Installing 389 DS (Directory Services) on CentOS 6

Need to install 389 DS on clean CentOS 6.3 x64. Setup TLS encryption, etc.

Prepare the server:

  1. Set hostname and fqdn (/etc/sysconfig/network) and configure /etc/hosts file
  2. echo “ server1” >> /etc/hosts

  3. test:
  4. hostname -f

  5. Should return “”
  6. Download and install Oracle Java JDK – (jdk-7u7-linux-x64.rpm) from Oracle web site (

    rpm -Uvh jdk-7u7-linux-x64.rpm
    alternatives –install /usr/bin/java java /usr/java/latest/jre/bin/java 20000
    alternatives –install /usr/bin/javaws javaws /usr/java/latest/jre/bin/javaws 20000
    alternatives –install /usr/bin/javac javac /usr/java/latest/bin/javac 20000
    alternatives –install /usr/bin/jar jar /usr/java/latest/bin/jar 20000
    update-alternatives –display java
    update-alternatives –config java

Install 389 DS

  1. Install the EPEL (aka Extra Packages for Enterprise Linux) repo:

    rpm -Uvh

  2. Install the 389-ds

    yum install 389-ds
    chkconfig dirsrv on
    chkconfig dirsrv-admin on

  3. Tune a few kernel parameteres, as suggested by 389-ds setup script:

    echo “# LDAP recommended” >> /etc/sysctl.conf
    echo “net.ipv4.tcp_keepalive_time = 300” >> /etc/sysctl.conf
    echo “* soft nofile 8192” >> /etc/security/limits.conf
    echo “* hard nofile 8192” >> /etc/security/limits.conf

  4. If plan to run 389-console localy, will need to install GNOME:

    yum groupinstall basic-desktop desktop-platform x11 fonts
    chkconfig NetworkManager off

    #Change default runlevel in /etc/inittab if using 389 console localy (or better use X11 forwarding over SSH)

  5. Configure LDAP (Deploy LDAP instance)

    Select all default options, except hostname, admin and pass, cn manager and pass (write these down for documentation purposes)

  6. Configure TLS for LDAP – user authentification simply doesn’t work without TLS (if using SSSD as a ldap client)

    wget –no-check-certificate
    chmod 700
    sh ./ /etc/dirsrv/slapd-xxxxx/ # Replace slapd-xxxxx with name of your instance folder that you choose during setup)
    service dirsrv restart
    service dirsrv-admin restart

  7. If all OK, start 389-console:


    Use the original “admin” username and pass that you defined during “” or ¬†use “cn=directory manager” as a username and it’s pass, and use “https://localhost:9830” as the URL.

  8. Try to create users/groups,OUs,etc.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: