4.6. Silent Setup
4.6.1. Silent Setup for Directory Server and Admin Server
-s -f setup.inf
) or setting Directory Server parameters on the command line.
- Install the Directory Server packages as in Section 3.1, “Installing the Directory Server Packages”.
- Make the setup
.inf
file. It must specify the following directives:[General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.com:389/o=NetscapeRoot [slapd] SlapdConfigForMC= Yes UseExistingMC= 0 ServerPort= 389 ServerIdentifier= dir Suffix= dc=example,dc=com RootDN= cn=Directory Manager RootDNPwd= secret ds_bename=exampleDB AddSampleEntries= No [admin] Port= 9830 ServerIpAddress= 111.11.11.11 ServerAdminID= admin ServerAdminPwd= admin
There are three sections of directives in the.inf
file to create the default Directory and Admin Servers:[General]
,[slapd]
, and[admin]
. Creating an additional instance, or installing a single instance of Directory Server usingsetup-ds.pl
, only requires two sections,[General]
and[slapd]
.Important
Red Hat strongly recommends to change the default Directory Server user values and to create adirsrv:dirsrv
user instead of using the defaultnobody:nobody
user.This parameters correspond to the information supplied during a typical setup. The.inf
file directives are described more in Section 4.6.5.1, “.inf File Directives”. - Run the
setup-ds-admin
script with the-s
and-f
options.# setup-ds-admin.pl -s -f /export/ds-inf/setup.inf
Runningsetup-ds-admin
installs both the Directory Server instance and the Admin Server instance. This means that the setup file must specify parameters for both the Directory Server and the Admin Server.-s
runs the script in silent mode, and-f /export/ds-inf/setup.inf
specifies the setup file to use.
4.6.2. Silent Directory Server Instance Creation
Note
- Make the setup
.inf
file. It must specify the following directives:[General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody [slapd] ServerPort= 389 ServerIdentifier= dir Suffix= dc=example,dc=com RootDN= cn=Directory Manager RootDNPwd= secret ds_bename=exampleDB SlapdConfigForMC= Yes UseExistingMC= 0 AddSampleEntries= No
There are two sections of directives in the instance creation:[General]
and[slapd]
. Installing the Admin Server, which is done in a default setup file, requires a third parameter as well,[admin]
, for the Admin Server.Important
Red Hat strongly recommends to change the default Directory Server user values and to create adirsrv:dirsrv
user instead of using the defaultnobody:nobody
user.This parameters correspond to the information supplied during a typical setup. The.inf
file directives are described more in Section 4.6.5.1, “.inf File Directives”. - Run the
setup-ds-admin.pl
script with the-s
and-f
options.# setup-ds-admin.pl -s -f /export/ds-inf/setup-single.inf
Runningsetup-ds-admin.pl
installs only a Directory Server instance, so the setup file must specify parameters only for the Directory Server.-s
runs the script in silent mode, and-f /export/ds-inf/setup.inf
specifies the setup file to use.
4.6.3. Sending Parameters in the Command Line
setup-ds-admin.pl
, allows settings for all three configuration components — General
(host server), slapd
(LDAP server), and admin
(Admin Server) — to be passed directly in the command line. Command-line arguments correspond to the parameters and values set in the .inf
file. The arguments used with setup-ds-admin.pl
specify the .inf
setup file section (General
, slapd
, or admin
), parameter, and value in the following form:
section.parameter=value
# setup-ds-admin.pl General.FullMachineName=ldap.example.com “slapd.Suffix=dc=example,dc=com” slapd.ServerPort=389
Note
.inf
sets the defaults used in the interactive prompt unless they are used with the s
(silent) option.
.inf
file instead.
.inf
file in conjunction with command line parameters. Parameters set in the command line override those specified in an .inf
file, which is useful for creating an .inf
file to use to set up many Directory Servers. Many of the parameters can be the same, such as ConfigDirectoryLdapURL
, ones specific to the host, such as FullMachineName
have to be unique. For example:
# setup-ds-admin.pl -s -f common.inf General.FullMachineName=ldap37.example.com slapd.ServerIdentifier=ldap37
common.inf
file, but overrides FullMachineName
and ServerIdentifier
with the command line arguments.
Note
.inf
files and on the command line are case sensitive. See Table 1.1, “setup-ds-admin Options” to check the correct capitalization.
4.6.4. Using the ConfigFile Parameter to Configure the Directory Server
ConfigFile
parameter in the .inf
is an extremely useful tool to configure the directory from the time it is set up. The ConfigFile
parameter specified an LDIF file to import into the directory. Since the ConfigFile
parameter can be used multiple times, it is a good idea to have multiple LDIF files so that the individual entries are easy to manage.
ConfigFile
parameter is set in the [slapd]
section of the .inf
.
ConfigFile
can be used to create the replication manager, replica, and replication agreement entries:
[slapd] ... ConfigFile = repluser.ldif ConfigFile = changelog.ldif ConfigFile = replica.ldif ConfigFile = replagreement.ldif ...
replica.ldif
contains the information to configure the new Directory Server instance as a supplier:
dn: cn=replica,cn=dc=example\,dc=com,cn=mapping tree,cn=config changetype: add objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: dc=example,dc=com nsds5replicaid: 7 nsds5replicatype: 3 nsds5flags: 1 nsds5ReplicaPurgeDelay: 604800 nsds5ReplicaBindDN: cn=replication manager,cn=config
ConfigFile
parameter can be used to create special user entries like the replication manager, to configure views or classes of service, to add new suffixes and databases, to create instances of the Attribute Uniqueness plug-in, and to set many other configurations for Directory Server.
4.6.5. About .inf File Parameters
.inf
file or passed in the command line with the setup-ds-admin.pl
command.
Note
setup-ds-admin.pl
command is described in Section 1.3, “About the setup-ds-admin.pl Script”.
.inf
file has three sections:
- General — which supplies information about the server machine; these are global directives that are common to all your Directory Servers.
- slapd — which supplies information about the specific Directory Server instance; this information, like the port and server ID, must be unique.
- admin — which supplies information specific to the Admin Server instance; this is not used when creating additional Directory Server server instances or setting up a single Directory Server instance.
.inf
file is as follows:
[General] directive=value directive=value directive=value ... [slapd] directive=value directive=value directive=value ... [admin] directive=value directive=value directive=value
.inf
file directives are explained more in the following sections.
4.6.5.1. .inf File Directives
Table 4.2. [General] Directives
Directive | Description | Required | Example |
---|---|---|---|
FullMachineName | Specifies the fully qualified domain name of the machine on which you are installing the server. The default is the local host name.
Note
The given host name must be a fully-qualified domain name that can be resolved using gethostname() and then can be reverse-resolved by IP address back to the original host name. If either name resolution attempt fails, then the setup script records a warning message in stdout and in the installation log.
| No | ldap.example.com |
SuiteSpotUserID | Specifies the user name as which the Directory Server instance runs. This parameter does not apply to the user as which the Admin Server runs. The default is user nobody on Linux. This should be changed for most deployments. | No | nobody |
SuiteSpotGroup | Specifies the group as which the servers will run. The default is group nobody on Linux. This should be changed for most deployments. | No | nobody |
ConfigDirectoryLdapURL | Specifies the LDAP URL that is used to connect to your configuration directory. LDAP URLs are described in the Directory Server Administrator's Guide. | Yes | ldap://ldap.example.com:389/o=NetscapeRoot |
AdminDomain | Specifies the administration domain under which this Directory Server instance is registered. See Section 1.2.11, “Administration Domain” for more information about administration domains. | No | example.com |
ConfigDirectoryAdminID | Specifies the user ID of the user that has administration privileges to the configuration directory. This is usually admin . | No | admin |
ConfigDirectoryAdminPwd | Specifies the password for the admin user. | Yes |
Table 4.3. [slapd] Directives
Directive | Description | Required | Example |
---|---|---|---|
ServerPort | Specifies the port the server will use for LDAP connections. For information on selecting server port numbers, see Section 1.2.2, “Port Numbers”. | No | 389 |
ServerIdentifier |
Specifies the server identifier. This value is used as part of the name of the directory in which the Directory Server instance is installed. For example, if the machine's host name is
phonebook , then this name is the default, and selecting it installs the Directory Server instance in a directory labeled slapd-phonebook .
The server identifier must not contain a period (.) or space character.
| No | phonebook |
Suffix | Specifies the suffix under which to store the directory data. For information on suffixes, see Section 1.2.9, “Directory Suffix”. | No | dc=example,dc=com |
RootDN | Specifies the distinguished name used by the Directory Manager. For information on the Directory Manager, see Section 1.2.6, “Directory Manager”. | No | cn=Directory Manager |
RootDNPwd | Specifies the Directory Manager's password.
Important
Do not use curly braces ( {} ) in the password. The root password is stored in the format {password-storage-scheme}hashed_password. Any characters in curly braces are interpreted by the server as the password storage scheme for the root password. If that text is not a valid storage scheme or if the password that follows is not properly hashed, then the Directory Manager cannot bind to the server.
| Yes | |
AddOrgEntries | If yes , this directive creates the new Directory Server instance with a suggested directory structure and access control. If this directive is used and InstallLdifFile is also used, then this directive has no effect. The default is no . | No | Yes |
AddSampleEntries | Sets whether to load an LDIF file with entries for the user directory during configuration. The default is no . | No | AddSampleEntries = yes |
InstallLdifFile | Populates the new directory with the contents of the specified LDIF file. Using suggest fills in common container entries (like ou=People ). Entering a path to an LDIF file imports all of the entries in that file. | No | InstallLdifFile = /tmp/entries/myldif.ldif |
SchemaFile | Lists the full path and file name of additional schema files; this is used if there is custom schema with the old Directory Server. This directive may be specified more than once. | No | SchemaFile= /tmp/slapd-example/config/custom.ldif |
ConfigFile | Lists the full path and file name of additional configuration to add to the new dse.ldif . This could include additional suffixes, databases, replication, or other configuration. This directive may be specified more than once. | No | ConfigFile= /path/to/mysuffix-db-config.ldif |
ds_bename | Sets the database name to use for the user database. If this is not specified, the default is userRoot . | No | ds_bename= exampleDB |
SlapdConfigForMC | Sets whether to store the configuration data in the new Directory Server instance. If this is not used, then the default is yes , meaning the configuration data are stored in the new instance. | No | SlapdConfigForMC = no |
UseExistingMC | Sets whether to store the configuration data in a separate Configuration Directory Server. If this is not used, then the default is 0 , meaning the configuration data are stored in the new instance. | No | UseExistingMC = 1 |
Table 4.4. [admin] Directives
Directive | Description | Required | Example |
---|---|---|---|
SysUser | Specifies the user as which the Admin Server will run. The default is user nobody on Linux. This should be changed for most deployments. For information as to what users your servers should run, see Section 1.2.5, “Directory Server User and Group”. | Yes | nobody |
Port | Specifies the port that the Admin Server will use. The default port is 9830. | No | 9830 |
ServerAdminID | Specifies the administration ID that can be used to access this Admin Server if the configuration directory is not responding. The default is to use the value specified by the ConfigDirectoryAdminID directive. See Section 1.2.7, “Directory Administrator”. | No | admin |
ServerAdminPwd | Specifies the password for the Admin Server user. | No | |
ServerIpAddress | Specifies the IP address on which the Admin Server will listen. Use this directive if you are installing on a multi-homed system and you do not want to use the first IP address for the Admin Server.
Both IPv4 and IPv6 addresses are supported.
| No |
4.6.5.2. Sample .inf Files
Example 4.1. .inf File for a Custom Installation
[General] FullMachineName= ldap.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= Admin123 ConfigDirectoryLdapURL= ldap://ldap.example.com:389/o=NetscapeRoot [slapd] SlapdConfigForMC= Yes UseExistingMC= 0 ServerPort= 389 ServerIdentifier= example Suffix= dc=example,dc=com RootDN= cn=directory manager RootDNPwd= Secret123 InstallLdifFile= suggest AddOrgEntries= Yes [admin] SysUser= nobody Port= 9830 ServerIpAddress= 10.14.0.25 ServerAdminID= admin ServerAdminPwd= Admin123
Important
dirsrv:dirsrv
user instead of using the default nobody:nobody
user.
Example 4.2. .inf File for Registering the Instance with a Configuration Directory Server (Typical Setup)
[General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.com:25389/o=NetscapeRoot [slapd] SlapdConfigForMC= No UseExistingMC= 1 UseExistingUG= No ServerPort= 18257 ServerIdentifier= directory Suffix= dc=example,dc=com RootDN= cn=Directory Manager UseReplication= No AddSampleEntries= No InstallLdifFile= suggest AddOrgEntries= Yes DisableSchemaChecking= No RootDNPwd= admin123 [admin] Port= 33646 ServerIpAddress= 111.11.11.11 ServerAdminID= admin ServerAdminPwd= admin
Important
dirsrv:dirsrv
user instead of using the default nobody:nobody
user.