LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-09-2010, 02:45 AM   #1
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466
Blog Entries: 6

Rep: Reputation: 51
Setting up Fedora DS(389 DS Server) on centOS 5.4?


Guys,

I have been confused with the overall new 389 DS Server Setup.
All I did upto now is:

yum install 389-ds

and it did all the installation correctly.
Then, I ran:
/usr/sbin/setup-ds.pl

It too went fine.

All I need is Setup 389 Server with SSL.I did went through http://directory.fedoraproject.org/wiki/Howto:SSL but no Idea how to proceed.

I am confused with the following points:

1. Do I also need to run setup-ds-admin.pl and setup-ds-dsgw too?

I tried running setup-ds-admin.pl and it stucked at :

The server 'ldap://389-ds.sap.com:45474/o=NetscapeRoot' is not reachable. Error: unknown error.

2. When Should I run the setupssl2.sh script? After running the above setup-* scripts?
What changes I need to make on the script?
 
Old 01-09-2010, 03:19 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
The only thing you need to run is the setup-ds-admin.pl script. that does the directory AND the admin server. this would be done on a "master" server and then other backups would use the setup-ds.pl to hook back into the central admin server on the master.
 
Old 01-09-2010, 03:32 AM   #3
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466

Original Poster
Blog Entries: 6

Rep: Reputation: 51
I ran the following commands
Code:
[root@389-ds init.d]# service dirsrv stop
Shutting down dirsrv:
    389-ds...                                              [  OK  ]
[root@389-ds ~]# /usr/sbin/setup-ds-admin.pl

==============================================================================
This program will set up the 389 Directory and Administration Servers.

It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
  - Press "Enter" to choose the default and go to the next screen
  - Type "Control-B" then "Enter" to go back to the previous screen
  - Type "Control-C" to cancel the setup program

Would you like to continue with set up? [yes]: yes

==============================================================================
BY SETTING UP AND USING THIS SOFTWARE YOU ARE CONSENTING TO BE BOUND BY
AND ARE BECOMING A PARTY TO THE AGREEMENT FOUND IN THE
LICENSE.TXT FILE. IF YOU DO NOT AGREE TO ALL OF THE TERMS
OF THIS AGREEMENT, PLEASE DO NOT SET UP OR USE THIS SOFTWARE.

Do you agree to the license terms? [no]: yes

==============================================================================
Your system has been scanned for potential problems, missing patches,
etc.  The following output is a report of the items found that need to
be addressed before running this software in a production
environment.

389 Directory Server system tuning analysis version 10-AUGUST-2007.

NOTICE : System is i686-unknown-linux2.6.18-164.el5 (1 processor).

ERROR  : Only 249MB of physical memory is available on the system. 256MB is the
recommended minimum. 1024MB is recommended for best performance on large production system.

NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds
(120 minutes).  This may cause temporary server congestion from lost
client connections.

WARNING: There are only 1024 file descriptors (hard limit) available, which
limit the number of simultaneous connections.

WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.

ERROR  : The above errors MUST be corrected before proceeding.

Would you like to continue? [no]: yes

==============================================================================
Choose a setup type:

   1. Express
       Allows you to quickly set up the servers using the most
       common options and pre-defined defaults. Useful for quick
       evaluation of the products.

   2. Typical
       Allows you to specify common defaults and options.

   3. Custom
       Allows you to specify more advanced options. This is
       recommended for experienced server administrators only.

To accept the default shown in brackets, press the Enter key.

Choose a setup type [2]: 2

==============================================================================
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: eros.example.com.

To accept the default shown in brackets, press the Enter key.

Computer name [389-ds.sap.com]:

==============================================================================
The servers must run as a specific user in a specific group.
It is strongly recommended that this user should have no privileges
on the computer (i.e. a non-root user).  The setup procedure
will give this user/group some permissions in specific paths/files
to perform server-specific operations.

If you have not yet created a user and group for the servers,
create this user and group using your native operating
system utilities.

System User [nobody]: fds
System Group [nobody]: fds

==============================================================================
Server information is stored in the configuration directory server.
This information is used by the console and administration server to
configure and manage your servers.  If you have already set up a
configuration directory server, you should register any servers you
set up or create with the configuration server.  To do so, the
following information about the configuration server is required: the
fully qualified host name of the form
<hostname>.<domainname>(e.g. hostname.example.com), the port number
(default 389), the suffix, the DN and password of a user having
permission to write the configuration information, usually the
configuration directory administrator, and if you are using security
(TLS/SSL).  If you are using TLS/SSL, specify the TLS/SSL (LDAPS) port
number (default 636) instead of the regular LDAP port number, and
provide the CA certificate (in PEM/ASCII format).

If you do not yet have a configuration directory server, enter 'No' to
be prompted to set up one.

Do you want to register this software with an existing
configuration directory server? [no]: yes

==============================================================================
Please specify the information about your configuration directory
server.  The following information is required:
- host (fully qualified), port (non-secure or secure), suffix,
  protocol (ldap or ldaps) - this information should be provided in the
  form of an LDAP url e.g. for non-secure
ldap://host.example.com:389/o=NetscapeRoot
  or for secure
ldaps://host.example.com:636/o=NetscapeRoot
- admin ID and password
- admin domain
- a CA certificate file may be required if you choose to use ldaps and
  security has not yet been configured - the file must be in PEM/ASCII
  format - specify the absolute path and filename

Configuration directory server URL [ldap://389-ds.sap.com:389/o=NetscapeRoot]:
Configuration directory server admin ID [admin]:
Configuration directory server admin password:
Configuration directory server admin domain [sapient.com]:
The server 'ldap://389-ds.sap.com:389/o=NetscapeRoot' is not reachable.  Error: unknown error

Please try again, in case you mis-typed something.

Configuration directory server URL [ldap://389-ds.sap.com:389/o=NetscapeRoot]:
[root@389-ds ~]#
Am I missing anything?

Last edited by your_shadow03; 01-09-2010 at 03:35 AM.
 
Old 01-09-2010, 04:15 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Unless I'm missing something, you *don't* have an existing config server, do you? this is what provides the cn=config part of the entire directory tree, so you need to create an initial one (as per the thing I said about running it on a master and then adding backups / slaves to it later). TBH I get the terminology a little mixed up, but you wouldn't have a config server already.
 
Old 01-09-2010, 04:19 AM   #5
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466

Original Poster
Blog Entries: 6

Rep: Reputation: 51
May I know how can I proceed?
Long Back when there was fedora DS I simply need to run script under /opt/fedora-ds and it would run fine. But the latest 389-DS is something which is difficult to understand.it has files under /etc/dirsrv
Code:
[root@389-ds dirsrv]# pwd
/etc/dirsrv
[root@389-ds dirsrv]# ls
admin-serv  config  dsgw  schema  slapd-389-ds
May I know if I need to run /usr/sbin/setup-ds.pl first or do else.
Please help me get to start 389-ds server with SSL.

Last edited by your_shadow03; 01-09-2010 at 04:26 AM.
 
Old 01-09-2010, 04:38 AM   #6
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466

Original Poster
Blog Entries: 6

Rep: Reputation: 51
Hey Its Done.
All I started with running setup-ds-admin.pl and this time I selected :
Code:
If you do not yet have a configuration directory server, enter 'No' to be prompted to set up one. 

Do you want to register this software with an existing configuration directory server? [no]: no
That created Directory Server for me too.
Now I wonder how can I setup SSL.
Do I need to select 636 for port while selecting the port:

Code:
Directory server network port [389]:
 
Old 01-09-2010, 05:32 AM   #7
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466

Original Poster
Blog Entries: 6

Rep: Reputation: 51
I have done that too.
Download setupssl2.sh from http://github.com/richm/scripts/blob...l2.sh?raw=true and make the modification:
Just enter the correct filename /etc/disrv/slapd-389-ds

[root@389-ds dirsrv]# vi /opt/setupssl2.sh
[root@389-ds dirsrv]# chmod +x /opt/setupssl2.sh
[root@389-ds dirsrv]# cd /opt/
[root@389-ds opt]# ./setupssl2.sh
No CA certificate found - will create new one
No Server Cert found - will create new one
No Admin Server Cert found - will create new one
Creating password file for security token
Creating noise file
Creating new key and cert db
Creating encryption key for CA


Generating key. This may take a few moments...

Creating self-signed CA certificate


Generating key. This may take a few moments...

Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Exporting the CA certificate to cacert.asc
Generating server certificate for Fedora Directory Server on host 389-ds.sap.com
Using fully qualified hostname 389-ds.sapient.com for the server name in the server cert subject DN
Note: If you do not want to use this hostname, edit this script to change myhost to the
real hostname you want to use


Generating key. This may take a few moments...

Creating the admin server certificate


Generating key. This may take a few moments...

Exporting the admin server certificate pk12 file
pk12util: PKCS12 EXPORT SUCCESSFUL
Creating pin file for directory server
Importing the admin server key and cert (created above)
pk12util: PKCS12 IMPORT SUCCESSFUL
Importing the CA certificate from cacert.asc
Creating the admin server password file
Enabling the use of a password file in admin server
Enabling SSL in the directory server - when prompted, provide the directory manager password
Enter LDAP Password:
modifying entry "cn=encryption,cn=config"

modifying entry "cn=config"

adding new entry "cn=RSA,cn=encryption,cn=config"

Done. You must restart the directory server and the admin server for the changes to take effect.
[root@389-ds opt]# service dirsrv restart
Shutting down dirsrv:
389-ds... [ OK ]
Starting dirsrv:
389-ds... [ OK ]
[root@389-ds opt]# service dirsrv-admin restart
Shutting down dirsrv-admin:
[ OK ]
Starting dirsrv-admin:
[ OK ]
[root@389-ds opt]#
[/code]
Finally Done.
 
Old 12-06-2011, 10:39 PM   #8
rhbegin
Member
 
Registered: Oct 2003
Location: Arkansas, NWA
Distribution: Fedora/CentOS/SL6
Posts: 381

Rep: Reputation: 23
If someone by chance happens to see this, did you get this going and how many domains did you have configured in it.

I am trying to setup 389 on CentOS 5.7 x86 (using 32 bit) to see if I can make it work.

Could you by some chance share your configuration if you got it going?
 
Old 12-07-2011, 02:04 AM   #9
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
please don't drag up dead threads.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up L2TP over IPSec VPN server under CentOS 5.3 fantasygoat Linux - Networking 6 01-12-2016 04:41 AM
Doubt regarding 389 Server Client ? your_shadow03 Linux - Newbie 1 01-05-2010 01:26 PM
setting up vnc server on centos 5 sandeepthug Linux - Newbie 2 01-14-2009 04:49 AM
how do I setup a Ubuntu domU guest on a CentOS / Fedora Core XEN server? SoftDux Linux - Server 1 07-29-2008 06:59 AM
Setting up FreeRADIUS Server to work with POPTOP on CentOS 5 RageD Linux - Networking 4 05-31-2008 12:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration