Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT
11121314151617181920
Server Console. Every Directory Server is configured to grant this user administrative access.
There are important differences between the Directory Administrator and the Directory Manager:
The administrator cannot create top level entries for a new suffix through an add operation. either
adding an entry in the Directory Server Console or using ldapadd, a tool provided with OpenLDAP.
Only the Directory Manager can add top-level entries by default. To allow other users to add top-level
entries, create entries with the appropriate access control statements in an LDIF file, and perform an
import or database initialization procedure using that LDIF file.
Password policies do apply to the administrator, but you can set a user-specific password policy for
the administrator.
Size, time, and look-through limits apply to the administrator, but you can set different resource limits
for this user.
The Directory Server setup process prompts for a username and a password for the Directory
Administrator. The default Directory Administrator username is admin. For security, the Directory
Administrator's password must not be the same as the Directory Manager's password.
1.2.8. Admin Server User
By default, the Admin Server runs as the same non-root user as the Directory Server. Custom and
silent setups provide the option to run the Admin Server as a different user than the Directory Server.
IMPORTANT
The default Admin Server user is the same as the Directory Server user, which is nobody. If the
Admin Server is given a different UID, then that user must belong to the group to which the
Directory Server user is assigned.
1.2.9. Directory Suffix
The directory suffix is the first entry within the directory tree. At least one directory suffix must be
provided when the Directory Server is set up. The recommended directory suffix name matches your
organization's DNS domain name. For example, if the Directory Server hostname is ldap.example.com,
the directory suffix is dc=example,dc=com. T he setup program constructs a default suffix based on the
DNS domain or from the fully-qualified host and domain name provided during setup. T his suffix naming
convention is not required, but Red Hat strongly recommends it.
1.2.10. Configuration Directory
The configuration directory is the main directory where configuration information such as log files,
configuration files, and port numbers — is stored. These configuration data get stored in the
o=NetscapeRoot tree. A single Directory Server instance can be both the configuration directory and
the user directory.
If you install Directory Server for general directory services and there is more than one Directory Server
in your organization, you must determine which Directory Server instance will host the configuration
directory tree, o=NetscapeRoot. Make this decision before installing any compatible Directory Server
applications. The configuration directory is usually the first one you set up.
Since the main configuration directory generally experiences low traffic, you can permit its server
instances to coexist on any machine with a heavier-loaded Directory Server instance. However, for large
sites that deploy a large number of Directory Server instances, dedicate a low-end machine for the
configuration directory to improve performance. Directory Server instances write to the configuration
Chapter 1. Preparing for a D irectory Server Installation
13