Did you ever want to setup your own LDAP directory server, and just couldn’t seem to figure it out? Do you have trouble getting your Java VM to export $JAVA_HOME? Have you ever had some really hot pizza and burned then top of your mouth, and yet you kept eating it? Well then, you’re just like me! Read below to see what I have gone through (and still going through) to get Fedora Directory Server up and running.
If you’re reading this, you probably already know what LDAP is. If not, well, this article isn’t for you. But I’ll give you a quick little overview. LDAP stands for “Lightweight Directory Access Protocol”. In short, it’s a direcrory that can store info on users, groups, machines, etc. Microsoft’s Active Directory and Novell’s eDirectory are examples of commercial LDAP-compliant directories. But for our purposes, we’re sticking with open source (except for Java).
Here’s what I’m using:
Please note that on Fedora Core 5 I am not using SELinux. I don’t know what changes would need to be made to allow you to install/run/whatever FCDS. Also, as of October 8th, 2006 my FC5 system was completely up to date with all patches available via YUM. Also, if you have the openldap-servers and openldap-servers-sql packages installed, REMOVE THEM. I have run into a problem where duing the ./setup step below, the services keep failing to properly install/start. After removing these packages, I was able to complete the setup. After the fedora-ds setup is complete, you will be able to re-install these packages.
Let’s get started.
First, we’ll install java. Download the Sun Java Runtime Environment Release 9 self-extracting RPM. Then, from a bash prompt:
chmod a+x jre-1_5_9_09-linux-i586-rpm.bin
./jre-1_5_9_09-linux-i586-rpm.bin (follow prompts accepting defaults)
cd /etc/alternatives
ln -sf /opt/jre1.5.0_09/bin/java java
Now that Java is out of the way, it’s time to install the directory. Do this, and it’s installed:
rpm -ivh fedora-ds-1.0.2-1.linux-i586.opt.rpm
Now we need to setup the directory.
cd /opt/fedora-ds/setup/
./setup
Agree to the license terms. Type yes to continue. You may get a warning about memory size and file descriptors. Ignore these and continue.
You’ll be prompted as to the install mode. Choose “typical”, which is the default. After that, follow the prompts. Listed below is what I used for each entry. Make changes to hostname/dns names to meet your environment. Don’t forget the passwords you assign here, as you’ll need them.
Hostname to use: ironhide.cybertron.local
Server use ID to use: nobody
Server group ID to use: nobody
Do you want to register this software with an existing blah blah blah: No
Do you want to use another directory to store your data: No
Directory server network port: 389
Directory server identifier: ironhide
Administrator ID: admin
Suffix: dc=cybertron, dc=local
Directory Manager DN: cn=Directory Manager
Administrative domain: cybertron.local
Administration port: 64610
Run Administration Server as: root
Apache Directory: /usr/sbin
The administration port will be a random port between 1024 and 65540. You can also specify a specific port if you don’t want to use the random port for whatever reason.
Now it’s going to finish up and start the admin and slapd services for you. And it tells you to do the following:
cd /opt/fedora-dsDo that. The admin console should pop up and prompt you for the admin password. Enter the password here and it should launch and log in.
./startconsole -u admin -a http://ironhide.cybertron.local:64610/
Now that you’re in the console, you can browse your way around, create users, etc. Try out the web interface at http://youripaddress:whateverportyouuse/. It’s an easy way to make querys, create users, etc. However, it’s overall design does leave something to be desired, but that’s what tools like phpLDAPadmin are for.
To verifiy that ldap searches are working, do the following from a bash shell. It should return a bunch of stuff:
cd /opt/fedora-ds/shared/bin ./ldapsearch -s base -b "" "objectclass=*"
As for getting the services started up on boot, or just being able to access it via the “services” command, you’ll need to write your own rc script. I am no good at rc scripts. In fact, I don’t know much of anything about them. But here’s what I do know: there are smarter people than me writing docs on how to do things. So I found a nice little article on Linux.com, written by Brian K. Jones, about writing a rc script to control the DS service. I was able to follow it and modify his script to meet my needs. Some people in the comments of the article complain about it, but for my purposes it worked great (other than the $OPTIONS variable, which is why I manually added a call to my start-slapd script). You can find said article at Linux.com and searching or by clicking on this thing that some of us call a “link“.
Update:
I probably won’t ever write another thing about Fedora Directory Server. I’ve moved on to OpenLDAP under OpenSuse, and tied my Samba into that. On my Windows PCs, I’m using pGina to log in via my LDAP accounts. Some day, I might write config guides for how I made that work. But I’m more likely to not do anything.
