Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentDIRECTORY SERVER 7.1 - GATEWAY CUSTOMIZATION
11121314151617181920
one for the Administration Server. These port numbers must be unique.
The Directory Server instance (LDAP) has a default port number of 389. The Administration
Server port number has a default number of 9830. If the default port number for either server is
in use, then the setup program randomly generates a port number larger than 1024 to use as
the default. Alternatively, you can assign any port number between 1025 and 65535 for the
Directory Server and Administration Server ports; you are not required to use the defaults or the
randomly-generated ports.
NOTE
While the legal range of port numbers is 1 to 65535, the Internet Assigned
Numbers Authority (IANA) has already assigned ports 1 to 1024 to common
processes. Never assign a Directory Server port number below 1024 (except for
389/636 for the LDAP server) because this may conflict with other services.
For LDAPS (LDAP with TLS/SSL), the default port number is 636. The server can listen to both
the LDAP and LDAPS port at the same time. However, the setup program will not allow you to
configure TLS/SSL. To use LDAPS, assign the LDAP port number in the setup process, then
reconfigure the Directory Server to use LDAPS port and the other TLS/SSL parameters
afterward. For information on how to configure LDAPS, see the Directory Server Administration
Guide.
The Administration Server runs on a web server, so it uses HTTP or HTTPS. However, unlike
the Directory Server which can run on secure (LDAPS) and insecure (LDAP) ports at the same
time, the Administration Server cannot run over both HTTP and HTTPS simultaneously. The
setup program, setup-ds-admin.pl, does not allow you to configure the Administration Server
to use TLS/SSL. To use TLS/SSL (meaning HTTPS) with the Administration Server, first set up
the Administration Server to use HTTP, then reconfigure it to use HTTPS.
NOTE
When determining the port numbers you will use, verify that the specified port
numbers are not already in use by running a command like netstat.
If you are using ports below 1024, such as the default LDAP port (389), you must run the setup
program and start the servers as root. You do not, however, have to set the server user ID to
root. When it starts, the server binds and listens to its port as root, then immediately drops its
privileges and runs as the non-root server user ID. When the system restarts, the server is
started as root by the initscript. The setuid(2) man page
[http://grove.ufl.edu/cgi-bin/webman?SEARCH+man2+setuid.2.gz] has detailed technical
information.
Chapter 1. Preparing for a Directory Server Installation
2