HP UX Direry Server manual Directory Server user and group, Directory manager

Page 8

default. Alternatively, you can assign any port number between 1025 and 65535 for the Directory Server and Administration Server ports; you are not required to use the defaults or the randomly-generated ports.

NOTE:

Although the valid range of port numbers is 1 to 65535, do not assign a Directory Server port number below 1024 (except 389 for LDAP, or 636 for LDAP with TLS/SSL). The Internet Assigned Numbers Authority (IANA) has already assigned ports 1 to 1023 to common processes.

When determining the port numbers to use, verify that the specified port numbers are not already in use by running a command like netstat.

For LDAPS (LDAP with TLS/SSL), the default port number is 636. The server can listen to both the LDAP and LDAPS port at the same time. However, the setup script will not allow you to configure TLS/SSL. To use LDAPS, assign the LDAP port number in the setup process, then reconfigure the Directory Server to use the LDAPS port and the other TLS/SSL parameters afterward. For information on how to configure LDAPS, see the HP-UX Directory Server administrator guide.

The Administration Server runs on a web server, so it uses HTTP or HTTPS. However, unlike the Directory Server, which can run on secure (LDAPS) and insecure (LDAP) ports at the same time, the Administration Server cannot run over both HTTP and HTTPS simultaneously. The setup script, setup-ds-admin.pl, does not allow you to configure the Administration Server to use TLS/SSL. To use TLS/SSL (meaning HTTPS) with the Administration Server, first set up the Administration Server to use HTTP, then reconfigure it to use HTTPS.

If you are using ports below 1024, such as the default LDAP port (389), you must run the setup script and start the servers as root. However, you do not have to set the server user ID to root. When the server starts, the server binds and listens to its port as root, then immediately drops its privileges and runs as the non-rootserver user ID. When the system restarts, the server is started as root by the init script. For more detailed technical information, see the setuid(2) manpage.

For more information about the server user ID, see “Directory Server user and group” (page 8).

1.2.2 Directory Server user and group

The setup process sets a user ID (UID) and group ID (GID) as which the servers will run. The default UID is a non-privileged (non-root) user, www. HP strongly recommends using this default value. To simplify administration, you can use the same UID for both the Directory Server and the Administration Server. If you choose a different UID for each server, these UIDs must belong to the group assigned to Directory Server.

For security reasons, HP strongly discourages you from setting the Directory Server or Administration Server user to root. If an attacker gains access to the server, he might be able to execute arbitrary system commands as the root user. Using a non-privileged UID adds another layer of security.

Listening to restricted ports as unprivileged users Even though port numbers less than 1024 are restricted, the LDAP server can listen to port 389 (and any port number less than 1024), as long as the server is started by the root user or by init when the system starts up. The server first binds and listens to the restricted port as root, then immediately drops privileges to the non-root server UID. For more detailed technical information, see the setuid(2) manpage.

For more information on port numbers, see “Port numbers” (page 7).

1.2.3 Directory manager

The Directory Server setup creates a special user named the Directory Manager. The Directory Manager is a unique, powerful entry that is used to administer all user and configuration tasks.

8Preparing for a Directory Server installation

Page 7 Page 9
Image 8
Page 7 Page 9
Contents HP-UX Directory Server installation guide Page Table of Contents Glossary Index Page Preparing for a Directory Server installation Considerations before setting up Directory ServerDirectory Server components Port numbersDirectory manager Preparing for a Directory Server installationDirectory Server user and group Directory suffix Directory administratorAdministration Server user Configuration directory Administration domainHardware requirements System requirementsHardware requirements Operating system requirements HP-UX patchesKernel parameters HP-UX system configurationPerl prerequisites Timewait setting Large file supportSetting up HP-UX Directory Server Installing the JREOverview HP-UX Apache-based web server requirementInstalling the Kerberos 5 libraries Installing the Directory Server packageSetting up the Directory Server and Administration Server Setup overviewOptions for running the setup script Responding to prompts and navigating between screen promptsPassing values for specific setup parameters Setup script command line options Setup-ds-admin optionsSetup file File name with the -f option. For exampleInteractive setup modes Reused for a silent setupWith this file CharactersComparison of setup types Performing express setup Set the Directory ManagerPort Blank all interfaces IP address Set user as whichSetting up the Directory Server and Administration Server Performing typical setup Administration Domain example.com Performing custom setup Run the setup-ds-admin.pl script as root Directory server network port 389 Performing silent setup Setup file structure Setup file directives General directivesConfigDirectoryAdminID Specifies the user Slapd directivesSuffix Specifies the suffix under Which to store Directory data. For Information on suffixesAdmin directives Sample setup files Example 3-1 Example of setup file for a custom installationSending parameters in the command line Example 3-2 Example of setup file for a typical setup# /opt/dirsrv/sbin/setup-ds-admin.pl -s \ Post-installation and advanced configuration tasks Configuring Administration Server instancesConfiguring IP authorization on the Administration Server Configuring Administration Server instancesCreating additional Directory Server instances Configuring proxy servers for the Administration ServerPost-installation and advanced configuration tasks Creating a new Directory Server instance interactively Creating a new Directory Server instance silentlyUninstalling Directory Server Removing a single Directory Server instanceUninstalling the HP-UX Directory Server Uninstalling Directory ServerPage General usage information Directory Server file locationsLdap tool locations File and directory locationsGetting the Administration Server port number Resetting the Directory Manager passwordStarting the Directory Server Console Starting and stopping serversTroubleshooting Problem Clients cannot locate the serverProblem The port is in use Problem Forgotten directory manager DN and passwordPage Configuring the Directory Server Console Tasks to perform before migratingMigrate-ds-admin Options and Argument Migration scriptMigration scenarios Migrating a server or single instance Migrating replicated serversMigrating a Directory Server from one machine to another Migrating a Directory Server from one platform to another Upgrading from Red Hat Directory Server Upgrading from Red Hat Directory ServerPerforming the upgrade to HP-UX Directory Server Related information Support and other resourcesContacting HP HP-UX documentation set Support and other resourcesTypographic conventions Troubleshooting resourcesTypographic conventions Page Access rights GlossaryBind rule GlossaryDIT GSS-API Ldap NIS PTA Sasl TCP/IP Page Symbols IndexHP authorized resellers Index
Related manuals
Manual 96 pages 26.31 Kb Manual 68 pages 26.36 Kb Manual 160 pages 39.12 Kb Manual 18 pages 3.79 Kb

UX Direry Server specifications

HP UX Directory Server is a robust and scalable solution designed for managing directory information within enterprise networks. Developed by Hewlett-Packard (HP), this server offers an extensive set of features tailored to meet the needs of organizations that require an efficient way to store, manage, and retrieve identity and access data.

One of the key features of HP UX Directory Server is its ability to handle large directories with significant volumes of data. Built on a highly optimized architecture, it provides excellent performance and can support millions of entries without sacrificing speed or reliability. This capability makes it an ideal choice for large-scale deployments in enterprises that require high availability and responsiveness.

In addition to its scalability, HP UX Directory Server supports a wide range of protocols, including LDAP (Lightweight Directory Access Protocol), which ensures seamless integration with diverse applications and systems across various platforms. The server maintains standards compliance, which facilitates interoperability and simplifies administration tasks.

Security is a top priority for HP UX Directory Server, offering an array of features to protect sensitive information. It supports secure data transmission via TLS/SSL protocols, ensuring encrypted communication between clients and servers. Advanced access controls allow administrators to define fine-grained permissions, helping to safeguard directory data against unauthorized access.

Another salient feature of HP UX Directory Server is its replication capabilities. The server can replicate directory data across multiple instances, ensuring data consistency and availability in distributed environments. This feature is essential for businesses operating across different geographical locations or requiring failover solutions for disaster recovery.

HP UX Directory Server also comes equipped with tools for data management, including an intuitive administration console for configuring and monitoring the server. Additionally, it offers customizable schema capabilities, enabling organizations to tailor the directory structure to fit their specific needs.

Integration with existing identity management solutions is streamlined through connectors and APIs, allowing organizations to extend their directory services and enhance user experience.

In summary, HP UX Directory Server is a powerful directory management solution that combines scalability, security, and integration flexibility. Its support for industry standards, advanced replication, and comprehensive administrative tools makes it an essential asset for organizations seeking to manage identity and access efficiently. By leveraging this technology, businesses can improve their operational efficiency and ensure a secure and organized approach to directory management.
Top Page Image Contents