Installing 389 DS (Directory Services) on CentOS 6

Need to install 389 DS on clean CentOS 6.3 x64. Setup TLS encryption, etc.

Prepare the server:

  1. Set hostname and fqdn (/etc/sysconfig/network) and configure /etc/hosts file
  2. echo “11.22.33.44 server1.domain.com server1” >> /etc/hosts

  3. test:
  4. hostname -f

  5. Should return “server1.domain.com”
  6. Download and install Oracle Java JDK – (jdk-7u7-linux-x64.rpm) from Oracle web site (http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html)

    rpm -Uvh jdk-7u7-linux-x64.rpm
    alternatives –install /usr/bin/java java /usr/java/latest/jre/bin/java 20000
    alternatives –install /usr/bin/javaws javaws /usr/java/latest/jre/bin/javaws 20000
    alternatives –install /usr/bin/javac javac /usr/java/latest/bin/javac 20000
    alternatives –install /usr/bin/jar jar /usr/java/latest/bin/jar 20000
    update-alternatives –display java
    update-alternatives –config java

Install 389 DS

  1. Install the EPEL (aka Extra Packages for Enterprise Linux) repo:

    rpm -Uvh http://mirror.pmf.kg.ac.rs/fedora/epel/6/i386/epel-release-6-8.noarch.rpm

  2. Install the 389-ds

    yum install 389-ds
    chkconfig dirsrv on
    chkconfig dirsrv-admin on

  3. Tune a few kernel parameteres, as suggested by 389-ds setup script:

    echo “# LDAP recommended” >> /etc/sysctl.conf
    echo “net.ipv4.tcp_keepalive_time = 300” >> /etc/sysctl.conf
    echo “* soft nofile 8192” >> /etc/security/limits.conf
    echo “* hard nofile 8192” >> /etc/security/limits.conf
    reboot

  4. If plan to run 389-console localy, will need to install GNOME:

    yum groupinstall basic-desktop desktop-platform x11 fonts
    chkconfig NetworkManager off

    #Change default runlevel in /etc/inittab if using 389 console localy (or better use X11 forwarding over SSH)

  5. Configure LDAP (Deploy LDAP instance)

    setup-ds-admin.pl

    Select all default options, except hostname, admin and pass, cn manager and pass (write these down for documentation purposes)

  6. Configure TLS for LDAP – user authentification simply doesn’t work without TLS (if using SSSD as a ldap client)

    wget –no-check-certificate https://raw.github.com/richm/scripts/master/setupssl2.sh
    chmod 700 setupssl2.sh
    sh ./setupssl2.sh /etc/dirsrv/slapd-xxxxx/ # Replace slapd-xxxxx with name of your instance folder that you choose during setup)
    service dirsrv restart
    service dirsrv-admin restart

  7. If all OK, start 389-console:

    389-console

    Use the original “admin” username and pass that you defined during “setup-ds-admin.pl” or ¬†use “cn=directory manager” as a username and it’s pass, and use “https://localhost:9830” as the URL.

  8. Try to create users/groups,OUs,etc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: