Setting up Fedora DS(389 DS Server) on centOS 5.4?
Guys,
I have been confused with the overall new 389 DS Server Setup. All I did upto now is: yum install 389-ds and it did all the installation correctly. Then, I ran: /usr/sbin/setup-ds.pl It too went fine. All I need is Setup 389 Server with SSL.I did went through http://directory.fedoraproject.org/wiki/Howto:SSL but no Idea how to proceed. I am confused with the following points: 1. Do I also need to run setup-ds-admin.pl and setup-ds-dsgw too? I tried running setup-ds-admin.pl and it stucked at : The server 'ldap://389-ds.sap.com:45474/o=NetscapeRoot' is not reachable. Error: unknown error. 2. When Should I run the setupssl2.sh script? After running the above setup-* scripts? What changes I need to make on the script? |
The only thing you need to run is the setup-ds-admin.pl script. that does the directory AND the admin server. this would be done on a "master" server and then other backups would use the setup-ds.pl to hook back into the central admin server on the master.
|
I ran the following commands
Code:
|
Unless I'm missing something, you *don't* have an existing config server, do you? this is what provides the cn=config part of the entire directory tree, so you need to create an initial one (as per the thing I said about running it on a master and then adding backups / slaves to it later). TBH I get the terminology a little mixed up, but you wouldn't have a config server already.
|
May I know how can I proceed?
Long Back when there was fedora DS I simply need to run script under /opt/fedora-ds and it would run fine. But the latest 389-DS is something which is difficult to understand.it has files under /etc/dirsrv Code:
[root@389-ds dirsrv]# pwd Please help me get to start 389-ds server with SSL. |
Hey Its Done.
All I started with running setup-ds-admin.pl and this time I selected : Code:
If you do not yet have a configuration directory server, enter 'No' to be prompted to set up one. Now I wonder how can I setup SSL. Do I need to select 636 for port while selecting the port: Code:
Directory server network port [389]: |
I have done that too.
Download setupssl2.sh from http://github.com/richm/scripts/blob...l2.sh?raw=true and make the modification: Just enter the correct filename /etc/disrv/slapd-389-ds [root@389-ds dirsrv]# vi /opt/setupssl2.sh [root@389-ds dirsrv]# chmod +x /opt/setupssl2.sh [root@389-ds dirsrv]# cd /opt/ [root@389-ds opt]# ./setupssl2.sh No CA certificate found - will create new one No Server Cert found - will create new one No Admin Server Cert found - will create new one Creating password file for security token Creating noise file Creating new key and cert db Creating encryption key for CA Generating key. This may take a few moments... Creating self-signed CA certificate Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Exporting the CA certificate to cacert.asc Generating server certificate for Fedora Directory Server on host 389-ds.sap.com Using fully qualified hostname 389-ds.sapient.com for the server name in the server cert subject DN Note: If you do not want to use this hostname, edit this script to change myhost to the real hostname you want to use Generating key. This may take a few moments... Creating the admin server certificate Generating key. This may take a few moments... Exporting the admin server certificate pk12 file pk12util: PKCS12 EXPORT SUCCESSFUL Creating pin file for directory server Importing the admin server key and cert (created above) pk12util: PKCS12 IMPORT SUCCESSFUL Importing the CA certificate from cacert.asc Creating the admin server password file Enabling the use of a password file in admin server Enabling SSL in the directory server - when prompted, provide the directory manager password Enter LDAP Password: modifying entry "cn=encryption,cn=config" modifying entry "cn=config" adding new entry "cn=RSA,cn=encryption,cn=config" Done. You must restart the directory server and the admin server for the changes to take effect. [root@389-ds opt]# service dirsrv restart Shutting down dirsrv: 389-ds... [ OK ] Starting dirsrv: 389-ds... [ OK ] [root@389-ds opt]# service dirsrv-admin restart Shutting down dirsrv-admin: [ OK ] Starting dirsrv-admin: [ OK ] [root@389-ds opt]# [/code] Finally Done. |
If someone by chance happens to see this, did you get this going and how many domains did you have configured in it.
I am trying to setup 389 on CentOS 5.7 x86 (using 32 bit) to see if I can make it work. Could you by some chance share your configuration if you got it going? |
please don't drag up dead threads.
|
All times are GMT -5. The time now is 07:23 AM. |