Red Hat Directory Server 8.2 Installation Guide Installing Red Hat Directory Server 8.2 Edition 8.2.
Red Hat Directory Server 8.2 Installation Guide Installing Red Hat Directory Server 8.2 Edition 8.2.2 Landmann rlandmann@redhat.
Legal Notice Copyright © 2010 Red Hat, Inc.. T his document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Table of Contents Table of Contents .Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5. . . . . . . . . . 1. Examples and Formatting 5 1.1. Command and File Examples 6 1.2. T ool Locations 6 1.3. LDAP Locations 6 1.4. T ext Formatting and Styles 6 2. Additional Reading 7 3. Giving Feedback 8 4. Documentation History 8 .Chapter . . . . . . . . 1. . . .Preparing . . . .
Red Hat D irectory Server 8.2 Installation Guide 4.2. Working with Directory Server Instances 4.2.1. Creating a New Directory Server Instance 4.2.2. Installing Only the Directory Server 4.3. Registering Servers Using register-ds-admin.pl 4.3.1. register-ds-admin.pl Options 4.3.2. Registering an Existing Directory Server Instance with the Configuration Directory Server 4.4. Updating Directory Server Instances 4.5. Silent Setup 4.5.1. Silent Setup for Directory Server and Admin Server 4.5.2.
Table of Contents .Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 ............ A 90 B 91 C 92 D 94 E 96 F 96 G 96 H 97 I 97 K 98 L 98 M 99 N 100 O 101 P 102 R 103 S 105 T 108 U 109 V 109 X 109 .Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Red Hat D irectory Server 8.
Preface Preface T his installation guide describes the Red Hat Directory Server 8.2 installation process and the migration process. T his manual provides detailed step-by-step procedures for all supported operating systems, along with explanations of the different setup options (express, typical, custom, and silent), additional options for Directory Server instance creation, migrating previous versions of Directory Server, and troubleshooting and basic usage. IMPORTANT Directory Server 8.
Red Hat D irectory Server 8.2 Installation Guide 1.1. Command and File Examples All of the examples for Red Hat Directory Server commands, file locations, and other usage are given for Red Hat Enterprise Linux 5 (64-bit) systems. Be certain to use the appropriate commands and files for your platform. Example 1. Example Command T o start the Red Hat Directory Server: service dirsrv start 1.2. Tool Locations T he tools for Red Hat Directory Server are located in the /usr/bin and the /usr/sbin directories.
Preface NOTE A note provides additional information that can help illustrate the behavior of the system or provide more detail for a specific issue. IMPORTANT Important information is necessary, but possibly unexpected, such as a configuration change that will not persist after a reboot. WARNING A warning indicates potential data loss, as may happen when tuning hardware for maximum performance. 2.
Red Hat D irectory Server 8.2 Installation Guide Red Hat Directory Server Schema Reference provides reference information about the Directory Server schema. Red Hat Directory Server Plug-in Programmer's Guide describes how to write server plug-ins in order to customize and extend the capabilities of Directory Server.
Chapter 1. Preparing for a D irectory Server Installation Chapter 1. Preparing for a Directory Server Installation Before you install Red Hat Directory Server 8.2, there are required settings and information that you need to plan in advance. T his chapter describes the kind of information that you should provide, relevant directory service concepts Directory Server components, and the impact and scope of integrating Directory Server into your computing infrastructure.
Red Hat D irectory Server 8.2 Installation Guide lab.eng.exam ple.com , so the domain name used by the setup script is lab.eng.exam ple.com . Any information in the /etc/resolv.conf file must match the information maintained in the local /etc/hosts file. If there are aliases in the /etc/hosts file, such as ldap1.exam ple.com , that do not match the specified domains in the /etc/resolv.
Chapter 1. Preparing for a D irectory Server Installation NOTE When determining the port numbers you will use, verify that the specified port numbers are not already in use by running a command like netstat. If you are using ports below 1024, such as the default LDAP port (389), you must run the setup program and start the servers as root. You do not, however, have to set the server user ID to root.
Red Hat D irectory Server 8.2 Installation Guide Section 1.2.2, “Port Numbers” has more information on port numbers in Directory Server. 1.2.5. Directory Manager T he Directory Server setup creates a special user called the Directory Manager. T he Directory Manager is a unique, powerful entry that is used to administer all user and configuration tasks. T he Directory Manager is a special entry that does not have to conform to a Directory Server configured suffix; additionally, access controls.
Chapter 1. Preparing for a D irectory Server Installation T he directory suffix is the first entry within the directory tree. At least one directory suffix must be provided when the Directory Server is set up. T he recommended directory suffix name matches your organization's DNS domain name. For example, if the Directory Server hostname is ldap.example.com, the directory suffix is dc=example,dc=com.
Red Hat D irectory Server 8.2 Installation Guide configuration settings for the Directory Server and Admin Server instances. For example: setup-ds-admin.pl T he setup-ds-adm in.pl script can also accept a setup file or have arguments passed with the command to supply configuration information automatically. setup-ds-admin.pl -s -f /export/files/install.inf setup-ds-admin.pl General.FullMachineName=ldap.example.
Chapter 1. Preparing for a D irectory Server Installation NOTE T he section names and parameter names used in the .inf files and on the command line are case sensitive. Refer to T able 1.1, “setup-ds-admin Options” to check the correct capitalization. T he .inf file has an additional option, ConfigFile which imports the contents of any LDIF file into the Directory Server. T his is an extremely useful tool for preconfiguring users, replication, and other directory management entries.
Red Hat D irectory Server 8.2 Installation Guide T able 1.1. setup-ds-admin Options Option Alternate Options Description --silent -s T his sets that the setup script will run in silent mode, drawing the configuration information from a file (set with the --file parameter) or from arguments passed in the command line rather than interactively. --file=name -f name T his sets the path and /usr/sbin/setup-dsname of the file which admin.pl -f contains the /export/sample.
Chapter 1. Preparing for a D irectory Server Installation inf. WARNING T he cache file contains the cleartext passwords supplied during setup. Use appropriate caution and protection with this file. --logfile name -l T his parameter specifies a log file to which to write the output. If this is not set, then the setup information is written to a temporary file. -l /export/example2007.
Red Hat D irectory Server 8.2 Installation Guide information about the directory service, like suffix and configuration directory information, while still proceeding quickly through the setup process. Custom — T he most detailed setup mode. T his provides more control over Admin Server settings and also allows data to be imported into the Directory Server at setup, so that entries are already populated in the databases when the setup is complete.
Chapter 1. Preparing for a D irectory Server Installation T able 1.2. Comparison of Setup T ypes Setup Screen Parameter Input Continue with setup Yes or no N/A Accept license agreement Yes or no N/A Accept dsktune output and continue with setup Yes or no N/A Choose setup type 1 (express) 2 (typical) 3 (custom) Set the computer name ldap.example.
Red Hat D irectory Server 8.2 Installation Guide Give the Configuration Directory Server user ID admin [General] ConfigDirector yAdminID= admin [a] Give the Configuration Directory Server user password [General] ConfigDirector yAdminPwd= password [a] Give the Configuration Directory Server administration domain password example.com [General] AdminDomain= example.com [a] Give the path to the CA certificate (if using LDAPS) /tmp/cacert.asc [General] CACertificate=/ tmp/cacert.
Chapter 1.
Red Hat D irectory Server 8.2 Installation Guide runs Are you ready to configure your servers? nobody Yes or no N/A [a] This o p tio n is o nly availab le if yo u c ho o s e to reg is ter the Direc to ry Server ins tanc e with a Co nfig uratio n Direc to ry Server. [b ] This o p tio n is o nly availab le if yo u c ho o s e not to reg is ter the Direc to ry Server ins tanc e with a Co nfig uratio n Direc to ry Server.
Chapter 2. System Requirements Chapter 2. System Requirements Before configuring the default Red Hat Directory Server 8.2 instances, it is important to verify that the host server has the required system settings and configuration: T he system must have the required packages, patches, and kernel parameter settings. DNS must be properly configured on the target system. T he host server must have a static IP address.
Red Hat D irectory Server 8.2 Installation Guide 2.1.2. Directory Server Supported Platforms Directory Server 8.2 is supported on the following platforms: Red Hat Enterprise Linux 4 x86 (32-bit) Red Hat Enterprise Linux 4 x86_64 (64-bit) Red Hat Enterprise Linux 5 x86 (32-bit) Red Hat Enterprise Linux 5 x86_64 (64-bit) Solaris 9 SPARC (64-bit) NOTE Red Hat Directory Server 8.2 is supported running on a virtual guest on a Red Hat Enterprise Linux virtual server. 2.1.3.
Chapter 2. System Requirements Along with meeting the required operating system patches and platforms, system settings, like the number of file descriptors and T CP information, should be reconfigured to optimize the Directory Server performance. After the packages for Directory Server are installed there is tool called dsktune which can scan a system to check for required and installed patches, memory, system configuration, and other settings required by Directory Server.
Red Hat D irectory Server 8.2 Installation Guide NOTE Red Hat Directory Server is also supported running on a virtual guest on a Red Hat Enterprise Linux virtual server. Both Red Hat Enterprise Linux versions on both 32-bit and 64-bit platforms have the same system requirements, as listed in T able 2.2, “Red Hat Enterprise Linux Operating System and Hardware Requirements”. T he patches required are listed in Section 2.3.
Chapter 2. System Requirements 2.3.2. Red Hat Enterprise Linux System Configuration After verifying the system's kernel and glibc configuration and installing any required modules and patches, fine-tune the Red Hat Enterprise Linux system to work with Directory Server. For the best performance, configure the host server before configuring the Directory Server instance by running the setup-ds-adm in.pl script. Section 2.3.2.1, “Perl Prerequisites” Section 2.3.2.2, “File Descriptors” Section 2.3.2.
Red Hat D irectory Server 8.2 Installation Guide Chapter 3. Setting up Red Hat Directory Server on Red Hat Enterprise Linux Installing and configuring Red Hat Directory Server on Red Hat Enterprise Linux has three major steps: 1. Install OpenJDK 1.6.0. 2. Install the Directory Server packages. 3. Run the setup-ds-adm in.pl script. T his is where all of the information about the new Directory Server instance is supplied.
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux 3.1. Installing OpenJDK Necessary Java libraries are not bundled with Directory Server. T hey must be downloaded and extracted separately before installing the Directory Server packages. Directory Server 8.2 requires Sun JDK 1.6.0 or OpenJDK 1.6.0. IMPORTANT When the new JDK is installed for Directory Server 8.
Red Hat D irectory Server 8.2 Installation Guide channel on Red Hat Network, http://rhn.redhat.com. It is also possible to install the Directory Server packages from media: a. Download the packages from Red Hat Network, and burn them to CD or DVD. b. Insert the media; the system should automatically recognize and mount the disc. c. T here is no autorun feature with the Directory Server packages, so open the directory on the disc containing the Directory Server packages.
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux NOTE T he Directory Server requires the fully-qualified domain name to set up the servers, as described in Section 1.2.1, “Resolving the Fully-qualified Domain Name”. T he setup script uses the system's gethostnam e() function to obtain the hostname (such as ldap) and the /etc/resolv.conf file to identify the domain name (such as exam ple.com ).
Red Hat D irectory Server 8.2 Installation Guide NOTE T o register the Directory Server instance with an existing Configuration Directory Server, select yes. T his continues with the registration process rather than the regular express setup process. Registering a new instance with a Configuration Directory Server requires you to supply information about the Configuration Directory Server: T he Configuration Directory Server URL, such as ldap://ldap.exam ple.
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux 1. Get the Admin Server port number from the Listen parameter in the console.conf configuration file. grep \^Listen /etc/dirsrv/admin-serv/console.conf Listen 0.0.0.0:9830 2. Using the Admin Server port number, launch the Console. /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Admin Server port number with the redhat-idm -console command, then you are prompted for it at the Console login screen.
Red Hat D irectory Server 8.2 Installation Guide defaults to the fully-qualified domain name (FQDN) for the host. For example: Computer name [ldap.example.com]: NOTE T he Directory Server requires the fully-qualified domain name to set up the servers, as described in Section 1.2.1, “Resolving the Fully-qualified Domain Name”. T he setup script uses the system's gethostnam e() function to obtain the hostname (such as ldap) and the /etc/resolv.conf file to identify the domain name (such as exam ple.com ).
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux NOTE T o register the Directory Server instance with an existing Configuration Directory Server, select yes. T his continues with the registration process rather than the regular typical setup process. Registering a new instance with a Configuration Directory Server requires you to supply information about the Configuration Directory Server: T he Configuration Directory Server URL, such as ldap://ldap.exam ple.
Red Hat D irectory Server 8.2 Installation Guide Are you ready to set up your servers? [yes]: Creating directory server . . . Your new DS instance 'example2' was successfully created. Creating the configuration directory server . . . Beginning Admin Server reconfiguration . . . Creating Admin Server files and directories . . . Updating adm.conf . . . Updating admpw . . . Registering admin server with the configuration directory server . . . Updating adm.
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux WARNING If Directory Server is already installed on your machine, it is extremely important that you perform a migration, not a fresh installation. Migration is described in Chapter 5, Migrating from Previous Versions. 1. After the Directory Server packages are installed as described in Section 3.2, “Installing the Directory Server Packages”, then launch the setup-ds-adm in.pl script. # /usr/sbin/setup-ds-admin.
Red Hat D irectory Server 8.2 Installation Guide instance, called the Configuration Directory Server. T his registers the new instance so it can be managed by the Console. If this is the first Directory Server instance set up on your network, it is not possible to register it with another directory. Select n to set up this Directory Server as a Configuration Directory Server and move to the next custom install step, setting up the administrator user.
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux the Directory Server database. T his option is helpful for evaluation or testing Directory Server features. T his is not required. 17. Select whether to populate the Directory Server with data; this means whether to import an LDIF file with existing data into the Directory Server database. If the answer is yes, then supply a path to the LDIF file or select the suggested file.
Red Hat D irectory Server 8.2 Installation Guide /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Admin Server port number with the redhat-idm -console command, then you are prompted for it at the Console login screen.
Chapter 4. Advanced Setup and Configuration Chapter 4. Advanced Setup and Configuration After the default Directory Server and Admin Server have been configured, there are tools available to manage, create, and remove server instances. T hese include Admin Server configurations to allow people to access the Directory Server files remotely, silent setup tools for installing instances from file configuration, and instance setup and removal scripts. 4.1.
Red Hat D irectory Server 8.2 Installation Guide If there are proxies for the HT T P connections on the client machine running the Directory Server Console, the configuration must be changed in one of two ways: T he proxy settings must be removed from the client machine. Removing proxies on the machine running Directory Server Console allows the client to access the Admin Server directly. T o remove the proxy settings, edit the proxy configuration of the browser which is used to launch the help files.
Chapter 4. Advanced Setup and Configuration NOTE New Directory Server instances can be created through the Directory Server Console; this is described in the Directory Server Administrator's Guide. 4.2.2. Installing Only the Directory Server T he setup-ds.pl command creates an instance of Directory Server without installing the Admin Server or Directory Server Console (so it is not managed by the Directory Server Console). It works exactly the same way as setup-ds-adm in.
Red Hat D irectory Server 8.2 Installation Guide 4.3.2. Registering an Existing Directory Server Instance with the Configuration Directory Server T he Configuration Directory Server uses the o=NetscapeRoot database to store information about the Directory Servers and Admin Servers in your network. T his is used by the Console and the Admin Servers. T his database can belong to a separate Directory Server instance, called the Configuration Directory Server.
Chapter 4. Advanced Setup and Configuration 1. Install the Directory Server packages. 2. Make the setup .inf file. It must specify the following directives: [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.
Red Hat D irectory Server 8.2 Installation Guide NOTE When creating a single instance of Directory Server, the Directory Server packages must already be installed, and the Admin Server must already be configured and running. 1. Make the setup .inf file. It must specify the following directives: [General] FullMachineName= dir.example.
Chapter 4. Advanced Setup and Configuration /usr/sbin/setup-ds-admin.pl General.FullMachineName=ldap.example.com “slapd.Suffix=dc=example,dc=com” slapd.ServerPort=389 NOTE Passing arguments in the command line or specifying an .inf sets the defaults used in the interactive prompt unless they are used with the s (silent) option. Argument values containing spaces or other shell special characters must quoted to prevent the shell from interpreting them.
Red Hat D irectory Server 8.2 Installation Guide T able 4 .2. setup-ds-admin Options Option Alternate Options Description --silent -s T his sets that the setup script will run in silent mode, drawing the configuration information from a file (set with the --file parameter) rather than interactively. --file=name -f name T his sets the path and /usr/sbin/setup-dsname of the file which admin.pl -f contains the /export/sample.inf configuration settings for the new Directory Server instance.
Chapter 4. Advanced Setup and Configuration WARNING T he cache file contains the cleartext passwords supplied during setup. Use appropriate caution and protection with this file. --logfile name -l T his parameter specifies a log file to which to write the output. If this is not set, then the setup information is written to a temporary file. -l /export/example2007.lo g For no log file, set the file name to /dev/null: -l /dev/null 4.5.4.
Red Hat D irectory Server 8.2 Installation Guide dn: cn=replica,cn=dc=example\,dc=com,cn=mapping tree,cn=config changetype: add objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: dc=example,dc=com nsds5replicaid: 7 nsds5replicatype: 3 nsds5flags: 1 nsds5ReplicaPurgeDelay: 604800 nsds5ReplicaBindDN: cn=replication manager,cn=config For more information on LDIF, see the Directory Server Administrator's Guide.
Chapter 4. Advanced Setup and Configuration [General] directive=value directive=value directive=value ... [slapd] directive=value directive=value directive=value ... [admin] directive=value directive=value directive=value T he .inf file directives are explained more in the following sections. Section 4.5.5.1, “.inf File Directives” Section 4.5.5.2, “Sample .inf Files” 4 .5.5.1. .
Red Hat D irectory Server 8.2 Installation Guide T able 4 .3. [General] Directives Directive Description Required Example FullMachineName Specifies the fully qualified domain name of the machine on which you are installing the server. T he default is the local host name. No ldap.example.com SuiteSpotUserID Specifies the user name as which the Directory Server instance runs. T his parameter does not apply to the user as which the Admin Server runs. T he default is user nobody on Linux.
Chapter 4. Advanced Setup and Configuration ConfigDirectoryAdminP wd Specifies the password for the admin user.
Red Hat D irectory Server 8.2 Installation Guide T able 4 .4 . [slapd] Directives Directive Description Required Example ServerPort Specifies the port the No server will use for LDAP connections. For information on selecting server port numbers, see Section 1.2.2, “Port Numbers”. 389 ServerIdentifier Specifies the server identifier. T his value is used as part of the name of the directory in which the Directory Server instance is installed.
Chapter 4. Advanced Setup and Configuration structure and access control. If this directive is used and InstallLdifFile is also used, then this directive has no effect. T he default is no. AddSampleEntries Sets whether to load an LDIF file with entries for the user directory during configuration. T he default is no. No AddSampleEntries = yes InstallLdifFile Populates the new directory with the contents of the specified LDIF file. Using suggest fills in common container entries (like ou=People).
Red Hat D irectory Server 8.2 Installation Guide is not used, then the default is yes, meaning the configuration data are stored in the new instance. UseExistingMC 56 Sets whether to store the configuration data in a separate Configuration Directory Server. If this is not used, then the default is 0, meaning the configuration data are stored in the new instance.
Chapter 4. Advanced Setup and Configuration T able 4 .5. [admin] Directives Directive Description Required Example SysUser Specifies the user as which the Admin Server will run. T he default is user nobody on Linux. T his should be changed for most deployments. For information as to what users your servers should run, see Section 1.2.4, “Directory Server User and Group”. Yes nobody Port Specifies the port that the Admin Server will use. T he default port is 9830.
Red Hat D irectory Server 8.2 Installation Guide Example 4 .1. .inf File for a Custom Installation [General] FullMachineName= ldap.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= Admin123 ConfigDirectoryLdapURL= ldap://ldap.example.
Chapter 4. Advanced Setup and Configuration Example 4 .2. .inf File for Registering the Instance with a Configuration Directory Server (T ypical Setup) [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.
Red Hat D irectory Server 8.2 Installation Guide NOTE T here are two PassSync packages available, one for 32-bit Windows servers and one for 64-bit. Make sure to select the appropriate packages for your Windows platform. 2. Double-click on the PassSync.m si file to install it. 3. T he Password Sync Setup window appears. Hit Next to begin installing. 4.
Chapter 4. Advanced Setup and Configuration certutil.exe -d . -L -n "DS CA cert" 13. Reboot the Windows machine. T he Password Sync service is not available until after a system reboot. NOTE If any Active Directory user accounts exist when Password Sync is first installed, then the passwords for those user accounts cannot be synchronized until they are changed because Password Sync cannot decrypt a password once it has been hashed in Active Directory. T able 4 .6.
Red Hat D irectory Server 8.2 Installation Guide 4.7.1. Removing a Single Directory Server Instance It is possible to remove a single instance of Directory Server without uninstalling the system. /usr/sbin/ds_removal -s server_id -w admin_password [-f] T he ds_rem oval script unregisters the server from the Configuration Directory Server and removes any related files and directories.
Chapter 5. Migrating from Previous Versions Chapter 5. Migrating from Previous Versions Red Hat Directory Server 8.2 supports both a migration path and an in-place upgrade, depending on the version of Directory Server being updated. For Red Hat Directory Server 8.1 servers, perform an in-place upgrade. T his updates all of the Directory Server packages and then uses the setup script to update the server configuration. Red Hat Directory Server 7.1 instances can be migrated to Directory Server 8.2.
Red Hat D irectory Server 8.2 Installation Guide 5.2. Migrating 7.1 Servers Red Hat Directory Server 7.1 servers are migrated to a new Directory Server 8.2 instance. T his uses a special script which carries over the user and configuration data to the new instance. T he migration scenario differs depending on the type of Directory Server 7.1 configuration.
Chapter 5. Migrating from Previous Versions old Directory Server. T here is also one required argument, General.ConfigDirectoryAdminPwd, which gives the password of the directory administrator for the old Directory Server. If either of these are not supplied, the migration script will exit. /usr/sbin/migrate-ds-admin.pl --oldsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=password NOTE On Red Hat Enterprise Linux 5 (64-bit) machines, the m igrate-ds-adm in tool is in the /usr/sbin directory.
Red Hat D irectory Server 8.2 Installation Guide T able 5.1. migrate-ds-admin Options Option Alternate Options General.ConfigDirectoryAdminP wd=password Description Required. T his is the password for the configuration directory administrator of the old Directory Server (the default username is adm in). --oldsroot -o Required. T his is the path to the server root directory in the old 7.1 Directory Server installation. T he default path in 7.1 servers is /opt/redhat-ds/.
Chapter 5. Migrating from Previous Versions another with a different architecture. For cross-platform migrations, only certain data are migrated. T his migration action takes database information exported to LDIF and imports into the new 8.2 databases. Changelog information is not migrated. If a supplier or hub is migrated, then all its replicas must be reinitialized. --debug -d[dddd] T his parameter turns on debugging information. For the d flag, increasing the number of d's increases the debug level.
Red Hat D irectory Server 8.2 Installation Guide 5.2.2. Before Migration For the safety of the Directory Server data, do these things before beginning to migrate the Directory Server instances: Shut down all Directory Server instances and the Admin Server. Back up all of your databases. For servers which have a different configuration directory, make sure that the Directory Server Console write operations are moved from the configuration directory to the server itself.
Chapter 5. Migrating from Previous Versions 10presence.ldif 05rfc2247.ldif 5.2.3. Migrating a Server or Single Instance T o migrate a Directory Server installation to a new one on the same machine, run the migration script, specifying the old server root directory: /usr/sbin/migrate-ds-admin.pl --oldsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=password T hat command automatically migrates every Directory Server instance configured.
Red Hat D irectory Server 8.2 Installation Guide resynchronized. a. Reboot the Windows machine. b. In the Directory Server Console, open the Configuration tab. c. Expand the Replication folder, and select the database. d. Right-click the synchronization agreement, and select Initialize Full Re-synchronization from the drop down menu. 7. Verify the Directory Server settings. IMPORTANT Always verify the Directory Server configuration after migrating from 7.1 to 8.2.
Chapter 5. Migrating from Previous Versions packages. Make the first migrated master the configuration instance since it is not replicated. T hen, register other master and hub servers with the first master Directory Servers configuration instance. T his instance needs to listen on your standard port, usually 389. 5. Run the migration script, as root. IMPORTANT Do not set up the new Directory Server instances with setup-ds-adm in.pl before running the migration script. # /usr/sbin/migrate-ds-admin.
Red Hat D irectory Server 8.2 Installation Guide NOTE If the new machine has a different architecture than the old machine, such as moving from x86 to x86_64, you must perform a cross platform migration, described in Section 5.2.6, “Migrating a Directory Server from One Platform to Another”. T he procedure in this section assumes that the Directory Server is being migrated from one machine to another of the same architecture, such as x86 to x86.
Chapter 5. Migrating from Previous Versions 1. Stop all Directory Server instances and the Admin Server. 2. Back up all the Directory Server user and configuration data. 3. Install the Directory Server 8.2 packages on the new machine which will host Directory Server. 4. Make the old Directory Server accessible to the new machine, either through an NFS-mounted drive or tarball. 5. Run the migration script as root.
Red Hat D irectory Server 8.2 Installation Guide NOTE On Red Hat Enterprise Linux 5 (64-bit) machines, the m igrate-ds-adm in tool is in the /usr/sbin directory. T he command format to move from one platform to another is similar to the following: # /usr/sbin/migrate-ds-admin.pl --cross --oldsroot server2:/migration/opt/redhatds --actualsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=password T he m igrate-ds-adm in command automatically migrates every Directory Server instance configured.
Chapter 5. Migrating from Previous Versions /usr/sbin/migrate-ds-admin.pl --cross --oldsroot server2:/migration/opt/redhat-ds --actualsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=password 8. T he migration process starts. T he legacy Directory Server is migrated, and a new Directory Server 8.2 instance is installed using the configuration information from the legacy Directory Server. 9. After the migration process ends, then the Windows Synchronization service has to be manually resynchronized. a.
Red Hat D irectory Server 8.2 Installation Guide IMPORTANT If there are any duplicate entries (based on duplicate DNs), then the upgrade process makes a copy of the database. It is possible, in an extreme case, that the upgraded database could be twice the size of the original database, until the duplicate antries are resolved. As a precaution, make sure there is enough disk space available for the upgrade, meaning that there is twice the current database size available.
Chapter 5. Migrating from Previous Versions rpm -qf /usr/sbin/setup-ds-admin.pl redhat-ds-admin-8.2.0-0.el5dsrv 6. Verify that the directory databases have been successfully migrated. Directory Server 8.2 normalizes DN syntax during the upgrade process from 8.1. Make sure that the upgraded database is functional and contains all the data before deleting the backups. a. Check the errors log to see if any databases had upgraded DNs.
Red Hat D irectory Server 8.2 Installation Guide ls -R /var/lib/dirsrv/slapd-instance_name/db db: abcRoot abcRoot.orig DBVERSION guardian log.0000000001 db/abcRoot: aci.db4 ancestorid.db4 cn.db4 DBVERSION entrydn.db4 id2entry.db4 db/abcRoot.orig: aci.db4 DBVERSION sn.db4 ancestorid.db4 dnupgrade cn.db4 entrydn.db4 userRoot nsuniqueid.db4 numsubordinates.db4 objectclass.db4 parentid.db4 seeAlso.db4 sn.db4 id2entry.db4 objectclass.db4 nsuniqueid.db4 numsubordinates.db4 parentid.db4 seeAlso.
Chapter 5. Migrating from Previous Versions NOTE Manually restarting the server should only be required for Red Hat Enterprise Linux 4 systems. Other systems should restart automatically. NOTE T he setup-ds-adm in.pl script updates both the Directory Server instances and the local Admin Server instance. However, the Admin Server console shows the old version number, like 8.1.4, even though it has been successfully upgraded. Restart the Admin Server to refresh the version number. 8.
Red Hat D irectory Server 8.2 Installation Guide [..] - upgradedn userRoot: Duplicated entrydn detected: "cn=uid\3djsmith1\2cou\3ddev0\2co\3dengineering0,ou=people,dc=example,d c=com": Entry ID: (10, 11) [..] - upgradedn userRoot: WARNING: Duplicated entry cn=uid\=jsmith1\,ou\=Dev0\,o\=Engineering0,ou=People,dc=example,dc=com is renamed to cn=uid\3Djsmith1\2Cou\3DDev0\2Co\3DEngineering0+nsuniqueid=ae8c95af8fac11df-80000000-00000000,ou=People,dc=example,dc=com; Entry ID: 11 c.
Chapter 5. Migrating from Previous Versions T o upgrade Directory Server and move the instance from one machine to another, the 8.1 information must be imported into the new instance manually. T his is true for both moving to another machine and moving to a new platform. WARNING Migration cannot change the hostname used by the Directory Server and Admin Server. T he old machine must have the same hostname as your new machine. T o commission a new machine on which to run Directory Server 8.
Red Hat D irectory Server 8.2 Installation Guide 4. Copy the LDIF files from the old machine to the new machine. 5. Import the LDIF files into the new Directory Server 8.2 databases. ldif2db -n userRoot -i /path/to/userRoot.ldif ldif2db -n NetscapeRoot -i /path/to/NetscapeRoot.ldif 6. Verify that the directory databases have been successfully migrated. Directory Server 8.2 normalizes DN syntax during the upgrade import process from 8.1.
Chapter 5. Migrating from Previous Versions 8. Run setup-ds.pl with the -u option. T his updates the DN formats in any migrated databases to be compliant with RFC 4514. setup-ds.pl -u 9. Restart the Directory Server and Admin Server. /etc/init.d/dirsrv start /etc/init.d/dirsrv-admin stop 10. Run setup-ds-adm in.pl with the -u option to complete the upgrade process. setup-ds-admin.pl -u 5.4. Upgrading Password Sync T he Password Sync service cannot be upgraded directly.
Red Hat D irectory Server 8.2 Installation Guide Chapter 6. General Usage Information T his chapter contains common information that you will use after installing Red Hat Directory Server 8.2, such as where files are installed; how to start the Directory Server, Admin Server, and Directory Server Console; and basic troubleshooting information. For more detailed information on using Directory Server, see the Directory Server Administrator's Guide. 6.1.
Chapter 6. General Usage Information T able 6.2. Red Hat Enterprise Linux 4 and 5 (x86_64 ) File or Directory Location Log files /var/log/dirsrv/slapd-instance Configuration files /etc/dirsrv/slapd-instance Instance directory /usr/lib64 /dirsrv/slapd-instance Certificate and key databases /etc/dirsrv/slapd-instance Database files /var/lib/dirsrv/slapd-instance Runtime files /var/lock/dirsrv/slapd-instance /var/run/dirsrv/slapd-instance Init scripts /etc/rc.d/init.
Red Hat D irectory Server 8.2 Installation Guide redhat-idm-console -a http://localhost:9830 -u "cn=Directory Manager" -w secret T able 6.3. redhat-idm-console Options Option Description -a adminURL Specifies a base URL for the instance of Admin Server to log into. -f fileName Writes errors and system messages to fileName. -h Prints out the help message for redhat-idm -console.
Chapter 6. General Usage Information Passing the instance name stops or starts only that instance; not giving any name starts or stops all instances. NOTE T he service name for the Directory Server service on Red Hat Enterprise Linux is dirsrv. T he start/stop scripts are in the /usr/sbin directory and are run similar to the service start/stop command: /usr/sbin/{start|stop|restart}-dirsrv instance If the instance name is not given, then the all instances are started or stopped.
Red Hat D irectory Server 8.2 Installation Guide cd /etc/dirsrv/slapd-instance/ vi dse.ldif 4. Locate the nsslapd-rootpw parameter. nsslapd-rootpw: {SSHA}x03lZLMyOPaGH5VB8fcys1IV+TVNbBIOwZEYoQ== Delete the old password, and enter in the new hashed password. For example: nsslapd-rootpw: {SSHA}nbR/ZeVTwZLw6aJH6oE4obbDbL0OaeleUoT21w== 5. Save the change. 6. Start the Directory Server. For example: service redhat-ds start 7.
Chapter 6. General Usage Information Example 6.1. dsktune Output Red Hat Directory Server system tuning analysis version 10-AUGUST-2007. NOTICE : System is i686-unknown-linux2.6.9-34.EL (1 processor). WARNING: 1011MB of physical memory is available on the system. 1024MB is recommended for best performance on large production system. NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds (120 minutes). This may cause temporary server congestion from lost client connections.
Red Hat D irectory Server 8.2 Installation Guide /etc/dirsrv/slapd-instance_name directory. Glossary A access control instruction See ACI. access control list See ACL. access rights In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory. T he following rights can be granted or denied: read, write, add, delete, search, compare, selfwrite, proxy and all.
Glossary regardless of the conditions of the bind. approximate index Allows for efficient approximate or "sounds-like" searches. attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list A list of required and optional attributes for a given entry type or object class.
Red Hat D irectory Server 8.2 Installation Guide bind DN Distinguished name used to authenticate to Directory Server when performing an operation. bind rule In the context of access control, the bind rule specifies the credentials and conditions that a particular user or client must satisfy in order to get access to directory information. branch entry An entry that represents the top of a subtree in the directory.
Glossary server. Programs written to use CGI are called CGI programs or CGI scripts and can be written in many of the common programming languages. CGI programs handle forms or perform output parsing that is not done by the server itself. chaining A method for relaying requests to another server. Results for the request are collected, compiled, and then returned to the client. changelog A changelog is a record that describes the modifications that have occurred on a replica.
Red Hat D irectory Server 8.2 Installation Guide alphabet or how to compare letters with accents to letters without accents. consumer Server containing replicated directory trees or subtrees from a supplier server. consumer server In the context of replication, a server that holds a replica that is copied from a different server is called a consumer for that replica. CoS A method for sharing attributes between entries in a way that is invisible to applications.
Glossary definition entry See CoS definition entry. Directory Access Protocol See DAP. Directory Manager T he privileged database administrator, comparable to the root user in UNIX. Access control does not apply to the Directory Manager. directory service A database application designed to manage descriptive, attribute-based information about people and resources within an organization. directory tree T he logical representation of the information stored in the directory.
Red Hat D irectory Server 8.2 Installation Guide called realthing.yourdomain.domain where the server currently exists. E entry A group of lines in the LDIF file that contains information about an object. entry distribution Method of distributing directory entries across more than one server in order to scale to support large numbers of entries. entry ID list Each index that the directory uses is composed of a table of index keys and matching entry ID lists.
Glossary GSS-API Generic Security Services. T he generic access protocol that is the native way for UNIX-based systems to access and authenticate Kerberos services; also supports session encryption. H hostname A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, www.exam ple.com is the machine www in the subdomain exam ple and com domain. HT ML Hypertext Markup Language. T he formatting language used for documents on the World Wide Web.
Red Hat D irectory Server 8.2 Installation Guide indirect CoS An indirect CoS identifies the template entry using the value of one of the target entry's attributes. international index Speeds up searches for information in international directories. International Standards Organization See ISO. IP address Also Internet Protocol address. A set of numbers, separated by dots, that specifies the actual location of a machine on the Internet (for example, 198.93.93.10).
Glossary LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format. LDBM database A high-performance, disk-based database consisting of a set of large files that contain all of the data assigned to it. T he primary data store in Directory Server. LDIF LDAP Data Interchange Format. Format used to represent Directory Server entries in text form. leaf entry An entry under which there are no other entries. A leaf entry cannot be a branch point in a directory tree.
Red Hat D irectory Server 8.2 Installation Guide master agent See SNMP master agent. matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. MD5 A message digest algorithm by RSA Data Security, Inc.
Glossary T he problem of managing multiple instances of the same information in different directories, resulting in increased hardware and personnel costs. name collisions Multiple entries with the same distinguished name. nested role Allows the creation of roles that contain other roles.
Red Hat D irectory Server 8.2 Installation Guide OID See object identifier. operational attribute Contains information used internally by the directory to keep track of modifications and subtree properties. Operational attributes are not returned in response to a search unless explicitly requested. P parent access When granted, indicates that users have access to entries below their own in the directory tree if the bind DN is the parent of the targeted entry. pass-through authentication See PT A.
Glossary presence index Allows searches for entries that contain a specific indexed attribute. protocol A set of rules that describes how devices on a network exchange information. protocol data unit See PDU. proxy authentication A special form of authentication where the user requesting access to the directory does not bind with its own DN but with a proxy DN. proxy DN Used with proxied authorization.
Red Hat D irectory Server 8.2 Installation Guide string to form the full distinguished name. Also relative distinguished name. read-only replica A replica that refers all update operations to read-write replicas. A server can hold any number of read-only replicas. read-write replica A replica that contains a master copy of directory information and can be updated. A server can hold any number of read-write replicas.
Glossary RFC Request for Comments. Procedures or standards documents submitted to the Internet community. People can send comments on the technologies before they become accepted standards. role An entry grouping mechanism. Each role has members, which are the entries that possess the role. role-based attributes Attributes that appear on an entry because it possesses a particular role within an associated CoS template. root T he most privileged user available on Unix machines.
Red Hat D irectory Server 8.2 Installation Guide Server Console Java-based application that allows you to perform administrative management of your Directory Server from a GUI. server daemon T he server daemon is a process that, once running, listens for and accepts requests from clients. Server Selector Interface that allows you select and configure servers using a browser. server service A process on Windows that, once running, listens for and accepts requests from clients.
Glossary SNMP Used to monitor and manage application processes running on the servers by exchanging data about network activity. Also Simple Network Management Protocol. SNMP master agent Software that exchanges information between the various subagents and the NMS. SNMP subagent Software that gathers information about the managed device and passes the information to the master agent. Also called a subagent.
Red Hat D irectory Server 8.2 Installation Guide supplier server In the context of replication, a server that holds a replica that is copied to a different server is called a supplier for that replica. supplier-initiated replication Replication configuration where supplier servers replicate directory data to any replica servers. symmetric encryption Encryption that uses the same key for both encrypting and decrypting. DES is an example of a symmetric encryption algorithm.
Index T ransport Layer Security See T LS. U uid A unique number associated with each user on a Unix system. URL Uniform Resource Locater. T he addressing system used by the server and the client to request documents. It is often called a location. T he format of a URL is protocol://machine:port/document. T he port number is necessary only on selected servers, and it is often assigned by the server, freeing the user of having to place it in the URL.
Red Hat D irectory Server 8.
Index - starting, Starting the Directory Server Console Directory suffix, Directory Suffix dsktune, Using dsktune E Express setup - Red Hat Enterprise Linux, Express Setup F File locations, Directory Server File Locations Filesystem Hierarchy Standard, Directory Server File Locations Forgotten Directory Manager DN and password, Problem: Forgotten Directory Manager DN and password H Hardware requirements - based on directory size, General Hardware Requirements I Installing - explained, Preparing for a
Red Hat D irectory Server 8.2 Installation Guide - setup-ds-admin.
Index Perl - Red Hat Enterprise Linux, Perl Prerequisites Port number - finding Admin Server, Getting the Admin Server Port Number R Red Hat Enterprise Linux, Setting up Red Hat Directory Server on Red Hat Enterprise Linux - custom setup, Custom Setup - express setup, Express Setup - hardware requirements, Red Hat Enterprise Linux Operating System Requirements - installing Directory Server packages, Installing the Directory Server Packages - installing OpenJDK, Installing OpenJDK - required patches, Red
Red Hat D irectory Server 8.2 Installation Guide - modes compared, Overview of Setup - Red Hat Enterprise Linux - custom, Custom Setup - express, Express Setup - typical, T ypical Setup - silent setup, Silent Setup for Directory Server and Admin Server, Sending Parameters in the Command Line - .inf file, About .inf File Parameters - Directory Server only, Silent Directory Server Instance Creation - table, Overview of Setup setup-ds-admin.pl, About the setup-ds-admin.
Index T ypical setup - Red Hat Enterprise Linux, T ypical Setup U Uninstalling Directory Server - Red Hat Enterprise Linux, Uninstalling Directory Server upgrade - Solaris, Upgrading Directory Server on Solaris Upgrading - scenarios - all or single instance, Upgrading a Server - different machines, Migrating an 8.1 Directory Server to 8.
