Changes for page Guide d'installation Linux

Last modified by Aurelie Bertrand on 2024/11/25 11:18

From 4.3 to 5.1 From 20.1 to 21.1

From version 5.1

edited by Aurelie Bertrand
on 2024/07/10 16:38

Change comment: There is no comment for this version

To version 20.1

edited by Aurelie Bertrand
on 2024/08/20 14:52

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (2 modified, 0 added, 0 removed)

Details

Page properties

Title

@@ -1,1 +1,1 @@
--Guide d'installation Linux
++Installation guide for Linux

Content

@@ -111,7 +111,7 @@
  ==== Reverse Proxy Valve ====
  {{code language="shell"}}
--# Add this valve in the Host element towards the end of the file
++# Add this valve in the Host element near the end of the file
  <Valve className="org.apache.catalina.valves.RemoteIpValve"
                  internalProxies="127\.0\.[0-1]\.1"
                  remoteIpHeader="X-Forwarded-For"
@@ -140,11 +140,11 @@
  ==== Log Valve ====
  {{code language="shell"}}
--# Add this valve in the Host element towards the end of the file
++# Add this valve in the Host element near the end of the file
  <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" ></Valve>
  {{/code}}
--==== Limit the localhost_access_log file (optional) ====
++==== Limiting the localhost_access_log file (optional) ====
  To limit the size of the localhost_access_log file, add the //maxDays// parameter to the Access Log Valve and give it the value of the desired number of days.
@@ -156,7 +156,7 @@
  {{/code}}
--=== Editing context.xml ===
++=== Editing the context.xml file ===
  (% class="wikigeneratedid" id="HEmplacement:2Fetc2Ftomcat92Fcontext.xml" %)
  Location: /etc/tomcat9/context.xml
@@ -201,7 +201,7 @@
  sudo systemctl restart tomcat9.service
  {{/code}}
--=== Enabling automatic start service on startup ===
++=== Enabling automatic service start on startup ===
  {{code language="shell"}}
  sudo systemctl enable tomcat9
@@ -286,462 +286,322 @@
  = OpenDJ{{id name="OpenDJ"/}} =
--(% style="line-height:1.2" %)
  == Installation ==
--1. Start by getting the latest version of the **opendj-4.x.x_all.deb **file from the website [[https:~~/~~/github.com/OpenIdentityPlatform/OpenDJ/releases>>url:https://github.com/OpenIdentityPlatform/OpenDJ/releases]]  :(((
--|(% style="background-color:black" %)(% style="color:#ffffff" %)wget https:~/~/github.com/OpenIdentityPlatform/OpenDJ/releases/download/4.x.x/opendj-4.x.x_all.deb
--)))
--1. Run the installation : (((
--|(% style="background-color:black" %)(% style="color:#ffffff" %)sudo dpkg -i opendj_4.x.x_all.deb
--)))
++1. Start by getting the latest version of the **opendj-4.x.x_all.deb **file from the website [[https:~~/~~/github.com/OpenIdentityPlatform/OpenDJ/releases>>url:https://github.com/OpenIdentityPlatform/OpenDJ/releases]] :
++{{code language="shell"}}
++wget https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/4.x.x/opendj-4.x.x_all.deb
++{{/code}}
++
++(% start="2" %)
++1. Run the installation :
++
++{{code language="shell"}}
++sudo dpkg -i opendj_4.x.x_all.deb
++{{/code}}
++
  (((
  (% style="color:inherit; font-family:inherit; font-size:26px" %)Initial setup
  )))
--Launch the settings utility to follow the steps:
++To simplify OpenDJ configuration, we are going to create a ‘setupOpenDJ.props’ file containing the options available to respond to the OpenDJ ‘setup’ utility (this avoids the configuration interface).
++The contents of this file are detailed below:
++(% class="box warningmessage" %)
  (((
--|(% style="background-color:black" %)(% style="color:#ecf0f1" %)sudo /opt/opendj/setup
++❗Don't forget to replace the parameters with your own. For example, replace the password with the one you want (here ‘adminOpenDJ1’).
  )))
--(% style="line-height:1.38" %)
--(% style="border:none; color:#000000; display:inline-block; font-family:Arial,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; height:49px; overflow:hidden; text-decoration:none; white-space:pre-wrap; width:602px" %)[[image:1.png]](%%)
--[Enter]
--
++{{code language="shell"}}
++#
++# Sample properties file to set up OpenDJ directory server
++# See OpenDJ Setup command man for more options
++#
++rootUserDN                      =cn=Directory Manager
++rootUserPassword                =adminOpenDJ1
++hostname                        =localhost.localdomain
++ldapPort                        =389
++adminConnectorPort              =4444
++backendType                     =je
++baseDN                          =dc=digdash,dc=com
++addBaseEntry                    =true
++ldapsPort                       =636
++enableStartTLS                  =false
++generateSelfSignedCertificate   =true
++start                           =true
++#sampleData                     =2000
++{{/code}}
--[[image:2.png]]
++After saving the file, run the following command line:
--(% style="line-height:1.38" %)
--adminOpenDJ1
--
++{{code language="shell"}}
++sudo /opt/opendj/setup --cli --propertiesFilePath setupOpenDJ.props --acceptLicense --no-prompt
++{{/code}}
--[[image:3.png]]
++(% style="line-height:1.38; text-indent:-14.173228346456689pt; margin-top:13px; margin-bottom:13px; padding:0pt 0pt 0pt 14.173228346456689pt" %)
++== Additional setup ==
--(% style="line-height:1.38" %)
--[Enter]
--
++1. Go to the OpenDJ installation directory:
--[[image:4.png]]
++{{code language="shell"}}
++cd /opt/opendj/bin/
++{{/code}}
--389
--
--
--[[image:5.png]]
--
--4444
--
--
--[[image:6.png]]
--
--[Enter]
--
--
--[[image:7.png]]
--
--(% style="line-height:1.38" %)
--[Enter]
--
--
--[[image:8.png]]
--
--dc=digdash,dc=com
--
--[[image:9.png]]
--
--2
--
--
--(% style="border:none; color:#000000; display:inline-block; font-family:Arial,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; height:42px; overflow:hidden; text-decoration:none; white-space:pre-wrap; width:445px" %)[[image:https://lh7-us.googleusercontent.com/gs7BVYjtXGYivvccymzaxjIwiLn_ld-xJryFXxP8_aqZekStBkjWRjqRG-isbpEk97CVrMOFCsyCy-uzdIoltTdVWhurhNF_ycRAHaBeARw25JvamLrGFXuc-TIL7h6NQEb5iwhIMZIJOblCKog-n5c||height="42" width="445"]](%%)
--oui
--
--
--[[image:11.png]]
--
--(% style="line-height:1.38" %)
--[Enter]
--
--
--[[image:12.png]]
--
--[Enter]
--
--
--[[image:13.png]]
--
--[Enter]
--
--
--[[image:14.png]]
--
--[Enter]
--
--
--[[image:15.png]]
--
--(% style="line-height:1.38" %)
--[Enter]
--
--(% style="line-height:1.38; text-indent:-14.173228346456689pt; margin-top:13px; margin-bottom:13px; padding:0pt 0pt 0pt 14.173228346456689pt" %)
--== Additional settings ==
--
--1. Go to the OpenDJ installation directory:(((
--|(% style="background-color:black" %)(% style="color:#ffffff" %)cd /opt/opendj/bin/
--)))
++(% start="2" %)
 . (((
--LDIF files can be downloaded by clicking the following link [[LDIF_OpenDJ>>attach:LDIF_OpenDJ.zip]].
++LDIF files can be downloaded by clicking on the following link [[LDIF_OpenDJ>>attach:/xwiki/wiki/dd2024r1/download/Digdash/deployment/installation/install_guide_ubuntu/WebHome/LDIF_OpenDJ.zip?rev=1.1]].
  )))
--1. Create the organizations using the “neworganization.ldif” file below:(((
--|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/ldapmodify ~-~-port 389 ~-~-bindDN(%%) (% style="color:#2ecc71" %)"cn=Directory Manager" (% style="color:#ffffff" %)~-~-bindPassword adminOpenDJ1 neworganisation.ldif
++1. Create organisations using the ‘neworganisation.ldif’ file below :
--|(% style="background-color:black" %)(((
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: ou=default,dc=digdash,dc=com//
++{{code language="shell"}}
++sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" neworganisation.ldif
++{{/code}}
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: organizationalUnit//
++{{code}}
++dn: ou=default,dc=digdash,dc=com
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//ou: default//
--)))
--)))
++objectClass: organizationalUnit
++ou: default
++{{/code}}
++
  (% start="4" %)
--1. To create a password checker:
--1*. Use the dsconfig.bat command, then log in with the Directory Manager credentials and accept the certificates.
--1*. Go to menu 29 then select “create a new Password Validator” > select “Character Set Password Validator” > enter “Custom Character Set Password Validator” > “true” > “true” > then configure 4 character-set as follows : (((
--|(% style="background-color:black" %)(% style="color:#ffffff" %)1:abcdefghijklmnopqrstuvwxyz
--1:ABCDEFGHIJKLMNOPQRSTUVWXYZ
--1:0123456789
--1:!"#$%&'()*+,-./:;\<=>?@[]^_`{~|}~~
++1. Set the password checker "Custom Character-set Password Validator":
--➡ The result should look like this :
--(% style="border:none; color:#000000; display:inline-block; font-family:Consolas,sans-serif; font-size:10pt; font-style:italic; font-variant:normal; font-weight:400; height:114px; overflow:hidden; text-decoration:none; white-space:pre-wrap; width:454px" %)//[[image:Resultats.png]]//
--)))
++{{code language="shell"}}
++sudo /opt/opendj/bin/dsconfig create-password-validator --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1"  --validator-name "Custom Character-set Password Validator" --set character-set:1:abcdefghijklmnopqrstuvwxyz --set character-set:1:ABCDEFGHIJKLMNOPQRSTUVWXYZ --set character-set:1:0123456789 --set "character-set:1:\!\"#$%&'()*+,-./:;<=>?@[]^_\`{|}~" --set enabled:true --type character-set --no-prompt --trustAll --set allow-unclassified-characters:true
++{{/code}}
--(((
--
--)))
--
  (% start="5" %)
--1. For the second password checker, we can use a command line because it does not contain special characters: (((
--|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/dsconfig create-password-validator ~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1  ~-~-validator-name "Custom length Password Validator" ~-~-set min-password-length:12 ~-~-set enabled:true ~-~-type length-based ~-~-no-prompt
--)))
++1.  Set the second password checker "Custom length Password Validator":
++{{code language="shell"}}
++sudo /opt/opendj/bin/dsconfig create-password-validator --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1"  --validator-name "Custom length Password Validator" --set min-password-length:12 --set enabled:true --type length-based --no-prompt
++{{/code}}
++
  (% start="6" %)
--1. Apply both password checkers:(((
--|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/dsconfig set-password-policy-prop ~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 ~-~-policy-name "Default Password Policy" ~-~-set password-validator:"Custom Character-set Password Validator" ~-~-set password-validator:"Custom length Password Validator" ~-~-no-prompt
--)))
++1. Apply the two password checkers :
++{{code language="shell"}}
++sudo /opt/opendj/bin/dsconfig set-password-policy-prop --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" --policy-name "Default Password Policy" --set password-validator:"Custom Character-set Password Validator" --set password-validator:"Custom length Password Validator" --no-prompt
++{{/code}}
++
  (% start="7" %)
--1. Set the password policy for users using the “ppolicy.ldif” file below:(((
--|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/ldapmodify ~-~-port 389 ~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 ppolicy.ldif
++1. Set the password policy for users using the ‘ppolicy.ldif’ file below:
--|(% style="background-color:black" %)(((
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: cn=ppolicy,ou=default,dc=digdash,dc=com//
++{{code language="shell"}}
++sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" ppolicy.ldif
++{{/code}}
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: top//
++{{code}}
++dn: cn=ppolicy,ou=default,dc=digdash,dc=com
++objectClass: top
++objectClass: subentry
++objectClass: pwdPolicy
++cn: ppolicy
++pwdAttribute: userPassword
++pwdAllowUserChange: TRUE
++pwdCheckQuality: 1
++pwdExpireWarning: 600
++pwdFailureCountInterval: 30
++pwdGraceAuthNLimit: 5
++pwdInHistory: 5
++pwdLockout: TRUE
++pwdLockoutDuration: 900
++pwdMaxAge: 0
++pwdMaxFailure: 5
++pwdMinAge: 0
++pwdMustChange: FALSE
++pwdSafeModify: FALSE
++subtreeSpecification: {base "ou=users", specificationFilter "!(uid=admin)" }
++{{/code}}
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: subentry//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: pwdPolicy//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//cn: ppolicy//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdAttribute: userPassword//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdAllowUserChange: TRUE//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdCheckQuality: 1//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdExpireWarning: 600//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdFailureCountInterval: 30//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdGraceAuthNLimit: 5//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdInHistory: 5//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdLockout: TRUE//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdLockoutDuration: 900//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMaxAge: 0//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMaxFailure: 5//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMinAge: 0//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMustChange: FALSE//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdSafeModify: FALSE//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//subtreeSpecification: {base "ou=users", specificationFilter "!(uid=admin)" }//
--)))
--)))
--
  (% start="8" %)
--1. Set a second password policy for the admin using the “ppolicy-admin.ldif” file below:(((
--|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/ldapmodify ~-~-port 389 ~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 ppolicy-admin.ldif
++1. Set a second password policy for admin using the ‘ppolicy-admin.ldif’ file below:
--|(% style="background-color:black" %)(((
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: cn=ppolicy-admin,ou=default,dc=digdash,dc=com//
++{{code language="shell"}}
++sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" ppolicy-admin.ldif
++{{/code}}
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: top//
++{{code}}
++dn: cn=ppolicy-admin,ou=default,dc=digdash,dc=com
++objectClass: top
++objectClass: subentry
++objectClass: pwdPolicy
++cn: ppolicy-admin
++pwdAttribute: userPassword
++pwdAllowUserChange: TRUE
++pwdCheckQuality: 1
++pwdFailureCountInterval: 30
++pwdGraceAuthNLimit: 5
++pwdInHistory: 5
++pwdLockout: FALSE
++pwdMaxAge: 0
++pwdMinAge: 0
++pwdMustChange: FALSE
++pwdSafeModify: FALSE
++subtreeSpecification: {base "ou=users", specificationFilter "(uid=admin)" }
++{{/code}}
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: subentry//
++(% start="9" %)
++1. Change password policy to allow pre-encoded passwords (useful for restores in Digdash):
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: pwdPolicy//
++{{code language="shell"}}
++sudo /opt/opendj/bin/dsconfig set-password-policy-prop --policy-name "Default Password Policy" --set allow-pre-encoded-passwords:true --hostname localhost --trustAll --bindDN "cn=directory manager" --bindPassword "adminOpenDJ1" --no-prompt
++{{/code}}
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//cn: ppolicy-admin//
++(% start="10" %)
++1. Create an admin user for Digdash using the “create_user_admin.ldif” file below:
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdAttribute: userPassword//
++{{code language="shell"}}
++sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" create_user_admin.ldif
++{{/code}}
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdAllowUserChange: TRUE//
++{{code}}
++dn: uid=admin,ou=default,dc=digdash,dc=com
++objectClass: shadowAccount
++objectClass: inetOrgPerson
++cn: Admin Domain Default
++sn: Default
++uid: admin_default
++{{/code}}
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdCheckQuality: 1//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdFailureCountInterval: 30//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdGraceAuthNLimit: 5//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdInHistory: 5//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdLockout: FALSE//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMaxAge: 0//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMinAge: 0//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdMustChange: FALSE//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//pwdSafeModify: FALSE//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//subtreeSpecification: {base "ou=users", specificationFilter "(uid=admin)" }//
--)))
--)))
--1. Change the password policy to allow pre-encoded passwords (useful for restores in digdash) :(((
--|(% style="background-color:black" %)(% style="color:#ecf0f1" %)/opt/opendj/bin/dsconfig set-password-policy-prop ~-~-policy-name "Default Password Policy" ~-~-set allow-pre-encoded-passwords:true ~-~-hostname localhost ~-~-trustAll ~-~-bindDN "cn=directory manager" ~-~-bindPassword adminOpenDJ1 ~-~-no-prompt
--)))
--1. Create an admin user for digdash via the “create_user_admin.ldif” file below(((
--|(% style="background-color:black" %)(% style="color:#ecf0f1" %)/opt/opendj/bin/ldapmodify (% style="color:#ffffff" %)~-~-port 389 (% style="color:#ecf0f1" %)~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 create_user_admin.ldif
--
--|(% style="background-color:black" %)(((
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: uid=admin,ou=default,dc=digdash,dc=com//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: shadowAccount//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//objectClass: inetOrgPerson//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//cn: Admin Domain Default//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//sn: Default//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//uid: admin_default//
--)))
--)))
--
  (% start="11" %)
--1. Assign the admin user the necessary rights using the “add_admin_right.ldif” and “add_admin_right2.ldif” files below:(((
--|(% style="background-color:black" %)(% style="color:#ecf0f1" %)/opt/opendj/bin/ldapmodify (% style="color:#ffffff" %)~-~-port 389 (% style="color:#ecf0f1" %)~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 add_admin_right.ldif
++1. Assign the admin user the necessary rights using the “add_admin_right.ldif” and “add_admin_right2.ldif” files below:
--|(% style="background-color:black" %)(((
--(% style="color:#ffffff" %)dn: ou=default,dc=digdash,dc=com
++{{code language="shell"}}
++sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" add_admin_right.ldif
++{{/code}}
--(% style="color:#ffffff" %)changetype: modify
++{{code}}
++dn: ou=default,dc=digdash,dc=com
++changetype: modify
++add: aci
++aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow write on userpassword and shadowlastchange for admin"; allow(write) (userdn = "ldap:///uid=admin,ou=default,dc=digdash,dc=com");)
++aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow read,write on userpassword and shadowlastchange for auth users"; allow(read) (userdn = "ldap:///all");)
++aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow read on userpassword and shadowlastchange for anonymous"; allow(selfwrite) (userdn = "ldap:///anyone");)
++aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "*")(version 3.0; acl "allow write on * for admin"; allow(all) (userdn = "ldap:///uid=admin,ou=default,dc=digdash,dc=com");)
++aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "*")(version 3.0; acl "allow read on * for anonymous"; allow(read) (userdn = "ldap:///all");)
++{{/code}}
--(% style="color:#ffffff" %)add: aci
++{{code language="shell"}}
++sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" add_admin_right2.ldif
++{{/code}}
--(% style="color:#ffffff" %)aci: (target ="ldap:~/~//ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow write on userpassword and shadowlastchange for admin"; allow(write) (userdn = "ldap:~/~//uid=admin,ou=default,dc=digdash,dc=com"){{{;)}}}
++{{code}}
++dn: uid=admin,ou=default,dc=digdash,dc=com
++changetype: modify
++add: ds-privilege-name
++ds-privilege-name: config-read
++ds-privilege-name: password-reset
++{{/code}}
--(% style="color:#ffffff" %)aci: (target ="ldap:~/~//ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow read,write on userpassword and shadowlastchange for auth users"; allow(read) (userdn = "ldap:~/~//all"){{{;)}}}
++(% start="12" %)
++1. Generate an administrator password and remember it for later:
++{{code language="shell"}}
++sudo /opt/opendj/bin/ldappasswordmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" --authzID "u:admin"
++{{/code}}
--(% style="color:#ffffff" %)aci: (target ="ldap:~/~//ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow read on userpassword and shadowlastchange for anonymous"; allow(selfwrite) (userdn = "ldap:~/~//anyone"){{{;)}}}
++(% class="box infomessage" %)
++(((
++💡 If you want to set your own password for the admin user, you need to use a variation of the previous command:
--
--(% style="color:#ffffff" %)aci: (target ="ldap:~/~//ou=default,dc=digdash,dc=com")(targetattr = "*")(version 3.0; acl "allow write on * for admin"; allow(all) (userdn = "ldap:~/~//uid=admin,ou=default,dc=digdash,dc=com"){{{;)}}}
--
--(% style="color:#ffffff" %)aci: (target ="ldap:~/~//ou=default,dc=digdash,dc=com")(targetattr = "*")(version 3.0; acl "allow read on * for anonymous"; allow(read) (userdn = "ldap:~/~//all"){{{;)}}}
++{{code language="shell"}}
++sudo /opt/opendj/bin/ldappasswordmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" --authzID "u:admin" --newPassword "mdpAdmin"
++{{/code}}
  )))
--|(% style="background-color:black" %)(% style="color:#ffffff" %)/opt/opendj/bin/ldapmodify ~-~-port 389 ~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 add_admin_right2.ldif
--
--|(% style="background-color:black" %)(((
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: uid=admin,ou=default,dc=digdash,dc=com//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//changetype: modify//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//add: ds-privilege-name//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//ds-privilege-name: config-read//
--
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//ds-privilege-name: password-reset//
--)))
--)))
--
--(% start="12" %)
--1. Generate a password for the administrator and remember it for later:(((
--|(% style="background-color:black" %)(% style="background-color:#000000; color:#ecf0f1" %)/opt/opendj/bin/ldappasswordmodify (% style="color:#ffffff" %)~-~-port 389 (% style="background-color:#000000; color:#ecf0f1" %)~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 ~-~-authzID "u:admin"
--)))
--
  (% style="line-height:1.38; text-indent:-14.173228346456689pt; margin-top:13px; margin-bottom:13px; padding:0pt 0pt 0pt 14.173228346456689pt" %)
  == Enabling automatic service start on startup ==
++1. Create the opendj.service file:
--1. Create the opendj.service file:(((
--|(% style="background-color:black" %)(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)sudo vi /etc/systemd/system/opendj.service
--)))
++{{code language="shell"}}
++sudo vi /etc/systemd/system/opendj.service
++{{/code}}
  (% start="2" %)
--1. Paste the following lines there:(((
--|(% style="background-color:black" %)(((
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)[Unit]
++1. And paste the following lines:
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)Description=OpenDJ Server Daemon
++{{code}}
++[Unit]
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)Wants=network-online.target
++Description=OpenDJ Server Daemon
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)After=network-online.target
++Wants=network-online.target
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)Conflicts=shutdown.target
++After=network-online.target
--(% style="background-color:#000000" %) (% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)[Service]
++Conflicts=shutdown.target
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)Type=simple
++ [Service]
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)Restart=no
++Type=simple
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)TimeoutSec=5min
++Restart=no
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)IgnoreSIGPIPE=no
++TimeoutSec=5min
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)KillMode=process
++IgnoreSIGPIPE=no
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)GuessMainPID=no
++KillMode=process
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)RemainAfterExit=yes
++GuessMainPID=no
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)ExecStart=/opt/opendj/bin/start-ds ~-~-quiet
++RemainAfterExit=yes
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)ExecStop=/opt/opendj/bin/stop-ds ~-~-quiet
++ExecStart=/opt/opendj/bin/start-ds --quiet
--(% style="background-color:#000000" %) (% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)[Install]
++ExecStop=/opt/opendj/bin/stop-ds --quiet
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)WantedBy=multi-user.target
--)))
--)))
++ [Install]
++WantedBy=multi-user.target
++{{/code}}
++
  (% start="3" %)
--1. Then type the following commands(((
--|(% style="background-color:black" %)(((
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)systemctl daemon-reload
++1. Then type the following commands:
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)systemctl enable ~-~-now opendj
++{{code language="shell"}}
++systemctl daemon-reload
--(% style="line-height:1.38" %)
--(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)systemctl status opendj
--)))
--)))
++systemctl enable --now opendj
--== Fonction utile ==
++systemctl status opendj
++{{/code}}
--L'opération ci-dessous ne fait pas partie de l'installation.
--Il peut néanmoins être utile de la connaître pour une utilisation ultérieure.
++== Useful option ==
--=== Étendre la limite pour les recherches LDAP ===
++The operation below is not part of the installation.
++However, it may be useful to know it for later use.
--Étendre la limite de recherche du LDAP à plus de 1000 utilisateurs avec le fichier “extend_search_limit.ldif” ci-dessous
++=== Extending the limit for LDAP searches ===
--|(% style="background-color:black" %)(% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)///opt/opendj/bin/ldapmodify //(% style="color:#ffffff" %)~-~-port 389 (% style="background-color:#000000; color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)//~-~-bindDN "cn=Directory Manager" ~-~-bindPassword adminOpenDJ1 extend_search_limit.ldif//
++It is possible to extend the LDAP search limit to more than 1000 users with the “extend_search_limit.ldif” file below.
--|(% style="background-color:black" %)(((
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//dn: uid=admin,ou=default,dc=digdash,dc=com//
++{{code language="shell"}}
++sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" extend_search_limit.ldif
++{{/code}}
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//changetype: modify//
++{{code}}
++dn: uid=admin,ou=default,dc=digdash,dc=com
++changetype: modify
++add: ds-rlim-size-limit
++ds-rlim-size-limit: 10000
++{{/code}}
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//add: ds-rlim-size-limit//
++(% class="wikigeneratedid" id="H" style="line-height: 1.2;" %)
--(% style="line-height:1.38" %)
--(% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//ds-rlim-size-limit: 10000//
--)))
--= MariaDB (Préconisé){{id name="DB_ubuntu"/}} =
++= MariaDB (Recommended){{id name="DB_ubuntu"/}} =
--La base de données MariaDB va servir à stocker les éléments suivants : Commentaires, données d'audit et formulaires de saisies.
++The MariaDB database will be used to store the following elements: comments, audit data and data entry.
--Cette base est plus pérenne qu'une base H2 c'est pourquoi nous préconisons son utilisation. Si vous possédez déjà une base de données sur laquelle Digdash peut écrire et lire alors passez à l'étape de configuration.
++This database is more durable than an H2 database, that is why we recommend its use. If you already have a database that Digdash can write to and read from then proceed to the configuration step.
--Cela fonctionne aussi avec Mysql ou Postgresql.
++Mysql and Postgresql are also compatible.
  == Installation ==
@@ -750,28 +750,28 @@
  {{/code}}
  {{code language="shell"}}
--#Démarrage de mariadb
++#start mariadb
  sudo systemctl start mariadb
--#Arrêt de mariadb
++#Stop mariadb
  sudo systemctl stop mariadb
--#Reload pour prise en compte de modification de configuration
++#Reload to take into account the configuration changes
  sudo systemctl reload mariadb
  sudo systemctl force-reload mariadb
--#Connaître la version
++#Display the version
  mariadb --version
  {{/code}}
  (% class="wikigeneratedid" %)
--Lancer mysql_secure_installation, cela va permettre de sécuriser l'installation
++Launch mysql_secure_installation. This will secure the installation.
  {{code language="shell"}}
  sudo mysql_secure_installation
--# Répondez oui à toutes les étapes
++# Enter yes at all steps
  {{/code}}
--== Activation du lancement automatique du service au démarrage ==
++== Enabling automatic service start on startup ==
  {{code language="shell"}}
  sudo systemctl enable mariadb
@@ -778,37 +778,36 @@
  {{/code}}
--== Configuration côté base de données ==
++== Database configuration ==
--Nous allons créer une base pour chaque domaine et chaque webapps (par exemple prod_ddaudit et dev_ddaudit et ainsi de suite)
++We will create a base for each domain and each webapps (for example prod_ddaudit and dev_ddaudit and so on)
--Dans l'exemple ci dessous, nous allons considérer qu'il n'existe qu'un environnement 'default'.
++In the example below, we will consider that there is only one 'default' environment.
  {{code language="shell"}}
--# Lancer mariadb
++# Start mariadb
  sudo mariadb -u root -p
--# Créer toutes les bases de données nécessaires domaine_module.
++# Create all necessary databases domain_module.
  CREATE DATABASE default_ddaudit;
  CREATE DATABASE default_comment;
  CREATE DATABASE default_ddentry;
--# Créer un user pour chaque base de données domaine_user_module. Le mot de passe est un nouveau mot de passe à créer.
++# Create a user for each database domaine_user_module. The password is a new one to create.
  CREATE USER 'default_user_ddaudit'@'localhost' IDENTIFIED BY 'mynewpassword';
  CREATE USER 'default_user_comment'@'localhost' IDENTIFIED BY 'mynewpassword';
  CREATE USER 'default_user_ddentry'@'localhost' IDENTIFIED BY 'mynewpassword';
--# Attribuer les droits aux utilisateurs sur les bonnes bases
++# Assign rights on the databases to the user
  GRANT ALL PRIVILEGES ON default_comment.* TO 'default_user_comment'@'localhost';
  GRANT ALL PRIVILEGES ON default_ddaudit.* TO 'default_user_ddaudit'@'localhost';
  GRANT ALL PRIVILEGES ON default_ddentry.* TO 'default_user_ddentry'@'localhost';
  {{/code}}
++= NGINX (Optional) =
--= NGINX (Optionnel) =
++Nginx is used as reverse proxy.
--Nous utilisons Nginx comme reverse proxy.
--
  == Installation ==
  {{code language="shell"}}
@@ -815,7 +815,7 @@
  sudo apt install nginx
  {{/code}}
--== Activation du lancement automatique du service au démarrage ==
++== Enabling automatic service start on startup ==
  {{code language="shell"}}
  sudo systemctl enable nginx
@@ -823,18 +823,19 @@
  == Configuration ==
--Créer le fichier de configuration portant le nom de votre machine ou de votre environnement. Dans cet exemple, on utilise 001-digdash.
++Create the configuration file with the name of your machine or environment. In this example, we use 001-digdash.
--Dans le dossier /etc/nginx :
++In the /etc/nginx folder:
  {{code language="shell"}}
--# Créer le fichier de conf
++# Create the conf file
  sudo vi /etc/nginx/sites-available/001-digdash.conf
  {{/code}}
  {{code language="shell"}}
--# Ajouter le contenu suivant à l'intérieur.
--# Remplacer .mondomaine.com pour server et les chemins Certificate(s) and private key, par vos informations.
++# Add the following content inside.
++# Replace .mydomain.com for server and paths
++Certificate(s) and private key, par vos informations.
  upstream backend_tomcat{
      least_conn;
      server localhost:8080 fail_timeout=0;
@@ -882,13 +882,13 @@
  }
  {{/code}}
--Puis créer un lien symbolique dans site enabled
++Then create a symbolic link in sites-enabled
  {{code language="shell"}}
  sudo ln -s  /etc/nginx/sites-available/001-digdash.conf /etc/nginx/sites-enabled/001-digdash.conf
  {{/code}}
--Créer le fichier digdash_ssl_params contenant la politique de securité.
++Create the digdash_ssl_params file containing the security policy:
  {{code language="shell"}}
  sudo vi digdash_ssl_params
@@ -917,11 +917,11 @@
  add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
  {{/code}}
--= (% id="cke_bm_868S" style="display:none" %) (%%)Configuration DigDash après installation =
++= (% id="cke_bm_868S" style="display:none" %) (%%)Configuring DigDash after installation =
--== Lancement de Digdash ==
++== Starting Digdash ==
--1. Redémarrer le service Tomcat.
++1. Restart Tomcat service.
  {{code language="shell"}}
  sudo service tomcat9 restart
@@ -928,81 +928,81 @@
  {{/code}}
  (% start="2" %)
--1. Vérifier le déploiement des war dans le dossier d’installation home/digdash/webapps/default.
--1. Accéder à DigDash sur l’adresse suivante : [[__http:~~/~~/localhost:8080/adminconsole__>>url:http://localhost:8080/adminconsole]].
--Le login / mot de passe sera admin / admin.
++1. Check the war deployment in the installation folder home/digdash/webapps/default.
++1. Access DigDash homepage at the following address : [[http:~~/~~/localhost:8080/adminconsole>>url:http://localhost:8080/adminconsole]]
++The login/password is admin/admin.
--[[image:Homepage2023R2.png||alt="Page_accueil"]]
++== Connecting Digdash to the installed OpenDJ server ==
--== Branchement de Digdash au serveur OpenDJ installé ==
++Open [[http:~~/~~/localhost:8080/adminconsole/>>url:http://localhost:8080/adminconsole/]], **Configuration -> Server settings -> Servers -> LDAP Server**.
-- Aller dans **Configuration -> Paramètres serveur-> Serveurs -> LDAP**.
++* Port:  389
++* User: uid=admin, ou=default,dc=digdash,dc=com
++* Password: OpenDJ admin password
--* Port :  389
--* Utilisateur : uid=admin, ou=default,dc=digdash,dc=com
--* Mot de passe : mot de passe admin de OpenDJ
++[[image:LDAPserver_ok.png||alt="LDAP server"]]
--[[image:1675171192455-197.png]]
++Then click the **LDAP Queries** button and enter "**ou=default**" in the **Domain Tree** field for all the fields to be automatically filled as below.
--Cliquer ensuite sur **Requêtes LDAP**, et entrer "**ou=default**" dans le champ **Arbre du domaine** pour que les champs soient automatiquement renseignés comme ci-dessous.
++[[image:LDAPqueries_ok.png||alt="LDAP queries"]]
--[[image:1675171204379-473.png]]
++== Changing the supervisor password and creating the LDAP account ==
--== Modification du mot de passe superviseur et création du compte LDAP ==
++=== Changing the supervisor password ===
--=== Modification du mot de passe superviseur ===
++Open **Configuration  -> Server settings > Servers -> Enterprise Server **and enter a new password in the **Supervisor Password** field.
--Aller dans **Configuration  -> Paramètres serveur > Serveurs -> Serveur Enterprise** et entrer un nouveau mot de passe dans le champ **Mot de passe du Superviseur**.
++[[image:EnterpriseServer.png||alt="Supervisor password"]]
--[[image:Serveur_enterprise.png||alt="Serveur enterprise"]]
++=== Creating the LDAP account ===
--=== Création du compte LDAP ===
++1. Open **Configuration -> User management -> Users**.
++1. Create a new admin user and assign him all roles and authorizations groups.
++1. In the **Password** field, enter the new supervisor password defined above.
--1. Aller dans **Configuration -> Gestion des utilisateurs -> Utilisateurs**.
--1. Créer un nouvel utilisateur admin et lui attribuer tous les rôles et groupes d'autorisation.
--1. Dans le champ **Mot de passe**, entrer le nouveau mot de passe du superviseur défini ci-dessus.
++[[image:User_password.png||alt="User password"]]
--[[image:MdP_LDAP.png||alt="Compte LDAP"]]
++== Database configuration ==
--== Configuration des bases de données ==
++=== Audit data database ===
--=== Base de données Données d'audit ===
++Open **Configuration -> Server settings -> Databases -> Audit data **and enter the URL, user and password.
--(% class="wikigeneratedid" id="HAllerdansConfiguration-3EParamE8tresserveur-3ECommentairesetrenseignericil2019URL2Cl2019utilisateuretlemotdepasse." style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
--Aller dans **Configuration -> Paramètres serveur -> Base de données -> Données d'audit** et renseigner ici l’URL, l’utilisateur et le mot de passe.
--
--(% class="wikigeneratedid" style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
  **URL **: //jdbc:mariadb:~/~/localhost:3306/default_ddaudit//
--Cette solution permet de sécuriser l’accès à la base de données d'audit.
++This solution makes it possible to secure access to the audit database.
--[[image:Données_audit.png||alt="Données_audit"]]
++[[image:Audit_data.png||alt="Audit data"]]
--=== Base de données Commentaires ===
++=== Comments database ===
--(% class="wikigeneratedid" id="HAllerdansConfiguration-3EParamE8tresserveur-3ECommentairesetrenseignericil2019URL2Cl2019utilisateuretlemotdepasse." style="line-height: 1.2; margin-top: 13px; margin-bottom: 13px; text-align: justify;" %)
--Aller dans **Configuration -> Paramètres serveur -> Base de données -> Commentaires** et renseigner ici l’URL, l’utilisateur et le mot de passe.
++Open **Configuration -> Server settings -> Databases -> Audit data **and enter the URL, user and password.
--(% class="wikigeneratedid" style="line-height: 1.2; margin-top: 13px; margin-bottom: 13px; text-align: justify;" %)
--**URL** ~:// jdbc:mariadb:~/~/localhost:3306/default_comment//
++**URL** ~:// jdbc:mariadb:~/~/localhost:3306/default_comment//
--Cette solution permet de sécuriser l’accès à la base de données de commentaires.
++This solution makes it possible to secure access to the comment database.
--[[image:Commentaires.png||alt="Commentaires"]]
++[[image:Comments.png||alt="Comments"]]
  (% style="line-height: 1.2; text-indent: 0.153543pt; text-align: justify;" %)
--=== Base de données Saisie de données ===
++=== Data entry database ===
--(% class="wikigeneratedid" id="HAllerdansConfiguration-3EParamE8tresserveur-3ECommentairesetrenseignericil2019URL2Cl2019utilisateuretlemotdepasse." style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
--Aller dans **Configuration -> Paramètres serveur -> Base de données -> Saisie des données**.
++Open **Configuration -> Server settings -> Databases -> Data entry **and enter the URL, user and password.
--(% class="wikigeneratedid" style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
--Cocher la case **Activer la saisir de données** et sélectionner une base de données dans la liste déroulante.
++Select the **Enable data entry** checkbox and select a database in the drop-down list below.
  (% class="wikigeneratedid" style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
--[[image:1698407220646-676.png||alt="Saisie données"]]
++[[image:Data_entry.png]]
  (% class="wikigeneratedid" style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
--Il faut, au préalable, avoir créé une connexion à la base de données depuis le **Gestionnaire des connexions aux de données** dans le Studio. Consultez la page [[Gestionnaire des connexions aux bases de données>>doc:dev:Digdash.user_guide.studio.managers.dbconnections.WebHome]] pour plus de détails.
--Entrer default.user.ddentry pour l'utilisateur et le mot de passe défini à l'étape précédente.
--Le nom défini dans le champ **Nom de connexion **est celui qui apparaîtra dans la liste déroulante de sélection de la base de données.
++You must first have created a connection to the database from the Data connection manager in the Studio.
++Enter default.user.ddentry for the user and password defined in the previous step.
++The name defined in the **Login Name** field is the one that will appear in the database selection drop-down list.
++
++== DigDash Services ==
++
++Open the Server status page : [[__http:~~/~~/localhost:8080/ddenterpriseapi/serverstatus?adminDomain=adminconsole&serverDomain=ddenterpriseapi__>>url:http://localhost:8080/ddenterpriseapi/serverstatus?adminDomain=adminconsole&serverDomain=ddenterpriseapi]]
++
++Check that the DigDash services are activated and that the maximum memory is well adapted to the capacity of the server. You must leave at least 4 GB for the system.
++
++[[image:Server_status.png||alt="Server status"]]

Changes for page Guide d'installation Linux

Summary

Details

Sommaire