The 389 Directory Server is an open-source enterprise-class LDAP server for Linux that can be deployed in less than an hour. This guide will help you to set up a 389 Directory Server on CentOS/RHEL 8.
Prerequisites
You will need one (physical or virtual) machine installed with CentOS/RHEL 8 having root user privileges.
Configure SELinux
Login to your server with root user and make the following required changes to prepare your server for 389-ds installation.
First, edit
/etc/selinux/config and change
SELINUX=enforcing to
SELINUX=disabled:
sudo vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Save and close the editor.
Reboot your server to apply these changes.
Add EPEL Repository
You can add epel repository to your CentOS/RHEL 8 server using the following command:
Type below if you are on CentOS 8:
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf config-manager --set-enabled PowerTools
Type below if you are on RHEL 8:
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
ARCH=$( /bin/arch )
subscription-manager repos --enable "codeready-builder-for-rhel-8-${ARCH}-rpms"
Install 389 Directory Server
There are two 389-ds streams available: stable and testing. Testing is a bleeding-edge development version. As its name implies, it is NOT supposed to be used in production. After a period of testing and bug fixing it becomes the next stable version.
Each stream has 3 profiles:
default - 389-ds-base and cockpit web ui
minimal - just 389-ds-base
legacy - same as default plus legacy Perl tools and scripts
Type below command to install 389-ds on your CentOS/RHEL 8:
dnf -y module install 389-directory-server:stable/default
Configure 389 Directory Server
dscreate interactive
You will see the following prompts:
Install Directory Server (interactive mode)
===========================================
selinux is disabled, will not relabel ports or files.
Selinux support will be disabled, continue? [yes]:
Enter system's hostname [ldapsvr.techsupport.pk]:
Enter the instance name [ldapsvr]:
Enter port number [389]:
Create self-signed certificate database [yes]:
Enter secure port number [636]:
Enter Directory Manager DN [cn=Directory Manager]:
Enter the Directory Manager password:
Confirm the Directory Manager Password:
Enter the database suffix (or enter "none" to skip) [dc=ldapsvr,dc=techsupport,dc=pk]:
Create sample entries in the suffix [no]: yes
Do you want to start the instance after the installation? [yes]:
Are you ready to install? [no]: yes
Starting installation...
Completed installation for ldapsvr
Next, check the ldap instance name with below command:
dsctl --list
You will see the output similar to the following:
slapd-ldapsvr
Confirm that slapd-ldapsvr instance is running with below command:
dsctl slapd-ldapsvr status
You will see the output similar to the following:
Instance "ldapsvr" is running
Next, start cockpit service with below command:
systemctl start cockpit
systemctl enable cockpit
Add Firewall Rules
firewall-cmd --permanent --add-port=389/tcp
firewall-cmd --permanent --add-port=636/tcp
firewall-cmd --permanent --add-port=9090/tcp
firewall-cmd --reload
Open up your preferred web browser and access the cockpit web interface by navigating to
http://your_server_ip:9090.
Enter the user
root and password you created for root to log in.
From here you can manage your 389 Directory Server.
Wrapping up
Congratulation, your 389 Directory Server is now ready to serve the purpose.
