Introduction to IBM Tivoli Directory Server 6.0 – Installation and Configuration Using AIX Native Utilities Excerpt taken from presentation given on April 10, 2007Creating an IBM Tivoli Directory Server instance after performing an installation using AIX native utilities Introduction to IBM Tivoli Directory Server 6.0 – Installation and Configuration Using AIX Native Utilities Excerpt taken from presentation given on April 10, 2007 Creating an IBM Tivoli Directory Server instance after performing an installation using AIX native utilities User and Group Setup User and Group Setup We are now ready to being our configuration of the ITDS server. Our first step is to configure an OS user and group to own the database instance. I am going to use smitty for this example to show an alternative form of user/group creation. Tasks: Create an db2 admin group (nativegr) and add root as a member of that group Create an instance owner (nativein) and add user to primary group (nativegr) Create a valid password for the user Verify the user can login Group Creation via smitty Group Creation via smitty To add the group we will again take advantage of smitty: #smitty group -> add a group -> In the Add A Group screen fill in group name and add root as a member to the group: Making sure that root and idsldap are members of this group It is important to add root and idsldap to this group. Group Creation via smitty Group Creation via smitty It is important to add root and idsldap to this group. Group Creation via smitty Group Creation via smitty It is important to add root and idsldap to this group. User Creation via smitty User Creation via smitty We will now use smitty to create the OS user which will server as our Database Instance owner. To do this we run: #smitty user -> add a user -> We need to make sure and add both the nativegr group but also the idsldap group to this user: Smitty user -> add a user -> Type or select values in entry fields. Press Enter AFTER making all desired changes. [TOP] [Entry Fields] * User NAME [nativein] User ID [] # ADMINISTRATIVE USER? false + Primary GROUP [nativegr] + Group SET [] + ADMINISTRATIVE GROUPS [] + ROLES [] + Another user can SU TO USER? true + SU GROUPS [ALL] + HOME directory [] Initial PROGRAM [] User INFORMATION [] EXPIRATION date (MMDDhhmmyy) [0] Setting the user password via smitty Setting the user password via smitty In order to configure ITDS our instance owner (nativein) must have a valid password set and the ADMCHG (admin change flag) removed so the user is ready to login with that password. 1.) To change the Password -> smitty user -> change a users password -> nativein -> enter the new password 2.) vi /etc/security/passwd -> search for nativein entry and remove the flags=ADMCHG nativein: password = 6YYm6vOlpNoJk lastupdate = 1175371345 flags = ADMCHG ? Remove this line Configuration – idsicrt / idscfgdb Configuration – idsicrt / idscfgdb We now have our User and Group created and we are ready to create our database instance and then configure our database for use with ITDS. To configure the instance we run: #idsicrt -I nativein -e seedfornativein -p 10389 -s 10636 -a 3550 -c 3553 -t nativein -l /home/nativein Note: It is VERY important that the value used for your seed be written down and stored as there is no way to recover this value. Configuration – idsicrt flags Configuration – idsicrt flags Flags used in this example: -I nativein The Instance name -e seedfornativein The encryption seed -p 10389 The port ibmslapd will run on -s 10636 The SSL port for ibmslapd -a 3550 The Admin Daemon port -c 3553 The SSL Admin Daemon port -t nativein The Instance Name -l /home/nativein The location for the instance Idsicrt prompts and output Idsicrt prompts and output When we issue the command it will present the following output GLPICR020I A new directory server instance 'nativein' will be created. GLPICR057I The directory server instance will be created at: '/home/nativein'. GLPICR013I The directory server instance's port will be set to '10389'. GLPICR014I The directory server instance's secure port will be set to '10636'. GLPICR015I The directory server instance's Admin Daemon port will be set to '3550'. GLPICR016I The directory server instance's Admin Daemon secure port will be set to '3553'. GLPICR019I The description will be set to: 'IBM Tivoli Directory Server Instance V6.0'. GLPICR021I Database instance 'nativein' will be configured. Do you want to.... (1) Continue with the above actions, or (2) Exit without making any changes:1 ? Select 1 Idsicrt – A successful configuration: Idsicrt – A successful configuration: Configuring the database - idscfgdb Configuring the database - idscfgdb Once our database instance has been created we are now ready to configure the database for use with ITDS. We will run the following command: #idscfgdb -I nativein -a nativein -w ******** -t nativein -l /home/nativein For simplicity sake I named each of my variables the same, in the next slide we will discuss what each flag does. idscfgdb – flags idscfgdb – flags The flags for the idsicrt command used in the previous example: -I nativein The Instance name -a nativein The Instance owner -w ****** The Instance owners password -t nativein The database name -l /home/nativein The database location idscfgdb – Prompt idscfgdb – Prompt When we issue the command we will be presented with the following: GLPCDB023I Database 'nativein' will be configured. GLPCDB024I Database 'nativein' will be created at '/home/nativein' Do you want to.... (1) Continue with the above actions, or (2) Exit without making any changes:1 ? Select 1 idscfgdb – A successful database config idscfgdb – A successful database config Copyright and trademark information Copyright and trademark information © Copyright IBM Corporation 2000 - 2007. All rights reserved. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM web site pages may contain other proprietary notices and copyright information which should be observed. IBM trademarks http://www.ibm.com/legal/copytrade.shtml#ibm Fair use guidelines for use and reference of IBM trademarks http://www.ibm.com/legal/copytrade.shtml#fairuse General rules for proper reference to IBM product names http://www.ibm.com/legal/copytrade.shtml#general Special attributions IBM, the IBM logo and DB2 are trademarks of International Business Machines Corporation in the United States, other countries, or both. MMX, Pentium, and ProShare are trademarks of Intel Corporation in the United States, other countries, or both. Microsoft and Windows NT are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product or service names may be trademarks or service marks of others.