Novell Home

Installing eDirectory 8.8 SP2 as a Non-Root User

Novell Cool Solutions: AppNote
By Samuel Soares

Digg This - Slashdot This

Posted: 28 Nov 2007
 

Pre-Installation Tasks for eDirectory
Installing NICI as a Root User
Installing NICI as a Non-Root User
    Enabling a Non-Root User to Install NICI
    Installing NICI, Non-Root
Configuring eDirectory
    Installing eDirectory into a New Tree
    Installing eDirectory into an Existing Tree
Appendix: Delegating Administrative Tasks With sudo

Pre-Installation Tasks for eDirectory

1. Go to the directory where you want to install eDirectory.

2. Untar the tar file as follows:

tar xvf /<tar_file_name>

The etc, opt, and var directories are created.

Note: After you untar the tar file, you should use the install utility to Install eDirectory Components. For example:

./nds-install

Export the paths as follows to manually export the environment variables:

export LD_LIBRARY_PATH=/home/ssoares/eDirectory/opt/novell/eDirectory/lib:/home/ssoares/eDirectory/opt/novell/eDirectory/lib/nds-modules:/home/ssoares/eDirectory/opt/novell/lib:/opt/novell/lib:/opt/novell/eDirectory/lib:$LD_LIBRARY_PATH

export PATH=/home/ssoares/eDirectory/opt/novell/eDirectory/bin:/home/ssoares/eDirectory/opt/novell/eDirectory/sbin:/opt/novell/eDirectory/bin:$PATH

export MANPATH=/home/ssoares/eDirectory/opt/novell/man:/home/ssoares/eDirectory/opt/novell/eDirectory/man:$MANPATH

export TEXTDOMAINDIR=/home/ssoares/eDirectory/opt/novell/eDirectory/share/locale:$TEXTDOMAINDIR

Note: "custom_location" is defined here as "/home/ssoares"

The screens below show how to configure the ".profile" into vi /home/ssoares/.profile

Installing NICI as a Root User

NICI should be installed before you proceed with the eDirectory installation. Both root and non-root users can install NICI.

Sudo (superuser do) allows a root user to give certain users the ability to run some commands as root. A root user can do this by editing the /etc/sudoers configuration file and adding appropriate entries in it.

To install NICI as a root user, complete the following procedure:

1. Log in as root and enter the following command:

rpm -ivh /home/ssoares/eDirectory/nici-2.7.3-0.01.i386.rpm 

2. Execute the following script:

ln ?sf /var/opt/novell/nici /var/novell/nici
/var/opt/novell/nici/set_server_mode

Installing NICI as a Non-Root User

Non-root users can make use of the sudo utility to install NICI.

Note: Sudo (su "do") allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user, while logging the commands and arguments. Warning: sudo enables you to give limited root permissions to non root users. Therefore, it's strongly recommended that you understand the security implications before proceeding.

Enabling a Non-Root User to Install NICI

To enable a non root user (for example, ssoares) to install NICI, a root user needs to complete the following procedure:

1. Log in as root.

2. Edit the /etc/sudoers configuration file using the visudo command (note that there is no space between "vi" and "sudo" in the command).

3. Make an entry with the following information:

Username   hostname=(root) NOPASSWD: /bin/rpm

For example, to enable ssoares to run /bin/rpm as root on the hostname SLES10-ServerB, type the following:

ssoares  SLES10-ServerB=(root)  NOPASSWD: /bin/rpm
ssoares  SLES10-ServerB=(root)  NOPASSWD: /var/lib/rpm
ssoares  SLES10-ServerB=(root)  NOPASSWD: /etc/init.d

Installing NICI, Non-Root

A non root user (ssoares, in the example) needs to do the following to install NICI:

1. Log in as ssoares and execute the following command:

sudo rpm -ivh /home/ssoares/eDirectory/nici-2.7.3-0.01.i386.rpm

2. Execute the following script:

ln ?sf /var/opt/novell/nici /var/novell/nici
sudo /var/opt/novell/nici/set_server_mode

NICI is installed in the server mode.

Note: Ensure that SNMP subagent is installed using the command "rpm --nodeps ". If you want to use SLP and SNMP, ensure that they are installed by the root user.

Configuring eDirectory

You can configure eDirectory by installing into a new tree or into an existing tree.

The port numbers you enter need to be in the range 1024 to 65535. Port numbers below 1024 are normally reserved for the super-user and standard applications. Therefore, you cannot assume the default port 524 for any eDirectory applications.

This might cause the following applications to break:

  • Applications that don't have an option to specify the target server port
  • Other applications that use NCP and run as root for port 524

Installing eDirectory into a New Tree

Use the ndsconfig utility to installing eDirectory into a new tree as follows:

ndsconfig new -t SLES10_Tree -n ou=Servers.o=NTS -a admin.NTS -S SLES10-ServerB -d /home/ssoares/SLES10/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/ssoares/SLES10/var --config-file /home/ssoares/SLES10/nds.conf

Installing eDirectory into a New Tree

Use the ndsconfig utility to install eDirectory into an existing tree as follows:

ndsconfig add -t SLES10_Tree -n NTS -a admin.NTS -S SLES10-ServerB -d /home/ssoares/SLES10/data ?b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/ssoares/SLES10/var ?p 192.168.21.21:1025 --config-file /home/ssoares/SLES10/nds.conf

Appendix: Delegating Administrative Tasks With sudo

Sometimes it is necessary to allow a normal user access to a command that is usually reserved for root. For example, you might want a co-worker to take over tasks such as shutting down the computer and creating users while you are on vacation, without sharing the root password.

The default configuration of sudo in SLES 10 requires the knowledge of the root password. If you know the root password, you actually would not need to use sudo for administrative tasks. Its use has the advantage that the commands executed are logged to /var/log/messages. That means you do not need to retype the password for each command (as with su ?c command), because it is cached for some minutes by sudo.

You can change the configuration of sudo so it asks for the user password instead of the root password. To do this, put a comment sign (#) in front of the following two lines in /etc/sudoers, using the visudo command:

Using visudo, you can specify which commands a user can or cannot enter by configuring the file /etc/sudoers.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell