Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
11121314151617181920
IMPORTANT
The default Administration Server user is the same as the Directory Server user, which is
nobody. If the Administration Server is given a different UID, then that user must belong to the
group to which the Directory Server user is assigned.
1.2.6. Directory Suffix
The directory suffix is the first entry within the directory tree. At least one directory suffix must be
provided when the Directory Server is set up. T he recommended directory suffix name matches your
organization's DNS domain name. For example, if the Directory Server hostname is ldap.example.com,
the directory suffix is dc=example,dc=com. The setup program constructs a default suffix based on the
DNS domain or from the fully-qualified host and domain name provided during setup. T his suffix naming
convention is not required, but Red Hat strongly recommends it.
1.2.7. Configuration Directory
The configuration directory is the main directory where configuration information — such as log files,
configuration files, and port numbersis stored. T hese configuration data get stored in the
o=NetscapeRoot tree. A single Directory Server instance can be both the configuration directory and
the user directory.
If you install Directory Server for general directory services and there is more than one Directory Server
in your organization, you must determine which Directory Server instance will host the configuration
directory tree, o=NetscapeRoot. Make this decision before installing any compatible Directory Server
applications. The configuration directory is usually the first one you set up.
Since the main configuration directory generally experiences low traffic, you can permit its server
instances to coexist on any machine with a heavier-loaded Directory Server instance. However, for large
sites that deploy a large number of Directory Server instances, dedicate a low-end machine for the
configuration directory to improve performance. Directory Server instances write to the configuration
directory, and for larger sites, this write activity can create performance issues for other directory service
activities. The configuration directory can be replicated to increase availability and reliability.
If the configuration directory tree gets corrupted, you may have to re-register or re-configure all Directory
Server instances. T o prevent that, always back up the configuration directory after setting up a new
instance; never change a hostname or port number while active in the configuration directory; and do not
modify the configuration directory tree; only the setup program can directly modify a configuration.
1.2.8. Administration Domain
The administration domain allows servers to be grouped together logically when splitting administrative
tasks. That level of organization is beneficial, for example, when different divisions within an organization
want individual control of their servers while system administrators require centralized control of all
servers.
When setting up the administration domain, consider the following:
Each administration domain must have an administration domain owner with complete access to all
the domain servers but no access to the servers in other administration domains. The administration
domain owner may grant individual users administrative access on a server-by-server basis within
the domain.
All servers must share the same configuration directory. The Configuration Directory Administrator
has complete access to all installed Directory Servers, regardless of the domain.
Red Hat Directory Server 8.0 Installation Guide
12