ITDS installation and basic configuration on Intel Linux
This section describes the installation and basic configuration of ITDS 5.2 on Intel Linux based platforms. For the latest information and updates, as well as code downloads, please check the IBM site at:
ITDS 5.2 has several installation options. You can install using an InstallShield graphical user interface (GUI) or use platform-specific installation methods such as the command line or installation tools for the operating system. This chapter focuses on the GUI installation. For more information on the other types of installation options, please refer to the ITDS documentation at:
Before installing, see IBM Tivoli Directory Server Version 5.2 Server Readme, GI11-4151, for any updated information about supported versions of the Linux operating system. The readme file is in the root directory of the CD or the directory where you extracted the server package. After installing, the readme file is located in the installpathdoclang directory in files server.txt, server.pdf, and server.htm, where:
•installpath is the location where IBM Tivoli Directory Server is installed.
•lang is the locale you chose when you installed IBM Tivoli Directory Server; for example, for United States English the locale is en_US.
Also see the IBM Tivoli Directory Server Version 5.2 Readme Addendum which contains the latest information. The latest version of the Readme Addendum can be found online with the ITDS product documentation:
7.1 Installable components
When you install IBM Tivoli Directory Server, you can install either the client or the server, which requires the client.
In addition, you can install the Web Administration Tool on an application server, with or without the server or the client. You can use the Web Administration Tool to administer IBM Tivoli Directory Server servers either locally or remotely. You can install a single Web Administration console to manage multiple IBM Tivoli Directory Server servers. You can manage servers from previous releases, including SecureWay Directory 3.2.x and IBM Directory Server version 4.1 and 5.1. See Requirements for the Web Administration Tool in “Web Administration Tool” on page 161 for a complete list of servers that can be managed.
•Client: (Required) Includes a number of key libraries and command utilities required by the server. The client also includes a “C” Development SDK. This component can be installed standalone and requires no other components to be installed. GSKit must be installed if you require SSL for stronger security.
•Server: (Required) The core LDAP server component. You must install at least the client and DB2 in conjunction with the server.
•IBM GSKit: (Optional) IBM Global Security Kit (GSKit) Version 7a is an software package that is required only if Secure Sockets Layer (SSL) Security or Transport Layer Security (TLS) is required.
•IBM WebSphere Express Application Server: (Optional) To use the Web Administration Tool, an application server is required. The embedded version of IBM WebSphere Application Server - Express V5.0.2 is provided with ITDS as an application server.
|
Note: During the writing of this book, the IBM WebSphere Express Application Server did not function properly on Red Hat Enterprise Linux (RHEL) 3. Do not install it until this issue has been resolved.
|
•Web Administration Tool: (Optional) A Web-based tool used to manage any number of distributed IBM Tivoli Directory Servers as well as prior versions of IBM’s Directory Server product line. In order to install the Web Administration tool, you will need to have a supported Application Server already installed or the bundled IBM WebSphere Express Application Server is required.
•IBM DB2: (Required) IBM DB2 Universal Database is used as the underling data storage mechanism for the server.
In order to install the server, at a bare minimum you must install a client, server, and DB2. If you want to require secure access over SSL to the LDAP Server or Web Administration Tool, you will also need to install GSKIT. Finally, if you have not yet installed the Web Administration Tool anywhere else, you will need to install it along with a supported application server.
7.2 Installation and configuration checklist
Below you will find an abbreviated checklist that contains a high-level summary of the steps required to install and configure ITDS to the point where you can add your own data. Many of these steps are optional but all are recommended in order to provide a well-tuned, high-performance, and secure directory service environment.
|
ITDS 5.2 installation checklist:
1. Verify that the hardware and operating system meet minimum requirements. See “System and software requirements” on page 159.
2. Obtain product including latest relevant Fixpacks.
3. Operating system configuration and tuning.
4. Basic Product Installation. See “Installing the server” on page 162.
5. Add Administrator DN and password. See “Configuring the Administrator DN and password” on page 166.
6. Configure database. See “Configuring the database” on page 167.
7. Add suffix. See “Adding a suffix” on page 173.
8. Tune DB2. See “DB2 tuning” on page 491.
9. Tune slapd parameters in ibmslapd.conf. See “Additional slapd and ibmslapd settings” on page 488.
10. Schema customization. See “Modifying the schema” on page 292.
11. Configure ITDS.
c. TCP/IP Ports ITDS uses.
d. Password encryption. See “Password encryption” on page 451.
e. Password policy enforcement. See “Password policy enforcement” on page 437.
f. SSL / TLS, Kerberos, and Digest-MD5. See “SSL/TLS support” on page 455.
g. Log locations and settings. See “Enabling and disabling the change log” on page 176
|
7.3 System and software requirements
To install the IBM Tivoli Directory Server client and server packages, administer the server, and use the IBM Global Security Kit (GSKit), your computer must meet the minimum system requirements as outlined in this section.
7.3.1 ITDS Client
The IBM Tivoli Directory Server Client SDK provides the tools required to develop LDAP applications as well as a number of the most commonly used command line utilities for manipulating LDAP data within the directory. The following are provided:
•Client libraries that provide a set of C-language APIs
•C header files for building and compiling LDAP applications
•Documentation that describes the programming interface and the sample programs
•Sample programs in source form
•Executable versions of the sample programs:
– ldapmodrdn: LDAP modify relative distinguished name
– ldapdelete: LDAP delete
– ldapmodify: LDAP modify
– ldapsearch: LDAP search
– ldapadd: LDAP add (a renamed version of ldapmodify)
– ldapchangepwd: LDAP change password
– ldapexop: LDAP extended operations
The following are the system and software requirements for the ITDS client on Linux.
•Operating system requirements
– Red Hat Enterprise Linux 3.0
– UnitedLinux 1.0
– SuSE Linux Enterprise Server 8
•Memory requirements
A minimum of 128 MB RAM is required. For better results, use 256 MB or more.
•Disk space requirements
You have at least 100 MB of free space in the /var directory and at least 200 MB of free space in the /tmp directory.
•Other requirements
The following additional requirements may apply:
– The Korn shell is required.
– To use IBM GSKit, the IBM JRE or JDK 1.4.1 or an equivalent JRE or JDK is required.
7.3.2 ITDS Server (including client)
The server consists of the following components:
•The server executable ibmslapd
•Command line import/export utilities
•Web-based GUI for administering the directory: Web Administration Tool
•Server configuration and database utilities GUI for configuring the directory: Configuration Tool (ldapxcfg)
•On-line Web Administration Tool and Configuration Tool helps
•The ITDS Client
The requirements are:
•Operating system requirements
– UnitedLinux 1.0 (including SP2®)
– SuSE Linux Enterprise Server 8
– Red Hat Enterprise Linux 3.0
•Memory requirements
A minimum of 256 MB RAM is required. For better results, 512 MB or more is recommended.
•Disk space requirements
– You must have at least 100 MB of free space in the /var directory and at least 400 MB in the /tmp directory.
– You will need 460–660 MB of disk space for the ITDS software on the device you choose to install onto. If DB2 is already installed, then you will need 160 MB to install the other ITDS components.
– Disk space required for data storage is dependent upon the number and size of database entries. Allow a minimum of 80 MB for your database on Linux systems. Also, ensure that there is approximately another 4 MB of disk space in the home directory of the user who will own the database to create the DB2 instance.
•Other software
– The Korn shell is required.
– IBM DB2 Universal Database for Linux Version 8.1 Enterprise Server Edition with FixPak 2 (DB2) is included with the IBM Tivoli Directory Server, although DB2 Version 7.2 with FixPak 5 or later is also supported.
7.3.3 Web Administration Tool
You can install the Web Administration Tool on a computer with or without the client or the server. The Web Administration Tool can be used to administer LDAP servers of the following types:
•IBM Tivoli Directory Server 5.2
•IBM Directory Server 5.1
•IBM Directory Server 4.1
•IBM SecureWay Directory 3.2.2
•IBM OS/400 V5R3
•IBM z/OS R4
Note that for IBM z/OS R4, only the following setups are supported:
•A single TDBM backend
•A single SDBM backend
•One TDBM and SDBM backend
The Web Administration Tool is supported on the following versions of Linux:
•UnitedLinux 1.0
•SuSE Linux Enterprise Server 7 or 8
•Red Hat Advanced Server 2.1
To use the Web Administration Tool, you also need the following:
•One of the following application servers:
– The embedded version of IBM WebSphere Application Server - Express V5.0 or later. Version 5.0.2 is provided with IBM Tivoli Directory Server 5.2. (iSeries Linux, pSeries Linux, and HP-UX require version 5.0.2.) If you have version 5.0, which was provided with IBM Tivoli Directory Server, installed, see the embedded version of IBM WebSphere Application Server - Express V5.0 or later. Version 5.0.2 is provided with IBM Tivoli Directory Server 5.2. (iSeries Linux, pSeries Linux, and HP-UX require version 5.0.2.) If you have version 5.0, which was provided with IBM Directory Server, installed, see the section titled Migrating the Web Administration Tool and upgrading the embedded version of WebSphere Application Server - Express in the IBM Tivoli Directory Server Installation and Configuration Guide Version 5.2, SC32-1338.
– IBM WebSphere 5.0 or later. (iSeries Linux, pSeries Linux, and HP-UX require version 5.0.2.)
•One of the following Web browsers on the computer from which you will use the Web Administration Tool. (This might or might not be the computer where the Web Administration Tool is installed.)
– On Windows platforms
Microsoft Internet Explorer Version 6.0
– On AIX
Mozilla 1.3 or 1.4
– On xSeries Linux
Mozilla 1.3 or 1.4
– On iSeries, pSeries, zSeries Linux
No browser support available
– On Solaris 7, 8, or 9
Mozilla 1.3 or 1.4
– On HP-UX
Mozilla 1.3 or 1.4
7.4 Installing the server
Use the information in the following sections to install ITDS 5.2 on Linux using the Installshield GUI.
7.4.1 Create a user ID for ITDS
Before you install, create or be sure that you have created the user ID that will own ITDS’s DB2 database used to store the directory data. You will be asked to provide this user ID and its password during configuration, which runs automatically after installation. Keep the following items in mind when creating the user ID:
•The user must have a home directory and must be the owner of the home directory.
•You should create a group called dbsysadm (if it does not already exist). The group ownership of the user's home directory should be that group. For example, in the case of a user named ldapdb2, the user ID home directory should be owned by ldapdb2:dbsysadm.
•The user root must be a member of the user's primary group (in this case dbsysadm). If root is not a member of this group, add root as a member of the group.
•For best results, the user's login shell should be the Korn shell script (/usr/bin/ksh).
•The user's password must be set correctly and ready to use. For example, the password cannot be expired or waiting for a first-time validation of any kind. (The best way to verify that the password is correctly set is to telnet to the same computer and successfully log in with that user ID and password.)
•When configuring the database, it is not necessary, but customary, to specify the home directory of the user ID as the database location. However, if you specify some other location, the user's home directory still must have 3 to 4 MB of space available. This is because DB2 creates links and adds files into the home directory of the instance owner (that is, the user account) even though the database itself is elsewhere. If you do not have enough space in the home directory, you can either create enough space or specify another directory as the home directory.
|
Tip: All of these pre-install steps can be achieved using the following commands. It is assumed that no version of ITDS has been installed previously on the server. Run these commands as the user root:
groupadd dbsysadm
usermod -G dbysysadm root
useradd -G dbsysadm -g dbsysadm ldapdb2 -d /home/ldapdb2 -m
password ldapdb2 (Change the Password to Something Valid)
At this point verify the login ID and password work. One way to do this is to type:
ssh 127.0.0.1 -l ldapdb2
If your password is accepted and you can login, the password is valid for ITDS use.
Type exit to return back to the previous shell.
The directory /home/ldapdb2 should now have permissions that look like:
drwxr-xr-x 5 ldapdb2 dbsysadm 624 Mar 24 16:25 ldapdb2
All the user ID and group information should now be set correctly for the ITDS installation.
|
7.4.2 Installing ITDS with the Installshield GUI
To install:
1. On the computer where you are installing the IBM Tivoli Directory Server, stop any programs that are running and close all windows if you have any open.
2. If you are installing from a CD, insert the CD in your CD-ROM drive and mount the CD.
3. If you have downloaded a tape archive (tar) file, go to the directory where you extracted the tar file.
4. From the root directory on the CD or the directory where you extracted the tar file, type ./setup. A language window is displayed.
5. Select the language you want to use during IBM Tivoli Directory Server installation. Click OK.
|
Note: This is the language used in the installation program, not in IBM Tivoli Directory Server. You choose the language used in IBM Tivoli Directory Server in step 10.
|
6. On the Welcome window, click Next.
7. After reading the Software license agreement, select I accept the terms in the license agreement. Click Next.
8. Any preinstalled components and corresponding version levels are displayed. Click Next.
9. To install to the default directory, click Next. You can specify a different directory by clicking Browse.
|
Note: Do not use special characters, such as hyphen (-) and period (.) in the name of the installation directory. If you do not use the default location, use a name such as ldap or ldapdir. Do not use a name such as ldap-dir or ldap.dir.
|
10. Select the language you want to use in IBM Tivoli Directory Server 5.2. Click Next.
11. A window showing the following components for installation is displayed, as shown in Figure 7-1 on page 165:
– Client SDK 5.2
– Web Administration Tool 5.2
– Server 5.2
– IBM WebSphere Application Server - Express 5.0.2
– IBM DB2 V8.1
– IBM GSKit
The components that are not yet installed are preselected. You can choose to reinstall the server, the client, or the Web Administration Tool if they were previously installed.
|
Note: During the writing of this book, the IBM WebSphere Express Application Server did not function properly on Red Hat Enterprise Linux (RHEL) 3. Do not install it until this issue is resolved.
|
Figure 7-1 Install Component Selection screen
Figure 7-1 also indicates the amount of disk space required and available on the selected drive.
Be sure the components you want to install are selected, and click Next.
12. The installation program now has enough information to begin installing. A summary window displays the components you selected and the locations where the selected components will be installed. Click Back to change any of your selections. Click Next to begin installation.
13. After the files are installed:
– If you installed the client, the Client Readme file is displayed. Read the file and click Next.
– If you installed the server, the server Readme file is also displayed. Read the file and click Next.
– If you installed the Web Administration Tool, the Web Administration Tool Readme file is also displayed. Read the file and click Next.
The ITDS Configuration Tool is automatically executed so that you can complete the server configuration. Before you can use the server, you must set the administrator DN and password and configure the database that will store the directory data.
7.4.3 Configuring the Administrator DN and password
Each ITDS Server has a special “super-user” account associated with it that provides maximum privileges within ITDS. You will need to create this account before you can administer ITDS.
To set the administrator DN and password, refer to Figure 7-2 on page 167 and perform the following steps:
1. In the IBM Tivoli Directory Server Configuration Tool window, click Administrator DN/password in the task list on the left.
2. In the Administrator DN/password window on the right, type a valid DN (or accept the default DN, cn=root) in the Administrator DN field.
The IBM Directory Server administrator DN is the DN used by the administrator of the directory. This administrator is the one user who has full access to all data in the directory.
The default DN is cn=root. DNs are not case sensitive. If you are unfamiliar with X.500 format, or if for any other reason you do not want to define a new DN, accept the default DN.
3. Type the password for the Administrator DN in the Administrator Password field. You must define a password. Passwords are case-sensitive.
Record the password for future reference.
|
Note: Double byte character set (DBCS) characters in the password are not supported.
|
4. Retype the password in the Confirm password field.
5. Click OK.
Figure 7-2 Setting the Administrator DN and password
7.4.4 Configuring the database
Since ITDS uses IBM DB2 as the storage repository for all data, prior to adding data to your directory, you will need to configure a database instance that will be associated with ITDS.
To configure the directory database:
1. Before you configure the database that ITDS will use, create or be sure that you have previously created a valid user ID that will own the DB2 database used to store the directory data. You will be asked to provide this user ID and its password during configuration, which runs automatically after the base installation.
|
Note: Verify that the user ID you have created or assigned can successfully log into the system. Check to ensure the password does not expire on first login. Check to see if the account is enabled.
|
2. In the Configuration Tool, click Configure database in the task list on the left, as shown in Figure 7-3 on page 168.
Figure 7-3 Database configuration - Configuring the database
3. Select Configure New Database in the left panel and click Next.
4. A user ID and password is requested, as shown in Figure 7-4 on page 169:
a. Type a user ID in the User ID field. This user ID must already exist before you can configure the database. This is the user ID you created in step 1. Type a password for the user in the Password field. Passwords are case-sensitive.
b. Click Next.
Figure 7-4 Database configuration - Setting the user ID and password for the database
5. Next you will be prompted for a name for the database, as shown in Figure 7-5:
a. Type the name you want to give the DB2 database. The name can be from 1 to 8 characters long. The database will be created in an instance with the same name as the user ID.
b. Click Next.
Figure 7-5 Database configuration - Choose DB2 database name
6. If the database location is requested, as shown in Figure 7-6:
a. Type the location for the database in the Database location field.
Be sure that you have at least 80 MB of free hard disk space in the location you specify and that additional disk space is available to accommodate growth as new entries are added to the directory.
b. Click Next.
Figure 7-6 Database configuration - Choosing an install locations (Linux)
7. If a character set selection is requested, as shown in Figure 7-7 on page 171:
a. Click the type of database you want to create. You can create a UCS Transformation Format (UTF-8) database, in which LDAP clients can store UTF-8 character data, or a local code page database, which is a database in the local code page.
|
Note: IBM Tivoli Directory Server supports a wide variety of national language characters through the UTF-8 (UCS Transformation Format) character set. As specified for the LDAP Version 3 protocol, all character data that is passed between an LDAP client and a server is in UTF-8. Consequently, the directory server can be configured to store any national language characters that can be represented in UTF-8. The limitations on what types of characters can be stored and searched for are determined by how the database is created. The database character set can be specified as UTF-8 or it can be set to use the server system's local character set (based on the locale, language, and code page environment).
If you specify UTF-8, you can store any UTF-8 character data in the directory. LDAP clients running anywhere in the world (in any UTF-8 supported language) can access and search the directory. In many cases, however, the client has limited ability to properly display the results retrieved from the directory in a particular language/character set. There is also a performance advantage to using a UTF-8 database because no data conversion is required when storing data to or retrieving data from the database.
|
b. Click Next.
Figure 7-7 Database configuration - Codepage selection
8. In the verification window shown in Figure 7-8 on page 172, information is displayed about the configuration options you specified. To return to an earlier window and change information, click Back. To begin configuration, click Finish.
Figure 7-8 Configuration final confirmation
Figure 7-9 Database configuration - Results screen
7.4.5 Adding a suffix
A suffix (also known as a naming context) is a distinguished name (DN) that identifies the top entry in a locally held directory hierarchy. Because of the relative naming scheme used in LDAP, this DN is also the suffix of every other entry within that directory hierarchy. A directory server can have multiple suffixes, each identifying a locally held directory hierarchy, for example, o=ibm,c=us.
Entries to be added to the directory must have a suffix that matches the DN value, such as ou=Marketing,o=ibm,c=us. If a query contains a suffix that does not match any suffix configured for the local database, the query is referred to the LDAP server that is identified by the default referral. If no LDAP default referral is specified, an Object does not exist result is returned. The server must be stopped before you add or remove suffixes.
Add a suffix
To add a suffix refer to Figure 7-10 and perform the following steps:
1. In the Configuration Tool, click Manage suffixes in the task list on the left.
2. In the Manage suffixes window, type the suffix you want to add in the SuffixDN field, and click Add.
3. When you have added all the suffixes you want, click OK. When you click Add, the suffix is added to the list in the Current suffix DNs box; however, the suffix is not actually added to the directory until you click OK.
Figure 7-10 Adding a suffix
Removing a suffix
To remove a suffix:
1. In the Configuration Tool, click Manage suffixes in the task list on the left.
2. In the Manage suffixes window, click the suffix you want to remove in the Current suffix DNs box, and click Remove.
3. When you have selected all the suffixes you want to remove, click OK. When you click Remove, the suffix is removed from the list in the Current suffix DNs box; however, the suffix is not actually removed until you click OK.
7.4.6 Removing or reconfiguring a database
At some point you may need to remove the DB2 database instance that is associated with ITDS. The ITDS ldapxcfg tool allows you to unconfigure the database instance, unconifgure and destroy the database instance, and unconfigure, destroy, and delete the database instance.
To unconfigure the database, refer to Figure 7-11 and perform the following steps:
1. In the Configuration Tool, click Unconfigure database in the task list on the left.
2. In the Unconfigure database window, click of the following:
– Unconfigure only
Does not destroy any existing LDAP DB2 data. However, the configuration information for the database will be removed from the configuration file (ibmslapd.conf), and the database will be inaccessible to the directory server.
– Unconfigure and destroy database
Removes the existing database and its contents, and removes the configuration information for the database from the configuration file.
– Unconfigure and destroy database and delete instance
Removes the existing database and its contents, removes the configuration information for the database from the configuration file, and deletes the instance in which the database is located.
3. Click Unconfigure.
Figure 7-11 Unconfiguring the DB2 database associated with ITDS
Once you have completed these steps, you may now configure or re-configure a new database instance for use with ITDS. See “Configuring the database” on page 167 for more information.
7.4.7 Enabling and disabling the change log
The change log database is used to record changes to the schema or directory entries in the typical LDAP entry structure that can be retrieved through the LDAP API. The change log records all update operations: Add, delete, modify, and modrdn. The change log enables LDAP client applications to retrieve a set of changes that have been made to an IBM Tivoli Directory Server database. The client might then update its own replicated or cached copy of the data.
The change log function causes all updates to LDAP to be recorded in a separate change log DB2 database (that is, a different database from the one used to hold the LDAP server Directory Information Tree). The change log database can be used by other applications to query and track LDAP updates. The change log function is disabled by default.
Unlike some other directory servers on the market, the change log is not required by ITDS to set up replication. Typically, the change log is enabled so meta-directory sychronization products such as IBM Tivoli Directory Integrator (ITDI) can detect changes occurring within ITDS and then push those changes to other non-ITDS data repositories.
There are some performance considerations when you enable the change log since all changes within ITDS are now logged to a separate a database instance. You should evaluate the impact of enabling the change log during in the pre-deployment phases of your ITDS deployment.
You can use the ldapxcfg Configuration Tool to enable or disable the change log. The server must be stopped before you enable or disable the change log.
To enable the change log, refer to Figure 7-12 on page 177 and perform the following steps:
1. In the Configuration Tool, click Configure/unconfigure changelog in the task list on the left.
2. In the Configure/unconfigure changelog window, select the Enable change log database check box.
3. In the Maximum number of log entries box, click Unlimited if you want an unlimited number of entries in the change log. If you want to limit the number of entries, click Entries and type the maximum number of entries you want recorded. The default is 1,000,000 entries.
4. In the Maximum age box, accept the default of Unlimited if you want entries to remain in the change log indefinitely, or click Age and type the number of days and hours for which you want each entry to be kept.
5. Click Update.
Figure 7-12 Enabling the change log
To disable the change log:
1. In the Configuration Tool, click Configure/unconfigure changelog in the task list on the left.
2. In the Configure/unconfigure changelog window, clear the Enable change log database check box.
3. Click Update.
7.5 Starting ITDS
There are a number of other optional tasks you can perform within the Directory Configuration Tool at this point such as adding custom schema and importing data. Those tasks do not have to be completed before you initially start the server. Those topics are covered in subsequent chapters.
The easiest way to start the server is by typing ibmslapd at a Linux command prompt. The output of this command is shown in Example 7-1.
Example 7-1 Starting the Directory Server
test_sles8:# ibmslapd
Server starting.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.so.
Plugin of type EXTENDEDOP is successfully loaded from libldaprepl.so.
Plugin of type PREOPERATION is successfully loaded from libDSP.so.
Plugin of type PREOPERATION is successfully loaded from libDigest.so.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.so.
Plugin of type AUDIT is successfully loaded from /lib/libldapaudit.so.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.so.
Plugin of type DATABASE is successfully loaded from /lib/libback-rdbm.so.
Plugin of type REPLICATION is successfully loaded from /lib/libldaprepl.so.
Plugin of type EXTENDEDOP is successfully loaded from /lib/libback-rdbm.so.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type DATABASE is successfully loaded from /lib/libback-config.so.
Plugin of type EXTENDEDOP is successfully loaded from libloga.so.
Non-SSL port initialized to 389.
test_sles8:#
After you type ibmslapd at the command prompt, a number of messages will be logged to the screen. One of them should say, IBM Tivoli Directory (SSL) Version 5.2 Server started.
|
Note: There are a number of other ways to start ITDS. Please refer to Chapter 9, “IBM Tivoli Directory Server Distributed Administration” on page 193, for more information.
|
To verify ITDS is indeed running, configured properly, and responding to queries, you can type the following command at the Unix command prompt:
ldapsearch -s base -b ““ objectclass=*
The output of this command is shown in Example 7-2.
Example 7-2 Querying the root DSE
# ldapsearch -s base -b "" objectclass=*
namingcontexts=CN=SCHEMA
namingcontexts=CN=LOCALHOST
namingcontexts=CN=PWDPOLICY
namingcontexts=CN=IBMPOLICIES
namingcontexts=O=IBM,C=US
subschemasubentry=cn=schema
supportedextension=1.3.18.0.2.12.1
supportedextension=1.3.18.0.2.12.3
supportedextension=1.3.18.0.2.12.5
supportedextension=1.3.18.0.2.12.6
supportedextension=1.3.18.0.2.12.15
supportedextension=1.3.18.0.2.12.16
supportedextension=1.3.18.0.2.12.17
supportedextension=1.3.18.0.2.12.19
supportedextension=1.3.18.0.2.12.44
supportedextension=1.3.18.0.2.12.24
supportedextension=1.3.18.0.2.12.22
supportedextension=1.3.18.0.2.12.20
supportedextension=1.3.18.0.2.12.28
supportedextension=1.3.18.0.2.12.30
supportedextension=1.3.18.0.2.12.26
supportedextension=1.3.6.1.4.1.1466.20037
supportedextension=1.3.18.0.2.12.35
supportedextension=1.3.18.0.2.12.40
supportedextension=1.3.18.0.2.12.46
supportedextension=1.3.18.0.2.12.37
supportedcontrol=2.16.840.1.113730.3.4.2
supportedcontrol=1.3.18.0.2.10.5
supportedcontrol=1.2.840.113556.1.4.473
supportedcontrol=1.2.840.113556.1.4.319
supportedcontrol=1.3.6.1.4.1.42.2.27.8.5.1
supportedcontrol=1.2.840.113556.1.4.805
supportedcontrol=2.16.840.1.113730.3.4.18
supportedcontrol=1.3.18.0.2.10.15
supportedcontrol=1.3.18.0.2.10.18
security=none
port=389
supportedsaslmechanisms=CRAM-MD5
supportedsaslmechanisms=DIGEST-MD5
supportedldapversion=2
supportedldapversion=3
ibmdirectoryversion=5.2
ibm-ldapservicename=test_sles8
ibm-serverId=3d63f6c0-b48f-1027-92b9-ea0c2fc6cccd
ibm-supportedacimechanisms=1.3.18.0.2.26.3
ibm-supportedacimechanisms=1.3.18.0.2.26.4
ibm-supportedacimechanisms=1.3.18.0.2.26.2
vendorname=International Business Machines (IBM)
vendorversion=5.2
ibm-sslciphers=N/A
ibm-slapdisconfigurationmode=FALSE
ibm-slapdSizeLimit=500
ibm-slapdTimeLimit=900
ibm-slapdDerefAliases=always
ibm-supportedAuditVersion=2
ibm-sasldigestrealmname=test_sles8
If the suffix you added in “Adding a suffix” on page 173 is displayed in the output of your ldapsearch command in the format:
namingcontexts=O=IBM,C=US
(o=ibm,c=us is the suffix added in this example), then ITDS’s slapd LDAP listener is configured properly and open for business.
7.6 Quick installation of ITDS 5.2 on Intel (minimal GUI)
If you want to install ITDS quickly and with as little graphical user interface interaction as possible, follow these quick steps:
1. Confirm that the system meets all prerequisites.
2. Log in as the user root and enter the following commands:
– groupadd dbsysadm
– usermod -G dbysysadm root
– useradd -G dbsysadm -g dbsysadm ldapdb2 -d /home/ldapdb2 -m
– password ldapdb2 (Change the password to something valid.)
3. At this point verify that the login ID and password work. One way to do this is to type:
ssh 127.0.0.1 -l ldapdb2
If your password is accepted and you can login the password is valid for IDS use.
4. Type exit to return back to the previous shell.
The directory /home/ldapdb2 should now have permissions that look like:
drwxr-xr-x 5 ldapdb2 dbsysadm 624 Mar 24 16:25 ldapdb2
5. Go to the directory where the setup exists (it may be on a CD-ROM or you may have extracted the tar file into a directory). Type ./setup. Note that the installer is an X-Windows application and you will need to have a local X-Windows console or have exported your DISPLAY to another machine that has X-Windows running on it.
6. Follow the GUI installer and accept all defaults (pick your local language). For English, the clicks in the GUI you would need to make to get completely through the GUI Install are:
OK
NEXT
I ACCEPT
NEXT
ENGLISH
NEXT
NEXT
NEXT
NEXT
NEXT
NEXT
FINISH
7. The IBM Tivoli Directory Server Configuration Tool appears. We are not going to use this tool. Exit the tool by clicking:
FILE
CLOSE
YES
8. Type: cd /tmp
9. Type: ldapcfg -c -a ldapdb2 -w ldapdb3 -d testldap -l /home/ldapdb2 and then select Continue with the above Actions. Note that:
– -c sets the database instance up for UTF-8 storage.
– -a sets the useraccount that you created.
– -w sets the password we set for the user that you created.
– -d sets the name of the DB2 database you want (can be anything).
– -l sets the directory where the database is created. (Normally this is the home directory of the user that you created.)
The database should configure successfully and return a message similar to:
Configuring IBM Tivoli Directory Server Database.
Creating instance: 'ldapdb2'.
Created instance: 'ldapdb2'.
Cataloging instance node: 'ldapdb2'.
Cataloged instance node: 'ldapdb2'.
Starting database manager for instance: 'ldapdb2'.
Started database manager for instance: 'ldapdb2'.
Creating database: 'testldap'.
Created database: 'testldap'.
Updating the database: 'testldap'
Updated the database: 'testldap'
Updating the database manager: 'ldapdb2'
Updated the database manager: 'ldapdb2'
Enabling multi-page file allocation: 'testldap'
Enabled multi-page file allocation: 'testldap'
Configuring database: 'testldap'
Configured database: 'testldap'
Adding local loop back to database: 'testldap'.
Added local loop back to database: 'testldap'.
Stopping database manager for instance: 'ldapdb2'.
Stopped database manager for instance: 'ldapdb2'.
Starting database manager for instance: 'ldapdb2'.
Started database manager for instance: 'ldapdb2'.
Configured IBM Tivoli Directory Server Database.
IBM Tivoli Directory Server Configuration complete.
10. Type: ldapcfg -u"cn=root" -psecret. Note that:
– -u sets the Administrator DN.
– -p sets the Administrator Password.
11. Type: ldapcfg -s “o=ibm,c=us”. Note that -s sets the suffix you want to use.
12. At this point, configuration is complete. You can type: ibmslapd at the command line and the following message should be displayed:
Server starting.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.so.
Plugin of type EXTENDEDOP is successfully loaded from libldaprepl.so.
Plugin of type PREOPERATION is successfully loaded from libDSP.so.
Plugin of type PREOPERATION is successfully loaded from libDigest.so.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.so.
Plugin of type AUDIT is successfully loaded from /lib/libldapaudit.so.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.so.
Plugin of type DATABASE is successfully loaded from /lib/libback-rdbm.so.
Plugin of type REPLICATION is successfully loaded from /lib/libldaprepl.so.
Plugin of type EXTENDEDOP is successfully loaded from /lib/libback-rdbm.so.
Plugin of type EXTENDEDOP is successfully loaded from libevent.so.
Plugin of type DATABASE is successfully loaded from /lib/libback-config.so.
Plugin of type EXTENDEDOP is successfully loaded from libloga.so.
Non-SSL port initialized to 389.
13. Basic configuration is complete. Refer to Example 7-2 on page 178 to confirm ITDS is up and running.
7.7 Uninstalling ITDS
To uninstall ITDS, issue the following commands:
1. As the user root, kill ibmslapd if it is running.
2. Type:
su -ldapdb2
3. Type:
cd sqllib
4. Type . ./db2profile. (Note: There is a period<space> in front of ./db2profile.)
5. Type:
db2stop
6. Type:
exit
7. (Optional) If you want to remove the DB2 database associated with ITDS, type: ldapucfg -d -r -i (select Continue). If you do not remove the database, it will still be available later on if you re-install the ITDS.
8. Type: /usr/ldap/_uninst/uninstall. Note that the installer is an X-Windows application and you will need to have a local X-Windows console or have exported your DISPLAY to another machine that has X-Windows running on it. Follow all the prompts until uninstall is complete
The basic uninstallation of ITDS is complete. ITDS does leave files behind in different locations including /opt/IBM/db2, /var/ldap, /usr/ldap/, and other locations. For a more complete uninstall, see “Removing all vestiges of an ITDS 5.2 Install on Intel Linux” on page 183.
7.8 Removing all vestiges of an ITDS 5.2 Install on Intel Linux
The following commands assume you installed the product using the options outlined in “Quick installation of ITDS 5.2 on Intel (minimal GUI)” on page 180.
1. As the user root, kill ibmslapd if it is running.
2. Type: su -ldapdb2
3. Type: cd sqllib
4. Type: . ./db2profile (Note: There is a period<space> in front of the ./db2profile.)
5. Type: db2stop
6. Type: exit
7. Type: ldapucfg -d -r -i (select Continue.)
8. Type: /usr/ldap/_uninst/uninstall. Note that the installer is an X-Windows application and you will need to have a local X-Windows console or have exported your DISPLAY to another machine that has X-Windows running on it. Follow all the prompts until uninstall is complete.
9. Type: cd /tmp
10. Type: rm -rf /usr/ldap
11. Type: rm -rf /var/ldap
12. Type: rm -rf /opt/iBM/db2
|
Note: Sometimes IBM WebSphere Express does not uninstall properly. If you see an error indicating it did not uninstall properly, type (as the user root from the command line):
rpm --erase ldap-webadmind-5.2-1 --justdb
The version number may vary. Use yast2 to find out the proper package name and remove it if the version number above is incorrect.
|
13. Type: userdel -r ldapdb2
14. Type: rm -rf /usr/local/ibm/gsk7
15. Type: rm -rf /home/ldapdb2
16. Type: groupdel dbsysadm
At this point, the server should look exactly the way it did before you ever attempted the ITDS install.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.