|Ken Milberg, Site expert|
Red Hat Directory Server (RHDS) simplifies the management of LDAP (Lightweight Directory Access Protocol) and makes high availability attainable without a lot of sweat.
If you want great gains with little pain, check out this open source LDAP-compliant server, formerly known as the Netscape Directory Server like I did. Here are the results of my first encounter.
Before we start the RHDS tour, let's take a look at LDAP. It is, essentially an environment that centralizes application settings, user profiles and group data, policies and access control -type information in a network repository setting.
LDAP simplifies user management, since it eliminates the amount of data redundancy one would need if one had separate databases for this role. In addition, LDAP offers single sign-on access. This particular Red Hat release is fully supported on HP-UX and Solaris, besides Red Hat Linux. I'm not sure why there is no support for AIX, but I hope that will be added at some point.
Red Hat Directory Services' selling point is its high availability capabilities. For example, it supports four-way, master replication to prevent single points of failure. It also backs SNMP, allowing your network monitoring tools to utilize this service. I've found that it can scale very well.
So, let's begin. When I started up the server, I still saw the remnants:
[root@redken redhat-ds]# ./start-admin
Netscape-Enterprise/6.2 B04/18/2005 13:49
I installed RDHS on an Intel Pentium server running RHEL4. Basic installation of the software was simple and the package took less then one minute to install.
Configuration and start-up were next, and these processes were not as easy. Despite what is said in the official documentation, neither LDAP nor the admin server started after the install, and I had to search hard to actually figure out how to start both services.
I discovered that the setup script had to be run to get LDAP and the admin server going. It took me over an hour of looking around before I realized what was required because this script was nowhere to be found in any documentation that I saw. The documentation said to start LDAP by running start-slapd, but this script missing. For your information, this setup script is in the /opt/redhat-ds/setup directory. Later, I discovered that it is only installed after you run the setup script.
The setup script has three modes: express, typical and custom. Here's what you see:
Continue? (yes/no) yes
Please select the install mode:
1 - Express - minimal questions
2 - Typical - some customization (default)
3 - Custom - lots of customization
Please select 1, 2, or 3 (default: 2)
I installed LDAP with both the express and typical modes. I would recommend typical, as it starts LDAP and the admin service and appears to do a better job of choosing the correct ports and other settings.
I ran into another problem with the install process. While running the management console after finishing LDAP, I received many different error messages. I finally realized that there was some sort of X11 display problem, which I ended up resolving by rebooting my system and then exporting the display properly.
Prior to resolving that issue, I was only able to log on to a different type of LDAP GUI that is more geared to the average user than the system administrator. This interface was accessible from my Firefox browser using this URL: http://localhost.localdomain:35863.
From that URL, one can view server status, do user searches, look at director org charts and view log files. There is only so much you can do from this GUI, and that's not necessarily a bad thing because you want to restrict access from a browser.
Here is what you see with the Red Hat Admin Express tool:
Once I got the management console up and running, I realized that it was worth the wait. It has a very nice graphical interface that lets you manage your entire LDAP environment. This display gives you a top-down view of your environment, as well as general information about the current status of LDAP:
It is important to know how to stop and start LDAP from the command line because there are no startup scripts available from Red Hat capable of easily configuring start-up and shutdown on boot. From an administrative standpoint, this is something that should be fixed.
The LDAP shutdown and start-up scripts are in the /opt/redhat-ds/slapd-whateveryourhostis directory. Mine is in /opt/redhat-ds/slapd-localhost. Besides having start-slapd and stop-slapd scripts, there is also a convenient monitor command that you can run from the command line that will give you all sorts of information. Of course you can also do everything from the console:
On the whole, I see that running RHDS is going to make managing LDAP easier as well as providing more tools to increase availability. The installation was a breeze and the configuration was straightforward. Hopefully, my tour will help you deal with setup scripts and resolve the display problem. I think Red Hat needs to do a better job explaining the setup script and improving their installation and configuration instructions. Other than that, I can say that I'm happy to have RHDS in my admin arsenal.
This was first published in November 2005