manualshive.com logo in svg

Red Hat DIRECTORY SERVER 8.0, Руководство по установке

Red Hat Directory Server 8.0 является мощным решением для управления идентификацией и доступом пользователей в корпоративной среде. Установочное руководство доступно для бесплатного скачивания на сайте manualshive.com. Пользователи могут найти полезные инструкции и руководства для настройки и использования программы.

Поделиться
Скачать
background image

Directory Manager

3

execute arbitrary system commands as the 

root

 user. Using a non-privileged UID adds another layer

of security.

Listening to Restricted Ports as Unprivileged Users

Even though port numbers less than 

1024

 are restricted, the LDAP server can listen to port 

389

 (and

any port number less than 

1024

), as long as the server is started by the 

root

 user or by 

init

 when

the system starts up. The server first binds and listens to the restricted port as 

root

, then immediately

drops privileges to the non-root server UID. 

setuid(2) man page

2

 has detailed technical information.

Section 1.2.1, “Port Numbers”

 has more information on port numbers in Directory Server.

1.2.3. Directory Manager

The Directory Server setup creates a special user called the 

Directory Manager

. The Directory

Manager is a unique, powerful entry that is used to administer all user and configuration tasks.
The Directory Manager is a special entry that does not have to conform to a Directory Server
configured suffix; additionally, access controls. password policy, and database limits for size, time, and
lookthrough limits do not apply to the Directory Manager. There is no directory entry for the Directory
Manager user; it is used only for authentication. You cannot create an actual Directory Server entry
that uses the same DN as the Directory Manager DN.

The Directory Server setup process prompts for a distinguished name (DN) and a password for the
Directory Manager. The default value for the Directory Manager DN is 

cn=Directory Manager

. The

Directory Manager password must contain at least 8 characters which must be ASCII letters, digits, or
symbols.

1.2.4. Directory Administrator

The Directory Server setup also creates an administrator user specifically for Directory Server
and Administration Server server management, called the 

Directory Administrator

. The Directory

Administrator is the "super user" that manages all Directory Server and Administration Server
instances through the Directory Server Console. Every Directory Server is configured to grant this user
administrative access.

There are important differences between the Directory 

Administrator

 and the Directory 

Manager

:

• The administrator cannot create top level entries for a new suffix through an add operation. either

adding an entry in the Directory Server Console or using 

ldapadd

, a tool provided with OpenLDAP.

Only the Directory Manager can add top-level entries by default. To allow other users to add top-
level entries, create entries with the appropriate access control statements in an LDIF file, and
perform an import or database initialization procedure using that LDIF file.

• Password policies 

do

 apply to the administrator, but you can set a user-specific password policy for

the administrator.

• Size, time, and lookthrough limits apply to the administrator, but you can set different resource limits

for this user.

The Directory Server setup process prompts for a username and a password for the Directory
Administrator. The default Directory Administrator username is 

admin

. For security, the Directory

Administrator's password must not be the same as the Directory Manager's password.

2

 http://grove.ufl.edu/cgi-bin/webman?man2+setuid.2.gz

Содержание DIRECTORY SERVER 8.0

Страница 1: ...Red Hat Directory Server 8 0 Installation Guide Ella Deon Lackey Publication date January 11 2010 Update ...

Страница 2: ...ees not to assert Section 4d of CC BY SA to the fullest extent permitted by applicable law Red Hat Red Hat Enterprise Linux the Shadowman logo JBoss MetaMatrix Fedora the Infinity Logo and RHCE are trademarks of Red Hat Inc registered in the United States and other countries Linux is the registered trademark of Linus Torvalds in the United States and other countries All other trademarks are the pr...

Страница 3: ...nterprise Linux 4 and 5 15 2 2 3 HP UX 11i 17 2 2 4 Sun Solaris 9 20 3 Setting up Red Hat Directory Server on Red Hat Enterprise Linux 25 3 1 Installing the JRE 26 3 2 Installing the Directory Server Packages 26 3 3 Express Setup 28 3 4 Typical Setup 30 3 5 Custom Setup 33 4 Setting up Red Hat Directory Server on HP UX 11i 39 4 1 Installing the JRE 39 4 2 Installing the Directory Server Packages 4...

Страница 4: ...4 2 Uninstalling Directory Server 80 7 General Usage Information 83 7 1 Directory Server File Locations 83 7 2 LDAP Tool Locations 84 7 3 Starting the Directory Server Console 85 7 4 Getting the Administration Server Port Number 85 7 5 Starting and Stopping Servers 86 7 5 1 Starting and Stopping Directory Server 86 7 5 2 Starting and Stopping Administration Server 86 7 6 Resetting the Directory Ma...

Страница 5: ... based on your system environment Read through this manual before beginning to configure the Directory Server to plan ahead what values to use TIP If you are installing Directory Server for evaluation use the express or typical setup mode These processes are very fast and can help get your directory service up and running quickly IMPORTANT Red Hat Directory Server 8 0 introduces filesystem paths f...

Страница 6: ... of the phrase being highlighted Formatting Style Purpose Monospace font Monospace is used for commands package names files and directory paths and any text displayed in a prompt Monospace with a background This type of formatting is used for anything entered or returned in a command prompt Italicized text Any text which is italicized is a variable such as instance_name or hostname Occasionally th...

Страница 7: ...ing your Directory Server as well as procedures for migrating from a previous installation of Directory Server For the latest information about Directory Server including current release notes complete product documentation technical notes and deployment information see the Red Hat Directory Server documentation site at http www redhat com docs manuals dir server 3 Giving Feedback If there is any ...

Страница 8: ...ase draft Revision 8 0 0 4 Thurs Jan 10 2008 Ella Deon Lackey dlackey redhat com Added note that Directory Server is supported as a virtual guest on Red Hat Enterprise Linux 5 Minor bug fixes and text edits from post beta review Revision 8 0 0 3 Wed Oct 31 2007 Ella Deon Lackey dlackey redhat com Updated all content per engineering review Added sections on Administration Server ports and LDAP tool...

Страница 9: ...monitoring servers and viewing statistics The Administration Server is the management agent which administers Directory Servers It communicates with the Directory Server Console and performs operations on the Directory Server instances It also provides a simple HTML interface and on line help pages There must be one Administration Server running on each machine which has a Directory Server instanc...

Страница 10: ...o use HTTPS NOTE When determining the port numbers you will use verify that the specified port numbers are not already in use by running a command like netstat If you are using ports below 1024 such as the default LDAP port 389 you must run the setup program and start the servers as root You do not however have to set the server user ID to root When it starts the server binds and listens to its po...

Страница 11: ...n Directory Manager The Directory Manager password must contain at least 8 characters which must be ASCII letters digits or symbols 1 2 4 Directory Administrator The Directory Server setup also creates an administrator user specifically for Directory Server and Administration Server server management called the Directory Administrator The Directory Administrator is the super user that manages all ...

Страница 12: ...ectory and the user directory If you install Directory Server for general directory services and there is more than one Directory Server in your organization you must determine which Directory Server instance will host the configuration directory tree o NetscapeRoot Make this decision before installing any compatible Directory Server applications The configuration directory is usually the first on...

Страница 13: ...p yes Pressing Enter accepts the default answer and proceeds to the next dialog screen Yes No prompts accept y for Yes and n for No To go back to a previous dialog screen type Control B and press Enter You can backtrack all the way to the first screen Two prompts ask for a password After entering it the first time confirm the password by typing it in again The password prompts do not echo the char...

Страница 14: ... be unique For example setup ds admin pl s f common inf General FullMachineName ldap37 example com slapd ServerIdentifier ldap37 This command uses the common parameters specified in the common inf file but overrides FullMachineName and ServerIdentifier with the command line arguments NOTE The section names and parameter names used in the inf files and on the command line are case sensitive Refer t...

Страница 15: ...sample inf debug d dddd This parameter turns on debugging information For the d flag increasing the number of d s increases the debug level keepcache k This saves the temporary installation file inf that is created when the setup script is run This file can then be reused for a silent setup WARNING The cache file contains the cleartext passwords supplied during setup Use appropriate caution and pr...

Страница 16: ... choice of selecting the Directory Server server port number or the directory suffix among other settings Red Hat recommends that you not use it for production deployments Also express setups can fail if default configuration values are not available because there is no way to offer an alternative Typical The default and most common setup mode This prompts you to supply more detailed information a...

Страница 17: ...3 custom N A Set the computer name ldap example com General FullMachineName ldap example com Set the user as which the Directory Server will run nobody Sun and Red Hat Enterprise Linux or daemon HP UX General SuiteSpotUserID nobody Set the group as which the Directory Server will run nobody Sun and Red Hat Enterprise Linux or daemon HP UX General SuiteSpotGroup nobody Register the new Directory Se...

Страница 18: ...1 example com General AdminDomain example com Give the path to the CA certificate if using LDAPS 1 tmp cacert asc General CACertificate tmp cacert asc Set the Configuration Directory Server Administrator username admin 2 General ConfigDirectoryAdminID admin Set the Configuration Directory Server Administrator password password 2 General ConfigDirectoryAdminPwd password Set the Directory Server por...

Страница 19: ...not import any data Equivalent to suggest slapd AddOrgEntries Yes InstallLdifFile suggest Equivalent to setting the path slapd AddOrgEntries Yes InstallLdifFile export data ldif Set the Administration Server port 9830 admin Port 9830 Set the Administration Server IP address blank all interfaces admin ServerIpAddress 111 11 11 11 Set user as which the Administration Server runs nobody on Red Hat En...

Страница 20: ...ption is only available if you choose not to register the Directory Server instance with a Configuration Directory Server In that case the Directory Server being set up is created and configured as a Configuration Directory Server Table 1 2 Comparison of Setup Types ...

Страница 21: ...ab environments can require 2 GB to support the complete deployment including product binaries databases and log files Very large directories may require 4 GB and above Red Hat suggests 256 MB of RAM for average environments and 1 GB of RAM for large test lab environments for increased performance Table 2 1 Hardware Requirements contains guidelines for Directory Server disk space and memory requir...

Страница 22: ...with the setup procedure every time a Directory Server instance is configured Red Hat recommends running dsktune before beginning to set up the Directory Server instances so that you can properly configure your kernel settings and install any missing patches On Red Hat Enterprise Linux and Solaris the dsktune utility is in the usr bin directory on HP UX it is in opt dirsrv bin To run it simply use...

Страница 23: ...the system limit on 32 bit systems typically 3 GB RAM or 4 GB RAM with hugemem kernel for large environments Hard Disk 200 MB of disk space minimum for a typical deployment 2 GB minimum for larger environments 4 GB minimum for very large environments more than a million entries Other To run the Directory Server using port numbers less than 1024 such as the default port 389 you must setup and start...

Страница 24: ...on 2 2 2 2 1 Perl Prerequisites Section 2 2 2 2 2 File Descriptors Section 2 2 2 2 3 DNS Requirements 2 2 2 2 1 Perl Prerequisites For Red Hat Enterprise Linux systems use the Perl version that is installed with the operating system in usr bin perl for both 32 bit and 64 bit versions of Red Hat Directory Server 2 2 2 2 2 File Descriptors Editing the number of file descriptors on the Linux system c...

Страница 25: ... HP UX 11i Directory Server runs on HP UX version 11i only earlier HP UX versions are not supported Directory Server runs on a 64 bit HP UX 11i environment as a 64 bit process Table 2 4 HP UX 11i lists the hardware requirements Section 2 2 3 1 HP UX Patches lists the required patches and the recommended system configurations are in Section 2 2 3 2 HP UX System Configuration Criteria Requirements O...

Страница 26: ...11 0406 5 Gold Applications Patches for HP UX 11i v1 June 2004 GOLDBASE11i B 11 11 0406 5 Gold Base Patches for HP UX 11i v1 June 2004 GOLDQPK11i HP UX 11i Quality Pack patch from June 2004 or later Table 2 5 HP UX 11i Patches 2 2 3 2 HP UX System Configuration Before setting up Directory Server tune your HP UX system so Directory Server can access the respective kernel parameters To tune HP UX sy...

Страница 27: ...Create the large filesystem fsadm F vxfs o largefiles dev vg01 rexport 3 Remount the filesystem usr sbin mount F vxfs o largefiles dev vg01 export 2 2 3 2 5 DNS Requirements It is very important that DNS and reverse DNS be working correctly on the host machine especially if you are using TLS SSL or Kerberos with Directory Server Configure the DNS resolver and the NIS domain name by the modifying t...

Страница 28: ...a typical deployment 2 GB minimum for larger environments 4 GB minimum for very large environments more than a million entries You must use the largefile command to configure database files larger than 2 GB Other To run the Directory Server using port numbers less than 1024 such as the default port 389 you must setup and start the Directory Server as root but it is not necessary to run the Directo...

Страница 29: ... ssd patch 113579 06 SunOS 5 9 ypserv ypxfrd patch 112908 14 SunOS 5 9 krb5 shared object patch 113073 14 SunOS 5 9 ufs and fsck patch Table 2 8 Sun Solaris Patches 2 2 4 2 Solaris System Configuration After installing any required patches or modules tune the Solaris system to work with Directory Server There are three areas that may need modified for optimum Directory Server performance the TCP s...

Страница 30: ...v tcp tcp_conn_req_max_q 1024 The tcp_keepalive_interval setting determines the duration in seconds between the keepalive packets sent for each open TCP connection Edit this setting to remove client connections that disconnect from the network Check the tcp_rexmit_interval_initial parameter value for server maintenance testing on a high speed LAN MAN or other network connection For wide area netwo...

Страница 31: ...escriptor table The governing parameter rlim_fd_max is in the etc system file By default if this parameter is not present the allowed maximum value is 1024 You can increase this to 4096 by adding the line set rlim_fd_max 4096 to the etc system file Reboot the Solaris machine to apply these changes To determine the soft limit for file descriptors run the command ulimit n You can also use the dsktun...

Страница 32: ...24 ...

Страница 33: ...ing up Directory Server express typical and custom These setup types provide different levels of control over the configuration settings such as port numbers directory suffixes and users and groups for the Directory Server processes Express has the least amount of input meaning it uses more default or randomly generated settings while custom allows the most control over the configuration by having...

Страница 34: ...4 use the up2date command up2date java 1 5 0 ibm On Red Hat Enterprise Linux 5 use the yum command yum install java 1 5 0 ibm Using yum or up2date is the preferred and recommended way to install Java However it is also possible to download the JRE from the Java site 1 Download the Java libraries from http www java com 2 Log in as root and install the JRE For example rpm Uvh java 1 5 0 ibm 1 5 0 5 ...

Страница 35: ...rep iv e devel e debuginfo xargs rpm ivh 2 After the Directory Server packages are installed run the setup ds admin pl script to set up and configure the default Directory Server instance and the Administration Server usr sbin setup ds admin pl 3 Accept the licensing agreement 4 On the next screen review the dsktune output If there are any issues that you should address exit the setup ds admin pl ...

Страница 36: ...alling the Directory Server Packages then launch the setup ds admin pl script usr sbin setup ds admin pl NOTE Run the setup ds admin pl script as root 2 Select y to accept the Red Hat licensing terms 3 The dsktune utility runs Select y to continue with the setup dsktune checks the available disk space processor type physical memory and other system data and settings such as TCP IP ports and file d...

Страница 37: ...ver instance will connect to the Configuration Directory Server over LDAPS This should be the full path and filename the CA certificate in PEM ASCII format This information is supplied in place of creating an admin user for the new Directory Server in steps 6 and 7 6 Set the administrator username The default is admin 7 Set the administrator password and confirm it 8 Set the Directory Manager user...

Страница 38: ...file grep Listen etc dirsrv admin serv console conf Listen 0 0 0 0 9830 2 Using the Administration Server port number launch the Console usr bin redhat idm console a http localhost 9830 NOTE If you do not pass the Administration Server port number with the redhat idm console command then you are prompted for it at the Console login screen 3 4 Typical Setup The typical setup process is the most com...

Страница 39: ...e name the admin domain and the base suffix among others If you are using SSL TLS or Kerberos the computer name must be the exact name that clients use to connect to the system If you will use DNS make sure the name resolves to a valid IP address and that IP address resolves back to this name 6 Set the user and group as which the Directory Server process will run The default is nobody nobody For e...

Страница 40: ...e full path and filename the CA certificate in PEM ASCII format This information is supplied in place of creating an admin user and domain for the new Directory Server steps 8 9 and 10 8 Set the administrator username The default is admin 9 Set the administrator password and confirm it 10 Set the administration domain This defaults to the host s domain For example Administration Domain example com...

Страница 41: ...g Log file is tmp setupulSykp log When the setup ds admin pl script is done then the Directory Server is configured and running To log into the Directory Server Console to begin setting up your directory service do the following 1 Get the Administration Server port number from the Listen parameter in the console conf configuration file grep Listen etc dirsrv admin serv console conf Listen 0 0 0 0 ...

Страница 42: ...sktune returns a warning dsktune warnings do not block the setup process simply entree y to go to the next step 4 Next choose the setup type Accept the default option 3 to perform a custom setup 5 Set the computer name of the machine on which the Directory Server is being configured This defaults to the fully qualified domain name FQDN for the host For example Computer name ldap example com NOTE T...

Страница 43: ...iguration Directory Server The Configuration Directory Server URL such as ldap ldap example com 389 o NetscapeRoot To use TLS SSL set the protocol as ldaps instead of ldap For LDAPS use the secure port 636 instead of the standard port 389 and provide a CA certificate The Configuration Directory Server administrator s user ID by default this is admin The administrator user s password The Configurat...

Страница 44: ...he Directory Server with data this means whether to import an LDIF file with existing data into the Directory Server database If the answer is yes then supply a path to the LDIF file or select the suggested file If the LDIF file requires custom schema perform a silent setup instead and use the SchemaFile directive in the inf to specify additional schema files See Section 6 3 5 1 inf File Directive...

Страница 45: ...er The admin server was successfully started Admin server was successfully reconfigured and started Exiting Log file is tmp setupul88C1 log When the setup ds admin pl script is done then the Directory Server is configured and running To log into the Directory Server Console to begin setting up your directory service do the following 1 Get the Administration Server port number from the Listen param...

Страница 46: ...38 ...

Страница 47: ...esses Express has the least amount of input meaning it uses more default or randomly generated settings while custom allows the most control over the configuration by having the user supply a lot of configuration information These setup types are described more in Table 1 2 Comparison of Setup Types For most deployments the typical installation type is all that is required NOTE There is a fourth s...

Страница 48: ...erver opt dirsrv sbin setup ds admin pl Accept the initial screens for licensing and dsktune output then select the setup type and proceed with configuring the new Directory Server instance Section 4 3 Express Setup Section 4 4 Typical Setup Section 4 5 Custom Setup NOTE Directory Server version 8 0 conforms to the Filesystem Hierarchy Standards This means that the directories and files are in dif...

Страница 49: ...er requirements dsktune returns a warning dsktune warnings do not block the setup process simply enter y to go to the next step 4 Next choose the setup type Enter 1 to perform an express setup 5 The next step allows you to register your Directory Server with an existing Directory Server instance called the Configuration Directory Server This registers the new instance so it can be managed by the C...

Страница 50: ...10 The last screen asks if you are ready to set up your servers Select yes Are you ready to set up your servers yes Creating directory server Your new DS instance example was successfully created Creating the configuration directory server Beginning Admin Server reconfiguration Creating Admin Server files and directories Updating adm conf Updating admpw Registering admin server with the configurat...

Страница 51: ...ot The typical setup has the following steps WARNING If Directory Server is already installed on your machine it is extremely important that you perform a migration not a fresh installation Migration is described in Chapter 8 Migrating from Previous Versions 1 After the Directory Server packages are installed as described in Section 4 2 Installing the Directory Server Packages then launch the setu...

Страница 52: ...the Directory Server process will run The default is daemon daemon For example System User daemon System Group daemon 7 The next step allows you to register your Directory Server with an existing Directory Server instance called the Configuration Directory Server This registers the new instance so it can be managed by the Console If this is the first Directory Server instance set up on your networ...

Страница 53: ...d confirm it 10 Set the administration domain This defaults to the host s domain For example Administration Domain example com 11 Enter the Directory Server port number The default is 389 but if that port is in use the setup program supplies a randomly generated one Directory server network port 30860 1025 12 Enter the Directory Server identifier this defaults to the hostname Directory server iden...

Страница 54: ...ectory Server Console to begin setting up your directory service do the following 1 Get the Administration Server port number from the Listen parameter in the console conf configuration file grep Listen etc dirsrv admin serv console conf Listen 0 0 0 0 9830 2 Using the Administration Server port number launch the Console opt dirsrv bin redhat idm console a http localhost 9830 NOTE If you do not pa...

Страница 55: ...tom setup 5 Set the computer name of the machine on which the Directory Server is being configured This defaults to the fully qualified domain name FQDN for the host For example Computer name ldap example com NOTE The setup program gets the host information from the etc resolv conf file If there are aliases in the etc hosts file such as ldap example com that do not match the etc resolv conf settin...

Страница 56: ...the standard port 389 and provide a CA certificate The Configuration Directory Server administrator s user ID by default this is admin The administrator user s password The Configuration Directory Server Admin domain such as example com The CA certificate to authenticate to the Configuration Directory Server This is only required if the Directory Server instance will connect to the Configuration D...

Страница 57: ...n the inf to specify additional schema files See Section 6 3 5 1 inf File Directives for information on inf directives The default option is none which does not import any data 18 Enter the Administration Server port number The default is 9830 but if that port is in use the setup program supplies a randomly generated one Administration port 9830 19 Set an IP address for the new Administration Serv...

Страница 58: ...en the setup ds admin pl script is done then the Directory Server is configured and running To log into the Directory Server Console to begin setting up your directory service do the following 1 Get the Administration Server port number from the Listen parameter in the console conf configuration file grep Listen etc dirsrv admin serv console conf Listen 0 0 0 0 9830 2 Using the Administration Serv...

Страница 59: ...ing the user supply a lot of configuration information These setup types are described more in Table 1 2 Comparison of Setup Types For most deployments the typical installation type is all that is required NOTE There is a fourth setup option called a silent installation This uses a file with predefined settings to create a new Directory Server without any user interaction This is extremely useful ...

Страница 60: ...ity and extract the contents using the tar utility 4 The contents of the 32 bit file jdk 1_5_0_09 solaris sparc tar Z are COPYRIGHT LICENSE README html SUNWj5cfg SUNWj5dev SUNWj5dmo SUNWj5jmp SUNWj5man and SUNWj5rt The contents of the 64 bit file jdk 1_5_0_09 solaris sparcv9 tar Z are SUNWj5dmx SUNWj5dvx and SUNWj5rtx 5 Since only the JRE is needed on Solaris 9 systems use the pkgadd utility to ad...

Страница 61: ...en the pkgadd program completes move all pkg files from the current directory to a backup directory 5 Delete the temporary directory rm rf tmp rhds80 6 After the Directory Server packages are installed run the setup program to set up and configure the default Directory Server instance and the Administration Server usr sbin setup ds admin pl 7 Accept the initial screens for licensing and dsktune ou...

Страница 62: ...ed packages Make sure that the pkgadd program replaces any existing versions with the packages included with Directory Server 5 After the Directory Server packages are installed run the setup program to set up and configure the default Directory Server instance and the Administration Server usr sbin setup ds admin pl 6 Accept the initial screens for licensing and dsktune output then select the set...

Страница 63: ...o continue with the setup dsktune checks the available disk space processor type physical memory and other system data and settings such as TCP IP ports and file descriptor settings If your system does not meet these basic Red Hat Directory Server requirements dsktune returns a warning dsktune warnings do not block the setup process simply enter y to go to the next step 4 Next choose the setup typ...

Страница 64: ... admin user for the new Directory Server in steps 6 and 7 6 Set the administrator username The default is admin 7 Set the administrator password and confirm it 8 Set the Directory Manager username The default is cn Directory Manager 9 Set the Directory Manager password and confirm it 10 The last screen asks if you are ready to set up your servers Select yes Are you ready to set up your servers yes...

Страница 65: ...stration Server port number with the redhat idm console command then you are prompted for it at the Console login screen 5 4 Typical Setup The typical setup process is the most commonly used setup process It offers control over the ports for the Directory and Administration Servers the domain name and directory suffix WARNING If Directory Server is already installed on your machine it is extremely...

Страница 66: ... TLS or Kerberos the computer name must be the exact name that clients use to connect to the system If you will use DNS make sure the name resolves to a valid IP address and that IP address resolves back to this name 6 Set the user and group as which the Directory Server process will run The default is nobody nobody For example System User nobody System Group nobody 7 The next step allows you to r...

Страница 67: ...new Directory Server steps 8 9 and 10 8 Set the administrator username The default is admin 9 Set the administrator password and confirm it 10 Set the administration domain This defaults to the host s domain For example Administration Domain example com 11 Enter the Directory Server port number The default is 389 but if that port is in use the setup program supplies a randomly generated one Direct...

Страница 68: ...ds admin pl script is done then the Directory Server is configured and running To log into the Directory Server Console to begin setting up your directory service do the following 1 Get the Administration Server port number from the Listen parameter in the console conf configuration file grep Listen etc dirsrv admin serv console conf Listen 0 0 0 0 9830 2 Using the Administration Server port numbe...

Страница 69: ...ne warnings do not block the setup process simply entree y to go to the next step 4 Next choose the setup type Accept the default option 3 to perform a custom setup 5 Set the computer name of the machine on which the Directory Server is being configured This defaults to the fully qualified domain name FQDN for the host For example Computer name ldap example com NOTE The setup program gets the host...

Страница 70: ...formation about the Configuration Directory Server The Configuration Directory Server URL such as ldap ldap example com 389 o NetscapeRoot To use TLS SSL set the protocol as ldaps instead of ldap For LDAPS use the secure port 636 instead of the standard port 389 and provide a CA certificate The Configuration Directory Server administrator s user ID by default this is admin The administrator user s...

Страница 71: ...this means whether to import an LDIF file with existing data into the Directory Server database If the answer is yes then supply a path to the LDIF file or select the suggested file If the LDIF file requires custom schema perform a silent setup instead and use the SchemaFile directive in the inf to specify additional schema files See Section 6 3 5 1 inf File Directives for information on inf direc...

Страница 72: ...ne Restarting admin server The admin server was successfully started Admin server was successfully reconfigured and started Exiting Log file is tmp setupul88C1 log When the setup ds admin pl script is done then the Directory Server is configured and running To log into the Directory Server Console to begin setting up your directory service do the following 1 Get the Administration Server port numb...

Страница 73: ...stration Server configuration directly via LDAP See http directory fedoraproject org wiki Howto AdminServerLDAPMgmt for information on editing the Administration Server configuration 6 1 1 Configuring IP Authorization on the Administration Server The Directory Server Console can be launched from remote machines to access an instance of Directory Server The client running Directory Server Console n...

Страница 74: ...ty hole 6 2 Working with Directory Server Instances 6 2 1 Creating a New Directory Server Instance Additional instances of the Directory Server can be created from the command line using the setup ds admin pl command This offers the setup choices express typical and custom that are described in Chapter 3 Setting up Red Hat Directory Server on Red Hat Enterprise Linux Chapter 4 Setting up Red Hat D...

Страница 75: ...is used by the Console and the Administration Servers This database can belong to a separate Directory Server instance called the Configuration Directory Server There is an option when an instance is first set up to register it with a Configuration Directory Server It is possible to register an existing Directory Server instance with a Configuration Directory Server using the register ds admin scr...

Страница 76: ...toryAdminID admin ConfigDirectoryAdminPwd admin ConfigDirectoryLdapURL ldap dir example com 389 o NetscapeRoot slapd SlapdConfigForMC Yes UseExistingMC 0 ServerPort 389 ServerIdentifier dir Suffix dc example dc com RootDN cn Directory Manager RootDNPwd password123 AddSampleEntries No admin Port 9830 ServerIpAddress 111 11 11 11 ServerAdminID admin ServerAdminPwd admin NOTE There are three sections...

Страница 77: ...ing a single instance of Directory Server the Directory Server packages must already be installed and the Administration Server must already be configured and running 1 Make the setup inf file It must specify the following directives General FullMachineName dir example com SuiteSpotUserID nobody SuiteSpotGroup nobody slapd ServerPort 389 ServerIdentifier dir Suffix dc example dc com RootDN cn Dire...

Страница 78: ...etup ds admin pl General FullMachineName ldap example com slapd Suffix dc example dc com slapd ServerPort 389 NOTE Passing arguments in the command line or specifying an inf sets the defaults used in the interactive prompt unless they are used with the s silent option Argument values containing spaces or other shell special characters must quoted to prevent the shell from interpreting them In the ...

Страница 79: ...actively file name f name This sets the path and name of the file which contains the configuration settings for the new Directory Server instance This can be used with the silent parameter if used alone it sets the default values for the setup prompts usr sbin setup ds admin pl f export sample inf debug d dddd This parameter turns on debugging information For the d flag increasing the number of d ...

Страница 80: ...ry Since the ConfigFile parameter can be used multiple times it is a good idea to have multiple LDIF files so that the individual entries are easy to manage The ConfigFile parameter is set in the slapd section of the inf For example to configure a new Directory Server instance as a supplier in replication ConfigFile can be used to create the replication manager replica and replication agreement en...

Страница 81: ...on parameters with the setup ds admin pl command is described in Section 1 3 About the setup ds admin pl Script The inf file has three sections General which supplies information about the server machine these are global directives that are common to all your Directory Servers slapd which supplies information about the specific Directory Server instance this information like the port and server ID...

Страница 82: ...nux and Solaris and daemon on HP UX This should be changed for most deployments No nobody SuiteSpotGroup Specifies the group as which the servers will run The default is group nobodyon Linux and Solaris and daemon on HP UX This should be changed for most deployments No nobody ConfigDirectoryLdapURL Specifies the LDAP URL that is used to connect to your configuration directory LDAP URLs are describ...

Страница 83: ...cting server port numbers see Section 1 2 1 Port Numbers No 389 ServerIdentifier Specifies the server identifier This value is used as part of the name of the directory in which the Directory Server instance is installed For example if the machine s hostname is phonebook then this name is the default and selecting it installs the Directory Server instance in a directory labeled slapd phonebook No ...

Страница 84: ...uration The default is no No AddSampleEntries yes InstallLdifFile Populates the new directory with the contents of the specified LDIF file Using suggest fills in common container entries like ou People Entering a path to an LDIF file imports all of the entries in that file No InstallLdifFile tmp entries myldif ldif SchemaFile Lists the full path and file name of additional schema files this is use...

Страница 85: ...guration Directory Server If this is not used then the default is 0 meaning the configuration data are stored in the new instance No UseExistingMC 1 Table 6 3 slapd Directives Directive Description Required Example SysUser Specifies the user as which the Administration Server will run The default is user nobody on Linux and Solaris and daemon on HP UX This should be changed for most deployments Fo...

Страница 86: ... listen Use this directive if you are installing on a multi homed system and you do not want to use the first IP address for the Administration Server No Table 6 4 admin Directives 6 3 5 2 Sample inf Files General FullMachineName ldap example com SuiteSpotUserID nobody SuiteSpotGroup nobody AdminDomain example com ConfigDirectoryAdminID admin ConfigDirectoryAdminPwd Admin123 ConfigDirectoryLdapURL...

Страница 87: ...fFile suggest AddOrgEntries Yes DisableSchemaChecking No RootDNPwd admin123 admin Port 33646 ServerIpAddress 111 11 11 11 ServerAdminID admin ServerAdminPwd admin Example 6 2 inf File for Registering the Instance with a Configuration Directory Server Typical Setup 6 4 Uninstalling Directory Server 6 4 1 Removing a Single Directory Server Instance It is possible to remove a single instance of Direc...

Страница 88: ... Mozilla LDAP nodeps rpm ev redhat ds base nodeps rpm ev redhat ds admin redhat ds console redhat admin console nodeps rpm ev idm console framework redhat idm console nodeps On Red Hat Enterprise Linux 5 32 bit the packages to remove are as follows rpm ev svrcore mozldap mozldap tools perl Mozilla LDAP nodeps rpm ev redhat ds base nodeps rpm ev redhat ds admin redhat ds console redhat admin consol...

Страница 89: ... Directory Server instances usr sbin ds_removal s example1 w itsasecret usr sbin ds_removal s example2 w itsasecret usr sbin ds_removal s example3 w itsasecret 2 Stop the Administration Server etc init d dirsrv admin stop 3 Then use the system tools to remove the packages For example bin bash for i in pkginfo grep i rhat grep vi rhatperlx awk print 2 do pkgrm n i done echo looking for any leftover...

Страница 90: ...82 ...

Страница 91: ...s ldap example com the instance name is ldap by default The Administration Server directories are named the same as the Directory Server directories only instead of the instance as a directory name the Administration Server directories are named admin serv For any directory or folder named slapd instance substitute admin serv such as etc dirsrv slapd example and etc dirsrv admin serv File or Direc...

Страница 92: ... d init d dirsrv admin and etc default dirsrv admin Tools usr bin usr sbin Table 7 3 Sun Solaris 9 sparc File or Directory Location Log files var opt log dirsrv slapd instance Configuration files etc opt dirsrv slapd instance Instance directory opt dirsrv slapd instance Database files var opt dirsrv slapd instance Runtime files var opt dirsrv instance Binaries opt dirsrv bin opt dirsrv sbin Librar...

Страница 93: ... send the Administration Server URL and port with the start script For example usr bin redhat idm console a http localhost 9830 The a option is a convenience particularly if you are logging into a Directory Server for the first time On subsequent logins the URL is saved If you do not pass the Administration Server port number with the redhat idm console command then you are prompted for it at the ...

Страница 94: ...in both the start stop restart slapd and system scripts If an instance name is not given the start or stop operation applies to all instances on the machine 7 5 2 Starting and Stopping Administration Server There are two ways to start stop or restart the Administration Server There are scripts in the usr sbin directory usr sbin start stop restart ds admin The Administration Server service can also...

Страница 95: ...se ldif file For example cd etc dirsrv slapd instance vi dse ldif 4 Locate the nsslapd rootpw parameter nsslapd rootpw SSHA x03lZLMyOPaGH5VB8fcys1IV TVNbBIOwZEYoQ Delete the old password and enter in the new hashed password For example nsslapd rootpw SSHA nbR ZeVTwZLw6aJH6oE4obbDbL0OaeleUoT21w 5 Save the change 6 Start the Directory Server For example service dirsv start 7 When the Directory Serve...

Страница 96: ...utes This may cause temporary server congestion from lost client connections WARNING There are only 1024 file descriptors hard limit available which limit the number of simultaneous connections WARNING There are only 1024 file descriptors soft limit available which limit the number of simultaneous connections Example 7 1 dsktune Output 7 7 2 Common Installation Problems There are several common pr...

Страница 97: ...gration Shut down the existing server and then restart the upgrade process If this occurs during a setup process it may mean another server is already using this port Verify that the port you selected is not in use by another server 7 7 2 3 Problem Forgotten Directory Manager DN and password Solution By default the Directory Manager DN is cn Directory Manager If you forget the Directory Manager DN...

Страница 98: ...90 ...

Страница 99: ...on scenarios and migration script options are described in this chapter 8 1 Migration Overview Migrating from a 6 x or 7 x version of Directory Server to Directory Server 8 0 is a simple process Migration moves all of the user data and configuration settings such as replication and synchronization agreements from the older instance to the new one The general process is as follows 1 Stop all of the...

Страница 100: ...2 About migrate ds admin pl The migration script migrate ds admin pl has flexible options that allow a variety of different migration scenarios including migrating between different different platforms This options are listed in Table 8 1 migrate ds admin Options There is one required option with the migration script oldsroot which gives the directory path to the old Directory Server There is also...

Страница 101: ... be used multiple time to migrate several instances simultaneously By default the migration script migrates all Directory Server instances on the machine file name f name This sets the path and name of the inf file provided with the migration script The only parameter is the General ConfigDirectoryAdminPwd parameter which is the configuration directory administrator s password Any other configurat...

Страница 102: ...nly required argument is the Configuration Directory Server administrator password ConfigDirectoryAdminPwd usr sbin migrate ds admin pl oldsroot opt redhat ds General ConfigDirectoryAdminPwd password To avoid having this password in the clear on the command line you can use a inf file with the migration script that gives the administrator s password usr sbin migrate ds admin pl oldsroot opt redhat...

Страница 103: ...ou have a multi master replication setup which replicates o NetscapeRoot replicated between the two master servers server1 and server2 By default writes made through server2 s Directory Server Console are written to server1 then replicated over Modify the Directory Server Console on the second server server2 so that it writes its own Console instance instead of server1 s 1 Shut down the Administra...

Страница 104: ...ery Directory Server instance configured To migrate specific instances use the instance with the migrate ds admin tool For example to migrate the Directory Server instance named example and example3 but not example2 the migration command would be as follows usr sbin migrate ds admin pl oldsroot opt redhat ds instance example instance example3 General ConfigDirectoryAdminPwd password NOTE On Red Ha...

Страница 105: ...n script 4 Run the migration script as root usr sbin migrate ds admin pl oldsroot opt redhat ds General ConfigDirectoryAdminPwd password opt redhat ds is the directory where the old Directory Server is installed The migration process starts The legacy Directory Server is migrated and a new Directory Server 8 0 instance is installed using the configuration information from the legacy Directory Serv...

Страница 106: ...db but will instead assume that the databases should be in their non standard location and configure the new server to use the databases in the old location This issue does not occur in cross platform migrations or migrating using LDIF files instead of the binary databases because these already work with an LDIF copy of the database To migrate a replicated site do the following 1 Stop all old Dire...

Страница 107: ...a cross platform migration described in Section 8 4 4 Migrating a Directory Server from One Platform to Another The procedure in this section assumes that the Directory Server is being migrated from one machine to another of the same architecture such as i386 to i386 WARNING Migration cannot change the hostname used by the Directory Server and Administration Server The old machine must have the sa...

Страница 108: ...r 4 Make the old Directory Server accessible to the new machine either through an NFS mounted drive or tarball 5 Run the migration script as root Specify the current physical location of the Directory Server with the oldsroot parameter and the location on the old machine with the actualsroot parameter IMPORTANT Do not set up the new Directory Server instances with setup ds admin pl before running ...

Страница 109: ...ion opt redhat ds actualsroot opt redhat ds instance example General ConfigDirectoryAdminPwd password 1 Stop all Directory Server instances and the Administration Server 2 Back up all the Directory Server user and configuration data 3 Export all of the database information to LDIF The LDIF file must be named the name of the database with ldif appended For example cd opt redhat ds slapd instance db...

Страница 110: ...alsroot opt redhat ds General ConfigDirectoryAdminPwd password The migration process starts The legacy Directory Server is migrated and a new Directory Server 8 0 instance is installed using the configuration information from the legacy Directory Server ...

Страница 111: ...st reaches this limit the server replaces that ID list with an All IDs token See Also ID list scan limit All IDs token A mechanism which causes the server to assume that all directory entries match the index key In effect the All IDs token causes the server to behave as if no index was available for the search request anonymous access When granted allows anyone to access directory information with...

Страница 112: ...base DN bind DN Distinguished name used to authenticate to Directory Server when performing an operation bind distinguished name See bind DN bind rule In the context of access control the bind rule specifies the credentials and conditions that a particular user or client must satisfy in order to get access to directory information branch entry An entry that represents the top of a subtree in the d...

Страница 113: ...ication character type Distinguishes alphabetic characters from numeric or other characters and the mapping of upper case to lower case letters ciphertext Encrypted information that cannot be read by anyone without the proper key to decrypt the information class definition Specifies the information needed to create an instance of a particular object and determines how the object works in relation ...

Страница 114: ... per database instance Default indexes can be modified although care should be taken before removing them as certain plug ins may depend on them definition entry See CoS definition entry Directory Access Protocol See DAP directory tree The logical representation of the information stored in the directory It mirrors the tree model used by most filesystems with the tree s root point appearing at the...

Страница 115: ...earch request equality index Allows you to search efficiently for entries containing a specific attribute value F file extension The section of a filename after the period or dot that typically defines the type of file for example GIF and HTML In the filename index html the file extension is html file type The format of a given file For example graphics files are often saved in GIF format while a ...

Страница 116: ...hub In the context of replication a server that holds a replica that is copied from a different server and in turn replicates it to a third server See Also cascading replication I ID list scan limit A size limit which is globally applied to any indexed search operation When the size of an individual ID list reaches this limit the server replaces that ID list with an all IDs token index key Each in...

Страница 117: ...at used to represent Directory Server entries in text form leaf entry An entry under which there are no other entries A leaf entry cannot be a branch point in a directory tree Lightweight Directory Access Protocol See LDAP locale Identifies the collation order character type monetary format and time date format used to present data for users of a specific region culture and or custom This includes...

Страница 118: ...a to be named and referenced Also called the directory tree monetary format Specifies the monetary symbol used by specific region whether the symbol goes before or after its value and how monetary units are represented multi master replication An advanced replication scenario in which two servers each hold a copy of the same read write replica Each server maintains a changelog for the replica Modi...

Страница 119: ...identifier operational attribute Contains information used internally by the directory to keep track of modifications and subtree properties Operational attributes are not returned in response to a search unless explicitly requested P parent access When granted indicates that users have access to entries below their own in the directory tree if the bind DN is the parent of the targeted entry pass ...

Страница 120: ...er In pass through authentication PTA the PTA Directory Server is the server that sends passes through bind requests it receives to the authenticating directory server PTA LDAP URL In pass through authentication the URL that defines the authenticating directory server pass through subtree s and optional parameters R RAM Random access memory The physical semiconductor based memory in a computer Inf...

Страница 121: ...replica servers to which the data is pushed the times during which replication can occur the DN and credentials used by the supplier to bind to the consumer and how the connection is secured RFC Request for Comments Procedures or standards documents submitted to the Internet community People can send comments on the technologies before they become accepted standards role An entry grouping mechanis...

Страница 122: ...ible for a particular system task Service processes do not need human intervention to continue functioning SIE Server Instance Entry The ID assigned to an instance of Directory Server during installation Simple Authentication and Security Layer See SASL Simple Network Management Protocol See SNMP single master replication The most basic replication scenario in which multiple servers up to four eac...

Страница 123: ...d to replica servers supplier server In the context of replication a server that holds a replica that is copied to a different server is called a supplier for that replica supplier initiated replication Replication configuration where supplier servers replicate directory data to any replica servers symmetric encryption Encryption that uses the same key for both encrypting and decrypting DES is an ...

Страница 124: ... a URL is protocol machine port document The port number is necessary only on selected servers and it is often assigned by the server freeing the user of having to place it in the URL V virtual list view index Speeds up the display of entries in the Directory Server Console Virtual list view indexes can be created on any branch point in the directory tree to improve display performance See Also br...

Страница 125: ...le instance 96 migrating replicated site 97 migrating to a different machine 99 migrating to another platform 100 port 1 re registering Directory Server with Configuration Directory Server 67 Red Hat Enterprise Linux custom 33 express 28 typical 30 registering Directory Server with Configuration Directory Server 67 removing a single instance 79 Solaris custom 60 express 54 typical 57 starting and ...

Страница 126: ...UX 11i 39 Red Hat Enterprise Linux 26 Solaris 51 M Migrating 91 overview 91 prerequisites 95 back up databases 95 configure the Directory Server Console for multi master replication only 95 scenarios all or single instance 96 different machines 99 different platforms 100 replicated site 97 O Operating system requirements 13 dsktune 14 HP UX 17 patches 18 system configuration 18 Red Hat Enterprise ...

Страница 127: ...tup 68 Directory Server only 69 setup ds pl 67 Silent setup 68 Directory Server only 69 Solaris 51 custom setup 60 express setup 54 hardware requirements 20 installing Directory Server packages from ISO 54 installing Directory Server packages individually 52 installing JRE 51 required patches 20 system configuration 21 DNS and NIS 22 File descriptors 23 Perl 21 TCP tuning 22 typical setup 57 unins...

Страница 128: ...120 ...

Отзывы:

Нет отзывов

Похожие инструкции для DIRECTORY SERVER 8.0

Acer ALTOS R910 Series Installation & Configuration Manual preview
ALTOS R910 Series
Бренд: Acer Страницы: 74
NEC Express 5800 Series User Manual preview
Express 5800 Series
Бренд: NEC Страницы: 90
ICP DAS USA PDS-220F Series User Manual preview
PDS-220F Series
Бренд: ICP DAS USA Страницы: 94
IBM Power 750 Express Hardware Announcement preview
Power 750 Express
Бренд: IBM Страницы: 86
IBM eServer 200 xSeries User Reference Manual preview
eServer 200 xSeries
Бренд: IBM Страницы: 128
IBM eServer 232 xSeries User Reference Manual preview
eServer 232 xSeries
Бренд: IBM Страницы: 174
IBM HS12 - BladeCenter - 8028 Service Manual preview
HS12 - BladeCenter - 8028
Бренд: IBM Страницы: 204
Supero SUPERSERVER 6027R-TRF User Manual preview
SUPERSERVER 6027R-TRF
Бренд: Supero Страницы: 102
IBM Netfinity 1000 Installation Instructions Manual preview
Netfinity 1000
Бренд: IBM Страницы: 44
IBM 8480 - Eserver xSeries 205 Maintenance And Troubleshooting Manual preview
8480 - Eserver xSeries 205
Бренд: IBM Страницы: 174
Supermicro SUPERO SuperServer 1018L-MP User Manual preview
SUPERO SuperServer 1018L-MP
Бренд: Supermicro Страницы: 104
Avaya S3210 Manual preview
S3210
Бренд: Avaya Страницы: 84
Bull NovaScale T840 E2 User Manual preview
NovaScale T840 E2
Бренд: Bull Страницы: 210
Dell PowerVault Manual preview
PowerVault
Бренд: Dell Страницы: 396
Dell PowerVault 600 Getting Started preview
PowerVault 600
Бренд: Dell Страницы: 180
Dell EqualLogic PS6010 Hardware Maintenance preview
EqualLogic PS6010
Бренд: Dell Страницы: 57
Dell PowerVault 700N Administrator'S Manual preview
PowerVault 700N
Бренд: Dell Страницы: 29
Dell PowerEdge M830 Owner'S Manual preview
PowerEdge M830
Бренд: Dell Страницы: 133

Бренды по названию

Популярные бренды

Загрузить еще бренды