1. Concept
IBM's tivolidirectory server is IBM's
Directory Access Protocol (LDAP), which can be installed and configured across platforms. TDS provides a server for storing directory information using the DB2 database, a proxy server that routes LDAP operations to other servers, a client, and a graphical interface for managing servers, A graphical interface for managing users.
2. Installation on Linux
1) First, check whether the DB2 version on the machine matches the TDS version to be installed. You can also use the db2_install program to install the DB2 version that comes with TDs. When keyword is entered at the end of the installation, enter ese. After installation, check/tmp/db2_install_log.99999 to check whether the installation is successful. 99999 is the random number generated by the installation.
2) install proxy server or fulldirectory Server
Log On As root and install the following two packages (32bit machines ):
Rpm-ihv idsldap-cltbase62-6.2.0-0.i386.rpm
Rpm-ihv idsldap-clt32bit62-6.2.0-0.i386.rpm
To install proxy server, install the following four packages:
Rpm-ihv idsldap-cltjava62-6.2.0-0.i386.rpm
Rpm-ihv idsldap-srvbase32bit62-6.2.0-0.i386.rpm
Rpm-ihv idsldap-srvproxy32bit62-6.2.0-0.i386.rpm
Rpm-ihv idsldap-ent62-6.2.0-0.i386.rpm
To install fulldirectory server, install the following four packages:
3) Confirm that the installation is correct:
Rpm-Qa | grep idsldap
4) install the Language Pack:
Rpm-ihv idsldap-msg62-en-6.2.0-0.noarch.rpm
English: rpm-ihv idsldap-msg62-zh_CN-6.2.0-0.noarch.rpm
5) install the client:
Rpm-ihv idsldap-cltbase62-6.2.0-0.i386.rpm
Rpm-ihv idsldap-clt32bit62-6.2.0-0.i386.rpm
6) install Web Administration Tool
Rpm-ihv idsldap-webadmin62-6.2.0-0.i386.rpm
2. Create and manage instances:
The instance administration tool can be used to configure the directory server in a graphical interface. in Linux, its path is
/Opt/IBM/ldap/v6.2/sbin/idsxinst
You can also use the command line
1) create a default instance:
First, you must understand the attributes of the default instance, which cannot be changed: (6.1 is different from this)
Name: dsrdbm01
Instance location:/home/dsrdbm01. (on Solaris systems, thisdirectory is/export/home/dsrdbm01 .)
Group Name: dbsysadm
Administratordn: Cn = root
Database Name: dsrdbm01
1>/opt/IBM/ldap/v6.2/sbin/idsxinst to open the management tool.
2> Create-> create default instance createdefault instance
3> enter the password in user password, and then confirm that the encryption seed field is filled with a set of strings to generate the AES encryption key value. Strings comply with the following rules:
ASCII characters with values in the range of 33 to 126, andmust be a minimum of 12 anda maximum of 1016 characters in length.
4> enter the administratordn password. For the default instance, the management dn is root, where you need to specify a password.
5> finish
2) create an instance (you specify the settings)
0. Create a user and add it to the idsldap group.
Adduser xxx
Usermod-a-g root idsldap
1>/opt/IBM/ldap/v6.2/sbin/idsxinst to open the management tool.
2> Create-> Create a newdirectory server instance (if you want this directory server instance to act as a proxy server instance, select set up as proxy)
3> in user name, if you want to use users in the system, select; otherwise, create a user (create a directory under home and then create a group ).
Do not use any username with uppercase letters.
Add root to primary
4> generally, the instance location is in the user directory you specified in home.
5> encryption seedstring fill in a string
6> use encryption salt value if you want to migrate and want the directory server instance to be encrypted and synchronized with the instance you migrated, or encrypted and synchronized with other Directory Server instances, select. Encryption salt string is analogous to encryption seedstring.
7> the instance description is optional.
8> you can use the default TCP/IP Port.
9> You can also select the default administratordn
10> select an existing database and enter 1-8 characters in Database Name.
11> select Character Set
12> finished
Create an instance under the command line:
Create an instance myinst, port 389, Security Port 636, and encrypt the seed mysecretkey !, Encryption salt is mysecretsalt, and DB2 instance is myinst.
0. Create a user and add it to the idsldap group.
Adduser xxx
Usermod-a-g root idsldap
1. idsicrt-I testtds-P 389-s 636-e mysecretkey! -G mysecretsalt-tdbinst
Where database is a database instance, the Instance name must be an existing user Idon the machine andmust be no greater than 8 characters in length.
2. idsdnpw-I testtds-P 12345678
The password is 12345678.
3. idscfgdb-I testtds-adbinst-W 12345678-T TDS-L/home/dbinst
Configure the connected database.
3) Enable or stop the Directory Server or directory server instance
For instances:
Idsslapd-I InstanceName
Idsslapd-I InstanceName-K
For the entire server:
Idsdiradm-I InstanceName
Idsdiradm-I InstanceName-K (local operations only)
Ibmdirctl-D-w-H
-P admstop
(Local and remote operations can be performed)
4) Modify TCP/IP Settings:
This command mainly uses idssethost. For details, refer to IBM tivolidirectory server version 6.2 commandreference.
5) view the information of the TDS instance:
This command mainly uses idsilist. For details, refer to IBM tivolidirectory server version 6.2 commandreference.
6) delete a TDS instance:
Idsidrop-I InstanceName
If you want to destroy the associated DB2 database instance, use:
Idsidrop-I InstanceName-R
7) cancel the association between a TDS instance and a DB2 instance idsucfgdb-n-I myinstance
8) Graphical configuration instance
IBM tivolidirectory Server Configuration Tool
Start command idsxcfg-I InstanceName
9) change the password of the database owner
Idscfgdb-I testtds-W newpasswrd
10) Back up data:
For a fulldirectory server: Use idsdbback
Idsdbback-I testtds-k/backupdir
For proxy servers, use migbkup. This command does not back up data.
Migbkup/home/idsinst/idsldap-testtds // home/tdsbkup
This is because the proxy server does not have a database connection and data cannot be backed up without any need.
For a fulldirectory Server:
Idsdbrestore-I ldapdb2-k/backupdir
For proxy servers:
Idsdbrestore-I-K-X-n
11) enable or disable the change log:
Idscfgchglg command
12) Set automatic loading:
Add the following to the inittab file:
Srv1: 2345: On
CE:/opt/IBM/ldap/v6.2/sbin/ibmslapd-I SERVER_NAME>/dev/null 2> & 1
The format is ID: runlevels: Action: process.
Among them, ID is 1-4 uid, runlevel is the system startup level, action is the action, and process is the relevant process.
13. Modify the DN and password of the primary administrator:
Idsdnpw-u-p
14. monitor server status
Idsldapsearch-H-p-B Cn = Monitor-S base bjectclass = *
15. view system capacity information
A rootdse entry contains a new LDAP server instance, which can be queried through a rootdse search.
Lists the attributes and values of rootdse, the capacity supported and enabled by oids, and the scaling and control modes supported by oids:
Idsldapsearch-S base-B "" bjectclass = *
List the capacity currently supported by the system:
Idsldapsearch-S base-B "" bjectclass = * IBM-supportedcapabilities
List the current available system capacity:
Idsldapsearch-S base-B "" bjectclass = * IBM-enabledcapabilities
16. Check the server connection status:
View the connection status:
Idsldapsearch-D-w-h-P
-B Cn = connections, Cn = Monitor-S base bjectclass = *
End a connection event:
Specify DN: idsldapexop-D-w-op unbind-DN Cn = John
Specified IP: idsldapexop-D-w-op unbind-IP 9.182.173.43
End a specified dn on the specified IP Address:
Idsldapexop-D-w-op unbind-DN Cn = John-IP 9.182.173.43
End all connections:
Idsldapexop-D-w-op unbind-all
17. Manage Connection Properties
This function allows the Administrator to disable the client connection to prevent locking the server. It also allows the Administrator to always log on to the server when the backend is busy processing tasks.
Idsldapmodify-B-r-I/tmp/entrymod
The filename is a file, which is generally created under TMP. Examples of the content are as follows:
DN: Cn = Modify me, O = University of higher learning, c = us
Changetype: Modify
Replace: Mail
Mail: modme@student.of.life.edu
-
Add: Title
Title: grandpoobah
-
Add: jpegphoto
Jpegphoto:/tmp/modme.jpeg
-
Delete: Description
-