Pegasi Wiki

This wiki acts as a memo for our own work so why not share them? Feel free to browse and use out notes and leave a note while at it.

How to install eDirectory on CentOS 7

NetIQ eDirectory is one of the most high performance, LDAP V3 standard compliant directories and it is free! It is not showing LDAP baked on top of some proprietary structure hiding tons of stuff underneath but it is native LDAP - everything it contains is there for you to access and everything is under ACL meaning you can restrict access to anything.

Also it comes with a graphical tool iManager sitting on top of Tomcat. It is also freely available and will be covered in another documents under tips and howtos.

CentOS Linux is RedHat Enterprise Linux without the proprietary components and it works perfectly with eDirectory.

eDirectory 9

eDirectory 9 will install to CentOS7 without any glitches - except for this:

eDirectory installation will halt due to missing dependency of file libunwind.so.7 which google-perftools requires. This is due to existing gperf package already there so you must say this before installing:

yum erase gperf

Identity Manager 4.6

Identity Manager 4.6 installs straightforward as documented in the installation document.

iManager 3

iManager 3 does install also straightforward as documented BUT the provided Apache mod_jk proxying is not available for CentOS 7 so you must use ajp proxying. I put it under it's own topic here.

Instructions for eDirectory version 8.x.x

Here is the checklist for installation

  • Make sure your IP addresses are listed in /etc/hosts
  • Make your time synchronized with other eDirectory instances using NTP
  • Have multicast routing while installing (route add -net 224.0.0.0 netmask 240.0.0.0 dev interface)
  • Have a static IP address
  • Allow all traffic from and to localhost
  • Allow LDAP access from the addresses required (TCP 389, 636)

Install glibc i686

yum install glibc-2.xx-xx.el7.i686

Create a file /etc/hosts.nds and have it containing something like this

MY_TREE.              <IP_ADDRESS or HOSTNAME>

Download your eDirectory from NetIQ / Novell, untar and install the rpms with –force -option (currently showing the latest 8.8.8 install)

tar -xzf eDirectory_*_Linux_x86_64.tar.gz
cd eDirectory/setup
cd install_directory/eDirectory/setup
rpm -Uvh --force *.rpm 32-bit/nici*.rpm
mkdir /var/opt/novell/eDirectory /var/opt/novell/eDirectory/log

After installation set eDirectory paths to your account by adding command to your .bashrc

. /opt/novell/eDirectory/bin/ndspath

Edirectory does not update it's instance information to /etc/opt/novell/eDirectory/conf/.edir so it cannot pass pid file location correctly so we help systemd a bit

ln -s /var/opt/novell/eDirectory/data /var/nds

Now configure a new tree

ndsconfig new -t MY_TREE -n o=company -a cn=admin.o=company -L 389 -l 636

or connect to existing

ndsconfig add -t TREENAME -n server.context.in.dot.notation -a cn=admin.o=org -S director -p ip_address

Check that everything works by enabling and restarting ndsd

systemctl enable ndsd
systemctl restart ndsd

You can attach another window to console messages to see it goes ok

journalctl -f

Lets do some testing

ldapsearch -x  'objectclass=*' dn

If you saw multiple object dn listing then you're all set!

 stars  from 4 votes

Leave a comment

Enter your comment:
Y U C V B
 

  //check if we are running within the DokuWiki environment if (!defined("DOKU_INC")){ die(); } //place the needed HTML source codes BELOW this line