Ops535-389-ds-install
Note: this wiki page is a work-in-progress
Contents
OS and virtual hardware configure on VM
- Minimal CentOS 7.x installation
- 2 NICs - one on NAT network (192.168.122.0/24), one on isolated private network (192.168.x.0/24)
- enable "epel" repository - yum install epel-release
- Hostname: ds389.cp.net
- IP address: 192.168.x.20/24 on isolated private network
System Software Configuration
Host name resolution
- Primary DNS server for your domain:
- Add A resource record: ds389.cp.net. IN A 192.168.x.20
- Add PTR resource record: 20.x.168.192.in-addr.arpa. IN PTR ds389.cp.net.
- If you don't have DNS, add the following record to /etc/hosts
- 192.168.x.20 ds389.cp.net ds389
Firewall configuration
You need to open tcp ports 389, 636 and 9830 for external access to your 389 directory server.
firewalld.service
Run the following commands to open the ports:
firewall-cmd --permanent --add-port=389/tcp firewall-cmd --permanent --add-port=636/tcp firewall-cmd --permanent --add-port=9830/tcp
You need to run the following command to update the current firewall settings:
firewall-cmd --reload
Please confirm your firewall settings with the following command:
firewall-cmd --list-ports
iptables.service
Run the following command to open the ports
iptables -I INPUT -p tcp --dport 389 -j ACCEPT iptables -I INPUT -p tcp --dport 636 -j ACCEPT iptables -I INPUT -p tcp --dport 9830 -j ACCEPT
Run the command to save the current firewall settings:
service iptables save
System resource configuration
- Add the following lines to /etc/sysctl.conf
net.ipv4.tcp_keepalive_time = 300
- Add the following lines to /etc/security/limits.conf
* soft nofile 8192 * hard nofile 8192
389-DS rpm packages
- yum install 389-ds*
389-ds-console-doc 389-ds-base 389-ds-console 389-ds-base-libs 389-ds-base-devel 389-ds 389-dsgw
Will install the above rpm packages and their dependencies.
Requirements for running the setup-ds.pl program
Create an unprivileged regular
User to act as the Administrator for the 389 Directory Server
useradd ldapadmin
Warning message for system resources
[root@ds389 ~]# setup-ds-admin.pl ============================================================================== This program will set up the 389 Directory and Administration Servers. It is recommended that you have "root" privilege to set up the software. Tips for using this program: - Press "Enter" to choose the default and go to the next screen - Type "Control-B" then "Enter" to go back to the previous screen - Type "Control-C" to cancel the setup program Would you like to continue with set up? [yes]: ============================================================================== Your system has been scanned for potential problems, missing patches, etc. The following output is a report of the items found that need to be addressed before running this software in a production environment. 389 Directory Server system tuning analysis version 23-FEBRUARY-2012. NOTICE : System is x86_64-unknown-linux3.10.0-327.36.3.el7.x86_64 (1 processor). NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds (120 minutes). This may cause temporary server congestion from lost client connections. WARNING: There are only 1024 file descriptors (soft limit) available, which limit the number of simultaneous connections. WARNING : The warning messages above should be reviewed before proceeding. Would you like to continue? [no]:
Update the files "/etc/sysctl.conf" and "/etc/security/limits.conf" and run the "setup-ds-admin.pl" again:
Setup screen
After updating "/etc/sysctl.conf" and "/etc/security/limits.conf", reboot the VM and login as root. Run the "setup-ds-admin.pl" again and you should get something similar to the following:
[root@ds389 ~]# setup-ds-admin.pl ============================================================================== This program will set up the 389 Directory and Administration Servers. It is recommended that you have "root" privilege to set up the software. Tips for using this program: - Press "Enter" to choose the default and go to the next screen - Type "Control-B" then "Enter" to go back to the previous screen - Type "Control-C" to cancel the setup program Would you like to continue with set up? [yes]: ============================================================================== Your system has been scanned for potential problems, missing patches, etc. The following output is a report of the items found that need to be addressed before running this software in a production environment. 389 Directory Server system tuning analysis version 23-FEBRUARY-2012. NOTICE : System is x86_64-unknown-linux3.10.0-327.36.3.el7.x86_64 (1 processor). Would you like to continue? [yes]:
Post-installation
Start the Directory Server and Admin service
- systemctl enable dirsrv.target
- systemctl start dirsrv.target
- systemctl enable dirsrv-admin.service
- systemctl start dirsrv-admin.service
Install Xfce for GUI web console
- yum groupinstall Xfce
Testing the LDAP Server
- ldapsearch -x -b 'dc=cp,dc=net'
Start the management console
On the local machine
To start the management console, type 389-console
On remote workstation
- ssh -X root@192.168.x.20 /usr/bin/389-console -a http://192.168.x.20:9830