Red Hat NETSCAPE DIRECTORY SERVER 6.0 Instalační příručka

LandmannRed Hat Directory Server 8.2Installation GuideInstalling Red Hat Directory Server 8.2Edition 8.2.2

NOTEA note provides additional information that can help illustrate the behavior of the system orprovide more detail for a specific issue.IMPORTANTImp

GSS- APIGeneric Security Services. T he generic access protocol that is the native way for UNIX-basedsystems to access and authenticate Kerberos servi

indirect CoSAn indirect CoS identifies the template entry using the value of one of the target entry'sattributes.int ernational indexSpeeds up se

LDAPv3Version 3 of the LDAP protocol, upon which Directory Server bases its schema format.LDBM databaseA high-performance, disk-based database consist

master agentSee SNMP master agent.matching ruleProvides guidelines for how the server compares strings during a search operation. In aninternational s

The problem of managing multiple instances of the same information in different directories,resulting in increased hardware and personnel costs.name c

OIDSee object identifier.operational attribut eContains information used internally by the directory to keep track of modifications and subtreepropert

presence indexAllows searches for entries that contain a specific indexed attribute.prot ocolA set of rules that describes how devices on a network ex

string to form the full distinguished name. Also relative distinguished name.read- only replicaA replica that refers all update operations to read-wri

RFCRequest for Comments. Procedures or standards documents submitted to the Internetcommunity. People can send comments on the technologies before the

Server ConsoleJava-based application that allows you to perform administrative management of your DirectoryServer from a GUI.server daemonThe server d

Red Hat Directory Server Schema Reference provides reference information about the DirectoryServer schema.Red Hat Directory Server Plug-in Programmer&

SNMPUsed to monitor and manage application processes running on the servers by exchanging dataabout network activity. Also Simple Network Management P

supplier serverIn the context of replication, a server that holds a replica that is copied to a different server iscalled a supplier for that replica.

Transport Layer SecuritySee TLS.UuidA unique number associated with each user on a Unix system.URLUniform Resource Locater. The addressing system used

Administration domain, Administration DomainCClients cannot locat e the server, Problem: Clients cannot locate the serverCommand- line arguments, Sen

- starting, Starting the Directory Server ConsoleDirect ory suffix, Directory Suffixdskt une, Using dsktuneEExpress setup- Red Hat Enterprise Linux, E

- setup-ds-admin.pl, Overview of Setup- silent, Overview of SetupMMigrat ing, Migrat ing from Previous Versions- overview, Migration and Upgrade Overv

Perl- Red Hat Enterprise Linux, Perl PrerequisitesPort number- finding Admin Server, Getting the Admin Server Port NumberRRed Hat Ent erprise Linux, S

- modes compared, Overview of Setup- Red Hat Enterprise Linux- custom, Custom Setup- express, Express Setup- typical, T ypical Setup- silent setup, Si

Typical setup- Red Hat Enterprise Linux, T ypical SetupUUninstalling Directory Server- Red Hat Enterprise Linux, Uninstalling Directory Serverupgrade-

Chapter 1. Preparing for a Directory Server InstallationBefore you install Red Hat Directory Server 8.2, there are required settings and information t

lab.eng.exam ple.com , so the domain name used by the setup script is lab.eng.exam ple.com .Any information in the /etc/resolv.conf file must match th

NOTEWhen determining the port numbers you will use, verify that the specified port numbers are notalready in use by running a command like netstat.If

Section 1.2.2, “Port Numbers” has more information on port numbers in Directory Server.1.2.5. Directory ManagerThe Directory Server setup creates a sp

The directory suffix is the first entry within the directory tree. At least one directory suffix must beprovided when the Directory Server is set up.

configuration settings for the Directory Server and Admin Server instances. For example:setup-ds-admin.plThe setup-ds-adm in.pl script can also accept

NOTEThe section names and parameter names used in the .inf files and on the command line arecase sensitive. Refer to T able 1.1, “setup-ds-admin Optio

Table 1.1. set up- ds-admin Opt ionsOption Alternate Options Description Example--silent -s This sets that thesetup script will run insilent mode, dra

Red Hat Directory Server 8.2 Installation GuideInstalling Red Hat Directory Server 8.2Edition [email protected] m

inf.WARNINGThe cache filecontains thecleartextpasswordssupplied duringsetup. Useappropriatecaution andprotection withthis file.--logfile name -l This

information about the directory service, like suffix and configuration directory information, while stillproceeding quickly through the setup process.

Table 1.2. Comparison of Setup TypesSetupScreenParameterInputExpress Typical Custom Silent SetupFileParameterContinue withsetupYes or no N/AAccept lic

Give theConfigurationDirectoryServer user ID[a]admin[General]ConfigDirectoryAdminID=adminGive theConfigurationDirectoryServer userpassword [a]password

DirectoryManager IDManager[slapd]RootDN=cn=DirectoryManagerSet theDirectoryManagerpasswordpassword[slapd]RootDNPwd=passwordInstall sampleentriesYes or

runsnobodyAre you readyto configureyour servers?Yes or no N/A[a] This o p tio n is o nly availab le if yo u c ho o se to reg ister the Direc to ry Se

Chapter 2. System RequirementsBefore configuring the default Red Hat Directory Server 8.2 instances, it is important to verify that thehost server has

2.1.2. Directory Server Supported PlatformsDirectory Server 8.2 is supported on the following platforms:Red Hat Enterprise Linux 4 x86 (32-bit)Red Hat

Along with meeting the required operating system patches and platforms, system settings, like thenumber of file descriptors and T CP information, shou

NOTERed Hat Directory Server is also supported running on a virtual guest on a Red Hat EnterpriseLinux virtual server.Both Red Hat Enterprise Linux ve

Legal NoticeCopyright © 2010 Red Hat, Inc..This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 UnportedLicense

2.3.2. Red Hat Enterprise Linux System ConfigurationAfter verifying the system's kernel and glibc configuration and installing any required modul

Chapter 3. Setting up Red Hat Directory Server on Red HatEnterprise LinuxInstalling and configuring Red Hat Directory Server on Red Hat Enterprise Lin

3.1. Installing OpenJDKNecessary Java libraries are not bundled with Directory Server. T hey must be downloaded andextracted separately before install

channel on Red Hat Network, http://rhn.redhat.com.It is also possible to install the Directory Server packages from media:a. Download the packages fr

NOTEThe Directory Server requires the fully-qualified domain name to set up the servers, as describedin Section 1.2.1, “Resolving the Fully-qualified

NOTETo register the Directory Server instance with an existing Configuration Directory Server,select yes. This continues with the registration process

1. Get the Admin Server port number from the Listen parameter in the console.confconfiguration file.grep \^Listen /etc/dirsrv/adm in-serv/console.con

defaults to the fully-qualified domain name (FQDN) for the host. For example:Computer name [ldap.example.com]:NOTEThe Directory Server requires the fu

NOTETo register the Directory Server instance with an existing Configuration Directory Server,select yes. This continues with the registration process

Are you ready to set up your servers? [yes]:Creating directory server . . .Your new DS instance 'example2' was successfully created.Creating

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

WARNINGIf Directory Server is already installed on your machine, it is extremely important that you performa migration, not a fresh installation. Migr

instance, called the Configuration Directory Server. T his registers the new instance so it can bemanaged by the Console. If this is the first Directo

the Directory Server database. T his option is helpful for evaluation or testing Directory Serverfeatures.This is not required.17. Select whether to

/usr/bin/redhat-idm -console -a http://localhost:9830NOTEIf you do not pass the Admin Server port number with the redhat-idm-console command,then you

Chapter 4. Advanced Setup and ConfigurationAfter the default Directory Server and Admin Server have been configured, there are tools available tomanag

If there are proxies for the HT T P connections on the client machine running the Directory ServerConsole, the configuration must be changed in one of

NOTENew Directory Server instances can be created through the Directory Server Console; this isdescribed in the Directory Server Administrator's

4.3.2. Registering an Existing Directory Server Instance with the ConfigurationDirectory ServerThe Configuration Directory Server uses the o=NetscapeR

1. Install the Directory Server packages.2. Make the setup .inf file. It must specify the following directives:[General] FullMachineName= dir.exampl

NOTEWhen creating a single instance of Directory Server, the Directory Server packages must alreadybe installed, and the Admin Server must already be

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

/usr/sbin/setup-ds-admin.pl General.FullMachineName=ldap.exam ple.com “slapd.Suffix=dc=example,dc=com” slapd.ServerPort=389NOTEPassing argumen

Table 4 .2. setup- ds-admin OptionsOption Alternate Options Description Example--silent -s This sets that thesetup script will run insilent mode, draw

WARNINGThe cache filecontains thecleartextpasswordssupplied duringsetup. Useappropriatecaution andprotection withthis file.--logfile name -l This para

dn: cn=replica,cn=dc=example\,dc=com,cn=mapping tree,cn=configchangetype: addobjectclass: topobjectclass: nsds5replicaobjectclass: extensibleObjectcn:

[General] directive=value directive=value directive=value ...[slapd] directive=valuedirective=value directive=value ...[admin]directive=value directiv

Table 4 .3. [General] DirectivesDirect ive Description Required ExampleFullMachineName Specifies the fullyqualified domain nameof the machine onwhich

ConfigDirectoryAdminPwdSpecifies the passwordfor the admin user.YesChapter 4. Advanced Setup and Configuration 53

Table 4 .4 . [slapd] DirectivesDirect ive Description Required ExampleServerPort Specifies the port theserver will use for LDAPconnections. Forinforma

structure and accesscontrol. If this directiveis used and InstallLdifFile isalso used, then thisdirective has no effect.The default is no.AddSampleEnt

is not used, then thedefault is yes, meaningthe configuration dataare stored in the newinstance.UseExistingMC Sets whether to storethe configuration d

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Table 4 .5. [admin] DirectivesDirect ive Description Required ExampleSysUser Specifies the user aswhich the Admin Serverwill run. The default isuser n

Example 4 .1. .inf File for a Custom Installat ion[General]FullMachineName= ldap.exam ple.comSuiteSpotUserID= nobodySuiteSpotGroup=

Example 4 .2. .inf File for Registering the Instance with a Configuration Directory Server(Typical Setup)[General] FullMachineName= dir.example.com Su

NOTEThere are two PassSync packages available, one for 32-bit Windows servers and one for64-bit. Make sure to select the appropriate packages for your

certutil.exe -d . -L -n "DS CA cert"13. Reboot the Windows machine. The Password Sync service is not available until after a systemreboot.N

4.7.1. Removing a Single Directory Server InstanceIt is possible to remove a single instance of Directory Server without uninstalling the system./usr/

Chapter 5. Migrating from Previous VersionsRed Hat Directory Server 8.2 supports both a migration path and an in-place upgrade, depending on theversio

5.2. Migrating 7.1 ServersRed Hat Directory Server 7.1 servers are migrated to a new Directory Server 8.2 instance. This uses aspecial script which ca

old Directory Server. There is also one required argument, General.ConfigDirectoryAdminPwd,which gives the password of the directory administrator for

Table 5.1. migrate-ds-admin Opt ionsOption Alternate Options DescriptionGeneral.ConfigDirectoryAdminPwd=passwordRequired. This is the passwordfor the

Red Hat Directory Server 8.2 Installation Guide4

another with a differentarchitecture. For cross-platformmigrations, only certain data aremigrated. This migration actiontakes database informationexpo

5.2.2. Before MigrationFor the safety of the Directory Server data, do these things before beginning to migrate the DirectoryServer instances:Shut dow

10presence.ldif05rfc2247.ldif5.2.3. Migrating a Server or Single InstanceTo migrate a Directory Server installation to a new one on the same machine,

resynchronized.a. Reboot the Windows machine.b. In the Directory Server Console, open the Configuration tab.c. Expand the Replication folder, and s

packages.Make the first migrated master the configuration instance since it is not replicated. T hen,register other master and hub servers with the fi

NOTEIf the new machine has a different architecture than the old machine, such as moving from x86 tox86_64, you must perform a cross platform migratio

1. Stop all Directory Server instances and the Admin Server.2. Back up all the Directory Server user and configuration data.3. Install the Director

NOTEOn Red Hat Enterprise Linux 5 (64-bit) machines, the m igrate-ds-adm in tool is in the /usr/sbin directory.The command format to move from one pla

/usr/sbin/migrate-ds-admin.pl --cross --oldsroot server2:/migration/opt/redhat-ds --actualsroot /opt/redhat-ds General.ConfigDirectoryAdminPwd=passwor

IMPORTANTIf there are any duplicate entries (based on duplicate DNs), then the upgrade process makes acopy of the database. It is possible, in an extr

PrefaceThis installation guide describes the Red Hat Directory Server 8.2 installation process and the migrationprocess. T his manual provides detaile

rpm -qf /usr/sbin/setup-ds-admin.pl redhat-ds-admin-8.2.0-0.el5dsrv6. Verify that the directory databases have been successfully migrated. Directory

ls -R /var/lib/dirsrv/slapd-instance_name/dbdb:abcRoot abcRoot.orig DBVERSION guardian log.0000000001 userRootdb/abcRoot:aci.db4 DBVERSIO

NOTEManually restarting the server should only be required for Red Hat Enterprise Linux 4systems. Other systems should restart automatically.NOTEThe s

[..] - upgradedn userRoot: Duplicated entrydn detected: "cn=uid\3djsmith1\2cou\3ddev0\2co\3dengineering0,ou=people,dc=example,dc=com ": Entr

To upgrade Directory Server and move the instance from one machine to another, the 8.1 informationmust be imported into the new instance manually. T h

4. Copy the LDIF files from the old machine to the new machine.5. Import the LDIF files into the new Directory Server 8.2 databases.ldif2db -n userR

8. Run setup-ds.pl with the -u option. This updates the DN formats in any migrated databases tobe compliant with RFC 4514.setup-ds.pl -u9. Restart t

Chapter 6. General Usage InformationThis chapter contains common information that you will use after installing Red Hat Directory Server 8.2,such as w

Table 6.2. Red Hat Enterprise Linux 4 and 5 (x86_64 )File or Directory LocationLog files /var/log/dirsrv/slapd-instanceConfiguration files /etc/dirsr

redhat-idm-console -a http://localhost:9830 -u "cn=Directory Manager" -w secretTable 6.3. redhat- idm-console OptionsOption Description-a ad

1.1. Command and File ExamplesAll of the examples for Red Hat Directory Server commands, file locations, and other usage are given forRed Hat Enterpri

Passing the instance name stops or starts only that instance; not giving any name starts or stops allinstances.NOTEThe service name for the Directory

cd /etc/dirsrv/slapd-instance/vi dse.ldif4. Locate the nsslapd-rootpw parameter.nsslapd-rootpw: {SS HA}x03lZLMyOPaGH5VB8fcys1IV+TVNbBIOwZEYoQ==Delete

Example 6.1. dskt une OutputRed Hat Directory Server system tuning analysis version 10-AUGUST-2007.NOTICE : System is i686-unknown-linux2.6.9-34.EL (1

/etc/dirsrv/slapd-instance_name directory.GlossaryAaccess cont rol instructionSee ACI.access cont rol listSee ACL.access right sIn the context of acce

regardless of the conditions of the bind.approximate indexAllows for efficient approximate or "sounds-like" searches.at tributeHolds descrip

bind DNDistinguished name used to authenticate to Directory Server when performing an operation.bind ruleIn the context of access control, the bind ru

server. Programs written to use CGI are called CGI programs or CGI scripts and can be writtenin many of the common programming languages. CGI programs

alphabet or how to compare letters with accents to letters without accents.consumerServer containing replicated directory trees or subtrees from a sup

definition entrySee CoS definition entry.Direct ory Access ProtocolSee DAP.Direct ory ManagerThe privileged database administrator, comparable to the

called realthing.yourdomain.domain where the server currently exists.EentryA group of lines in the LDIF file that contains information about an object