Difference between revisions of "Ops535-389-ds-install"

From CDOT Wiki
Jump to: navigation, search
(Requirements for running the setup-ds.pl program)
(Post-installation)
 
(6 intermediate revisions by the same user not shown)
Line 68: Line 68:
  
 
= Requirements for running the setup-ds.pl program =
 
= Requirements for running the setup-ds.pl program =
 +
== Create an unprivileged regular ==
 +
User to act as the Administrator for the 389 Directory Server
 +
<pre>
 +
useradd ldapadmin
 +
</pre>
 +
 
== Warning message for system resources ==
 
== Warning message for system resources ==
 
<pre>
 
<pre>
Line 104: Line 110:
 
Would you like to continue? [no]:  
 
Would you like to continue? [no]:  
 
</pre>
 
</pre>
Fi
 
  
 
Update the files "/etc/sysctl.conf" and "/etc/security/limits.conf" and run the "setup-ds-admin.pl" again:
 
Update the files "/etc/sysctl.conf" and "/etc/security/limits.conf" and run the "setup-ds-admin.pl" again:
 +
== Setup screen ==
 +
After updating "/etc/sysctl.conf" and "/etc/security/limits.conf", reboot the VM and login as root.
 +
Run the "setup-ds-admin.pl" again and you should get something similar to the following:
 +
<pre>
 +
[root@ds389 ~]# setup-ds-admin.pl
 +
 +
==============================================================================
 +
This program will set up the 389 Directory and Administration Servers.
 +
 +
It is recommended that you have "root" privilege to set up the software.
 +
Tips for using this program:
 +
  - Press "Enter" to choose the default and go to the next screen
 +
  - Type "Control-B" then "Enter" to go back to the previous screen
 +
  - Type "Control-C" to cancel the setup program
 +
 +
Would you like to continue with set up? [yes]:
 +
 +
==============================================================================
 +
Your system has been scanned for potential problems, missing patches,
 +
etc.  The following output is a report of the items found that need to
 +
be addressed before running this software in a production
 +
environment.
 +
 +
389 Directory Server system tuning analysis version 23-FEBRUARY-2012.
 +
 +
NOTICE : System is x86_64-unknown-linux3.10.0-327.36.3.el7.x86_64 (1 processor).
 +
 +
Would you like to continue? [yes]:
 +
</pre>
 +
 +
* [https://scs.senecac.on.ca/~raymond.chan/topics/dirsrv/ds389.cp.net-installation-log.txt 389 Directory Server Installation Log]
 +
* [https://scs.senecac.on.ca/~raymond.chan/topics/dirsrv/ds389-setup.log 389 Directory Server setup Log]
  
 
= Post-installation =
 
= Post-installation =
 +
== Start the Directory Server and Admin service ==
 +
* systemctl enable dirsrv.target
 +
* systemctl start dirsrv.target
 +
* systemctl enable dirsrv-admin.service
 +
* systemctl start dirsrv-admin.service
 +
 +
== Install Xfce for GUI web console ==
 +
* yum groupinstall Xfce
 +
 +
== Testing the LDAP Server ==
 +
* ldapsearch -x -b 'dc=cp,dc=net'
 +
 +
== Start the management console ==
 +
=== On the local machine ===
 +
To start the management console, type 389-console
 +
=== On remote workstation ===
 +
* ssh -X root@192.168.x.20 /usr/bin/389-console -a http://192.168.x.20:9830

Latest revision as of 15:10, 15 November 2016

Note: this wiki page is a work-in-progress

OS and virtual hardware configure on VM

  • Minimal CentOS 7.x installation
  • 2 NICs - one on NAT network (192.168.122.0/24), one on isolated private network (192.168.x.0/24)
  • enable "epel" repository - yum install epel-release
  • Hostname: ds389.cp.net
  • IP address: 192.168.x.20/24 on isolated private network

System Software Configuration

Host name resolution

  • Primary DNS server for your domain:
    • Add A resource record: ds389.cp.net. IN A 192.168.x.20
    • Add PTR resource record: 20.x.168.192.in-addr.arpa. IN PTR ds389.cp.net.
  • If you don't have DNS, add the following record to /etc/hosts
    • 192.168.x.20 ds389.cp.net ds389

Firewall configuration

You need to open tcp ports 389, 636 and 9830 for external access to your 389 directory server.

firewalld.service

Run the following commands to open the ports:

 firewall-cmd --permanent --add-port=389/tcp
 firewall-cmd --permanent --add-port=636/tcp
 firewall-cmd --permanent --add-port=9830/tcp

You need to run the following command to update the current firewall settings:

 firewall-cmd --reload

Please confirm your firewall settings with the following command:

firewall-cmd --list-ports

iptables.service

Run the following command to open the ports

iptables -I INPUT -p tcp --dport 389 -j ACCEPT
iptables -I INPUT -p tcp --dport 636 -j ACCEPT
iptables -I INPUT -p tcp --dport 9830 -j ACCEPT

Run the command to save the current firewall settings:

service iptables save

System resource configuration

  • Add the following lines to /etc/sysctl.conf
net.ipv4.tcp_keepalive_time = 300
  • Add the following lines to /etc/security/limits.conf
*    soft    nofile    8192
*    hard    nofile    8192

389-DS rpm packages

  • yum install 389-ds*
389-ds-console-doc
389-ds-base
389-ds-console
389-ds-base-libs
389-ds-base-devel
389-ds
389-dsgw

Will install the above rpm packages and their dependencies.

Requirements for running the setup-ds.pl program

Create an unprivileged regular

User to act as the Administrator for the 389 Directory Server

useradd ldapadmin

Warning message for system resources

[root@ds389 ~]# setup-ds-admin.pl

==============================================================================
This program will set up the 389 Directory and Administration Servers.

It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
  - Press "Enter" to choose the default and go to the next screen
  - Type "Control-B" then "Enter" to go back to the previous screen
  - Type "Control-C" to cancel the setup program

Would you like to continue with set up? [yes]: 

==============================================================================
Your system has been scanned for potential problems, missing patches,
etc.  The following output is a report of the items found that need to
be addressed before running this software in a production
environment.

389 Directory Server system tuning analysis version 23-FEBRUARY-2012.

NOTICE : System is x86_64-unknown-linux3.10.0-327.36.3.el7.x86_64 (1 processor).

NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds
(120 minutes).  This may cause temporary server congestion from lost
client connections.

WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.  

WARNING  : The warning messages above should be reviewed before proceeding.

Would you like to continue? [no]: 

Update the files "/etc/sysctl.conf" and "/etc/security/limits.conf" and run the "setup-ds-admin.pl" again:

Setup screen

After updating "/etc/sysctl.conf" and "/etc/security/limits.conf", reboot the VM and login as root. Run the "setup-ds-admin.pl" again and you should get something similar to the following:

[root@ds389 ~]# setup-ds-admin.pl

==============================================================================
This program will set up the 389 Directory and Administration Servers.

It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
  - Press "Enter" to choose the default and go to the next screen
  - Type "Control-B" then "Enter" to go back to the previous screen
  - Type "Control-C" to cancel the setup program

Would you like to continue with set up? [yes]: 

==============================================================================
Your system has been scanned for potential problems, missing patches,
etc.  The following output is a report of the items found that need to
be addressed before running this software in a production
environment.

389 Directory Server system tuning analysis version 23-FEBRUARY-2012.

NOTICE : System is x86_64-unknown-linux3.10.0-327.36.3.el7.x86_64 (1 processor).

Would you like to continue? [yes]:

Post-installation

Start the Directory Server and Admin service

  • systemctl enable dirsrv.target
  • systemctl start dirsrv.target
  • systemctl enable dirsrv-admin.service
  • systemctl start dirsrv-admin.service

Install Xfce for GUI web console

  • yum groupinstall Xfce

Testing the LDAP Server

  • ldapsearch -x -b 'dc=cp,dc=net'

Start the management console

On the local machine

To start the management console, type 389-console

On remote workstation