All subsystems require access to Red Hat Directory Server. This Directory Server instance is used by the subsystems to store their system certificates and user data.
- Either Red Hat Directory Server 8.2 or 9.0 can be used.
- The Directory Server instance can be installed on the local system or on a remote system.
- Directory Server 8.2 instances can be installed on Red Hat Enterprise Linux 5 32-bit, Red Hat Enterprise Linux 5 64-bit, or Solaris 9 Sparc 64-bit.Directory Server 9.0 instances can be installed on Red Hat Enterprise Linux 6 32-bit or 64-bit systems.The Directory Server can be installed on any supported platform for its version, regardless of what platform the Certificate System is installed on.
Check that the Red Hat Directory Server is already installed. For example:
[root@server ~]# yum info redhat-ds Installed Packages Name : redhat-ds Arch : x86_64 Version : 8.2.0 Release : 0.14el5dsrv Size : 136M Repo : installed ...
Install and configure Red Hat Directory Server, if a directory service is not already available. For example:
[root@server ~]# yum install redhat-ds [root@server ~]# setup-ds-admin.pl
Go through the configuration wizard; the default settings are fine for the Certificate System needs.
Installing Red Hat Directory Server is described in more detail in the Red Hat Directory Server Installation Guide.
IMPORTANT
The Certificate System SELinux policies assume that the Red Hat Directory Server is listening over the standard LDAP/LDAPS ports, 389 and 636, respectively. If the Directory Server is using non-standard ports, then edit the SELinux policy using
semanage to relabel the LDAP/LDAPS ports and allow the subsystem to access the Directory Server.
IMPORTANT
Syntax checking is enabled by default in Directory Server 9.0, but it must be disabled for TPS enrollments to work properly.
[jsmith@server ~]$ ldapmodify -D "cn=Directory Manager" -w secret -h ds-server.example.com -p 389 -x dn: cn=config changetype: modify modify: nsslapd-syntaxcheck nsslapd-syntaxcheck: off