Search

Chapter 4. Setting up a new instance as a non-root user

download PDF

If you do not have root permissions, you can perform the Directory Server installation as a user. Use this method to test Directory Server and develop LDAP applications. However, note that instances running by a non-root user have limitations, such as:

  • They do not support Simple Network Management Protocol (SNMP).
  • They can use only ports higher or equal to 1024.

4.1. Preparing the environment to install Directory Server as a user

Without root permissions, before you can create and administer Directory Server instances, you need to prepare a proper environment using the dscreate ds-root command.

Prerequisites

  • You installed the Directory Server packages as a root user.

Procedure

  1. Ensure you have $HOME/bin in your PATH variable. If not:

    1. Append the following to the ~/.bash_profile file:

      PATH="$HOME/bin:$PATH"
    2. Re-read the ~/bash_profile file:

      $ source ~/.bash_profile
  2. Configure the environment for an instance creation to use the custom location:

    $ dscreate ds-root $HOME/dsroot $HOME/bin

    This command replaces the standard installation paths with $HOME/dsroot/ and creates a copy of the standard Directory Server administration utilities in the $HOME/bin/ directory.

  3. To make the shell use new paths:

    1. Clear the cache:

      $ hash -r dscreate
    2. Verify that the shell uses the correct path to the command:

      $ which dscreate
      ~/bin/dscreate

For the dscreate command, the shell now uses the $HOME/bin/dscreate instead of /usr/bin/dscreate.

4.2. Installing a new instance as non-root user

To install Directory Server without root permissions, you can use the interactive installer. After the installation, Directory Server creates an instance in the custom location and a user can run dscreate, dsctl, dsconf utilities as usual.

Prerequisites

  • You prepared the environment for non-root installation.
  • You have sudo permissions to use the firewall-cmd utility If you want to make the Directory Server instance available from the outside.

Procedure

  1. Create an instance using the interactive installer

    1. Start the interactive installer:

      $ dscreate interactive
    2. Answer the questions of the interactive installer.

      To use the default values displayed in square brackets behind most questions in the installer, press Enter without entering a value.

      Note

      During the installation, you must choose the instance port and secure port number higher than 1024 (for example, 1389 and 1636). Otherwise, a user does not have permissions to bind to a privileged port (1-1023).

      Install Directory Server (interactive mode)
      ===========================================
      Non privileged user cannot use semanage, will not relabel ports or files.
      
      Selinux support will be disabled, continue? [yes]: yes
      
      Enter system's hostname [server.example.com]:
      
      Enter the instance name [server]: instance_name
      
      Enter port number [389]: 1389
      
      Create self-signed certificate database [yes]:
      
      Enter secure port number [636]: 1636
      
      Enter Directory Manager DN [cn=Directory Manager]:
      
      Enter the Directory Manager password: password
      Confirm the Directory Manager Password: password
      
      Enter the database suffix (or enter "none" to skip) [dc=server,dc=example,dc=com]: dc=example,dc=com
      
      Create sample entries in the suffix [no]:
      
      Create just the top suffix entry [no]: yes
      
      Do you want to start the instance after the installation? [yes]:
      
      Are you ready to install? [no]: yes
      Note

      Instead of setting a password in clear text you can set a {algorithm}hash string generated by the pwdhash utility.

  2. Optional: If you want to make the Directory Server instance available from the outside:

    1. Open the ports in the firewall:

      # sudo firewall-cmd --permanent --add-port={1389/tcp,1636/tcp}
    2. Reload the firewall configuration:

      # sudo firewall-cmd --reload

Verification

  • Run ldapsearch command to test that a user can connect to the instance:

    $ ldapsearch -D "cn=Directory Manager" -W -H ldap://server.example.com:1389 -b "dc=example,dc=com" -s sub -x "(objectclass=*)"
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.