Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.0
11121314151617181920
The directory suffix is the first entry within the directory tree. At least one directory suffix must be
provided when the Directory Server is set up. T he recommended directory suffix name matches your
organization's DNS domain name. For example, if the Directory Server hostname is ldap.example.com,
the directory suffix is dc=example,dc=com. The setup program constructs a default suffix based on the
DNS domain or from the fully-qualified host and domain name provided during setup. This suffix naming
convention is not required, but Red Hat strongly recommends it.
1.2.9. Configuration Directory
The configuration directory is the main directory where configuration information — such as log files,
configuration files, and port numbersis stored. These configuration data get stored in the
o=NetscapeRoot tree. A single Directory Server instance can be both the configuration directory and
the user directory.
If you install Directory Server for general directory services and there is more than one Directory Server
in your organization, you must determine which Directory Server instance will host the configuration
directory tree, o=NetscapeRoot. Make this decision before installing any compatible Directory Server
applications. The configuration directory is usually the first one you set up.
Since the main configuration directory generally experiences low traffic, you can permit its server
instances to coexist on any machine with a heavier-loaded Directory Server instance. However, for large
sites that deploy a large number of Directory Server instances, dedicate a low-end machine for the
configuration directory to improve performance. Directory Server instances write to the configuration
directory, and for larger sites, this write activity can create performance issues for other directory service
activities. The configuration directory can be replicated to increase availability and reliability.
If the configuration directory tree gets corrupted, you may have to re-register or re-configure all Directory
Server instances. To prevent that, always back up the configuration directory after setting up a new
instance; never change a hostname or port number while active in the configuration directory; and do not
modify the configuration directory tree; only the setup program can directly modify a configuration.
1.2.10. Administration Domain
The administration domain allows servers to be grouped together logically when splitting administrative
tasks. T hat level of organization is beneficial, for example, when different divisions within an organization
want individual control of their servers while system administrators require centralized control of all
servers.
When setting up the administration domain, consider the following:
Each administration domain must have an administration domain owner with complete access to all
the domain servers but no access to the servers in other administration domains. T he administration
domain owner may grant individual users administrative access on a server-by-server basis within
the domain.
All servers must share the same configuration directory. T he Configuration Directory Administrator
has complete access to all installed Directory Servers, regardless of the domain.
Servers on two different domains can use different user directories for authentication and user
management.
1.3. About the setup-ds-admin.pl Script
The Directory Server and Admin Server instances are created and configured through a script call
setup-ds-admin.pl. T he Directory Server alone can be created using the setup-ds.pl script.
If simply the setup script is run, then the script launches an interactive installer which prompts for
Chapter 1. Preparing for a Directory Server Installation
13