Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT
11121314151617181920
* - nofile 8192
4. Edit the /etc/pam .d/system-auth, and add this entry:
session required /lib/security/$ISA/pam_limits.so
5. Reboot the Linux machine to apply the changes.
1.2.5. Directory Server User and Group
The setup process sets a user ID (UID) and group ID (GID) as which the servers will run. The default
UID is a non-privileged (non-root) user, nobody on Red Hat Enterprise Linux. Red Hat strongly
recommends using this default value.
IMPORTANT
The same UID is used for both the Directory Server and the Admin Server by default, which
simplifies administration. If you choose a different UID for each server, those UIDs must both
belong to the group assigned to Directory Server.
For security reasons, Red Hat strongly discourages you from setting the Directory Server or Admin
Server user to root. If an attacker gains access to the server, he might be able to execute arbitrary
system commands as the root user. Using a non-privileged UID adds another layer of security.
Listening to Restricted Ports as Unprivileged Users
Even though port numbers less than 1024 are restricted, the LDAP server can listen to port 389 (and
any port number less than 1024), as long as the server is started by the root user or by init when
the system starts up. T he server first binds and listens to the restricted port as root, then immediately
drops privileges to the non-root server UID. setuid(2) man page has detailed technical information.
Section 1.2.2,Port Numbers has more information on port numbers in Directory Server.
1.2.6. Directory Manager
The Directory Server setup creates a special user called the Directory Manager. T he Directory Manager
is a unique, powerful entry that is used to administer all user and configuration tasks. The Directory
Manager is a special entry that does not have to conform to a Directory Server configured suffix;
additionally, access controls. password policy, and database limits for size, time, and look-through limits
do not apply to the Directory Manager. T here is no directory entry for the Directory Manager user; it is
used only for authentication. You cannot create an actual Directory Server entry that uses the same DN
as the Directory Manager DN.
The Directory Server setup process prompts for a distinguished name (DN) and a password for the
Directory Manager. T he default value for the Directory Manager DN is cn=Directory Manager. T he
Directory Manager password must contain at least 8 characters which must be ASCII letters, digits, or
symbols.
1.2.7. Directory Administrator
The Directory Server setup also creates an administrator user specifically for Directory Server and
Admin Server server management, called the Directory Administrator. The Directory Administrator is the
"super user" that manages all Directory Server and Admin Server instances through the Directory
Server Console. Every Directory Server is configured to grant this user administrative access.
Red Hat Directory Server Red Hat Directory Server 9 Installation Guide
12