Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER, Directory Server 8.1 Using Instructions

Red Hat Directory

Server 8.1

Using the Admin Server

with Red Hat Directory Server

Ella Deon Lackey

Using the Admin Server

Red Hat Directory Server 8.1 Using the Admin Server with Red Hat Directory Server Edition 8.1.1

Copyright © 2009 Red Hat, Inc.. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version of the OPL is presently available at http://www.opencontent.org/openpub/).

Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other countries.

All other trademarks referenced herein are the property of their respective owners.

1801 Varsity Drive Raleigh, NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park, NC 27709 USA

The Admin Server is a support server which drives access to the Directory Server Console, provides a web server for Directory Server web applications, and stores some Directory Server configuration. This guide covers how to manage the Admin Server through the Console, through the command line, and through the web services, along with covering basic Admin Server concepts.

iii

Preface v

1. Examples and Formatting ................................................................................................ v

1.1. Command and File Examples ............................................................................... v

1.2. Tool Locations ...................................................................................................... v

1.3. LDAP Locations ................................................................................................... v

1.4. Text Formatting and Styles ................................................................................... v

2. Additional Reading ......................................................................................................... vi

3. Giving Feedback ............................................................................................................ vii

4. Documentation History .................................................................................................. viii

1. Introduction to Red Hat Admin Server 1

2. Admin Server Configuration 3

2.1. Directory Server File Locations ..................................................................................... 3

2.2. Starting and Stopping the Admin Server ........................................................................ 4

2.2.1. Starting and Stopping Admin Server from the Console ......................................... 4

2.2.2. Starting and Stopping Admin Server from the Command Line ............................... 5

2.3. Opening the Admin Server Console .............................................................................. 6

2.4. Viewing Logs ............................................................................................................... 8

2.4.1. Viewing the Logs through the Console ................................................................ 8

2.4.2. Viewing Logs in the Command Line ................................................................... 9

2.4.3. Changing the Log Name in the Console ............................................................ 10

2.4.4. Changing the Log Location in the Command Line .............................................. 11

2.4.5. Setting the Logs to Show Hostnames Instead of IP Addresses ............................ 12

2.5. Changing the Port Number ......................................................................................... 12

2.5.1. Changing the Port Number in the Console ........................................................ 12

2.5.2. Changing the Port Number in the Command Line .............................................. 13

2.6. Setting Host Restrictions ............................................................................................. 14

2.6.1. Setting Host Restrictions in the Console ............................................................ 14

2.6.2. Setting Host Restrictions in the Command Line ................................................. 16

2.7. Changing the Admin User's Name and Password ......................................................... 17

2.8. Working with SSL ....................................................................................................... 19

2.8.1. Requesting and Installing a Server Certificate .................................................... 19

2.8.2. Installing a CA Certificate ................................................................................. 24

2.8.3. Enabling SSL .................................................................................................. 27

2.8.4. Creating a Password File for the Admin Server ................................................. 29

2.9. Changing Directory Server Settings ............................................................................. 30

2.9.1. Changing the Configuration Directory Host or Port ............................................. 31

2.9.2. Changing the User Directory Host or Port ......................................................... 31

3. Admin Express 35

3.1. Managing Servers in Admin Express ........................................................................... 35

3.1.1. Opening Admin Express .................................................................................. 35

3.1.2. Starting and Stopping Servers .......................................................................... 35

3.1.3. Viewing Server Logs ........................................................................................ 36

3.1.4. Viewing Server Information ............................................................................... 36

3.1.5. Monitoring Replication from Admin Express ....................................................... 37

3.2. Configuring Admin Express ......................................................................................... 40

3.2.1. Admin Express File Locations .......................................................................... 40

3.2.2. Admin Express Configuration Files ................................................................... 41

3.2.3. Admin Express Directives ................................................................................ 46

4. Admin Server Command-Line Tools 49

Using the Admin Server

4.1. sec-activate ................................................................................................................ 49

4.2. modutil ....................................................................................................................... 49

Index 63

Preface

The Admin Server Guide provides information on using a support administrative server with identity management projects including Red Hat Directory Server and Red Hat Certificate System. The Admin Server runs the Java consoles used by those servers, as well as providing web services and storing configuration information for those services.

The Admin Server is installed and configured automatically with Red Hat Directory Server. This guide covers how to use and manage the Admin Server through its own Java Console (part of Red Hat Console, along with the Directory Server Console), through native command-line tools, and through the integrated web services.

1. Examples and Formatting

Each of the examples used in this guide, such as file locations and commands, have certain defined conventions.

1.1. Command and File Examples

All of the examples for Red Hat Directory Server commands, file locations, and other usage are given for Red Hat Enterprise Linux 5 (32-bit) systems. Be certain to use the appropriate commands and files for your platform.

To start the Red Hat Directory Server:

service dirsrv start

Example 1. Example Command

1.2. Tool Locations

The tools for Red Hat Directory Server are located in the /usr/bin and the /usr/sbin directories. These tools can be run from any location without specifying the tool location.

1.3. LDAP Locations

There is another important consideration with the Red Hat Directory Server tools. The LDAP tools referenced in this guide are Mozilla LDAP, installed with Red Hat Directory Server in the /usr/lib/ mozldap directory on Red Hat Enterprise Linux 5 (32-bit) (or /usr/lib64/mozldap for 64-bit systems).

However, Red Hat Enterprise Linux systems also include LDAP tools from OpenLDAP in the /usr/ bin directory. It is possible to use the OpenLDAP commands as shown in the examples, but you must use the -x argument to disable SASL, which OpenLDAP tools use by default.

1.4. Text Formatting and Styles

Certain words are represented in different fonts, styles, and weights. Different character formatting is used to indicate the function or purpose of the phrase being highlighted.

Preface

Formatting Style Purpose

Monospace font Monospace is used for commands, package

names, files and directory paths, and any text displayed in a prompt.

Monospace with a background

This type of formatting is used for anything entered or returned in a command prompt.

Italicized text Any text which is italicized is a variable, such

as instance_name or hostname. Occasionally, this is also used to emphasize a new term or other phrase.

Bolded text Most phrases which are in bold are application

names, such as Cygwin, or are fields or options in a user interface, such as a User Name Here: field or Save button.

Other formatting styles draw attention to important text.

NOTE

A note provides additional information that can help illustrate the behavior of the system or provide more detail for a specific issue.

IMPORTANT

Important information is necessary, but possibly unexpected, such as a configuration change that will not persist after a reboot.

WARNING

A warning indicates potential data loss, as may happen when tuning hardware for maximum performance.

2. Additional Reading

The Directory Server Administrator's Guide describes how to set up, configure, and administer Red Hat Directory Server and its contents. this manual does not describe many of the basic directory and architectural concepts that you need to deploy, install, and administer a directory service successfully. Those concepts are contained in the Red Hat Directory Server Deployment Guide. You should read that book before continuing with this manual.

When you are familiar with Directory Server concepts and have done some preliminary planning for your directory service, install the Directory Server. The instructions for installing the various Directory Server components are contained in the Red Hat Directory Server Installation Guide. Many of the scripts and commands used to install and administer the Directory Server are explained in detail in the Red Hat Directory Server Configuration, Command, and File Reference.

Giving Feedback

vii

Also, Managing Servers with Red Hat Console contains general background information on how to use the Red Hat Console. You should read and understand the concepts in that book before you attempt to administer Directory Server.

The document set for Directory Server contains the following guides:

• Red Hat Directory Server Release Notes contain important information on new features, fixed bugs, known issues and workarounds, and other important deployment information for this specific version of Directory Server.

• Red Hat Directory Server Deployment Guide provides an overview for planning a deployment of the Directory Server.

• Red Hat Directory Server Administrator's Guide contains procedures for the day-to-day maintenance of the directory service. Includes information on configuring server-side plug-ins.

• Red Hat Directory Server Configuration, Command, and File Reference provides reference information on the command-line scripts, configuration attributes, and log files shipped with Directory Server.

• Red Hat Directory Server Installation Guide contains procedures for installing your Directory Server as well as procedures for migrating from a previous installation of Directory Server.

• Red Hat Directory Server Schema Reference provides reference information about the Directory Server schema.

• Red Hat Directory Server Plug-in Programmer's Guide describes how to write server plug-ins in order to customize and extend the capabilities of Directory Server.

• Using Red Hat Console gives an overview of the primary user interface and how it interacts with the Directory Server and Admin Server, as well as how to perform basic management tasks through the main Console window.

• Using the Admin Server describes the different tasks and tools associated with the Admin Server and how to use the Admin Server with the Configuration and User Directory Server instances.

For the latest information about Directory Server, including current release notes, complete product documentation, technical notes, and deployment information, see the Red Hat Directory Server documentation site at http://www.redhat.com/docs/manuals/dir-server/.

3. Giving Feedback

If there is any error in this Using the Admin Server or there is any way to improve the documentation, please let us know. Bugs can be filed against the documentation for Red Hat Directory Server through Bugzilla, http://bugzilla.redhat.com/bugzilla. Make the bug report as specific as possible, so we can be more effective in correcting any issues:

• Select the Red Hat Directory Server product.

• Set the component to Doc - managing-servers.

• Set the version number to 8.1.

• For errors, give the page number (for the PDF) or URL (for the HTML), and give a succinct description of the problem, such as incorrect procedure or typo.

Preface

viii

For enhancements, put in what information needs to be added and why.

• Give a clear title for the bug. For example, "Incorrect command example for setup script options" is better than "Bad example".

We appreciate receiving any feedback — requests for new sections, corrections, improvements, enhancements, even new ways of delivering the documentation or new styles of docs. You are welcome to contact Red Hat Content Services directly at mailto:docs@redhat.com.

4. Documentation History

Revision 8.1.1 September 9, 2009 Ella Deon Lackey

Removing any references to the Directory Server Gateway or Org Chart.

Revision 8.1.0 April 28, 2009 Ella Deon Lackey dlackey@redhat.com

Initial draft for version 8.1.

Chapter 1.

Introduction to Red Hat Admin Server

Identity management and directory services with Red Hat Directory Server use three components, working in tandem:

• A Java-based management console

• An administration server which also functions as a web server

• An LDAP directory server

Figure 1.1. Interactions between the Console, Admin Server and Directory Server

The Admin Server processes configuration requests for Directory Server instances and performs many common server tasks, such as stopping and starting server instances. Directory services are usually divided into two categories: configuration databases which store the Console and Admin Server settings and some Directory Server configuration and user databases which contain user and group

Chapter 1. Introduction to Red Hat Admin Server

information. These databases can be kept in the same Directory Server instance, but it is also possible to break these services into separate Directory Server instances. In that case, a Directory Server instance's configuration are stored in a separate Directory Server, called the Configuration Directory Server, and user data is stored in the User Directory Server. Because the Admin Server processes server configuration requests for Red Hat Directory Server, the Configuration Directory Server and User Directory Server instances are both defined in the Admin Server configuration.

As a web server, the Admin Server provides all of the online functions of the Directory Server, including handling connections to the Console and hosting web applications such as Admin Express. Clients connect to the Admin Server both over secure and standard connections, since the Admin Server supports both HTTP or HTTPS, if SSL/TLS is enabled.

When Red Hat Directory Server or Red Hat Certificate System (which depends on Red Hat Directory Server) is installed, then the Admin Server is automatically installed and configured as well. There can be multiple Directory Server instances and multiple Certificate System subsystems on a single machine, and all use the same instance of Admin Server.

There can be only one Admin Server per machine. This single Admin Server instance can handle multiple instances of Directory Server and other clients which can use the Admin Server, like Red Hat Certificate System.

When the Console is opened to manage an instance of Directory Server or Certificate System, even if the Console is on a different machine than the server instance being managed, it contacts the local Admin Server instance to perform the requested tasks. For example, Admin Server can execute programs to modify the server and application settings that are stored in the configuration directory or to change the port number that a server listens to.

The Admin Server itself can be managed through its own Java-based interface, by editing its configuration files, or through command-line tools.

Chapter 2.

Admin Server Configuration

The Admin Server is a separate server from Red Hat Directory Server or Red Hat Certificate System, although they work interdependently. The Admin Server processes, file locations, and configuration options are also separate. This chapter covers the Admin Server information, including starting and stopping the Admin Server, enabling SSL, viewing logs, and changing Admin Server configuration properties, such as the server port number.

2.1. Directory Server File Locations

Red Hat Admin Server conforms to the Filesystem Hierarchy Standards. For more information on FHS, see the FHS homepage, http://www.pathname.com/fhs/.

There are slight difference in the file locations depending on the platform, so the default Red Hat Enterprise Linux FHS locations (used in the examples) may not match every installation. Some platforms treat the Admin Server as optional software and therefore, under FHS, store Admin Server files in /opt directories.

The files and directories installed with Directory Server are listed in the tables below for each supported platform.

File or Directory Location

Log files /var/log/dirsrv/admin-serv

Configuration files /etc/dirsrv/admin-serv

Instance directory /usr/lib/dirsrv/admin-serv

Database files /var/lib/dirsrv/admin-serv

Runtime files /var/lock/dirsrv/admin-serv.*

/var/run/dirsrv/admin-serv.*

Init scripts /etc/rc.d/init.d/dirsrv-admin

/etc/sysconfig/dirsrv-admin

Tools /usr/bin/

/usr/sbin/

Table 2.1. Red Hat Enterprise Linux 4 and 5 (x86 and x86_64)

File or Directory Location

Log files /var/opt/dirsrv/admin-serv/logs

Configuration files /etc/opt/dirsrv/admin-serv/runs

Instance directory /opt/dirsrv/admin-serv

Database files /var/opt/dirsrv/admin-serv

Runtime files /var/opt/dirsrv/admin-serv

Binaries /opt/dirsrv/bin/

/opt/dirsrv/sbin/

Libraries /opt/dirsrv/lib/

Table 2.2. HP-UX 11i (IA64)

Chapter 2. Admin Server Configuration

2.2. Starting and Stopping the Admin Server

The Admin Server is running when the setup-ds-admin.pl configuration script completes. Avoid stopping and starting the server to prevent interrupting server operations.

• When starting in SSL, the start script prompts for the password for the security (SSL certificate) database. It is possible to restart in SSL without being prompted for a password by using a password file. See Section 2.8.4, “Creating a Password File for the Admin Server” for more information.

If there is not password file, then the Admin Server cannot be restarted in SSL through the Console, only the command-line scripts.

• Rebooting the host system can automatically start the Admin Server's httpd process. The directory provides startup or run command (rc) scripts. On Red Hat Enterprise Linux, use the chkconfig command to enable the Admin Server to start on boot. For HP-UX, check the operating system documentation for details on adding these scripts.

2.2.1. Starting and Stopping Admin Server from the Console

1. Start the Console, and open the Admin Console.

/usr/bin/redhat-idm-console -a http://localhost:9830

2. In the Tasks tab, click Restart Server or Stop Server.

Starting and Stopping Admin Server from the Command Line

When the Admin Server is successfully started or stopped from the Console, the server displays a message box stating that the server has either started or shut down.

2.2.2. Starting and Stopping Admin Server from the Command Line

There are two ways to start, stop, or restart the Admin Server:

• There are scripts in the /usr/sbin directory.

/usr/sbin/{start|stop|restart}-ds-admin

• The Admin Server service can also be stopped and started using system tools on Red Hat

Enterprise Linux 5 (32-bit) using the service command. For example:

service dirsrv-admin {start|stop|restart}

Chapter 2. Admin Server Configuration

NOTE

The service name for the Admin Server process on Red Hat Enterprise Linux 5 (32-bit) is dirsrv-admin.

2.3. Opening the Admin Server Console

There is a simple script to launch the main Console. On Red Hat Enterprise Linux, run the following:

/usr/bin/redhat-idm-console

HP-UX has a different location for the script:

/opt/dirsrv/bin/redhat-idm-console

When the login screen opens, the Admin Server prompts for the username, password, and Admin Server location. The Admin Server location is a URL; for a standard connection, this has the http: prefix for a standard HTTP protocol. If SSL/TLS is enabled, then this uses the https: prefix for the secure HTTPS protocol.

Figure 2.1. Login Box

Opening the Admin Server Console

TIP

It is possible to send the Admin Server URL and port with the start script. For example:

/usr/bin/redhat-idm-console -a http://localhost:9830

The a option is a convenience, particularly for logging into a Directory Server for the first time. On subsequent logins, the URL is saved. If the Admin Server port number is not passed with the redhat-idm-console command, then the server prompts for it at the Console login screen.

This opens the main Console window. To open the Admin Server Console, select the Admin Server instance from the server group on the left, and then click the Open at the top right of the window.

Figure 2.2. The Admin Server Console

NOTE

Make sure that Sun JDK or OpenJDK version 1.6.0 is set in the PATH before launching the Console. Run the following to see if the Java program is in the PATH and to get the version and vendor information:

Chapter 2. Admin Server Configuration

java -version

2.4. Viewing Logs

Log files monitor activity for Admin Server and can help troubleshoot server problems. Admin Server logs use the Common Logfile Format, a broadly supported format that provides information about the server.

Admin Server generates two kinds of logs:

• Access logs. Access logs show requests to and responses from the Admin Server. By default, the file is located at /var/log/dirsrv/admin-serv/access.

• Error logs. Error logs show messages for errors which the server has encountered since the log file was created. It also contains informational messages about the server, such as when the server was started and who tried unsuccessfully to log on to the server. By default, the file is located at /var/ log/dirsrv/admin-serv/error.

The logs can be viewed through Admin Server Console or by opening the log file.

2.4.1. Viewing the Logs through the Console

1. Open the Admin Server management window.

2. Click the Configuration tab.

3. Expand the Logs directory, and click the log file name, either Accesses or Error.

Viewing Logs in the Command Line

2.4.2. Viewing Logs in the Command Line

The access log, by default, is at /var/log/dirsrv/admin-serv/access. To view the access log, open it in an editor such as vi.

Access logs show connections to the Admin Server based on the IP address of the client, the username, and the method that the request was sent. Each line has the following format:

ip_address - bind_DN [timestamp -0500] "GET|POST cgi" HTTP_response bytes

Example logs are shown in Example 2.1, “Example Access Logs”.

127.0.0.1 - cn=directory manager [23/Dec/2008:19:32:52 -0500] "GET /adminserv/authenticate HTTP/1.0" 200 338

192.168.123.121 - cn=directory manager [23/Dec/2008:19:33:14 -0500] "POST / admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 244

192.168.123.121 - cn=directory manager [23/Dec/2008:19:33:16 -0500] "GET / admin-serv/tasks/Configuration/ReadLog?op=count&name=access HTTP/1.0" 200 10

Example 2.1. Example Access Logs

The error log, by default, is at /var/log/dirsrv/admin-serv/errors. To view the error log, open it in an editor such as vi.

Error logs record any problem response from the Admin Server. Like the access log, error logs also records entries based the client's IP address, along with the type of error message, and the message text:

[timestamp] [severity] [client ip_address error_message

The severity message indicates whether the error is critical enough for administrator intervention. [warning], [error], and [critical] require immediate administrator action. Any other severity means the error is informational or for debugging.

Example logs are shown in Example 2.2, “Example Error Logs”.

Chapter 2. Admin Server Configuration

[Mon Dec 22 23:44:59 2008] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 [Mon Dec 22 23:44:59 2008] [notice] [client 127.0.0.1] admserv_host_ip_check: host [localhost.localdomain] did not match pattern [*.example.com] -will scan aliases [Mon Dec 22 23:44:59 2008] [notice] [client 127.0.0.1] admserv_host_ip_check: host alias [localhost] did not match pattern [*.example.com] [Mon Dec 22 23:44:59 2008] [notice] [client 127.0.0.1] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler [Mon Dec 22 23:45:16 2008] [notice] [client 192.168.123.121] admserv_host_ip_check: ap_get_remote_host could not resolve

192.168.123.121

Example 2.2. Example Error Logs

2.4.3. Changing the Log Name in the Console

The access and error log files' names can be changed to rotate the files. This rotation has to be done manually to create new files if the existing log files become too large.

1. Open the Admin Server management window.

2. Click the Configuration tab.

3. Click Logs in the left panel.

4. In the Logs window on the right, enter the new log file name.

WARNING

The path to the log file is absolute and cannot be changed.

Changing the Log Location in the Command Line

5. Click OK to save the changes.

6. Open the Tasks tab, and click the Restart Server button to restart the server and apply the changes.

2.4.4. Changing the Log Location in the Command Line

The access and error log files' names and locations can be changed to rotate the files. This rotation has to be done manually to create new files if the existing log files become too large. The location can be changed if the default location in /var/log/dirsrv/admin-serv/ does not meet the application needs.

The Admin Server configuration is stored in two locations. The main entry is an LDAP entry in the Configuration Directory Server's o=NetscapeRoot database. The other is the console.conf file. Changing the log settings requires changing both settings.

1. Edit the Admin Server configuration entry in the Configuration Directory Server.

a. Get the name of the Admin Server entry. Since the Admin Server entry has a special object

class, nsAdminConfig, it is possible to search for the entry using that object class to retrieve the DN.

/usr/lib/mozldap/ldapsearch -D "cn=directory manager" -w secret -p 389 -h server.example.com -b "o=NetscapeRoot" "(objectclass=nsAdminConfig)" dn

version:1 dn: cn=configuration, cn=admin-serv-example, cn=Red Hat Administration Server, cn=Server Group, cn=server.example.com, ou=example.com, o=NetscapeRoot

b. The Admin Server entry can be edited using ldapmodify. The access and error log settings

are stored in the nsAccessLogs and nsErrorLogs attributes, respectively. For example:

/usr/lib/mozldap/ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: cn=configuration, cn=admin-serv-example, cn=Red Hat Administration Server, cn=Server Group, cn=server.example.com, ou=example.com, o=NetscapeRoot changetype:modify replace:nsAccessLog nsAccessLog:/var/log/dirsrv/admin-serv//access_new

Hit Enter twice to submit the operation, and then Control+C to close ldapmodify.

2. Open the Admin Server configuration directory.

cd /etc/dirsrv/admin-serv

Chapter 2. Admin Server Configuration

3. Edit the console.conf file. For the access log, edit the path and filename in the CustomLog parameter. For the error log, edit the path and filename in the ErrorLog parameter.

CustomLog /var/log/dirsrv/admin-serv//access_new common ErrorLog /var/log/dirsrv/admin-serv//error_new

Leave the term common after the access log path; this means that the access log is in the Common Log Format.

4. Restart the Admin Server.

service dirsrv-admin restart

2.4.5. Setting the Logs to Show Hostnames Instead of IP Addresses

By default, the logs show the IP address of the clients which connect to the Admin Server. This is faster for the Admin Server, since it does not have to do a DNS lookup for every connection. It is possible to set the Admin Server to perform a DNS lookup so that hostnames are used in the logs. Along with being friendlier to read and search, using hostnames instead of IP addresses also removes some unnecessary error messages about being unable to resolve hostnames.

To configure the Admin Server to perform DNS lookups:

1. Edit the console.conf file for the Admin Server.

cd /etc/dirsrv/admin-serv vim console.conf

2. Set the HostnameLookups parameter to on. By default, this is turned off, so that IP addresses are recorded in logs instead of hostnames.

HostnameLookups on

2.5. Changing the Port Number

The port number specifies where an instance of Admin Server listens for messages.

The default port number for Admin Server is set when the instance is first installed and the configuration script, such as setup-ds-admin.pl, is run. The default port number is 9830, although if that number is in use, then the setup program will use a randomly-generated number larger than 1024 or one can assign any port number between 1025 and 65535.

2.5.1. Changing the Port Number in the Console

1. Open the Admin Server management window.

2. Click the Configuration tab.

3. Click the Network tab.

Changing the Port Number in the Command Line

4. Enter the port number for the Admin Server instance in the Port field. The Admin Server port

number has a default number of 9830.

5. Click OK.

6. Open the Tasks tab, and click the Restart Server button to restart the server and apply the changes.

7. Close the Console, and then restart the Console, specifying the new Admin Server port number in the connection URL.

2.5.2. Changing the Port Number in the Command Line

The port number for the Admin Server is 9830 by default.

1. Edit the Admin Server configuration entry in the Configuration Directory Server.

a. Get the name of the Admin Server entry. Since the Admin Server entry has a special object

class, nsAdminConfig, it is possible to search for the entry using that object class to retrieve the DN.

/usr/lib/mozldap/ldapsearch -D "cn=directory manager" -w secret -p 389 -h server.example.com -b "o=NetscapeRoot" "(objectclass=nsAdminConfig)" dn

Chapter 2. Admin Server Configuration

version:1 dn: cn=configuration, cn=admin-serv-example, cn=Red Hat Administration Server, cn=Server Group, cn=server.example.com, ou=example.com, o=NetscapeRoot

b. The Admin Server entry can be edited using ldapmodify. The port number is set in the

nsServerPort attribute. For example:

/usr/lib/mozldap/ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com

Hit Enter twice to submit the operation, and then Control+C to close ldapmodify.

2. Open the Admin Server configuration directory.

cd /etc/dirsrv/admin-serv

3. Edit the Listen parameter in the console.conf file.

Listen 0.0.0.0:10030

4. Restart the Admin Server.

service dirsrv-admin restart

2.6. Setting Host Restrictions

Connection restrictions specify which hosts are allowed to connect to the Admin Server. You can list these hosts by DNS name, IP address, or both. Only host machines listed within the connection restriction parameters are allowed to connect to the Admin Server. This setting allows wildcards within a domain or an IP address range to make setting connection restrictions simpler.

2.6.1. Setting Host Restrictions in the Console

1. Open the Admin Server management window.

2. Click the Configuration tab.

3. Click the Network tab.

+ 50 hidden pages

Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER, Directory Server 8.1 Using Instructions

Specifications and Main Features

Frequently Asked Questions

User Manual