3.4. Custom Setup

Custom setup provides two special configuration options that allow you to add information to the Directory Server databases during the setup period. One imports an LDIF file, which is useful if you have existing information. The other imports sample data that is included with Directory Server; this is useful for testing features of Directory Server and for evaluation.

Note

Run the setup-ds-admin.pl script as root.
The custom setup has the following steps:

Warning

If Directory Server is already installed on your machine, it is extremely important that you perform a migration, not a fresh installation. Migration is described in Chapter 5, Migrating from Previous Versions.
  1. After the Directory Server packages are installed as described in Section 3.1, “Installing the Directory Server Packages”, then launch the setup-ds-admin.pl script. 
    # setup-ds-admin.pl
    This script allows parameters to be passed with it or to specify configuration files to use. The options are described more in Section 1.3, “About the setup-ds-admin.pl Script”.
  2. Select y to accept the Red Hat licensing terms.
  3. The dsktune utility runs. Select y to continue with the setup.
    dsktune checks the available disk space, processor type, physical memory, and other system data and settings such as TCP/IP ports and file descriptor settings. If your system does not meet these basic Red Hat Directory Server requirements, dsktune returns a warning. dsktune warnings do not block the setup process; simply enter y to go to the next step.
  4. Next, choose the setup type. Accept the default, option 3, to perform a custom setup.
  5. Set the computer name of the machine on which the Directory Server is being configured. This defaults to the fully-qualified domain name (FQDN) for the host. For example: 
    Computer name [ldap.example.com]:
    The given host name must be a fully-qualified domain name that can be resolved using gethostname() and then can be reverse-resolved by IP address (IPv4 or IPv6) back to the original host name. If either name resolution attempt fails, then the setup script returns a warning message and prompts you to continue.

    Note

    The Directory Server requires the fully-qualified domain name to set up the servers, as described in Section 1.2.1, “Resolving the Fully-qualified Domain Name”. The setup script uses the system's gethostname() function to obtain the host name (such as ldap) and the /etc/resolv.conf file to identify the domain name (such as example.com).
    Therefore, if there are aliases in the /etc/hosts file that do not match the specified domains in the /etc/resolv.conf settings, the setup script cannot correctly generate the fully-qualified domain name as it is used by DNS, and the default options in the prompts are wrong.
    The host name is very important. It is used generate the Directory Server instance name, the admin domain, and the base suffix, among others. If you are using SSL/TLS or Kerberos, the computer name must be the exact name that clients use to connect to the system. If you will use DNS, make sure the name resolves to a valid IP address (IPv4 or IPv6) and that IP address resolves back to this name.
  6. Set the user and group as which the Directory Server process will run. The default is nobody:nobody. However, Red Hat strongly recommends to use a different user and group name such as dirsrv. For example: 
    System User [nobody]: dirsrv
System Group [nobody]: dirsrv
  7. The next step allows you to register your Directory Server with an existing Directory Server instance, called the Configuration Directory Server. This registers the new instance so it can be managed by the Console. If this is the first Directory Server instance set up on your network, it is not possible to register it with another directory. Select n to set up this Directory Server as a Configuration Directory Server and move to the next custom install step, setting up the administrator user.

    Note

    To register the Directory Server instance with an existing Configuration Directory Server, select yes. This continues with the registration process rather than the regular custom setup process.
    Registering a new instance with a Configuration Directory Server requires you to supply information about the Configuration Directory Server:
    • The Configuration Directory Server URL, such as ldap://ldap.example.com:389/o=NetscapeRoot
      To use TLS/SSL, set the protocol as ldaps:// instead of ldap:// For LDAPS, use the secure port (636) instead of the standard port (389), and provide a CA certificate.
    • The Configuration Directory Server administrator's user ID; by default, this is admin.
    • The administrator user's password.
    • The Configuration Directory Server Admin domain, such as example.com.
    • The CA certificate to authenticate to the Configuration Directory Server. This is only required if the Directory Server instance will connect to the Configuration Directory Server over LDAPS. This should be the full path and filename the CA certificate in PEM/ASCII format.
    This information is supplied in place of creating an admin user and domain for the new Directory Server steps 8, 9, and 10.
  8. Set the administrator user name. The default is admin.
  9. Set the administrator password and confirm it.
  10. Set the administration domain. This defaults to the host's domain. For example: 
    Administration Domain [example.com]:
  11. Enter the Directory Server port number. The default is 389, but if that port is in use, the setup program supplies a randomly generated one. 
    Directory server network port [389]: 1066
  12. Enter the Directory Server identifier; this defaults to the host name. 
    Directory server identifier [example]:
    The server identifier must not contain a period (.) or space character.
  13. Enter the directory suffix. This defaults to dc=domain name. For example: 
    Suffix [dc=example,dc=com]:
  14. Set the Directory Manager user name. The default is cn=Directory Manager.
  15. Set the Directory Manager password and confirm it.

    Important

    When resetting the Directory Manager's password from the command line, do not use curly braces ({}) in the password. The root password is stored in the format {password-storage-scheme}hashed_password. Any characters in curly braces are interpreted by the server as the password storage scheme for the root password. If that text is not a valid storage scheme or if the password that follows is not properly hashed, then the Directory Manager cannot bind to the server.
  16. Select whether you want to install sample entries with the Directory Server instance. This means that an example LDIF, with preconfigured users, groups, roles, and other entries, is imported into the Directory Server database. This option is helpful for evaluation or testing Directory Server features.
    This is not required.
  17. Select whether to populate the Directory Server with data; this means whether to import an LDIF file with existing data into the Directory Server database. If the answer is yes, then supply a path to the LDIF file or select the suggested file. If the LDIF file requires custom schema, perform a silent setup instead, and use the SchemaFile directive in the .inf to specify additional schema files. See Section 4.6.5.1, “.inf File Directives” for information on .inf directives.
    The default option is none, which does not import any data.
  18. Enter the Admin Server port number. The default is 9830, but if that port is in use, the setup program supplies a randomly generated one. 
    Administration port [9830]:
  19. Set an IP address (IPv4 or IPv6) for the new Admin Server to use. The Admin Server uses a web server, and this parameter is set in the console.conf file for the server. Setting this parameter restricts the Admin Server to that single IP. Leaving it blank, the default, allows the Admin Server to acquire any IP address.
  20. Set the user as which the Admin Server process will run. The default is nobody. However, Red Hat strongly recommends to use a different user name such as dirsrv. For example: 
    Run Administration Server as [nobody]: dirsrv
  21. The last screen asks if you are ready to set up your servers. Select yes. 
    Are you ready to set up your servers? [yes]:
Creating directory server . . .
Your new DS instance 'example3' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server reconfiguration . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Restarting admin server . . .
The admin server was successfully started.
Admin server was successfully reconfigured and started.
Exiting . . .
Log file is '/tmp/setupul88C1.log'
When the setup-ds-admin.pl script is done, then the Directory Server is configured and running. Log into the Directory Server Console to begin setting up the directory service:
  1. Get the Admin Server port number from the Listen parameter in the console.conf configuration file. 
    # grep \^Listen /etc/dirsrv/admin-serv/console.conf

Listen 0.0.0.0:9830
  2. Using the Admin Server port number, launch the Console. 
    # redhat-idm-console -a http://localhost:9830

Note

If you do not pass the Admin Server port number with the redhat-idm-console command, then you are prompted for it at the Console login screen.