LDAP Series Part II - Netscape Directory Server
Two years ago today, Red Hat CEO Matthew Szulik confirmed the purhase of two prized enterprise products from AOL - Netscape Directory Server and Netscape Certificate Management System. He also noted than Red Hat intended to open source the products within 12 months.
Red Hat paid $25 million for the assets. You could say that was pretty good considering that in 1998, AOL paid more than $4 billion for Netscape. Matthew's purchase represented the last divestiture of Netscape's assets by AOL.
If you wander on over to the Fedora Directory Server (FDS) site you can take a look at an enhanced version of the Netscape Directory Server. This isn't your older brother's directory server. Aside from open sourcing the Netscape server, you'll find an abundance of documentation to help you learn and operate a stellar product.
In the case you have little familiarity with FDS, it has features you will not find in other open source LDAP servers. These include:
These features take Linux to another level. In fact, you don't see products like this in the open source world. FDS leads one to consider how far we have to go to bring the rest of the community along. OK, I should get back on topic.
What do the feaures bulleted above mean? Lets look breifly at each.
Large deployments typically use multi-master replication. Up to four master servers can synchronize with one another, for fault-tolerance and speed. In the event you don't have the need for this feature you can use master and slave deployments.
FDS supports hot backups which you can perform while the directory server runs and accepts updates. The FDS stores its active database files under a subdirectory named db, and the hot backup process makes a transactionally consistent copy of all the files.
FDS performs Sync and provides facilities for Microsoft's Active Directory PassSync.msi utility. You can ad and manage users with this function. If you have little or no experience with these functions, consider reviewing Fedora Directory Server's Windows Howto Sync. At the time of this writing the documentation exists at http://directory.fedora.redhat.com/wiki/Howto:WindowsSync
The graphical interface helps LDAP newbies see an LDAP server in action. While the hard core LDAP crowd might not like the graphical interface, it does wonders to spread the news. If you love the command line, the GUI doesn't get in the way at all.
The problem I had with FDS dealt with getting it installed and working. I found lots of documentation and most of it conflicted. I used to call it a kludge/kluge. But once I finally succeeded it getting FDS running, I liked it in spite of its kludginess.
Now, let's setup FDS. Here's the steps without a lot of explanation:
First, setup up Fedora Core 5 with X and Gnome. Use a simple setup.
Install Sun's Java Runtime Environment in the /opt directory. Use the Linux self extracting file rather than the RPM.
Use the shell and remove /etc/alternatives/@java.
# rm /etc/alternatives/java
This removes the symbolic link but the file or directory to which it refers will not be deleted.
Now add a symbolic link from /opt/jre/java to /etc/alternatives
Edit /etc/selinux/config and set the SELINUX parameter to permissive:
Changing SELINUX can require a system reboot. (Sorry.)
You will need to install httpd and if not installed xorg-x11-deprecated-libs. You can use:
#yum install httpd and xorg-x11-deprecated-libs
Make sure usr/sbin/httpd.worker exists. It comes with Apache2.
Create an unprivileged user and group called ldap and use both when asked during installation.
# useradd ldap
# passwd ldap
Download the Fedora-DS rpm (and PassSync and/or NTDS for Windows authentication) from the FDS download site.
Run as root:
#rpm -ivh fedora-ds-1.0.2-1.PLATFORM.ARCH.opt.rpm
Make sure you choose the correct download for your Fedora platform and version.
Then run the following commands.
The Fedora web site suggests:
You can use the -k argument to setup to save the .inf file for use with subsequent silent installs. This will create a file called /opt/fedora-ds/setup/install.inf. You can edit this file and use it to perform a silent install using
If you are evaluating Fedora Directory Server, use a suffix of dc=example,dc=com during setup. This will allow you to load the example database files which demonstrate the basic functions of the server as well as more advanced features such as Roles, Virtual Views, and i18n handling.
During setup, you will see a prompt that looks like this:
Please select the install mode:
1 - Express - minimal questions
2 - Typical - some customization (default)
3 - Custom - lots of customization
Please select 1, 2, or 3 (default: 2)
Use the default and make sure you enter ldap for the user and group when prompted.
Server user ID to use (default: nobody) ldap
Server group ID to use (default: nobody) ldap
You will see a recommendation to start the Fedora-DS console that looks something like this:
# cd /opt/fedora-ds
./startconsole -u DSAdmin -a http://host1.example.com:21704/ [note: the number 21704 will differ for each install].
You can also start the console with these commands (cd into the directory that corresponds to mine -slapd-host2).
# cd /opt/fedora-ds
# cd slapd-host2
# cd ..
If these instructions work, then you will see the Fedora Login Console. A screen shot of the console exists at the FDS Documentation site. It's the first one on the page.
Once you log in, you should see the main Fedora Console, which is the second screen shot on the page. As far as the installation, you got there. OK?
Well, maybe OK and maybe not. Because at this point, you're probably wondering what you do next. Here's my suggestion: Either dig into the doumentation at the FDS wiki or wait until I make the next entry in this series - which should occur real soon.
Now, for the conlusion of Part II: This is the beginning not the end. Remember, the longest journey begins with but a single step.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
|Security Hardening with Ansible||Aug 18, 2014|
|Monitoring Android Traffic with Wireshark||Aug 14, 2014|
|IndieBox: for Gamers Who Miss Boxes!||Aug 13, 2014|
|Non-Linux FOSS: a Virtualized Cisco Infrastructure?||Aug 11, 2014|
|Linux Security Threats on the Rise||Aug 08, 2014|
|Android Candy: Oyster—Netflix for Books!||Aug 07, 2014|
- Security Hardening with Ansible
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Monitoring Android Traffic with Wireshark
- Tech Tip: Really Simple HTTP Server with Python
- IndieBox: for Gamers Who Miss Boxes!
- RSS Feeds
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- Linux Security Threats on the Rise
- Putlocker!! Watch Begin Again Online 2014 Streaming Full Movie
- Linux Systems Administrator