Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 2. Setting up an instance using the command line

On the command line, you can use either a .inf file or interactive installer to set up a new instance. Additionally, you can set up a new instance as a non-root user.

2.1. Prerequisites
Link kopieren

2.2. Setting up a new instance on the command line using a .inf file
Link kopieren

When you set up Directory Server using a .inf file on the command line you can customize advanced settings. For example, you can customize in the .inf file the following settings:

  • The user and group the ns-slapd Directory Server process uses after the service has started. Note that, if you use a different user and group, you must manually create the user and group before you start the installation.
  • Paths, such as the configuration, backup, and data directory.
  • Certificate validity.

2.2.1. Installing the Directory Server packages
Link kopieren

Use the following procedure to install the Directory Server packages.

Prerequisites

Procedure

  1. Enable the redhat-ds:12 module and install Directory Server packages: 

    # dnf module enable redhat-ds:12
# dnf install 389-ds-base cockpit-389-ds
    Copy to Clipboard Toggle word wrap

Create a .inf file for the dscreate utility, and adjust the file to your environment. In a later step, you will use this file to create the new Directory Server instance.

Prerequisites

  • You installed the redhat-ds:12 module.

Procedure

  1. Use the dscreate create-template command to create a template .inf file. For example, to store the template in the /root/instance_name.inf file, enter: 

    # dscreate create-template /root/instance_name.inf
    Copy to Clipboard Toggle word wrap

    The created file contains all available parameters including descriptions.

  2. Edit the file that you created in the previous step:

    1. Uncomment the parameters that you want to set to customize the installation.

      All parameters have defaults. However, customize certain parameters for a production environment. For example, set at least the following parameters in the [slapd] section: 

      instance_name = instance_name
root_password = password
      Copy to Clipboard Toggle word wrap

      By default, Directory Server creates an instance with the Berkeley Database (BDB). To install an instance with the LMDB backend that is a Technology Preview starting with Directory Server 12.5, set the following parameters: 

      db_lib = mdb
mdb_max_size = 21474836480
      Copy to Clipboard Toggle word wrap

      Note that mdb_max_size must be an integer value that depends on your directory size. For more details, see nsslapd-mdb-max-size attribute description.

    2. To automatically create a suffix during instance creation, set the following parameters in the [backend-userroot] section: 

      create_suffix_entry = True
suffix = dc=example,dc=com
      Copy to Clipboard Toggle word wrap
      Important

      If you do not create a suffix during instance creation, you must create it later manually before you can store data in this instance.

    3. Optional: Uncomment other parameters and set them to appropriate values for your environment. For example, use these parameters to specify replication options, such as authentication credentials and changelog trimming, or set different ports for the LDAP and LDAPS protocols.

      Note

      By default, new instances that you create include a self-signed certificate and TLS enabled. For increased security, do not disable this feature. Note that you can replace the self-signed certificate with a certificate issued by a Certificate Authority (CA) at a later date.

2.2.3. Using a .inf file to set up a new Directory Server instance
Link kopieren

This section describes how to use a .inf file to set up a new Directory Server instance using the command line.

Prerequisites

  • You created a .inf file for the Directory Server instance.

Procedure

  1. Pass the .inf file to the dscreate from-file command to create the new instance: 

    # dscreate from-file /root/instance_name.inf
Starting installation ...
Validate installation settings ...
Create file system structures ...
Create self-signed certificate database ...
Perform SELinux labeling ...
Perform post-installation tasks ...
Completed installation for instance: slapd-instance_name
    Copy to Clipboard Toggle word wrap

    The dscreate utility automatically starts the instance and configures RHEL to start the service when the system boots.

  2. Open the required ports in the firewall: 

    # firewall-cmd --permanent --add-port={389/tcp,636/tcp}
    Copy to Clipboard Toggle word wrap

  3. Reload the firewall configuration: 

    # firewall-cmd --reload
    Copy to Clipboard Toggle word wrap

Administrators can use the Directory Server interactive installer to set up a new instance by answering questions about the configuration for the new instance.

If you want to customize additional settings during the installation, use a .inf file instead of the interactive installer. For details, see Setting up a new instance on the command line using a .inf file.

2.3.1. Prerequisites
Link kopieren

2.3.2. Installing the Directory Server packages
Link kopieren

Use the following procedure to install the Directory Server packages.

Prerequisites

Procedure

  1. Enable the redhat-ds:12 module and install Directory Server packages: 

    # dnf module enable redhat-ds:12
# dnf install 389-ds-base cockpit-389-ds
    Copy to Clipboard Toggle word wrap

2.3.3. Creating an instance using the interactive installer
Link kopieren

This section explains how to use the interactive installer to create a new Directory Server instance.

Procedure

  1. Start the interactive installer: 

    # dscreate interactive
    Copy to Clipboard Toggle word wrap

  2. Answer the questions of the interactive installer.

    To use the default values displayed in square brackets behind most questions in the installer, press Enter without entering a value. 

    Install Directory Server (interactive mode)
===========================================

Enter system's hostname [server.example.com]:

Enter the instance name [server]: instance_name

Enter port number [389]:

Create self-signed certificate database [yes]:

Enter secure port number [636]:

Enter Directory Manager DN [cn=Directory Manager]:

Enter the Directory Manager password: password
Confirm the Directory Manager Password: password

Choose whether mdb or bdb is used. [bdb]:
    Copy to Clipboard Toggle word wrap
    Note

    By default, Directory Server creates an instance with the Berkeley Database (BDB). To install an LMDB instance that is a Technology Preview starting with Directory Server 12.5, set mdb and, on the next step, set the LMDB database size in bytes. 

    Enter the database suffix (or enter "none" to skip) [dc=server,dc=example,dc=com]: dc=example,dc=com

Create sample entries in the suffix [no]:

Create just the top suffix entry [no]: yes

Do you want to start the instance after the installation? [yes]:

Are you ready to install? [no]: yes
    Copy to Clipboard Toggle word wrap
    Note

    Instead of setting a password in clear text you can set a {algorithm}hash string generated by the pwdhash utility. For example: 

    Enter the Directory Manager password: {PBKDF2-SHA512}100000$Haw7UDcBKUBejEjOTVHbiefT6cokHLo2$PeoP7W3B92Jzby7DGRkicovTN4LDGhnsC4EWCsv6crA2KA0Xn6rxPePX9UXhlM2utOPSQHeVpZzscNTx+fGi7A==
    Copy to Clipboard Toggle word wrap

  3. Open the required ports in the firewall: 

    # firewall-cmd --permanent --add-port={389/tcp,636/tcp}
    Copy to Clipboard Toggle word wrap

  4. Reload the firewall configuration: 

    # firewall-cmd --reload
    Copy to Clipboard Toggle word wrap

2.4. Setting up a new instance as a non-root user
Link kopieren

If you do not have root permissions, you can perform the Directory Server installation as a non-root user. Use this method to test Directory Server and develop LDAP applications. However, note that instances running by a non-root user have limitations, such as:

  • They do not support Simple Network Management Protocol (SNMP).
  • They can use only ports higher or equal to 1024.

As a non-root user, before you can create and administer Directory Server instances, you need to prepare a proper environment by using the dscreate ds-root command.

Prerequisites

  • You installed the Directory Server packages as a root user.

Procedure

  1. Ensure you have $HOME/bin in your PATH variable. If not:

    1. Append the following to the ~/.bash_profile file: 

      PATH="$HOME/bin:$PATH"
      Copy to Clipboard Toggle word wrap

    2. Re-read the ~/bash_profile file: 

      $ source ~/.bash_profile
      Copy to Clipboard Toggle word wrap

  2. Configure the environment for an instance creation to use the custom location: 

    $ dscreate ds-root $HOME/dsroot $HOME/bin
    Copy to Clipboard Toggle word wrap

    This command replaces the standard installation paths with $HOME/dsroot/ and creates a copy of the standard Directory Server administration utilities in the $HOME/bin/ directory.

  3. To make the shell use new paths:

    1. Clear the cache: 

      $ hash -r dscreate
      Copy to Clipboard Toggle word wrap

    2. Verify that the shell uses the correct path to the command: 

      $ which dscreate
~/bin/dscreate
      Copy to Clipboard Toggle word wrap

For the dscreate command, the shell now uses the $HOME/bin/dscreate instead of /usr/bin/dscreate.

2.4.2. Installing a new instance as non-root user
Link kopieren

To install Directory Server without root permissions, you can use the interactive installer. After the installation, Directory Server creates an instance in the custom location and a user can run dscreate, dsctl, dsconf utilities as usual.

Prerequisites

  • You prepared the environment for non-root installation.
  • You have sudo permissions to use the firewall-cmd utility If you want to make the Directory Server instance available from the outside.

Procedure

  1. Create an instance using the interactive installer

    1. Start the interactive installer: 

      $ dscreate interactive
      Copy to Clipboard Toggle word wrap

    2. Answer the questions of the interactive installer.

      To use the default values displayed in square brackets behind most questions in the installer, press Enter without entering a value.

      Note

      During the installation, you must choose the instance port and secure port number higher than 1024 (for example, 1389 and 1636). Otherwise, a user does not have permissions to bind to a privileged port (1-1023). 

      Install Directory Server (interactive mode)
===========================================
Non privileged user cannot use semanage, will not relabel ports or files.

Selinux support will be disabled, continue? [yes]: yes

Enter system's hostname [server.example.com]:

Enter the instance name [server]: instance_name

Enter port number [389]: 1389

Create self-signed certificate database [yes]:

Enter secure port number [636]: 1636

Enter Directory Manager DN [cn=Directory Manager]:

Enter the Directory Manager password: password
Confirm the Directory Manager Password: password

Choose whether mdb or bdb is used. [bdb]:
      Copy to Clipboard Toggle word wrap
      Note

      By default, Directory Server creates an instance with the Berkeley Database (BDB). To install an LMDB instance that is a Technology Preview starting with Directory Server 12.5, set mdb and, on the next step, set the LMDB database size in bytes. 

      Enter the database suffix (or enter "none" to skip) [dc=server,dc=example,dc=com]: dc=example,dc=com

Create sample entries in the suffix [no]:

Create just the top suffix entry [no]: yes

Do you want to start the instance after the installation? [yes]:

Are you ready to install? [no]: yes
      Copy to Clipboard Toggle word wrap
      Note

      Instead of setting a password in clear text you can set a {algorithm}hash string generated by the pwdhash utility. For example: 

      Enter the Directory Manager password: {PBKDF2-SHA512}100000$Haw7UDcBKUBejEjOTVHbiefT6cokHLo2$PeoP7W3B92Jzby7DGRkicovTN4LDGhnsC4EWCsv6crA2KA0Xn6rxPePX9UXhlM2utOPSQHeVpZzscNTx+fGi7A==
      Copy to Clipboard Toggle word wrap

  2. Optional: If you want to make the Directory Server instance available from the outside:

    1. Open the ports in the firewall: 

      # sudo firewall-cmd --permanent --add-port={1389/tcp,1636/tcp}
      Copy to Clipboard Toggle word wrap

    2. Reload the firewall configuration: 

      # sudo firewall-cmd --reload
      Copy to Clipboard Toggle word wrap

Verification

  • Run ldapsearch command to test that a user can connect to the instance: 

    $ ldapsearch -D "cn=Directory Manager" -W -H ldap://server.example.com:1389 -b "dc=example,dc=com" -s sub -x "(objectclass=*)"
    Copy to Clipboard Toggle word wrap
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat