1. install fedora core 8
2. install all libraries
3. turn off/disable selinux
4. as root add server IP and host name to /etc/hosts
5. yum update
6. cd /etc/yum.repos.d
7. yum install fedora-ds
8. open ports in firewall
389 (ldap), 636 (ldaps), 9830(admin fds) tcp/udp
a. would you like to continue setup? yes (defualt)
b. user agreement? yes (no is default)
c. listing of warnings and issues. yes (no default)
d. setup style (1. express 2. typical 3. custom) 2 (default)
e. "enter the fully qualified domain name of the computer on which you'resetting up server software. Using the form <hostname>.<domainname> Example: eros.example.com. (default is the name entered during setup of the OS)
f. The servers must run as a specific user in a specific group. It is strongly recommended that this user should have n o provililedges on the computer (i.e. non-root user). the seup procedure will give this user/group some permissions in specific paths/files to perform server-specific operations.
if you have not yet created a user and group for the servers, create this user and group using your native operating system utilities. (defulat is nobody) FDS (user, group)
g. do you want to register this software with an existing configuration direcoty server? (defualt no) no
h. admin defualt ID for directory server then standard server admin password
i. administration domain is ????
j. 389 is defualt port for LDAP
k. Each instance of a direcoty server requires a unique identifier. this identifier is uesed to name the various instance specific files and directories in the file system, as well as for other uses as a server instance identifier. Direcoty server identifier: (default is the logical name assigned during install of the OS)
l. The suffix is the root of your directory tree. the suffix must be a valid DN. It is recommended that you use the dc=domaincomponent suffix convention. for example, if your domain is example.com, you should use dc=example,dc=com for your suffix. setup will create this initial suffix for you, but you may have more than one suffix. use the directory server utilities to create additional suffixes. (defualt will be dc=name given during OS install)
m. Certain direcoty server operations require an administrator user. this user is referred to as the direcoty manager and typically has a bind Distinguished Name (DN) of cn=Directory Manager. You will also be prompted for the password for this user. The password must be at least 8 characters long, and contain no spaces. Directory Manager DN: (defualt is cn=Directory Manager) password is standard server password
n. administration port = default port 9830
o. the interactive phase is complete. the script will now set up your servers. Entern No or go Back if you want to change something. Are you ready to set up your servers? (dfault is yes)
p. creating directory server ...
Your new DS instance 'test-fds' was successfuly created . . .
Creating the configuration direcotry server . . .
Begining Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration direcoty server . . .
Updating adm.conf with information from configration direcoty server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
output: httpd.worker: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
The admin server was successfully started.
Admin server was successfully created, configured, and started.
Exiting . . .
Log files '/tmp/setupbh62MK.log'
dirsrv and dirsrv-admin services are NOT set to spawn at boot.
console is located in /usr/bin/ directory file name is fedora-idm-console. to run the console will need user name, password and url which in this case is admin/password/test-fds:9830 once inside console go to the direcotry server > under "test-fds" there are three "OUs" Groups, People, Special Users. Need to create a fourth one called PosixGroup. What is to be in there is the GID that matchs of every user you create in the People OU (GID=UID). after account is created in the People OU go to the PosixGroup OU and create new "other" and select from the list "posixgroup". Full name "name of account" gidnumber "same as in the posix account gid"
verified dirsrv and dirsrv-admin is running
was able from the client ping server
time is less than 5 minutes difference
ran on server ldapsearch -x -h test-fds -p 389 -s base -b "" "objectclass=*" with success
the issue here is on the I say authenticate put the dc=blah and ldap://ip like listed below
checked /etc/ldap.conf on client and found the base dc=test-fds uri ldap://ip address/
checked /etc/nsswitch.conf and found the passwd, shadow, group and netgroup with ldap on them
but am unable to log in to the PC with the accounts created on the server....how can I verify that the client is reaching the server for I am unable to verify it is an issue with the server or an issue with the client.