Thursday, August 27, 2015

Setting up Directory Server on Linux

Setting up Directory Server on Linux


Installing the JRE -- JAVA

Necessary Java JRE libraries are not bundled with Directory Server. They must be downloaded and extracted separately before installing the Directory Server packages.

NOTE

Directory Server 8.0 requires JRE version 1.5.0.
Any Red Hat Enterprise Linux customer can download the required JRE packages from theRHEL Extras or Supplemental channel in Red Hat Network, and then use native Red Hat tools to install the package. For example, to install the JRE on Red Hat Enterprise Linux 4, use the up2date command:
up2date java-1.5.0-ibm
On Red Hat Enterprise Linux 5, use the yum command:
yum install java-1.5.0-ibm
Using yum or up2date is the preferred and recommended way to install Java. However, it is also possible to download the JRE from the Java site.
1.    Download the Java libraries from http://www.java.com.
2.     Log in as root, and install the JRE. For example:
3.          rpm -Uvh java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.i386.rpm
After installing the JRE,

Installing the Directory Server Packages

1.     Install the Directory Server packages. There are two options for installing the packages: using native Red Hat Enterprise Linux tools (yum or up2date) or downloading them from Red Hat Network. The recommended way is to use the Red Hat Enterprise Linux tools. On Red Hat Enterprise Linux 4, use up2date:
2.          up2date redhat-ds
On Red Hat Enterprise Linux 5, use yum:
yum update redhat-ds

NOTE

Both yum and up2date may install or require additional packages if dependencies are missing or out-of-date.
Alternatively, download the latest packages from the Red Hat Directory Server 8.0 channel on Red Hat Network, http://rhn.redhat.com.
It is also possible to install the Directory Server packages from media:
1.     Download the packages from Red Hat Network, and burn them to CD or DVD.
2.     Insert the media; the system should automatically recognize and mount the disc.
3.     There is no autorun feature with the Directory Server packages, so open the directory on the disc containing the Directory Server packages. For example:
4.                cd /media/cdrecorder/RedHat/RPMS/
5.     Install everything in the directory using rpm:
6.                ls *.rpm | egrep -iv -e devel -e debuginfo | xargs rpm -ivh
3.     After the Directory Server packages are installed, run the setup-ds-admin.pl script to set up and configure the default Directory Server instance and the Administration Server.
4.          /usr/sbin/setup-ds-admin.pl
5.     Accept the licensing agreement.
6.     On the next screen, review the dsktune output. If there are any issues that you should address, exit the setup-ds-admin.pl program, and resolve them. Otherwise, accept the output.
7.     Select the setup type, and proceed with configuring the new Directory Server instance.
      Express Setup     Use express installation if you are installing Directory Server for an evaluation or trial. Because express installation does not offer the choice of selecting the Directory Server server port number or the directory suffix, among other settings, Red Hat recommends not using it for production deployments.

1.     After the Directory Server packages are installed as described in “Installing the Directory Server Packages”, then launch the setup-ds-admin.pl script.

2.          # /usr/sbin/setup-ds-admin.pl

NOTE

Run the setup-ds-admin.pl script as root.
3.     Select y to accept the Red Hat licensing terms.
4.     The dsktune utility runs. Select y to continue with the setup.
dsktune checks the available disk space, processor type, physical memory, and other system data and settings such as TCP/IP ports and file descriptor settings. If your system does not meet these basic Red Hat Directory Server requirements, dsktune returns a warning. dsktune warnings do not block the setup process; simply enter y to go to the next step.
5.     Next, choose the setup type. Enter 1 to perform an express setup.
6.     The next step allows you to register your Directory Server with an existing Directory Server instance, called the Configuration Directory Server. This registers the new instance so it can be managed by the Console. If this is the first Directory Server instance set up on your network, it is not possible to register it with another directory. Select n to set up this Directory Server as a Configuration Directory Server and move to the next express install step, setting up the administrator user.

NOTE

To register the Directory Server instance with an existing Configuration Directory Server, select yes. This continues with the registration process rather than the regular express setup process.
Registering a new instance with a Configuration Directory Server requires you to supply information about the Configuration Directory Server:
o                                The Configuration Directory Server URL, such asldap://ldap.example.com:389/o=NetscapeRoot
To use TLS/SSL, set the protocol as ldaps:// instead of ldap:// For LDAPS, use the secure port (636) instead of the standard port (389), and provide a CA certificate.
o                                The Configuration Directory Server administrator's user ID; by default, this is admin.
o                                The administrator user's password.
o                                The Configuration Directory Server Admin domain, such as example.com.
o                                The CA certificate to authenticate to the Configuration Directory Server. This is only required if the Directory Server instance will connect to the Configuration Directory Server over LDAPS. This should be the full path and filename the CA certificate in PEM/ASCII format.
This information is supplied in place of creating an admin user for the new Directory Server in steps 6 and 7.
7.      Set the administrator username. The default is admin.
8.      Set the administrator password and confirm it.
9.     Set the Directory Manager username. The default is cn=Directory Manager.
10.                        Set the Directory Manager password and confirm it.
11.                        The last screen asks if you are ready to set up your servers. Select yes.
12.     Are you ready to set up your servers? [yes]:
13.     Creating directory server . . .
14.     Your new DS instance 'example' was successfully created.
15.     Creating the configuration directory server . . .
16.     Beginning Admin Server reconfiguration . . .
17.     Creating Admin Server files and directories . . .
18.     Updating adm.conf . . .
19.     Updating admpw . . .
20.     Registering admin server with the configuration directory server . . .
21.     Updating adm.conf with information from configuration directory server . . .
22.     Updating the configuration for the httpd engine . . .
23.     Restarting admin server . . .
24.     The admin server was successfully started.
25.     Admin server was successfully reconfigured and started.
26.     Exiting . . .
27.     Log file is '/tmp/setup0C7tiV.log'
The setup-ds-admin.pl script applies all default options for the Directory Server configuration, including the instance name (for example, ldap.example.com), domain (for example, example.com), suffix (for example, dc=example, dc=com), and port numbers (389 for the Directory Server instance and 9830 for the Administration Server).
When the setup-ds-admin.pl script is done, then the Directory Server is configured and running. To log into the Directory Server Console to begin setting up your directory service, do the following:
1.     Get the Administration Server port number from the Listen parameter in the console.confconfiguration file.
2.          grep \^Listen /etc/dirsrv/admin-serv/console.conf
3.           
4.          Listen 0.0.0.0:9830
5.     Using the Administration Server port number, launch the Console.
/usr/bin/redhat-idm-console -a http://localhost:9830

Custom Setup

Custom setup provides two special configuration options that allow you to add information to the Directory Server databases during the setup period. One imports an LDIF file, which is useful if you have existing information. The other imports sample data that is included with Directory Server; this is useful for testing features of Directory Server and for evaluation.

NOTE

Run the setup-ds-admin.pl script as root.
The custom setup has the following steps:

WARNING

If Directory Server is already installed on your machine, it is extremely important that you perform a migration, not a fresh installation. Migration is described in Chapter 8, Migrating from Previous Versions.
1.     After the Directory Server packages are installed as described in Section 3.2, “Installing the Directory Server Packages”, then launch the setup-ds-admin.pl script.
2.          # /usr/sbin/setup-ds-admin.pl
3.     Select y to accept the Red Hat licensing terms.
4.     The dsktune utility runs. Select y to continue with the setup.
dsktune checks the available disk space, processor type, physical memory, and other system data and settings such as TCP/IP ports and file descriptor settings. If your system does not meet these basic Red Hat Directory Server requirements, dsktune returns a warning. dsktune warnings do not block the setup process; simply entree y to go to the next step.
5.     Next, choose the setup type. Accept the default, option 3, to perform a custom setup.
6.     Set the computer name of the machine on which the Directory Server is being configured. This defaults to the fully-qualified domain name (FQDN) for the host. For example:
7.          Computer name [ldap.example.com]:

NOTE

The setup program gets the host information from the /etc/resolv.conf file. If there are aliases in the /etc/hosts file, such as ldap.example.com, that do not match the/etc/resolv.conf settings, you cannot use the default hostname option.
The hostname is very important. It is used generate the Directory Server instance name, the admin domain, and the base suffix, among others. If you are using SSL/TLS or Kerberos, the computer name must be the exact name that clients use to connect to the system. If you will use DNS, make sure the name resolves to a valid IP address and that IP address resolves back to this name.
8.     Set the user and group as which the Directory Server process will run. The default isnobody:nobody. For example:
9.          System User [nobody]:
10.     System Group [nobody]:
11.                        The next step allows you to register your Directory Server with an existing Directory Server instance, called the Configuration Directory Server. This registers the new instance so it can be managed by the Console. If this is the first Directory Server instance set up on your network, it is not possible to register it with another directory. Select n to set up this Directory Server as a Configuration Directory Server and move to the next custom install step, setting up the administrator user.

NOTE

To register the Directory Server instance with an existing Configuration Directory Server, select yes. This continues with the registration process rather than the regular custom setup process.
Registering a new instance with a Configuration Directory Server requires you to supply information about the Configuration Directory Server:
o                                The Configuration Directory Server URL, such asldap://ldap.example.com:389/o=NetscapeRoot
To use TLS/SSL, set the protocol as ldaps:// instead of ldap:// For LDAPS, use the secure port (636) instead of the standard port (389), and provide a CA certificate.
o                                The Configuration Directory Server administrator's user ID; by default, this is admin.
o                                The administrator user's password.
o                                The Configuration Directory Server Admin domain, such as example.com.
o                                The CA certificate to authenticate to the Configuration Directory Server. This is only required if the Directory Server instance will connect to the Configuration Directory Server over LDAPS. This should be the full path and filename the CA certificate in PEM/ASCII format.
This information is supplied in place of creating an admin user and domain for the new Directory Server steps 8, 9, and 10.
12.                         Set the administrator username. The default is admin.
13.                         Set the administrator password and confirm it.
14.                         Set the administration domain. This defaults to the host's domain. For example:
15.     Administration Domain [redhat.com]:
16.                        Enter the Directory Server port number. The default is 389, but if that port is in use, the setupprogram supplies a randomly generated one.
17.     Directory server network port [389]: 1066
18.                        Enter the Directory Server identifier; this defaults to the hostname.
19.     Directory server identifier [example]:
20.                        Enter the directory suffix. This defaults to dc=domain name. For example:
21.     Suffix [dc=redhat, dc=com]:
22.                        Set the Directory Manager username. The default is cn=Directory Manager.
23.                        Set the Directory Manager password and confirm it.
24.                        Select whether you want to install sample entries with the Directory Server instance. This means that an example LDIF, with preconfigured users, groups, roles, and other entries, is imported into the Directory Server database. This option is helpful for evaluation or testing Directory Server features.
This is not required.
25.                        Select whether to populate the Directory Server with data; this means whether to import an LDIF file with existing data into the Directory Server database. If the answer is yes, then supply a path to the LDIF file or select the suggested file. If the LDIF file requires custom schema, perform a silent setup instead, and use the SchemaFile directive in the .inf to specify additional schema files. See Section 6.3.5.1, “.inf File Directives” for information on .inf directives.
The default option is none, which does not import any data.
26.                        Enter the Administration Server port number. The default is 9830, but if that port is in use, thesetup program supplies a randomly generated one.
27.     Administration port [9830]:
28.                        Set an IP address for the new Administration Server to use. The Administration Server uses a web server, and this parameter is set in the console.conf file for the server. Setting this parameter restricts the Administration Server to that single IP. Leaving it blank, the default, allows the Administration Server to acquire any IP address.
29.                        Set the user as which the Administration Server process will run. The default is nobody. For example:
30.     Run Administration Server as [nobody]:
31.                        The last screen asks if you are ready to set up your servers. Select yes.
32.     Are you ready to set up your servers? [yes]:
33.     Creating directory server . . .
34.     Your new DS instance 'example3' was successfully created.
35.     Creating the configuration directory server . . .
36.     Beginning Admin Server reconfiguration . . .
37.     Creating Admin Server files and directories . . .
38.     Updating adm.conf . . .
39.     Updating admpw . . .
40.     Registering admin server with the configuration directory server . . .
41.     Updating adm.conf with information from configuration directory server . . .
42.     Updating the configuration for the httpd engine . . .
43.     Restarting admin server . . .
44.     The admin server was successfully started.
45.     Admin server was successfully reconfigured and started.
46.     Exiting . . .
47.     Log file is '/tmp/setupul88C1.log'
When the setup-ds-admin.pl script is done, then the Directory Server is configured and running. To log into the Directory Server Console to begin setting up your directory service, do the following:
1.     Get the Administration Server port number from the Listen parameter in the console.confconfiguration file.
2.          grep \^Listen /etc/dirsrv/admin-serv/console.conf
3.           
4.          Listen 0.0.0.0:9830
5.     Using the Administration Server port number, launch the Console.
/usr/bin/redhat-idm-console -a http://localhost:9830



No comments:

Post a Comment