From 389 Directory Server

Installing Directory Server Web Apps

The three Fedora Directory Server web apps (Directory Server Gateway, Directory Express, and Org Chart) are installed separately from the Directory Server itself. After installing and configuring the Directory Server and Administration Server, then you can set up the web applications.

Supported Platforms for Directory Server Web Apps

The Directory Server web apps are supported on Fedora 7 and later.

Before Installing the Gateway

There are two security issues when using the web apps: the bind credentials used for accessing the Directory Server Gateway and the user as which the Directory Server Gateway HTTP server process runs.

• The web app configuration files can use a binddnfile parameter which gives the bind DN and bind password used to permit non-anonymous searching of the directory. The binddnfile should not be stored in the configuration directory (such as /etc/dirsrv/dsgw) or in any directory that can be accessed over HTTP.
• Do not run any web applications on an Administration Server that is running as root. This may expose sensitive information about the configuration of the Directory Server.

Additionally, the Administration Server must be local to the web applications.

Installing the Directory Server

Installing the Directory Server is described in the FDS Install Guide; the basic procedure is outlined here. Both the Directory Server and Administration Server must be set up before you can set up the web apps.

1. Install the Directory Server packages.
   yum install fedora-ds-base fedora-ds-admin
2. After the Directory Server packages are installed, run the setup-ds-admin.pl script to set up the default Directory Server instance and the Administration Server.
   /usr/sbin/setup-ds-admin.pl

Setting up the Web Apps

After the Directory Server is configured and a local Administration Server is available, then install and configure the web apps. The web apps packages include the Directory Server Gateway, Directory Express, and Org Chart.

NOTE The web applications must be installed on the same machine as the Administration Server; they depend on the Administration Server for their web server. By default after their initial setup, the web applications will point to the local Directory Server, but they can be configured to work with any Directory Server, even remote ones.

1. Install the Directory Server Gateway package.
   yum install fedora-ds-dsgw
2. Run the setup-ds-dsgw script to set up the default instances of the Directory Server Gateway, Directory Express, Org Chart, and Admin Express. The setup-ds-dsgw script is in the /usr/sbin directory.
   setup-ds-dsgw

This shell script will configure the Directory Server
Gateway, Phonebook and Org Chart web applications to
work with the Administration Server.

Reading parameters from Administration Server config . . .
Using Administration Server URL http://ldap.example.com:9830 . . .
Reading parameters from Directory Server /etc/dirsrv/slapd-ldap . . .
Using Directory Server URL ldap://ldap.example.com:389/dc=example, dc=com . . .
Generating config file /etc/dirsrv/dsgw/dsgw.conf . . .
Generating config file /etc/dirsrv/dsgw/pb.conf . . .
Generating config file /etc/dirsrv/dsgw/orgchart.conf . . .
Generating config file /etc/dirsrv/dsgw/default.conf . . .
Generating the credential database directory . . .
Adding configuration to httpd config file /etc/dirsrv/admin-serv/httpd.conf . . .
Enabling links to web apps from Administration Server home page . . .

The Directory Server Gateway web applications have been successfully configured.
You will need to restart your Administration Server.

3. Restart the Administration Server. For example:
   service dirsrv-admin restart

Opening the Web Apps

To open a menu of every web application, go to the Administration Server URL. For example:
http://ldap.example.com:9380/
Then, select the web app from the list.

To access a specific gateway instance, use the Administration Server URL with the gateway instance directory. For example:
http://ldap.example.com:9380/dsgwcmd/lang?context=example

Looking at Web App Configuration Files

The command /usr/sbin/setup-ds-dsgw configures the Directory Server Gateway and the other web apps to use the Administration Server. This script also writes all of the we app configuration files to /etc/dirsrv/dsgw. The setup script attempts to determine the appropriate Directory and Administration Servers to use from the files in /etc/dirsrv/slapd-* and /etc/dirsrv/admin-serv.

There are four main web app configuration files for the Directory Server Gateway, Directory Server Express, and Org Chart applications. (Admin Express uses the Admin Server configuration, not a separate configuration file.)

Creating Multiple Gateway Instances

There can be more than one Directory Server Gateway instance; multiple Directory Server Gateway instances can access the same directory data without conflicts or multiple instances can run on the same Administration Server and contact different Directory Server instances.

To access a specific gateway instance, use the Administration Server URL with the gateway instance directory. For example:
http://ldap.example.com:9380/dsgwcmd/lang?context=example

To create a new instance of the Directory Server Gateway, copy the configuration files for an existing instance (the /usr/share/dirsrv/dsgw/html and /usr/share/dirsrv/dsgw/config directories and /etc/dirsrv/dsgw/dsgw.conf file), and then edit a few parameters in the /etc/dirsrv/dsgw/dsgw.conf file to reflect the new locations:

1. Copy and rename the dsgw.conf file.
2. Set the gwnametrans parameter so that it provides a mapping reference to the new HTML directory. For example:
   gwnametrans /example/
3. Set up the configuration file, such as setting the login timeout length, anonymous searching (binddnfile), and localization. Also, edit the Directory Server parameters if the new Gateway will access a different Directory Server instance.
4. Copy an HTML directory, such as /usr/share/dirsrv/dsgw/html, for the new instance.
5. Copy a configuration directory, such as /usr/share/dirsrv/dsgw/config, for the new instance.
6. Edit the htmldir and configdir parameters in the new .conf to point to the new HTML and configuration directories.
   htmldir /usr/share/dirsrv/dsgw/example-html
configdir /usr/share/dirsrv/dsgw/example-config

TIP! It's possible to use the same HTML and configuration directories for more than one Directory Server Gateway instance, which can simplify maintaining the page templates if the Gateways will have the same functionality and the only differences will be configured in the .conf file.

Restoring the Default Configuration

If the configuration is changed in a way that keeps the web apps from working, or if you just want to restore the default settings, it is possible to run the setup script again. By default, setup-ds-dsgw will not overwrite an existing installation. However, if you remove the configuration files (dsgw.conf, pb.conf, and orgchart.conf in /etc/dirsrv/dsgw), the the setup script will restore the defaults.

Alternatively, run the setup-ds-dsgw script again with the -r option, which overwrites the edited configuration files with the default settings. For example:
setup-ds-dsgw -r

CAUTION! Forcing the setup-ds-dsgw script to recreate the default configuration overwrites all changes you have made to the web app configuration files. This does not recreate changes made to the Admin Express files.

See Also

• Back to the overview
• Directory Server Gateway
• Directory Express
• Org Chart
• Admin Express
• Help with basic HTML editing
• DSML gateway