Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 1. Basic management tasks

Perform basic tasks of managing Red Hat Directory Server instances after the installation to maintain your directory environment and ensure continuous service availability.

The web console is a browser-based graphical user interface (GUI) that you can use for performing administrative tasks. The Red Hat Directory Server package automatically installs the Red Hat Directory Server user interface for the web console.

Prerequisites

  • You have permissions to access the web console.

Procedure

  1. Access the web console by using the following URL in your browser: 

    https://<directory_server_host>:9090
  2. Log in as a user with sudo privileges.

  3. Select the Red Hat Directory Server entry.

    Logging to DS web console

1.2. Starting and stopping a Directory Server instance
Copier lien

Start and stop Red Hat Directory Server instances to control the operational state of your directory server. Managing the server process helps you to apply configuration changes, perform maintenance tasks, and recover from interruptions, ensuring that directory services are available to clients when needed.

You can start, stop, and restart a Directory Server instance by using the command line or the web console.

Use the dsctl utility to start, stop, or restart a Directory Server instance.

Important

The dsctl utility is the only correct way to stop the Directory Server instances. Do not use the kill command to terminate the ns-slapd process to avoid any data loss and corruption.

Procedure

  • To start the instance, run: 

    # dsctl <instance_name> start

  • To stop the instance, run: 

    # dsctl <instance_name> stop

  • To restart the instance, run: 

    # dsctl <instance_name> restart

    Optionally, you can enable Directory Server instances to automatically start when the system boots:

  • For a single instance, run: 

    # systemctl enable dirsrv@<instance_name>

  • For all instances on a server, run: 

    # systemctl enable dirsrv.target

Verification

You can check the instance status by using the dsctl or systemctl utility:

  • To view the instance status by using the dsctl utility, run: 

    # dsctl <instance_name> status

  • To view the instance status by using the systemctl utility, run: 

    # systemctl status dirsrv@<instance_name>

Use the web console to start, stop, or restart a Directory Server instance.

Prerequisites

Procedure

  1. Select the Directory Server instance.

  2. Click the Actions button and select the action to execute:

    • Start Instance
    • Stop Instance

    • Restart Instance

      Starting and stopping a DS instance

Verification

  • Ensure that the Directory Server instance is running. When the instance is not running, the web console displays the following message: 

    This server instance is not running, either start it from the Actions dropdown menu, or choose a different instance.

1.3. Changing the LDAP and LDAPS port numbers
Copier lien

By default, Directory Server uses port 389 for the LDAP and, if you enabled, port 636 for the LDAPS protocol. You can change the port numbers, for example, to run multiple Directory Server instances on one host.

Important

Other services must not use new ports that you assigned to the protocols for an instance.

1.3.1. Changing the port numbers using the command line
Copier lien

Change LDAP and LDAPS ports in Red Hat Directory Server by modifying the nsslapd-port and nsslapd-securePort attributes. Modifying these settings helps you to resolve port conflicts with other services or adhere to specific security policies, ensuring that client applications connect to the correct interface.

Procedure

  1. Optionally: Display the current port numbers for the instance: 

    # dsconf <instance_name> config get nsslapd-port nsslapd-securePort

  2. Change the LDAP port:

    1. Set the new port for the LDAP protocol. For example, to set it to 1389, run: 

      # dsconf <instance_name> config replace nsslapd-port=1389

    2. Set the ldap_port_t type for the LDAP port you assigned in the previous step: 

      # semanage port -a -t ldap_port_t -p tcp 1389

  3. Change the LDAPS port:

    1. Set the new port for the LDAPS protocol. For example, to set it to 1636, run: 

      # dsconf <instance_name> config replace nsslapd-securePort=1636

    2. Set the ldap_port_t type for the LDAPS port you assigned in the previous step: 

      # semanage port -a -t ldap_port_t -p tcp 1636

  4. Restart the instance: 

    # dsctl <instance_name> restart

Verification

  1. Verify that Directory Server now uses the new LDAP port by the command: 

    # dsconf <instance_name> config get nsslapd-port

  2. Verify that Directory Server now uses the new LDAPS port number by the command: 

    # dsconf <instance_name> config get nsslapd-securePort

1.3.2. Changing the port numbers using the web console
Copier lien

Change the LDAP and LDAPS port numbers in Red Hat Directory Server to customize the server network configuration. Modifying these settings helps you to resolve port conflicts with other services or adhere to specific security policies, ensuring that client applications connect to the correct interface.

Prerequisites

  • You are logged in to the instance in the web console.

Procedure

  1. Change the LDAP port:

    1. Open the Server Setting menu.
    2. On the Server Setting tab, enter the new port number into the LDAP Port field.
  2. Click Save.

  3. Change the LDAPS port:

    1. Open the Server Setting menu.
    2. On the General Settings tab, enter the new port number into the LDAPS Port field.
    3. Click Save.
  4. Restart the instance by clicking Action and selecting Restart Instance.

Verification

  1. Verify in the server setting that the changed port is reflected .

Manage default options for command-line utilities in Red Hat Directory Server by configuring the .dsrc file. Storing frequently used parameters in the file helps you to execute commands efficiently without manually entering credentials and connection details for every operation.

1.4.1. How a .dsrc file simplifies commands
Copier lien

Simplify command-line administration in Red Hat Directory Server by storing default connection parameters, such as the instance name and credentials, in the .dsrc file.

You can specify the LDAP URL of an instance and a bind DN in a ~/.dsrc file as follows: 

# server1
uri = ldap://server1.example.com
binddn = cn=Directory Manager
basedn = dc=example,dc=com

For example, to create a user account run: 

# dsidm server1 user create

Without the ~/.dsrc file, you must specify the bind DN, LDAP URL, and base DN in the command as follows: 

# dsidm -D cn=Directory Manager ldap://server1.example.com -b "dc=example,dc=com" user create

1.4.2. Using the dsctl utility to create a .dsrc file
Copier lien

Use the dsctl dsrc create command to create a ~/.dsrc file instead of creating it manually. The following table lists the most common options of the command:

Expand
Table 1.1. Common dsctl dsrc create options
OptionDescription

--uri

Sets the URL to the instance in the format protocol://host_name_or_IP_address_or_socket.

Examples:

--uri ldap://server.example.com

--uri = ldaps://server.example.com

--uri = ldapi://%2Fvar%2Frun%2Fslapd-localhost.socket

When you set the path to the Directory Server socket, use %02 instead of slashes (/) in the path.

IMPORTANT
The server identifies the user ID (UID) and group ID (GID) of the user who runs the Directory Server command-line utility when you use the ldapi URL. If you run the command as the root user, both UID and GID are 0 and Directory Server automatically authenticates you as cn=Directory Manager without entering the corresponding password.

--starttls

Configures the utilities to connect to an LDAP port and then send the STARTTLS command to switch to an encrypted connection.

--basedn

Sets the base distinguished name (DN).

Example:

--basedn "dc=example,dc=com"

--binddn

Sets the bind DN.

Example:

--binddn "cn=Directory Manager"

--pwdfile

Sets the path to a file that contains the password of the bind DN.

Example:

--pwdfile /root/rhds.pwd

--tls-cacertdir

Sets the path to the directory with the certificate authority (CA) certificate that is required to verify the server’s certificate if you use the LDAPS connection.

Example:

--tls-cacertdir /etc/pki/CA/certs/

NOTE
You can use the c_rehash /etc/pki/CA/certs/ command only when you copy the CA certificate to the specified directory.

--tls-cert

Sets the absolute path to the server’s certificate.

Example:

--tls-cert /etc/dirsrv/slapd-<instance_name>/Server-Cert.crt

--tls-key

Sets the absolute path to the server’s private key.

Example:

--tls-key /etc/dirsrv/slapd-<instance_name>/Server-Cert.key

--tls-reqcert

Sets which checks the client utilities perform on server certificates in a TLS session.

The following parameters are available:

  • never: The utilities do not request or check the server certificate.
  • allow: The utilities ignore certificate errors and the connection is established anyway.
  • hard: The utilities terminate the connection on certificate errors.

--saslmech

Sets the SASL mechanism to use. Only two parameters are available: PLAIN or EXTERNAL.

Example:

--saslmech PLAIN

Procedure

  • To create a .dsrc file, run: 

    # dsctl <instance_name> dsrc create --uri ldap://server.example.com --basedn "dc=example,dc=com" --binddn "cn=Directory Manager" --pwdfile /root/rhds.pwd

To secure your connections, review how Red Hat Directory Server utilities resolve local and remote commands. Understanding how the server evaluates LDAP URLs, instance names, and configuration files helps you properly route and execute tasks.

You can call Red Hat Directory Server commands remotely and locally when securing the connection.

When you run a Red Hat Directory Server command with an LDAP URL specified, the server considers it as a remote connection and checks the /etc/openldap/ldap.conf configuration file along with system-wide settings to proceed with the command.

When you run a Red Hat Directory Server command with an instance name specified, the server checks if the ~/.dsrc file is present and applies the following logic to proceed:

  1. The Red Hat Directory Server considers the ~/.dsrc file as a remote connection and checks whether the /etc/openldap/ldap.conf configuration file and system-wide settings contain both the instance name and the LDAP URL.
  2. The Red Hat Directory Server considers the ~/.dsrc file as a local connection and uses the nsslapd-certdir setting from the local dse.ldif file to secure the connection if the ~/.dsrc file contains only the specified instance name, or if the ~/.dsrc file does not exist. The server uses the default path /etc/dirsrv/slapd-<instance_name>/ to store the Network Security Services (NSS) database of the instance if nsslapd-certdir is not present.
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Legal Notice

Theme

© 2026 Red HatRetour au début