Red Hat Directory Server 8.0 Installation Guide for installation and upgrade Edition 8.0.
Red Hat Directory Server 8.0 Installation Guide for installation and upgrade Edition 8.0.
Legal Notice Copyright © 2008 Red Hat, Inc.. T his document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Table of Contents Table of Contents .Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5. . . . . . . . . . 1. Examples and Formatting 5 2. Additional Reading 7 3. Giving Feedback 7 4. Document History 8 .Chapter . . . . . . . . 1. . . .Preparing . . . . . . . . . . .for . . .a. .Directory . . . . . . . . . .Server . . . . . . . Installation . . . . . . . . . . . . . .
Red Hat D irectory Server 8.0 Installation Guide .Chapter ........4 . ...Setting . . . . . . . . up . . . Red . . . . .Hat . . . .Directory . . . . . . . . . . Server . . . . . . . .on . . .HP-UX . . . . . . .11i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4. .6. . . . . . . . . . 4.1. Installing the JRE 46 4.2. Installing the Directory Server Packages 47 4.3. Express Setup 47 4.4. T ypical Setup 50 4.5. Custom Setup 53 .Chapter . . . . . . . . 5. . . .Setting . . . . . . . .up . . . Red .
Table of Contents .Chapter . . . . . . . . 8. . . .Migrating . . . . . . . . . . from . . . . . Previous . . . . . . . . . .Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 ............ 8.1. Migration Overview 96 8.2. About migrate-ds-admin.pl 97 8.3. Before Migration 100 8.3.1. Backing up the Directory Server Configuration 100 8.3.2. Configuring the Directory Server Console 100 8.4. Migration Scenarios 100 8.4.1.
Red Hat D irectory Server 8.
Preface Preface T his installation guide describes the Red Hat Directory Server 8.0 installation process and the migration process. T his manual provides detailed step-by-step procedures for all supported operating systems, along with explanations of the different setup options (express, typical, custom, and silent), additional options for Directory Server instance creation, migrating previous versions of Directory Server, and troubleshooting and basic usage. IMPORTANT Directory Server 8.
Red Hat D irectory Server 8.0 Installation Guide Example 1. Example Command T o start the Red Hat Directory Server: service dirsv start All of the tools for Red Hat Directory Server are located in the /usr/bin directory. T hese tools can be run from any location without specifying the tool location. T here is another important consideration with the Red Hat Directory Server tools.
Preface WARNING A warning indicates potential data loss, as may happen when tuning hardware for maximum performance. 2. Additional Reading T he Directory Server Administrator's Guide describes how to set up, configure, and administer Red Hat Directory Server and its contents. T he instructions for installing the various Directory Server components are contained in the Red Hat Directory Server Installation Guide.
Red Hat D irectory Server 8.0 Installation Guide 4. Document History Revision 8.0.5 January 11, 2010 Adding [slapd] directives per Bugzilla #500475. Ella Deon Lackey Revision 8.0.4 September 9, 2009 Ella Deon Lackey Removing any references to the Directory Server Gateway or Org Chart. Revision 8.0.3 November 4 , 2008 Deon Lackey Changing actualroot to actualsroot in migration chapter, per Bugzilla #467085. Changing some formatting and common content to work with Publican 0.37. Revision 8.0.
Chapter 1. Preparing for a D irectory Server Installation Chapter 1. Preparing for a Directory Server Installation Before you install Red Hat Directory Server 8.0, there are required settings and information that you need to plan in advance. T his chapter describes the kind of information that you should provide, relevant directory service concepts Directory Server components, and the impact and scope of integrating Directory Server into your computing infrastructure.
Red Hat D irectory Server 8.0 Installation Guide NOTE While the legal range of port numbers is 1 to 65535, the Internet Assigned Numbers Authority (IANA) has already assigned ports 1 to 1024 to common processes. Never assign a Directory Server port number below 1024 (except for 389/636 for the LDAP server) because this may conflict with other services. For LDAPS (LDAP with T LS/SSL), the default port number is 636. T he server can listen to both the LDAP and LDAPS port at the same time.
Chapter 1. Preparing for a D irectory Server Installation Listening to Restricted Ports as Unprivileged Users Even though port numbers less than 1024 are restricted, the LDAP server can listen to port 389 (and any port number less than 1024), as long as the server is started by the root user or by init when the system starts up. T he server first binds and listens to the restricted port as root, then immediately drops privileges to the non-root server UID.
Red Hat D irectory Server 8.0 Installation Guide IMPORTANT T he default Administration Server user is the same as the Directory Server user, which is nobody. If the Administration Server is given a different UID, then that user must belong to the group to which the Directory Server user is assigned. 1.2.6. Directory Suffix T he directory suffix is the first entry within the directory tree. At least one directory suffix must be provided when the Directory Server is set up.
Chapter 1. Preparing for a D irectory Server Installation has complete access to all installed Directory Servers, regardless of the domain. Servers on two different domains can use different user directories for authentication and user management. 1.3. About the setup-ds-admin.pl Script T he Directory Server and Administration Server instances are created and configured through a script call setup-ds-admin.pl.
Red Hat D irectory Server 8.0 Installation Guide to set up many Directory Servers. Many of the parameters can be the same, such as ConfigDirectoryLdapURL, ones specific to the host, such as FullMachineName have to be unique. For example: setup-ds-admin.pl -s -f common.inf General.FullMachineName=ldap37.example.com slapd.ServerIdentifier=ldap37 T his command uses the common parameters specified in the com m on.inf file, but overrides FullMachineName and ServerIdentifier with the command line arguments.
Chapter 1. Preparing for a D irectory Server Installation T able 1.1. setup-ds-admin Options Option Alternate Options Description Example --silent -s T his sets that the setup script will run in silent mode, drawing the configuration information from a file (set with the --file parameter) or from arguments passed in the command line rather than interactively. --file=name -f name T his sets the path and /usr/sbin/setup-dsname of the file which admin.pl -f contains the /export/sample.
Red Hat D irectory Server 8.0 Installation Guide --logfile name -l T his parameter specifies a log file to which to write the output. If this is not set, then the setup information is written to a temporary file. -l /export/example2007.lo g For no log file, set the file name to /dev/null: -l /dev/null --update -u T his parameter updates existing Directory Server instances.
Chapter 1. Preparing for a D irectory Server Installation NOTE It is possible to use y and n with the yes and no inputs described in Section 6.3.5, “About .inf File Parameters”.
Red Hat D irectory Server 8.0 Installation Guide T able 1.2. Comparison of Setup T ypes Setup Screen Parameter Input Continue with setup Yes or no N/A Accept license agreement Yes or no N/A Accept dsktune output and continue with setup Yes or no N/A Choose setup type 1 (express) 2 (typical) 3 (custom) Set the computer name ldap.example.
Chapter 1. Preparing for a D irectory Server Installation o=NetscapeRo ot Give the Configuration Directory Server user ID admin [General] ConfigDirector yAdminID= admin [a] Give the Configuration Directory Server user password [General] ConfigDirector yAdminPwd= password [a] Give the Configuration Directory Server administration domain password example.com [General] AdminDomain= example.com [a] Give the path to the CA certificate (if using LDAPS) /tmp/cacert.
Red Hat D irectory Server 8.
Chapter 1. Preparing for a D irectory Server Installation which the Administration Server runs Red Hat Enterprise Linux and Solaris) or daemon (on HP-UX) Are you ready to configure your servers? Yes or no [admin] SysUser= nobody N/A [a] This o p tio n is o nly availab le if yo u c ho o s e to reg is ter the Direc to ry Server ins tanc e with a Co nfig uratio n Direc to ry Server.
Red Hat D irectory Server 8.0 Installation Guide Chapter 2. System Requirements Before configuring the default Red Hat Directory Server 8.0 instances, it is important to verify that the host server has the required system settings and configuration: T he system must have the required packages, patches, and kernel parameter settings. DNS must be properly configured on the target system. T he host server must have a static IP address.
Chapter 2. System Requirements Directory Server is supported on these operating systems: Red Hat Enterprise Linux 4 and 5 (x86 and x86_64), HP-UX 11i (IA 64), and Sun Solaris 9 (sparc 64-bit). T he specific operating system requirements and kernel settings, patches, and libraries are listed for each. Section 2.2.1, “Using dsktune” Section 2.2.2, “Red Hat Enterprise Linux 4 and 5” Section 2.2.3, “HP-UX 11i” Section 2.2.
Red Hat D irectory Server 8.0 Installation Guide NOTE dsktune is run every time the Directory Server configuration script, setup-ds-adm in, is run. 2.2.2.
Chapter 2. System Requirements 2.2.2.1. Red Hat Enterprise Linux Patches T he default kernel and glibc versions for Red Hat Enterprise Linux 4 and 5 are the only required versions for the Red Hat Directory Server host machine. If the machine has a single CPU, the kernel must be presented in the form kernel-x.x.x.x. If the machine has multiple CPUs, the kernel must be presented the form kernel-sm p-x.x.x.x. T o determine the components running on the machine, run rpm -qa.
Red Hat D irectory Server 8.0 Installation Guide 3. T hen increase the maximum number of open files on the system by editing the /etc/security/lim its.conf configuration file. Add the following entry: * - nofile 8192 4. Edit the /etc/pam .d/system -auth, and add this entry: session required /lib/security/$ISA/pam_limits.so 5. Reboot the Linux machine to apply the changes. 2.2.2.2.3.
Chapter 2. System Requirements T able 2.4 . HP-UX 11i Criteria Requirements Operating System HP-UX 11i with the latest patches and upgrades CPU T ype HP 9000 architecture with an Itanium CPU Memory/RAM 256 MB minimum 1 GB RAM for large environments Hard Disk 300 MB of disk space minimum for a typical deployment 2 GB minimum for larger environments 4 GB minimum for very large environments (more than a million entries) You must use the largefile command to configure database files larger than 2 GB.
Red Hat D irectory Server 8.0 Installation Guide 2.2.3.2. HP-UX System Configuration Before setting up Directory Server, tune your HP-UX system so Directory Server can access the respective kernel parameters. T o tune HP-UX systems, enable large file support, set the T IME_WAIT value, and modify kernel parameters. Section 2.2.3.2.1, “Perl Prerequisites” T able 2.6, “HP-UX 11i Kernel Parameters” Section 2.2.3.2.3, “T IME_WAIT Setting” Section 2.2.3.2.4, “Large File Support” Section 2.2.3.2.
Chapter 2. System Requirements 3. Remount the filesystem. /usr/sbin/mount -F vxfs -o largefiles /dev/vg01/export 2.2.3.2.5. DNS Requirements It is very important that DNS and reverse DNS be working correctly on the host machine, especially if you are using T LS/SSL or Kerberos with Directory Server. Configure the DNS resolver and the NIS domain name by the modifying the /etc/resolv.conf, /etc/nsswitch.conf, and /etc/netconfig files, and set the DNS resolver for name resolution.
Red Hat D irectory Server 8.0 Installation Guide T able 2.7.
Chapter 2. System Requirements T able 2.8. Sun Solaris Patches Patch ID Description 112998-03 SunOS 5.9: patch /usr/sbin/syslogd 112875-01 SunOS 5.9: patch /usr/lib/netsvc/rwall/rpc.rwalld 113146-04 SunOS 5.9: Apache Security Patch 113068-05 SunOS 5.9: hpc3130 patch 112963-14 SunOS 5.9: linker patch 113273-08 SunOS 5.9: /usr/lib/ssh/sshd patch 112233-12 SunOS 5.9: Kernel patch 112964-08 SunOS 5.9: /usr/bin/ksh patch 112808 CDE1.5: T ooltalk patch 113279-01 SunOS 5.
Red Hat D irectory Server 8.0 Installation Guide used. T his package contains a 64-bit version of Perl 5.8. It is not possible to use the Perl version installed in /usr/bin/perl on Solaris because it is 32 bit and will not work with Directory Server's 64bit components. 2.2.4 .2.2. T CP T uning Edit the Solaris T CP configuration Directory Server can access local system ports better. If tuned properly, this may enhance network connection speeds.
Chapter 2. System Requirements 2.2.4 .2.4 . File Descriptors For a large deployment or to support a large number of concurrent connections, increase the number of file descriptors available for the Directory Server. T his requires accessing the system-wide maximum file descriptor table. T he governing parameter, rlim_fd_max, is in the /etc/system file. By default, if this parameter is not present, the allowed maximum value is 1024.
Red Hat D irectory Server 8.0 Installation Guide Chapter 3. Setting up Red Hat Directory Server on Red Hat Enterprise Linux Installing and configuring Red Hat Directory Server on Red Hat Enterprise Linux has three major steps: 1. Install the required version of the Java® Runtime Environment (JRE). 2. Install the Directory Server packages. 3. Run the setup-ds-adm in.pl script. T his is where all of the information about the new Directory Server instance is supplied.
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux 3.1. Installing the JRE Necessary Java JRE libraries are not bundled with Directory Server. T hey must be downloaded and extracted separately before installing the Directory Server packages. NOTE Directory Server 8.0 requires JRE version 1.5.0.
Red Hat D irectory Server 8.0 Installation Guide Alternatively, download the latest packages from the Red Hat Directory Server 8.0 channel on Red Hat Network, http://rhn.redhat.com. It is also possible to install the Directory Server packages from media: a. Download the packages from Red Hat Network, and burn them to CD or DVD. b. Insert the media; the system should automatically recognize and mount the disc. c.
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux WARNING If Directory Server is already installed on your machine, it is extremely important that you perform a migration, not a fresh installation. Migration is described in Chapter 8, Migrating from Previous Versions. 1. After the Directory Server packages are installed as described in Section 3.2, “Installing the Directory Server Packages”, then launch the setup-ds-adm in.pl script. # /usr/sbin/setup-ds-admin.
Red Hat D irectory Server 8.0 Installation Guide NOTE T o register the Directory Server instance with an existing Configuration Directory Server, select yes. T his continues with the registration process rather than the regular express setup process. Registering a new instance with a Configuration Directory Server requires you to supply information about the Configuration Directory Server: T he Configuration Directory Server URL, such as ldap://ldap.exam ple.
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux 1. Get the Administration Server port number from the Listen parameter in the console.conf configuration file. grep \^Listen /etc/dirsrv/admin-serv/console.conf Listen 0.0.0.0:9830 2. Using the Administration Server port number, launch the Console.
Red Hat D irectory Server 8.0 Installation Guide Computer name [ldap.example.com]: NOTE T he setup program gets the host information from the /etc/resolv.conf file. If there are aliases in the /etc/hosts file, such as ldap.exam ple.com , that do not match the /etc/resolv.conf settings, you cannot use the default hostname option. T he hostname is very important. It is used generate the Directory Server instance name, the admin domain, and the base suffix, among others.
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux 10. Set the administration domain. T his defaults to the host's domain. For example: Administration Domain [example.com]: 11. Enter the Directory Server port number. T he default is 389, but if that port is in use, the setup program supplies a randomly generated one. Directory server network port [30860]: 1025 12. Enter the Directory Server identifier; this defaults to the hostname. Directory server identifier [example]: 13.
Red Hat D irectory Server 8.0 Installation Guide /usr/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm -console command, then you are prompted for it at the Console login screen. 3.5. Custom Setup Custom setup provides two special configuration options that allow you to add information to the Directory Server databases during the setup period. One imports an LDIF file, which is useful if you have existing information.
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux NOTE T he setup program gets the host information from the /etc/resolv.conf file. If there are aliases in the /etc/hosts file, such as ldap.exam ple.com , that do not match the /etc/resolv.conf settings, you cannot use the default hostname option. T he hostname is very important. It is used generate the Directory Server instance name, the admin domain, and the base suffix, among others.
Red Hat D irectory Server 8.0 Installation Guide Administration Domain [redhat.com]: 11. Enter the Directory Server port number. T he default is 389, but if that port is in use, the setup program supplies a randomly generated one. Directory server network port [389]: 1066 12. Enter the Directory Server identifier; this defaults to the hostname. Directory server identifier [example]: 13. Enter the directory suffix. T his defaults to dc=domain name. For example: Suffix [dc=redhat, dc=com]: 14.
Chapter 3. Setting up Red Hat D irectory Server on Red Hat Enterprise Linux Are you ready to set up your servers? [yes]: Creating directory server . . . Your new DS instance 'example3' was successfully created. Creating the configuration directory server . . . Beginning Admin Server reconfiguration . . . Creating Admin Server files and directories . . . Updating adm.conf . . . Updating admpw . . . Registering admin server with the configuration directory server . . . Updating adm.
Red Hat D irectory Server 8.0 Installation Guide Chapter 4. Setting up Red Hat Directory Server on HP-UX 11i Installing and configuring Red Hat Directory Server on HP-UX has three major steps: 1. Install the required version of the Java® Runtime Environment (JRE). 2. Install the Directory Server packages. 3. Run the setup program. T he setup step is where all of the information about the new Directory Server instance is supplied.
Chapter 4. Setting up Red Hat D irectory Server on HP-UX 11i NOTE Directory Server 8.0 requires JRE version 1.5.0. Download the JRE from http://www.hp.com/products1/unix/java/, and install it according to the HP Java instructions. After installing the JRE, install the Directory Server packages, as described in Section 4.2, “Installing the Directory Server Packages”. 4.2.
Red Hat D irectory Server 8.0 Installation Guide NOTE T he setup program gets the host information from the /etc/resolv.conf file. If there are aliases in the /etc/hosts file, such as ldap.exam ple.com , that do not match the /etc/resolv.conf settings, the setup program cannot use the default hostname option, and setup will fail. WARNING If Directory Server is already installed on your machine, it is extremely important that you perform a migration, not a fresh installation.
Chapter 4. Setting up Red Hat D irectory Server on HP-UX 11i NOTE T o register the Directory Server instance with an existing Configuration Directory Server, select yes. T his continues with the registration process rather than the regular express setup process. Registering a new instance with a Configuration Directory Server requires you to supply information about the Configuration Directory Server: T he Configuration Directory Server URL, such as ldap://ldap.exam ple.
Red Hat D irectory Server 8.0 Installation Guide 1. Get the Administration Server port number from the Listen parameter in the console.conf configuration file. grep \^Listen /etc/dirsrv/admin-serv/console.conf Listen 0.0.0.0:9830 2. Using the Administration Server port number, launch the Console.
Chapter 4. Setting up Red Hat D irectory Server on HP-UX 11i Computer name [ldap.example.com]: NOTE T he setup program gets the host information from the /etc/resolv.conf file. If there are aliases in the /etc/hosts file, such as ldap.exam ple.com , that do not match the /etc/resolv.conf settings, you cannot use the default hostname option. T he hostname is very important. It is used generate the Directory Server instance name, the admin domain, and the base suffix, among others.
Red Hat D irectory Server 8.0 Installation Guide 10. Set the administration domain. T his defaults to the host's domain. For example: Administration Domain [example.com]: 11. Enter the Directory Server port number. T he default is 389, but if that port is in use, the setup program supplies a randomly generated one. Directory server network port [30860]: 1025 12. Enter the Directory Server identifier; this defaults to the hostname. Directory server identifier [example]: 13. Enter the directory suffix.
Chapter 4. Setting up Red Hat D irectory Server on HP-UX 11i /opt/dirsrv/bin/redhat-idm-console -a http://localhost:9830 NOTE If you do not pass the Administration Server port number with the redhat-idm -console command, then you are prompted for it at the Console login screen. 4.5. Custom Setup Custom setup provides two special configuration options that allow you to add information to the Directory Server databases during the setup period.
Red Hat D irectory Server 8.0 Installation Guide NOTE T he setup program gets the host information from the /etc/resolv.conf file. If there are aliases in the /etc/hosts file, such as ldap.exam ple.com , that do not match the /etc/resolv.conf settings, you cannot use the default hostname option. T he hostname is very important. It is used generate the Directory Server instance name, the admin domain, and the base suffix, among others.
Chapter 4. Setting up Red Hat D irectory Server on HP-UX 11i Administration Domain [redhat.com]: 11. Enter the Directory Server port number. T he default is 389, but if that port is in use, the setup program supplies a randomly generated one. Directory server network port [389]: 1066 12. Enter the Directory Server identifier; this defaults to the hostname. Directory server identifier [example]: 13. Enter the directory suffix. T his defaults to dc=domain name.
Red Hat D irectory Server 8.0 Installation Guide Are you ready to set up your servers? [yes]: Creating directory server . . . Your new DS instance 'example3' was successfully created. Creating the configuration directory server . . . Beginning Admin Server reconfiguration . . . Creating Admin Server files and directories . . . Updating adm.conf . . . Updating admpw . . . Registering admin server with the configuration directory server . . . Updating adm.
Chapter 5. Setting up Red Hat D irectory Server on Sun Solaris Chapter 5. Setting up Red Hat Directory Server on Sun Solaris Installing and configuring Red Hat Directory Server on Sun Solaris has three major steps: 1. Install the required version of the Java® Runtime Environment (JRE). 2. Install the Directory Server packages. 3. Run the setup program. T he setup step is where all of the information about the new Directory Server instance is supplied.
Red Hat D irectory Server 8.0 Installation Guide IMPORTANT Solaris requires installing the 32-bit version of the JRE as well as installing the 64-bit version. T he 32-bit version is used for the applet and Java Web Start support. Read http://java.sun.com/j2se/1.5.0/README.html, http://java.sun.com/j2se/1.5.0/ReleaseNotes.html, and http://java.sun.com/j2se/1.5.0/jre/install-solaris-64.html before installing the Directory Server. 1. Under the section Java Runtim e Environm ent (JRE) 5.
Chapter 5. Setting up Red Hat D irectory Server on Sun Solaris 2. Download the Directory Server packages from Red Hat Network. T his can be done through a web browser by logging into Red Hat Network and selecting the Red Hat Directory Server 8.0 channel or it can be done using a tool such as curl or wget with information available on the Red Hat Network channel. 3. Install and update the Solaris packages using pkgadd. for pkg in *.
Red Hat D irectory Server 8.0 Installation Guide for i in `ls *.pkg`; do yes all | pkgtrans $i /directory/ ; done 4. Add the package: yes yes | pkgadd -d /directory/ all If another application such as Red Hat Certificate System is already installed on the server, pkgadd detects the shared packages. Make sure that the pkgadd program replaces any existing versions with the packages included with Directory Server. 5.
Chapter 5. Setting up Red Hat D irectory Server on Sun Solaris 1. After the Directory Server packages are installed as described in Section 5.2, “Installing the Directory Server Packages”, then launch the setup-ds-adm in.pl script. # /usr/sbin/setup-ds-admin.pl NOTE Run the setup-ds-adm in.pl script as root. 2. Select y to accept the Red Hat licensing terms. 3. T he dsktune utility runs. Select y to continue with the setup.
Red Hat D irectory Server 8.0 Installation Guide 10. T he last screen asks if you are ready to set up your servers. Select yes. Are you ready to set up your servers? [yes]: Creating directory server . . . Your new DS instance 'example' was successfully created. Creating the configuration directory server . . . Beginning Admin Server reconfiguration . . . Creating Admin Server files and directories . . . Updating adm.conf . . . Updating admpw . . .
Chapter 5. Setting up Red Hat D irectory Server on Sun Solaris WARNING If Directory Server is already installed on your machine, it is extremely important that you perform a migration, not a fresh installation. Migration is described in Chapter 8, Migrating from Previous Versions. 1. After the Directory Server packages are installed as described in Section 5.2, “Installing the Directory Server Packages”, then launch the setup-ds-adm in.pl script. # /usr/sbin/setup-ds-admin.pl NOTE Run the setup-ds-adm in.
Red Hat D irectory Server 8.0 Installation Guide not possible to register it with another directory. Select n to set up this Directory Server as a Configuration Directory Server and move to the next typical install step, setting up the administrator user. NOTE T o register the Directory Server instance with an existing Configuration Directory Server, select yes. T his continues with the registration process rather than the regular typical setup process.
Chapter 5. Setting up Red Hat D irectory Server on Sun Solaris 17. T he last screen asks if you are ready to set up your servers. Select yes. Are you ready to set up your servers? [yes]: Creating directory server . . . Your new DS instance 'example2' was successfully created. Creating the configuration directory server . . . Beginning Admin Server reconfiguration . . . Creating Admin Server files and directories . . . Updating adm.conf . . . Updating admpw . . .
Red Hat D irectory Server 8.0 Installation Guide WARNING If Directory Server is already installed on your machine, it is extremely important that you perform a migration, not a fresh installation. Migration is described in Chapter 8, Migrating from Previous Versions. 1. After the Directory Server packages are installed as described in Section 5.2, “Installing the Directory Server Packages”, then launch the setup-ds-adm in.pl script. # /usr/sbin/setup-ds-admin.pl 2.
Chapter 5. Setting up Red Hat D irectory Server on Sun Solaris NOTE T o register the Directory Server instance with an existing Configuration Directory Server, select yes. T his continues with the registration process rather than the regular custom setup process. Registering a new instance with a Configuration Directory Server requires you to supply information about the Configuration Directory Server: T he Configuration Directory Server URL, such as ldap://ldap.exam ple.
Red Hat D irectory Server 8.0 Installation Guide silent setup instead, and use the SchemaFile directive in the .inf to specify additional schema files. See Section 6.3.5.1, “.inf File Directives” for information on .inf directives. T he default option is none, which does not import any data. 18. Enter the Administration Server port number. T he default is 9830, but if that port is in use, the setup program supplies a randomly generated one. Administration port [9830]: 19.
Chapter 5. Setting up Red Hat D irectory Server on Sun Solaris NOTE If you do not pass the Administration Server port number with the redhat-idm -console command, then you are prompted for it at the Console login screen.
Red Hat D irectory Server 8.0 Installation Guide Chapter 6. Advanced Setup and Configuration After the default Directory Server and Administration Server have been configured, there are tools available to manage, create, and remove server instances. T hese include Administration Server configurations to allow people to access the Directory Server files remotely, silent setup tools for installing instances from file configuration, and instance setup and removal scripts. 6.1.
Chapter 6. Advanced Setup and Configuration If there are proxies for the HT T P connections on the client machine running the Directory Server Console, the configuration must be changed in one of two ways: T he proxy settings must be removed from the client machine. Removing proxies on the machine running Directory Server Console allows the client to access the Administration Server directly. T o remove the proxy settings, edit the proxy configuration of the browser which is used to launch the help files.
Red Hat D irectory Server 8.0 Installation Guide adm in.pl except that the questions about the Configuration Directory Server and Administration Server are omitted. Using this command to create a Directory Server instance means that the instance has to be managed through the command line or other tools, or it can be registered with the Configuration Directory Server to manage it with the Console. See Section 6.2.
Chapter 6. Advanced Setup and Configuration [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.com:389/o=NetscapeRoot [slapd] SlapdConfigForMC= Yes UseExistingMC= 0 ServerPort= 389 ServerIdentifier= dir Suffix= dc=example,dc=com RootDN= cn=Directory Manager RootDNPwd= password123 AddSampleEntries= No [admin] Port= 9830 ServerIpAddress= 111.
Red Hat D irectory Server 8.0 Installation Guide NOTE When creating a single instance of Directory Server, the Directory Server packages must already be installed, and the Administration Server must already be configured and running. 1. Make the setup .inf file. It must specify the following directives: [General] FullMachineName= dir.example.
Chapter 6. Advanced Setup and Configuration For example, to set the machine name, suffix, and Directory Server port of the new instance, the command is as follows: /usr/sbin/setup-ds-admin.pl General.FullMachineName=ldap.example.com “slapd.Suffix=dc=example, dc=com” slapd.ServerPort=389 NOTE Passing arguments in the command line or specifying an .inf sets the defaults used in the interactive prompt unless they are used with the s (silent) option.
Red Hat D irectory Server 8.0 Installation Guide T able 6.1. setup-ds-admin Options Option Alternate Options Description Example --silent -s T his sets that the setup script will run in silent mode, drawing the configuration information from a file (set with the --file parameter) rather than interactively. --file=name -f name T his sets the path and /usr/sbin/setup-dsname of the file which admin.pl -f contains the /export/sample.inf configuration settings for the new Directory Server instance.
Chapter 6. Advanced Setup and Configuration specifies a log file to which to write the output. If this is not set, then the setup information is written to a temporary file. /export/example2007.lo g For no log file, set the file name to /dev/null: -l /dev/null 6.3.4. Using the ConfigFile Parameter to Configure the Directory Server T he ConfigFile parameter in the .inf is an extremely useful tool to configure the directory from the time it is set up.
Red Hat D irectory Server 8.0 Installation Guide adm in.pl command. NOTE Providing configuration parameters with the setup-ds-adm in.pl command is described in Section 1.3, “About the setup-ds-admin.pl Script”. T he .inf file has three sections: General — which supplies information about the server machine; these are global directives that are common to all your Directory Servers.
Chapter 6. Advanced Setup and Configuration T able 6.2. [General] Directives Directive Description Required Example FullMachineName Specifies the fully qualified domain name of the machine on which you are installing the server. T he default is the local host name. No ldap.example.com SuiteSpotUserID Specifies the user No name as which the Directory Server instance runs. T his parameter does not apply to the user as which the Administration Server runs.
Red Hat D irectory Server 8.0 Installation Guide configuration directory. T his is usually admin. ConfigDirectoryAdminP wd 80 Specifies the password for the admin user.
Chapter 6. Advanced Setup and Configuration T able 6.3. [slapd] Directives Directive Description Required Example ServerPort Specifies the port the No server will use for LDAP connections. For information on selecting server port numbers, see Section 1.2.1, “Port Numbers”. 389 ServerIdentifier Specifies the server identifier. T his value is used as part of the name of the directory in which the Directory Server instance is installed.
Red Hat D irectory Server 8.0 Installation Guide directive has no effect. T he default is no. AddSampleEntries Sets whether to load an LDIF file with entries for the user directory during configuration. T he default is no. No AddSampleEntries = yes InstallLdifFile Populates the new directory with the contents of the specified LDIF file. Using suggest fills in common container entries (like ou=People). Entering a path to an LDIF file imports all of the entries in that file.
Chapter 6. Advanced Setup and Configuration used, then the default is 0, meaning the configuration data are stored in the new instance.
Red Hat D irectory Server 8.0 Installation Guide T able 6.4 . [admin] Directives Directive Description SysUser Specifies the user as Yes which the Administration Server will run. T he default is user nobody on Linux and Solaris and daemon on HP-UX. T his should be changed for most deployments. For information as to what users your servers should run, see Section 1.2.2, “Directory Server User and Group”. nobody Port Specifies the port that the Administration Server will use. T he default port is 9830.
Chapter 6. Advanced Setup and Configuration Example 6.1. .inf File for a Custom Installation [General] FullMachineName= ldap.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= Admin123 ConfigDirectoryLdapURL= ldap://ldap.example.
Red Hat D irectory Server 8.0 Installation Guide Example 6.2. .inf File for Registering the Instance with a Configuration Directory Server (T ypical Setup) [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.
Chapter 6. Advanced Setup and Configuration /usr/sbin/ds_removal -s example1 -w itsasecret /usr/sbin/ds_removal -s example2 -w itsasecret /usr/sbin/ds_removal -s example3 -w itsasecret 2. Stop the Administration Server. service dirsrv-admin stop 3. T hen use the system tools to remove the packages.
Red Hat D irectory Server 8.0 Installation Guide 2. Stop the Administration Server. /etc/init.d/dirsrv-admin stop 3. T hen use the system tools to remove the packages. For example: #!/bin/bash for i in `pkginfo | grep -i rhat | grep -vi rhatperlx | awk '{print $2}'` do pkgrm -n $i done echo "looking for any leftover RHAT packages ...
Chapter 7. General Usage Information Chapter 7. General Usage Information T his chapter contains common information that you will use after installing Red Hat Directory Server 8.0, such as where files are installed; how to start the Directory Server, Administration Server, and Directory Server Console; and basic troubleshooting information. For more detailed information on using Directory Server, see the Directory Server Administrator's Guide. 7.1.
Red Hat D irectory Server 8.0 Installation Guide T able 7.2. Red Hat Enterprise Linux 4 and 5 (x86_64 ) File or Directory Location Log files /var/log/dirsrv/slapd-instance Configuration files /etc/dirsrv/slapd-instance Instance directory /usr/lib64 /dirsrv/slapd-instance Database files /var/lib/dirsrv/slapd-instance Runtime files /var/lock/dirsrv/slapd-instance /var/run/dirsrv/slapd-instance Initscripts /etc/rc.d/init.d/dirsrv and /etc/sysconfig/dirsrv /etc/rc.d/init.
Chapter 7. General Usage Information T able 7.4 . HP-UX 11i (IA64 ) File or Directory Location Log files /var/opt/log/dirsrv/slapd-instance Configuration files /etc/opt/dirsrv/slapd-instance Instance directory /opt/dirsrv/slapd-instance Database files /var/opt/dirsrv/slapd-instance Runtime files /var/opt/dirsrv/instance Binaries /opt/dirsrv/bin/ /opt/dirsrv/sbin/ Libraries /opt/dirsrv/lib/ 7.2.
Red Hat D irectory Server 8.0 Installation Guide subsequent logins, the URL is saved. If you do not pass the Administration Server port number with the redhat-idm -console command, then you are prompted for it at the Console login screen. 7.4. Getting the Administration Server Port Number Logging into the Console requires the Administration Server URL along with a username and password. T he Administration Server has a standard HT T P address; the default is http://hostnam e:9830/.
Chapter 7. General Usage Information service dirsrv-admin {start|stop|restart} On Solaris, the service is init.d: /etc/init.d/dirsrv-admin {start|stop|restart} 7.6. Resetting the Directory Manager Password Passwords are stored in the Directory Server databases and can be modified with tools like ldapm odify and through the Directory Server Console. T he Directory Manager password is stored in the Directory Server configuration files and can be viewed (if lost) and modified by editing that file.
Red Hat D irectory Server 8.0 Installation Guide After the setup, the dsktune utility can determine the Directory Server patch levels and kernel parameter settings. T o launch dsktune, Directory Server has to be installed successfully first. NOTE You must run dsktune as root. On Solaris, dsktune automatically checks the patches and compares them with the current Sun recommended patch lists.
Chapter 7. General Usage Information 7.7.2.2. Problem: T he port is in use When setting up a Directory Server instance, you receive an error that the port is in use. T his is very common when upgrading or migrating an existing server. Solution T his error means that you did not shut down the existing server before beginning the upgrade or migration. Shut down the existing server, and then restart the upgrade process.
Red Hat D irectory Server 8.0 Installation Guide Chapter 8. Migrating from Previous Versions Red Hat Directory Server 6.x and 7.x instances can be migrated to Directory Server 8.0. Migration carries over all data and settings from the older Directory Server to the new Directory Server, including Administration Server and Console information. T his is performed by running a Directory Server-specific script, m igrate-ds-adm in.pl. m igrate-ds-adm in.
Chapter 8. Migrating from Previous Versions WARNING If Directory Server databases have been moved from their default location (/opt/redhatds/slapd-instancenam e/db), migration will not copy these databases, but will use the directly. T his means that if you run migration, you may not be able to go back to the old version. Migration will not remove or destroy the data, but may change the format in such a way that you cannot use the older version of the Directory Server.
Red Hat D irectory Server 8.0 Installation Guide T able 8.1. migrate-ds-admin Options Option Alternate Options General.ConfigDirectoryAdminP wd=password Description Required. T his is the password for the configuration directory administrator of the old Directory Server (the default username is adm in). --oldsroot -o Required. T his is the path to the server root directory in the old 6.x or 7.x Directory Server installation. T he default path in 6.x and 7.x servers is /opt/redhat-ds/.
Chapter 8. Migrating from Previous Versions the Directory Server is being migrated from one machine to another with a different architecture. For cross-platform migrations, only certain data are migrated. T his migration action takes database information exported to LDIF and imports into the new 8.0 databases. Changelog information is not migrated. If a supplier or hub is migrated, then all its replicas must be reinitialized. --debug -d[dddd] T his parameter turns on debugging information.
Red Hat D irectory Server 8.0 Installation Guide parameters are only taken from the old instance. It is not possible to change the configuration settings, such as the hostname or port, using the migration script. 8.3. Before Migration For the safety of the Directory Server data, do these things before beginning to migrate the Directory Server instances: Shut down all Directory Server instances and the Administration Server. Back up all of your databases.
Chapter 8. Migrating from Previous Versions T he migration script has different options available to facilitate migration; the different usage scenarios are explained in the following sections. Section 8.4.1, “Migrating a Server or Single Instance” Section 8.4.2, “Migrating Replicated Servers” Section 8.4.3, “Migrating a Directory Server from One Machine to Another” Section 8.4.4, “Migrating a Directory Server from One Platform to Another” 8.4.1.
Red Hat D irectory Server 8.0 Installation Guide 1. Stop all old Directory Server instances and the Administration Server. 2. Back up all the Directory Server user and configuration data. 3. On the machine where your legacy Directory Server is installed, install the Directory Server 8.0 packages. IMPORTANT Do not set up the new Directory Server instances with setup-ds-adm in.pl before running the migration script. 4. Run the migration script, as root. # /usr/sbin/migrate-ds-admin.
Chapter 8. Migrating from Previous Versions WARNING If Directory Server databases have been moved from their default location (/opt/redhatds/slapd-instancenam e/db), migration will not copy these databases, but will use the directly. T his means that if you run migration, you may not be able to go back to the old version. Migration will not remove or destroy the data, but may change the format in such a way that you cannot use the older version of the Directory Server.
Red Hat D irectory Server 8.0 Installation Guide 8.4.3.
Chapter 8. Migrating from Previous Versions T he m igrate-ds-adm in command automatically migrates every Directory Server instance configured. As with migrating Directory Server on the same machine, using the instance parameter allows you to set the specific instance to migrate. For example, this command migrated a Directory Server instance named exam ple: # /usr/sbin/migrate-ds-admin.pl --oldsroot server2:/migration/opt/redhat-ds --actualsroot /opt/redhat-ds --instance example General.
Red Hat D irectory Server 8.0 Installation Guide # /usr/sbin/migrate-ds-admin.pl --cross --oldsroot server2:/migration/opt/redhatds --actualsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=password T he m igrate-ds-adm in command automatically migrates every Directory Server instance configured. As with migrating Directory Server on the same machine, using the instance parameter allows you to set the specific instance to migrate.
Glossary access control list See ACL. access rights In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory. T he following rights can be granted or denied: read, write, add, delete, search, compare, selfwrite, proxy and all. account inactivation Disables a user account, group of accounts, or an entire domain so that all authentication attempts are automatically rejected.
Red Hat D irectory Server 8.0 Installation Guide also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list A list of required and optional attributes for a given entry type or object class. authenticating directory server In pass-through authentication (PT A), the authenticating Directory Server is the Directory Server that contains the authentication credentials of the requesting client.
Glossary branch entry An entry that represents the top of a subtree in the directory. browser Software, such as Mozilla Firefox, used to request and view World Wide Web material stored as HT ML files. T he browser uses the HT T P protocol to communicate with the host server. browsing index Speeds up the display of entries in the Directory Server Console. Browsing indexes can be created on any branch point in the directory tree to improve display performance. See Also virtual list view index .
Red Hat D irectory Server 8.0 Installation Guide changelog A changelog is a record that describes the modifications that have occurred on a replica. T he supplier server then replays these modifications on the replicas stored on replica servers or on other masters, in the case of multi-master replication. character type Distinguishes alphabetic characters from numeric or other characters and the mapping of upper-case to lower-case letters.
Glossary called a consumer for that replica. CoS A method for sharing attributes between entries in a way that is invisible to applications. CoS definition entry Identifies the type of CoS you are using. It is stored as an LDAP subentry below the branch it affects. CoS template entry Contains a list of the shared attribute values. See Also template entry. D daemon A background process on a Unix machine that is responsible for a particular system task.
Red Hat D irectory Server 8.0 Installation Guide Directory Manager T he privileged database administrator, comparable to the root user in UNIX. Access control does not apply to the Directory Manager. directory service A database application designed to manage descriptive, attribute-based information about people and resources within an organization. directory tree T he logical representation of the information stored in the directory.
Glossary entry distribution Method of distributing directory entries across more than one server in order to scale to support large numbers of entries. entry ID list Each index that the directory uses is composed of a table of index keys and matching entry ID lists. T he entry ID list is used by the directory to build a list of candidate entries that may match the client application's search request. equality index Allows you to search efficiently for entries containing a specific attribute value.
Red Hat D irectory Server 8.0 Installation Guide hostname A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, www.exam ple.com is the machine www in the subdomain exam ple and com domain. HT ML Hypertext Markup Language. T he formatting language used for documents on the World Wide Web.
Glossary International Standards Organization See ISO. IP address Also Internet Protocol address. A set of numbers, separated by dots, that specifies the actual location of a machine on the Internet (for example, 198.93.93.10). ISO International Standards Organization. K knowledge reference Pointers to directory information stored in different databases. L LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over T CP/IP and across multiple platforms.
Red Hat D irectory Server 8.0 Installation Guide LDIF LDAP Data Interchange Format. Format used to represent Directory Server entries in text form. leaf entry An entry under which there are no other entries. A leaf entry cannot be a branch point in a directory tree. Lightweight Directory Access Protocol See LDAP. locale Identifies the collation order, character type, monetary format and time / date format used to present data for users of a specific region, culture, and/or custom.
Glossary MD5 A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data that is unique with high probability and is mathematically extremely hard to produce; a piece of data that will produce the same message digest. MD5 signature A message digest produced by the MD5 algorithm. MIB Management Information Base. All data, or any portion thereof, associated with the SNMP network.
Red Hat D irectory Server 8.0 Installation Guide Allows the creation of roles that contain other roles. network management application Network Management Station component that graphically displays information about SNMP managed devices, such as which device is up or down and which and how many error messages were received. network management station See NMS. NIS Network Information Service.
Glossary requested. P parent access When granted, indicates that users have access to entries below their own in the directory tree if the bind DN is the parent of the targeted entry. pass-through authentication See PT A. pass-through subtree In pass-through authentication, the PT A directory server will pass through bind requests to the authenticating directory server from all clients whose DN is contained in this subtree.
Red Hat D irectory Server 8.0 Installation Guide protocol data unit See PDU. proxy authentication A special form of authentication where the user requesting access to the directory does not bind with its own DN but with a proxy DN. proxy DN Used with proxied authorization. T he proxy DN is the DN of an entry that has access permissions to the target on which the client-application is attempting to perform an operation.
Glossary A replica that contains a master copy of directory information and can be updated. A server can hold any number of read-write replicas. referential integrity Mechanism that ensures that relationships between related entries are maintained within the directory. referral (1) When a server receives a search or update request from an LDAP client that it cannot process, it usually sends back to the client a pointer to the LDAP sever that can process the request.
Red Hat D irectory Server 8.0 Installation Guide role-based attributes Attributes that appear on an entry because it possesses a particular role within an associated CoS template. root T he most privileged user available on Unix machines. T he root user has complete access privileges to all files on the machine. root suffix T he parent of one or more sub suffixes. A directory tree can contain more than one root suffix.
Glossary Server Selector Interface that allows you select and configure servers using a browser. server service A process on Windows that, once running, listens for and accepts requests from clients. It is the SMB server on Windows NT . service A background process on a Windows machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning. SIE Server Instance Entry.
Red Hat D irectory Server 8.0 Installation Guide SNMP subagent Software that gathers information about the managed device and passes the information to the master agent. Also called a subagent. SSL A software library establishing a secure connection between two parties (client and server) used to implement HT T PS, the secure version of HT T P. Also called Secure Sockets Layer. standard index index maintained by default. sub suffix A branch underneath a root suffix. subagent See SNMP subagent.
Glossary symmetric encryption Encryption that uses the same key for both encrypting and decrypting. DES is an example of a symmetric encryption algorithm. system index Cannot be deleted or modified as it is essential to Directory Server operations. T target In the context of access control, the target identifies the directory information to which a particular ACI applies. target entry T he entries within the scope of a CoS. T CP/IP T ransmission Control Protocol/Internet Protocol.
Red Hat D irectory Server 8.0 Installation Guide A unique number associated with each user on a Unix system. URL Uniform Resource Locater. T he addressing system used by the server and the client to request documents. It is often called a location. T he format of a URL is protocol://machine:port/document. T he port number is necessary only on selected servers, and it is often assigned by the server, freeing the user of having to place it in the URL.
Index Configuration directory, Configuration Directory Custom setup - HP-UX 11i, Custom Setup - Red Hat Enterprise Linux, Custom Setup - Solaris, Custom Setup D Directory Administrator, Directory Administrator Directory Manager, Directory Manager - password, Resetting the Directory Manager Password Directory Server - additional instances, Creating a New Directory Server Instance - additional instances (without Console), (Alternate) Installing Directory Server with setupds - components, Directory Server C
Red Hat D irectory Server 8.
Index HP-UX 11i, Setting up Red Hat Directory Server on HP-UX 11i - custom setup, Custom Setup - express setup, Express Setup - installing Directory Server packages , Installing the Directory Server Packages - installing JRE, Installing the JRE - typical setup, T ypical Setup I Installing - explained, Preparing for a Directory Server Installation - HP-UX 11i - Directory Server packages , Installing the Directory Server Packages - JRE, Installing the JRE - prerequisites, Considerations Before Setting up Di
Red Hat D irectory Server 8.
Index - HP-UX, HP-UX Patches - Red Hat Enterprise Linux, Red Hat Enterprise Linux Patches - Solaris, Solaris Patches Perl - HP-UX, Perl Prerequisites - Red Hat Enterprise Linux, Perl Prerequisites - Solaris, Perl Prerequisites Port number - finding Administration Server, Getting the Administration Server Port Number R Red Hat Enterprise Linux, Setting up Red Hat Directory Server on Red Hat Enterprise Linux - custom setup, Custom Setup - express setup, Express Setup - hardware requirements, Red Hat Enter
Red Hat D irectory Server 8.
Index - required patches, Solaris Patches - system configuration, Solaris System Configuration - DNS and NIS, DNS and NIS Requirements - File descriptors, File Descriptors - Perl, Perl Prerequisites - T CP tuning, T CP T uning - typical setup, T ypical Setup - uninstalling Directory Server, Solaris Starting and stopping - Directory Server and Administration Server, Starting and Stopping Servers - Directory Server Console, Starting the Directory Server Console System configuration - HP-UX, HP-UX System Co
Red Hat D irectory Server 8.
