Revision 7 as of 2006-02-28 11:16:30

Clear message

Overview

Directory Server provides the following key features:

  • Multi-master replication - Provides a highly available directory service for both read and write operations. Multi-master replication can be combined with simple and cascading replication scenarios to provide a highly flexible and scalable replication environment.

  • Chaining and referrals - Increases the power of your directory by storing a complete logical view of your directory on a single server, while maintaining data on a large number of Directory Servers transparently for clients.

  • Roles and Class of Service - Provides a flexible mechanism for grouping and sharing attributes between entries in a dynamic fashion.

  • Improved access control mechanism - Provides support for macros that dramatically reduce the number of access control statements used in the directory and increase the scalability of access control evaluation.

  • Resource-limits by bind DN - Gives you the power to control the amount of server resources allocated to search operations based on the bind DN of the client.

  • Multiple databases - Provides a simple way of breaking down your directory data to simplify the implementation of replication and chaining in your directory service.

  • Password Policy and Account Lockout - Allows you to define a set of rules that govern how passwords and user accounts are managed in the Directory Server.

  • SSL - Provides secure communications over the network, including ciphers with up to 168-bit encryption.

The major components of Directory Server include:

  • An LDAP server - The core of the directory service, provided by the ns-slapd daemon and compliant with the LDAP v3 Internet standards.

  • Directory Server Console - An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. The directory console is part of Red Hat Console, the common management framework for LDAP directory services.

  • SNMP Agent - Permits you to monitor your Directory Server in real time using the Simple Network Management Protocol (SNMP).

  • Online backup and restore - Allows you to create backups and restore from backups while the server is running.

Further Details

For further details visit:

http://directory.fedora.redhat.com/wiki/Main_Page

Preparing Ubuntu

This howto assumes that you have a working installation of Ubuntu. I have added neccessay steps to prepare Ubuntu before you install Fedora Directory Server. This document describes howto install the Fedora Directory Server (FDS) on Ubuntu 5.10 (Breezy Badger).

Installation

Download Fedora Directory Server Pre-built rpm

Ubuntu 5.10 comes with libc6 version 2.3.5 and you need to download the version suitable for Fedora Core 3 and RHEL4. I assume here that you are using your home directory. It is your choice , select your own directory for downloading and use the path accordingly when you proceed with the installation

To download the prebuilt Fedora-ds rpm , you can type in a terminal: 

  wget -c http://directory.fedora.redhat.com/download/fedora-ds-1.0.1-1.RHEL4.i386.opt.rpm

or else you can use following url for downloading.

http://directory.fedora.redhat.com/wiki/Download

Installing Alien Package

Since we are going to use pre-built rpm to install Fedora Directory Server we need to convert rpm to .deb format before we intall Fedora-ds in Ubuntu. Alien is a tool which we can used to convert .rpm into .deb format. To install alien type in a terminal 

 sudo apt-get install alien

Convert .rpm Package to .deb Package

Now it is the time to convert downloaded Fedora-ds rpm. to .deb package in your home directory. 

 sudo alien fedora-ds-1.0.1-1.RHEL4.i386.opt.rpm

Install Dependencies

The Fedora Directory Server needs 'libtermcap.so.2', so let's install it. 

 sudo apt-get install termcap-compat

Installing Java Run Time Enviorenment

Fedora-ds console rquires Java Runtime Enviorenment (JRE). Either the Sun or the IBM JRE version 1.4.2 or later is required. In order to install the RPM, the IBM JRE is required before you install Fedora-ds.

The IBM JRE is available from http://www-128.ibm.com/developerworks/java/jdk/linux140/download.html

The Sun JRE is available from http://java.sun.com/j2se/1.4.2/download.html

I know it's annoying to have to do all the click throughs, licenses, registration, etc.

You should download j2re-1_4_2_10-linux-i586.bin if you are downloading from SUN. I assume that you are downloding this package to your home directory. After having finished downloading execute the following commands. 

 chmod +x j2re-1_4_2_10-linux-i586.bin

 ./j2re-1_4_2_10-linux-i586.bin

The above command will create a direcory called "j2re1.4.2_10" in your current directory. Move this directory to "/usr/local". This step is optional and this is the way which I like to do. You have the liberty to use your own locations. 

  sudo mv j2re1.4.2_10 /usr/local

Next I will rename the above directory to java. This step is optional and this is the way which I like to do, 

  sudo mv  /usr/local/j2re1.4.2_10 /usr/local/java

Setting JAVA_HOME enviorenment variable

When intall fedora-ds it will look for JAVA_HOME enviorenment variable and best place to set this is "/etc/profile". Use vi editor to open the file and set the following two lines. 

  sudo vi /etc/profile

 ...
 JAVA_HOME=/usr/local/java
 export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC JAVA_HOME
 ...

Now we need to make this user einvironment modification take effect. Use dot(.) command to achieve this. You do not need logoff and login again or reboot your system. 

 . /etc/profile

Installing Apache2

The Fedoroa-ds admin-server of depends on Apache2 compiled conform the worker model, so let's install it. 

 sudo apt-get install apache2-mpm-worker

In Fedora/RedHat Apache daemon is known ad "httpd" while Ubuntu is known as "apache2". Then we need to create sysmbolic links so that we can satisfy the Fedora-ds "setup" utility. 

 sudo ln -s /usr/sbin/apache2 /usr/sbin/httpd

Installing .deb package

I assume that you have built this package in your hone directory. 

 sudo dpkg -i fedora-ds_1.0.1-2_i386.deb

Creating a user and group for the daemon

Let's create a user and a group for the fedora-ds daemon. 

 sudo groupadd fds
 sudo useradd -s /bin/false -g fds fds

Runing Fedora-ds Setup Program

So far we have setup everything we need to run Fedora-ds setup program. Since setup utility will not find apache2 modules in Ubuntu that it required to operate. We will need to help it by creating an install.inf file by running the setup utility with the '-k' option " 

  sudo /opt/fedora-ds/setup/setup -k
  • Choose option '1' for as minimal questions as possible.
  • Choose 'fds' when asked which user and group apply. After finalizing the setup wizard, the directory server itself will be started as user 'fds'.
  • It listens on the port you just configured , I chose port '389', the default LDAP-port.

When done, copy the install.inf file to /opt 

  sudo cp /opt/fedora-ds/setup/install.inf /opt
  sudo chmod 640 /opt/install.inf

Now we have to edit the [admin] section of the install.inf using 

  sudo vi /opt/install.inf

and add "ApacheRoot= /usr/lib/apache2" as in the following example. {{{ Part of the file /opt/install.inf

  • ..

}}}

After having finished above execute the following command to re-run the setup program. 

 sudo /opt/fedora-ds/setup/setup -s -f /opt/install.inf

Adjusting the admin-server's httpd.conf file

Fedora-ds admin-server has its own httpd.conf file. Since some modules do not have to be loaded as they are compiled in statically we need to dissable them modules. Edit the file using vi and comment out the modules to dissable them. 

 /opt/fedora-ds/admin-serv/config/httpd.conf

After editing file should look like as follows. 

 ...
 #LoadModule access_module /usr/lib/apache2/modules/mod_access.so
 #LoadModule auth_module /usr/lib/apache2/modules/mod_auth.so
 #LoadModule log_config_module /usr/lib/apache2/modules/mod_log_config.so
 #LoadModule env_module /usr/lib/apache2/modules/mod_env.so
 ...
 #LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
 #LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
 ...
 #LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
 #LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
 ...
 #LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so
 ...

Starting the admin-server

Lets start the admin-sever 

 sudo /opt/fedora-ds/start-admin

If it starts, Good.

Cheers from Chinthaka.

Using Fedora-ds Managent console

I assume the follwing example configuration here.

  • Hostname:- dsmaster.fossedu.org

  • Console port:-16000

Execute the following command to start the console. Please use your settings accordingly and enter the admin password given by you at the time of running setup program. 

 cd /opt/fedora-ds
 ./startconsole -u admin -a http://dsmaster.fossedu.org:16000 &

CategoryDocumentation