Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT
11121314151617181920
The Admin Server runs on a web server, so it uses HTTP or HTTPS. However, unlike the Directory
Server which can run on secure (LDAPS) and insecure (LDAP) ports at the same time, the Admin Server
cannot run over both HT T P and HTT PS simultaneously. The setup program, setup-ds-admin.pl,
does not allow you to configure the Admin Server to use T LS/SSL. T o use TLS/SSL (meaning HTTPS)
with the Admin Server, first set up the Admin Server to use HT T P, then reconfigure it to use HT T PS.
NOTE
When determining the port numbers you will use, verify that the specified port numbers are not
already in use by running a command like netstat.
If you are using ports below 1024, such as the default LDAP port (389), you must run the setup program
and start the servers as root. You do not, however, have to set the server user ID to root. When it
starts, the server binds and listens to its port as root, then immediately drops its privileges and runs as
the non-root server user ID. When the system restarts, the server is started as root by the init script.
The setuid(2) man page has detailed technical information.
Section 1.2.5,Directory Server User and Group has more information about the server user ID.
1.2.3. Firewall Considerations
The Directory Server instance may be on a different server or network than clients which need to access
it. For example, the Red Hat Certificate System subsystems require a Directory Server LDAP database to
store their certificate, key, and user information, but these servers do not need to be on the same
machine.
When installing Directory Server, make sure that you consider the location of the instance on the
network and that all firewalls, DMZ s, and other network services allow the client to access the Directory
Server. There are two considerations about using firewalls with Directory Server and directory clients:
Protecting sensitive subsystems from unauthorized access
Allowing appropriate access to other systems and clients outside of the firewall
Make sure that the firewalls allow access to the Directory Server secure (636) and standard (389)
ports, so that any clients which must access the Directory Server instance are able to contact it.
1.2.4. File Descriptors
Editing the number of file descriptors on the Linux system can help Directory Server access files more
efficiently. Editing the maximum number of file descriptors the kernel can allocate can also improve file
access speeds.
1. First, check the current limit for file descriptors:
cat /proc/sys/fs/file-max
2. If the setting is lower than 64000, edit the /etc/sysctl.conf file, and reset the fs.file-max
parameter:
fs.file-max = 64000
3. Then increase the maximum number of open files on the system by editing the
/etc/security/lim its.conf configuration file. Add the following entry:
Chapter 1. Preparing for a D irectory Server Installation
11