Installing the Fedora Directory Server

The Fedora Directory Server is distributed as an rpm

archive. Now, as we are not carrying it in PCQ Linux CDs, you can download it

from http://directory.fedora.redhat.com/downloads. The current version is 7.1.01

and the current release number is 2. The FDS comes in two flavors — one for

installation on RedHat Enterprise Linux 3 (RHEL3) and another for RHEL4. The

installation of this rpm now requires a JVM that can be downloaded from (URL

here). Once the rpm has been installed, the detailed setup is carried out by the

command:

/opt/fedora-ds/setup/setup

The initial screens request your agreement to the license terms and the

installation detail level. In each of these choose the default options (yes, and

2 respectively). The first important configuration parameter is the parent

Administration server which will administer this Directory server. Since we have

only one, choose the Default option.

The Fedora Directory Server can be administered from a

remote administration and configuration Server. However if this is an instance

of a single stand-alone server (as is the case here), choose No. If the

directory server was being installed at a branch or a factory to hold local

information, the correct option is Yes. This will prompt you for the IP Address

and Port of the Master Administration Server which will control the

configuration of this local instance.

The figure shows the functionality available in the Configuration tab of the directory console. You can use this tab to manage databases, the directory server schema, etc

The data in the Directory Server is organized as a tree

with nodes and branches (see Figure...). It is possible to move entire branches

to different parts of the network in distinct but connected servers so that the

entire organization is described by a large virtual tree made up from different

branches at autonomous locations. This structure has the advantage that each

branch can be autonomously administered, yet present a virtual view of a

centrally located directory server. The second step asks for the location of the

directory where the data for this branch is to be stored. Since our first

deployment is central with no branch directory servers, accept the default and

proceed.

Next you will be prompted for the location of the directory

server where the data is to be stored.

If you already have a directory server you want to use to

store your data such as user and group information,  answer Yes to the

following question. You will be prompted for the host, port, suffix and bind DN

to use for that directory server.

If you want this directory

server to store your data, answer No.

Do you want to use another

directory to store your data?  :

Since we have a single centrally administered directory

server, choose the default option and proceed.

The shows the first screen on successful login into the server. The left bar organizes the servers as a tree structure under the default domain set during installation

Steps 3 and 4: The next two steps prompt for a port

on which the Directory Server will service requests (3) and a unique identifier

for the server (4). The default port — 389 is available only if the

installation is carried out by a user with root privileges (our case). For a

non-root installation, you would have to choose a port higher than 1024. The

unique identifier is used to name directories and configurations. For example

the entire directory server with its individual configuration and schema and

data is stored under /opt/fedora/slapd-xxxxx where 'xxxxx' is the

identifier. The startup and shutdown scripts are similarly identified by start-xxxxx,

stop-xxxxx and restart-xxxxx.

The standard directory server network port number is 389.

However, if you are not logged as the supervisor, or port 389 is in use, the

default value will be a random unused port number greater than 1024. If you want

to use port 389, make sure that you are logged in as the superuser, that port

389 is not in use and that you run the admin server as the superuser.

The initial installation must be carried out on a

non-secure port and later after all the certificates are installed moved to a

secure port.

The following will be the install prompt for the port on

which the directory server will service requests:

Directory server network port

<389>:

The following will be the install prompt for a unique name

to identify the configuration, the schema and the data for this instance. The

current installation has been given the name of  'mydomain'

Each instance of a directory server requires a unique

identifier. Press Enter to accept the default, or type in another name and press

Enter.

Directory server identifier

<192>: thinkpad

Step 5: Each directory is characterized by the name

of the root from which it grows. This name is normally in two styles —

Organization Name + Country Name or a name that is built from the domain name

components (dc). We shall use the latter style to identify the root — dc=mydomain,dc=com.

The configuration of the root suffix for the directory tree

is shown below. The default values are the last two components of the ip-address

which must be changed to the last two components of the domain name (dc stands

for domainname component).

The suffix is the root of your directory tree. You may have

more than one suffix.

Suffix dc=113>: dc=godfreyphillips, dc=com

Step 6: Assign a password to the Administrator (user

'admin') for the Administration server and the Directory Server (bind as

“cn=Directory Manager”).  Certain directory server operations require

an administrative user. This user is referred to as the Directory Manager and

typically has a bind Distinguished Name (DN) of cn=Directory Manager. Press

Enter to accept the default value, or enter DN. In either case, you will be

prompted for the password for this user. The password must be at least eight

characters long.

Step 7: The last step before the install completes

is to supply the name of the Internet Domain that the organization belongs to.

This is for cataloging reasons and has no bearing on the administration. However

if the organization runs a real Domain name server then certain shortcuts of

accessing the Directory become available. This facility is not required

currently and the domain name is set to a pseudo domain 'mydomain.com'.

Starting and Stopping the Directory and Administration

Server



The following scripts are used to start, stop and restart the Directory and

Administration Server:

These scripts to start the service when the machine is

started and stop it when the machine is stopped are placed in /etc/rc.d/init.d

in a service file and available for management from the standard ntsysv

interface.

Administration



Administration tasks can be carried out using a Java GUI called the

Directory Console.  Since the Java console talks to the Administration

Server, you must start the Administration server along with the Directory

Server. When the Administration server starts, it reports the port on which it

will run in response to the start-admin command (see above).

This port number must be supplied to the console login

screen to login to the Directory Console.

Once you have logged in to the Directory Administration

Console, this becomes the single point for all administrative tasks. The first

screen gives you an option to manage either the Directory Server (add, edit and

delete entries or change the schema for example) or the Administration server

(to add more directories, change passwords etc.)The Management Console for the



Directory Server is divided into four tabs (Tasks, Configuration, Directory and

Status).

The Tasks tab gives access to common administrative tasks

such as Starting and Stopping the Server, backing up and restoring Directory

data and managing certificates for secure connections.