IT training using red hat console
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.41 MB, 102 trang )
Red Hat Directory Server
8.1
Using Red Hat Console
For Red Hat Directory Server
Ella Deon Lackey
Publication date: Released April 28, 2009
Using Red Hat Console
Red Hat Directory Server 8.1 Using Red Hat Console
For Red Hat Directory Server
Edition 8.1
Author
Copyright © 2009 Red Hat, Inc.
Ella Deon Lackey
Copyright © 2009 Red Hat, Inc.. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version of the OPL is presently
available at />Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United
States and other countries.
All other trademarks referenced herein are the property of their respective owners.
1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588 Research Triangle Park, NC 27709 USA
This guide provides background information that system architects and administrators need to successfully install and manage Red Hat Directory Servers in their enterprise. Read about Red Hat server
basics here before you begin installing and configuring servers in your enterprise.
Preface vii
1. Purpose of This Guide .............................................................................................vii
2. Examples and Formatting ........................................................................................vii
2.1. Command and File Examples ...............................................................................vii
2.2. Tool Locations .................................................................................................... viii
2.3. LDAP Locations .................................................................................................. viii
2.4. Text Formatting and Styles .................................................................................. viii
3. Additional Reading .................................................................................................. ix
4. Giving Feedback ...................................................................................................... x
5. Documentation History ............................................................................................ xi
1. Overview of Red Hat Console 1
1.1. How the Console, Directory Server, and Administration Server Work Together .......... 1
1.2. Red Hat Console Menus ........................................................................................ 4
1.3. Red Hat Console Tabs .......................................................................................... 5
1.3.1. The Servers and Applications Tab ....................................................................... 5
1.3.2. The Users and Groups Tab ................................................................................. 6
1.4. Server-Specific Consoles ....................................................................................... 7
1.4.1. The Directory Server Console ............................................................................. 7
1.4.2. The Administration Server Console ...................................................................... 9
2. Basic Tasks in the Red Hat Console 11
2.1. Installing the Console .......................................................................................... 11
2.2. Launching the Console ........................................................................................ 11
2.3. Opening a Directory or Administration Server Window ........................................... 13
2.4. Changing the Console Appearance ...................................................................... 14
2.4.1. Changing Profile Locations ............................................................................... 15
2.4.2. Restoring Default Font Settings ......................................................................... 16
2.4.3. Changing Console Fonts ................................................................................... 18
2.4.4. Reordering Table Columns ............................................................................... 20
2.4.5. Customizing the Main Window .......................................................................... 22
2.4.6. Working with Custom Views .............................................................................. 22
3. Managing Server Instances 29
3.1. Editing Domain, Host, Server Group, and Instance Information .............................. 29
3.2. Creating and Removing Admin Domains ............................................................... 30
3.2.1. Creating and Editing an Admin Domain .............................................................. 30
3.2.2. Removing an Admin Domain ............................................................................. 32
3.3. Creating a New Directory Server Instance ............................................................. 33
3.4. Deleting a Directory Server Instance ..................................................................... 34
4. Managing Directory Server Users and Groups 37
4.1. Searching for Users and Groups .......................................................................... 37
4.2. Creating Directory Entries .................................................................................... 39
4.2.1. Directory and Administrative Users .................................................................... 40
4.2.2. Groups ............................................................................................................ 43
4.2.3. Organizational Units ......................................................................................... 46
4.3. Modifying Directory Entries .................................................................................. 48
4.3.1. Editing Entries .................................................................................................. 48
4.3.2. Allowing Sync Attributes for Entries ................................................................... 49
4.3.3. Changing Administrator Entries ......................................................................... 50
4.3.4. Removing an Entry from the Directory ................................................................ 55
5. Setting Access Controls 57
5.1. Granting Admin Privileges to Users for Directory Server and Administration Server . 57
5.2. Setting Access Permissions on Console Elements ................................................ 60
v
Using Red Hat Console
6. Using SSL/TLS with Red Hat Console 67
6.1. Overview of SSL/TLS .......................................................................................... 67
6.2. Installing Certificates ........................................................................................... 69
6.2.1. Generating a Certificate Request ....................................................................... 69
6.2.2. Installing the Certificate ..................................................................................... 72
6.2.3. Trusting a Certificate Authority or Adding a Certificate Chain ............................... 75
6.3. Enabling TLS/SSL ............................................................................................... 78
6.4. Creating Password Files ...................................................................................... 85
6.4.1. Creating a Password File for the Directory Server ............................................... 85
6.4.2. Creating a Password File for the Administration Server ....................................... 85
Index 89
vi
Preface
Welcome to the Managing Servers with Red Hat Console Guide.
Red Hat Directory Server and Administration Server have a special Java-based console which simplifies administering the directories. This guide covers the basic structure of the Red Hat Console for
both the Directory Server and the Administration Server and provides an overview of how to use the
main Red Hat Console to manage users and access within the Console.
1. Purpose of This Guide
There are three Java consoles bundled together to manage the servers in Red Hat Directory Server:
• The Red Hat Console, which is the first console to open. This has a unified view of all Administration
Server and Directory Server instances being managed and can perform basic user and group tasks,
like adding, searching, editing, and deleting entries.
• The Administration Server, which manages the Administration Server local instance, including viewing logs and changing the Administration Server configuration.
• The Directory Server Console, a separate window for each Directory Server instance with manages
the server through changing configuration and viewing logs and performance monitors and manages the directory and directory policies.
This guide provides a basic overview of how to use and navigate through Red Hat Console so that
managing servers through the consoles is easy and effective.
2. Examples and Formatting
Each of the examples used in this guide, such as file locations and commands, have certain defined
conventions.
2.1. Command and File Examples
All of the examples for Red Hat Directory Server commands, file locations, and other usage are given
for Red Hat Enterprise Linux 5 (32-bit) systems. Be certain to use the appropriate commands and files
for your platform.
To start the Red Hat Directory Server:
service dirsv start
Example 1. Example Command
vii
Preface
2.2. Tool Locations
The tools for Red Hat Directory Server are located in the /usr/bin and the /usr/sbin directories.
These tools can be run from any location without specifying the tool location.
2.3. LDAP Locations
There is another important consideration with the Red Hat Directory Server tools. The LDAP tools referenced in this guide are Mozilla LDAP, installed with Red Hat Directory Server in the /
usr/lib/mozldap directory on Red Hat Enterprise Linux 5 (32-bit) (or /usr/lib64/mozldap for
64-bit systems).
However, Red Hat Enterprise Linux systems also include LDAP tools from OpenLDAP in the /
usr/bin directory. It is possible to use the OpenLDAP commands as shown in the examples, but you
must use the -x argument to disable SASL, which OpenLDAP tools use by default.
2.4. Text Formatting and Styles
Certain words are represented in different fonts, styles, and weights. Different character formatting is
used to indicate the function or purpose of the phrase being highlighted.
Formatting Style
Purpose
Monospace font
Monospace is used for commands, package
names, files and directory paths, and any text
displayed in a prompt.
Monospace
with a
background
This type of formatting is used for anything
entered or returned in a command prompt.
Italicized text
Any text which is italicized is a variable, such
as instance_name or hostname. Occasionally,
this is also used to emphasize a new term or
other phrase.
Bolded text
Most phrases which are in bold are application
names, such as Cygwin, or are fields or options in a user interface, such as a User Name
Here: field or Save button.
Other formatting styles draw attention to important text.
NOTE
A note provides additional information that can help illustrate the behavior of the system
or provide more detail for a specific issue.
viii
Additional Reading
IMPORTANT
Important information is necessary, but possibly unexpected, such as a configuration
change that will not persist after a reboot.
WARNING
A warning indicates potential data loss, as may happen when tuning hardware for maximum performance.
3. Additional Reading
The Directory Server Administrator's Guide describes how to set up, configure, and administer Red
Hat Directory Server and its contents. this manual does not describe many of the basic directory and
architectural concepts that you need to deploy, install, and administer a directory service successfully.
Those concepts are contained in the Red Hat Directory Server Deployment Guide. You should read
that book before continuing with this manual.
When you are familiar with Directory Server concepts and have done some preliminary planning for
your directory service, install the Directory Server. -->The instructions for installing the various Directory Server components are contained in the Red Hat Directory Server Installation Guide. Many of the
scripts and commands used to install and administer the Directory Server are explained in detail in the
Red Hat Directory Server Configuration, Command, and File Reference.
Also, Managing Servers with Red Hat Console contains general background information on how to
use the Red Hat Console. You should read and understand the concepts in that book before you attempt to administer Directory Server.
The document set for Directory Server contains the following guides:
• Red Hat Directory Server Release Notes contain important information on new features, fixed bugs,
known issues and workarounds, and other important deployment information for this specific version
of Directory Server.
• Red Hat Directory Server Deployment Guide provides an overview for planning a deployment of the
Directory Server.
• Red Hat Directory Server Administrator's Guide contains procedures for the day-to-day maintenance of the directory service. Includes information on configuring server-side plug-ins.
• Red Hat Directory Server Configuration, Command, and File Reference provides reference information on the command-line scripts, configuration attributes, and log files shipped with Directory Server.
•
ix
Preface
Red Hat Directory Server Installation Guide contains procedures for installing your Directory Server
as well as procedures for migrating from a previous installation of Directory Server.
• Red Hat Directory Server Schema Reference provides reference information about the Directory
Server schema.
• Red Hat Directory Server Plug-in Programmer's Guide describes how to write server plug-ins in order to customize and extend the capabilities of Directory Server.
• Red Hat Directory Server Web Applications Guide explains how to implement a gateway instance
with basic directory look-up functionality and contains information useful for implementing a more
powerful gateway instance with directory authentication and administration capabilities. This also includes information about the DSML gateway.
• Using Red Hat Console gives an overview of the primary user interface and how it interacts with the
Directory Server and Administration Server, as well as how to perform basic management tasks
through the main Console window.
• Using the Admin Server describes the different tasks and tools associated with the Administration
Server and how to use the Administration Server with the Configuration and User Directory Server
instances.
For the latest information about Directory Server, including current release notes, complete product
documentation, technical notes, and deployment information, see the Red Hat Directory Server documentation site at />
4. Giving Feedback
If there is any error in this Managing Servers with Red Hat Console or there is any way to improve the
documentation, please let us know. Bugs can be filed against the documentation for Red Hat Directory
Server through Bugzilla, Make the bug report as specific as possible, so we can be more effective in correcting any issues:
• Select the Red Hat Directory Server product.
• Set the component to Doc - managing-servers.
• Set the version number to 8.1.
• For errors, give the page number (for the PDF) or URL (for the HTML), and give a succinct description of the problem, such as incorrect procedure or typo.
For enhancements, put in what information needs to be added and why.
x
Documentation History
• Give a clear title for the bug. For example, "Incorrect command example for setup
script options" is better than "Bad example".
We appreciate receiving any feedback — requests for new sections, corrections, improvements, enhancements, even new ways of delivering the documentation or new styles of docs. You are welcome
to contact Red Hat Content Services directly at mailto:
5. Documentation History
Revision History
Revision 8.1.0
April 28, 2009
Ella Deon
Initial draft for version 8.1.
xi
xii
Chapter 1.
Overview of Red Hat Console
Red Hat Console is the user interface to manage Red Hat Directory Server and Administration Server
configuration and directory information. There is a single main Console window which administers the
servers (collected and identified in administration domains). The main Console allows you to open
server-specific Consoles to manage the settings and information in individual instances.
This chapter provides an overview of how the Console interacts with the Directory Server and Administration Server and walks through the Console windows and options.
1.1. How the Console, Directory Server, and Administration
Server Work Together
The Red Hat Console is an independent Java application which works in conjunction with instances of
Red Hat Directory Server and Administration Server. Most server management functions are carried
out in server-specific console windows for the Directory Server and Administration Server. Red Hat
Console is part of a system that manages Red Hat Directory Server instances and the Administration
Server and, therefore, information in the directory. Although Red Hat Directory Server, Red Hat Console, and Red Hat Administration Server work tightly with one another, each plays a specific role in
managing servers, applications, and users.
Red Hat Console is the front-end management application for Red Hat Directory Server. It finds all
servers and applications registered in the configuration directory, displays them in a graphical interface, and can manage and configure them. The Main Console can also search for, create, and edit
user and group entries in the user directory.
1
Chapter 1. Overview of Red Hat Console
Figure 1.1. The Red Hat Console Interface
When a user logs into Red Hat Console, the Console connects to the Administration Server over Hypertext Transfer Protocol (HTTP). The Administration Server receives requests to administer the different Directory Server instances and performs the changes to the configuration, such as changing a port
number. When a request is sent to the Red Hat Console to add or edit user entries, the Console sends
a Lightweight Directory Access Protocol (LDAP) message directly to Directory Server to update the
user directory.
Figure 1.2. Simple System Using Red Hat Console
Red Hat Directory Server stores server and application configuration settings as well as user information. Typically, application and server configuration information is stored in one subtree of Red Hat Directory Server while user and group entries are stored in another subtree. With a large enterprise,
however, configuration and user information can be stored in separate instances of Directory Server
2
How the Console, Directory Server, and Administration Server Work Together
(which can be on the same host machine or on two different host machines). Figure 1.2, “Simple System Using Red Hat Console” illustrates a relatively simple Red Hat Directory Server system. As an enterprise grows and needs change, additional hosts and Directory and Admin Servers can be added to
the administration domain in the Console, so that a single Console can manage multiple Directory and
Admin Servers.
Figure 1.3. A More Complex System
3
Chapter 1. Overview of Red Hat Console
NOTE
When the terms configuration directory and user directory are used in this guide, they
refer to where the configuration information and the user information is stored, regardless of whether that is in the subtrees of a single instance of Directory Server or in two
separate instances of Directory Server.
1.2. Red Hat Console Menus
There are five menu items in the top menu the Console. The options for each of these menus varies
depending on the Console window open (the main Console, Directory Server Console, or Administration Server Console) and the types of objects available in that server area.
Figure 1.4. Main Console Menus
Menu
Description
Console
Manages the Console session, such as closing
the window or exiting the session entirely.
• For the main window, this menu also can be
used to add and remove admin domain.
• For the Directory Server Console, this allows
people to log in as a different user.
• For the Administration Server Console, it manages security issues, such as certificates and
tokens.
4
Red Hat Console Tabs
Menu
Description
Edit
Sets display preferences, for all three Consoles.
For the Directory Server Console, this also
provides ways to copy, paste, and delete directory entries or text.
View
Sets whether to display certain parts of the Console window, such as the top banner, menus,
and side navigation panes. This also refreshes
the current display. For the Directory Server Console, this menu also sets what parts of the directory or which databases to view.
Object
Provides available operations for the active object; this is the same as the right-click menu for
the active area or entry.
• For the main window, this menu simply opens
or deletes a server instance.
• For the Directory Server Console, this provides
all of the configuration options for the directory
entries, such as advanced property editors or
creating new entries.
• For the Administration Server Console, this
opens a configuration editor, starts, and stops
the server.
Help
Opens context-specific help for the current Console area.
Table 1.1. Console Menus
1.3. Red Hat Console Tabs
There are two tabs in the main Console window:
• Servers and Applications, for managing the Directory Server and Administration Server instances
• Users and Groups, for searching for and creating user and group entries within the Directory Server
1.3.1. The Servers and Applications Tab
The Servers and Applications tab, by default, has a navigation tree on the left for viewing hosts and
Directory and Administration Servers and a center information panel. To access the Directory Server
5
Chapter 1. Overview of Red Hat Console
instance, directory information, or Administration Server, open the server resource listed in the navigation tree. The information for the server instance, such as the build number and port number,
The navigation tree displays the Red Hat Directory Server topology, a hierarchical representation of all
the resources (such as servers and hosts), that are registered in a configuration directory.
Figure 1.5. The Servers and Applications Tab
The top of the topology is the administration domain. An administration domain is a collection of host
systems and servers that share the same user directory. The server which hosts Directory Server or
Administration Server instances belongs to the admin domain; that is the host.
A server group consists of all Directory Servers that are managed by a common Administration Server.
A number of server groups can exist within an administration domain.
1.3.2. The Users and Groups Tab
The Users and Groups tab can search for user and group entries in any Directory Server administered by the Console. Any of the returned entries can be edited or deleted through this tab, assuming
that the users has the proper access permissions. New entries can also be created through the Users
and Groups tab.
6
Server-Specific Consoles
Figure 1.6. The Users and Groups Tab
Switch the directory being searched or where the entries are added through the options in the Users
menu, as described in Section 4.1, “Searching for Users and Groups”.
1.4. Server-Specific Consoles
The main Console can open into two server-specific windows to manage the Administration Server
and Directory Server. These windows are opened by clicking the server name in the navigation area,
and then clicking the Open button in the resources area.
1.4.1. The Directory Server Console
The Directory Server Console manages the specific Directory Server instance configuration, including
the port number, SSL settings, and logging. The Directory Server Console also manages the directory
information (entries) and directory operations like importing and exporting databases, creating suffixes,
and extending the schema.
7
Chapter 1. Overview of Red Hat Console
Figure 1.7. The Directory Server Console
There are four tabs in the Directory Server Console:
• Tasks, which has shortcuts to common server operations, including starting and stopping the Directory Server instance, importing and exporting databases, and managing SSL certificates
• Configuration, which defines all of the server configuration settings, including SASL and SSL authentication, port numbers, schema, replication and synchronization, databases and suffixes, logging, and plug-ins
• Directory, which access and manages the directory information, including user entries and all group
entries, including roles, classes of service, views, and groups
• Status, which monitors the server performance and displays the different monitoring and performance counters for the Directory Server and databases
Similar to the main Console, the Directory Server Console tabs have a navigation area on the left and
a center panel that displays information about the active setting, entry, or database.
The procedures for using the Directory Server Console to manage the Directory Server configuration
and directory entries is covered in the Directory Server Administrator's Guide.
8
The Administration Server Console
1.4.2. The Administration Server Console
The Administration Server itself administers the configuration of other servers, especially the configuration and user directories for the server group. The Administration Server Console manages the Administration Server settings and the settings for these two Directory Server directories; whenever the
settings are changed in the Directory Server configuration, the modifications must be carried into the
Administration Server configuration for the server to properly manage those servers.
Figure 1.8. The Administration Server Console
The Administration Server Console is simpler than the Directory Server Console, with only two tabs:
• Tasks, which has shortcuts to common server operations, including starting and stopping the Administration Server instance, setting up logging, and managing SSL certificates
• Configuration, which defines all of the Administration Server configuration settings, including SSL
authentication, port numbers, and logging, as well as the Configuration Directory Server and User
Directory Server settings which the Administration Server uses to connect to the directory services
The procedures for using the Administration Server Console to manage the Administration Server configuration and associated directory services is covered in the Using the Admin Server guide.
9
10
Chapter 2.
Basic Tasks in the Red Hat Console
While most server management functions are carried out in server-specific console windows for the
Red Hat Directory Server and Administration Server, the main Red Hat Console itself has some basic
management functions, such as creating server instances, searching the directory, setting some access controls, and allowing some entry modifications.
This chapter covers basic tasks in the Red Hat Console, including installing the Console, creating and
editing server instances, and configuring the Console appearance.
2.1. Installing the Console
The Red Hat Console package, redhat-ds-console.noarch, can be installed on Red Hat Enterprise Linux systems using tools like yum. For example:
yum install redhat-idm-console
The Red Hat Console package and also be downloaded through Red Hat Network and installed using
package management tools such as rpm and pkgadd. For example:
rpm -ivh redhat-idm-console-1.0.0-22.el4idm.i386.rpm
2.2. Launching the Console
1. Run the redhat-idm-console command. For example:
redhat-idm-console -a :9830
The different options for the redhat-idm-console command are listed in Table 2.1, “Arguments
for redhat-idm-console”.
2. Enter the user name and password.
11
Chapter 2. Basic Tasks in the Red Hat Console
Also, enter or select the URL for the instance of Administration Server, if one was not passed with
the command. The URL can be either the hostname or the IP address of the Administration Server
host. The Administration Server port number must be given, as well. The five most recent Administration Server URLs accessed are available as a drop-down menu option.
Argument
Description
Example
-a adminURL
Specifies a base URL for the instance of Administration Server
to log into.
-a :987
-f fileName
Writes errors and system messages to fileName.
-f system.out
-h
Prints out the help message for
redhat-idm-console.
-s
Specifies the directory instance
to access, either by specifying
the DN of the server instance
entry (SIE) or the instance
name, such as slapd-example.
-s slapd-example
-u
Gives the user DN to use to log
into the Console.
-u "cn=Directory Manager"
-w
Gives the password to use to
log into the Console.
-w secret
-w -
Reads the password from the
standard output.
-x options
Specifies extra options. There
are three values for extraOptions:
nowinpos, which puts the Console window in the upper left
corner of the screen
nologo, which keeps the splash
12
-x nologo,nowinpos
Opening a Directory or Administration Server
Window
Argument
Description
Example
screen from being displayed
and only opens the login dialog
javalaf, which uses the Java
look and feel for the Console interface rather than the platformspecific styles
To use multiple options, separate them with a comma.
-y file
Reads the password from the
specified input file.
Table 2.1. Arguments for redhat-idm-console
-y password.txt
2.3. Opening a Directory or Administration Server Window
The Red Hat Console is the avenue to access instance-specific management windows for the Directory Server and Administration Server. To open a console window for a specific server instance:
1. Open the Red Hat Console.
redhat-idm-console
2. Click the Servers and Applications tab, which lists all of the Directory Server and Administration
Server instances within the configured Directory Server domain.
3. In the navigation tree, click a server to select it.
13
