Red Hat DIRECTORY SERVER 7.1 - GATEWAY CUSTOMIZATION Installationsanleitung

Stöbern Sie online oder laden Sie Installationsanleitung nach Server Red Hat DIRECTORY SERVER 7.1 - GATEWAY CUSTOMIZATION herunter. Red Hat DIRECTORY SERVER 7.1 - GATEWAY CUSTOMIZATION Installation guide [en] Benutzerhandbuch

  • Herunterladen
  • Zu meinen Handbüchern hinzufügen
  • Drucken
  • Seite
    / 154
  • Inhaltsverzeichnis
  • FEHLERBEHEBUNG
  • LESEZEICHEN
  • Bewertet. / 5. Basierend auf Kundenbewertungen

Inhaltsverzeichnis

Seite 1 - Installation Guide

Red Hat Directory Server 8.08.0Installation GuideISBN:Publication date: January 11, 2008

Seite 3 - Copyright © 2008

Directive Description Requireduser nobody on Linux andSolaris and daemon onHP-UX. This should bechanged for mostdeployments.SuiteSpotGroup Specifies t

Seite 4

Directive Description Required ExampleSection 2.1, “PortNumbers”.ServerIdentifier Specifies the serveridentifier. This valueis used as part of thename

Seite 5

Directive Description Required Exampledirective is used andInstallLdifFile isalso used, then thisdirective has noeffect. The default isno.InstallLdifF

Seite 6

Directive Description Required ExampleThis should bechanged for mostdeployments. Forinformation as to whatusers your serversshould run, seeSection 2.2

Seite 7

Directive Description Required ExampleServer.Table 6.4. [admin] Directives3.5.2. Sample .inf Files[General]FullMachineName= ldap.example.comSuiteSpotU

Seite 8 - 1. Document Conventions

UseExistingUG= NoServerPort= 18257ServerIdentifier= directorySuffix= dc=example,dc=comRootDN= cn=Directory ManagerUseReplication= NoAddSampleEntries=

Seite 9 - 2. We Need Feedback!

/usr/sbin/ds_removal -s example3 -w itsasecret2. Stop the Administration Server./etc/init.d/dirsrv-admin stop3. Then use the system tools to remove th

Seite 10

rm -Rf /export/ds804. Remove the symlinks to the directories. For example:rm -f /opt/dirsrv /var/opt/dirsrv /etc/opt/dirsrv4.2.3. SolarisTo uninstall

Seite 12

General Usage InformationThis chapter contains common information that you will use after installing Red Hat DirectoryServer 8.0, such as where files

Seite 13 - 2.4. Directory Administrator

Preparing for a Directory ServerInstallationBefore you install Red Hat Directory Server 8.0, there are required settings and information thatyou need

Seite 14 - 2.7. Configuration Directory

File or Directory LocationLog files /var/log/dirsrv/slapd-instanceConfiguration files /etc/dirsrv/slapd-instanceInstance directory /usr/lib64/dirsrv/s

Seite 15 - 2.8. Administration Domain

File or Directory LocationLog files /var/opt/log/dirsrv/slapd-instanceConfiguration files /etc/opt/dirsrv/slapd-instanceInstance directory /opt/dirsrv

Seite 16

NOTEMake sure that the correct JRE — the program called java — is set in the PATHbefore launching the Console.When the login screen opens, you are pro

Seite 17

/usr/lib/dirsrv/slapd-instance/start-slapd/usr/lib/dirsrv/slapd-instance/restart-slapd/usr/lib/dirsrv/slapd-instance/stop-slapd• The Directory Server

Seite 18 - .inf that is

Passwords are stored in the Directory Server databases and can be modified with tools likeldapmodify and through the Directory Server Console. The Dir

Seite 19 - 4. Overview of Setup

7. Troubleshooting7.1. Running dsktunedsktune runs when the Directory Server is first set up to check for minimum operatingrequirements. After the set

Seite 20

7.2. Common Installation ProblemsThere are several common problems that can come up during the setup process, generallyrelating to network or naming p

Seite 21 - 389/o=NetscapeRoot

Migrating from Previous VersionsRed Hat Directory Server 6.x and 7.x instances can be migrated to Directory Server 8.0.Migration carries over all data

Seite 22

WARNINGIf Directory Server databases have been moved from their default location(/opt/redhat-ds/slapd-instancename/db), migration will not copy thesed

Seite 23

On Red Hat Enterprise Linux and Solaris machines, the migrate-ds-admin toolis in the /usr/sbin/ directory. On HP-UX machines, the migrate-ds-admin isi

Seite 24

one for the Administration Server. These port numbers must be unique.The Directory Server instance (LDAP) has a default port number of 389. The Admini

Seite 25 - System Requirements

Option Alternate Options Descriptionon the machine.--file=name -f name This sets the path and nameof the .inf file provided withthe migration script.

Seite 26 - 2.1. Using dsktune

Option Alternate Options DescriptionTable 8.1. migrate-ds-admin Optionsmigrate-ds-admin.pl allows the password parameter to be provided on the command

Seite 27

• Shut down all Directory Server instances and the Administration Server.• Back up all of your databases.• For servers which have a different configur

Seite 28 - Requirements

4. Migration ScenariosThe migration scenario differs depending on the type of existing Directory Server configurationyou have. It is possible to migra

Seite 29 - 2.2.2.2. File Descriptors

WARNINGIf Directory Server databases have been moved from their default location(/opt/redhat-ds/slapd-instancename/db), migration will not copy thesed

Seite 30 - 2.3. HP-UX 11i

/opt/redhat-ds/ is the directory where the old Directory Server is installed.The migration process starts. The legacy Directory Server is migrated, an

Seite 31 - 2.3.1. HP-UX Patches

This issue does not occur in cross-platform migrations or migrating using LDIFfiles instead of the binary databases because these already work with an

Seite 32 - 2.3.2.3. TIME_WAIT Setting

and then for the replicas.4.3. Migrating a Directory Server from One Machine to AnotherTo migrate a Directory Server installation from one machine to

Seite 33 - 2.4. Sun Solaris 9

NFS-mounted directory:# /usr/sbin/migrate-ds-admin.pl --oldsroot server2:/migration/opt/redhat-ds--actualroot /opt/redhat-ds General.ConfigDirectoryAd

Seite 34 - 2.4.1. Solaris Patches

For example:# /usr/sbin/migrate-ds-admin.pl --oldsroot server2:/migration/opt/redhat-ds--actualsroot /opt/redhat-dsGeneral.ConfigDirectoryAdminPwd=pas

Seite 35

Section 2.2, “Directory Server User and Group” has more information about the server user ID.2.2. Directory Server User and GroupThe setup process set

Seite 36 - 2.4.2.2. TCP Tuning

1. Stop all Directory Server instances and the Administration Server.2. Back up all the Directory Server user and configuration data.3. Export all of

Seite 37 - 2.4.2.4. File Descriptors

GlossaryAaccess control instruction See ACI.ACI An instruction that grants or denies permissions to entries inthe directory.See Also access control in

Seite 38

value.attribute list A list of required and optional attributes for a given entry typeor object class.authenticating directoryserverIn pass-through au

Seite 39

uses the HTTP protocol to communicate with the host server.browsing index Speeds up the display of entries in the Directory ServerConsole. Browsing in

Seite 40 - 1. Installing the JRE

ciphertext Encrypted information that cannot be read by anyone withoutthe proper key to decrypt the information.class definition Specifies the informa

Seite 41

data master The server that is the master source of a particular piece ofdata.database link An implementation of chaining. The database link behaves l

Seite 42 - 3. Express Setup

to a different host#specifically a DNS CNAME record.Machines always have one real name, but they can have oneor more aliases. For example, an alias su

Seite 43

gateway See Directory Server Gateway.general access When granted, indicates that all authenticated users canaccess directory information.GSS-API Gener

Seite 44

indirect CoS An indirect CoS identifies the template entry using the value ofone of the target entry's attributes.international index Speeds up s

Seite 45 - 4. Typical Setup

Access Protocol See LDAP.locale Identifies the collation order, character type, monetary formatand time / date format used to present data for users o

Seite 46

this user administrative access.There are important differences between the Directory Administrator and the Directory Manager:• The administrator cann

Seite 47

directory tree.monetary format Specifies the monetary symbol used by specific region,whether the symbol goes before or after its value, and howmonetar

Seite 48

object class Defines an entry type in the directory by defining whichattributes are contained in the entry.object identifier A string, usually of deci

Seite 49 - 5. Custom Setup

protocol A set of rules that describes how devices on a networkexchange information.protocol data unit See PDU.proxy authentication A special form of

Seite 50

process is called a referral.read-only replica A replica that refers all update operations to read-write replicas.A server can hold any number of read

Seite 51

schema Definitions describing what types of information can be storedas entries in the directory. When information that does notmatch the schema is st

Seite 52

See Also ns-slapd.SNMP Used to monitor and manage application processes running onthe servers by exchanging data about network activity. AlsoSimple Ne

Seite 53

Ttarget In the context of access control, the target identifies thedirectory information to which a particular ACI applies.target entry The entries wi

Seite 54

X.500 standard The set of ISO/ITU-T documents outlining the recommendedinformation model, object classes and attributes used bydirectory server implem

Seite 56

Appendix A. Revision HistoryRevision HistoryRevision 8.0.0-4 Thurs. Jan. 10, 2008 EllaDeonLackey<[email protected]>Added note that Directory Se

Seite 57

Server in your organization, you must determine which Directory Server instance will host theconfiguration directory tree, o=NetscapeRoot. Make this d

Seite 59

IndexSymbols.inf file, 88directives, 89samples, 94AAdministration domain, 5Administration Serverconfiguring IP authorization, 79configuring proxy serv

Seite 60

HP-UX, 20Solaris, 24HP-UXhardware requirements, 20required patches, 21system configuration, 22DNS, 23kernel parameters, 22Large file support, 23Perl,

Seite 61

Solaris, 24PerlHP-UX, 22Red Hat Enterprise Linux, 19Solaris, 26Port numberfinding Administration Server, 102RRed Hat Enterprise Linux, 29custom setup,

Seite 62

File descriptors, 19Perl, 19Solaris, 25DNS and NIS, 27File descriptors, 27Perl, 26TCP tuning, 26TThe port is in use, 106Troubleshootingdsktune, 105ins

Seite 63

Would you like to continue with setup? [yes]:• Pressing Enter accepts the default answer and proceeds to the next dialog screen. Yes/Noprompts accept

Seite 64

• An .inf file can be used in conjunction with command line parameters. Parameters set in thecommand line override those specified in an .inf file, wh

Seite 65

Option Alternate Options Description Example--silent parameter;if used alone, it setsthe default values forthe setup prompts.--debug -d[dddd] This par

Seite 66

Option Alternate Options Description Examplewhich to write theoutput. If this is notset, then the setupinformation is writtento a temporary file./expo

Seite 67

This manual provides a high-level overview of design and planning decisions you need to makebefore installing Directory Server, and describes the diff

Seite 68

NOTEIt is possible to use y and n with the yes and no inputs described in Section 3.5,“About .inf File Parameters”.SetupScreenParameterInputExpress Ty

Seite 69 - Custom Setup

SetupScreenParameterInputExpress Typical Custom Silent SetupFileParameternew DirectoryServer withan existingConfigurationDirectoryServerSet theConfigu

Seite 70

SetupScreenParameterInputExpress Typical Custom Silent SetupFileParameterAdministratorpasswordSet theDirectoryServer port389[slapd]ServerPort=389Set t

Seite 71

SetupScreenParameterInputExpress Typical Custom Silent SetupFileParametersuch asou=People• Type none,which doesnot importany data[slapd]AddOrgEntries=

Seite 73

System RequirementsBefore configuring the default Red Hat Directory Server 8.0 instances, it is important to verifythat the host server has the requir

Seite 74

Number of Entries Disk Space/Required MemoryFree disk space: 8 GBFree memory: 1 GBTable 2.1. Hardware Requirements2. Operating System RequirementsDire

Seite 75

instances so that you can properly configure your kernel settings and install any missingpatches. On Red Hat Enterprise Linux and Solaris, the dsktune

Seite 76

Linux Patches”, and the recommended system configuration changes are described inSection 2.2.2, “Red Hat Enterprise Linux System Configuration”.Criter

Seite 77

Criteria RequirementsRed Hat Enterprise Linux 5 Server (x86 andx86_64)Required Filesystem ext3Table 2.3. System Versions2.2.2. Red Hat Enterprise Linu

Seite 78

Red Hat Directory Server 8.0: Installation GuideCopyright © 2008Copyright © You need to override this in your local ent file Red Hat. This material ma

Seite 79

3. Then increase the maximum number of open files on the system by editing the/etc/security/limits.conf configuration file. Add the following entry:*

Seite 80

Criteria Requirementsdeployment2 GB minimum for larger environments4 GB minimum for very large environments(more than a million entries)You must use t

Seite 81

2.3.2. HP-UX System ConfigurationBefore setting up Directory Server, tune your HP-UX system so Directory Server can access therespective kernel parame

Seite 82

This limits the socket TIME_WAIT state to 60 seconds.2.3.2.4. Large File SupportTo run Directory Server on HP-UX, you must enable large file support.1

Seite 83

are listed in Section 2.4.1, “Solaris Patches”, and the recommended configuration changes aredescribed in Section 2.4.2, “Solaris System Configuration

Seite 84

Patch ID Description112233-12 SunOS 5.9: Kernel patch112964-08 SunOS 5.9: /usr/bin/ksh patch112808 CDE1.5: Tooltalk patch113279-01 SunOS 5.9: klmmod p

Seite 85

• Section 2.4.2.4, “File Descriptors”2.4.2.1. Perl PrerequisitesOn Solaris systems, Red Hat Directory Server is installed with a Perl package, RHATper

Seite 86

connections. If you increase the rlim_fd_max value to over 4096, you must decrease thetcp_smallest_anon_port value in the /etc/init.d/inetinit file.nd

Seite 88

Setting up Red Hat Directory Serveron Red Hat Enterprise LinuxInstalling and configuring Red Hat Directory Server on Red Hat Enterprise Linux has thre

Seite 89 - /usr/bin/redhat-idm-console

Red Hat Directory Server 8.0

Seite 90

NOTEThere is a fourth setup option called a silent installation. This provides two waysof performing the setup without user interaction, either by pas

Seite 91

2. Log in as root, and install the JRE. For example:rpm -Uvh java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.i386.rpmAfter installing the JRE, install the Directory

Seite 92 - 3. Silent Setup

ls *.rpm | egrep -iv -e devel -e debuginfo | xargs rpm -ivh2. After the Directory Server packages are installed, run the setup-ds-admin.pl script to s

Seite 93

match the /etc/resolv.conf settings, the setup program cannot use the defaulthostname option, and setup will fail.WARNINGIf Directory Server is alread

Seite 94

NOTETo register the Directory Server instance with an existing Configuration DirectoryServer, select yes. This continues with the registration process

Seite 95

Updating adm.conf . . .Updating admpw . . .Registering admin server with the configuration directory server . . .Updating adm.conf with information fr

Seite 96 - .inf files and on the

ports for the Directory and Administration Servers, the domain name, and directory suffix.WARNINGIf Directory Server is already installed on your mach

Seite 97 - /dev/null:

The hostname is very important. It is used generate the Directory Server instance name, theadmin domain, and the base suffix, among others. If you are

Seite 98

This information is supplied in place of creating an admin user and domain forthe new Directory Server, steps 8, 9, and 10.8. Set the administrator us

Seite 99 - 3.5.1. .inf File Directives

Creating directory server . . .Your new DS instance 'example2' was successfully created.Creating the configuration directory server . . .Beg

Seite 100

Preface ... vii1. Document Convention

Seite 101

you have existing information. The other imports sample data that is included with DirectoryServer; this is useful for testing features of Directory S

Seite 102 - Table 6.3. [slapd] Directives

NOTEThe setup program gets the host information from the /etc/resolv.conf file. Ifthere are aliases in the /etc/hosts file, such as ldap.example.com,

Seite 103 - ConfigDirectoryAdminID

• The Configuration Directory Server administrator's user ID; by default, this isadmin.• The administrator user's password.• The Configurati

Seite 104 - 3.5.2. Sample .inf Files

16.Select whether you want to install sample entries with the Directory Server instance. Thismeans that an example LDIF, with preconfigured users, gro

Seite 105 - 4.2.1. Linux

Exiting . . .Log file is '/tmp/setupul88C1.log'When the setup-ds-admin.pl script is done, then the Directory Server is configured andrunning

Seite 106 - 4.2.2. HP-UX

Setting up Red Hat Directory Serveron HP-UX 11iInstalling and configuring Red Hat Directory Server on HP-UX has three major steps:1. Install the requi

Seite 107 - 4.2.3. Solaris

Server and Administration Server”.This chapter describes the complete process for installing Directory Server on HP-UX 11i,including both the JRE and

Seite 108

NOTEDirectory Server version 8.0 conforms to the Filesystem Hierarchy Standards.This means that the directories and files are in different locations t

Seite 109 - General Usage Information

2. Select y to accept the Red Hat licensing terms.3. The dsktune utility runs. Select y to continue with the setup.dsktune checks the available disk s

Seite 110

Directory Server in steps 6 and 7.6. Set the administrator username. The default is admin.7. Set the administrator password and confirm it.8. Set the

Seite 111 - 2. LDAP Tool Locations

1.2. Configuring Proxy Servers for the Administration Server ...802. Working with Directory Server Instances ...

Seite 112

2. Using the Administration Server port number, launch the Console./opt/dirsrv/bin/redhat-idm-console -a http://localhost:9830NOTEIf you do not pass t

Seite 113

3. The dsktune utility runs. Select y to continue with the setup.dsktune checks the available disk space, processor type, physical memory, and othersy

Seite 114

NOTETo register the Directory Server instance with an existing Configuration DirectoryServer, select yes. This continues with the registration process

Seite 115 - 7. Troubleshooting

12.Enter the Directory Server identifier; this defaults to the hostname.Directory server identifier [example]:13.Enter the directory suffix. This defa

Seite 116 - Solution

grep \^Listen /etc/dirsrv/admin-serv/console.confListen 0.0.0.0:98302. Using the Administration Server port number, launch the Console./opt/dirsrv/bin

Seite 117 - 1. Migration Overview

# /opt/dirsrv/sbin/setup-ds-admin.pl2. Select y to accept the Red Hat licensing terms.3. The dsktune utility runs. Select y to continue with the setup

Seite 118 - 2. About migrate-ds-admin.pl

network, it is not possible to register it with another directory. Select n to set up this DirectoryServer as a Configuration Directory Server and mov

Seite 119

Directory server network port [389]: 106612.Enter the Directory Server identifier; this defaults to the hostname.Directory server identifier [example]

Seite 120 - /dev/null as the logfile

example:Run Administration Server as [daemon]:21.The last screen asks if you are ready to set up your servers. Select yes.Are you ready to set up your

Seite 121 - 3. Before Migration

If you do not pass the Administration Server port number with theredhat-idm-console command, then you are prompted for it at the Consolelogin screen.C

Seite 122

PrefaceThis installation guide describes the Red Hat Directory Server 8.0 installation process and themigration process. This manual provides detailed

Seite 124 - IMPORTANT

Setting up Red Hat Directory Serveron Sun SolarisInstalling and configuring Red Hat Directory Server on Sun Solaris has three major steps:1. Install t

Seite 125

Necessary Java JRE libraries are not bundled with Directory Server. They must be downloadedand extracted separately before installing the Directory Se

Seite 126

After installing the JRE, install the Directory Server packages, as described in Section 2,“Installing the Directory Server Packages”.2. Installing th

Seite 127

backup directory.5. Delete the temporary directory.rm -rf /tmp/rhds806. After the Directory Server packages are installed, run the setup program to se

Seite 128

cd /directory/tmp/RedHat/PKGS3. Translate the package to the Solaris filesystem format:for i in `ls *.pkg`; do yes all | pkgtrans $i /directory/ ; don

Seite 129

NOTEThe setup program gets the host information from the /etc/resolv.conf file. Ifthere are aliases in the /etc/hosts file, such as ldap.example.com,

Seite 130

up the administrator user.NOTETo register the Directory Server instance with an existing Configuration DirectoryServer, select yes. This continues wit

Seite 131 - Glossary

Creating Admin Server files and directories . . .Updating adm.conf . . .Updating admpw . . .Registering admin server with the configuration directory

Seite 132

The typical setup process is the most commonly-used setup process. It offers control over theports for the Directory and Administration Servers, the d

Seite 133

1. Document ConventionsCertain words in this manual are represented in different fonts, styles, and weights. Thishighlighting indicates that the word

Seite 134

match the /etc/resolv.conf settings, you cannot use the default hostnameoption.The hostname is very important. It is used generate the Directory Serve

Seite 135

• The Configuration Directory Server Admin domain, such as example.com.• The CA certificate to authenticate to the Configuration Directory Server. Thi

Seite 136

Administration port [9830]:17.The last screen asks if you are ready to set up your servers. Select yes.Are you ready to set up your servers? [yes]:Cre

Seite 137

login screen.5. Custom SetupCustom setup provides two special configuration options that allow you to add information to theDirectory Server databases

Seite 138

5. Set the computer name of the machine on which the Directory Server is being configured.This defaults to the fully-qualified domain name (FQDN) for

Seite 139

ldap://ldap.example.com:389/o=NetscapeRootTo use TLS/SSL, set the protocol as ldaps:// instead of ldap:// ForLDAPS, use the secure port (636) instead

Seite 140

Suffix [dc=redhat, dc=com]:14.Set the Directory Manager username. The default is cn=Directory Manager.15.Set the Directory Manager password and confir

Seite 141

Creating Admin Server files and directories . . .Updating adm.conf . . .Updating admpw . . .Registering admin server with the configuration directory

Seite 143

Advanced Setup and ConfigurationAfter the default Directory Server and Administration Server have been configured, there aretools available to manage,

Seite 144

TipA tip is typically an alternative way of performing a task.ImportantImportant information is necessary, but possibly unexpected, such as aconfigura

Seite 145

*.*.*.*This allows all IP addresses to access the Administration Server.6. Restart the Administration Server.CAUTIONAdding the client machine proxy IP

Seite 146

It is also possible to provide Directory Server parameters on the command line, so that theinstance is created with pre-defined defaults. For example:

Seite 147

register-ds-admin script./usr/sbin/register-ds-admin.plIMPORTANTRunning register-ds-admin creates a default instance of the AdministrationServer and C

Seite 148

RootDNPwd= password123[admin]Port= 9830ServerIpAddress= 111.11.11.11ServerAdminID= adminServerAdminPwd= adminNOTEThere are three sections of directive

Seite 149 - Appendix A. Revision History

packages must already be installed, and the Administration Server must alreadybe configured and running.1. Make the setup .inf file. It must specify t

Seite 150

The setup utility, setup-ds-admin.pl, allows settings for all three configuration components —General (host server), slapd (LDAP server), and admin (A

Seite 151

The section names and parameter names used in the .inf files and on thecommand line are case sensitive. Refer to Table 6.1, “setup-ds-admin Options”to

Seite 152

Option Alternate Options Description ExampleWARNINGThecachefilecontainsthecleartextpasswordssuppliedduringsetup.Useappropriatecautionandprotectionwith

Seite 153

For example, to configure a new Directory Server instance as a supplier in replication,ConfigFile can be used to create the replication manager, repli

Seite 154

• General — which supplies information about the server machine; these are global directivesthat are common to all your Directory Servers.• slapd — wh

Kommentare zu diesen Handbüchern

Keine Kommentare