Toolkit to install LDAP on AIX PDF Print E-mail
User Rating: / 2
Written by Michael Felt   

The dream for this toolkit (named idsldap for IBM Directory Server LDAP) started back in 2012 - when I was presenting sessions on LDAP and AIX at the POWER Technical Universities - and I wanted some easy labs to encourage playing with different setups of LDAP on AIX.

Initially, the labs needed "all kinds of stuff" - read: a X-server - because the default installer was an X11 based app (look and feel 'Windows'). Besides the extra demands this made on the lab 'desktop' a GUI based installer was also slowish and the instructions were still just click here, take the default settings, etc..

So, I wanted - and started making something better that was a) text-based; b) quick (5 to 10 minutes); and c) easy to uninstall (i.e., start over).

At the Athens TechU (November 2013) I had it all ready for ITDS (aka IBM Tivoli Directory Server) packaging - and then SDS (aka IBM Security Directory Server) packaging appeared! Cry

Woe was me!

For over two years my scripts just sat still, i.e. I was not motivated to redo them after they changed the "packaging" from "ITDS" - aka IBM Tivoli Directory Server to "SDS" aka IBM Security Directory Server.

At the time, the most irritating was - even installing the components manually - the command mksecldap -c (to install the client) refused to complete. (Now, after my recent work I understand why!)

To the point

I now have a revised version of my original scripts - to install a server and client with just three commands

  1. # /opt/idsldap/idsDB2
  2. # /opt/idsldap/idsServer # must enter the password for the  ldapdb2 user and a 12+ character seed for the database
  3. # /opt/idsldap/idsClient

Depending on your system's I/O speed, the three commands should finish in less than 10 minutes (I have been testing on POWER6 on iSCSI/VSCSI disks (or SLOW!) with the sources coming over NFS.

Want to play?

The scripts are available as an installp fileset. First, download the try&buy IBM Directory Server for AIX files and unpack them. Second, export the base directory of the unpacked files as ISDDIR (e.g.,
# export ISDDIR=/ids/sdsV6.3.1
Then download the toolkit from to /tmp and then enter the following commands:

  1. # inutoc /tmp
  2. # installp -d /tmp -a aixtools.idsldap.rte

This will install the scripts (there are also some help scripts) in /opt/idsldap. The scripts also write some files (environment files, setup commands) to /var/idsldap, and the keys for SSL are put in /var/idsldap/keys. For your own customization you should look at, i.e., edit either /opt/idsldap/idsInit.ksh or the /var/idsldap/*.env files

When you are ready - you can either add /opt/idsldap to your PATH, or type the full pathnames, e.g.

  1. # export IDSDIR=/ids/SDSV6.3.1
  2. # export PATH=$PATH:/opt/idsldap
  3. # idsDB2 && idsServer && idsClient

During the command idsServer you will need to enter some input:

ldapdb2's New password:
Enter the new password again:
Enter an encryption seed to generate key stash files:

That should give you a working LDAP server and client on a single host!


Remember, this toolkit is focusing on quick setup of a default server. There are files in /var/idsldap with default passwords. These should not be left behind for a production server! Instead - adapt the scripts so that they help you manage your LDAP server. The /var/idsldap tree is just an example of how you could organize your information. I moved it out of /etc/security/ldap because I (personally) no longer that is the best default area. In fact, I might start thinking about /var/keys as a better overal default for many products that need crytographic keys.


< Prev   Next >