Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
11121314151617181920
Listening to Restricted Ports as Unprivileged Users
Even though port numbers less than 1024 are restricted, the LDAP server can listen to port 389 (and
any port number less than 1024), as long as the server is started by the root user or by init when
the system starts up. T he server first binds and listens to the restricted port as root, then immediately
drops privileges to the non-root server UID. setuid(2) man page has detailed technical information.
Section 1.2.1,Port Numbers has more information on port numbers in Directory Server.
1.2.3. Directory Manager
The Directory Server setup creates a special user called the Directory Manager. The Directory Manager
is a unique, powerful entry that is used to administer all user and configuration tasks. The Directory
Manager is a special entry that does not have to conform to a Directory Server configured suffix;
additionally, access controls. password policy, and database limits for size, time, and lookthrough limits
do not apply to the Directory Manager. There is no directory entry for the Directory Manager user; it is
used only for authentication. You cannot create an actual Directory Server entry that uses the same DN
as the Directory Manager DN.
The Directory Server setup process prompts for a distinguished name (DN) and a password for the
Directory Manager. The default value for the Directory Manager DN is cn=Directory Manager. The
Directory Manager password must contain at least 8 characters which must be ASCII letters, digits, or
symbols.
1.2.4. Directory Administrator
The Directory Server setup also creates an administrator user specifically for Directory Server and
Administration Server server management, called the Directory Administrator. T he Directory
Administrator is the "super user" that manages all Directory Server and Administration Server instances
through the Directory Server Console. Every Directory Server is configured to grant this user
administrative access.
There are important differences between the Directory Administrator and the Directory Manager:
The administrator cannot create top level entries for a new suffix through an add operation. either
adding an entry in the Directory Server Console or using ldapadd, a tool provided with OpenLDAP.
Only the Directory Manager can add top-level entries by default. T o allow other users to add top-level
entries, create entries with the appropriate access control statements in an LDIF file, and perform an
import or database initialization procedure using that LDIF file.
Password policies do apply to the administrator, but you can set a user-specific password policy for
the administrator.
Size, time, and lookthrough limits apply to the administrator, but you can set different resource limits
for this user.
The Directory Server setup process prompts for a username and a password for the Directory
Administrator. T he default Directory Administrator username is admin. For security, the Directory
Administrator's password must not be the same as the Directory Manager's password.
1.2.5. Administration Server User
By default, the Administration Server runs as the same non-root user as the Directory Server. Custom
and silent setups provide the option to run the Administration Server as a different user than the
Directory Server.
Chapter 1. Preparing for a D irectory Server Installation
11