In this article we will guide you through the steps on how to install LDAP 389 Directory Server (389 DS) on a CentOS 6 VPS.
What is 389 DS?
It is an enterprise-class Open Source LDAP server for GNU/Linux. It is hardened by real-world use, is full-featured, supports multi-master replication, and already handles many of the largest LDAP deployments in the world. The 389 Directory Server can be downloaded for free, and set up in less than an hour using the graphical administration console.
Some of the Key Features of 389 DS are:
- High performance
- Multi-Master Replication, to provide fault tolerance and high write performance
- The codebase has been developed and deployed continuously by the same team for more than a decade
- Extensive documentation
- Active Directory user and group synchronization
- Secure authentication and transport (SSLv3, TLSv1, and SASL)
- Support for LDAPv3
- On-line, zero downtime, LDAP-based update of schema, configuration, management and in-tree Access Control Information (ACIs)
- Graphical console for all facets of user, group, and server management
- and many more…
System Requirements?
- A CentOS Linux VPS Hosting
- root access
UPDATE SYSTEM
Before proceeding any further, ssh to your CentOS Linux VPS, initiate a screen session and upgrade your system using yum:
## screen -U -S 389-ds ## yum update
ENABLE EPEL
You need to enable the EPEL (Extra Packages for Enterprise Linux) repository on your CentOS VPS before you install the 389 Directory Server. To do it, run the following rpm command as root:
## rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
if you encounter a 404 error message, go to http://dl.fedoraproject.org/pub/epel/6/x86_64/ and install the latest epel-release-6-X.noarch.rpm
ADD SYSTEM USER
Next, add an unprivileged system user on your CentOS Linux Server which will be used for 389 DS. You can achieve this by using the useradd tool as in:
## useradd ldapadmin
setup password for the newly created user using passwd:
## passwd ldapadmin
INSTALL LDAP 389
The LDAP 389 Directory Server can be installed on your CentOS VPS using yum. To install it, execute the following command:
## yum install 389-ds openldap-clients
if you’re prompted with something like this:
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 Importing GPG key 0x0608B895: Userid : EPEL (6) <epel@fedoraproject.org> Package: epel-release-6-8.noarch (installed) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 Is this ok [y/N]: y
then simply accept the signing key by typing ‘y’ and hit ‘ENTER’
CONFIGURE LDAP 389
Once the 389 DS is finished, let’s configure the directory server using the provided setup-ds-admin.pl perl script. Make sure you change the relevant information to suit your needs. Here are some tips for the installer:
- type Ctrl+B and hit 'ENTER' to go back to the previous screen - type Ctrl+C to cancel the setup
Ok, now execute the following command to initiate the setup:
## setup-ds-admin.pl
and answer the questions prompted, for example:
Would you like to continue with set up? [yes]: yes Would you like to continue? [no]: yes Choose a setup type [2]: 2 Computer name [host.yourdomain.com]: host.yourdomain.com System User [nobody]: ldapadmin System Group [nobody]: ldapadmin Do you want to register this software with an existing configuration directory server? [no]: no administrator ID [admin]: admin Administration Domain [yourdomain.com]: ldap.yourdomain.com Directory server network port [389]: 389 Directory server identifier [host]: host Suffix [dc=yourdomain, dc=com]: dc=yourdomain, dc=com Directory Manager DN [cn=Directory Manager]: PRESS ENTER Administration port [9830]: PRESS ENTER Are you ready to set up your servers? [yes]: yes
ADD 389 DS TO SYSTEM STARTUP
With your 389 DS being setup and configured, add it to your system startup so it starts automatically every time the Linux VPS is rebooted:
## chkconfig dirsrv on ## chkconfig dirsrv-admin on
next, check if services are up and listening using the following netstat command:
## netstat -tunlp | grep -E '9830|389' tcp 0 0 0.0.0.0:9830 0.0.0.0:* LISTEN 1231/httpd.worker tcp 0 0 :::389 :::* LISTEN 1110/./ns-slapd
SETUP FIREWALL PORTS FOR LDAP
Next step is to allow access to your LDAP ports in your server’s firewall. You can achieve this by using the following iptables commands:
## iptables -A INPUT -p tcp --dport 389 -m state --state NEW -j ACCEPT ## iptables -A INPUT -p tcp --dport 9830 -m state --state NEW -j ACCEPT ## service iptables save
TEST THE SETUP
You can test the setup by performing the following LDAP query using the ldapsearch command:
## ldapsearch -x -b "dc=yourdomain,dc=com"
if you get something like this:
... # search result search: 2 result: 0 Success
then everything looks good. your directory server is installed and operating.
389 DS ADMINISTRATION CONSOLE
You need to use the appropriate 389 DS Administration Console depending on the client OS you’re using. If you’re using some GNU/Linux based distribution, then you can simply run the 389-console program to access the GUI console. If you’re using a Windows based machine, then you need to download the administration console from http://directory.fedoraproject.org/docs/389ds/download.html
Of course you don’t have to do any of this if you use one of our Fully Managed Hosting Services, in which case you can simply ask our expert Linux admins to install LDAP 389 DS for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.