The dream for this toolkit (named idsldap for IBM Directory Server LDAP) started back in 2012 - when I was presenting sessions on LDAP and AIX at the POWER Technical Universities - and I wanted some easy labs to encourage playing with different setups of LDAP on AIX.
Initially, the labs needed "all kinds of stuff" - read: a X-server - because the default installer was an X11 based app (look and feel 'Windows'). Besides the extra demands this made on the lab 'desktop' a GUI based installer was also slowish and the instructions were still just click here, take the default settings, etc..
So, I wanted - and started making something better that was a) text-based; b) quick (5 to 10 minutes); and c) easy to uninstall (i.e., start over).
At the Athens TechU (November 2013) I had it all ready for ITDS (aka IBM Tivoli Directory Server) packaging - and then SDS (aka IBM Security Directory Server) packaging appeared!
Woe was me!
For over two years my scripts just sat still, i.e. I was not motivated to redo them after they changed the "packaging" from "ITDS" - aka IBM Tivoli Directory Server to "SDS" aka IBM Security Directory Server.
At the time, the most irritating was - even installing the components manually - the command mksecldap -c (to install the client) refused to complete. (Now, after my recent work I understand why!)
To the point
I now have a revised version of my original scripts - to install a server and client with just three commands
- # /opt/idsldap/idsDB2
- # /opt/idsldap/idsServer # must enter the password for the ldapdb2 user and a 12+ character seed for the database
- # /opt/idsldap/idsClient
Depending on your system's I/O speed, the three commands should finish in less than 10 minutes (I have been testing on POWER6 on iSCSI/VSCSI disks (or SLOW!) with the sources coming over NFS.
Want to play?
The scripts are available as an installp fileset. First, download the try&buy IBM Directory Server for AIX files and unpack them. Second, export the base directory of the unpacked files as ISDDIR (e.g.,
# export ISDDIR=/ids/sdsV6.3.1
Then download the toolkit from http://www.aixtools.net/index.php/idsldap to /tmp and then enter the following commands:
# inutoc /tmp
# installp -d /tmp -a aixtools.idsldap.rte
This will install the scripts (there are also some help scripts) in /opt/idsldap. The scripts also write some files (environment files, setup commands) to /var/idsldap, and the keys for SSL are put in /var/idsldap/keys. For your own customization you should look at, i.e., edit either /opt/idsldap/idsInit.ksh or the /var/idsldap/*.env files
When you are ready - you can either add /opt/idsldap to your PATH, or type the full pathnames, e.g.
- # export IDSDIR=/ids/SDSV6.3.1
- # export PATH=$PATH:/opt/idsldap
- # idsDB2 && idsServer && idsClient
During the command idsServer you will need to enter some input:
ldapdb2's New password:
Enter the new password again:
Enter an encryption seed to generate key stash files:
That should give you a working LDAP server and client on a single host!
Remember, this toolkit is focusing on quick setup of a default server. There are files in /var/idsldap with default passwords. These should not be left behind for a production server! Instead - adapt the scripts so that they help you manage your LDAP server. The /var/idsldap tree is just an example of how you could organize your information. I moved it out of /etc/security/ldap because I (personally) no longer that is the best default area. In fact, I might start thinking about /var/keys as a better overal default for many products that need crytographic keys.