How to install LDAP 389 Directory Server on a CentOS 6 VPS

how-to-install-ldap-389-directory-server-on-a-centos-6-vps In this article we will guide you through the steps on how to install LDAP 389 Directory Server (389 DS) on a CentOS 6 VPS.

What is 389 DS?

It is an enterprise-class Open Source LDAP server for GNU/Linux. It is hardened by real-world use, is full-featured, supports multi-master replication, and already handles many of the largest LDAP deployments in the world. The 389 Directory Server can be downloaded for free, and set up in less than an hour using the graphical administration console.

Some of the Key Features of 389 DS are:

  • High performance
  • Multi-Master Replication, to provide fault tolerance and high write performance
  • The codebase has been developed and deployed continuously by the same team for more than a decade
  • Extensive documentation
  • Active Directory user and group synchronization
  • Secure authentication and transport (SSLv3, TLSv1, and SASL)
  • Support for LDAPv3
  • On-line, zero downtime, LDAP-based update of schema, configuration, management and in-tree Access Control Information (ACIs)
  • Graphical console for all facets of user, group, and server management
  • and many more

System Requirements?

 

 

UPDATE SYSTEM

Before proceeding any further, ssh to your CentOS Linux VPS, initiate a screen session and upgrade your system using yum:

## screen -U -S 389-ds
## yum update

 

ENABLE EPEL

You need to enable the EPEL (Extra Packages for Enterprise Linux) repository on your CentOS VPS before you install the 389 Directory Server. To do it, run the following rpm command as root:

## rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

if you encounter a 404 error message, go to http://dl.fedoraproject.org/pub/epel/6/x86_64/ and install the latest epel-release-6-X.noarch.rpm

 

ADD SYSTEM USER

Next, add an unprivileged system user on your CentOS Linux Server which will be used for 389 DS. You can achieve this by using the useradd tool as in:

## useradd ldapadmin

setup password for the newly created user using passwd:

## passwd ldapadmin

 

INSTALL LDAP 389

The LDAP 389 Directory Server can be installed on your CentOS VPS using yum. To install it, execute the following command:

## yum install 389-ds openldap-clients

if you’re prompted with something like this:

warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Importing GPG key 0x0608B895:
 Userid : EPEL (6) <epel@fedoraproject.org>
 Package: epel-release-6-8.noarch (installed)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Is this ok [y/N]: y

then simply accept the signing key by typing ‘y’ and hit ‘ENTER’

 

CONFIGURE LDAP 389

Once the 389 DS is finished, let’s configure the directory server using the provided setup-ds-admin.pl perl script. Make sure you change the relevant information to suit your needs. Here are some tips for the installer:

- type Ctrl+B and hit 'ENTER' to go back to the previous screen
- type Ctrl+C to cancel the setup

Ok, now execute the following command to initiate the setup:

## setup-ds-admin.pl

and answer the questions prompted, for example:

Would you like to continue with set up? [yes]: yes
Would you like to continue? [no]: yes
Choose a setup type [2]: 2
Computer name [host.yourdomain.com]: host.yourdomain.com
System User [nobody]: ldapadmin
System Group [nobody]: ldapadmin
Do you want to register this software with an existing
configuration directory server? [no]: no
administrator ID [admin]: admin
Administration Domain [yourdomain.com]: ldap.yourdomain.com
Directory server network port [389]: 389
Directory server identifier [host]: host
Suffix [dc=yourdomain, dc=com]: dc=yourdomain, dc=com
Directory Manager DN [cn=Directory Manager]: PRESS ENTER
Administration port [9830]: PRESS ENTER
Are you ready to set up your servers? [yes]: yes

 

ADD 389 DS TO SYSTEM STARTUP

With your 389 DS being setup and configured, add it to your system startup so it starts automatically every time the Linux VPS is rebooted:

## chkconfig dirsrv on
## chkconfig dirsrv-admin on

next, check if services are up and listening using the following netstat command:

Need a fast and easy fix?
✔ Unlimited Managed Support
✔ Supports Your Software
✔ 2 CPU Cores
✔ 2 GB RAM
✔ 50 GB PCIe4 NVMe Disk
✔ 1854 GeekBench Score
✔ Unmetered Data Transfer
NVME 2 VPS

Now just $43 .99
/mo

GET YOUR VPS
## netstat -tunlp | grep -E '9830|389'

tcp 0  0 0.0.0.0:9830  0.0.0.0:*  LISTEN 1231/httpd.worker
tcp 0  0 :::389        :::*       LISTEN 1110/./ns-slapd

 

SETUP FIREWALL PORTS FOR LDAP

Next step is to allow access to your LDAP ports in your server’s firewall. You can achieve this by using the following iptables commands:

## iptables -A INPUT -p tcp --dport 389  -m state --state NEW -j ACCEPT
## iptables -A INPUT -p tcp --dport 9830  -m state --state NEW -j ACCEPT
## service iptables save

 

TEST THE SETUP

You can test the setup by performing the following LDAP query using the ldapsearch command:

## ldapsearch -x -b "dc=yourdomain,dc=com"

if you get something like this:

...
# search result
search: 2
result: 0 Success

then everything looks good. your directory server is installed and operating.

 

389 DS ADMINISTRATION CONSOLE

You need to use the appropriate 389 DS Administration Console depending on the client OS you’re using. If you’re using some GNU/Linux based distribution, then you can simply run the 389-console program to access the GUI console. If you’re using a Windows based machine, then you need to download the administration console from http://directory.fedoraproject.org/docs/389ds/download.html


Of course you don’t have to do any of this if you use one of our Fully Managed Hosting Services, in which case you can simply ask our expert Linux admins to install LDAP 389 DS for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Leave a Comment