Changes for page Guide d'installation Linux
Last modified by Aurelie Bertrand on 2024/11/25 11:18
From version 19.1
edited by Aurelie Bertrand
on 2024/08/20 14:50
on 2024/08/20 14:50
Change comment:
There is no comment for this version
To version 20.1
edited by Aurelie Bertrand
on 2024/08/20 14:52
on 2024/08/20 14:52
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -350,7 +350,7 @@ 350 350 351 351 (% start="2" %) 352 352 1. ((( 353 -LDIF files can be downloaded by clicking on the following link [[LDIF_OpenDJ>>attach:LDIF_OpenDJ.zip]]. 353 +LDIF files can be downloaded by clicking on the following link [[LDIF_OpenDJ>>attach:/xwiki/wiki/dd2024r1/download/Digdash/deployment/installation/install_guide_ubuntu/WebHome/LDIF_OpenDJ.zip?rev=1.1]]. 354 354 ))) 355 355 1. Create organisations using the ‘neworganisation.ldif’ file below : 356 356 ... ... @@ -572,8 +572,6 @@ 572 572 systemctl status opendj 573 573 {{/code}} 574 574 575 - 576 - 577 577 == Useful option == 578 578 579 579 The operation below is not part of the installation. ... ... @@ -593,458 +593,10 @@ 593 593 add: ds-rlim-size-limit 594 594 ds-rlim-size-limit: 10000 595 595 {{/code}} 596 -(% style="line-height:1.2" %) 597 -== == 598 598 599 -(% style="line-height:1.2" %) 600 -== Installation == 595 +(% class="wikigeneratedid" id="H" style="line-height: 1.2;" %) 601 601 602 -1. Start by getting the latest version of the **opendj-4.x.x_all.deb **file from the website [[https:~~/~~/github.com/OpenIdentityPlatform/OpenDJ/releases>>url:https://github.com/OpenIdentityPlatform/OpenDJ/releases]] :((( 603 -|(% style="background-color:black" %)(% style="color:#ffffff" %)wget https:~/~/github.com/OpenIdentityPlatform/OpenDJ/releases/download/4.x.x/opendj-4.x.x_all.deb 604 -))) 605 -1. Run the installation : ((( 606 -|(% style="background-color:black" %)(% style="color:#ffffff" %)sudo dpkg -i opendj_4.x.x_all.deb 607 -))) 608 608 609 -((( 610 -(% style="color:inherit; font-family:inherit; font-size:26px" %)Initial setup 611 -))) 612 - 613 -Launch the settings utility to follow the steps: 614 - 615 -((( 616 -|(% style="background-color:black" %)(% style="color:#ecf0f1" %)sudo /opt/opendj/setup 617 -))) 618 - 619 -(% style="line-height:1.38" %) 620 -(% style="border:none; color:#000000; display:inline-block; font-family:Arial,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; height:49px; overflow:hidden; text-decoration:none; white-space:pre-wrap; width:602px" %)[[image:1.png]](%%) 621 -[Enter] 622 - 623 - 624 -[[image:2.png]] 625 - 626 -(% style="line-height:1.38" %) 627 -adminOpenDJ1 628 - 629 - 630 -[[image:3.png]] 631 - 632 -(% style="line-height:1.38" %) 633 -[Enter] 634 - 635 - 636 -[[image:4.png]] 637 - 638 -389 639 - 640 - 641 -[[image:5.png]] 642 - 643 -4444 644 - 645 - 646 -[[image:6.png]] 647 - 648 -[Enter] 649 - 650 - 651 -[[image:7.png]] 652 - 653 -(% style="line-height:1.38" %) 654 -[Enter] 655 - 656 - 657 -[[image:8.png]] 658 - 659 -dc=digdash,dc=com 660 - 661 -[[image:9.png]] 662 - 663 -2 664 - 665 - 666 -(% style="border:none; color:#000000; display:inline-block; font-family:Arial,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; height:42px; overflow:hidden; text-decoration:none; white-space:pre-wrap; width:445px" %)[[image:https://lh7-us.googleusercontent.com/gs7BVYjtXGYivvccymzaxjIwiLn_ld-xJryFXxP8_aqZekStBkjWRjqRG-isbpEk97CVrMOFCsyCy-uzdIoltTdVWhurhNF_ycRAHaBeARw25JvamLrGFXuc-TIL7h6NQEb5iwhIMZIJOblCKog-n5c||height="42" width="445"]](%%) 667 -oui 668 - 669 - 670 -[[image:11.png]] 671 - 672 -(% style="line-height:1.38" %) 673 -[Enter] 674 - 675 - 676 -[[image:12.png]] 677 - 678 -[Enter] 679 - 680 - 681 -[[image:13.png]] 682 - 683 -[Enter] 684 - 685 - 686 -[[image:14.png]] 687 - 688 -[Enter] 689 - 690 - 691 -[[image:15.png]] 692 - 693 -(% style="line-height:1.38" %) 694 -[Enter] 695 - 696 -(% style="line-height:1.38; text-indent:-14.173228346456689pt; margin-top:13px; margin-bottom:13px; padding:0pt 0pt 0pt 14.173228346456689pt" %) 697 -== Additional settings == 698 - 699 -1. Go to the OpenDJ installation directory:((( 700 -|(% style="background-color:black" %)(% style="color:#ffffff" %)cd /opt/opendj/bin/ 701 -))) 702 -1. ((( 703 -LDIF files can be downloaded by clicking the following link [[LDIF_OpenDJ>>attach:LDIF_OpenDJ.zip]]. 704 -))) 705 -1. Create the organizations using the “neworganization.ldif” file below:((( 706 -|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/ldapmodify ~-~-port 389 ~-~-bindDN(%%) (% style="color:#2ecc71" %)"cn=Directory Manager" (% style="color:#ffffff" %)~-~-bindPassword adminOpenDJ1 neworganisation.ldif 707 - 708 -|(% style="background-color:black" %)((( 709 -(% style="line-height:1.38" %) 710 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: ou=default,dc=digdash,dc=com// 711 - 712 -(% style="line-height:1.38" %) 713 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: organizationalUnit// 714 - 715 -(% style="line-height:1.38" %) 716 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//ou: default// 717 -))) 718 -))) 719 - 720 -(% start="4" %) 721 -1. To create a password checker: 722 -1*. Use the dsconfig.bat command, then log in with the Directory Manager credentials and accept the certificates. 723 -1*. Go to menu 29 then select “create a new Password Validator” > select “Character Set Password Validator” > enter “Custom Character Set Password Validator” > “true” > “true” > then configure 4 character-set as follows : ((( 724 -|(% style="background-color:black" %)(% style="color:#ffffff" %)1:abcdefghijklmnopqrstuvwxyz 725 -1:ABCDEFGHIJKLMNOPQRSTUVWXYZ 726 -1:0123456789 727 -1:!"#$%&'()*+,-./:;\<=>?@[]^_`{~|}~~ 728 - 729 -➡ The result should look like this : 730 -(% style="border:none; color:#000000; display:inline-block; font-family:Consolas,sans-serif; font-size:10pt; font-style:italic; font-variant:normal; font-weight:400; height:114px; overflow:hidden; text-decoration:none; white-space:pre-wrap; width:454px" %)//[[image:Resultats.png]]// 731 -))) 732 - 733 -((( 734 - 735 -))) 736 - 737 -(% start="5" %) 738 -1. For the second password checker, we can use a command line because it does not contain special characters: ((( 739 -|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/dsconfig create-password-validator ~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 ~-~-validator-name "Custom length Password Validator" ~-~-set min-password-length:12 ~-~-set enabled:true ~-~-type length-based ~-~-no-prompt 740 -))) 741 - 742 -(% start="6" %) 743 -1. Apply both password checkers:((( 744 -|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/dsconfig set-password-policy-prop ~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 ~-~-policy-name "Default Password Policy" ~-~-set password-validator:"Custom Character-set Password Validator" ~-~-set password-validator:"Custom length Password Validator" ~-~-no-prompt 745 -))) 746 - 747 -(% start="7" %) 748 -1. Set the password policy for users using the “ppolicy.ldif” file below:((( 749 -|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/ldapmodify ~-~-port 389 ~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 ppolicy.ldif 750 - 751 -|(% style="background-color:black" %)((( 752 -(% style="line-height:1.38" %) 753 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: cn=ppolicy,ou=default,dc=digdash,dc=com// 754 - 755 -(% style="line-height:1.38" %) 756 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: top// 757 - 758 -(% style="line-height:1.38" %) 759 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: subentry// 760 - 761 -(% style="line-height:1.38" %) 762 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: pwdPolicy// 763 - 764 -(% style="line-height:1.38" %) 765 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//cn: ppolicy// 766 - 767 -(% style="line-height:1.38" %) 768 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdAttribute: userPassword// 769 - 770 -(% style="line-height:1.38" %) 771 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdAllowUserChange: TRUE// 772 - 773 -(% style="line-height:1.38" %) 774 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdCheckQuality: 1// 775 - 776 -(% style="line-height:1.38" %) 777 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdExpireWarning: 600// 778 - 779 -(% style="line-height:1.38" %) 780 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdFailureCountInterval: 30// 781 - 782 -(% style="line-height:1.38" %) 783 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdGraceAuthNLimit: 5// 784 - 785 -(% style="line-height:1.38" %) 786 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdInHistory: 5// 787 - 788 -(% style="line-height:1.38" %) 789 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdLockout: TRUE// 790 - 791 -(% style="line-height:1.38" %) 792 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdLockoutDuration: 900// 793 - 794 -(% style="line-height:1.38" %) 795 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMaxAge: 0// 796 - 797 -(% style="line-height:1.38" %) 798 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMaxFailure: 5// 799 - 800 -(% style="line-height:1.38" %) 801 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMinAge: 0// 802 - 803 -(% style="line-height:1.38" %) 804 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMustChange: FALSE// 805 - 806 -(% style="line-height:1.38" %) 807 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdSafeModify: FALSE// 808 - 809 -(% style="line-height:1.38" %) 810 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//subtreeSpecification: {base "ou=users", specificationFilter "!(uid=admin)" }// 811 -))) 812 -))) 813 - 814 -(% start="8" %) 815 -1. Set a second password policy for the admin using the “ppolicy-admin.ldif” file below:((( 816 -|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/ldapmodify ~-~-port 389 ~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 ppolicy-admin.ldif 817 - 818 -|(% style="background-color:black" %)((( 819 -(% style="line-height:1.38" %) 820 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: cn=ppolicy-admin,ou=default,dc=digdash,dc=com// 821 - 822 -(% style="line-height:1.38" %) 823 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: top// 824 - 825 -(% style="line-height:1.38" %) 826 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: subentry// 827 - 828 -(% style="line-height:1.38" %) 829 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: pwdPolicy// 830 - 831 -(% style="line-height:1.38" %) 832 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//cn: ppolicy-admin// 833 - 834 -(% style="line-height:1.38" %) 835 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdAttribute: userPassword// 836 - 837 -(% style="line-height:1.38" %) 838 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdAllowUserChange: TRUE// 839 - 840 -(% style="line-height:1.38" %) 841 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdCheckQuality: 1// 842 - 843 -(% style="line-height:1.38" %) 844 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdFailureCountInterval: 30// 845 - 846 -(% style="line-height:1.38" %) 847 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdGraceAuthNLimit: 5// 848 - 849 -(% style="line-height:1.38" %) 850 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdInHistory: 5// 851 - 852 -(% style="line-height:1.38" %) 853 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdLockout: FALSE// 854 - 855 -(% style="line-height:1.38" %) 856 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMaxAge: 0// 857 - 858 -(% style="line-height:1.38" %) 859 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMinAge: 0// 860 - 861 -(% style="line-height:1.38" %) 862 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMustChange: FALSE// 863 - 864 -(% style="line-height:1.38" %) 865 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdSafeModify: FALSE// 866 - 867 -(% style="line-height:1.38" %) 868 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//subtreeSpecification: {base "ou=users", specificationFilter "(uid=admin)" }// 869 -))) 870 -))) 871 -1. Change the password policy to allow pre-encoded passwords (useful for restores in digdash) :((( 872 -|(% style="background-color:black" %)(% style="color:#ecf0f1" %)/opt/opendj/bin/dsconfig set-password-policy-prop ~-~-policy-name "Default Password Policy" ~-~-set allow-pre-encoded-passwords:true ~-~-hostname localhost ~-~-trustAll ~-~-bindDN "cn=directory manager" ~-~-bindPassword adminOpenDJ1 ~-~-no-prompt 873 -))) 874 -1. Create an admin user for digdash via the “create_user_admin.ldif” file below((( 875 -|(% style="background-color:black" %)(% style="color:#ecf0f1" %)/opt/opendj/bin/ldapmodify (% style="color:#ffffff" %)~-~-port 389 (% style="color:#ecf0f1" %)~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 create_user_admin.ldif 876 - 877 -|(% style="background-color:black" %)((( 878 -(% style="line-height:1.38" %) 879 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: uid=admin,ou=default,dc=digdash,dc=com// 880 - 881 -(% style="line-height:1.38" %) 882 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: shadowAccount// 883 - 884 -(% style="line-height:1.38" %) 885 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: inetOrgPerson// 886 - 887 -(% style="line-height:1.38" %) 888 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//cn: Admin Domain Default// 889 - 890 -(% style="line-height:1.38" %) 891 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//sn: Default// 892 - 893 -(% style="line-height:1.38" %) 894 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//uid: admin_default// 895 -))) 896 -))) 897 - 898 -(% start="11" %) 899 -1. Assign the admin user the necessary rights using the “add_admin_right.ldif” and “add_admin_right2.ldif” files below:((( 900 -|(% style="background-color:black" %)(% style="color:#ecf0f1" %)/opt/opendj/bin/ldapmodify (% style="color:#ffffff" %)~-~-port 389 (% style="color:#ecf0f1" %)~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 add_admin_right.ldif 901 - 902 -|(% style="background-color:black" %)((( 903 -(% style="color:#ffffff" %)dn: ou=default,dc=digdash,dc=com 904 - 905 -(% style="color:#ffffff" %)changetype: modify 906 - 907 -(% style="color:#ffffff" %)add: aci 908 - 909 -(% style="color:#ffffff" %)aci: (target ="ldap:~/~//ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow write on userpassword and shadowlastchange for admin"; allow(write) (userdn = "ldap:~/~//uid=admin,ou=default,dc=digdash,dc=com"){{{;)}}} 910 - 911 -(% style="color:#ffffff" %)aci: (target ="ldap:~/~//ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow read,write on userpassword and shadowlastchange for auth users"; allow(read) (userdn = "ldap:~/~//all"){{{;)}}} 912 - 913 - 914 -(% style="color:#ffffff" %)aci: (target ="ldap:~/~//ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow read on userpassword and shadowlastchange for anonymous"; allow(selfwrite) (userdn = "ldap:~/~//anyone"){{{;)}}} 915 - 916 - 917 -(% style="color:#ffffff" %)aci: (target ="ldap:~/~//ou=default,dc=digdash,dc=com")(targetattr = "*")(version 3.0; acl "allow write on * for admin"; allow(all) (userdn = "ldap:~/~//uid=admin,ou=default,dc=digdash,dc=com"){{{;)}}} 918 - 919 -(% style="color:#ffffff" %)aci: (target ="ldap:~/~//ou=default,dc=digdash,dc=com")(targetattr = "*")(version 3.0; acl "allow read on * for anonymous"; allow(read) (userdn = "ldap:~/~//all"){{{;)}}} 920 -))) 921 - 922 -|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/ldapmodify ~-~-port 389 ~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 add_admin_right2.ldif 923 - 924 -|(% style="background-color:black" %)((( 925 -(% style="line-height:1.38" %) 926 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: uid=admin,ou=default,dc=digdash,dc=com// 927 - 928 -(% style="line-height:1.38" %) 929 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//changetype: modify// 930 - 931 -(% style="line-height:1.38" %) 932 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//add: ds-privilege-name// 933 - 934 -(% style="line-height:1.38" %) 935 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//ds-privilege-name: config-read// 936 - 937 -(% style="line-height:1.38" %) 938 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//ds-privilege-name: password-reset// 939 -))) 940 -))) 941 - 942 -(% start="12" %) 943 -1. Generate a password for the administrator and remember it for later:((( 944 -|(% style="background-color:black" %)(% style="background-color:#000000; color:#ecf0f1" %)/opt/opendj/bin/ldappasswordmodify (% style="color:#ffffff" %)~-~-port 389 (% style="background-color:#000000; color:#ecf0f1" %)~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 ~-~-authzID "u:admin" 945 -))) 946 - 947 -(% style="line-height:1.38; text-indent:-14.173228346456689pt; margin-top:13px; margin-bottom:13px; padding:0pt 0pt 0pt 14.173228346456689pt" %) 948 -== Enabling automatic service start on startup == 949 - 950 - 951 -1. Create the opendj.service file:((( 952 -|(% style="background-color:black" %)(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)sudo vi /etc/systemd/system/opendj.service 953 -))) 954 - 955 -(% start="2" %) 956 -1. Paste the following lines there:((( 957 -|(% style="background-color:black" %)((( 958 -(% style="line-height:1.38" %) 959 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)[Unit] 960 - 961 -(% style="line-height:1.38" %) 962 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)Description=OpenDJ Server Daemon 963 - 964 -(% style="line-height:1.38" %) 965 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)Wants=network-online.target 966 - 967 -(% style="line-height:1.38" %) 968 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)After=network-online.target 969 - 970 -(% style="line-height:1.38" %) 971 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)Conflicts=shutdown.target 972 - 973 -(% style="background-color:#000000" %) (% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)[Service] 974 - 975 -(% style="line-height:1.38" %) 976 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)Type=simple 977 - 978 -(% style="line-height:1.38" %) 979 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)Restart=no 980 - 981 -(% style="line-height:1.38" %) 982 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)TimeoutSec=5min 983 - 984 -(% style="line-height:1.38" %) 985 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)IgnoreSIGPIPE=no 986 - 987 -(% style="line-height:1.38" %) 988 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)KillMode=process 989 - 990 -(% style="line-height:1.38" %) 991 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)GuessMainPID=no 992 - 993 -(% style="line-height:1.38" %) 994 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)RemainAfterExit=yes 995 - 996 -(% style="line-height:1.38" %) 997 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)ExecStart=/opt/opendj/bin/start-ds ~-~-quiet 998 - 999 -(% style="line-height:1.38" %) 1000 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)ExecStop=/opt/opendj/bin/stop-ds ~-~-quiet 1001 - 1002 -(% style="background-color:#000000" %) (% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)[Install] 1003 - 1004 -(% style="line-height:1.38" %) 1005 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)WantedBy=multi-user.target 1006 -))) 1007 -))) 1008 - 1009 -(% start="3" %) 1010 -1. Then type the following commands((( 1011 -|(% style="background-color:black" %)((( 1012 -(% style="line-height:1.38" %) 1013 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)systemctl daemon-reload 1014 - 1015 -(% style="line-height:1.38" %) 1016 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)systemctl enable ~-~-now opendj 1017 - 1018 -(% style="line-height:1.38" %) 1019 -(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)systemctl status opendj 1020 -))) 1021 -))) 1022 - 1023 -== Useful option == 1024 - 1025 -The operation below is not part of the installation. 1026 -However, it may be useful to know it for later use. 1027 - 1028 -=== Extending the limit for LDAP searches === 1029 - 1030 -It is possible to extend the LDAP search limit to more than 1000 users with the “extend_search_limit.ldif” file below. 1031 - 1032 -|(% style="background-color:black" %)(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)///opt/opendj/bin/ldapmodify //(% style="color:#ffffff" %)~-~-port 389 (% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)//~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 extend_search_limit.ldif// 1033 - 1034 -|(% style="background-color:black" %)((( 1035 -(% style="line-height:1.38" %) 1036 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: uid=admin,ou=default,dc=digdash,dc=com// 1037 - 1038 -(% style="line-height:1.38" %) 1039 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//changetype: modify// 1040 - 1041 -(% style="line-height:1.38" %) 1042 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//add: ds-rlim-size-limit// 1043 - 1044 -(% style="line-height:1.38" %) 1045 -(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//ds-rlim-size-limit: 10000// 1046 -))) 1047 - 1048 1048 = MariaDB (Recommended){{id name="DB_ubuntu"/}} = 1049 1049 1050 1050 The MariaDB database will be used to store the following elements: comments, audit data and data entry.