Subscribe to Our Youtube Channel
Related Manuals for Red Hat DIRECTORY SERVER 8.1 - INSTALLATION GUIDE 11-01-2010
Summary of Contents for Red Hat DIRECTORY SERVER 8.1 - INSTALLATION GUIDE 11-01-2010
-
Page 1: Installation Guide
Red Hat Directory Server 8.1 Installation Guide Ella Deon Lackey Publication date: April 28, 2009, updated on January 11, 2010... - Page 2 Installation Guide Red Hat Directory Server 8.1 Installation Guide Author Ella Deon Lackey Copyright © 2009 Red Hat, Inc. Copyright © 2009 Red Hat, Inc.. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA").
-
Page 3: Table Of Contents
Preface 1. Examples and Formatting ....................vi 1.1. Command and File Examples ................vi 1.2. Tool Locations ..................... vi 1.3. LDAP Locations ....................vi 1.4. Text Formatting and Styles ................... vi 2. Additional Reading ......................vii 3. Giving Feedback ......................viii 4. - Page 4 Installation Guide 5.1.3. Installing an Administration Server After Installing Directory Server ...... 52 5.2. Working with Directory Server Instances ..............52 5.2.1. Creating a New Directory Server Instance ............52 5.2.2. Installing Only the Directory Server ..............53 5.3. Registering Servers Using register-ds-admin.pl ............53 5.3.1.
-
Page 5: Preface
Directory Server which comply with Filesystem Hierarchy Standard (FHS). This file layout is very different than previous releases of Directory Server, which installed all of the files and directories in /opt/redhat-ds or /opt/netscape. If you encounter errors during the installation process, look at Section 7.7,... -
Page 6: Examples And Formatting
Preface 1. Examples and Formatting Each of the examples used in this guide, such as file locations and commands, have certain defined conventions. 1.1. Command and File Examples All of the examples for Red Hat Directory Server commands, file locations, and other usage are given for Red Hat Enterprise Linux 5 (32-bit) systems. -
Page 7: Additional Reading
Additional Reading Formatting Style Purpose options in a user interface, such as a User Name Here: field or Save button. Other formatting styles draw attention to important text. NOTE A note provides additional information that can help illustrate the behavior of the system or provide more detail for a specific issue. -
Page 8: Giving Feedback
If there is any error in this Installation Guide or there is any way to improve the documentation, please let us know. Bugs can be filed against the documentation for Red Hat Directory Server through Bugzilla, http://bugzilla.redhat.com/bugzilla. Make the bug report as specific as possible, so we can be more effective in correcting any issues: •... -
Page 9: Documentation History
September 9, 2009 Ella Deon Lackey Removing any references to the Directory Server Gateway or Org Chart. Revision 8.1.1 May 2, 2009 Ella Deon Lackey dlackey@redhat.com Correcting 8.0 to 8.1 update procedure. Revision 8.1.0 April 28, 2009 Ella Deon Lackey dlackey@redhat.com... -
Page 11: Preparing For A Directory Server Installation
Chapter 1. Preparing for a Directory Server Installation Before you install Red Hat Directory Server 8.1, there are required settings and information that you need to plan in advance. This chapter describes the kind of information that you should provide, relevant directory service concepts Directory Server components, and the impact and scope of integrating Directory Server into your computing infrastructure. -
Page 12: Port Numbers
Chapter 1. Preparing for a Directory Server Installation # DNS information search lab.eng.example.com eng.example.com example.com domain example.com In this /etc/resolv.conf file, the first parameter is search and the first entry is lab.eng.example.com, so the domain name used by the setup script is lab.eng.example.com. Any information in the /etc/resolv.conf file must match the information maintained in the local /etc/hosts file. -
Page 13: Firewall Considerations
Firewall Considerations setup-ds-admin.pl, does not allow you to configure the Administration Server to use TLS/SSL. To use TLS/SSL (meaning HTTPS) with the Administration Server, first set up the Administration Server to use HTTP, then reconfigure it to use HTTPS. NOTE When determining the port numbers you will use, verify that the specified port numbers are not already in use by running a command like netstat. -
Page 14: Directory Manager
Chapter 1. Preparing for a Directory Server Installation execute arbitrary system commands as the root user. Using a non-privileged UID adds another layer of security. Listening to Restricted Ports as Unprivileged Users Even though port numbers less than 1024 are restricted, the LDAP server can listen to port 389 (and any port number less than 1024), as long as the server is started by the root user or by init when the system starts up. -
Page 15: Administration Server User
Administration Server User 1.2.7. Administration Server User By default, the Administration Server runs as the same non-root user as the Directory Server. Custom and silent setups provide the option to run the Administration Server as a different user than the Directory Server. IMPORTANT The default Administration Server user is the same as the Directory Server user, which is nobody. -
Page 16: About The Setup-Ds-Admin.pl Script
Chapter 1. Preparing for a Directory Server Installation within an organization want individual control of their servers while system administrators require centralized control of all servers. When setting up the administration domain, consider the following: • Each administration domain must have an administration domain owner with complete access to all the domain servers but no access to the servers in other administration domains. - Page 17 About the setup-ds-admin.pl Script NOTE Passing arguments in the command line or specifying an .inf sets the defaults used in the interactive prompt unless they are used with the s (silent) option. With the s option, these values are accepted as the real settings. Argument values containing spaces or other shell special characters must quoted to prevent the shell from interpreting them.
- Page 18 Chapter 1. Preparing for a Directory Server Installation Option Alternate Options Description Example --silent This sets that the setup script will run in silent mode, drawing the configuration information from a file (set with the --file parameter) or from arguments passed in the command line rather than interactively.
-
Page 19: Overview Of Setup
Overview of Setup Option Alternate Options Description Example like /tmp/ setuplGCZ8H.inf. WARNING cache file contains cleartext passwords supplied during setup. Use appropriate caution protection with this file. --logfile name This parameter -l /export/ specifies a log file example2007.log to which to write the For no log file, set the output. - Page 20 Chapter 1. Preparing for a Directory Server Installation accept them or substitute with alternatives. There are three kinds of setup modes, depending on what you select when you first launch the setup program: • Express — The fastest setup mode. This requires minimal interaction and uses default values for almost all settings.
- Page 21 Overview of Setup Setup Screen Parameter Express Typical Custom Silent Setup Input File Parameter Set the user nobody (Red [General] as which the Hat Enterprise SuiteSpotUserID= Directory Linux) or nobody Server will run daemon (HP- Set the group nobody (Red [General] as which the Hat Enterprise...
- Page 22 Chapter 1. Preparing for a Directory Server Installation Setup Screen Parameter Express Typical Custom Silent Setup Input File Parameter Administrator username password Set the [General] Configuration ConfigDirectoryAdminPwd= password Directory Server Administrator password Set the [slapd] Directory ServerPort= Server port ldap Set the [slapd] Directory...
- Page 23 Overview of Setup Setup Screen Parameter Express Typical Custom Silent Setup Input File Parameter Set the 9830 [admin] Administration Port= 9830 Server port Set the blank (all [admin] Administration interfaces) ServerIpAddress= Server IP 111.11.11.11 address Set user as nobody (on [admin] which the Red Hat...
-
Page 25: System Requirements
Chapter 2. System Requirements Before configuring the default Red Hat Directory Server 8.1 instances, it is important to verify that the host server has the required system settings and configuration: • The system must have the required packages, patches, and kernel parameter settings. •... -
Page 26: Red Hat Enterprise Linux 4 And 5
Chapter 2. System Requirements required by Directory Server. The dsktune utility even returns information required for tuning the host server's kernel parameters. This simplifies configuring the machine for Directory Server. NOTE The setup program also runs dsktune, reports the findings, and asks you if you want to continue with the setup procedure every time a Directory Server instance is configured. -
Page 27: Red Hat Enterprise Linux Patches
Red Hat Enterprise Linux Patches Section 2.3.2, “Red Hat and the recommended system configuration changes are described in Enterprise Linux System Configuration”. Criteria Requirements Operating System Red Hat Enterprise Linux 4 or 5 with the latest patches and upgrades CPU Type Pentium 4 or higher;... -
Page 28: Hp-Ux 11I
Chapter 2. System Requirements 2.3.2.1. Perl Prerequisites For Red Hat Enterprise Linux systems, use the Perl version that is installed with the operating system in /usr/bin/perl for both 32-bit and 64-bit versions of Red Hat Directory Server. 2.3.2.2. File Descriptors Editing the number of file descriptors on the Linux system can help Directory Server access files more efficiently. -
Page 29: Hp-Ux Patches
HP-UX Patches Table 2.4, “HP-UX 11i” Section 2.4.1, “HP-UX Patches” lists the hardware requirements. lists the Section 2.4.2, “HP-UX System required patches, and the recommended system configurations are in Configuration”. Criteria Requirements Operating System HP-UX 11i with the latest patches and upgrades CPU Type HP 9000 architecture with an Itanium CPU Memory/RAM... -
Page 30: Kernel Parameters
Chapter 2. System Requirements Table 2.6, “HP-UX 11i Kernel Parameters” • Section 2.4.2.3, “TIME_WAIT Setting” • Section 2.4.2.4, “Large File Support” • Section 2.4.2.5, “DNS Requirements” • 2.4.2.1. Perl Prerequisites On HP-UX, Red Hat Directory Server uses the Perl version installed with the operating system in / opt/perl_64/bin/perl. - Page 31 HP-UX System Configuration 3. Remount the filesystem. /usr/sbin/mount -F vxfs -o largefiles /dev/vg01/export 2.4.2.5. DNS Requirements It is very important that DNS and reverse DNS be working correctly on the host machine, especially if you are using TLS/SSL or Kerberos with Directory Server. Configure the DNS resolver and the NIS domain name by the modifying the /etc/resolv.conf, / etc/nsswitch.conf, and /etc/netconfig files, and set the DNS resolver for name resolution.
-
Page 33: Setting Up Red Hat Directory Server On Red Hat Enterprise Linux
Chapter 3. Setting up Red Hat Directory Server on Red Hat Enterprise Linux Installing and configuring Red Hat Directory Server on Red Hat Enterprise Linux has three major steps: 1. Install OpenJDK 1.6.0. 2. Install the Directory Server packages. 3. Run the setup-ds-admin.pl script. This is where all of the information about the new Directory Server instance is supplied. -
Page 34: Installing Openjdk
1. Install the Directory Server packages. There are two options for installing the packages: using native Red Hat Enterprise Linux 5 (32-bit) tools (yum) or downloading them from Red Hat Network. The recommended way is to use the Red Hat Enterprise Linux 5 (32-bit) tools. yum install redhat-ds... - Page 35 Alternatively, download the latest packages from the Red Hat Directory Server 8.1 channel on Red Hat Network, http://rhn.redhat.com. It is also possible to install the Directory Server packages from media: a. Download the packages from Red Hat Network, and burn them to CD or DVD.
-
Page 36: Express Setup
Chapter 3. Setting up Red Hat Directory Server on Red Hat Enterprise Linux 3.3. Express Setup Use express installation if you are installing Directory Server for an evaluation or trial. Because express installation does not offer the choice of selecting the Directory Server server port number or the directory suffix, among other settings, Red Hat recommends not using it for production deployments. - Page 37 Express Setup managed by the Console. If this is the first Directory Server instance set up on your network, it is not possible to register it with another directory. Select n to set up this Directory Server as a Configuration Directory Server and move to the next express install step, setting up the administrator user.
-
Page 38: Typical Setup
2. Using the Administration Server port number, launch the Console. /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen. 3.4. Typical Setup The typical setup process is the most commonly-used setup process. - Page 39 Typical Setup This script allows parameters to be passed with it or to specify configuration files to use. The Section 1.3, “About the setup-ds-admin.pl Script”. options are described more in NOTE Run the setup-ds-admin.pl script as root. 2. Select y to accept the Red Hat licensing terms. 3.
- Page 40 Chapter 3. Setting up Red Hat Directory Server on Red Hat Enterprise Linux 7. The next step allows you to register your Directory Server with an existing Directory Server instance, called the Configuration Directory Server. This registers the new instance so it can be managed by the Console.
- Page 41 Typical Setup 12. Enter the Directory Server identifier; this defaults to the hostname. Directory server identifier [example]: The server identifier must not contain a period (.) or space character. 13. Enter the directory suffix. This defaults to dc=domain name. For example: Suffix [dc=example, dc=com]: 14.
-
Page 42: Custom Setup
Chapter 3. Setting up Red Hat Directory Server on Red Hat Enterprise Linux /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen. 3.5. Custom Setup Custom setup provides two special configuration options that allow you to add information to the Directory Server databases during the setup period. - Page 43 Custom Setup NOTE The Directory Server requires the fully-qualified domain name to set up the servers, Section 1.2.1, “Resolving the Fully-qualified Domain Name”. The as described in setup script uses the system's gethostname() function to obtain the hostname (such as ldap) and the /etc/resolv.conf file to identify the domain name (such as example.com).
- Page 44 Chapter 3. Setting up Red Hat Directory Server on Red Hat Enterprise Linux • The administrator user's password. • The Configuration Directory Server Admin domain, such as example.com. • The CA certificate to authenticate to the Configuration Directory Server. This is only required if the Directory Server instance will connect to the Configuration Directory Server over LDAPS.
- Page 45 Custom Setup silent setup instead, and use the SchemaFile directive in the .inf to specify additional schema Section 5.5.5.1, “.inf File Directives” files. See for information on .inf directives. The default option is none, which does not import any data. 18.
- Page 46 Chapter 3. Setting up Red Hat Directory Server on Red Hat Enterprise Linux /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen.
-
Page 47: Setting Up Red Hat Directory Server On Hp-Ux 11I
Chapter 4. Setting up Red Hat Directory Server on HP-UX 11i Installing and configuring Red Hat Directory Server on HP-UX has three major steps: 1. Install the required version of the JDK. 2. Install the Directory Server packages. 3. Run the setup program. The setup step is where all of the information about the new Directory Server instance is supplied. -
Page 48: Installing The Directory Server Packages
Chapter 4. Setting up Red Hat Directory Server on HP-UX 11i IMPORTANT When the new JDK is installed for Directory Server 8.1, it is no longer possible to manage older instances of Directory Server using the Directory Server Console because the required JDKs for the different Directory Server versions are different. - Page 49 Express Setup NOTE The Directory Server requires the fully-qualified domain name to set up the servers, as Section 1.2.1, “Resolving the Fully-qualified Domain Name”. The setup script described in uses the system's gethostname() function to obtain the hostname (such as ldap) and the /etc/resolv.conf file to identify the domain name (such as example.com).
- Page 50 Chapter 4. Setting up Red Hat Directory Server on HP-UX 11i NOTE To register the Directory Server instance with an existing Configuration Directory Server, select yes. This continues with the registration process rather than the regular express setup process. Registering a new instance with a Configuration Directory Server requires you to supply information about the Configuration Directory Server: •...
-
Page 51: Typical Setup
2. Using the Administration Server port number, launch the Console. /opt/dirsrv/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen. 4.4. Typical Setup The typical setup process is the most commonly-used setup process. - Page 52 Chapter 4. Setting up Red Hat Directory Server on HP-UX 11i /opt/dirsrv/sbin/setup-ds-admin.pl This script allows parameters to be passed with it or to specify configuration files to use. The Section 1.3, “About the setup-ds-admin.pl Script”. options are described more in 2.
- Page 53 Typical Setup as a Configuration Directory Server and move to the next typical install step, setting up the administrator user. NOTE To register the Directory Server instance with an existing Configuration Directory Server, select yes. This continues with the registration process rather than the regular typical setup process.
- Page 54 To log into the Directory Server Console to begin setting up your directory service, do the following: 1. Get the Administration Server port number from the Listen parameter in the console.conf configuration file. grep \^Listen /etc/dirsrv/admin-serv/console.conf Listen 0.0.0.0:9830 2. Using the Administration Server port number, launch the Console. /opt/dirsrv/bin/redhat-idm-console -a http://localhost:9830...
-
Page 55: Custom Setup
Custom Setup NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen. 4.5. Custom Setup Custom setup provides two special configuration options that allow you to add information to the Directory Server databases during the setup period. - Page 56 Chapter 4. Setting up Red Hat Directory Server on HP-UX 11i NOTE The Directory Server requires the fully-qualified domain name to set up the servers, Section 1.2.1, “Resolving the Fully-qualified Domain Name”. The as described in setup script uses the system's gethostname() function to obtain the hostname (such as ldap) and the /etc/resolv.conf file to identify the domain name (such as example.com).
- Page 57 Custom Setup • The administrator user's password. • The Configuration Directory Server Admin domain, such as example.com. • The CA certificate to authenticate to the Configuration Directory Server. This is only required if the Directory Server instance will connect to the Configuration Directory Server over LDAPS.
- Page 58 Chapter 4. Setting up Red Hat Directory Server on HP-UX 11i silent setup instead, and use the SchemaFile directive in the .inf to specify additional schema Section 5.5.5.1, “.inf File Directives” files. See for information on .inf directives. The default option is none, which does not import any data. 18.
- Page 59 Custom Setup /opt/dirsrv/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen.
-
Page 61: Advanced Setup And Configuration
There are six steps to configure the Administration Server to accept the client IP address: 1. On the same machine on which the Administration Server is running launch the Console. /usr/bin/redhat-idm-console 2. In the Administration Server Console, click the Configuration tab, then click the Network tab. -
Page 62: Configuring Proxy Servers For The Administration Server
Chapter 5. Advanced Setup and Configuration WARNING Adding the client machine proxy IP address to the Administration Server creates a potential security hole. 5.1.2. Configuring Proxy Servers for the Administration Server If there are proxies for the HTTP connections on the client machine running the Directory Server Console, the configuration must be changed in one of two ways: •... -
Page 63: Installing Only The Directory Server
Installing Only the Directory Server setup-ds-admin.pl slapd.ServerPort=1100 slapd.RootDNPwd=itsasecret When the installer runs, the Directory Server port default is 1100, and the Directory Manager password is itsasecret. This script can also be run in silent mode, which means the setup program never opens; the Directory Server instance values are taken from a specified file. -
Page 64: Directory Server
Chapter 5. Advanced Setup and Configuration Option Flag Description number of d's increases the debug level. --logfile name This parameter specifies a log file to which to write the output. If this is not set, then the setup information is written to a temporary file. -
Page 65: Silent Setup For Directory Server And Administration Server
Silent Setup for Directory Server and Administration Server 5.5.1. Silent Setup for Directory Server and Administration Server Silent setup is useful at sites where many server instances must be created, especially for heavily replicated sites that will create a large number of consumer servers. Silent setup uses the same scripts that are used to create instances of Directory Server and Administration Server, with a special option signaling that the script is to be run silently. -
Page 66: Silent Directory Server Instance Creation
Chapter 5. Advanced Setup and Configuration After the script runs, the new Directory Server and Administration Server instances are configured and running, as with a standard setup. 5.5.2. Silent Directory Server Instance Creation Like setting up both the Directory Server and Administration Server, silent setup for a single instance is useful for configuring multiple instances quickly. -
Page 67: Sending Parameters In The Command Line
Sending Parameters in the Command Line 5.5.3. Sending Parameters in the Command Line The setup utility, setup-ds-admin.pl, allows settings for all three configuration components — General (host server), slapd (LDAP server), and admin (Administration Server) — to be passed directly in the command line. Command-line arguments correspond to the parameters and values set in the .inf file. - Page 68 Chapter 5. Advanced Setup and Configuration Option Alternate Options Description Example information from a file (set with the --file parameter) rather than interactively. -f name --file=name This sets the path /usr/sbin/setup-ds- and name of the file admin.pl -f /export/ which contains the sample.inf configuration settings for the new Directory...
-
Page 69: Using The Configfile Parameter To Configure The Directory Server
Using the ConfigFile Parameter to Configure the Directory Server Option Alternate Options Description Example setup. Use appropriate caution protection with this file. --logfile name This parameter -l /export/ specifies a log file example2007.log to which to write the For no log file, set the output. -
Page 70: About .Inf File Parameters
Chapter 5. Advanced Setup and Configuration nsds5ReplicaBindDN: cn=replication manager,cn=config For more information on LDIF, see the Directory Server Administrator's Guide. The ConfigFile parameter can be used to create special user entries like the replication manager, to configure views or classes of service, to add new suffixes and databases, to create instances of the Attribute Uniqueness plug-in, and to set many other configurations for Directory Server. - Page 71 About .inf File Parameters 5.5.5.1. .inf File Directives Directive Description Required Example FullMachineName Specifies the fully ldap.example.com qualified domain name of the machine on which you are installing the server. The default is the local host name. SuiteSpotUserID Specifies the user nobody name as which the Directory Server...
- Page 72 Chapter 5. Advanced Setup and Configuration Directive Description Required Example administration domains. ConfigDirectoryAdminID Specifies the user admin ID of the user that has administration privileges to the configuration directory. This is usually admin. ConfigDirectoryAdminPwd Specifies the password for the admin user. Table 5.3.
- Page 73 The default is no. SchemaFile Lists the full path and SchemaFile= /opt/ file name of additional redhat-ds/slapd- schema files; this is example/config/ used if there is custom custom.ldif schema with the old Directory Server.
- Page 74 Chapter 5. Advanced Setup and Configuration Directive Description Required Example ConfigFile Lists the full path and ConfigFile= /path/to/ file name of additional mysuffix-db-config.ldif configuration to add to the new dse.ldif. This could include additional suffixes, databases, replication, or other configuration. This directive may be specified more than once.
- Page 75 About .inf File Parameters Directive Description Required Example servers should run, Section 1.2.4, “Directory Server User Group”. Port Specifies the port that 9830 the Administration Server will use. The default port is 9830. ServerAdminID Specifies the admin administration ID that can be used to access this Administration Server if the configuration...
-
Page 76: Installing The Password Sync Service
Chapter 5. Advanced Setup and Configuration SlapdConfigForMC= UseExistingMC= ServerPort= ServerIdentifier= example Suffix= dc=example,dc=com RootDN= cn=directory manager RootDNPwd= Secret123 InstallLdifFile= suggest AddOrgEntries= [admin] SysUser= nobody Port= 9830 ServerIpAddress= 10.14.0.25 ServerAdminID= admin ServerAdminPwd= Admin123 Example 5.1. .inf File for a Custom Installation [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody... - Page 77 Installing the Password Sync Service Passwords can only be synchronized if both the Directory Server and Windows server are running in SSL, the sync agreement is configured over an SSL connection, and certificate databases are configured for Password Sync to access. 1.
- Page 78 Chapter 5. Advanced Setup and Configuration 9. Open a command prompt on the Windows machine, and open the Password Sync installation directory. cd "C:\Program Files\Red Hat Directory Password Synchronization" 10. Create new cert8.db and key.db databases on the Windows machine. certutil.exe -d .
-
Page 79: Uninstalling Directory Server
Uninstalling Directory Server Directory Library Directory Library C:\Program Files\Red nssckbi.dll C:\Program Files\Red nsldif32v60.dll Hat Directory Password Hat Directory Password Synchronization Synchronization C:\Program Files\Red passsync.log C:\Program Files\Red passsync.exe Hat Directory Password Hat Directory Password Synchronization Synchronization C:\Program Files\Red pk12util.exe C:\Program Files\Red msvcr71.dll Hat Directory Password Hat Directory Password... - Page 80 --nodeps rpm -ev svrcore mozldap6 mozldap6-tools perl-Mozilla-LDAP --nodeps rpm -ev redhat-ds-base --nodeps rpm -ev redhat-ds-admin redhat-ds-console redhat-admin-console --nodeps rpm -ev idm-console-framework redhat-idm-console --nodeps On Red Hat Enterprise Linux 5, the packages to remove are as follows: rpm -ev svrcore mozldap mozldap-tools perl-Mozilla-LDAP --nodeps...
-
Page 81: Migrating From Previous Versions
/usr/sbin/migrate-ds-admin.pl --oldsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=password The different migration scenarios and migration script options are described in this chapter. -
Page 82: Migrating 7.1 Servers
WARNING If Directory Server databases have been moved from their default location (/opt/ redhat-ds/slapd-instancename/db), migration will not copy these databases, but will use the directly. This means that if you run migration, you may not be able to go back to the old version. Migration will not remove or destroy the data, but may change the format in such a way that you cannot use the older version of the Directory Server. -
Page 83: About Migrate-Ds-Admin.pl
Required. This is the path to --oldsroot the server root directory in the old 7.1 Directory Server installation. The default path in 7.1 servers is /opt/redhat- ds/. --actualsroot This is used for migrating between two machines to specify the real path to the current server root directory in the old 7.1 Directory Server... - Page 84 Chapter 6. Migrating from Previous Versions Option Alternate Options Description --instance This parameter specifies a specific instance to migrate. This parameter can be used multiple time to migrate several instances simultaneously. By default, the migration script migrates all Directory Server instances on the machine.
-
Page 85: Before Migration
Console write operations are moved from the configuration directory to the server itself. 6.2.2.1. Backing up the Directory Server Configuration All of the configuration files for Directory Server 7.1 instances are in the /opt/redhat-ds/ slapd-serverID/config directory. Other important configuration files for the Administration Server and for shared configuration are in /opt/redhat-ds/admin-serv/config and /opt/redhat- ds/shared/config. -
Page 86: Migrating A Server Or Single Instance
For example, to migrate the Directory Server instance named example and example3, but not example2, the migration command would be as follows: /usr/sbin/migrate-ds-admin.pl --oldsroot /opt/redhat-ds --instance example --instance example3 General.ConfigDirectoryAdminPwd=password NOTE On Red Hat Enterprise Linux 5 (32-bit) machines, the migrate-ds-admin tool is in the /usr/sbin directory. -
Page 87: Migrating Replicated Servers
# /usr/sbin/migrate-ds-admin.pl --oldsroot /opt/redhat-ds/ General.ConfigDirectoryAdminPwd=password /opt/redhat-ds/ is the directory where the old Directory Server is installed. The migration process starts. The legacy Directory Server is migrated, and a new Directory Server 8.1 instance is installed using the configuration information from the legacy Directory Server. -
Page 88: Migrating A Directory Server From One Machine To Another
(actualsroot), such as /opt/redhat-ds. In this case, actualsroot names the original absolute installation directory, which oldsroot gives the path to access that directory. - Page 89 In that case, create a tarball of your old server root directory, and untar it on the target machine. In this example, a tarball was created of /opt/redhat-ds on the source machine, and it was untarred under /migration on the target machine: # /usr/sbin/migrate-ds-admin.pl --oldsroot /migration/opt/redhat-ds --actualsroot /opt/redhat-...
-
Page 90: Migrating A Directory Server From One Platform To Another
On Red Hat Enterprise Linux 5 (32-bit) machines, the migrate-ds-admin tool is in the /usr/sbin directory. On HP-UX machines, the migrate-ds-admin is in the /opt/ dirsrv/sbin directory. The command format to move from one platform to another is similar to the following: # /usr/sbin/migrate-ds-admin.pl --cross --oldsroot server2:/migration/opt/redhat-ds -- actualsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=password... - Page 91 As with migrating Directory Server on the same machine, using the instance parameter allows you to set the specific instance to migrate. For example, this command migrated a Directory Server instance named example: /usr/sbin/migrate-ds-admin.pl --oldsroot server2:/migration/opt/redhat-ds --actualsroot /opt/ redhat-ds --instance example General.ConfigDirectoryAdminPwd=password 1. Stop all Directory Server instances and the Administration Server.
-
Page 92: Upgrading 8.0 Servers
Chapter 6. Migrating from Previous Versions Review all policy settings in the new 8.1 instance and make any changes before putting the system into production. 6.3. Upgrading 8.0 Servers For Directory Server 8.0 servers, it is possible to perform an in-place upgrade. This is significantly simpler than a migration. - Page 93 6. Verify that the packages have been properly updated by checking the version number on one of the Directory Server packages. For example: rpm -qf /usr/sbin/setup-ds-admin.pl redhat-ds-admin-8.1.0-9.el5dsrv Also restart the Directory Server Console to make sure that the version and build numbers are appropriately updated.
- Page 94 Chapter 6. Migrating from Previous Versions nsslapd-plugin-depends-on-type: database nsslapd-pluginId: Distributed Numeric Assignment nsslapd-pluginVersion: 8.1.0 nsslapd-pluginVendor: Red Hat, Inc. nsslapd-pluginDescription: Distributed Numeric Assignment plugin adding new entry cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config dn: cn=MemberOf Plugin,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: MemberOf Plugin nsslapd-pluginPath: libmemberof-plugin nsslapd-pluginInitfunc: memberof_postop_init nsslapd-pluginType: postoperation...
-
Page 95: Migrating An 8.0 Directory Server To 8.1 On Another Machine
Migrating an 8.0 Directory Server to 8.1 on Another Machine 6.3.2. Migrating an 8.0 Directory Server to 8.1 on Another Machine To upgrade Directory Server and move the instance from one machine to another, the 8.0 information must be imported into the new instance manually. This is true for both moving to another machine and moving to a new platform. -
Page 96: Upgrading Password Sync
Chapter 6. Migrating from Previous Versions 4. Copy the LDIF files from the old machine to the new machine. 5. Import the LDIF files into the new Directory Server 8.1 databases. ldif2db -n userRoot -i /path/to/userRoot.ldif ldif2db -n NetscapeRoot -i /path/to/NetscapeRoot.ldif 6.4. -
Page 97: Directory Server File Locations
Chapter 7. General Usage Information This chapter contains common information that you will use after installing Red Hat Directory Server 8.1, such as where files are installed; how to start the Directory Server, Administration Server, and Directory Server Console; and basic troubleshooting information. For more detailed information on using Directory Server, see the Directory Server Administrator's Guide. -
Page 98: Ldap Tool Locations
There is a simple script to launch the Directory Server Console. On Red Hat Enterprise Linux 5 (32- bit), this is in the /usr/bin tool directory, so it can be run as follows: redhat-idm-console HP-UX has a different location for the script:... -
Page 99: Getting The Administration Server Port Number
The login screen prompts for the username, password, and Administration Server location. It is possible to pass other information along with the Console command to supply the Administration Server URL, password, and username. For example: redhat-idm-console -a http://localhost:9830 -u "cn=Directory Manager" -w secret Option Description -a adminURL Specifies a base URL for the instance of Administration Server to log into. -
Page 100: Starting And Stopping Servers
Chapter 7. General Usage Information 7.5. Starting and Stopping Servers 7.5.1. Starting and Stopping Directory Server There are two ways to start, stop, or restart the Directory Server: • There are scripts in the instance directories. For example: /usr/lib/dirsrv/slapd-instance/start-slapd /usr/lib/dirsrv/slapd-instance/restart-slapd /usr/lib/dirsrv/slapd-instance/stop-slapd •... -
Page 101: Troubleshooting
Delete the old password, and enter in the new hashed password. For example: nsslapd-rootpw: {SSHA}nbR/ZeVTwZLw6aJH6oE4obbDbL0OaeleUoT21w== 5. Save the change. 6. Start the Directory Server. For example: service redhat-ds start 7. When the Directory Server restarts, log into the Console again as Directory Manager, and verify that the password works. 7.7. Troubleshooting 7.7.1. -
Page 102: Common Installation Problems
Chapter 7. General Usage Information NOTICE : System is i686-unknown-linux2.6.9-34.EL (1 processor). WARNING: 1011MB of physical memory is available on the system. 1024MB is recommended for best performance on large production system. NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds (120 minutes). - Page 103 Glossary See ACI. access control instruction An instruction that grants or denies permissions to entries in the directory. access control instruction. See Also See ACL. access control list The mechanism for controlling access to your directory. access control list. See Also access rights In the context of access control, specify the level of access granted or denied.
- Page 104 Glossary authentication (1) Process of proving the identity of the client user to the Directory Server. Users must provide a bind DN and either the corresponding password or certificate in order to be granted access to the directory. Directory Server allows the user to perform functions or access files and directories based on the permissions granted to that user by the directory administrator.
- Page 105 certificate A collection of data that associates the public keys of a network user with their DN in the directory. The certificate is stored in the directory as user object attributes. Certificate Authority Company or organization that sells and issues authentication certificates.
- Page 106 Glossary A method for sharing attributes between entries in a way that is invisible to applications. CoS definition entry Identifies the type of CoS you are using. It is stored as an LDAP subentry below the branch it affects. CoS template entry Contains a list of the shared attribute values.
- Page 107 IP address for a hostname from a DNS server, or they look it up in tables maintained on their systems. DNS alias A DNS alias is a hostname that the DNS server knows points to a different host specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases.
- Page 108 Glossary hostname A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, www.example.com is the machine www in the subdomain example and com domain. HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web.
- Page 109 LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms. LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format. LDAP client Software used to request and view LDAP entries from an LDAP Directory Server.
- Page 110 Glossary See supplier. master SNMP master agent. master agent matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data that is unique with high probability and is mathematically extremely hard to produce;...
- Page 111 Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, filesystems, and network parameters throughout a network of computers. Powerful workstation with one or more network management network management station.
- Page 112 Glossary access rights. See Also Encoded messages which form the basis of data exchanges between protocol data unit. SNMP devices. Also pointer CoS A pointer CoS identifies the template entry using the template DN only. presence index Allows searches for entries that contain a specific indexed attribute. protocol A set of rules that describes how devices on a network exchange information.
- Page 113 (2) In the context of replication, when a read-only replica receives an update request, it forwards it to the server that holds the corresponding read-write replica. This forwarding process is called a referral. read-only replica A replica that refers all update operations to read-write replicas. A server can hold any number of read-only replicas.
- Page 114 Glossary schema checking Ensures that entries added or modified in the directory conform to the defined schema. Schema checking is on by default, and users will receive an error if they try to save an entry that does not conform to the schema.
- Page 115 A software library establishing a secure connection between two parties (client and server) used to implement HTTPS, the secure Secure Sockets Layer. version of HTTP. Also called standard index index maintained by default. sub suffix A branch underneath a root suffix. SNMP subagent.
- Page 116 Glossary topology The way a directory tree is divided among physical servers and how these servers link with one another. See TLS. Transport Layer Security A unique number associated with each user on a Unix system. Uniform Resource Locater. The addressing system used by the server and the client to request documents.
- Page 117 Index custom, 32 express, 26 typical, 28 registering Directory Server with Configuration Symbols Directory Server, 54 .inf file, 60 removing a single instance, 69 directives, 61 starting and stopping, 90 samples, 65 starting the Console, 88 uninstalling Directory Server HP-UX, 70 Red Hat Enterprise Linux, 69 Administration domain, 5 user and group, 3...
- Page 118 Index explained, 1 Red Hat Enterprise Linux, 16 HP-UX 11i hardware, 17 Directory Server packages , 38 patches, 17, 17 JDK, 37 system configuration, 17 prerequisites, 1 administration domain, 5 Administration Server user, 5 Password Sync configuration directory, 5 installed files, 68 Directory Administrator, 4 installing, 67 Directory Manager, 4...
- Page 119 re-registering Directory Server with HP-UX, 70 Configuration Directory Server, 54 Red Hat Enterprise Linux, 69 registering Directory Server with Upgrading Configuration Directory Server, 54 scenarios HP-UX 11i all or single instance, 82 custom, 45 different machines, 85 express, 38 replicated site, 84 typical, 41 modes compared, 9 Red Hat Enterprise Linux...
Need help?
Do you have a question about the DIRECTORY SERVER 8.1 - INSTALLATION GUIDE 11-01-2010 and is the answer not in the manual?
Questions and answers