{"id":18,"date":"2013-08-05T18:16:00","date_gmt":"2013-08-05T18:16:00","guid":{"rendered":""},"modified":"2021-08-31T10:12:25","modified_gmt":"2021-08-31T09:12:25","slug":"configuring-389-directory-server-for-first-use","status":"publish","type":"post","link":"https:\/\/www.srivittal.com\/wp\/?p=18","title":{"rendered":"Configuring 389 Directory Server for First Use"},"content":{"rendered":"
\n

Pre-config Steps<\/h3>\n
1. Switch to root id.<\/div>\n
2. Ensure that a proper host name has been assigned to the Linux Server. I am running this inside a virtual machine and hence I have created a host name and assigned it to the local loopback address. (Edit the \/etc\/hosts file). Ensure that the server’s host name appears before the localhost host name within the \/etc\/hosts file.<\/span><\/b><\/div>\n
3. Add the CentOS repos to RedHat. See my earlier article here<\/a><\/div>\n
4. Install Firefox by running the command yum install firefox <\/span><\/span><\/div>\n
5. Run the dsktune<\/span><\/span> command. Fix any errors reported by the dsktune program. If you cannot  <\/b>find the dsktune program it means that the 389 (RedHat) Directory server is not installed<\/div>\n
6. Look at the download and installation instructions mentioned here<\/a><\/span><\/span><\/span><\/span> <\/div>\n
7.  Run the following command to install the directory server. The following example shows the open source 389 server<\/div>\n
<\/div>\n
yum install 389-ds 389-ds-base 389-ds-base-libs<\/span><\/span><\/div>\n
<\/div>\n
8. Run the dsktune command again. I received the following output<\/div>\n
<\/div>\n
[root@connect ~]# dsktune
389 Directory Server system tuning analysis version 23-FEBRUARY-2012.<\/p>\n

NOTICE : System is i686-unknown-linux2.6.32-220.el6.i686 (2 processors).<\/p>\n

ERROR  : There is 7990MB of physical memory but only 2047MB of swap space.<\/p>\n

NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds
(120 minutes).  This may cause temporary server congestion from lost
client connections.<\/p>\n

WARNING: There are only 1024 file descriptors (hard limit) available, which
limit the number of simultaneous connections.  <\/p>\n

WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.  <\/p>\n

WARNING  : The warning messages above should be reviewed before proceeding.<\/span><\/span><\/div>\n

<\/div>\n
9. Run the following commands to get rid of the warnings<\/div>\n
<\/div>\n
echo ‘net.ipv4.tcp_keepalive_time = 600’ >> \/etc\/sysctl.conf
sysctl -p<\/span><\/span><\/div>\n
<\/div>\n
10. Add this to \/etc\/security\/limits.conf<\/p>\n

* soft nofile 8192
* hard nofile 8192<\/span><\/span><\/div>\n

<\/div>\n
11. Reboot the server<\/div>\n
12. Run dsktune to ensure no errors or warnings are present. (Ignore the output from my machine above where I have allocated 8 GB of memory and 2 GB of swap)<\/div>\n
<\/div>\n

Config steps<\/h3>\n
1. Run the setup-ds-admin.pl command<\/div>\n

<\/span><\/span><\/span><\/div>\n

[root@connect tmp]# setup-ds-admin.pl<\/p>\n

==============================================================================
This program will set up the 389 Directory and Administration Servers.<\/p>\n

It is recommended that you have “root” privilege to set up the software.
Tips for using this program:
  – Press “Enter” to choose the default and go to the next screen
  – Type “Control-B” then “Enter” to go back to the previous screen
  – Type “Control-C” to cancel the setup program<\/p>\n

Would you like to continue with set up? [yes]: <\/p>\n

==============================================================================
Your system has been scanned for potential problems, missing patches,
etc.  The following output is a report of the items found that need to
be addressed before running this software in a production
environment.<\/p>\n

389 Directory Server system tuning analysis version 23-FEBRUARY-2012.<\/p>\n

NOTICE : System is i686-unknown-linux2.6.32-220.el6.i686 (2 processors).<\/p>\n

ERROR  : There is 7990MB of physical memory but only 2047MB of swap space.<\/p>\n

Would you like to continue? [yes]: <\/p>\n

==============================================================================
Choose a setup type:<\/p>\n

   1. Express
       Allows you to quickly set up the servers using the most
       common options and pre-defined defaults. Useful for quick
       evaluation of the products.<\/p>\n

   2. Typical
       Allows you to specify common defaults and options.<\/p>\n

   3. Custom
       Allows you to specify more advanced options. This is
       recommended for experienced server administrators only.<\/p>\n

To accept the default shown in brackets, press the Enter key.<\/p>\n

Choose a setup type [2]: 3<\/p>\n

==============================================================================
Enter the fully qualified domain name of the computer
on which you’re setting up server software. Using the form
.
Example: eros.example.com.<\/p>\n

To accept the default shown in brackets, press the Enter key.<\/p>\n

Warning: This step may take a few minutes if your DNS servers
can not be reached or if DNS is not configured correctly.  If
you would rather not wait, hit Ctrl-C and run this program again
with the following command line option to specify the hostname:<\/p>\n

    General.FullMachineName=your.hostname.domain.name<\/p>\n

Computer name [connect.svil.com.svil.com]: connect.svil.com<\/p>\n

==============================================================================
The servers must run as a specific user in a specific group.
It is strongly recommended that this user should have no privileges
on the computer (i.e. a non-root user).  The setup procedure
will give this user\/group some permissions in specific paths\/files
to perform server-specific operations.<\/p>\n

If you have not yet created a user and group for the servers,
create this user and group using your native operating
system utilities.<\/p>\n

System User [nobody]:
System Group [nobody]: <\/p>\n

==============================================================================
Server information is stored in the configuration directory server.
This information is used by the console and administration server to
configure and manage your servers.  If you have already set up a
configuration directory server, you should register any servers you
set up or create with the configuration server.  To do so, the
following information about the configuration server is required: the
fully qualified host name of the form
.(e.g. hostname.example.com), the port number
(default 389), the suffix, the DN and password of a user having
permission to write the configuration information, usually the
configuration directory administrator, and if you are using security
(TLS\/SSL).  If you are using TLS\/SSL, specify the TLS\/SSL (LDAPS) port
number (default 636) instead of the regular LDAP port number, and
provide the CA certificate (in PEM\/ASCII format).<\/p>\n

If you do not yet have a configuration directory server, enter ‘No’ to
be prompted to set up one.<\/p>\n

Do you want to register this software with an existing
configuration directory server? [no]: <\/p>\n

==============================================================================
Please enter the administrator ID for the configuration directory
server.  This is the ID typically used to log in to the console.  You
will also be prompted for the password.<\/p>\n

Configuration directory server
administrator ID [admin]:
Password:
Password (confirm): <\/p>\n

==============================================================================
The information stored in the configuration directory server can be
separated into different Administration Domains.  If you are managing
multiple software releases at the same time, or managing information
about multiple domains, you may use the Administration Domain to keep
them separate.<\/p>\n

If you are not using administrative domains, press Enter to select the
default.  Otherwise, enter some descriptive, unique name for the
administration domain, such as the name of the organization
responsible for managing the domain.<\/p>\n

Administration Domain [svil.com]: <\/p>\n

==============================================================================
The standard directory server network port number is 389.  However, if
you are not logged as the superuser, or port 389 is in use, the
default value will be a random unused port number greater than 1024.
If you want to use port 389, make sure that you are logged in as the
superuser, that port 389 is not in use.<\/p>\n

Directory server network port [40387]: <\/p>\n

==============================================================================
Each instance of a directory server requires a unique identifier.
This identifier is used to name the various
instance specific files and directories in the file system,
as well as for other uses as a server instance identifier.<\/p>\n

Directory server identifier [connect]:
Error: the server already exists at ‘\/etc\/dirsrv\/slapd-connect’
Please remove it first if you really want to recreate it,
or use a different ServerIdentifier to create another instance.
Directory server identifier [connect]: connections<\/p>\n

==============================================================================
The suffix is the root of your directory tree.  The suffix must be a valid DN.
It is recommended that you use the dc=domaincomponent suffix convention.
For example, if your domain is example.com,
you should use dc=example,dc=com for your suffix.
Setup will create this initial suffix for you,
but you may have more than one suffix.
Use the directory server utilities to create additional suffixes.<\/p>\n

Suffix [dc=svil, dc=com]: <\/p>\n

==============================================================================
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager.
You will also be prompted for the password for this user.  The password must
be at least 8 characters long, and contain no spaces.
Press Control-B or type the word “back”, then Enter to back up and start over.<\/p>\n

Directory Manager DN [cn=Directory Manager]:
Password:
Password (confirm): <\/p>\n

==============================================================================
You may install some sample entries in this directory instance.  These
entries will be installed in a separate suffix and will not interfere
with the normal operation of the directory server.<\/p>\n

Do you want to install the sample entries? [no]: yes<\/p>\n

==============================================================================
You may wish to populate your new directory instance with some data.
“You may already have a file in LDIF format to use or some suggested
entries can be added.  If you want to import entries from an LDIF
file, you may type in the full path and filename at the prompt.  If
you want the setup program to add the suggested entries, type the
word suggest at the prompt.  The suggested entries are common
container entries under your specified suffix, such as ou=People and
ou=Groups, which are commonly used to hold the entries for the persons
and groups in your organization.  If you do not want to add any of
these entries, type the word none at the prompt.<\/p>\n

Type the full path and filename, the word suggest, or the word none [suggest]: <\/p>\n

==============================================================================
The Administration Server is separate from any of your web or application
servers since it listens to a different port and access to it is
restricted.<\/p>\n

Pick a port number between 1024 and 65535 to run your Administration
Server on. You should NOT use a port number which you plan to
run a web or application server on, rather, select a number which you
will remember and which will not be used for anything else.<\/p>\n

Administration port [9830]: <\/p>\n

==============================================================================
If you want to configure the Administration Server to bind
to a specific IP address, enter the address below.<\/p>\n

IP address [0.0.0.0]: <\/p>\n

==============================================================================
The Administration Server program runs as a certain user on your
system. This user must have permission to modify files and directories
for your Directory server as well as the Administration server.  You
are strongly encouraged to use a non-privileged (i.e. non-root) user.<\/p>\n

Run Administration Server as [nobody]: <\/p>\n

==============================================================================
The interactive phase is complete.  The script will now set up your
servers.  Enter No or go Back if you want to change something.<\/p>\n

Are you ready to set up your servers? [yes]:
Creating directory server . . .
Your new DS instance ‘connections’ was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
output: Starting dirsrv-admin:
output:                                                    [  OK  ]
The admin server was successfully started.
Admin server was successfully created, configured, and started.
Exiting . . .
Log file is ‘\/tmp\/setupS7bwUq.log’<\/p>\n

[root@connect tmp]# <\/domainname><\/hostname><\/domainname><\/hostname><\/span><\/span><\/span><\/p>\n

2. Run 389-console<\/p>\n

<\/a><\/div>\n

3. Fill values as shown. Password is what you entered originally.<\/p>\n

<\/a><\/div>\n
<\/div>\n
<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Pre-config Steps 1. Switch to root id. 2. Ensure that a proper host name has been assigned to the Linux Server. I am running this inside a virtual machine and hence I have created a host name and assigned it to the local loopback address. (Edit the \/etc\/hosts file). Ensure that the server’s host name …<\/p>\n","protected":false},"author":2,"featured_media":78,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,3,25,14,24,23],"tags":[],"class_list":["post-18","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-389-directory-server","category-centos","category-identity-management","category-ldap","category-odsee","category-oracle-directory-server","entry entry-center"],"_links":{"self":[{"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/18","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=18"}],"version-history":[{"count":2,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/18\/revisions"}],"predecessor-version":[{"id":184,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/18\/revisions\/184"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/media\/78"}],"wp:attachment":[{"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=18"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=18"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=18"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}