Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
11121314151617181920
NOTE
While the legal range of port numbers is 1 to 65535, the Internet Assigned Numbers Authority
(IANA) has already assigned ports 1 to 1024 to common processes. Never assign a Directory
Server port number below 1024 (except for 389/636 for the LDAP server) because this may
conflict with other services.
For LDAPS (LDAP with TLS/SSL), the default port number is 636. T he server can listen to both the LDAP
and LDAPS port at the same time. However, the setup program will not allow you to configure T LS/SSL.
To use LDAPS, assign the LDAP port number in the setup process, then reconfigure the Directory
Server to use LDAPS port and the other TLS/SSL parameters afterward. For information on how to
configure LDAPS, see the Directory Server Administrator's Guide.
The Administration Server runs on a web server, so it uses HT T P or HT T PS. However, unlike the
Directory Server which can run on secure (LDAPS) and insecure (LDAP) ports at the same time, the
Administration Server cannot run over both HTTP and HTTPS simultaneously. T he setup program,
setup-ds-admin.pl, does not allow you to configure the Administration Server to use TLS/SSL. T o
use T LS/SSL (meaning HT T PS) with the Administration Server, first set up the Administration Server to
use HT T P, then reconfigure it to use HTTPS.
NOTE
When determining the port numbers you will use, verify that the specified port numbers are not
already in use by running a command like netstat.
If you are using ports below 1024, such as the default LDAP port (389), you must run the setup program
and start the servers as root. You do not, however, have to set the server user ID to root. When it
starts, the server binds and listens to its port as root, then immediately drops its privileges and runs as
the non-root server user ID. When the system restarts, the server is started as root by the initscript.
The setuid(2) man page has detailed technical information.
Section 1.2.2, ā€œDirectory Server User and Groupā€ has more information about the server user ID.
1.2.2. Directory Server User and Group
The setup process sets a user ID (UID) and group ID (GID) as which the servers will run. T he default
UID is a non-privileged (non-root) user, nobody on Red Hat Enterprise Linux and Solaris and daemon on
HP-UX. Red Hat strongly recommends using this default value.
IMPORTANT
By default, the same UID is used for both the Directory Server and the Administration Server,
which simplifies administration. If you choose a different UID for each server, those UIDs must
both belong to the group assigned to Directory Server.
For security reasons, Red Hat strongly discourages you from setting the Directory Server or
Administration Server user to root. If an attacker gains access to the server, he might be able to
execute arbitrary system commands as the root user. Using a non-privileged UID adds another layer of
security.
Red Hat Directory Server 8.0 Installation Guide
10