Install Guide For 389 Directory Server

Install the packages


If you are upgrading to 389-ds-base-1.4.x from 389-ds-base-1.3.x or 389-ds-base-1.2.11, you must first upgrade to 389-ds-base-1.3.7. Then you simply install the packages and restart the servers. 389-ds-base-1.4.x handles any upgrade steps needed during server startup, so there is no need to run an “upgrade” script.

For help upgrading to the latest version of 389-ds-base-1.3.x see the old Install_Guide

Create an instance of Directory Server

The new python installer dscreate takes a configuration file (INF file) to load the instance configuration settings. This INF file is very similiar to the silent install file used in previous versions of Directory Server, but the format has changed.

The setup can can create a template INF file for you and then you must set the options for your set up.

dscreate example > /tmp/instance.inf

Here is a snip of the template file

# instance_name: The name of the instance. Cannot be changed post installation.
# type: str
instance_name = localhost

# log_dir: The location where Directory Server will write log files. You should not need to alter this value.
# type: str
; log_dir = /var/log/dirsrv/slapd-{instance_name}

# port: The TCP port that Directory Server will listen on for LDAP connections.
# type: int
; port = 389

Every setting has a default value. To customize any of the settings remove the preceding semi-colon from the directive, and set the desired value. Then you are ready to create your instance:

dscreate fromfile /tmp/instance.inf

INF File Examples

Here is an example of the bare minimum you need in the install file to create an instance. If you you just want the defaults then this is all you need:

config_version = 2
full_machine_name = localhost.localdomain

instance_name = localhost

Here’s another exmaple with customization. Note - you now have the option to create a self signed certificate database as well

config_version = 2
full_machine_name = localhost.localdomain

instance_name = localhost
root_dn = cn=manager
port = 3890
secure_port = 636
self_sign_cert = True

Removing an instance

For completeness here is how you remove an instance:

dsctl <YOUR INSTANCE NAME> remove --doit

dsctl localhost remove --doit

Installing Cockpit UI Plugin

To start using the new UI you just need to enable the cockpit service:

Open up firewall for port 9090 (if necessary)

# firewall-cmd --add-port=9090/tcp
# firewall-cmd --permanent --add-port=9090/tcp

Enable Cockpit

# systemctl enable cockpit.socket
# systemctl start cockpit.socket

The UI is using LDAPI for authentication to the Directory Server. So logging into Cockpit as root is the same as logging in as “cn=Directory Manager”. This also means that if you are upgrading to 389-ds-base-1.4.0, you must enable the LDAPI socket in the Directory Server before you can start using the UI. For more information please see:

Here is an example

# ldapmodify -D "cn=directory manager" -W
dn: cn=config
changetype: modify
replace: nsslapd-ldapilisten
nsslapd-ldapilisten: on
add: nsslapd-ldapifilepath
nsslapd-ldapifilepath: /var/run/slapd-localhost.socket

# restart-dirsrv

The Cockpit UI is not fully functional yet and it just in a DEMO mode for now. We are actively working on finishing it asap as it will be replacing the old Java Console (389-console) in Fedora 28 and up.

Last modified on 11 June 2018