scripts that are used to create instances of Directory Server and Administration Server, with a special option signaling that the script is to be run silently.
Page 77: Silent Directory Server Instance Creation
Silent Directory Server Instance Creation Server and the Administration Server. -s runs the script in silent mode, and -f /export/ds- inf/setup.inf specifies the setup file to use. After the script runs, the new Directory Server and Administration Server instances are configured and running, as with a standard setup.
Page 78: Sending Parameters In The Command Line
Chapter 6. Advanced Setup and Configuration Running setup-ds-admin.pl installs only a Directory Server instance, so the setup file must specify parameters only for the Directory Server. -s runs the script in silent mode, and -f / export/ds-inf/setup.inf specifies the setup file to use. After the script runs, the new Directory Server instance is configured and running, as with a standard setup.
Page 79 Sending Parameters in the Command Line NOTE The section names and parameter names used in the .inf files and on the command Table 6.1, “setup-ds-admin Options” line are case sensitive. Refer to to check the correct capitalization. Option Alternate Options Description Example --silent...
Page 80: Using The Configfile Parameter To Configure The Directory Server
Chapter 6. Advanced Setup and Configuration Option Alternate Options Description Example supplied during setup. Use appropriate caution protection with this file. --logfile name This parameter -l /export/ specifies a log file example2007.log to which to write the For no log file, set the output.
Page 81: About .Inf File Parameters
About .inf File Parameters nsds5flags: 1 nsds5ReplicaPurgeDelay: 604800 nsds5ReplicaBindDN: cn=replication manager,cn=config For more information on LDIF, see the Directory Server Administrator's Guide. The ConfigFile parameter can be used to create special user entries like the replication manager, to configure views or classes of service, to add new suffixes and databases, to create instances of the Attribute Uniqueness plug-in, and to set many other configurations for Directory Server.
Page 82 Chapter 6. Advanced Setup and Configuration 6.3.5.1. .inf File Directives Directive Description Required Example FullMachineName Specifies the fully ldap.example.com qualified domain name of the machine on which you are installing the server. The default is the local host name. SuiteSpotUserID Specifies the user nobody name as which the...
Page 83 About .inf File Parameters Directive Description Required Example administration domains. ConfigDirectoryAdminID Specifies the user admin ID of the user that has administration privileges to the configuration directory. This is usually admin. ConfigDirectoryAdminPwd Specifies the password for the admin user. Table 6.2. [General] Directives Directive Description Required...
Page 84 LDIF file imports all of the entries in that file. SchemaFile Lists the full path and SchemaFile= /opt/ file name of additional redhat-ds/slapd- schema files; this is example/config/ used if there is custom custom.ldif schema with the old Directory Server.
Page 85 About .inf File Parameters Directive Description Required Example databases, replication, or other configuration. This directive may be specified more than once. SlapdConfigForMC Sets whether to store SlapdConfigForMC = the configuration data in the new Directory Server instance. If this is not used, then the default is yes, meaning the configuration data are stored in the new...
Page 86 Chapter 6. Advanced Setup and Configuration Directive Description Required Example that can be used to access this Administration Server if the configuration directory is not responding. The default is to use the value specified by the ConfigDirectoryAdminID directive. See Section 1.2.4, “Directory Administrator”.
Page 87: Uninstalling Directory Server
Uninstalling Directory Server ServerIpAddress= 10.14.0.25 ServerAdminID= admin ServerAdminPwd= Admin123 Example 6.1. .inf File for a Custom Installation [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.com:25389/o=NetscapeRoot [slapd] SlapdConfigForMC= No UseExistingMC= 1 UseExistingUG= No ServerPort= 18257 ServerIdentifier= directory Suffix= dc=example,dc=com RootDN= cn=Directory Manager...
Page 88: Uninstalling Directory Server
--nodeps rpm -ev svrcore mozldap6 mozldap6-tools perl-Mozilla-LDAP --nodeps rpm -ev redhat-ds-base --nodeps rpm -ev redhat-ds-admin redhat-ds-console redhat-admin-console --nodeps rpm -ev idm-console-framework redhat-idm-console --nodeps On Red Hat Enterprise Linux 5 (32-bit), the packages to remove are as follows: rpm -ev svrcore mozldap mozldap-tools perl-Mozilla-LDAP --nodeps...
Page 89 Uninstalling Directory Server 4. Remove the symlinks to the directories. For example: rm -f /opt/dirsrv /var/opt/dirsrv /etc/opt/dirsrv 6.4.2.3. Solaris To uninstall Red Hat Directory Server entirely, do the following: 1. Remove all of the Directory Server instances. /usr/sbin/ds_removal -s example1 -w itsasecret /usr/sbin/ds_removal -s example2 -w itsasecret /usr/sbin/ds_removal -s example3 -w itsasecret 2.
Page 91: General Usage Information
Chapter 7. General Usage Information This chapter contains common information that you will use after installing Red Hat Directory Server 8.0, such as where files are installed; how to start the Directory Server, Administration Server, and Directory Server Console; and basic troubleshooting information. For more detailed information on using Directory Server, see the Directory Server Administrator's Guide.
Page 92: Ldap Tool Locations
Chapter 7. General Usage Information File or Directory Location Initscripts /etc/rc.d/init.d/dirsrv and /etc/ sysconfig/dirsrv /etc/rc.d/init.d/dirsrv-admin and / etc/sysconfig/dirsrv-admin Tools /usr/bin/ /usr/sbin/ Table 7.2. Red Hat Enterprise Linux 4 and 5 (x86_64) File or Directory Location Log files /var/log/dirsrv/slapd-instance Configuration files /etc/dirsrv/slapd-instance Instance directory /usr/lib/sparc9/dirsrv/slapd-instance...
Page 93: Starting The Directory Server Console
The a option is a convenience, particularly if you are logging into a Directory Server for the first time. On subsequent logins, the URL is saved. If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen. 7.4. Getting the Administration Server Port Number Logging into the Console requires the Administration Server URL along with a username and password.
Page 94: Starting And Stopping Servers
Chapter 7. General Usage Information 7.5. Starting and Stopping Servers 7.5.1. Starting and Stopping Directory Server There are two ways to start, stop, or restart the Directory Server: • There are scripts in the instance directories. For example: /usr/lib/dirsrv/slapd-instance/start-slapd /usr/lib/dirsrv/slapd-instance/restart-slapd /usr/lib/dirsrv/slapd-instance/stop-slapd •...
Page 95: Troubleshooting
Troubleshooting the Directory Server configuration files and can be viewed (if lost) and modified by editing that file. To check or reset the Directory Manager password, do the following: 1. Stop the Directory Server. If the Directory Server is not stopped when the configuration files are edited, the changes are not applied.
Page 96: Common Installation Problems
Chapter 7. General Usage Information NOTE You must run dsktune as root. On Solaris, dsktune automatically checks the patches and compares them with the current Sun recommended patch lists. If it detects that the system is missing an important patch, dsktune will notify you, even if the patch is for package that is not installed yet.
Page 97 Common Installation Problems 7.7.2.2. Problem: The port is in use When setting up a Directory Server instance, you receive an error that the port is in use. This is very common when upgrading or migrating an existing server. Solution This error means that you did not shut down the existing server before beginning the upgrade or migration.
Page 99: Migrating From Previous Versions
WARNING If Directory Server databases have been moved from their default location (/opt/ redhat-ds/slapd-instancename/db), migration will not copy these databases, but will use the directly. This means that if you run migration, you may not be able to go back to the old version. Migration will not remove or destroy the data, but may change...
Page 100: About Migrate-Ds-Admin.pl
Directory Server. There is also one required argument, General.ConfigDirectoryAdminPwd, which gives the password of the directory administrator for the old Directory Server. If either of these are not supplied, the migration script will exit. /usr/sbin/migrate-ds-admin.pl --oldsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=password NOTE On Red Hat Enterprise Linux and Solaris machines, the migrate-ds-admin tool is in the /usr/sbin/ directory.
Page 101 In that case, the oldsroot parameter sets the directory from which the migration is run (such as machine_new:/migrate/ opt/redhat-ds/), while the actualsroot parameter sets the server root, (/opt/ redhat-ds/). --instance This parameter specifies a specific instance to migrate.
Page 102 To avoid having this password in the clear on the command line, you can use a .inf file with the migration script that gives the administrator's password: /usr/sbin/migrate-ds-admin.pl --oldsroot /opt/redhat-ds --file=/export/example.inf The .inf would have the following two lines: [General]...
Page 103: Before Migration
Console write operations are moved from the configuration directory to the server itself. 8.3.1. Backing up the Directory Server Configuration All of the configuration files for Directory Server 6.x and 7.x instances are in the /opt/redhat-ds/ slapd-serverID/config directory. Other important configuration files for the Administration Server and for shared configuration are in /opt/redhat-ds/admin-serv/config and /opt/redhat- ds/shared/config.
Page 104: Migration Scenarios
WARNING If Directory Server databases have been moved from their default location (/opt/ redhat-ds/slapd-instancename/db), migration will not copy these databases, but will use the directly. This means that if you run migration, you may not be able to go back to the old version. Migration will not remove or destroy the data, but may change the format in such a way that you cannot use the older version of the Directory Server.
Page 105: Migrating Replicated Servers
# /usr/sbin/migrate-ds-admin.pl --oldsroot /opt/redhat-ds/ General.ConfigDirectoryAdminPwd=password /opt/redhat-ds/ is the directory where the old Directory Server is installed. The migration process starts. The legacy Directory Server is migrated, and a new Directory Server 8.0 instance is installed using the configuration information from the legacy Directory Server.
Page 106 5. Run the migration script, as root. IMPORTANT Do not set up the new Directory Server instances with setup-ds-admin.pl before running the migration script. # /usr/sbin/migrate-ds-admin.pl --oldsroot /opt/redhat-ds/ General.ConfigDirectoryAdminPwd=password /opt/redhat-ds/ is the directory where the old Directory Server is installed.
Page 107: Migrating A Directory Server From One Machine To Another
(actualsroot), such as /opt/redhat-ds. In this case, actualsroot names the original absolute installation directory, which oldsroot gives the path to access that directory.
Page 108: Migrating A Directory Server From One Platform To Another
In that case, create a tarball of your old server root directory, and untar it on the target machine. In this example, a tarball was created of /opt/redhat-ds on the source machine, and it was untarred under /migration on the target machine: # /usr/sbin/migrate-ds-admin.pl --oldsroot /migration/opt/redhat-ds...
Page 109 /usr/sbin/ directory. On HP-UX machines, the migrate-ds-admin is in the / opt/dirsrv/sbin directory. The command format to move from one platform to another is similar to the following: # /usr/sbin/migrate-ds-admin.pl --cross --oldsroot server2:/migration/opt/redhat-ds --actualsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=password The migrate-ds-admin command automatically migrates every Directory Server instance configured.
Page 110 Chapter 8. Migrating from Previous Versions --actualsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=password The migration process starts. The legacy Directory Server is migrated, and a new Directory Server 8.0 instance is installed using the configuration information from the legacy Directory Server.
Page 111: Glossary
Glossary See ACI. access control instruction An instruction that grants or denies permissions to entries in the directory. access control instruction. See Also See ACL. access control list The mechanism for controlling access to your directory. access control list. See Also access rights In the context of access control, specify the level of access granted or denied.
Page 112 Glossary authentication (1) Process of proving the identity of the client user to the Directory Server. Users must provide a bind DN and either the corresponding password or certificate in order to be granted access to the directory. Directory Server allows the user to perform functions or access files and directories based on the permissions granted to that user by the directory administrator.
Page 113 certificate A collection of data that associates the public keys of a network user with their DN in the directory. The certificate is stored in the directory as user object attributes. Certificate Authority Company or organization that sells and issues authentication certificates.
Page 114 Glossary A method for sharing attributes between entries in a way that is invisible to applications. CoS definition entry Identifies the type of CoS you are using. It is stored as an LDAP subentry below the branch it affects. CoS template entry Contains a list of the shared attribute values.
Page 115 IP address for a hostname from a DNS server, or they look it up in tables maintained on their systems. DNS alias A DNS alias is a hostname that the DNS server knows points to a different host specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases.
Page 116 Glossary hostname A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, www.example.com is the machine www in the subdomain example and com domain. HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web.
Page 117 LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms. LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format. LDAP client Software used to request and view LDAP entries from an LDAP Directory Server.
Page 118 Glossary See supplier. master SNMP master agent. master agent matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data that is unique with high probability and is mathematically extremely hard to produce;...
Page 119 Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, filesystems, and network parameters throughout a network of computers. Powerful workstation with one or more network management network management station.
Page 120 Glossary access rights. See Also Encoded messages which form the basis of data exchanges between protocol data unit. SNMP devices. Also pointer CoS A pointer CoS identifies the template entry using the template DN only. presence index Allows searches for entries that contain a specific indexed attribute. protocol A set of rules that describes how devices on a network exchange information.
Page 121 (2) In the context of replication, when a read-only replica receives an update request, it forwards it to the server that holds the corresponding read-write replica. This forwarding process is called a referral. read-only replica A replica that refers all update operations to read-write replicas. A server can hold any number of read-only replicas.
Page 122 Glossary schema checking Ensures that entries added or modified in the directory conform to the defined schema. Schema checking is on by default, and users will receive an error if they try to save an entry that does not conform to the schema.
Page 123 A software library establishing a secure connection between two parties (client and server) used to implement HTTPS, the secure Secure Sockets Layer. version of HTTP. Also called standard index index maintained by default. sub suffix A branch underneath a root suffix. SNMP subagent.
Page 124 Glossary topology The way a directory tree is divided among physical servers and how these servers link with one another. See TLS. Transport Layer Security A unique number associated with each user on a Unix system. Uniform Resource Locater. The addressing system used by the server and the client to request documents.
Page 125 Index re-registering Directory Server with Configuration Directory Server, 67 Red Hat Enterprise Linux custom, 33 Symbols express, 28 .inf file, 73 typical, 30 directives, 74 registering Directory Server with Configuration samples, 78 Directory Server, 67 removing a single instance, 79 Solaris custom, 60 Administration domain, 4...
Page 126 Index uninstalling Directory Server, 80 configure the Directory Server Console (for HP-UX 11i, 39 multi-master replication only), 95 custom setup, 46 scenarios express setup, 40 all or single instance, 96 installing Directory Server packages , 40 different machines, 99 installing JRE, 39 different platforms, 100 typical setup, 43 replicated site, 97...
Page 127 register-ds-admin.pl, 67 installing Directory Server packages Removing Directory Server individually, 52 single instance, 79 installing JRE, 51 required patches, 20 system configuration, 21 DNS and NIS, 22 Setting up Directory Server File descriptors, 23 advanced configuration, 65 Perl, 21 additional Directory Server instances, 66 TCP tuning, 22 additional Directory Server instances typical setup, 57...

Red Hat DIRECTORY SERVER 8.0 Installation Manual

Quick Links

Installation Guide

Need help?

Questions and answers

Related Manuals for Red Hat DIRECTORY SERVER 8.0

Summary of Contents for Red Hat DIRECTORY SERVER 8.0

Table of Contents