After the default Directory Server and Admin Server have been configured, there are tools available to manage, create, and remove server instances. These include Admin Server configurations to allow people to access the Directory Server files remotely, silent setup tools for installing instances from file configuration, and instance setup and removal scripts.
There are two additional setup steps that can be done with the Admin Server. This first allows the Admin Server to be accessed by remote clients, so that users can install and launch the Directory Server Console and still access the remote Directory Server file, such as help files. The next allows proxy HTTP servers to be used for the Admin Server.
NOTE
If you lock yourself out of the Console or Admin Server, you may have to edit the Admin Server configuration directly via LDAP. See http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt. for information on editing the Admin Server configuration.
The Directory Server Console can be launched from remote machines to access an instance of Directory Server. The client running Directory Server Console needs access to the Admin Server to access support files like the help content and documentation.
There are six steps to configure the Admin Server to accept the client IP address:
- On the same machine on which the Admin Server is running launch the Console.
/usr/bin/redhat-idm-console
- In the Admin Server Console, click the Configuration tab, then click the Network tab.
- In the Connection Restrictions Settings section, select IP Addresses to Allow from the pull down menu.
- Click Edit.
- In the IP Addresses field, enter the following:
*.*.*.*
This allows all IP addresses to access the Admin Server. - Restart the Admin Server.
WARNING
Adding the client machine proxy IP address to the Admin Server creates a potential security hole.
If there are proxies for the HTTP connections on the client machine running the Directory Server Console, the configuration must be changed in one of two ways:
- The proxy settings must be removed from the client machine. Removing proxies on the machine running Directory Server Console allows the client to access the Admin Server directly. To remove the proxy settings, edit the proxy configuration of the browser which is used to launch the help files.
- Add the client machine proxy IP address to Admin Server's list of acceptable IP addresses. This is described in Section 4.1.1, “Configuring IP Authorization on the Admin Server”.
WARNING
Adding the client machine proxy IP address to the Admin Server creates a potential security hole.
A Directory Server instance alone can be installed a machine using
setup-ds.pl. It is possible to go back later and install an Admin Server instance using the register-ds-admin.pl command. For example:
register-ds-admin.pl
When this script runs, it creates a local Admin Server.