How to install eDirectory on CentOS 7
NetIQ eDirectory is one of the most high performance, LDAP V3 standard compliant directories and it is free! It is not showing LDAP baked on top of some proprietary structure hiding tons of stuff underneath but it is native LDAP - everything it contains is there for you to access and everything is under ACL meaning you can restrict access to anything.
Also it comes with a graphical tool iManager sitting on top of Tomcat. It is also freely available and will be covered in another documents under tips and howtos.
CentOS Linux is RedHat Enterprise Linux without the proprietary components and it works perfectly with eDirectory.
eDirectory 9
eDirectory 9 will install to CentOS7 without any glitches - except for this:
eDirectory installation will halt due to missing dependency of file libunwind.so.7 which google-perftools requires. This is due to existing gperf package already there so you must say this before installing:
yum erase gperf
Identity Manager 4.6
Identity Manager 4.6 installs straightforward as documented in the installation document.
iManager 3
iManager 3 does install also straightforward as documented BUT the provided Apache mod_jk proxying is not available for CentOS 7 so you must use ajp proxying. I put it under it's own topic here.
Instructions for eDirectory version 8.x.x
Here is the checklist for installation
- Make sure your IP addresses are listed in /etc/hosts
- Make your time synchronized with other eDirectory instances using NTP
- Have multicast routing while installing (route add -net 224.0.0.0 netmask 240.0.0.0 dev interface)
- Have a static IP address
- Allow all traffic from and to localhost
- Allow LDAP access from the addresses required (TCP 389, 636)
Install glibc i686
yum install glibc-2.xx-xx.el7.i686
Create a file /etc/hosts.nds and have it containing something like this
MY_TREE. <IP_ADDRESS or HOSTNAME>
Download your eDirectory from NetIQ / Novell, untar and install the rpms with –force -option (currently showing the latest 8.8.8 install)
tar -xzf eDirectory_*_Linux_x86_64.tar.gz cd eDirectory/setup
cd install_directory/eDirectory/setup rpm -Uvh --force *.rpm 32-bit/nici*.rpm mkdir /var/opt/novell/eDirectory /var/opt/novell/eDirectory/log
After installation set eDirectory paths to your account by adding command to your .bashrc
. /opt/novell/eDirectory/bin/ndspath
Edirectory does not update it's instance information to /etc/opt/novell/eDirectory/conf/.edir so it cannot pass pid file location correctly so we help systemd a bit
ln -s /var/opt/novell/eDirectory/data /var/nds
Now configure a new tree
ndsconfig new -t MY_TREE -n o=company -a cn=admin.o=company -L 389 -l 636
or connect to existing
ndsconfig add -t TREENAME -n server.context.in.dot.notation -a cn=admin.o=org -S director -p ip_address
Check that everything works by enabling and restarting ndsd
systemctl enable ndsd systemctl restart ndsd
You can attach another window to console messages to see it goes ok
journalctl -f
Lets do some testing
ldapsearch -x 'objectclass=*' dn
If you saw multiple object dn listing then you're all set!