Difference between revisions of "Setup basic 389-DS server"

From Notes_Wiki
m
m
Line 53: Line 53:


Steps learned from    http://www.unixmen.com/setup-directory-serverldap-in-centos-6-4-rhel-6-4/ and  https://www.youtube.com/watch?v=2wD-u5TMsfc
Steps learned from    http://www.unixmen.com/setup-directory-serverldap-in-centos-6-4-rhel-6-4/ and  https://www.youtube.com/watch?v=2wD-u5TMsfc
==Basic setup of 389-ds on CentOS 7.0==
'''These steps did not seem to work''' 
[[category:TODO]]
# Configure firewall
#:<pre>
#::  firewall-cmd --permanent --add-port=389/tcp
#::  firewall-cmd --permanent --add-port=636/tcp
#::  firewall-cmd --permanent --add-port=9830/tcp
#:</pre>
#::  Add --zone=internal, if zones are being used
# Install packages:
#:<pre>
#::      yum -y install epel-release
#::      yum install 389-ds-base 389-admin 389-adminutil -y
#:</pre>
# Ignore SELInux poilcy errors   
# Enable services to run on startup
#:<pre>
#::      systemctl enable dirsrv.target
#::      systemctl enable dirsrv-admin
#::      systemctl start dirsrv.target
#::      systemctl start dirsrv-admin
#:</pre>
Refer:
* http://www.unixmen.com/install-and-configure-ldap-server-in-centos-7/
* http://technet.sector19.net/linux/install-and-configure-389-directory-server-centos7/





Revision as of 08:53, 4 August 2016

<yambe:breadcrumb>389-DS|389-DS</yambe:breadcrumb>

Setup basic 389-DS server

To setup basic 389-DS server use following steps:

  1. yum -y install epel-release
  2. If LDAP server is being setup on VM or base machine then do the following: (Not useful for container based setup)
    1. Edit '/etc/sysctl.conf'
      net.ipv4.tcp_keepalive_time = 300
      net.ipv4.ip_local_port_range = 1024 65000
    2. In '/etc/security/limits.conf' add:
      * soft nofile 8192
      * hard nofile 8192
    3. Edit '/etc/profile' and at the end append
      ulimit -n 8192
    4. Edit '/etc/pam.d/login' and after last session required line add
      session required pam_limits.so
  3. Create ldapadmin user and set its password
  4. Install 389-ds and openldap-clients using:
    yum install -y 389-ds openldap-clients
  5. Ensure that FQDN resolves to IP and with help of /etc/hosts IP resolves to FQDN. Without this setup fails. Even after setup while running the server this is necessary for server to continue working.
  6. Run 'setup-ds-admin.pl' and enter appropriate values to setup the server
    If there is warning of low file-descriptors reboot
    Choose following options
    1. Typical setup
    2. system user is ldapadmin, system group is ldapadmin
    3. register with existing server: no
    4. administrator id : admin
    5. Password: secret
    6. Other appropriate values
  7. Allow incoming TCP connections on port 389, 636 and 9830 in firewall
  8. Configure 389-ds to automatically start on system boot using:
    chkconfig dirsrv-admin on
    chkconfig dirsrv on

To connect to server on administrators machine

  1. Install 389-ds (and not just 389-console)
  2. Use command:
    389-console -a http://<server-fqdn-or-ip>:9830/

Steps learned from http://www.unixmen.com/setup-directory-serverldap-in-centos-6-4-rhel-6-4/ and https://www.youtube.com/watch?v=2wD-u5TMsfc


Basic setup of 389-ds on CentOS 7.0

These steps did not seem to work

  1. Configure firewall
    firewall-cmd --permanent --add-port=389/tcp
    firewall-cmd --permanent --add-port=636/tcp
    firewall-cmd --permanent --add-port=9830/tcp
    Add --zone=internal, if zones are being used
  2. Install packages:
    yum -y install epel-release
    yum install 389-ds-base 389-admin 389-adminutil -y
  3. Ignore SELInux poilcy errors
  4. Enable services to run on startup
    systemctl enable dirsrv.target
    systemctl enable dirsrv-admin
    systemctl start dirsrv.target
    systemctl start dirsrv-admin

Refer:



<yambe:breadcrumb>389-DS|389-DS</yambe:breadcrumb>