“UbuntuHelp:FedoraDirectoryServer”的版本间的差异

2007年11月22日 (四) 12:33的版本

文章出处:

https://help.ubuntu.com/community/FedoraDirectoryServer

点击翻译:

English

请不要直接编辑翻译本页，本页将定期与来源同步。

Overview

Directory Server provides the following key features:

• Multi-master replication - Provides a highly available directory service for both read and write operations. Multi-master replication can be combined with simple and cascading replication scenarios to provide a highly flexible and scalable replication environment.

• Chaining and referrals - Increases the power of your directory by storing a complete logical view of your directory on a single server, while maintaining data on a large number of Directory Servers transparently for clients.

• Roles and Class of Service - Provides a flexible mechanism for grouping and sharing attributes between entries in a dynamic fashion.

• Improved access control mechanism - Provides support for macros that dramatically reduce the number of access control statements used in the directory and increase the scalability of access control evaluation.

• Resource-limits by bind DN - Gives you the power to control the amount of server resources allocated to search operations based on the bind DN of the client.

• Multiple databases - Provides a simple way of breaking down your directory data to simplify the implementation of replication and chaining in your directory service.

• Password Policy and Account Lockout - Allows you to define a set of rules that govern how passwords and user accounts are managed in the Directory Server.

• SSL - Provides secure communications over the network, including ciphers with up to 168-bit encryption.

The major components of Directory Server include:

• An LDAP server - The core of the directory service, provided by the ns-slapd daemon and compliant with the LDAP v3 Internet standards.

• Directory Server Console - An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. The directory console is part of Red Hat Console, the common management framework for LDAP directory services.

• SNMP Agent - Permits you to monitor your Directory Server in real time using the Simple Network Management Protocol (SNMP).

• Online backup and restore - Allows you to create backups and restore from backups while the server is running.

Further Details

For further details visit:

https://www.redhat.com/docs/manuals/dir-server/ag/7.1/adminTOC.html

http://directory.fedora.redhat.com/wiki/Main_Page

Preparing Ubuntu

This howto assumes that you have a working installation of Ubuntu. I have added neccessay steps to prepare Ubuntu before you install Fedora Directory Server. This document describes howto install the Fedora Directory Server (FDS) on Ubuntu 5.10 (Breezy Badger).

Installation

Download Fedora Directory Server Pre-built rpm

Ubuntu 5.10 comes with libc6 version 2.3.5 and you need to download the version suitable for Fedora Core 3 and RHEL4. I assume here that you are using your home directory. It is your choice , select your own directory for downloading and use the path accordingly when you proceed with the installation

To download the prebuilt Fedora-ds rpm , you can type in a terminal:

wget -c http://directory.fedora.redhat.com/download/fedora-ds-1.0.1-1.RHEL4.i386.opt.rpm

or else you can use following url for downloading.

http://directory.fedora.redhat.com/wiki/Download

Installing Alien Package

Since we are going to use pre-built rpm to install Fedora Directory Server we need to convert rpm to .deb format before we intall Fedora-ds in Ubuntu. Alien is a tool which we can used to convert .rpm into .deb format. To install alien type in a terminal

sudo apt-get install alien

Convert .rpm Package to .deb Package

Now it is the time to convert downloaded Fedora-ds rpm. to .deb package in your home directory. Type the folowing in a terminal.

sudo alien fedora-ds-1.0.1-1.RHEL4.i386.opt.rpm

Install Dependencies

The Fedora Directory Server needs 'libtermcap.so.2', so let's install it. Type in a terminal.

sudo apt-get install termcap-compat

User Note - with Feisty (at least) on AMD64 I was unable to find a .deb anywhere with a usable libtermcap.so.2. What I did is to repeat using alien on an RPM which I found via Google search "termcap rpm". Not the ideal but it did work.

Installing Java Run Time Enviorenment

User Note - In Feisty Java is available "apt-get install sun-java6-bin" - you can skip the rest of this section. :)

Fedora-ds console rquires Java Runtime Enviorenment (JRE). Either the Sun or the IBM JRE version 1.4.2 or later is required. In order to install the RPM, the IBM JRE is required before you install Fedora-ds.

The IBM JRE is available from http://www-128.ibm.com/developerworks/java/jdk/linux140/download.html

The Sun JRE is available from http://java.sun.com/j2se/1.4.2/download.html

I know it's annoying to have to do all the click throughs, licenses, registration, etc.

You should download j2re-1_4_2_10-linux-i586.bin if you are downloading from SUN. I assume that you are downloding this package to your home directory. After having finished downloading execute the following commands in a terminal.

chmod +x j2re-1_4_2_10-linux-i586.bin

./j2re-1_4_2_10-linux-i586.bin

The above command will create a direcory called "j2re1.4.2_10" in your current directory. Move this directory to "/usr/local". This step is optional and this is the way which I like to do. You have the liberty to use your own locations. Execute the following commands in a terminal.

sudo mv j2re1.4.2_10 /usr/local

Next I will rename the above directory to java. This step is optional and this is the way which I like to do,

sudo mv  /usr/local/j2re1.4.2_10 /usr/local/java

Setting JAVA_HOME enviorenment variable

When intall fedora-ds it will look for JAVA_HOME enviorenment variable and best place to set this is "/etc/profile". Use vi editor to open the file and set the following two lines.

sudo vi /etc/profile

Following code segment reflects the changes in "/etc/profile".

...
JAVA_HOME=/usr/local/java
export PATH JAVA_HOME
...

Now we need to make this user einvironment modification take effect. Use dot(.) command to achieve this. You do not need logoff and login again or reboot your system. Execute in your terminal.

* /etc/profile

Test your changes:

echo $JAVA_HOME

Output should be:

/usr/local/java

Installing Apache2

The Fedoroa-ds admin-server of depends on Apache2 compiled conform the worker model, so let's install it.

sudo apt-get install apache2-mpm-worker

In Fedora/RedHat Apache daemon is known ad "httpd" while Ubuntu is known as "apache2". Then we need to create sysmbolic links so that we can satisfy the Fedora-ds "setup" utility. Type in a terminal.

sudo ln -s /usr/sbin/apache2 /usr/sbin/httpd

Installing .deb package

I assume that you have built this package in your home directory. Execute in a terminal.

sudo dpkg -i fedora-ds_1.0.1-2_i386.deb

Creating a user and group for the daemon

Let's create a user and a group for the fedora-ds daemon.

sudo groupadd fds
sudo useradd -s /bin/false -g fds fds

Runing Fedora-ds Setup Program

So far we have setup everything we need to run Fedora-ds setup program. Since setup utility will not find apache2 modules in Ubuntu that it required to operate. We will need to help it by creating an install.inf file by running the setup utility with the '-k' option". Type in a terminal.

sudo /opt/fedora-ds/setup/setup -k

• Choose option '1' for as minimal questions as possible.
• Choose 'fds' when asked which user and group apply. After finalizing the setup wizard, the directory server itself will be started as user 'fds'.
• It listens on the port you just configured , I chose port '389', the default LDAP-port.

When done, copy the install.inf file to /opt

sudo cp /opt/fedora-ds/setup/install.inf /opt
sudo chmod 640 /opt/install.inf

Now we have to edit the [admin] section of the install.inf using

sudo vi /opt/install.inf

and add "ApacheRoot= /usr/lib/apache2" as in the following example.

The following code segment reflects your changes in "/opt/install.inf" file

 
...
[admin]
SysUser=   root
Port= 16000  
ServerIpAddress=
ServerAdminID=   admin
ServerAdminPwd=   dsadmin
ApacheDir=   /usr/sbin
ApacheRoot=   /usr/lib/apache2

After having finished above execute the following command to re-run the setup program using.

sudo /opt/fedora-ds/setup/setup -s -f /opt/install.inf

Adjusting the admin-server's httpd.conf file

Fedora-ds admin-server has its own httpd.conf file. Since some modules do not have to be loaded as they are compiled in statically we need to dissable them modules. Edit the file using vi and comment out the modules to dissable them.

sudo vi /opt/fedora-ds/admin-serv/config/httpd.conf

After editing "httpd.conf" file, the following code segment reflects your changes.

 

...
#LoadModule access_module /usr/lib/apache2/modules/mod_access.so
#LoadModule auth_module /usr/lib/apache2/modules/mod_auth.so
#LoadModule log_config_module /usr/lib/apache2/modules/mod_log_config.so
#LoadModule env_module /usr/lib/apache2/modules/mod_env.so
...
#LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
#LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
...
#LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
#LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
...
#LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so
...

Starting the admin-server

Lets start the admin-sever

sudo /opt/fedora-ds/start-admin

If it starts, Good. Cheers from Chinthaka.

Making FDS persistant Across System Reboots

Since Fedora-ds has no init script to start at boot time you need to do the following trick in Ubuntu. Use RcLocalHowto learn howto create the file "/etc/init.d/local" and add the following two line to this file:

/opt/fedora-ds/slapd-fossedu/start-slapd
/opt/fedora-ds/start-admin

Adding users for centralized authentication

I will now tell you how you should create new users for centralized authentication with Fedora-ds. You need to create Linux user account (Posix) account first. By default user's home directories are created /home directory in Linux systems and I am going to take a different approach here. Later we need to mount users home directories automatically when they login from a workstation in our LAN. If we automount directory server's home directory in to the workstation's home directory then the local users of the workstattion won't be able to access their home directories. We need to avoid this practical issue and I suggest you to create a different home for our roaming users.

Look at my test scenario:

Create a new home

sudo mkdir /ahome

To create user:

sudo useradd -m -d /ahome/fmaster -s /bin/bash -c "Foss Master" fmaster

Then the rest you can do

Using Fedora-ds Managent console

I assume the follwing example configuration here.

• Hostname:- dsmaster.fossedu.org
• Console port:-16000

Execute the following command to start the console. Please use your settings accordingly and enter the admin password given by you at the time of running setup program. Execute the following commands in a terminal.

cd /opt/fedora-ds
./startconsole -u admin -a http://dsmaster.fossedu.org:16000 &

Once you have logged in, you should see the Fedora-ds MMC main screen as like this.

Creating a New User

Use can create users using the following screens and the second screen shot shows how you can map with the Fedors-ds user with an existing Linux account.

Screen to create a new user:

Screen to map Fedora-ds user with a Linux acount:

Setting Workstations with Fedora-ds

I have created a seperate howto for client setup.

Please view: FedoraDirectoryServerClientHowto

Howto created by: ChinthakaDeshapriya.