1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Server
  5. DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE...
  6. Using instruction

Red Hat DIRECTORY SERVER 8.1 - USING CONSOLE 4-28-2008 Using Instruction

Using console
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Red Hat Directory
Server 8.1
Using Red Hat Console
For Red Hat Directory Server
Ella Deon Lackey
Publication date: Released April 28, 2009

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008

Summary of Contents for Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008

  • Page 1 Red Hat Directory Server 8.1 Using Red Hat Console For Red Hat Directory Server Ella Deon Lackey Publication date: Released April 28, 2009...
  • Page 2 Using Red Hat Console Red Hat Directory Server 8.1 Using Red Hat Console For Red Hat Directory Server Edition 8.1.1 Author Ella Deon Lackey Copyright © 2009 Red Hat, Inc. Copyright © 2009 Red Hat, Inc.. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version of the OPL is presently available at http://www.opencontent.org/openpub/).

  • Page 3: Table Of Contents

    Preface 1. Purpose of This Guide ....................v 2. Examples and Formatting ....................v 2.1. Command and File Examples ................v 2.2. Tool Locations ...................... v 2.3. LDAP Locations ....................v 2.4. Text Formatting and Styles ................... vi 3. Additional Reading ......................vii 4.
  • Page 4 Using Red Hat Console 5.1. Granting Admin Privileges to Users for Directory Server and Administration Server ..49 5.2. Setting Access Permissions on Console Elements ............51 6. Using SSL/TLS with Red Hat Console 6.1. Overview of SSL/TLS ....................57 6.2.

  • Page 5: Preface

    Preface Welcome to the Managing Servers with Red Hat Console Guide. Red Hat Directory Server and Administration Server have a special Java-based console which simplifies administering the directories. This guide covers the basic structure of the Red Hat Console for both the Directory Server and the Administration Server and provides an overview of how to use the main Red Hat Console to manage users and access within the Console.

  • Page 6: Text Formatting And Styles

    Preface mozldap directory on Red Hat Enterprise Linux 5 (32-bit) (or /usr/lib64/mozldap for 64-bit systems). However, Red Hat Enterprise Linux systems also include LDAP tools from OpenLDAP in the /usr/ bin directory. It is possible to use the OpenLDAP commands as shown in the examples, but you must use the -x argument to disable SASL, which OpenLDAP tools use by default.

  • Page 7: Additional Reading

    Server and how to use the Administration Server with the Configuration and User Directory Server instances. For the latest information about Directory Server, including current release notes, complete product documentation, technical notes, and deployment information, see the Red Hat Directory Server documentation site at http://www.redhat.com/docs/manuals/dir-server/.

  • Page 8: Giving Feedback

    If there is any error in this Managing Servers with Red Hat Console or there is any way to improve the documentation, please let us know. Bugs can be filed against the documentation for Red Hat Directory Server through Bugzilla, http://bugzilla.redhat.com/bugzilla. Make the bug report as specific as possible, so we can be more effective in correcting any issues: •...

  • Page 9: How The Console, Directory Server, And Administration Server Work Together

    Chapter 1. Overview of Red Hat Console Red Hat Console is the user interface to manage Red Hat Directory Server and Administration Server configuration and directory information. There is a single main Console window which administers the servers (collected and identified in administration domains). The main Console allows you to open server-specific Consoles to manage the settings and information in individual instances.
  • Page 10 Chapter 1. Overview of Red Hat Console When a user logs into Red Hat Console, the Console connects to the Administration Server over Hypertext Transfer Protocol (HTTP). The Administration Server receives requests to administer the different Directory Server instances and performs the changes to the configuration, such as changing a port number.
  • Page 11 How the Console, Directory Server, and Administration Server Work Together Servers can be added to the administration domain in the Console, so that a single Console can manage multiple Directory and Admin Servers. Figure 1.3. A More Complex System NOTE When the terms configuration directory and user directory are used in this guide, they refer to where the configuration information and the user information is stored, regardless...

  • Page 12: Red Hat Console Menus

    Chapter 1. Overview of Red Hat Console of whether that is in the subtrees of a single instance of Directory Server or in two separate instances of Directory Server. 1.2. Red Hat Console Menus There are five menu items in the top menu the Console. The options for each of these menus varies depending on the Console window open (the main Console, Directory Server Console, or Administration Server Console) and the types of objects available in that server area.

  • Page 13: Red Hat Console Tabs

    Red Hat Console Tabs Menu Description • For the Directory Server Console, this provides all of the configuration options for the directory entries, such as advanced property editors or creating new entries. • For the Administration Server Console, this opens a configuration editor, starts, and stops the server.

  • Page 14: The Users And Groups Tab

    Chapter 1. Overview of Red Hat Console Figure 1.5. The Servers and Applications Tab The top of the topology is the administration domain. An administration domain is a collection of host systems and servers that share the same user directory. The server which hosts Directory Server or Administration Server instances belongs to the admin domain;...

  • Page 15: Server-Specific Consoles

    Server-Specific Consoles Figure 1.6. The Users and Groups Tab Switch the directory being searched or where the entries are added through the options in the Users Section 4.1, “Searching for Users and Groups”. menu, as described in 1.4. Server-Specific Consoles The main Console can open into two server-specific windows to manage the Administration Server and Directory Server.

  • Page 16: The Administration Server Console

    Chapter 1. Overview of Red Hat Console Figure 1.7. The Directory Server Console There are four tabs in the Directory Server Console: • Tasks, which has shortcuts to common server operations, including starting and stopping the Directory Server instance, importing and exporting databases, and managing SSL certificates •...
  • Page 17 The Administration Server Console Figure 1.8. The Administration Server Console The Administration Server Console is simpler than the Directory Server Console, with only two tabs: • Tasks, which has shortcuts to common server operations, including starting and stopping the Administration Server instance, setting up logging, and managing SSL certificates •...

  • Page 19: Basic Tasks In The Red Hat Console

    This chapter covers basic tasks in the Red Hat Console, including installing the Console, creating and editing server instances, and configuring the Console appearance. 2.1. Installing the Console The Red Hat Console package, redhat-ds-console.noarch, can be installed on Red Hat Enterprise Linux systems using tools like yum. For example: yum install redhat-idm-console The Red Hat Console package and also be downloaded through Red Hat Network and installed using package management tools such as rpm and pkgadd.

  • Page 20: Opening A Directory Or Administration Server Window

    Reads the password from the -y password.txt specified input file. Table 2.1. Arguments for redhat-idm-console 2.3. Opening a Directory or Administration Server Window The Red Hat Console is the avenue to access instance-specific management windows for the Directory Server and Administration Server. To open a console window for a specific server instance:...

  • Page 21: Changing The Console Appearance

    Changing the Console Appearance 1. Open the Red Hat Console. redhat-idm-console 2. Click the Servers and Applications tab, which lists all of the Directory Server and Administration Server instances within the configured Directory Server domain. 3. In the navigation tree, click a server to select it.

  • Page 22: Changing Profile Locations

    Chapter 2. Basic Tasks in the Red Hat Console Section 2.4.2, “Restoring Default Font Settings” • Section 2.4.3, “Changing Console Fonts” • Section 2.4.4, “Reordering Table Columns” • Section 2.4.5, “Customizing the Main Window” • 2.4.1. Changing Profile Locations The Console formatting is stored in profiles. An entry's profiles can be stored locally, which means that they are only available at a specific workstation, or can be stored in the configuration directory, so they are accessible anywhere.

  • Page 23: Restoring Default Font Settings

    Restoring Default Font Settings • In your configuration directory means that the settings are stored in the Directory Server configuration, making them available no matter where you log into the Console. • On your computer's hard disk stores the setting profiles locally. This is mainly useful if you want specific, different settings used by default on different Consoles, such as a workstation and a laptop.

  • Page 24: Changing Console Fonts

    Chapter 2. Basic Tasks in the Red Hat Console 4. Click OK. 2.4.3. Changing Console Fonts Different parts of the Console, such as table headings and regular text, have different font settings. The font settings are stored in profiles. The profiles define the font family, size, and formatting for every text element.
  • Page 25 Changing Console Fonts To edit the default (or current) profile, simply begin editing the fonts. 4. In the Screen Element column, click a screen element to edit, then click the Change Font button. 5. Edit the font for that specific element. There are three settings which can be changed: the font family, the size, and the formatting (bold or italic).

  • Page 26: Reordering Table Columns

    Chapter 2. Basic Tasks in the Red Hat Console 6. Click OK to save the profile. 7. Restart the Console to apply the changes. To load and use a saved font profile, open the Font tab in the Preference dialog, and simply select the font profile to use and click OK.

  • Page 27: Customizing The Main Window

    Customizing the Main Window 3. When you release the mouse button, the column snaps into its new position. 2.4.5. Customizing the Main Window Different elements of the main Red Hat Console window can be displayed or hidden; this is set by check boxes in the View menu.

  • Page 28: Working With Custom Views

    Chapter 2. Basic Tasks in the Red Hat Console There are three parts of the Console which can be hidden: the navigation tree (the smaller panel on the left of the Console window); the decorative background and banner at the top of the Console window;...
  • Page 29 Working with Custom Views 2. Click New. 3. Choose whether the new view will be public or private, then click OK. • A public view is visible to all Console users by default, but access control instructions (ACIs) Section 2.4.6.3, “Setting Access can be set to restrict access.
  • Page 30 Chapter 2. Basic Tasks in the Red Hat Console • A private view is only visible to the user who sets it, and ACIs cannot be set to change the access to it. 4. In the Edit View window, enter a descriptive name for this view. 5.
  • Page 31 Working with Custom Views 3. Set the access control instructions.
  • Page 32 Chapter 2. Basic Tasks in the Red Hat Console 4. Click OK to save the ACI. For more information on setting access permissions and creating access control instructions, see Chapter 5, Setting Access Controls.

  • Page 33: Managing Server Instances

    Chapter 3. Managing Server Instances The server instances managed by the Red Hat Console are arranged in a hierarchy. At the top is the admin domain. Within the domain are hosts, representing different server machines. Each host has server groups, which identifies an inter-related group of Directory Servers using the same Administration Server instance.

  • Page 34: Creating And Removing Admin Domains

    Chapter 3. Managing Server Instances 4. Click OK. 3.2. Creating and Removing Admin Domains An admin domain is a container entry for server groups (and each server group contains Directory Server instances which are configured to work with the same Configuration Directory Server and the same Administration Server, which is also in the server group).

  • Page 35: Removing An Admin Domain

    Removing an Admin Domain 4. Click OK. To edit an admin domain, select the entry in the server window and click the Edit button. WARNING The admin domain settings affect all servers within the domain. Making any changes to the admin domain settings means that all servers in the domain must be restarted. 3.2.2.

  • Page 36: Creating A New Directory Server Instance

    Chapter 3. Managing Server Instances 4. Click Yes. NOTE Any server group and servers within the domain must be removed before the domain can be deleted. 3.3. Creating a New Directory Server Instance After the default Red Hat Directory Server and Administration Server instances are installed and configured, additional Directory Server instances can be created using the same schema and configuration and in the same installation directory, /etc/dirsrv.

  • Page 37: Deleting A Directory Server Instance

    Deleting a Directory Server Instance Alternatively, click Object in the top menu bar, and select Create Instance Of. 3. Fill in the information for the new instance of Directory Server, including the base DN, Directory Manager, and port. 4. Click OK. 3.4.
  • Page 38 Chapter 3. Managing Server Instances 3. Click Yes to confirm the deletion.

  • Page 39: Managing Directory Server Users And Groups

    Chapter 4. Managing Directory Server Users and Groups Users for both multiple Red Hat Directory Server instances and Administration Server can be created, edited, and searched for in the Red Hat Console. The main Console window can also be used to create organizational units and groups and to add entries to the new ous and groups.
  • Page 40 Chapter 4. Managing Directory Server Users and Groups 3. Click Search. Results are displayed in the list box. To change the search directory: 1. Click the Users and Groups tab. 2. In the top menu, select the User menu item, and choose Change Directory. 3.

  • Page 41: Creating Directory Entries

    Creating Directory Entries • User Directory Host. The fully qualified hostname for the Directory Server instance. • User Directory Port and Secure Connection. The port number for the connection and whether this is an SSL (LDAPS). • User Directory Subtree. The DN of the subtree to search in the directory; for example, dc=example,dc=com for the base DN or ou=Marketing, dc=example,dc=com for a subtree.
  • Page 42 Chapter 4. Managing Directory Server Users and Groups • An administrator doesn't require selecting an organization unit, while the Directory Server user does, because the administrator is automatically added to ou=Groups,ou=Topology,o=NetscapeRoot. 1. Click the Users and Groups tab. 2. Click the Create button, and choose User. Alternatively, open the User option in the top menu, and choose Create >...
  • Page 43 Directory and Administrative Users NOTE When creating an administrator, there is no option to select the ou to which to add the user as there is with a regular Directory Server user. This is because the administrator is added to ou=Groups,ou=Topology,o=NetscapeRoot, with the admin users. The entry can be added to an ou or a view, if views have been added to the directory.

  • Page 44: Groups

    Chapter 4. Managing Directory Server Users and Groups 6. Click OK. 4.2.2. Groups A group consists of users who share a common attribute or are part of a list. Red Hat Directory Server supports three types of groups: static, dynamic, and certificate. Each group differs by the way in which users, or members, are added to it: •...
  • Page 45 Groups 1. Click the Users and Groups tab. 2. Click the Create button, and choose Group. Alternatively, open the User option in the top menu, and choose Create > Group. 3. Select the are in the directory tree under which the entry is created. The subtree entry can be an ou or a view, if views have been added to the directory.
  • Page 46 Chapter 4. Managing Directory Server Users and Groups It is possible to save the new group entry at this point, without adding members. Click OK. 5. Click the Members link to add members to the group, and click the tab of the type of group membership, Static, Dynamic, or Certificate.

  • Page 47: Organizational Units

    Organizational Units NOTE The different kinds of groups and how to configure their members are explained in more detail in the Directory Server Administrator's Guide. 4.2.3. Organizational Units An organizational unit can include a number of groups and users. An org unit usually represents a distinct, logical division in an organization, such as different departments or geographical locations.
  • Page 48 Chapter 4. Managing Directory Server Users and Groups 2. Click the Create button, and choose Organizational Unit. Alternatively, open the User option in the top menu, and choose Create > Organizational Unit. 3. Select the directory subtree under which to locate the new organizational unit. 4.

  • Page 49: Modifying Directory Entries

    Modifying Directory Entries 4.3. Modifying Directory Entries 4.3.1. Editing Entries 1. Search for the entry to edit. Section 4.1, “Searching for Users and Groups” for more information on searching for entries. 2. Select the entry, and click Edit. 3. Edit the entry information, and click OK to save the changes. 4.3.2.

  • Page 50: Changing Administrator Entries

    Chapter 4. Managing Directory Server Users and Groups NOTE Any Red Hat Directory Server entry must have the ntUser object class and required attributes added in order to be synchronized to Active Directory. To enable synchronization: 1. Select or create a user, and click the NT User link. 2.
  • Page 51 Changing Administrator Entries stopping, and restarting servers. The Administration Server Administrator is created so that a user can log into the Red Hat Console when the Directory Server is not running. The Administration Server Administrator does not have an LDAP entry; it exists in the Administration Server's configuration file, / usr/share/dirsrv/properties/admpw.
  • Page 52 Chapter 4. Managing Directory Server Users and Groups 4. Change the administrator's uid and password. The uid is the naming attribute used to log into the Console and run commands. 5. Click OK. NOTE If you are logged into the Console as the Configuration Administrator when you edited the Configuration Administrator entry, update the login information for the directory.

  • Page 53: Changing The Admin Password

    Changing Administrator Entries 1. In the Users and Groups tab, click the User menu in the top menu and select Change Directory. 2. Update the Bind DN and Bind Password fields with the new information for the Configuration Administrator, and click OK. 4.3.3.2.
  • Page 54 Chapter 4. Managing Directory Server Users and Groups 3. Search for the Configuration Administrators group, and click Edit. 4. Click the Members link in the left of the edit window. 5. Click Add, and search for the user to add to the group.

  • Page 55: Removing An Entry From The Directory

    Removing an Entry from the Directory NOTE Only users in the o=NetscapeRoot database can be added to the Configuration Administrators group. This means that the entry must be created as an administrator, Section 4.2.1, “Directory not a regular user, when added through the Console. See and Administrative Users”.

  • Page 57: Setting Access Controls

    Chapter 5. Setting Access Controls Access control instructions (ACIs) can be set in the Red Hat Console to set limits on what users can see and what operations they can perform on Red Hat Directory Server and Administration Server instances managed in the Console. ACIs define what operations users can do with a specific instance of Red Hat Directory Server or Administration Server.
  • Page 58 Chapter 5. Setting Access Controls 3. Click Add to add a new user to the list of administrators for the server. The default users, Directory Manager for the Directory Server and admin for the Administration Server, are not listed in the Set Permissions Dialog box. 4.

  • Page 59: Setting Access Permissions On Console Elements

    Setting Access Permissions on Console Elements 5. Click OK to add the names to the Set Permissions Dialog list, then click OK again to save the changes and close the dialog. NOTE Granting a user the right to administer a server does not automatically allow that user to give others the same right.
  • Page 60 Chapter 5. Setting Access Controls 2. Select the Console element from the list, and click the Permissions button. 3. In the ACI Manager window, click the New button.
  • Page 61 Setting Access Permissions on Console Elements The five inherited ACIs are not displayed by default; to see them listed, click the Show inherited ACIs checkbox. 4. Configure the ACI by setting, at a minimum, the users to which it applies and the rights which are allowed.
  • Page 62 Chapter 5. Setting Access Controls To hide a Console element entirely from the selected users, groups, and hosts, click Check None to block any access. d. Optionally, set the target entry in the subtree, hostnames, or times of day where the ACI is in effect.
  • Page 63 Setting Access Permissions on Console Elements 5. Click OK to save the ACI. 6. Restart Red Hat Console to apply the new ACI.

  • Page 65: Using Ssl/Tls With Red Hat Console

    Chapter 6. Using SSL/TLS with Red Hat Console Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols which set up secure, encrypted communication between an SSL/TLS server and a client which connects to it. In Red Hat Directory Server, the Directory Server can be configured to communicate with LDAP over SSL, LDAPS.
  • Page 66 Chapter 6. Using SSL/TLS with Red Hat Console • A list of acceptable cipher suites • A list of acceptable compression methods • A randomly-generated number 2. The server responds to the client: • The chosen TLS/SSL version (this is the highest version in common with both the server and client) •...

  • Page 67: Installing Certificates

    Installing Certificates 6.2. Installing Certificates Before the Directory Server can be set to run in TLS/SSL, server and CA certificates must be properly installed in the servers. Obtaining and installing certificates consists of the following steps: 1. Generate a certificate request. 2.
  • Page 68 Chapter 6. Using SSL/TLS with Red Hat Console • Server Name. Enter the fully qualified hostname of the Directory Server as it is used in DNS and reverse DNS lookups; for example, dir.example.com. The server name is critical for client- side validation to work, which prevents man-in-the-middle attacks.

  • Page 69: Installing The Certificate

    Installing the Certificate 6. The Request Submission dialog box provides two ways to submit a request: directly to the CA (if there is one internally) or manually. To submit the request manually, select Copy to Clipboard or Save to File to save the certificate request which will be submitted to the CA. 7.
  • Page 70 Chapter 6. Using SSL/TLS with Red Hat Console 2. Select the Server Certs tab, and click Install. 3. Give the certificate location or paste the certificate text in the text box, then click Next.
  • Page 71 Installing the Certificate • In this file. Enter the absolute path to the certificate in this field. • In the following encoded text block. Copy the text from the CA's email or from the created text file, and paste it in this field. 4.

  • Page 72: Trusting A Certificate Authority Or Adding A Certificate Chain

    Chapter 6. Using SSL/TLS with Red Hat Console 6. Provide the password that protects the private key. This password is the same as the one provided Section 6.2.1, “Generating a Certificate Request”. in step After installing the server certificate, it is listed in the Certificates tab. If necessary, configure the Directory Server to trust the CA which issued the server's certificate.
  • Page 73 Trusting a Certificate Authority or Adding a Certificate Chain 3. If the CA's certificate is saved to a file, enter the path in the field provided. Alternatively, copy and paste the certificate, including the headers, into the text box. Click Next. 4.
  • Page 74 Chapter 6. Using SSL/TLS with Red Hat Console 6. Select the purpose of trusting this certificate authority; it is possible to select both options: • Accepting connections from clients (Client Authentication). The server checks that the client's certificate has been issued by a trusted certificate authority. •...

  • Page 75: Enabling Tls/Ssl

    Enabling TLS/SSL NOTE If a CA certificate is incorrectly generated, it is listed in the Server Certificates tab in the Console rather than the CA Certificates tab. The certificate still works as a CA certificate, even though it is listed in the wrong tab. Still, request certificates from a real certificate authority to minimize the risk of using an incorrectly generated certificate and breaking SSL/TLS in the Administration Server.
  • Page 76 Chapter 6. Using SSL/TLS with Red Hat Console b. Restart the Directory Server . It restarts over the regular port. service dirsrv restart slapd-example 4. In the Configuration tab of the Directory Server Console, highlight the server name at the top of the table, and select the Encryption tab.
  • Page 77 Enabling TLS/SSL 8. Click Cipher Settings. By default, all ciphers are selected. 9. Set the preferences for client authentication. • Do not allow client authentication. With this option, the server ignores the client's certificate. This does not mean that the bind will fail. •...
  • Page 78 Chapter 6. Using SSL/TLS with Red Hat Console NOTE To use client certificate-based authentication with replication, configure the consumer server either to allow or to require client authentication. 10. To verify the authenticity of requests, select the Check hostname against name in certificate for outbound SSL connections option.
  • Page 79 Enabling TLS/SSL services no longer work. This is true whether connecting to the Administration Server using the Console or using a web browser. 14. In the Configuration DS tab, change the port number to the new Directory Server secure port information, even if the default port of 636 is used.

  • Page 80: Creating Password Files

    Chapter 6. Using SSL/TLS with Red Hat Console 16. Save the new TLS/SSL settings and Configuration DS and User DS information in the Administration Server Console. 17. Restart the Directory Server. The server must be restarted from the command line. service dirsrv restart slapd-example When the server restarts, it prompts for the PIN or password to unlock the key database.

  • Page 81: Creating A Password File For The Administration Server

    Creating a Password File for the Administration Server WARNING This password is stored in clear text within the password file, so its usage represents a significant security risk. Do not use a password file if the server is running in an unsecured environment.
  • Page 82 Chapter 6. Using SSL/TLS with Red Hat Console grep \^User console.conf 3. In the /etc/dirsrv/admin-serv directory, edit the nss.conf file to point to the location of the new password file. Pass Phrase Dialog: Configure the pass phrase gathering process. The filtering dialog program (`builtin' is a internal terminal dialog) has to provide the pass phrase on stdout.

  • Page 83: Index

    Index user subtree, 1 dynamic group, 36 encryption, 57 Access Control to navigation tree, 49 admin domain fonts creating, 26, 27 changing, 16 administration domain defined, 5 removing, 27 Administration Server groups defined, 1 creating, 37 Administration Server Administrator editing, 41 changing user name or password for, 45 locating, 31 defined, 42...
  • Page 84 Index font, 16 UI permissions, 13 Red Hat Console defined, 1 information panel, 5 logging into, 12 menus, 4 overview of, 1 tabs, 5 searching changing the search directory, 32 for directory entries, 31 server defined, 5 opening a management window for, 12 server group defined, 5 modifying information for, 25...

This manual is also suitable for:

8.1

Table of Contents