User Tools
Sidebar
snippets:linux_quickshotsetups:rhds_rhel6
Table of Contents
What?
Setup of RHDS (red hat directory server) on rhel6, just for testing.
RHDS setup on rhel6
# setup rhel6u7 echo '* - nofile 8192' >>/etc/security/limits.conf echo 'session required /lib/security/$ISA/pam_limits.so' >> \ /etc/pam.d/system-auth rhn_register rhn-channel -a -c rhel-x86_64-server-6-rhdirserv-9 yum install -y java-1.6.0-openjdk /usr/sbin/alternatives --config java yum install -y redhat-ds /usr/sbin/setup-ds-admin.pl chkconfig dirsrv on chkconfig dirsrv-admin on # requirements to start the idm-console: yum -y install 'xorg-x11-font*' xauth # log out and in again to get x-forwarding working # This was on rhel5, since rhel6 we do not ship these utils: # echo 'export PATH=/usr/lib64/mozldap/:$PATH' >>/etc/profile # for now using openldap client tools, test ldapsearch ldapsearch -x -b dc=fluxcoil,dc=net '(cn=*)' ldapsearch -x -b dc=fluxcoil,dc=net -D 'cn=Directory Manager' -W '(cn=*)' # lets fill in some data wget ldap_initial_datasets_rhds.ldif ldapadd -x -D 'cn=Directory Manager' -W -f ldap_initial_datasets_rhds.ldif
setting up ssl/tls
cd /etc/dirsrv/slapd-* tar -cf /tmp/db-backup.tar * (umask 377; echo secret >/tmp/pwdfile) chown nobody /tmp/pwdfile certutil -N -d . -f /tmp/pwdfile certutil -S -n "CA certificate" \ -s "cn=My Org CA cert,dc=example,dc=com" -2 -x -t "CT,," \ -m 1000 -v 120 -d . -k rsa -f /tmp/pwdfile certutil -S -n "Server-Cert" -s "cn=rhel6u7a.fluxcoil.net" \ -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d . \ -k rsa -f /tmp/pwdfile certutil -d . -L -n "CA certificate" -a > cacert.asc openssl x509 -in cacert.asc -noout -text (umask 377; echo 'Internal (Software) Token:secret' >pin.txt) chown nobody:nobody pin.txt # verify currently we only listen on :389 netstat -ntlp # login with 'cn=Directory Manager' / $chosenpassword, # then activate encryption: /usr/bin/redhat-idm-console -a http://localhost:9830 # click "Directory Server", open # configuration, encryption, "enable SSL for this server" # "use this cyper family: RSA", save # here activate ssl, then close the console service dirsrv restart # verify we now listen at :636 additionally netstat -ntlp
using ssl/tls as client
# create the hashes, we will be using the # cacert /etc/dirsrv/slapd-*/cacert.asc cacertdir_rehash /etc/dirsrv/slapd-*/ # now configure the openldap client utilities to use the cacert sed -ie 's,^TLS_CACERTDIR,#TLS_CACERTDIR,' /etc/openldap/ldap.conf echo 'TLS_CACERTDIR /etc/dirsrv/slapd-rhel6u7a' >>/etc/openldap/ldap.conf # now verify tls works ldapsearch -x -b dc=fluxcoil,dc=net -h rhel6u7a.fluxcoil.net -ZZZ '(cn=*)'
setting users passwords
# now with the secured connection, setting passwords works: ldappasswd -x -h rhel6u7a.fluxcoil.net -D 'cn=Directory Manager' \ -W -s redhat -ZZ cn=user0,ou=users,dc=fluxcoil,dc=net ldappasswd -x -h rhel6u7a.fluxcoil.net -D 'cn=Directory Manager' \ -W -s redhat -ZZ cn=user1,ou=users,dc=fluxcoil,dc=net # verify bind with new password works ldapsearch -x -b dc=fluxcoil,dc=net \ -D 'cn=user0,ou=users,dc=fluxcoil,dc=net' -w redhat -ZZZ '(cn=*)'
snippets/linux_quickshotsetups/rhds_rhel6.txt ยท Last modified: 2024/03/04 23:56 by chris
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
