15 Setting Up IBM Tivoli Directory Server 6.x

This chapter contains the following sections:

15.1 IBM Tivoli Directory Server Commands

Table 15-1 IBM Tivoli Directory Server Commands

Action Command

Starting an instance

<LDAP Install directory>/sbin/idsslapd -I <instance name>

Stopping an instance

<LDAP Install directory>/bin/ibmdirctl stop -h localhost -D cn=root -w <password for cn=root>

Checking an instance

<LDAP Install directory>/bin/ibmdirctl status -h localhost -D cn=root -w <password entered for cn=root>

Displaying list of instances

<LDAP Install directory>/sbin/idsilist

Loading the instance administration tool

<LDAP Install directory>/sbin/idsxinst

Loading the configuration tool for an instance

<LDAP Install directory>/sbin/idsxcfg -I <name of instance>

15.2 Before Installing IBM Tivoli Directory Server

  1. Create the following group: idsldap

  2. Create a user for the LDAP instance and write down the password, for example, ldapdb2. This password will be used in step 7 of Section 15.3, "Installing IBM Tivoli Directory Server."

  3. Check that pdksh is installed.

15.3 Installing IBM Tivoli Directory Server

  1. Download the Tivoli Directory Server from IBM.

  2. Unzip the archive into a temporary directory.

  3. Go to the temporary directory and run (Figure 15-1):

    ./install_ldap_server.

    Figure 15-1 IBM Tivoli Directory Server Installation

    Description of Figure 15-1 follows
    Description of ''Figure 15-1 IBM Tivoli Directory Server Installation''

  4. When the installation dialog box appears, select your language (Figure 15-2) and click OK.

    Figure 15-2 IBM Tivoli Directory Server Dialog Box

    Description of Figure 15-2 follows
    Description of ''Figure 15-2 IBM Tivoli Directory Server Dialog Box''

  5. Click Next (Figure 15-3).

    Figure 15-3 IBM Tivoli Directory Server - Welcome

    Description of Figure 15-3 follows
    Description of ''Figure 15-3 IBM Tivoli Directory Server - Welcome''

  6. On the "License Agreement" screen (Figure 15-4) select I Accept the terms in this license agreement, then click Next.

    Figure 15-4 Software License Agreement

    Description of Figure 15-4 follows
    Description of ''Figure 15-4 Software License Agreement''

  7. On the first configuration screen (Figure 15-5), fill in the fields:

  8. On the second configuration screen (Figure 15-6), fill in the fields:

    1. Administrator password: Enter a password and remember it. This password will re-occur throughout the configuration and will be referred to as sn=root.

    2. User-defined suffix: dc=<domain>,dc=<ext> For example, if your domain is example.com, then the User-defined suffix should read: dc=example,dc=com.

    3. Confirm that the Local hostname is correct.

    4. Click Next.

      Figure 15-6 Database Information Continued

      Description of Figure 15-6 follows
      Description of ''Figure 15-6 Database Information Continued''

  9. On the third configuration page (Figure 15-7):

    1. Fill in the fields:

      • SSL key file password: Enter a password for SSL.

      • Non-SSL port: Confirm the Non-SSL port value is set to 389. If the Non-SSL has been changed, use the new value when installing WebCenter Sites.

    2. Click Next.

      Figure 15-7 Database Information Continued

      Description of Figure 15-7 follows
      Description of ''Figure 15-7 Database Information Continued''

  10. Confirm that enough disk space exists for the installation to succeed (Figure 15-8) and click Next.

  11. Review the summary (Figure 15-9) and click Next.

    Figure 15-9 Configuration Options Review

    Description of Figure 15-9 follows
    Description of ''Figure 15-9 Configuration Options Review''

  12. Wait for the installer to finish (Figure 15-10).

    Figure 15-10 IBM Tivoli Directory Server Installation in Progress

    Description of Figure 15-10 follows
    Description of ''Figure 15-10 IBM Tivoli Directory Server Installation in Progress''

  13. Click Finish. The installation is now complete (Figure 15-11).

    Figure 15-11 IBM Tivoli Directory Server Installation Completed

    Description of Figure 15-11 follows
    Description of ''Figure 15-11 IBM Tivoli Directory Server Installation Completed''

15.4 Configuring Tivoli Directory Server

Note:

Only IBM TDS with sha encryption is supported by WebCenter Sites.

  1. In a text editor open:

    /home/<ldap user>/idsslapd-<ldap user>/etc/ibmslapd.conf.

  2. Search for the ibm-slapdPwEncryption parameter and change the value to sha.

  3. Save the change in the text editor.

Completing and Verifying the LDAP Configuration

  1. Start the IBM TDS instance:

    <LDAP Install directory>/sbin/idsslapd -I <instance name>

  2. Start the IBM TDS instance configuration tool (your display (Figure 15-12) must be set in order to continue the configuration process):

    <LDAP Install directory>/sbin/idsxcfg -I <name of instance>

    Figure 15-12 IBM Tivoli Directory Server Configuration Tool

    Description of Figure 15-12 follows
    Description of ''Figure 15-12 IBM Tivoli Directory Server Configuration Tool''

  3. Select Manage suffixes (Figure 15-13).

    Figure 15-13 IBM Tivoli Directory Server Configuration Tool - Manage Suffixes

    Description of Figure 15-13 follows
    Description of ''Figure 15-13 IBM Tivoli Directory Server Configuration Tool - Manage Suffixes''

  4. Make sure the User-defined suffix that was specified during installation appears in the list, then click OK.

Importing an LDIF file (LDAP Browser)

  1. Start the IDM TDS instance:

    <LDAP Install directory>/sbin/idsslapd -I <instance name>

  2. Connect to IBM TDS using the LDAP browser, for instructions see Section 15.5, "Connecting to IBM TDS Using the LDAP Browser".

  3. Select: dc=<domain>,dc=<ext>. Click the LDIF menu, and select Import (Figure 15-14).

    Figure 15-14 LDAP Browser\Editor - Import

    Description of Figure 15-14 follows
    Description of ''Figure 15-14 LDAP Browser\Editor - Import''

  4. Click the Add only button (Figure 15-15).

  5. Browse to the LDIF file <cs_install_dir/ldap>/tivolildap.ldif (Figure 15-16) and click OK.

  6. Click Import.

    Note:

    The root entry will fail to import because it already exists, but all others will import successfully.

  7. Click OK (Figure 15-17).

    Figure 15-17 LDIF Import - Finished

    Description of Figure 15-17 follows
    Description of ''Figure 15-17 LDIF Import - Finished''

Importing an LDIF file (Configuration Tool)

  1. Convert the LDIF file to UNIX format using the dos2unix utility.

    • Linux: dos2unix <tivolildap.ldif>

    • Solaris: mv tivolildap.ldif > tivolildap2.ldif dos2unix tivoli.ldap2.ldif > tivolildap.ldif

  2. Stop the IBM TDS instance:

    <LDAP Install directory>/bin/ibmdirctl stop -h localhost -D cn=root -w <password for cn=root>

  3. Start the IBM TDS instance configuration tool (your display must be set in order to continue with the import process):

    <LDAP Install directory>/sbin/idsxcfg -I <name of instance>

  4. Select Import LDIF data (Figure 15-18).

    Figure 15-18 Path and Name of the LDIF File on the LDAP Server

    Description of Figure 15-18 follows
    Description of ''Figure 15-18 Path and Name of the LDIF File on the LDAP Server''

  5. Click Browse.

  6. Browse to the LDIF file (Figure 15-19) you wish to import and click OK.

    Figure 15-19 Browse Dialog Box

    Description of Figure 15-19 follows
    Description of ''Figure 15-19 Browse Dialog Box''

  7. Click Import (Figure 15-20).

  8. Click OK when the import is complete (Figure 15-21).

    Figure 15-21 Information Dialog Box

    Description of Figure 15-21 follows
    Description of ''Figure 15-21 Information Dialog Box''

Adding Users and ACLs using an LDIF file

  1. Create a blank LDIF file (for example, addstuff.ldif).

  2. For each user that you wish to add, add the following to the LDIF file:

    dn: uid=<User_Name>,cn=users,dc=<domain>,dc=<ext>
userPassword: <password>
uid: <User_Name>
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: <User_Name>
cn: <User_Name>

  3. For each ACL you wish to add, add the following to the LDIF file:

    dn: cn=<ACL Name>,cn=groups,dc=<domain>,dc=<ext>
objectClass: top
objectClass: groupOfNames
member: uid=<User_Name 1>,cn=users,dc=<domain>,dc=<ext>
member: uid=<User_Name 2>,cn=users,dc=<domain>,dc=<ext>
.
.
.
member: uid=<User_Name n>,cn=users,dc=<domain>,dc=<ext>

  4. Import the LDIF file by following the steps in Section 15.4, "Importing an LDIF file (LDAP Browser)" or Section 15.4, "Importing an LDIF file (Configuration Tool)."

15.5 Connecting to IBM TDS Using the LDAP Browser

  1. Download and install the LDAP browser.

  2. Start the LDAP browser:

    ./lbe.sh

  3. Fill in the required fields:

    • Host: Enter the IP or hostname of IBM TDS.

      Note:

      The default port which IBM TDS runs on is 389.

    • Port: Enter the port on which IBM TDS is running.

    • Base DN: Enter the user-defined suffix that was entered during the installation of IBM TDS (see step 8 for more information about the User-defined suffix).

    • Anonymous bind: Deselect the check box

    • User DN: Enter cn=root

    • Password: Enter the password for cn=root (Figure 15-22).

      Figure 15-22 Edit Session Dialog Box

      Description of Figure 15-22 follows
      Description of ''Figure 15-22 Edit Session Dialog Box''

  4. Click Save (Figure 15-23).

    Figure 15-23 LDAP Browser\Editor

    Description of Figure 15-23 follows
    Description of ''Figure 15-23 LDAP Browser\Editor''