Directory Server Centos55

Install Directory Server in CentOS 5.5 « • Holistic ... http://holisticsecurity.wordpress.com/2010/08/12/ins...
• Holistic Security •
IT Security, Trust, Quality and Usability. Systems Thinking Methodology applied
to IT Security problems.
Install Directory Server in CentOS 5.5

August 12, 2010
1. Download all RPM extra packages from: http://mirrors.nfsi.pt/CentOS

/5.5/extras/i386
[root@svdapp95 ~]# wget -m http://mirrors.nfsi.pt/CentOS/5.5/extras/i386
or
[root@svdapp95 ~]# wget -m http://mirror.centos.org/centos/5.5/extras/i386
2. Upload RPMs packages to you Linux box, for example to /centos-ds_rpm_tmp
3. Verify that you have installed Java:

[root@svdapp95 ~]# rpm -qa | grep jdk
java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5
4. Install required packages from mounted ISO images:
Note:
* Append ” –disablerepo=\* –enablerepo=c5-media install -y” to yum
command if you want install from DVD Iso image, for example:
# yum --disablerepo=\* --enablerepo=c5-media -y install <package>
[root@svdapp95 ~]# yum install cyrus-sasl-gssapi db4-utils mozldap-tools perl-Mozilla-LDAP mozldap-devel
see installation output log 1
5. Install required supported packages from mounted ISO:

# yum install xorg-x11-xauth bitstream-vera-fonts dejavu-lgc-fonts urw-fonts
6. Install CentOS Directory Server

[root@svdapp95 ~]# cd /centos-ds_rpm_tmp
[root@svdapp95 ~]# yum --nogpgcheck localinstall centos-ds-8.1.0-1.el5.centos.2.i386.rpm \
centos-ds-base-8.1.0-0.14.el5.centos.2.i386.rpm \
centos-ds-base-devel-8.1.0-0.14.el5.centos.2.i386.rpm \
centos-ds-console-8.1.0-5.el5.centos.2.noarch.rpm \
centos-ds-admin-8.1.0-9.el5.centos.1.i386.rpm \
adminutil-1.1.8-2.el5.centos.0.i386.rpm \
centos-admin-console-8.1.0-2.el5.centos.2.noarch.rpm \
1 of 11 10/15/2010 06:25 PM
centos-idm-console-1.0.1-1.el5.centos.2.i386.rpm \
idm-console-framework-1.1.3-9.el5.centos.2.noarch.rpm \
jss-4.2.5-1.el5.centos.1.i386.rpm
7. Verify FQDN (fully qualified domain name):

[root@svdapp95 ~]# hostname
svdapp95-ldap
[root@svdapp95 ~]# hostname -f
svdapp95-ldap.ohim-pre.eu
Note:
If you have some troubles, edit /etc/hosts and update it, and that looks like this:
127.0.0.1 svdapp95.ohim-pre.eulocalhost
::1 localhost6.localdomain6 localhost6
… and change your hostname to “svdapp95.ohim-pre.eu” with system-conﬁg-

network command, go to DNS > Hostname and change it.
8. Create and configure Directory Server and Administration Server instances

through of setup-ds-admin.pl:
[root@svdapp95 ~]# /usr/sbin/setup-ds-admin.pl
Verify installation
1. Verify if directory service is running:
[root@svdapp95 ~]# /etc/init.d/dirsrv status
dirsrv svdapp95-ldap (pid 4556) is running...
2. Verify if admin directory service is running:

[root@svdapp95 ~]# /etc/init.d/dirsrv-admin status
dirsrv-admin (pid 3308) is running...
3. Verify if 389 and 9830 ports are opened:

[root@svdapp95 ~]# netstat -tln | grep 389
tcp 0 0 :::389 :::* LISTEN
[root@svdapp95 ~]# netstat -tln | grep 9830
tcp 0 0 0.0.0.0:9830 0.0.0.0:* LISTEN
[root@svdapp95 ~]# lsof -i:389,9830
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
ns-slapd 3047 nobody 6u IPv6 13523 TCP *:ldap (LISTEN)
httpd.wor 3133 root 3u IPv4 13659 TCP *:9830 (LISTEN)
httpd.wor 3136 nobody 3u IPv4 13659 TCP *:9830 (LISTEN)
4. Start directory instance if It is not running:
2 of 11 10/15/2010 06:25 PM
[root@svdapp95 ~]# /etc/init.d/dirsrv-admin start

Starting dirsrv-admin:
[root@svdapp95 ~]# /etc/init.d/dirsrv start svdapp95-ldap

Starting dirsrv:
svdapp95-ldap... [ OK ]
Delete all files related to directory instance for

installing a new instance
1. Start all services:
[root@svdapp95 ~]# /etc/init.d/dirsrv-admin start
[root@svdapp95 ~]# /etc/init.d/dirsrv start svdapp95-ldap
2. Delete all files or remove instance with ds_remove script:

[root@svdapp95 ~]# rm -rf /var/lib/dirsrv/slapd-<ldap-instance-id>
[root@svdapp95 ~]# /usr/sbin/ds_removal -s <ldap-instance-id> -w <admin-pwd> [-f]
* In my case <ldap-instance-id> = svdapp95-ldap

* -f: if ds_removal fails, use -f to force the removal process.
* Each Directory Server instance service must be running for the remove script
to access it.
3. Re-run script setup-ds-admin.pl
Launch admin directory console

X Server and GDM runing in the linux box is required and X client in the client
side. In Windows as client can you use Xming.
1. Open a xterm or console in your linux box.
2. Run centos-idm-console:
[root@svdapp95 ~]# centos-idm-console -a http://localhost:9830
User ID: admin

Password: <your-pwd>
Administration URL: http://localhost:9830
Add an object in Directory Server by centos-

idm-console
1. Run Console
3 of 11 10/15/2010 06:25 PM
2. Open Directory Server console
3. Add an entry to Directory Server
4 of 11 10/15/2010 06:25 PM
Connection to CentOS Directory Server from

Apache Directory Studio
1. Create a connection to CentOS Directory Server from Apache Directory Studio
5 of 11 10/15/2010 06:25 PM
2. Browse LDAP
6 of 11 10/15/2010 06:25 PM
Add an object in Directory Server by ldapmodify

command
[root@svdapp95 ~]# /usr/lib/mozldap/ldapmodify -D "cn=Alba C.,ou=People,dc=ohim-pre,dc=eu" -w liferay -f
Where addUsr-roger.ldif file contains:

dn: cn=roger,ou=People,dc=ohim-pre, dc=eu
changetype: add
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: roger
sn: CARHUATOCTO
facsimileTelephoneNumber: 0034 123456678
givenName: ROGER
mail: roger@foo-bar.info
preferredLanguage: es
telephoneNumber: 0034 123456678
title: ICEfaces Programmer
uid: 333333
userPassword:: e1NTSEF9Q0N4SmxGRUpFZmxyVVYvbXk2cUJVV1N3QWdJbVcxbWtDbUkxdFE9P
Q==
Authenticate and Search an object in CentOS

Directory Server
In this case, the ldap operations that can be used are “bind operation” and
“search operation”.
CentOS Directory Server uses Mozilla LDAP tools — such as ldapsearch,
ldapmodify, and ldapdelete — for command-line operations.
The MozLDAP tools are installed with Directory Server and are located in the
/usr/lib/mozldap.
When running any LDAP command, make sure that you are using the MozLDAP
utilities, otherwise the command will return errors.
[root@svdapp95 ~]# /usr/lib/mozldap/ldapsearch -x -D <binddn> -w <bindpwd> -b <basedn> <searchfilter>
* -x: performing sorting on server

* -D: bind dn (for authentication)
* -w: bind passwd (for authentication)
* -b: base dn
* <searchfilter>: RFC-2254 compliant LDAP search filter
[root@svdapp95 ~]# /usr/lib/mozldap/ldapsearch -x -D "cn=lluis,ou=People,dc=ohim-pre,dc=eu" -w liferay -
Tuning CentOS Directory Server

1. Using dsktune:
7 of 11 10/15/2010 06:25 PM
[root@svdapp95 ~]# dsktune
References
* CentOS Directory Server, Basic Install
http://wiki.centos.org/HowTos/DirectoryServerSetup
* CentOS Directory Server On CentOS 5.2
http://www.howtoforge.com/centos-directory-server-on-centos5.2
* Index of /CentOS/5.5/extras/i386/RPMS
http://mirrors.nfsi.pt/CentOS/5.5/extras/i386/RPMS/
* Red Hat Directory Server – manual installation and conﬁguration
http://www.redhat.com/docs/manuals/dir-server/8.1/install/index.html
Bye.
Posted by Roger Carhuatocto

Filed in FOSS, Linux, PORTAL, Security
1 Comment »
One Response to “Install Directory Server in CentOS 5.5”
1. Carlos Jaramillo Says:
October 5, 2010 at 11:20 pm
Thank you very much.
8 of 11 10/15/2010 06:25 PM
Reply
Leave a Reply
Name (required)
E-mail (required)
W ebsite
Submit Comment
Notify me of follow-up comments via email.
Notify me of new posts via email.
Feeds
Pages
About
Archives
October 2010 (1)
September 2010 (2)
August 2010 (6)
July 2010 (2)
May 2010 (1)
9 of 11 10/15/2010 06:25 PM
April 2010 (2)

January 2010 (1)
November 2009 (2)
August 2009 (2)
July 2008 (2)
June 2008 (4)
November 2007 (1)
October 2007 (3)
Categories
Accessibility (2)
BPM (3)
ECM (5)
FOSS (8)
Holism (9)
Linux (9)
NTLM (1)
PORTAL (7)
Security (11)
Spanish (6)
Systems Thinking (4)
Trust (1)
Usability (10)
Virtual Box (2)
Webinar (1)
Blogroll
an IT Citizen blog
as Delivered
Blog de Gabriel Monreal
Desarrollo Java
Juan C. Fernández Galante
Nada Personal
Shamira Palma's Blog
@Chilcano tweets
Chilcano's feeds: WSO2 Carbon Studio - The Developer Tools for SOA
Platform http://ht.ly/19syIC 6 hours ago
WSO2 Carbon Studio - The Developer Tools for SOA Platform
http://ow.ly/1r92df #eclipse #rad 7 hours ago
10 of 11 10/15/2010 06:25 PM
Los modelos de negocio de Facebook http://feedproxy.google.com

/~r/alianzo/~3/b9mniIqpPI4/ #in #games #publicidad #ecommerce
21 hours ago
OpenSC y Cenatic. Propuesta http://www.kriptopolis.org/opensc-
cenatic #crypto #dnie #security 21 hours ago
Campaña Somos más del 1% – GNU/Linux http://ow.ly/1r7MH4 (via
picandocodigo) 2 days ago
Nunca uses texto en mayúsculas en tu código http://blog.duopixel.com
/tutoriales/mayusculas.html 2 days ago
Nueva Certificación CAT – Certified Agile Tester.
http://www.softqanetwork.com/nueva-certificacion-cat-certified-agile-
tester 2 days ago
Theme: Simpla by Phu. Blog at WordPress.com.
11 of 11 10/15/2010 06:25 PM

Directory Server Centos55

Uploaded by

Copyright:

Available Formats

You might also like

Directory Server Centos55

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Directory Server Centos55

Uploaded by

Copyright:

Available Formats

Install Directory Server in CentOS 5.5 « • Holistic ... http://holisticsecurity.wordpress.com/2010/08/12/ins...

Install Directory Server in CentOS 5.5

1. Download all RPM extra packages from: http://mirrors.nfsi.pt/CentOS

2. Upload RPMs packages to you Linux box, for example to /centos-ds_rpm_tmp

3. Verify that you have installed Java:

4. Install required packages from mounted ISO images:

[root@svdapp95 ~]# yum install cyrus-sasl-gssapi db4-utils mozldap-tools perl-Mozilla-LDAP mozldap-devel

see installation output log 1

5. Install required supported packages from mounted ISO:

6. Install CentOS Directory Server

see installation output log 2

7. Verify FQDN (fully qualified domain name):

… and change your hostname to “svdapp95.ohim-pre.eu” with system-conﬁg-

8. Create and configure Directory Server and Administration Server instances

see installation output log 3

2. Verify if admin directory service is running:

3. Verify if 389 and 9830 ports are opened:

4. Start directory instance if It is not running:

[root@svdapp95 ~]# /etc/init.d/dirsrv-admin start

[root@svdapp95 ~]# /etc/init.d/dirsrv start svdapp95-ldap

Delete all files related to directory instance for

2. Delete all files or remove instance with ds_remove script:

* In my case <ldap-instance-id> = svdapp95-ldap

3. Re-run script setup-ds-admin.pl

Launch admin directory console

1. Open a xterm or console in your linux box.

User ID: admin

Add an object in Directory Server by centos-

2. Open Directory Server console

3. Add an entry to Directory Server

Connection to CentOS Directory Server from

Add an object in Directory Server by ldapmodify

Where addUsr-roger.ldif file contains:

Authenticate and Search an object in CentOS

* -x: performing sorting on server

Tuning CentOS Directory Server

[root@svdapp95 ~]# dsktune

* CentOS Directory Server, Basic Install

* CentOS Directory Server On CentOS 5.2

* Red Hat Directory Server – manual installation and conﬁguration

Posted by Roger Carhuatocto

One Response to “Install Directory Server in CentOS 5.5”

1. Carlos Jaramillo Says:

October 5, 2010 at 11:20 pm

Thank you very much.

Notify me of follow-up comments via email.

Notify me of new posts via email.

April 2010 (2)

Los modelos de negocio de Facebook http://feedproxy.google.com

Theme: Simpla by Phu. Blog at WordPress.com.

You might also like