Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 2. Setting up a new Directory Server instance

Directory Server supports creating a new instance:

Prerequisites

2.1. Setting up a new instance on the command line using a .inf file
Copiar o link

Installing Directory Server using a .inf enables you to customize advanced settings. For example, in addition to the settings in the interactive installer and the Web Console, you can customize in the .inf file the following settings:

  • The user and group the ns-slapd Directory Server process uses after the service started. Note that you must manually create the user and group before you start the installation.
  • Paths, such as the configuration, backup, and data directory.
  • Certificate validity.
  • Disabling strict host checking, when installing the instance with GSSAPI behind a load balancer.

This section describes:

If you want to set only the frequently used configuration parameters during the installation, you can use the interactive installer. For details, see Section 2.2, “Setting up a new instance on the command line using the interactive installer”.

2.1.1. Creating a .inf file for a Directory Server instance installation
Copiar o link

In this section you learn how to create a .inf configuration file for the dscreate utility and how to adjust the .inf file to your environment. In a later step, you will use this file to create the new Directory Server instance.

Procedure

  1. Use the dscreate create-template command to create a template .inf file. For example, to store the template in the /root/instance_name.inf file: 

    # dscreate create-template /root/instance_name.inf

    The created file has all available parameters with descriptions

  2. Edit the file that you create in the previous step:

    1. Uncomment the parameters that you want to set to customize the installation.

      Note

      All parameters have defaults. However, Red Hat recommends to customize certain parameters for a production environment.

      For example, set at least the following parameters: 

      [slapd]
# instance_name (str)
# Description: ...
# Default value: localhost
instance_name = instance_name

# root_password (str)
# Description: ...
# Default value: directory manager password
root_password = password

      The template file that you create with the dscreate create-template command contains the comprehensive list of parameters you can configure in these sections.

    2. To automatically create a suffix during instance creation:

      1. Uncomment the create_suffix_entry parameter, and set it to true: 

        # create_suffix_entry (bool)
# Description: ...
# Default value: False
create_suffix_entry = True

      2. Uncomment the suffix parameter, and set a suffix: 

        # suffix (str)
# Description: ...
# Default value:
suffix = dc=example,dc=com
        Important

        Instead of creating the suffix during instance creation, you can create it later as described in Creating Databases in the Red Hat Directory Server Administration Guide. However, without creating a suffix, you cannot store data in this instance.

    3. Optionally, uncomment other parameters and set them to appropriate values for your environment. For example, use these parameters to specify different ports for the LDAP and LDAPS protocol.

      Note

      By default, new instances that you create include a self-signed certificate and TLS enabled. For increased security, Red Hat recommends that you do not disable this feature. Note that you can replace the self-signed certificate with a certificate issued by a Certificate Authority (CA) at a later date.

Additional resources
  • For a full list of parameters that you can set in the .inf file and descriptions of each parameter, see the template file that the dscreate create-template command creates.
  • For details about installing a certificate after the installation, see the Managing the NSS Database Used by Directory Server section in the Red Hat Directory Server Administration Guide.

2.1.2. Using a .inf file to set up a new Directory Server instance
Copiar o link

This section describes how to use a .inf file to set up a new Directory Server instance using the command line.

Prerequisites
Procedure

  1. Pass the .inf file to the dscreate from-file command to create the new instance. For example: 

    # dscreate from-file /root/instance_name.inf
Starting installation...
Completed installation for instance_name

    The created instance is automatically started and configured to start when the system boots.

  2. Open the required ports in the firewall. See Section 2.1.3, “Opening required ports in the firewall”

2.1.3. Opening required ports in the firewall
Copiar o link

To allow other machines to connect to Directory Server over the network, open the required ports in the local firewall.

If no ports were specified during the instance creation, the instance uses port 389 for the LDAP and port 636 for the LDAPS protocol.

Prerequisites
  • The port numbers for the LDAP and LDAPS protocols set during the instance creation.
Procedure

  1. Ensure that the firewalld service is running.

    • To find out if firewalld is currently running: 

      # systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2018-06-15 14:06:33 CEST; 1h 17min ago
   ...

    • To start firewalld and configure the service to start automatically when the system boots: 

      # systemctl start firewalld
# systemctl enable firewalld

  2. Open the required ports using the firewall-cmd utility. For example, to open the LDAP and LDAPS default ports in the default firewall zone: 

    # firewall-cmd --permanent --add-port={389/tcp,636/tcp}

  3. Reload the firewall configuration to ensure that the change occurs immediately: 

    # firewall-cmd --reload
Additional resources
  • For details on using firewall-cmd to open ports on a system, see the Red Hat Enterprise Linux Security Guide or the firewall-cmd(1) man page.

2.2. Setting up a new instance on the command line using the interactive installer
Copiar o link

Administrators can use the Directory Server interactive installer set up a new instance by answering questions about the configuration for the new instance.

For a list of settings supported by the interactive installer, see Section 2.2.1, “Settings supported in the interactive installer”

This section describes:

If you want to customize additional settings during the installation, use a .inf file instead of the interactive installer. For details, see Section 2.1, “Setting up a new instance on the command line using a .inf file”.

2.2.1. Settings supported in the interactive installer
Copiar o link

If you use the interactive installer, you can set the following settings:

  • Host name of the system
  • Enabling or disabling strict host name validation
  • Name of the instance
  • LDAP port number
  • LDAPS port number
  • Auto-creation of a self-signed certificate
  • DN of the directory manager account
  • Password of the directory manager account
  • Optional creation of a database suffix

2.2.2. Creating an instance using the interactive installer
Copiar o link

To start the interactive installer to set up a new instance, enter: 

# dscreate interactive

To use the default values displayed in square brackets behind most questions in the installer, press Enter without entering a value.

Example 2.1. Using the interactive installer

# dscreate interactive
Install Directory Server (interactive mode)
===========================================

Enter system's hostname [server.example.com]:

Enter the instance name [server]: instance_name

Enter port number [389]:

Create self-signed certificate database [yes]:

Enter secure port number [636]:

Enter Directory Manager DN [cn=Directory Manager]:

Enter the Directory Manager password: password
Confirm the Directory Manager Password: password

Enter the database suffix (or enter "none" to skip) [dc=server,dc=example,dc=com]: dc=example,dc=com

Create sample entries in the suffix [no]:

Create just the top suffix entry [no]: yes

Do you want to start the instance after the installation? [yes]:

Are you ready to install? [no]: yes
Starting installation...
Completed installation for instance_name
Note

Instead of setting a password in clear text you can set a {algorithm}hash string generated by the pwdhash utility.

2.2.3. Opening required ports in the firewall
Copiar o link

To allow other machines to connect to Directory Server over the network, open the required ports in the local firewall.

If no ports were specified during the instance creation, the instance uses port 389 for the LDAP and port 636 for the LDAPS protocol.

Prerequisites
  • The port numbers for the LDAP and LDAPS protocols set during the instance creation.
Procedure

  1. Ensure that the firewalld service is running.

    • To find out if firewalld is currently running: 

      # systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2018-06-15 14:06:33 CEST; 1h 17min ago
   ...

    • To start firewalld and configure the service to start automatically when the system boots: 

      # systemctl start firewalld
# systemctl enable firewalld

  2. Open the required ports using the firewall-cmd utility. For example, to open the LDAP and LDAPS default ports in the default firewall zone: 

    # firewall-cmd --permanent --add-port={389/tcp,636/tcp}

  3. Reload the firewall configuration to ensure that the change occurs immediately: 

    # firewall-cmd --reload
Additional resources
  • For details on using firewall-cmd to open ports on a system, see the Red Hat Enterprise Linux Security Guide or the firewall-cmd(1) man page.

2.3. Setting up a new instance using the web console
Copiar o link

Administrators can use the web console to create a new instance using a browser-based interface.

This section describes:

2.3.1. Using the web console to set up a new Directory Server instance
Copiar o link

This section describes how to use the web console to set up a new Directory Server instance.

Prerequisites

  • The web console is installed on the server, and port 9090 is opened in the local firewall.

    For details, see the Installing the web console section in the Managing systems using the RHEL 8 web console guide.

Procedure

  1. Use a browser to connect to the web console running on port 9090 on the Directory Server host. For example: 

    https://server.example.com:9090
  2. Log in as the root user or as a user with sudo privileges.
  3. Select the Red Hat Directory Server entry.

  4. Create a new instance:

    • If no instance exists on the server, click the Create New Instance button.
    • If the server already runs existing instances, select Actions and click Create Instance.

  5. Complete the fields of the Create New Server Instance form:

    create new server instance

    • Instance Name: Sets the name of the instance.

      Important

      You cannot change the name of an instance after it has been created.

    • Port: Sets the port number of the LDAP protocol. The port must not be in use by another instance or service. The default port is 389.
    • Secure Port: Sets the port number of the LDAPS protocol. The port must not be in use by another instance or service. The default port is 636.

    • Create Self-Signed TLS Certificate DB: Enables TLS encryption in the instance, and creates a self-signed certificate.

      Important

      For increased security, Red Hat recommends that you create the new instance with the self-signed certificate and TLS enabled. Note that you can replace the self-signed certificate with a certificate issued by a Certificate Authority (CA) at a later date.

    • Directory Manager DN: Sets the distinguished name (DN) of the administrative user of the instance. The default value is cn=Directory Manager.
    • Directory Manager Password: Set’s the password of the administrative user of the instance.
    • Confirm Password: Must be set to the same value as in the Directory Manager Password field.
    • Database Suffix: Sets the suffix for the back end. The default value is dc=example,dc=com.
    • Database Name: Sets the name of the back end database. Filling this field is required if you specify a back end suffix.

  6. Select one of the following options:

    • Do Not Initialize Database: The installer does not create a database and suffix.
    • Create Suffix Entry: The installer creates the database and suffix based on the values filled in the Database Suffix and Database Name fields.

    • Create Suffix Entry And Add Sample Entries: The installer creates the database and suffix based on the values filled in the Database Suffix and Database Name fields. Additionally, the installer creates example entries in the directory.

      Note

      If you do not create the suffix during the installation, you must manually create it later before you can add entries to the directory.

  7. Click Create Instance.

    The new instance starts and is configured to start automatically when the system boots.

  8. Open the required ports in the firewall. See Section 2.3.2, “Opening required ports in the firewall”
Additional resources

2.3.2. Opening required ports in the firewall
Copiar o link

To allow other machines to connect to Directory Server over the network, open the required ports in the local firewall.

If no ports were specified during the instance creation, the instance uses port 389 for the LDAP and port 636 for the LDAPS protocol.

Prerequisites
  • The port numbers for the LDAP and LDAPS protocols set during the instance creation.
Procedure

  1. Ensure that the firewalld service is running.

    • To find out if firewalld is currently running: 

      # systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2018-06-15 14:06:33 CEST; 1h 17min ago
   ...

    • To start firewalld and configure the service to start automatically when the system boots: 

      # systemctl start firewalld
# systemctl enable firewalld

  2. Open the required ports using the firewall-cmd utility. For example, to open the LDAP and LDAPS default ports in the default firewall zone: 

    # firewall-cmd --permanent --add-port={389/tcp,636/tcp}

  3. Reload the firewall configuration to ensure that the change occurs immediately: 

    # firewall-cmd --reload
Additional resources
  • For details on using firewall-cmd to open ports on a system, see the Red Hat Enterprise Linux Security Guide or the firewall-cmd(1) man page.
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2026 Red HatVoltar ao topo