Show Table of Contents
4.6. Silent Setup
Silent setup uses a file to predefine all the Directory Server configuration parameters that are normally supplied interactively with the setup program. The silent functionality allows you to script the setup of multiple instances of Directory Server.
4.6.1. Silent Setup for Directory Server and Admin Server
Silent setup is useful at sites where many server instances must be created, especially for heavily replicated sites that will create a large number of consumer servers. Silent setup uses the same scripts that are used to create instances of Directory Server and Admin Server, with a special option signaling that the script is to be run silently. Silent mode requires referencing a setup parameter file (
-s -f setup.inf) or setting Directory Server parameters on the command line.
To run a silent setup of both the Directory Server and Admin Server:
- Install the Directory Server packages as in Section 3.1, “Installing the Directory Server Packages”.
- Make the setup
.inffile. It must specify the following directives:[General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.com:389/o=NetscapeRoot [slapd] SlapdConfigForMC= Yes UseExistingMC= 0 ServerPort= 389 ServerIdentifier= dir Suffix= dc=example,dc=com RootDN= cn=Directory Manager RootDNPwd= secret ds_bename=exampleDB AddSampleEntries= No [admin] Port= 9830 ServerIpAddress= 111.11.11.11 ServerAdminID= admin ServerAdminPwd= admin
There are three sections of directives in the.inffile to create the default Directory and Admin Servers:[General],[slapd], and[admin]. Creating an additional instance, or installing a single instance of Directory Server usingsetup-ds.pl, only requires two sections,[General]and[slapd].Important
Red Hat strongly recommends to change the default Directory Server user values and to create adirsrv:dirsrvuser instead of using the defaultnobody:nobodyuser.This parameters correspond to the information supplied during a typical setup. The.inffile directives are described more in Section 4.6.5.1, “.inf File Directives”. - Run the
setup-ds-adminscript with the-sand-foptions.# setup-ds-admin.pl -s -f /export/ds-inf/setup.inf
Runningsetup-ds-admininstalls both the Directory Server instance and the Admin Server instance. This means that the setup file must specify parameters for both the Directory Server and the Admin Server.-sruns the script in silent mode, and-f /export/ds-inf/setup.infspecifies the setup file to use.
After the script runs, the new Directory Server and Admin Server instances are configured and running, as with a standard setup.
4.6.2. Silent Directory Server Instance Creation
Like setting up both the Directory Server and Admin Server, silent setup for a single instance is useful for configuring multiple instances quickly. Silent setup uses the same scripts that are used to create a new instances of Directory Server, with a special option signaling that the script is to be run silently and referencing the setup file to use.
To run a silent setup of a Directory Server instance:
Note
When creating a single instance of Directory Server, the Directory Server packages must already be installed, and the Admin Server must already be configured and running.
- Make the setup
.inffile. It must specify the following directives:[General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody [slapd] ServerPort= 389 ServerIdentifier= dir Suffix= dc=example,dc=com RootDN= cn=Directory Manager RootDNPwd= secret ds_bename=exampleDB SlapdConfigForMC= Yes UseExistingMC= 0 AddSampleEntries= No
There are two sections of directives in the instance creation:[General]and[slapd]. Installing the Admin Server, which is done in a default setup file, requires a third parameter as well,[admin], for the Admin Server.Important
Red Hat strongly recommends to change the default Directory Server user values and to create adirsrv:dirsrvuser instead of using the defaultnobody:nobodyuser.This parameters correspond to the information supplied during a typical setup. The.inffile directives are described more in Section 4.6.5.1, “.inf File Directives”. - Run the
setup-ds-admin.plscript with the-sand-foptions.# setup-ds-admin.pl -s -f /export/ds-inf/setup-single.inf
Runningsetup-ds-admin.plinstalls only a Directory Server instance, so the setup file must specify parameters only for the Directory Server.-sruns the script in silent mode, and-f /export/ds-inf/setup.infspecifies the setup file to use.
After the script runs, the new Directory Server instance is configured and running, as with a standard setup.
4.6.3. Sending Parameters in the Command Line
The setup utility,
setup-ds-admin.pl, allows settings for all three configuration components — General (host server), slapd (LDAP server), and admin (Admin Server) — to be passed directly in the command line. Command-line arguments correspond to the parameters and values set in the .inf file. The arguments used with setup-ds-admin.pl specify the .inf setup file section (General, slapd, or admin), parameter, and value in the following form:
section.parameter=value
For example, to set the machine name, suffix, and Directory Server port of the new instance, the command is as follows:
# setup-ds-admin.pl General.FullMachineName=ldap.example.com “slapd.Suffix=dc=example,dc=com” slapd.ServerPort=389
Note
Passing arguments in the command line or specifying an
.inf sets the defaults used in the interactive prompt unless they are used with the s (silent) option.
Argument values containing spaces or other shell special characters must quoted to prevent the shell from interpreting them. In the previous example, the suffix value has a space character, so the entire parameter has to be quoted. If many of the parameters have to be quoted or escaped, use an
.inf file instead.
You can use an
.inf file in conjunction with command line parameters. Parameters set in the command line override those specified in an .inf file, which is useful for creating an .inf file to use to set up many Directory Servers. Many of the parameters can be the same, such as ConfigDirectoryLdapURL, ones specific to the host, such as FullMachineName have to be unique. For example:
# setup-ds-admin.pl -s -f common.inf General.FullMachineName=ldap37.example.com slapd.ServerIdentifier=ldap37
This command uses the common parameters specified in the
common.inf file, but overrides FullMachineName and ServerIdentifier with the command line arguments.
Note
The section names and parameter names used in the
.inf files and on the command line are case sensitive. See Table 1.1, “setup-ds-admin Options” to check the correct capitalization.
4.6.4. Using the ConfigFile Parameter to Configure the Directory Server
The
ConfigFile parameter in the .inf is an extremely useful tool to configure the directory from the time it is set up. The ConfigFile parameter specified an LDIF file to import into the directory. Since the ConfigFile parameter can be used multiple times, it is a good idea to have multiple LDIF files so that the individual entries are easy to manage.
The
ConfigFile parameter is set in the [slapd] section of the .inf.
For example, to configure a new Directory Server instance as a supplier in replication,
ConfigFile can be used to create the replication manager, replica, and replication agreement entries:
[slapd] ... ConfigFile = repluser.ldif ConfigFile = changelog.ldif ConfigFile = replica.ldif ConfigFile = replagreement.ldif ...
The LDIF file contains the entry information. For example, the
replica.ldif contains the information to configure the new Directory Server instance as a supplier:
dn: cn=replica,cn=dc=example\,dc=com,cn=mapping tree,cn=config changetype: add objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: dc=example,dc=com nsds5replicaid: 7 nsds5replicatype: 3 nsds5flags: 1 nsds5ReplicaPurgeDelay: 604800 nsds5ReplicaBindDN: cn=replication manager,cn=config
For more information on LDIF, see the Directory Server Administrator's Guide.
The
ConfigFile parameter can be used to create special user entries like the replication manager, to configure views or classes of service, to add new suffixes and databases, to create instances of the Attribute Uniqueness plug-in, and to set many other configurations for Directory Server.
4.6.5. About .inf File Parameters
With a silent setup, all of the configuration information that is normally supplied interactively with the setup program must be included in the
.inf file or passed in the command line with the setup-ds-admin.pl command.
Note
Providing configuration parameters with the
setup-ds-admin.pl command is described in Section 1.3, “About the setup-ds-admin.pl Script”.
The
.inf file has three sections:
- General — which supplies information about the server machine; these are global directives that are common to all your Directory Servers.
- slapd — which supplies information about the specific Directory Server instance; this information, like the port and server ID, must be unique.
- admin — which supplies information specific to the Admin Server instance; this is not used when creating additional Directory Server server instances or setting up a single Directory Server instance.
The format of the
.inf file is as follows:
[General] directive=value directive=value directive=value ... [slapd] directive=value directive=value directive=value ... [admin] directive=value directive=value directive=value
The
.inf file directives are explained more in the following sections.
4.6.5.1. .inf File Directives
Table 4.2. [General] Directives
| Directive | Description | Required | Example |
|---|---|---|---|
| FullMachineName | Specifies the fully qualified domain name of the machine on which you are installing the server. The default is the local host name.
Note
The given host name must be a fully-qualified domain name that can be resolved using gethostname() and then can be reverse-resolved by IP address back to the original host name. If either name resolution attempt fails, then the setup script records a warning message in stdout and in the installation log.
| No | ldap.example.com |
| SuiteSpotUserID | Specifies the user name as which the Directory Server instance runs. This parameter does not apply to the user as which the Admin Server runs. The default is user nobody on Linux. This should be changed for most deployments. | No | nobody |
| SuiteSpotGroup | Specifies the group as which the servers will run. The default is group nobody on Linux. This should be changed for most deployments. | No | nobody |
| ConfigDirectoryLdapURL | Specifies the LDAP URL that is used to connect to your configuration directory. LDAP URLs are described in the Directory Server Administrator's Guide. | Yes | ldap://ldap.example.com:389/o=NetscapeRoot |
| AdminDomain | Specifies the administration domain under which this Directory Server instance is registered. See Section 1.2.11, “Administration Domain” for more information about administration domains. | No | example.com |
| ConfigDirectoryAdminID | Specifies the user ID of the user that has administration privileges to the configuration directory. This is usually admin. | No | admin |
| ConfigDirectoryAdminPwd | Specifies the password for the admin user. | Yes |
Table 4.3. [slapd] Directives
| Directive | Description | Required | Example |
|---|---|---|---|
| ServerPort | Specifies the port the server will use for LDAP connections. For information on selecting server port numbers, see Section 1.2.2, “Port Numbers”. | No | 389 |
| ServerIdentifier |
Specifies the server identifier. This value is used as part of the name of the directory in which the Directory Server instance is installed. For example, if the machine's host name is
phonebook, then this name is the default, and selecting it installs the Directory Server instance in a directory labeled slapd-phonebook.
The server identifier must not contain a period (.) or space character.
| No | phonebook |
| Suffix | Specifies the suffix under which to store the directory data. For information on suffixes, see Section 1.2.9, “Directory Suffix”. | No | dc=example,dc=com |
| RootDN | Specifies the distinguished name used by the Directory Manager. For information on the Directory Manager, see Section 1.2.6, “Directory Manager”. | No | cn=Directory Manager |
| RootDNPwd | Specifies the Directory Manager's password.
Important
Do not use curly braces ( {}) in the password. The root password is stored in the format {password-storage-scheme}hashed_password. Any characters in curly braces are interpreted by the server as the password storage scheme for the root password. If that text is not a valid storage scheme or if the password that follows is not properly hashed, then the Directory Manager cannot bind to the server.
| Yes | |
| AddOrgEntries | If yes, this directive creates the new Directory Server instance with a suggested directory structure and access control. If this directive is used and InstallLdifFile is also used, then this directive has no effect. The default is no. | No | Yes |
| AddSampleEntries | Sets whether to load an LDIF file with entries for the user directory during configuration. The default is no. | No | AddSampleEntries = yes |
| InstallLdifFile | Populates the new directory with the contents of the specified LDIF file. Using suggest fills in common container entries (like ou=People). Entering a path to an LDIF file imports all of the entries in that file. | No | InstallLdifFile = /tmp/entries/myldif.ldif |
| SchemaFile | Lists the full path and file name of additional schema files; this is used if there is custom schema with the old Directory Server. This directive may be specified more than once. | No | SchemaFile= /tmp/slapd-example/config/custom.ldif |
| ConfigFile | Lists the full path and file name of additional configuration to add to the new dse.ldif. This could include additional suffixes, databases, replication, or other configuration. This directive may be specified more than once. | No | ConfigFile= /path/to/mysuffix-db-config.ldif |
| ds_bename | Sets the database name to use for the user database. If this is not specified, the default is userRoot. | No | ds_bename= exampleDB |
| SlapdConfigForMC | Sets whether to store the configuration data in the new Directory Server instance. If this is not used, then the default is yes, meaning the configuration data are stored in the new instance. | No | SlapdConfigForMC = no |
| UseExistingMC | Sets whether to store the configuration data in a separate Configuration Directory Server. If this is not used, then the default is 0, meaning the configuration data are stored in the new instance. | No | UseExistingMC = 1 |
Table 4.4. [admin] Directives
| Directive | Description | Required | Example |
|---|---|---|---|
| SysUser | Specifies the user as which the Admin Server will run. The default is user nobody on Linux. This should be changed for most deployments. For information as to what users your servers should run, see Section 1.2.5, “Directory Server User and Group”. | Yes | nobody |
| Port | Specifies the port that the Admin Server will use. The default port is 9830. | No | 9830 |
| ServerAdminID | Specifies the administration ID that can be used to access this Admin Server if the configuration directory is not responding. The default is to use the value specified by the ConfigDirectoryAdminID directive. See Section 1.2.7, “Directory Administrator”. | No | admin |
| ServerAdminPwd | Specifies the password for the Admin Server user. | No | |
| ServerIpAddress | Specifies the IP address on which the Admin Server will listen. Use this directive if you are installing on a multi-homed system and you do not want to use the first IP address for the Admin Server.
Both IPv4 and IPv6 addresses are supported.
| No |
4.6.5.2. Sample .inf Files
Example 4.1. .inf File for a Custom Installation
[General] FullMachineName= ldap.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= Admin123 ConfigDirectoryLdapURL= ldap://ldap.example.com:389/o=NetscapeRoot [slapd] SlapdConfigForMC= Yes UseExistingMC= 0 ServerPort= 389 ServerIdentifier= example Suffix= dc=example,dc=com RootDN= cn=directory manager RootDNPwd= Secret123 InstallLdifFile= suggest AddOrgEntries= Yes [admin] SysUser= nobody Port= 9830 ServerIpAddress= 10.14.0.25 ServerAdminID= admin ServerAdminPwd= Admin123
Important
Red Hat strongly recommends to change the default Directory Server user values and to create a
dirsrv:dirsrv user instead of using the default nobody:nobody user.
Example 4.2. .inf File for Registering the Instance with a Configuration Directory Server (Typical Setup)
[General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.com:25389/o=NetscapeRoot [slapd] SlapdConfigForMC= No UseExistingMC= 1 UseExistingUG= No ServerPort= 18257 ServerIdentifier= directory Suffix= dc=example,dc=com RootDN= cn=Directory Manager UseReplication= No AddSampleEntries= No InstallLdifFile= suggest AddOrgEntries= Yes DisableSchemaChecking= No RootDNPwd= admin123 [admin] Port= 33646 ServerIpAddress= 111.11.11.11 ServerAdminID= admin ServerAdminPwd= admin
Important
Red Hat strongly recommends to change the default Directory Server user values and to create a
dirsrv:dirsrv user instead of using the default nobody:nobody user.