LandmannRed Hat Directory Server 8.2Installation GuideInstalling Red Hat Directory Server 8.2Edition 8.2.2
NOTEA note provides additional information that can help illustrate the behavior of the system orprovide more detail for a specific issue.IMPORTANTImp
GSS- APIGeneric Security Services. T he generic access protocol that is the native way for UNIX-basedsystems to access and authenticate Kerberos servi
indirect CoSAn indirect CoS identifies the template entry using the value of one of the target entry'sattributes.int ernational indexSpeeds up se
LDAPv3Version 3 of the LDAP protocol, upon which Directory Server bases its schema format.LDBM databaseA high-performance, disk-based database consist
master agentSee SNMP master agent.matching ruleProvides guidelines for how the server compares strings during a search operation. In aninternational s
The problem of managing multiple instances of the same information in different directories,resulting in increased hardware and personnel costs.name c
OIDSee object identifier.operational attribut eContains information used internally by the directory to keep track of modifications and subtreepropert
presence indexAllows searches for entries that contain a specific indexed attribute.prot ocolA set of rules that describes how devices on a network ex
string to form the full distinguished name. Also relative distinguished name.read- only replicaA replica that refers all update operations to read-wri
RFCRequest for Comments. Procedures or standards documents submitted to the Internetcommunity. People can send comments on the technologies before the
Server ConsoleJava-based application that allows you to perform administrative management of your DirectoryServer from a GUI.server daemonThe server d
Red Hat Directory Server Schema Reference provides reference information about the DirectoryServer schema.Red Hat Directory Server Plug-in Programmer&
SNMPUsed to monitor and manage application processes running on the servers by exchanging dataabout network activity. Also Simple Network Management P
supplier serverIn the context of replication, a server that holds a replica that is copied to a different server iscalled a supplier for that replica.
Transport Layer SecuritySee TLS.UuidA unique number associated with each user on a Unix system.URLUniform Resource Locater. The addressing system used
Administration domain, Administration DomainCClients cannot locat e the server, Problem: Clients cannot locate the serverCommand- line arguments, Sen
- starting, Starting the Directory Server ConsoleDirect ory suffix, Directory Suffixdskt une, Using dsktuneEExpress setup- Red Hat Enterprise Linux, E
- setup-ds-admin.pl, Overview of Setup- silent, Overview of SetupMMigrat ing, Migrat ing from Previous Versions- overview, Migration and Upgrade Overv
Perl- Red Hat Enterprise Linux, Perl PrerequisitesPort number- finding Admin Server, Getting the Admin Server Port NumberRRed Hat Ent erprise Linux, S
- modes compared, Overview of Setup- Red Hat Enterprise Linux- custom, Custom Setup- express, Express Setup- typical, T ypical Setup- silent setup, Si
Typical setup- Red Hat Enterprise Linux, T ypical SetupUUninstalling Directory Server- Red Hat Enterprise Linux, Uninstalling Directory Serverupgrade-
Chapter 1. Preparing for a Directory Server InstallationBefore you install Red Hat Directory Server 8.2, there are required settings and information t
lab.eng.exam ple.com , so the domain name used by the setup script is lab.eng.exam ple.com .Any information in the /etc/resolv.conf file must match th
NOTEWhen determining the port numbers you will use, verify that the specified port numbers are notalready in use by running a command like netstat.If
Section 1.2.2, “Port Numbers” has more information on port numbers in Directory Server.1.2.5. Directory ManagerThe Directory Server setup creates a sp
The directory suffix is the first entry within the directory tree. At least one directory suffix must beprovided when the Directory Server is set up.
configuration settings for the Directory Server and Admin Server instances. For example:setup-ds-admin.plThe setup-ds-adm in.pl script can also accept
NOTEThe section names and parameter names used in the .inf files and on the command line arecase sensitive. Refer to T able 1.1, “setup-ds-admin Optio
Table 1.1. set up- ds-admin Opt ionsOption Alternate Options Description Example--silent -s This sets that thesetup script will run insilent mode, dra
Red Hat Directory Server 8.2 Installation GuideInstalling Red Hat Directory Server 8.2Edition [email protected] m
inf.WARNINGThe cache filecontains thecleartextpasswordssupplied duringsetup. Useappropriatecaution andprotection withthis file.--logfile name -l This
information about the directory service, like suffix and configuration directory information, while stillproceeding quickly through the setup process.
Table 1.2. Comparison of Setup TypesSetupScreenParameterInputExpress Typical Custom Silent SetupFileParameterContinue withsetupYes or no N/AAccept lic
Give theConfigurationDirectoryServer user ID[a]admin[General]ConfigDirectoryAdminID=adminGive theConfigurationDirectoryServer userpassword [a]password
DirectoryManager IDManager[slapd]RootDN=cn=DirectoryManagerSet theDirectoryManagerpasswordpassword[slapd]RootDNPwd=passwordInstall sampleentriesYes or
runsnobodyAre you readyto configureyour servers?Yes or no N/A[a] This o p tio n is o nly availab le if yo u c ho o se to reg ister the Direc to ry Se
Chapter 2. System RequirementsBefore configuring the default Red Hat Directory Server 8.2 instances, it is important to verify that thehost server has
2.1.2. Directory Server Supported PlatformsDirectory Server 8.2 is supported on the following platforms:Red Hat Enterprise Linux 4 x86 (32-bit)Red Hat
Along with meeting the required operating system patches and platforms, system settings, like thenumber of file descriptors and T CP information, shou
NOTERed Hat Directory Server is also supported running on a virtual guest on a Red Hat EnterpriseLinux virtual server.Both Red Hat Enterprise Linux ve
Legal NoticeCopyright © 2010 Red Hat, Inc..This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 UnportedLicense
2.3.2. Red Hat Enterprise Linux System ConfigurationAfter verifying the system's kernel and glibc configuration and installing any required modul
Chapter 3. Setting up Red Hat Directory Server on Red HatEnterprise LinuxInstalling and configuring Red Hat Directory Server on Red Hat Enterprise Lin
3.1. Installing OpenJDKNecessary Java libraries are not bundled with Directory Server. T hey must be downloaded andextracted separately before install
channel on Red Hat Network, http://rhn.redhat.com.It is also possible to install the Directory Server packages from media:a. Download the packages fr
NOTEThe Directory Server requires the fully-qualified domain name to set up the servers, as describedin Section 1.2.1, “Resolving the Fully-qualified
NOTETo register the Directory Server instance with an existing Configuration Directory Server,select yes. This continues with the registration process
1. Get the Admin Server port number from the Listen parameter in the console.confconfiguration file.grep \^Listen /etc/dirsrv/adm in-serv/console.con
defaults to the fully-qualified domain name (FQDN) for the host. For example:Computer name [ldap.example.com]:NOTEThe Directory Server requires the fu
NOTETo register the Directory Server instance with an existing Configuration Directory Server,select yes. This continues with the registration process
Are you ready to set up your servers? [yes]:Creating directory server . . .Your new DS instance 'example2' was successfully created.Creating
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
WARNINGIf Directory Server is already installed on your machine, it is extremely important that you performa migration, not a fresh installation. Migr
instance, called the Configuration Directory Server. T his registers the new instance so it can bemanaged by the Console. If this is the first Directo
the Directory Server database. T his option is helpful for evaluation or testing Directory Serverfeatures.This is not required.17. Select whether to
/usr/bin/redhat-idm -console -a http://localhost:9830NOTEIf you do not pass the Admin Server port number with the redhat-idm-console command,then you
Chapter 4. Advanced Setup and ConfigurationAfter the default Directory Server and Admin Server have been configured, there are tools available tomanag
If there are proxies for the HT T P connections on the client machine running the Directory ServerConsole, the configuration must be changed in one of
NOTENew Directory Server instances can be created through the Directory Server Console; this isdescribed in the Directory Server Administrator's
4.3.2. Registering an Existing Directory Server Instance with the ConfigurationDirectory ServerThe Configuration Directory Server uses the o=NetscapeR
1. Install the Directory Server packages.2. Make the setup .inf file. It must specify the following directives:[General] FullMachineName= dir.exampl
NOTEWhen creating a single instance of Directory Server, the Directory Server packages must alreadybe installed, and the Admin Server must already be
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
/usr/sbin/setup-ds-admin.pl General.FullMachineName=ldap.exam ple.com “slapd.Suffix=dc=example,dc=com” slapd.ServerPort=389NOTEPassing argumen
Table 4 .2. setup- ds-admin OptionsOption Alternate Options Description Example--silent -s This sets that thesetup script will run insilent mode, draw
WARNINGThe cache filecontains thecleartextpasswordssupplied duringsetup. Useappropriatecaution andprotection withthis file.--logfile name -l This para
dn: cn=replica,cn=dc=example\,dc=com,cn=mapping tree,cn=configchangetype: addobjectclass: topobjectclass: nsds5replicaobjectclass: extensibleObjectcn:
[General] directive=value directive=value directive=value ...[slapd] directive=valuedirective=value directive=value ...[admin]directive=value directiv
Table 4 .3. [General] DirectivesDirect ive Description Required ExampleFullMachineName Specifies the fullyqualified domain nameof the machine onwhich
ConfigDirectoryAdminPwdSpecifies the passwordfor the admin user.YesChapter 4. Advanced Setup and Configuration 53
Table 4 .4 . [slapd] DirectivesDirect ive Description Required ExampleServerPort Specifies the port theserver will use for LDAPconnections. Forinforma
structure and accesscontrol. If this directiveis used and InstallLdifFile isalso used, then thisdirective has no effect.The default is no.AddSampleEnt
is not used, then thedefault is yes, meaningthe configuration dataare stored in the newinstance.UseExistingMC Sets whether to storethe configuration d
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table 4 .5. [admin] DirectivesDirect ive Description Required ExampleSysUser Specifies the user aswhich the Admin Serverwill run. The default isuser n
Example 4 .1. .inf File for a Custom Installat ion[General]FullMachineName= ldap.exam ple.comSuiteSpotUserID= nobodySuiteSpotGroup=
Example 4 .2. .inf File for Registering the Instance with a Configuration Directory Server(Typical Setup)[General] FullMachineName= dir.example.com Su
NOTEThere are two PassSync packages available, one for 32-bit Windows servers and one for64-bit. Make sure to select the appropriate packages for your
certutil.exe -d . -L -n "DS CA cert"13. Reboot the Windows machine. The Password Sync service is not available until after a systemreboot.N
4.7.1. Removing a Single Directory Server InstanceIt is possible to remove a single instance of Directory Server without uninstalling the system./usr/
Chapter 5. Migrating from Previous VersionsRed Hat Directory Server 8.2 supports both a migration path and an in-place upgrade, depending on theversio
5.2. Migrating 7.1 ServersRed Hat Directory Server 7.1 servers are migrated to a new Directory Server 8.2 instance. This uses aspecial script which ca
old Directory Server. There is also one required argument, General.ConfigDirectoryAdminPwd,which gives the password of the directory administrator for
Table 5.1. migrate-ds-admin Opt ionsOption Alternate Options DescriptionGeneral.ConfigDirectoryAdminPwd=passwordRequired. This is the passwordfor the
Red Hat Directory Server 8.2 Installation Guide4
another with a differentarchitecture. For cross-platformmigrations, only certain data aremigrated. This migration actiontakes database informationexpo
5.2.2. Before MigrationFor the safety of the Directory Server data, do these things before beginning to migrate the DirectoryServer instances:Shut dow
10presence.ldif05rfc2247.ldif5.2.3. Migrating a Server or Single InstanceTo migrate a Directory Server installation to a new one on the same machine,
resynchronized.a. Reboot the Windows machine.b. In the Directory Server Console, open the Configuration tab.c. Expand the Replication folder, and s
packages.Make the first migrated master the configuration instance since it is not replicated. T hen,register other master and hub servers with the fi
NOTEIf the new machine has a different architecture than the old machine, such as moving from x86 tox86_64, you must perform a cross platform migratio
1. Stop all Directory Server instances and the Admin Server.2. Back up all the Directory Server user and configuration data.3. Install the Director
NOTEOn Red Hat Enterprise Linux 5 (64-bit) machines, the m igrate-ds-adm in tool is in the /usr/sbin directory.The command format to move from one pla
/usr/sbin/migrate-ds-admin.pl --cross --oldsroot server2:/migration/opt/redhat-ds --actualsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=passwor
IMPORTANTIf there are any duplicate entries (based on duplicate DNs), then the upgrade process makes acopy of the database. It is possible, in an extr
PrefaceThis installation guide describes the Red Hat Directory Server 8.2 installation process and the migrationprocess. T his manual provides detaile
rpm -qf /usr/sbin/setup-ds-admin.pl redhat-ds-admin-8.2.0-0.el5dsrv6. Verify that the directory databases have been successfully migrated. Directory
ls -R /var/lib/dirsrv/slapd-instance_name/dbdb:abcRoot abcRoot.orig DBVERSION guardian log.0000000001 userRootdb/abcRoot:aci.db4 DBVERSIO
NOTEManually restarting the server should only be required for Red Hat Enterprise Linux 4systems. Other systems should restart automatically.NOTEThe s
[..] - upgradedn userRoot: Duplicated entrydn detected: "cn=uid\3djsmith1\2cou\3ddev0\2co\3dengineering0,ou=people,dc=example,dc=com ": Entr
To upgrade Directory Server and move the instance from one machine to another, the 8.1 informationmust be imported into the new instance manually. T h
4. Copy the LDIF files from the old machine to the new machine.5. Import the LDIF files into the new Directory Server 8.2 databases.ldif2db -n userR
8. Run setup-ds.pl with the -u option. This updates the DN formats in any migrated databases tobe compliant with RFC 4514.setup-ds.pl -u9. Restart t
Chapter 6. General Usage InformationThis chapter contains common information that you will use after installing Red Hat Directory Server 8.2,such as w
Table 6.2. Red Hat Enterprise Linux 4 and 5 (x86_64 )File or Directory LocationLog files /var/log/dirsrv/slapd-instanceConfiguration files /etc/dirsr
redhat-idm-console -a http://localhost:9830 -u "cn=Directory Manager" -w secretTable 6.3. redhat- idm-console OptionsOption Description-a ad
1.1. Command and File ExamplesAll of the examples for Red Hat Directory Server commands, file locations, and other usage are given forRed Hat Enterpri
Passing the instance name stops or starts only that instance; not giving any name starts or stops allinstances.NOTEThe service name for the Directory
cd /etc/dirsrv/slapd-instance/vi dse.ldif4. Locate the nsslapd-rootpw parameter.nsslapd-rootpw: {SS HA}x03lZLMyOPaGH5VB8fcys1IV+TVNbBIOwZEYoQ==Delete
Example 6.1. dskt une OutputRed Hat Directory Server system tuning analysis version 10-AUGUST-2007.NOTICE : System is i686-unknown-linux2.6.9-34.EL (1
/etc/dirsrv/slapd-instance_name directory.GlossaryAaccess cont rol instructionSee ACI.access cont rol listSee ACL.access right sIn the context of acce
regardless of the conditions of the bind.approximate indexAllows for efficient approximate or "sounds-like" searches.at tributeHolds descrip
bind DNDistinguished name used to authenticate to Directory Server when performing an operation.bind ruleIn the context of access control, the bind ru
server. Programs written to use CGI are called CGI programs or CGI scripts and can be writtenin many of the common programming languages. CGI programs
alphabet or how to compare letters with accents to letters without accents.consumerServer containing replicated directory trees or subtrees from a sup
definition entrySee CoS definition entry.Direct ory Access ProtocolSee DAP.Direct ory ManagerThe privileged database administrator, comparable to the
called realthing.yourdomain.domain where the server currently exists.EentryA group of lines in the LDIF file that contains information about an object
Commenti su questo manuale