Article
Search
Shameless Plugs
Most Popular
Who's online
Online users
User login
8187
Installing and Configuring eDirectory 8.8.x on Ubuntu Linux
Overview
Prerequisites
Recommended Items
Installing and Configuring Ubuntu Linux
eDirectory Installation
eDirectory Configuration
Installing eDirectory NMAS Methods
Installing Security Services updates
Removing eDirectory
Conclusion
Bash Scripts
Overview
This document describes how to install and configure eDirectory 8.8.x on Ubuntu Linux. While Ubuntu Linux is not a supported eDirectory platform, it is a very popular distribution. As a result of its widespread use as both a desktop development and server platform, it was logical to test the validity of installing eDirectory 8.8.x on this platform.
eDirectory offers several enhanced features over competing LDAP directories. Among these mature features are automatic multi-mastering, replication, failover, built-in CA and secure authentication, as well as object referential integrity. eDirectory 8.8.x also supports advanced features such as encrypted attributes to protect sensitive information, an easily extensible schema, auxiliary classes and attributes, multiple authentication mechanisms via Novell NMAS, GSSAPI authentication, and multiple eDirectory instance installations on the same physical hardware/OS.
The installation and configuration of eDirectory 8.8.x was performed on 32-bit versions of Ubuntu. The tested Ubuntu versions were Ubuntu 6.06.1 LTS and Ubuntu 7.04.
The Ubuntu versions tested were:
- Ubuntu 6.06.1 LTS x86
- Ubuntu 7.04 x86
The eDirectory versions tested were:
- eDirectory 8.8.1 for Linux
- eDirectory 8.8.2 Beta 5
Note: This installation process also works for Ubuntu 7.10 'gutsy gibbon' i386 using eDirectory 8.8.2.
Prerequisites Recommended Items
Installing and Configuring Ubuntu Linux
1. Install Ubuntu Linux, server or desktop version, 32-bit (x86) architecture.
2. After the installation completes, log in and run the updates to get the latest Operating System updates.
3. When the updates have completed, set the root password with 'sudo passwd root'.
4. Enter your password, then set the root user's new password. You will need this password later to 'su' to root.
5. Install the "alien", "rpm", "libstdc++5", and "gcc" packages. From a console, run 'sudo apt-get -f install alien gcc libstdc++5'. This should install alien, rpm, libstdc++, and gcc packages for you.
eDirectory Installation
1. Download the eDirectory 8.8.x iso from download.novell.com.
2. "su" to root ('su' in console, enter root password).
3. Create a system directory for the installation files such as "/tmp/88x/" ('mkdir /tmp/88x').
4. Mount the eDirectory installation .iso as /media/cdrom ('mount -t iso9660 -o loop eDir_88XXXX.iso /media/cdrom').
5. Copy all of the files from the mounted eDirectory installation .iso to /tmp/88x/ ('cp -var /media/cdrom/* /tmp/88x/').
6. cd into /tmp/88x/setup (this may also be "/tmp/88x/eDirectory/setup", depending on the eDirectory version). For example: 'cd /tmp/88x'
7. Download the nds debian scripts: nds-install-88-deb, nds-uninstall-88-deb, and nmas-addmethod-deb (see links above).
8. Copy these files to /tmp/88x/setup (same location as the novell-NDS rpms).
9. Execute './nds-install-88-deb'.
This step will take a little time to finish, as it runs "alien" against the eDirectory rpm's, installs rpm's, and runs 'dpkg -i' on the .deb files. This script will also build the default rpm database if it doesn't exist.
The eDirectory installation is now complete. You can now configure your eDirectory tree using the ndsconfig eDirectory utility.
eDirectory Configuration
1. Set your system PATH for the nds binaries/libraries by issuing this command from the console: '. /opt/novell/eDirectory/bin/./ndspath' (Note that the command starts with dot-space.)
2. Configure your eDirectory tree from the command line using ndsconfig. For example:
ndsconfig new -t MYTREE -a cn=admin.o=novell -n o=novell -S myserver -i -e -D /var/opt/novell/instance0 -d /var/opt/novell/instance0/data/dib -w password --config-file /var/opt/novell/nds0.conf
The '-i' option ignores duplicate tree lookup, and '-e' enables the LDAP clear-text password. If you want to keep the default secure ldaps connection setting, omit the '-e' switch and use either SSL to TLS to connect via LDAP.
You may also just use 'ndsconfig new -i' and enter options from the command line when prompted. The '-i' option will skip the duplicate tree name lookup which will fail if slp is not running. You may omit this option if you start the slpuasa service with '/etc/init.d/slpuasa start'
3. Once eDirectory configuration is complete, you can verify that ndsd is up and running with 'ndsstat'.
Installing eDirectory NMAS Methods
At this time, you may want to install additional NMAS methods provided with eDirectory. To to so, use the 'nmas-addmethod-deb' script as follows (for this example):
1. If not done earlier, cd into the /tmp/88x/setup directory and copy the nmas-addmethod-deb script to /tmp/88x/setup (the same location as the nds-install-88-deb script and the NDS rpm's).
2. Execute "ndsstat" and note the eDirectory tree name.
3. Execute the nmas-addmethod-deb script, passing in the eDirectory admin DN in dot notation, eDirectory admin password, eDirectory tree name, and the ip-address:port that the eDirectory service is listening on. (The port information is optional and will default to port 524.) For example:
./nmas-addmethod-deb -a admin.novell -w password -t MYTREE -P 192.168.1.1:524
The '-P' ip address option should match whatever interface your eDirectory tree is listening on. "ndsconfig get" will show you the list of interfaces.
4. You will be prompted if you want to add each NMAS method found by its config.txt file. Entering a "y" at the command line will attempt to add the method, "n" will skip the method, and "q" will quit.
Installing Security Services Updates
As per recommendations, you may also want to install Novell Security Services updates to your eDirectory server if you are installing eDirectory 8.8.1. At the time of this writing, the latest Security Services update is SS204.
1. Download the Security Services update file from download.novell.com.
2. Extract the archive ('tar -xzvf ss204_SLAH.tgz').
3. Shut down ndsd with 'ndsmanage stopall'.
4. Run the SS204 install script with a --force option ('./install.sh --force').
The installation will report many warnings, but it will succeed.
5. Restart ndsd with 'ndsmanage startall'.
Removing eDirectory
The script "nds-uninstall-88-deb" has been provided to facilitate removal of eDirectory from your Ubuntu box.
1. 'su' to root.
2. cd to the '/tmp/88x/setup' directory.
3. Set the PATH for nds ('. /opt/novell/eDirectory/bin/./ndspath').
4. Deconfigure your tree using ndsconfig ('ndsconfig rm -a <admin.dn>')
While not necessary on a single-server installation, running 'ndsconfig rm' will keep your tree "clean" in a multi-server environment.
5. Run './nds-uninstall-88-deb'. This script will remove all of the eDirectory .deb packages, as well as all of the eDirectory rpm's, and it will remove the eDirectory directories from your server.
Conclusion
You should now have a fully functional eDirectory installation on your Ubuntu Linux machine. Other utilities such as 'ndstrace' or 'ndsrepair' have not been fully tested, but are expected to work as well.
Bash Scripts
--------------- nds-install-88-deb ---------------
#!/bin/sh
# build the rpm db in needed
if [ ! -d /var/lib/rpm ]
then
echo "building rpm database"
mkdir /var/lib/rpm
rpm --rebuilddb
fi
if [ ! -f nici*.deb ]
then
echo "Generating .deb packages from .rpm's..."
alien -d --scripts *.rpm
fi
if [ -f nici*.deb ]
then
echo ".deb packages seem to exist..."
rpm -ivh --nodeps nici-*.rpm
rm -f nici*.deb
rpm -ivh --nodeps novell-NDSbase*.rpm
rm -f novell-ndsbase*.deb
rpm -ivh --nodeps novell-NDSserv*.rpm
rm -f novell-ndsserv*.deb
rpm -ivh --nodeps novell-NDScommon*.rpm
rm -f novell-ndscommon*.deb
rpm -ivh --nodeps novell-NDSimon*.rpm
rm -f novell-ndsimon*
rpm -ivh --nodeps novell-NOVLsnmp*.rpm
rm -f novell-novlsnmp*.deb
rpm -ivh --nodeps --force novell-NDSbase*.rpm
fi
dpkg -i *.deb
cd ../nmas/NmasMethods/
alien -d --scripts *.rpm
dpkg -i *.deb
# ndspath expects awk as /bin/awk
if [ -f /usr/bin/awk ]
then
echo "Linking /usr/bin/awk to /bin/awk..."
ln -s /usr/bin/awk /bin/awk
fi
--------------- nds-install-88-deb ---------------
--------------- nmas-addmethod-deb ---------------
#!/bin/sh
while getopts s:t:a:w:P:p:h:12n:l:L:d:c:C:D:V:f:OS:NI:Xy:W: c
do
case $c in
s) SERVER=$OPTARG;;
t) TREE=$OPTARG;;
a) ADMIN=$OPTARG;;
w) ADMINPWD=$OPTARG;;
c) CONTEXT=$OPTARG;;
p)
if [ "$LDAPPORT" = "389" ] ; then
LDAPPORT=`expr $OPTARG + 1`
fi
if [ "$LDAPSSLPORT" = "636" ] ; then
LDAPSSLPORT=`expr $OPTARG + 2`
fi
if [ "$DEBUGPORT" = "1900" ] ; then
DEBUGPORT=`expr $OPTARG + 3`
fi
if [ "$HTTPPORT" = "10080" ] ; then
HTTPPORT=`expr $OPTARG + 4`
fi
if [ "$HTTPSPORT" = "10443" ] ; then
HTTPSPORT=`expr $OPTARG + 5`
fi
PORT=$OPTARG ;;
P) IPADDR=$OPTARG;;
O) SETUPHTTP=0;;
1) PRIMARYSERVER=1;;
2) PRIMARYSERVER=0;;
n) NDS_CONF=$OPTARG
export NDS_CONF
readconf
;;
l) LDAPPORT=$OPTARG;;
L) LDAPSSLPORT=$OPTARG;;
C) CONFIGDIR=$OPTARG;;
D) DIBDIR=$OPTARG;;
V) VARDIR=$OPTARG;;
X) LIBDIR=$OPTARG;;
f) LICENSE=$OPTARG;;
d) DEBUGPORT=$OPTARG;;
S) SERVERDIR=$OPTARG;;
N) CONFIGNMAS=1;;
I) INTERFACE=$OPTARG;;
y) CACHE=$OPTARG;;
W) NDSDBINI_APPENDS=$OPTARG;;
\? | h) dumpUsage
exit 2;;
default) echo $OPTARG
esac
done
if [ "$ADMIN" = "" ] || [ "$ADMINPWD" = "" ] || [ "$TREE" = "" ] || [ "$IPADDR" = "" ] ;
then
echo "./nmas-addmethod-deb -a <ADMIN.DN> -w <PASSWORD> -t <TREENAME> -P <server-ip>:<ncp-port>"
echo "example: './nmas-addmethod-deb -a cn=admin.o=novell -w password -t MYTREE -P 192.168.1.1:524'"
exit
fi
ckyorn()
{
shift
ckyornstr="$@"
ans=""
while [ -z "$ans" ] || [ "$ans" = "ERRVAL" ]
do
#write_log "$@"
#echo_sameline "$ckyornstr '[y/n/q] ? '"
read ans
ans=`echo $ans | tr "[:upper:]" "[:lower:]"`
case $ans in
y|yes) return 1 ;;
n|no) return 0 ;;
q|quit) exit 1 ;;
*) str1=`gettext install "Invalid option : "`
echo "$instr $str1$ans"
ans="ERRVAL" ;;
esac
done
}
list=`find .././ -name config.txt`
for file in $list
do
echo "add nmas method $file ?(y/n/q)"
ckyorn -p "install $file (y/n/q)"
ans=`echo $ans | tr "[:upper:]" "[:lower:]"`
if [ "$ans" = "n" ] || [ "$ans" = "no" ]
then
echo "skipping $file..."
fi
if [ "$ans" = "y" ] || [ "$ans" = "yes" ]
then
echo "attempting to add method $file to $TREE as '$ADMIN' with passwd '$ADMINPWD' on host '$IPADDR' ..."
nmasinst -addmethod $ADMIN $TREE $file -h $IPADDR -w $ADMINPWD
fi
done
--------------- nmas-addmethod-deb ---------------
--------------- nds-uninstall-88-deb ---------------
#!/bin/sh
dpkg -r nici
dpkg -r novell-ncpenc
dpkg -r novell-ndsbase
dpkg -r novell-ndscommon
dpkg -r novell-ndsimon
dpkg -r novell-ndsmasv
dpkg -r novell-ndsrepair
dpkg -r novell-ndsserv
dpkg -r novell-ndsslp
dpkg -r novell-nldapbase
dpkg -r novell-nldapsdk
dpkg -r novell-nmas
dpkg -r novell-novlembox
dpkg -r novell-novlice
dpkg -r novell-novlldif2dib
dpkg -r novell-novllmgnt
dpkg -r novell-novlsas
dpkg -r novell-novlsnmp
dpkg -r novell-novlsubag
dpkg -r novell-novlxis
dpkg -r novell-npkiapi
dpkg -r novell-npkit
dpkg -r novell-ntls
dpkg -r novell-pkiserver
dpkg -r novell-nmas-methods
dpkg -r google-perftools
dpkg --purge nici
dpkg --purge novell-ncpenc
dpkg --purge novell-ndsbase
dpkg --purge novell-ndscommon
dpkg --purge novell-ndsimon
dpkg --purge novell-ndsmasv
dpkg --purge novell-ndsrepair
dpkg --purge novell-ndsserv
dpkg --purge novell-ndsslp
dpkg --purge novell-nldapbase
dpkg --purge novell-nldapsdk
dpkg --purge novell-nmas
dpkg --purge novell-novlembox
dpkg --purge novell-novlice
dpkg --purge novell-novlldif2dib
dpkg --purge novell-novllmgnt
dpkg --purge novell-novlsas
dpkg --purge novell-novlsnmp
dpkg --purge novell-novlsubag
dpkg --purge novell-novlxis
dpkg --purge novell-npkiapi
dpkg --purge novell-npkit
dpkg --purge novell-ntls
dpkg --purge novell-pkiserver
dpkg --purge novell-nmas-methods
dpkg --purge google-perftools
rpm -ev --nodeps novell-NDSbase
rpm -ev --nodeps novell-NDScommon
rpm -ev --nodeps novell-NDSimon
rpm -ev --nodeps novell-NDSserv
rpm -ev --nodeps nici
rpm -ev --nodeps novell-NOVLsnmp
if [ -d /var/opt/novell ]
then
echo "removing /var/opt/novell..."
rm -rf /var/opt/novell
rm -rf /var/novell/nici
fi
if [ -d /opt/novell/eDirectory ]
then
echo "removing /opt/novell/eDirectory..."
rm -rf /opt/novell/eDirectory
fi
if [ -d /etc/opt/novell ]
then
echo "removing /etc/opt/novell..."
rm -rf /etc/opt/novell
fi
#clean up nici
if [ -d /var/novell/nici ]
then
echo "removing /var/novell/nici..."
rm -rf /var/novell/nici
fi
if [ -f /var/novell/nici ]
then
echo "removing /var/novell/nici..."
rm -rf /var/novell/nici
fi
# remove link for /bin/awk
if [ -f /bin/awk ]
then
echo "removing /bin/awk..."
rm -f /bin/awk
fi
--------------- nds-uninstall-88-deb --------------- Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.
Related Articles
User Comments
- Be the first to comment! To leave a comment you need to Login or Register
- 8187 reads
0