Directory - RedHat directory server 8.0

1. Install packages

1.1. RPMs / i386

Download redhat-ds-v3-core-i386.tgz<

tar xzf redhat-ds-v3-core-i386.tgz
cd redhat-ds-v3-core-i386<

1.2. RPMs / x86_64

Download redhat-ds-v2-core-x64.tgz<

tar xzf redhat-ds-v2-core-x64.tgz
cd redhat-ds-v2-core-x64<

2. Initial setup

  • Run dsktune:
/usr/bin/dsktune<
  • Create inf-file:
cat > rhds8.inf
[General]
FullMachineName=         server.ourdom.com
SuiteSpotUserID=         nobody
SuiteSpotGroup=          nobody
AdminDomain=             ourdom.com
ConfigDirectoryAdminID=  admin
ConfigDirectoryAdminPwd= pass123
ConfigDirectoryLdapURL=  ldap://server.ourdom.com:389/o=NetscapeRoot

[slapd]
SlapdConfigForMC=        Yes
UseExistingMC=           No
ServerPort=              389
ServerIdentifier=        el4
Suffix=                  dc=ourdom,dc=com
RootDN=                  cn=dirman
RootDNPwd=               pass123

[admin]
SysUser=                 nobody
Port=                    11333
ServerIpAddress=         10.20.4.1
ServerAdminID=           admin
ServerAdminPwd=          pass123

^D<
  • Run the setup:
/usr/sbin/setup-ds-admin.pl -s -f rhds8.inf
<
Creating directory server . . .
Your new DS instance 'el4' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
The admin server was successfully started.
Admin server was successfully created, configured, and started.
Exiting . . .
Log file is '/tmp/setupzymAxA.log'
<

If the following error appears:

Fatal Error: failed to open an LDAP connection to host 'xxx' port '389' as user 'zzz'.
Error: unknown.
Fatal Failed to create the configuration directory server<

Verify that the xxx name is accessible via both /etc/hosts and DNS. 

3. Run automatically

chkconfig --add dirsrv
chkconfig --add dirsrv-admin
chkconfig dirsrv on
chkconfig dirsrv-admin on
service dirsrv restart
service dirsrv-admin restart<

4. Start management console

/usr/bin/redhat-idm-console -a http://server.ourdom.com:11333 -u admin -w pass123 &<
  • Переходим на вкладку Users and Groups.
  • Кликаем Create, выбираем User.
  • В списке Select the directory subtree выбираем People.
  • Заполняем поля:
First Name      John
Last Name       Smith
Common Name     John Smith
User ID         jsmith
Password        pass123
Posix / UID     201
Posix / GID     201<
  • Кликаем OK
  • Кликаем Search. Убеждаемся, что пользователь появился.

5. Test

Verify FDS:

ldapsearch -h el.vpn -x -D "cn=dirman" -w pass123 -LLL
           -b "dc=ourdom,dc=com" "(objectClass=posixAccount)" dn<

Verify AD:

ldapsearch -h winsrv.vpn -x -D "cn=WinAdmin,cn=People,dc=ourdom,dc=local"
           -w zse4RFV -LLL -b "cn=People,dc=ourdom,dc=local"
            "(objectClass=group)" dn<

6. 6. Configure SSL in RHDS

Download script rhds8-setupssl2.sh<.

./rhds8-setupssl2.sh /etc/dirsrv/slapd-el4 cn=dirman pass123 server.ourdom.com 389<

The script will do all the job:

Restart the server:

service dirsrv restart
service dirsrv-admin restart<

6.1. Configure SSL-only mode

Attention! For SSL-only operation you also have to configure the admin-server.

service dirsrv stop
vi /opt/fedora-ds/slapd-X/config/dse.ldif<
nsslapd-port: 389 0<
service dirsrv start<

7. Configure clients

See here<

Вложения