Port Numbers - Red Hat DIRECTORY SERVER 8.1 - INSTALLATION GUIDE 11-01-2010 Installation Manual

Chapter 1. Preparing for a Directory Server Installation
# DNS information
#
search lab.eng.example.com eng.example.com example.com
domain example.com
In this /etc/resolv.conf file, the first parameter is search and the first entry is
lab.eng.example.com, so the domain name used by the setup script is lab.eng.example.com.
Any information in the /etc/resolv.conf file must match the information maintained in the local
/etc/hosts file. If there are aliases in the /etc/hosts file, such as ldap1.example.com, that
do not match the specified domains in the /etc/resolv.conf settings, the setup program cannot
generate the correct fully-qualified domain name for the machine as it is used by DNS. All of the
default settings then displayed or accepted by the script are wrong, and this can potentially cause the
setup to fail.
It is possible to set the fully-qualified domain name for the host manually using an .inf file or by
passing the General.FullMachineName argument with the setup command itself. These options
Section 1.3, "About the setup-ds-admin.pl
are described in
evaluation, it is possible to use the /etc/hosts file to resolve the hostname and IP address. This is
not recommended for production environments, though.
It is best to have the local hosts file and DNS properly configured for the server. Remote clients
and server to server operations like replication require that other machines be able to resolve the
hostname of the Directory Server's host. Likewise, both TLS/SSL and SASL/Kerberos require an
accurate fully-qualified domain name for their configuration.

1.2.2. Port Numbers

The Directory Server setup requires two TCP/IP port numbers: one for the Directory Server and one
for the Administration Server. These port numbers must be unique.
The Directory Server instance (LDAP) has a default port number of 389. The Administration Server
port number has a default number of 9830. If the default port number for either server is in use,
then the setup program randomly generates a port number larger than 1024 to use as the default.
Alternatively, you can assign any port number between 1025 and 65535 for the Directory Server and
Administration Server ports; you are not required to use the defaults or the randomly-generated ports.
NOTE
While the legal range of port numbers is 1 to 65535, the Internet Assigned Numbers
Authority (IANA) has already assigned ports 1 to 1024 to common processes. Never
assign a Directory Server port number below 1024 (except for 389/636 for the LDAP
server) because this may conflict with other services.
For LDAPS (LDAP with TLS/SSL), the default port number is 636. The server can listen to both the
LDAP and LDAPS port at the same time. However, the setup program will not allow you to configure
TLS/SSL. To use LDAPS, assign the LDAP port number in the setup process, then reconfigure the
Directory Server to use LDAPS port and the other TLS/SSL parameters afterward. For information on
how to configure LDAPS, see the Directory Server Administrator's Guide.
The Administration Server runs on a web server, so it uses HTTP or HTTPS. However, unlike the
Directory Server which can run on secure (LDAPS) and insecure (LDAP) ports at the same time, the
Administration Server cannot run over both HTTP and HTTPS simultaneously. The setup program,
2
Script". For small deployments or for