Setting up Directory Server on Linux
Installing the JRE -- JAVA
Necessary Java JRE libraries are not bundled with Directory
Server. They must be downloaded and extracted separately before installing the
Directory Server packages.
NOTE
Directory Server 8.0
requires JRE version 1.5.0.
Any Red Hat Enterprise Linux customer can download the required
JRE packages from theRHEL Extras or Supplemental channel in Red Hat Network, and then use native Red Hat
tools to install the package. For example, to install the JRE on Red Hat
Enterprise Linux 4, use the
up2date command:up2date java-1.5.0-ibm
On Red Hat Enterprise Linux 5, use the
yum command:yum install java-1.5.0-ibm
Using
yum or up2date is the preferred and recommended way to install Java.
However, it is also possible to download the JRE from the Java site.
1. Download
the Java libraries from http://www.java.com.
2. Log in
as
root, and install the
JRE. For example:3. rpm -Uvh java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.i386.rpm
After installing the JRE,
Installing the Directory
Server Packages
1. Install
the Directory Server packages. There are two options for installing the
packages: using native Red Hat Enterprise Linux tools (
yum or up2date) or downloading
them from Red Hat Network. The recommended way is to use the Red Hat Enterprise
Linux tools. On Red Hat Enterprise Linux 4, use up2date:2. up2date redhat-ds
On Red Hat
Enterprise Linux 5, use
yum:yum update redhat-ds
NOTE
Both
yum and up2date may install or require additional packages if dependencies
are missing or out-of-date.
Alternatively,
download the latest packages from the Red Hat
Directory Server 8.0 channel on Red Hat
Network, http://rhn.redhat.com.
It is also possible
to install the Directory Server packages from media:
1. Download
the packages from Red Hat Network, and burn them to CD or DVD.
2. Insert
the media; the system should automatically recognize and mount the disc.
3. There
is no
autorun feature with the Directory Server packages, so open the
directory on the disc containing the Directory Server packages. For example:4. cd /media/cdrecorder/RedHat/RPMS/
5. Install
everything in the directory using
rpm:6. ls *.rpm | egrep -iv -e devel -e debuginfo | xargs rpm -ivh
3. After
the Directory Server packages are installed, run the
setup-ds-admin.pl script to set up and configure the default Directory
Server instance and the Administration Server.4. /usr/sbin/setup-ds-admin.pl
5. Accept
the licensing agreement.
6. On the
next screen, review the
dsktune output. If there are any issues that you should address,
exit the setup-ds-admin.pl program, and resolve them. Otherwise, accept the output.
7. Select the setup type, and proceed with configuring the new Directory
Server instance.
Express Setup Use express
installation if you are installing Directory Server for an evaluation or trial.
Because express installation does not offer the choice of selecting the
Directory Server server port number or the directory suffix, among other
settings, Red Hat recommends not using it for production deployments.
1. After
the Directory Server packages are installed as described in “Installing the Directory Server Packages”,
then launch the
setup-ds-admin.pl script.2. # /usr/sbin/setup-ds-admin.pl
NOTE
Run the
setup-ds-admin.pl script as root.
3. Select
y to accept the Red Hat licensing terms.
4. The
dsktune utility runs. Select y to continue with the setup.dsktune checks the available disk space, processor type,
physical memory, and other system data and settings such as TCP/IP ports and
file descriptor settings. If your system does not meet these basic Red Hat
Directory Server requirements, dsktune returns a warning. dsktune warnings do not block the setup process; simply enter y to go to the next step.
5. Next,
choose the setup type. Enter
1 to perform an express setup.
6. The
next step allows you to register your Directory Server with an existing
Directory Server instance, called the Configuration Directory Server. This
registers the new instance so it can be managed by the Console. If this is the
first Directory Server instance set up on your network, it is not possible to
register it with another directory. Select
n to set up this Directory Server as a Configuration
Directory Server and move to the next express install step, setting up the
administrator user.
NOTE
To register the
Directory Server instance with an existing Configuration Directory Server,
select
yes. This continues with
the registration process rather than the regular express setup process.
Registering a new
instance with a Configuration Directory Server requires you to supply
information about the Configuration Directory Server:
o
The Configuration Directory Server URL, such
as
ldap://ldap.example.com:389/o=NetscapeRoot
To use TLS/SSL, set
the protocol as
ldaps:// instead of ldap:// For LDAPS, use the secure port (636) instead of the
standard port (389), and provide a CA certificate.
o
The Configuration Directory Server
administrator's user ID; by default, this is
admin.
o
The administrator user's password.
o
The Configuration Directory Server Admin
domain, such as
example.com.
o
The CA certificate to authenticate to the
Configuration Directory Server. This is only required if the Directory Server
instance will connect to the Configuration Directory Server over LDAPS. This
should be the full path and filename the CA certificate in PEM/ASCII format.
This information is
supplied in place of creating an admin user for the new Directory Server in
steps 6 and 7.
7. Set the
administrator username. The default is
admin.
8. Set the
administrator password and confirm it.
9. Set
the Directory Manager username. The default is
cn=Directory Manager.
10.
Set the Directory Manager password and
confirm it.
11.
The last screen asks if you are ready to set
up your servers. Select
yes.12. Are you ready to set up your servers? [yes]:
13. Creating directory server . . .
14. Your new DS instance 'example' was successfully created.
15. Creating the configuration directory server . . .
16. Beginning Admin Server reconfiguration . . .
17. Creating Admin Server files and directories . . .
18. Updating adm.conf . . .
19. Updating admpw . . .
20. Registering admin server with the configuration directory server . . .
21. Updating adm.conf with information from configuration directory server . . .
22. Updating the configuration for the httpd engine . . .
23. Restarting admin server . . .
24. The admin server was successfully started.
25. Admin server was successfully reconfigured and started.
26. Exiting . . .
27. Log file is '/tmp/setup0C7tiV.log'
The
setup-ds-admin.pl script applies all default options for the Directory
Server configuration, including the instance name (for example, ldap.example.com), domain (for
example, example.com), suffix (for
example, dc=example, dc=com), and port numbers
(389 for the Directory Server instance and 9830 for the Administration Server).
When the
setup-ds-admin.pl script is done, then the Directory Server is configured
and running. To log into the Directory Server Console to begin setting up your
directory service, do the following:
1. Get
the Administration Server port number from the
Listen parameter in the console.confconfiguration file.2. grep \^Listen /etc/dirsrv/admin-serv/console.conf
3.
4. Listen 0.0.0.0:9830
5. Using
the Administration Server port number, launch the Console.
/usr/bin/redhat-idm-console -a http://localhost:9830
Custom Setup
Custom setup provides two special
configuration options that allow you to add information to the Directory Server
databases during the setup period. One imports an LDIF file, which is useful if
you have existing information. The other imports sample data that is included
with Directory Server; this is useful for testing features of Directory Server
and for evaluation.
NOTE
Run the
setup-ds-admin.pl script as root.
The custom setup has the following steps:
WARNING
If Directory Server is
already installed on your machine, it is extremely important that you perform a
migration, not a fresh installation. Migration is described in Chapter 8, Migrating
from Previous Versions.
1. After
the Directory Server packages are installed as described in Section 3.2, “Installing the Directory Server
Packages”, then launch the
setup-ds-admin.pl script.2. # /usr/sbin/setup-ds-admin.pl
3. Select
y to accept the Red Hat licensing terms.
4. The
dsktune utility runs. Select y to continue with the setup.dsktune checks the available disk space, processor type,
physical memory, and other system data and settings such as TCP/IP ports and
file descriptor settings. If your system does not meet these basic Red Hat
Directory Server requirements, dsktune returns a warning. dsktune warnings do not block the setup process; simply entree y to go to the next step.
5. Next,
choose the setup type. Accept the default, option
3, to perform a
custom setup.
6. Set
the computer name of the machine on which the Directory Server is being
configured. This defaults to the fully-qualified domain name (FQDN) for the
host. For example:
7. Computer name [ldap.example.com]:
NOTE
The setup program gets
the host information from the
/etc/resolv.conf file. If there are aliases in the /etc/hosts file, such as ldap.example.com, that do not match
the/etc/resolv.conf settings, you cannot use the default hostname option.
The hostname is very
important. It is used generate the Directory Server instance name, the admin
domain, and the base suffix, among others. If you are using SSL/TLS or
Kerberos, the computer name must be the exact name that clients use to connect
to the system. If you will use DNS, make sure the name resolves to a valid IP
address and that IP address resolves back to this name.
8. Set
the user and group as which the Directory Server process will run. The default
is
nobody:nobody. For example:9. System User [nobody]:
10. System Group [nobody]:
11.
The next step allows you to register your
Directory Server with an existing Directory Server instance, called the Configuration
Directory Server. This registers the new instance so it can be
managed by the Console. If this is the first Directory Server instance set up
on your network, it is not possible to register it with another directory.
Select
n to set up this Directory Server as a Configuration
Directory Server and move to the next custom install step, setting up the
administrator user.
NOTE
To register the
Directory Server instance with an existing Configuration Directory Server,
select
yes. This continues with
the registration process rather than the regular custom setup process.
Registering a new
instance with a Configuration Directory Server requires you to supply
information about the Configuration Directory Server:
o
The Configuration Directory Server URL, such
as
ldap://ldap.example.com:389/o=NetscapeRoot
To use TLS/SSL, set
the protocol as
ldaps:// instead of ldap:// For LDAPS, use the secure port (636) instead of the
standard port (389), and provide a CA certificate.
o
The Configuration Directory Server
administrator's user ID; by default, this is
admin.
o
The administrator user's password.
o
The Configuration Directory Server Admin
domain, such as
example.com.
o
The CA certificate to authenticate to the
Configuration Directory Server. This is only required if the Directory Server
instance will connect to the Configuration Directory Server over LDAPS. This
should be the full path and filename the CA certificate in PEM/ASCII format.
This information is
supplied in place of creating an admin user and domain for the new Directory
Server steps 8, 9, and 10.
12.
Set the
administrator username. The default is
admin.
13.
Set the
administrator password and confirm it.
14.
Set the
administration domain. This defaults to the host's domain. For example:
15. Administration Domain [redhat.com]:
16.
Enter the Directory Server port number. The
default is
389, but if that port
is in use, the setupprogram supplies a
randomly generated one.17. Directory server network port [389]: 1066
18.
Enter the Directory Server identifier; this
defaults to the hostname.
19. Directory server identifier [example]:
20.
Enter the directory suffix. This defaults to
dc=domain name. For example:21. Suffix [dc=redhat, dc=com]:
22.
Set the Directory Manager username. The
default is
cn=Directory Manager.
23.
Set the Directory Manager password and
confirm it.
24.
Select whether you want to install sample
entries with the Directory Server instance. This means that an example LDIF,
with preconfigured users, groups, roles, and other entries, is imported into
the Directory Server database. This option is helpful for evaluation or testing
Directory Server features.
This is not
required.
25.
Select whether to populate the Directory
Server with data; this means whether to import an LDIF file with existing data
into the Directory Server database. If the answer is yes, then supply a path to
the LDIF file or select the suggested file. If the LDIF file requires custom
schema, perform a silent setup instead, and use the
SchemaFile directive in the .inf to specify additional schema files. See Section 6.3.5.1,
“.inf File Directives” for
information on .inf directives.
The default option
is
none, which does not
import any data.
26.
Enter the Administration Server port number.
The default is
9830, but if that port
is in use, thesetup program supplies a randomly generated one.27. Administration port [9830]:
28.
Set an IP address for the new Administration
Server to use. The Administration Server uses a web server, and this parameter
is set in the
console.conf file for the server. Setting this parameter restricts
the Administration Server to that single IP. Leaving it blank, the default,
allows the Administration Server to acquire any IP address.
29.
Set the user as which the Administration
Server process will run. The default is
nobody. For example:30. Run Administration Server as [nobody]:
31.
The last screen asks if you are ready to set
up your servers. Select
yes.32. Are you ready to set up your servers? [yes]:
33. Creating directory server . . .
34. Your new DS instance 'example3' was successfully created.
35. Creating the configuration directory server . . .
36. Beginning Admin Server reconfiguration . . .
37. Creating Admin Server files and directories . . .
38. Updating adm.conf . . .
39. Updating admpw . . .
40. Registering admin server with the configuration directory server . . .
41. Updating adm.conf with information from configuration directory server . . .
42. Updating the configuration for the httpd engine . . .
43. Restarting admin server . . .
44. The admin server was successfully started.
45. Admin server was successfully reconfigured and started.
46. Exiting . . .
47. Log file is '/tmp/setupul88C1.log'
When the
setup-ds-admin.pl script is done, then the Directory Server is configured
and running. To log into the Directory Server Console to begin setting up your
directory service, do the following:
1. Get
the Administration Server port number from the
Listen parameter in the console.confconfiguration file.2. grep \^Listen /etc/dirsrv/admin-serv/console.conf
3.
4. Listen 0.0.0.0:9830
5. Using
the Administration Server port number, launch the Console.
/usr/bin/redhat-idm-console -a http://localhost:9830
No comments:
Post a Comment