MANUALDEINSTALACIONDEL DIRECTORYSERVERENFEDORA9.

JonathanAndrsLoaizaGarca RogerEstebanOlarteSabala CindyYurleyMuozCastao CristinaPiedrahitaCrdenas DaniloGutirrezPuerta

ADMINISTRACIONDEREDES MEDELLIN SENA 2008

INTRODUCCION

Fedora Directory Server es un servicio de directorio que implementa diversos protocolos como: DNS, LDAP, Kerberos, y DHCP. Esta implementacin permite tener una administracin de objetos (usuarios, gruposdeusuarios,etc)yrecursosdeunamaneracentralizadaysegura. Ademsesteservicioproveeunconjuntodeaplicacionesquesonmuy tilesalahoradedefinirunaadministracindeseguridad,comoeste servicioguardainformacinacercadetodoslosrecursosyobjetosdela redpermitiendoaslalocalizacinfcildecadaunodeellos. Este manual se realizo con el fin de brindar informacin acerca de la instalacindeunserviciodedirectoriocomoesFedoraDirectoryServer.

INSTALACIONDELDIRECTORYSERVERENFEDORA9.

1. Antes de iniciar la configuracin del Directory Server en Fedora, debemostenerencuentalosiguiente: DebemosestarsegurosdeutilizarelservicioDNSapropiadopara quenospuedaresolverfcilmentenuestronombredeequipopara lainstalacin,yaseaenlamismamaquinadondeseubicarael serviciodedirectoriooenunadiferente. Abrirunaconsola(mododeconfiguracinporcomandos).

Nos logueamos como root (#) y creamos un usuario llamado adminparalaadministraciondelDirectoryServer. #adduseradmin 2. Ahora bajamos ds1.0.41.fc6.i386.opt.rpm el paquete llamado: fedora

ElcualloencontramosenlasiguientepginadeInternet:rpm.pbone.net. Porlogenerallasdescargasnosquedanenlasiguienteruta: /home/usuario/Descargas/home/usuario/Escritorio Listamosparaversiseencuentraelpaquete: #ls Ahoraloinstalamos,as: #rpmivhfedorads1.0.41.FC6.i386.opt.rpm Enter. Nota: Si estamos trabajando sobre Fedora 9 debemos tener preinstaladas las siguientes libreras para el buen funcionamiento del DirectoryServer:

termcap5.51.20060701.1.noarch libtermcap2.0.847.i386

3.Nosdeberaparecerlosiguiente: #rpmivhfedorads1.0.41.FC6.i386.opt.rpm

Preparando... ###########################################[100%] 1:fedorads ###########################################[100%] Installfinished. Pleaserun/opt/fedorads/setup/setuptocomplete installationandsetuptheservers. Debemosejecutarelscriptquenosapareci anteriormente/opt/fedora ds/setup/setup),as: #/opt/fedorads/setup/setup

5.Nosdeberaparecerlosiguiente: INFOBeginSetup...

LICENSEAGREEMENTANDLIMITEDPRODUCTWARRANTY FEDORA(TM)DIRECTORYSERVER ThisagreementgovernstheuseofFedoraDirectoryServer, AdministrationServerandManagementConsole(collectively,the "SOFTWARE")andanyupdatestotheSoftware,regardlessofthe deliverymechanism. 1.FEDORADIRECTORYSERVER 1.1LICENSEGRANT.FedoraDirectoryServer("FDS")isamodular applicationconsistingofhundredsofsoftwarecomponentsandisa collectiveworkunderU.S.CopyrightLaw.Subjecttothefollowing terms,RedHat,Inc.("REDHAT")grantstotheuser("LICENSEE")a licensetothiscollectiveworkpursuanttotheGNUGeneralPublic

License.PleasenotethatAdministrationServerandManagement Console, which are binaryonly code used to configure and administer FDS,aresubjecttothelicensetermsinSection2.Theenduser licenseagreementforeachcomponentofFDSislocatedinthe component'ssourcecode.Thelicensetermsforthecomponents permitLICENSEEtocopy,modify,andredistributethecomponent, in bothsourcecodeandbinarycodeforms.Thisagreementdoesnot limit LICENSEE's rights under, or grant LICENSEE rights that supersede, the licensetermsofanyparticularcomponent. 1.2LICENSEEXCEPTION. Inaddition,asaspecialexception,Red Hat gives LICENSEE the additional right to link the code of FDS with code not covered under the GNU General Public License ("NONGPL CODE")and todistributelinkedcombinationsincludingthetwo,subjecttothe limitationsinthisparagraph.NonGPLCodepermittedunderthis exception must only link to the code of FDS through those well defined interfaces identified in that file named EXCEPTION in the source code filesforFDS(the"APPROVEDINTERFACES").ThefilesofNonGPL Code mayinstantiatetemplatesorusemacrosorinlinefunctionsfromthe Approved Interfaces without causing the resulting work to be covered by the GNU General Public License. Only Red Hat may make changesor additionstothelistofApprovedInterfaces.LICENSEEmustcomply withtheGNUGeneralPublicLicenseinallrespectsforalloftheFDS codeandothercodeusedinconjunctionwithFDSexcepttheNon GPL Code covered by this exception. If LICENSEE modifies FDS, LICENSEEmay extendthisexceptiontoitsversionofFDS,butLICENSEEisnot obligatedtodoso.IfLICENSEEdoesnotwishtoprovidethis exception without modification, LICENSEE must delete this exception statementfromLICENSEE'sversionofFDSandlicenseFDSsolely under

theGPLwithoutexception. 1.3 INTELLECTUAL PROPERTY RIGHTS. FDS and each of its components, including the source code, documentation, appearance, structure and organization are owned by Red Hat and others and are protected under copyrightandotherlaws.TitletoFDSandanycomponent,ortoany copy,modification,ormergedportionshallremainwiththe aforementioned,subjecttotheapplicablelicense. 2.ADMINISTRATIONSERVER,ANDMANAGEMENTCONSOLE 2.1LICENSEGRANT.SubjecttotheprovisionsofthisSection2.1, Red HatherebygrantsLICENSEEanonexclusive,nontransferable, worldwide,perpetual,fullypaidright(withouttherightto sublicense)touse,reproduceanddistributeAdministrationServer ("ADMIN SERVER"), and Management Console ("CONSOLE") in executable, machinereadable form. LICENSEE must reproduce all copyright and other proprietary notices on such copies. LICENSEE may only reproduce anddistributeAdminServerorConsoletoanotherpartyiftheother partyagreesinwritingtobeobligatedbythetermsandconditions of thisSection2.1.ExceptasprovidedinthisSection2.1,LICENSEE maynotmodify,copy,transferorotherwiseuseAdminServer,or Console,andalllicensesgrantedinthisSection2areautomatically terminatedifLICENSEEdoesso. 2.2 CHANGE IN LICENSING. It is Red Hat's intent to change the terms ofthelicensegrantedinthisSection2tothatofanopensource license.Ifsuchchangeisgenerallyannouncedtothepublic, LICENSEEwillhavetheoptiontoelecttohaveAdminServerand Consolegovernedbythetermsofsuchopensourcelicense.If LICENSEEdoesnotmakesuchelection,thetermsofthisAgreement will continuetogovernLICENSEE'suseofAdminServerandConsole. 3. LIMITED WARRANTY. Except as specifically stated in this Section3

oralicenseforaparticularcomponent,TOTHEMAXIMUMEXTENT PERMITTEDUNDERAPPLICABLELAW,THESOFTWAREANDTHE COMPONENTSARE PROVIDEDANDLICENSED"ASIS"WITHOUTWARRANTYOFANY KIND,EXPRESSED OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENTORFITNESSFORAPARTICULARPURPOSE. RedHatdoes notwarrantthatthefunctionscontainedintheSoftwarewillmeet LICENSEE'srequirementsorthattheoperationoftheSoftwarewill be entirelyerrorfreeorappearpreciselyasdescribedinthe accompanyingdocumentation. 4. LIMITATIONOFREMEDIESANDLIABILITY.TOTHEMAXIMUM EXTENT PERMITTEDBYAPPLICABLELAW,REDHATWILLNOTBELIABLE TOLICENSEE FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDINGLOSTPROFITSOR LOSTSAVINGSARISINGOUTOFTHEUSEORINABILITYTOUSE THESOFTWARE, EVENIFREDHATHASBEENADVISEDOFTHEPOSSIBILITY OF SUCHDAMAGES. 5. EXPORT CONTROL. As required by U.S. law, LICENSEE representsand warrantsthatit:(a)understandsthattheSoftwareissubjectto exportcontrolsundertheU.S.CommerceDepartment'sExport Administration Regulations ("EAR"); (b) is not located in a prohibited destinationcountryundertheEARorU.S.sanctionsregulations (currentlyCuba,Iran,Iraq,Libya,NorthKorea,SudanandSyria);(c) willnotexport,reexport,ortransfertheSoftwaretoanyprohibited destination,entity,orindividualwithoutthenecessaryexport license(s)orauthorizations(s)fromtheU.S.Government;(d)will notuseortransfertheSoftwareforuseinanysensitivenuclear, chemical or biological weapons, or missile technology enduses unless authorizedbytheU.S.Governmentbyregulationorspecificlicense; (e)understandsandagreesthatifitisintheUnitedStatesand exportsortransferstheSoftwaretoeligibleendusers,itwill,as required by EAR Section 740.17(e), submit semiannual reports to the

CommerceDepartment'sBureauofIndustry&Security(BIS),which include the name and address (including country) of each transferee; and(f)understandsthatcountriesotherthantheUnitedStatesmay restricttheimport,use,orexportofencryptionproductsandthatit shall be solely responsible for compliance with any such import, use, orexportrestrictions. 6. THIRDPARTYPROGRAMS.RedHatmaydistribute thirdparty software programswiththeSoftwarethatarenotpartoftheSoftware.These thirdpartyprogramsaresubjecttotheirownlicenseterms.The licensetermseitheraccompanytheprogramsorcanbeviewedat http://www.redhat.com/licenses/. If LICENSEE does not agree to abide bytheapplicablelicensetermsforsuchprograms,thenLICENSEE may not install them. If LICENSEE wishes to install the programs on more thanonesystemortransfertheprogramstoanotherparty,then LICENSEEmustcontactthelicensoroftheprograms. 7.GENERAL.Ifanyprovisionofthisagreementisheldtobe unenforceable,thatshallnotaffecttheenforceabilityofthe remainingprovisions.Thisagreementshallbegovernedbythelaws of theStateofNorthCarolinaandoftheUnitedStates,withoutregard toanyconflictoflawsprovisions,exceptthattheUnitedNations ConventionontheInternationalSaleofGoodsshallnotapply. Doyouacceptthelicenseterms?(Yes/no) Nota: Aqu debemosaceptarelcontratodelicenciamientodelsoftware libreDirectoryServer.

======================================================== FedoraDirectoryServer1.0.4 ======================================================== TheFedoraDirectoryServerissubjecttothetermsdetailedinthe licenseagreementfilecalledLICENSE.txt.

LatebreakingnewsandinformationontheFedoraDirectoryServer is availableatthefollowinglocation: http://directory.fedora.redhat.com Continue?(Yes/no) Nota:Debemosaceptarparapodercontinuar.

Fedora Directory Server system tuning analysis version 04 APRIL2005. NOTICE : System is i686unknownlinux2.6.2514.fc9.i686 (2 processors). NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds (120minutes). Thismaycausetemporaryservercongestionfrom lost clientconnections. WARNING:Thereareonly1024filedescriptors(hardlimit)available, which limitthenumberofsimultaneousconnections. WARNING:Thereareonly1024filedescriptors(softlimit)available, which limitthenumberofsimultaneousconnections. Continue?(yes/no) Nota:Debemosaceptarparapodercontinuar.

Pleaseselecttheinstallmode: 1Expressminimalquestions 2Typicalsomecustomization(default) 3Customlotsofcustomization

Pleaseselect1,2or3(default:2) Nota: Aqui debemos seleccionar el tipo de instalacion del Directory Serverquedeseamos;(lamasapropiadaserialaopcion2elcualviene pordefecto) Hostnametouse(default:localhost.localdomain) Nota:Debemosingresarelnombredelequipodondeestarainstaladoel serviciodedirectorio+elnombredeldominio. (Ejemplo:equipo.midominio.com).

ServeruserIDtouse(default:nobody) Nota: Debemosingresarelnombredeusuarioquevaaadministrarel servidor(admin).

ServergroupIDtouse(default:nobody) Nota: Ingresamos el nombre del grupo al cual pertenece el usuario admin(sialcrearunusuarionoleasignamosungrupoenespecifico,el grupodedichousuariotendrelmismonombrequeeldelusuario).

FedoraProject DirectoryInstallation/Uninstallation FedoraserverinformationisstoredintheFedoraconfiguration directoryserver,whichyoumayhavealreadysetup.Ifso,you shouldconfigurethisservertobemanagedbytheconfiguration server.Todoso,thefollowinginformationabouttheconfiguration serverisrequired:thefullyqualifiedhostnameoftheform <hostname>.<domainname>(e.g. hostname.domain.com), the port number, thesuffix,andtheDNandpasswordofauserhavingpermissionto

writetheconfigurationinformation,usuallytheFedora configurationdirectoryadministrator. Ifyouwanttoinstallthissoftwareasastandaloneserver,orifyou wantthisinstancetoserveasyourFedoraconfigurationdirectory server,pressEnter. Doyouwanttoregisterthissoftwarewithanexisting Fedoraconfigurationdirectoryserver?[No]: Nota:Aqunosestnpreguntandosideseamosestablecerconfiguracin para unserviciodedirectorioexistenteounonuevo.Comoapenaslo estamosinstalandoporprimeravezdebemosdejarlopordefecto.

FedoraProject DirectoryInstallation/Uninstallation Ifyoualreadyhaveadirectoryserveryouwanttousetostoreyour data, such as user and group information, answer Yes to the following question.Youwillbepromptedforthehost,port,suffix,andbind DNtouseforthatdirectoryserver.

Ifyouwantthisdirectoryservertostoreyourdata,answerNo.

Doyouwanttouseanotherdirectorytostoreyourdata?[No]:

Nota: Aqu nos estn diciendo si deseamos ingresar los datos o importarlos desde otro servidor de directorio existente (como se dijo anteriormentelodejamospordefecto).

FedoraProject DirectoryInstallation/Uninstallation Thestandarddirectoryservernetworkportnumberis389.However, if youarenotloggedasthesuperuser,orport389isinuse,the default value will be a random unused port number greater than 1024. Ifyouwanttouseport389,makesurethatyouareloggedinasthe superuser,thatport389isnotinuse,andthatyouruntheadmin serverasthesuperuser.

Directoryservernetworkport[389]:

Nota:Esteeselpuertoporelcualvaescucharlasconexionesdenuestro serviciodedirectorio(pordefectoeselpuerto#389).

FedoraProject DirectoryInstallation/Uninstallation Eachinstanceofadirectoryserverrequiresauniqueidentifier. PressEntertoacceptthedefault,ortypeinanothernameandpress Enter.

Directoryserveridentifier[equipo.sena.edu.co]:

Nota:Aquespecificamoselnombredelequipo+elnombredeldominio. (Ejemplo:equipo.midominio.com)

FedoraProject DirectoryInstallation/Uninstallation PleaseentertheadministratorIDfortheFedoraconfiguration directoryserver.ThisistheIDtypicallyusedtologintothe console.Youwillalsobepromptedforthepassword. Fedoraconfigurationdirectoryserver administratorID[admin]: Password: Password (again): Nota: Enesteespaciodebemosespecificarel nombredelusuarioque vaaadministrarelserviciodedirectorioylecreamosunacontrasea (mnimode8caracteres).

FedoraProject DirectoryInstallation/Uninstallation Thesuffixistherootofyourdirectorytree. Youmayhavemore than onesuffix.

Suffix[dc=]: Nota: Enesteespacionosestnpreguntandocualser elnombredel directorio root (principal) del rbol de directorios del Directory Server. (Ejemplo:midominio).

FedoraProject DirectoryInstallation/Uninstallation Certaindirectoryserveroperationsrequireanadministrativeuser. This user is referred to as the Directory Manager and typically has a bind Distinguished Name (DN) of cn=Directory Manager. PressEnterto acceptthedefaultvalue,orenteranotherDN.Ineithercase,you willbepromptedforthepasswordforthisuser. Thepasswordmustbeatleast8characterslong.

DirectoryManagerDN[cn=DirectoryManager]:

Nota: Aqu podemosdejarlopordefectooespecificarelnombrequele deseamos dar al contenedor principal del Directory Server, tambin debemoscrearlacontrasea(mnimode8caracteres).

FedoraProject DirectoryInstallation/Uninstallation TheAdministrationDomainisapartoftheconfigurationdirectory serverusedtostoreinformationaboutFedorasoftware.Ifyouare managingmultiplesoftwarereleasesatthesametime,ormanaging informationaboutmultipledomains,youmayusetheAdministration Domaintokeepthemseparate.

Ifyouarenotusingadministrativedomains,pressEntertoselect thedefault.Otherwise,entersomedescriptive,uniquenameforthe administration domain, such as the name of the organization responsibleformanagingthedomain. AdministrationDomain:

Nota: Sitienesmltiplesdominiosparaadministrarpuedesutilizaresta opcinparaadministrarlosfcilmente,lomejoresdejarlopordefecto. FedoraProject AdministrationInstallation/Uninstallation

TheAdministrationServerisseparatefromanyofyourapplication servers since it listens to a different port and access to it is restricted. Pick a port number between 1024 and 65535 to run your AdministrationServeron.YoushouldNOTuseaportnumberwhich you plan to run an application server on, rather, select a number whichyouwillrememberandwhichwillnotbeusedforanything else.

Thedefaultinbracketswasrandomlyselectedfromtheavailable portsonyoursystem.Toacceptthedefault,pressreturn.

Administrationport[33871]:

Nota: Aqu debesespecificarelnmerodepuertoporelcualvamosa administrarnuestroservidordedirectorioopodemosdejarlopordefecto.

FedoraProject AdministrationInstallation/Uninstallation

TheAdministrationServerprogramrunsasacertainuseronyour system.Thisusershouldbedifferentthantheonewhichyour applicationserversrunas.Onlytheuseryouselectwillbe abletowritetoyourconfigurationfiles.Ifyourunthe AdministrationServeras"root",youwillbeabletousetheServer Administrationscreentostartandstopyourapplicationservers.

RunAdministrationServeras[root]: Nota: Puedes utilizar el usuario root para administrar el servidor o especificarotro,lomasconvenienteesutilizarelusuarioroot.

FedoraProject AdministrationInstallation/Uninstallation TheAdministrationServerrunsontheApachewebserver.Please providethe directorywheretheApachebinary(httpdorhttpd.worker)maybe found.The AdministrationServerneedsanApachecompiledwiththeworker model.

ApacheDirectory[/usr/sbin/]: Nota:Esteeseldirectorioenelcualvamosainstalarelserviciohttpdo especificarotro. Yfinalmentesitodonoshasalidobiennosdebermostrarlossiguientes Logs:

[slapdequipo]:startingupserver... [slapdequipo]: FedoraDirectory/1.0.4B2006.312.1539 [slapdequipo]: equipo.gafas.local:389 (/opt/fedorads/slapd equipo) [slapdequipo]: [slapdequipo]:[25/Aug/2008:10:34:190500]FedoraDirectory/1.0.4 B2006.312.1539startingup [slapdequipo]: [25/Aug/2008:10:34:19 0500] slapd started. ListeningonAllInterfacesport389forLDAPrequests Yournewdirectoryserverhasbeenstarted. CreatednewDirectoryServer StartSlapdStartingSlapdserverconfiguration. Success Slapd Added Directory Server information to Configuration. ConfiguringAdministrationServer...

SettingupAdministrationServerInstance... ConfiguringAdministrationTasksinDirectoryServer... ConfiguringGlobalParametersinDirectoryServer... Youcannowusetheconsole.Hereisthecommandtousetostart theconsole: cd/opt/fedorads ./startconsoleuadminahttp://nombredeequipo+dominio:puerto deadministracion/

Ahorasolonosquedainiciarlaconsola,ejecutandoelscriptstartconsole queseencuentraen/opt/fedorads,asi: #./startconsoleuadminahttp://nombre deequipo+dominio:puertode administracion/

Ylisto!!!!