Red Hat DIRECTORY SERVER 7.1 - GATEWAY CUSTOMIZATION Guida di Installazione

Red Hat Directory Server 7.1Red Hat Directory ServerInstallation Guide

4 Chapter 1. Preparing for a Directory Server InstallationDirectory Manager DN and password.The Directory Manager DN is the special directory entry to

Chapter 1. Preparing for a Directory Server Installation 5must decide which one will host the configuration directory tree, o=NetscapeRoot. You must ma

6 Chapter 1. Preparing for a Directory Server Installationwant control of their individual servers. However, you may still want some centralized contr

Chapter 1. Preparing for a Directory Server Installation 7Custom InstallationIn Directory Server, the custom installation process is very similar to t

8 Chapter 1. Preparing for a Directory Server Installation1.3.3.2. For tarballs...If you have obtained Directory Server tarball from the website, you

Chapter 2.Computer System RequirementsBefore you can install Red Hat Directory Server (Directory Server), you must make sure that thesystems on which

10 Chapter 2. Computer System RequirementsOther Requirements You must install as root in order to use well-known port numbers (suchas 389) that are le

Chapter 2. Computer System Requirements 11Other Requirements You must install as root in order to use well-known port numbers (suchas 389) that are le

12 Chapter 2. Computer System RequirementsNumber of Entries Disk Space and Memory Required250,000 - 1,000,000entriesFree disk space: 4 GB Free memory:

Chapter 2. Computer System Requirements 13• Section 2.3.2.1 Verifying Disk Space Requirements• Section 2.3.2.2 Verifying Required System Modules• Sect

Red Hat Directory Server 7.1: Red Hat Directory Server Installation GuideCopyright © 2005 Red Hat, Inc.Red Hat, Inc.1801 Varsity DriveRaleigh NC 27606

14 Chapter 2. Computer System RequirementsTipRed Hat Enterprise Linux is distributed with two RPM packages for glibc, one for 386 processors andhigher

Chapter 2. Computer System Requirements 15• Lastly, edit the file /etc/pam.d/system-auth to include this line if it does not already exist:session requ

16 Chapter 2. Computer System Requirements• For HP-UX 11i, install the latest HP-UX 11i Quality Pack (GOLDQPK11i) patch from June 2004or later. For de

Chapter 2. Computer System Requirements 172.3.3.5. Installing Third-Party UtilitiesYou need the gunzip utility to unpack the Directory Server software

18 Chapter 2. Computer System Requirements2.3.4.3. Installing PatchesYou must use Solaris 9 with the Sun recommended patches. The Sun recommended patc

Chapter 2. Computer System Requirements 19112785-43: X11 6.6.1: Xsun Patch112970-07: SunOS 5.9: patch libresolv112951-09: SunOS 5.9: patchadd and patc

20 Chapter 2. Computer System Requirementsndd -set /dev/tcp tcp_time_wait_interval 30000The tcp_conn_req_max_q0 and tcp_conn_req_max_q parameters cont

Chapter 2. Computer System Requirements 21Make sure the JRE package is executable, then run the file. For example:chmod a+x j2re-1_4_2_04-solaris-sparc

22 Chapter 2. Computer System Requirements

Chapter 3.Using Express and Typical InstallationThis chapter describes how to perform basic installation activities. This chapter contains the followi

Table of ContentsAbout This Guide...

24 Chapter 3. Using Express and Typical Installationcontain any space characters. If the directory that you specify does not exist, the setup programc

Chapter 3. Using Express and Typical Installation 258. When you are asked what you would like to install, press [Enter] to select the default, Red Hat

26 Chapter 3. Using Express and Typical InstallationCautionThe Directory Server identifier must not contain a period. For example, example.server.com i

Chapter 3. Using Express and Typical Installation 273.3. Installing on Red Hat Enterprise Linux using an ExpressInstallation1. Log in as root.2. If yo

28 Chapter 3. Using Express and Typical Installation3.4. Installing on Red Hat Enterprise Linux Using a TypicalInstallationTo install Directory Server

Chapter 3. Using Express and Typical Installation 29CautionThe Directory Server identifier must not contain a period. For example, example.server.com i

30 Chapter 3. Using Express and Typical Installation

Chapter 4.Silent Installation and Instance CreationSilent installation allows you to use a file to predefine all the answers that you would normally sup

32 Chapter 4. Silent Installation and Instance Creation4.1.1. Silent Installation on Red Hat Enterprise LinuxIt is possible to use silent instance cre

Chapter 4. Silent Installation and Instance Creation 33• SuiteSpotUserID and SuiteSpotGroup - The SuiteSpotUserID and SuiteSpotGroupdirectives determi

6. Migrating from Previous Versions... 456.1. Migration Ov

34 Chapter 4. Silent Installation and Instance CreationRootDN= cn=Directory ManagerUseReplication= NoAddSampleEntries= NoInstallLdifFile= suggestAddOr

Chapter 4. Silent Installation and Instance Creation 35Components= slapd,slapd-client[admin]SysUser= rootPort= 33646ServerIpAddress= 111.11.11.11Serve

36 Chapter 4. Silent Installation and Instance Creation• Section 4.1.3.6 [nsperl] Installation Directives• Section 4.1.3.7 [perldap] Installation Dire

Chapter 4. Silent Installation and Instance Creation 37Directive DescriptionComponents Specifies components to be installed. The list of available comp

38 Chapter 4. Silent Installation and Instance CreationRequired [slapd] Installation DirectivesYou must provide these directives when you use silent i

Chapter 4. Silent Installation and Instance Creation 39Optional Directive DescriptionInstallLdifFile Causes the contents of the LDIF file to be used to

40 Chapter 4. Silent Installation and Instance Creation4.1.3.5. [Base] Installation DirectiveThere is only one [Base] installation directive, and it a

Chapter 4. Silent Installation and Instance Creation 414.2. Using Silent Instance CreationIf you have Directory Server installed in a server root, you

42 Chapter 4. Silent Installation and Instance CreationDisableSchemaChecking= No

Chapter 5.Post InstallationThis chapter describes the post-installation procedures for launching the online help and populatingthe directory tree.This

About This GuideWelcome to Red Hat Directory Server (Directory Server). This manual provides a high-level overviewof design and planning decisions you

44 Chapter 5. Post Installation5.2. Populating the Directory TreeDuring installation, a simple directory database was created for you. In addition, a

Chapter 6.Migrating from Previous VersionsIf you have a previous installation of Directory Server, depending on its version, you can migrate toRed Hat

46 Chapter 6. Migrating from Previous Versions6.2. Migration PrerequisitesThis section lists the prerequisites that your system must meet before you c

Chapter 6. Migrating from Previous Versions 47• Section 6.3.1 Migrating a Standalone Server• Section 6.3.2 Migrating a 6.x Replicated Site• Section 6.

48 Chapter 6. Migrating from Previous Versionsthe legacy server as well as in the new server instances. To demonstrate the various options, for eachba

Chapter 6. Migrating from Previous Versions 49Parse the old DSE ldif file: /export/server621/slapd-marmot/config/dse.ldif*****This may take a while ..

50 Chapter 6. Migrating from Previous Versions*** LDBM_BACKEND_INSTANCE - cn=backend2,cn=ldbm database,\cn=plugins,cn=configalready exists*** Migratio

Chapter 6. Migrating from Previous Versions 51[/export/server71/shared/config/certmap.conf_backup] ?***** Close the LDAP connection to the new Directo

52 Chapter 6. Migrating from Previous Versions"/export/server621/slapd-marmot/config/ldif/backend1.ldif" (1230entries)[14/Apr/2005:17:57:27

Chapter 6. Migrating from Previous Versions 53"/export/server621/slapd-marmot/config/ldif/backend2.ldif" (0entries)[14/Apr/2005:17:57:31 -06

ii About This Guide• Red Hat Directory Server Gateway Customization Guide. Introduces Directory Server Gatewayand explains how to implement a gateway

54 Chapter 6. Migrating from Previous Versions6.3.2. Migrating a 6.x Replicated SiteIf you are upgrading from Directory Server 6.x to Directory Server

Chapter 6. Migrating from Previous Versions 557. Migrate the hubs (if any); refer to Section 6.3.3.2 Hub Migration.8. Verify that writes and changes a

56 Chapter 6. Migrating from Previous Versions6.3.4. Managing Console FailoverIf you have a multi-master installation with o=NetscapeRoot replicated b

Chapter 6. Migrating from Previous Versions 576.4.1. Before You BeginBefore you begin the upgrade process, back up your entire 7.0 Directory Server. F

58 Chapter 6. Migrating from Previous Versions

Chapter 7.TroubleshootingThis chapter describes the most common installation problems and how to solve them. It also providessome tips on checking pat

60 Chapter 7. TroubleshootingTRANSPORT_NAME[10]=tcpNDD_NAME[10]=tcp_keepalive_intervalNDD_VALUE[10]=600000NOTICE : The NDD tcp_rexmit_interval_initial

Chapter 7. Troubleshooting 61TRANSPORT_NAME[10]=tcpNDD_NAME[10]=tcp_smallest_anon_portNDD_VALUE[10]=8192WARNING: tcp_deferred_ack_interval is currentl

62 Chapter 7. Troubleshootinguser id admin (151:Unknown error.)Fatal Slapd Did not add Directory Server information toConfiguration Server.ERROR.Failu

Chapter 7. Troubleshooting 63then your Directory Manager DN password is now my_password.3. Restart your Directory Server.4. Once your server has resta

Chapter 1.Preparing for a Directory Server InstallationBefore you begin installing Red Hat Directory Server (Directory Server), you should have an und

64 Chapter 7. Troubleshooting

GlossaryAaccess control instructionSee ACI.ACIAccess Control Instruction. An instruction that grants or denies permissions to entries in thedirectory.

66 Glossaryanonymous accessWhen granted, allows anyone to access directory information without providing credentials, andregardless of the conditions

Glossary 67base distinguished nameSee base DN.bind DNDistinguished name used to authenticate to Directory Server when performing an operation.bind dis

68 GlossarycertificateA collection of data that associates the public keys of a network user with their DN in the direc-tory. The certificate is stored

Glossary 69class of serviceSee CoS.classic CoSA classic CoS identifies the template entry by both its DN and the value of one of the targetentry’s attr

70 GlossaryCoS template entryContains a list of the shared attribute values. Also template entry.DdaemonA background process on a UNIX machine that is

Glossary 71Directory ManagerThe privileged database administrator, comparable to the root user in UNIX. Access control doesnot apply to the Directory

72 GlossaryDSGWSee Directory Server Gateway.EentryA group of lines in the LDIF file that contains information about an object.entry distributionMethod

Glossary 73filtered roleAllows you to assign entries to the role depending upon the attribute contained by each entry.You do this by specifying an LDAP

2 Chapter 1. Preparing for a Directory Server Installationare prompted for some or all of following information, depending on the type of installation

74 GlossaryHTTP-NGThe next generation of Hypertext Transfer Protocol.HTTPSA secure version of HTTP, implemented using the Secure Sockets Layer, SSL.hu

Glossary 75LLDAPLightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IPand across multiple platforms.LDAPv3Versi

76 GlossarylocaleIdentifies the collation order, character type, monetary format and time / date format used topresent data for users of a specific regi

Glossary 77MD5A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short di-gest of data that is unique with high pro

78 Glossaryname collisionsMultiple entries with the same distinguished name.nested roleAllows the creation of roles that contain other roles.network m

Glossary 79object identifierAlso OID. A string, usually of decimal numbers, that uniquely identifies a schema element, suchas an object class or an attr

80 GlossarypermissionIn the context of access control, permission states whether access to the directory information isgranted or denied and the level

Glossary 81PTA LDAP URLIn pass-through authentication, the URL that defines the authenticating directory server, pass-through subtree(s), and optional

82 Glossaryread-write replicaA replica that contains a master copy of directory information and can be updated. A server canhold any number of read-wr

Glossary 83SSASLAlso Simple Authentication and Security Layer. An authentication framework for clients as theyattempt to bind to a directory.schemaDefi

Chapter 1. Preparing for a Directory Server Installation 3• The directory must not already exist or must be empty.• When using tarballs, the server ro

84 GlossaryserviceA background process on a Windows machine that is responsible for a particular system task.Service processes do not need human inter

Glossary 85SSLAlso Secure Sockets Layer. A software library establishing a secure connection between twoparties (client and server) used to implement

86 Glossarysymmetric encryptionEncryption that uses the same key for both encrypting and decrypting. DES is an example of asymmetric encryption algori

Glossary 87Transport Layer SecuritySee TLS.UuidA unique number associated with each user on a UNIX system.URLUniform Resource Locator. The addressing

88 Glossary

IndexSymbols32-bit OS requirements, 932-bit process, 964-bit OS requirements, 1064-bit process, 10Aadministration domain, defined, 5administration port

90Nnew server rootcreating, 2nobody user account, 3ns-slapd processwrite an rc script for, 8Ooperating systems, supported, 9Pport numberschoosing uniq