1.
Install packages
1.1.
RPMs / i386
Download redhat-ds-v3-core-i386.tgz
tar xzf redhat-ds-v3-core-i386.tgz
cd redhat-ds-v3-core-i386
rpm -ivh packages.....
rpm -ivh./built/i386/adminutil-1.1.5-1.i386.rpm./built/i386/dirsec-jss-4.2.4-41.i386.rpm./built/i386/dirsec-nspr-4.6.7.1-1.i386.rpm./built/i386/dirsec-nss-3.11.7-3.rhel4.i386.rpm./built/i386/fortitude-mod_nss-1.0.6-8el4idm.i386.rpm./built/i386/mozldap6-6.0.5-1el4idm.i386.rpm./built/i386/noarch/idm-console-framework-1.1.0-7.noarch.rpm./built/i386/noarch/ldapjdk-4.18-3jpp_5rh.noarch.rpm./built/i386/noarch/redhat-admin-console-8.0.0-9.noarch.rpm./built/i386/noarch/redhat-ds-console-8.0.0-9.noarch.rpm./built/i386/perl-Mozilla-LDAP-1.5.2-4el4idm.i386.rpm./built/i386/redhat-ds-8.0.0-1.3.el4dsrv.i386.rpm./built/i386/redhat-ds-admin-8.0.0-6.el4dsrv.i386.rpm./built/i386/redhat-ds-base-8.0.3-16.el4dsrv.i386.rpm./built/i386/redhat-idm-console-1.0.0-21.i386.rpm./built/i386/svrcore-4.0.4-3.el4idm.i386.rpm./built/tools/i386/dirsec-nss-tools-3.11.7-3.rhel4.i386.rpm./built/tools/i386/mozldap6-tools-6.0.5-1el4idm.i386.rpm./prereq/i386/icu-3.6-4.el4.i386.rpm./prereq/i386/libicu-3.6-4.el4.20.i386.rpm./prereq/i386/java-1.4.2-ibm-1.4.2.6-1jpp.2.el4.i386.rpm
1.2.
RPMs / x86_64
Download redhat-ds-v2-core-x64.tgz
tar xzf redhat-ds-v2-core-x64.tgz
cd redhat-ds-v2-core-x64
rpm -ivh packages.....
rpm -ivh ./built/tools/x64/dirsec-nss-tools-3.11.7-3.rhel4.x86_64.rpm ./built/tools/x64/mozldap6-tools-6.0.5-1el4idm.x86_64.rpm ./built/x64/adminutil-1.1.5-1.x86_64.rpm ./built/x64/dirsec-jss-4.2.4-41.x86_64.rpm ./built/x64/dirsec-nspr-4.6.7.1-1.x86_64.rpm ./built/x64/dirsec-nss-3.11.7-3.rhel4.x86_64.rpm ./built/x64/fortitude-mod_nss-1.0.6-8el4idm.x86_64.rpm ./built/x64/mozldap6-6.0.5-1el4idm.x86_64.rpm ./built/x64/noarch/idm-console-framework-1.1.0-7.noarch.rpm ./built/x64/noarch/ldapjdk-4.18-3jpp_5rh.noarch.rpm ./built/x64/noarch/redhat-admin-console-8.0.0-9.noarch.rpm ./built/x64/noarch/redhat-ds-console-8.0.0-9.noarch.rpm ./built/x64/perl-Mozilla-LDAP-1.5.2-4el4idm.x86_64.rpm ./built/x64/redhat-ds-8.0.0-1.3.el4dsrv.x86_64.rpm ./built/x64/redhat-ds-admin-8.0.0-6.el4dsrv.x86_64.rpm ./built/x64/redhat-ds-base-8.0.3-16.el4dsrv.x86_64.rpm ./built/x64/redhat-idm-console-1.0.0-21.x86_64.rpm ./built/x64/svrcore-4.0.4-3.el4idm.x86_64.rpm ./prereq/x64/icu-3.6-4.el4.20.x86_64.rpm ./prereq/x64/java-1.4.2-ibm-1.4.2.6-1jpp.2.el4.x86_64.rpm ./prereq/x64/libicu-3.6-4.el4.20.x86_64.rpm
2.
Initial setup
/usr/bin/dsktune
cat > rhds8.inf
[General]
FullMachineName= server.ourdom.com
SuiteSpotUserID= nobody
SuiteSpotGroup= nobody
AdminDomain= ourdom.com
ConfigDirectoryAdminID= admin
ConfigDirectoryAdminPwd= pass123
ConfigDirectoryLdapURL= ldap://server.ourdom.com:389/o=NetscapeRoot
[slapd]
SlapdConfigForMC= Yes
UseExistingMC= No
ServerPort= 389
ServerIdentifier= el4
Suffix= dc=ourdom,dc=com
RootDN= cn=dirman
RootDNPwd= pass123
[admin]
SysUser= nobody
Port= 11333
ServerIpAddress= 10.20.4.1
ServerAdminID= admin
ServerAdminPwd= pass123
^D
/usr/sbin/setup-ds-admin.pl -s -f rhds8.inf
Creating directory server . . .
Your new DS instance 'el4' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
The admin server was successfully started.
Admin server was successfully created, configured, and started.
Exiting . . .
Log file is '/tmp/setupzymAxA.log'
Fatal Error: failed to open an LDAP connection to host 'xxx' port '389' as user 'zzz'.
Error: unknown.
Fatal Failed to create the configuration directory server
Verify that the xxx name is accessible via both /etc/hosts and DNS.
3.
Run automatically
chkconfig --add dirsrv
chkconfig --add dirsrv-admin
chkconfig dirsrv on
chkconfig dirsrv-admin on
service dirsrv restart
service dirsrv-admin restart
4.
Start management console
/usr/bin/redhat-idm-console -a http://server.ourdom.com:11333 -u admin -w pass123 &
Переходим на вкладку Users and Groups .
Кликаем Create , выбираем User .
В списке Select the directory subtree выбираем People .
Заполняем поля:
First Name John
Last Name Smith
Common Name John Smith
User ID jsmith
Password pass123
Posix / UID 201
Posix / GID 201
Кликаем OK
Кликаем Search. Убеждаемся, что пользователь появился.
5.
Test
Verify FDS:
ldapsearch -h el.vpn -x -D "cn=dirman" -w pass123 -LLL
-b "dc=ourdom,dc=com" "(objectClass=posixAccount)" dn
Verify AD:
ldapsearch -h winsrv.vpn -x -D "cn=WinAdmin,cn=People,dc=ourdom,dc=local"
-w zse4RFV -LLL -b "cn=People,dc=ourdom,dc=local"
"(objectClass=group)" dn
Download script rhds8-setupssl2.sh .
./rhds8-setupssl2.sh /etc/dirsrv/slapd-el4 cn=dirman pass123 server.ourdom.com 389
The script will do all the job:
script output
Using /etc/dirsrv/slapd-el4 as sec directory
No CA certificate found - will create new one
No Server Cert found - will create new one
No Admin Server Cert found - will create new one
Creating password file for security token
Creating noise file
Creating new key and cert db
Creating encryption key for CA
Generating key. This may take a few moments...
Creating self-signed CA certificate
Generating key. This may take a few moments...
Exporting the CA certificate to cacert.asc
Exporting the CA key/cert to cacert.p12
pk12util: PKCS12 EXPORT SUCCESSFUL
Generating server certificate for Fedora Directory Server
on host server.ourdom.com
Using fully qualified hostname server.ourdom.com
for the server name in the server cert subject DN
Note: If you do not want to use this hostname,
edit this script to change myhost to the
real hostname you want to use
Generating key. This may take a few moments...
Creating the admin server certificate
Generating key. This may take a few moments...
Exporting the admin server certificate pk12 file
pk12util: PKCS12 EXPORT SUCCESSFUL
Creating pin file for directory server
Creating key and cert db for admin server admin-serv-
Importing the admin server key and cert (created above)
pk12util: PKCS12 IMPORT SUCCESSFUL
Importing the CA certificate from cacert.asc
Creating the admin server password file
Enabling SSL in the directory server
modifying entry "cn=encryption,cn=config"
modifying entry "cn=config"
adding new entry "cn=RSA,cn=encryption,cn=config"
Done.
You must restart the directory and admin servers
for the changes to take effect.
Restart the server:
service dirsrv restart
service dirsrv-admin restart
Attention! For SSL-only operation you also have to configure the admin- server.
service dirsrv stop
vi /opt/fedora-ds/slapd-X /config/dse.ldif
nsslapd-port: 389 0
service dirsrv start
See here
Attachments rhds8-setupssl2.sh 8.25 KB
redhat-ds-v2-core-x64.tgz 48.18 MB
redhat-ds-v3-core-i386.tgz 52.8 MB
English
Русский
If the following error appears:
Comments
Post new comment