All,
I know I am being a bummer here, but I am running into problems now and then. The reason is I am trying to script out the FDS deployment.
Here are my questions: 1. What is the command line equivalent of requesting a server certificate for Admin Server and Directory server? The console works fine. I am using openssl to generate certificates in x509 format.
2. In order to setup subsequent FDS servers, I should copy /etc/dirsrv ; /usr/lib/dirsrv / ; /var/lib/dirsrv to the other hosts. Is this correct? And Run register-ds-admin.pl
3.If I do as in 2. Not sure if the certificates will cause issue. Also I am using ldap.domain.com as server identifier and mapping a virtual IP for load balancing purpose. I read that server name should be same as hostname, but I am using a DNS record if ldap.domain.com. Will it cause any issues?
Thanks, Prashanth
Prashanth Sundaram wrote:
All,
I know I am being a bummer here, but I am running into problems now and then. The reason is I am trying to script out the FDS deployment.
Here are my questions:
What is the command line equivalent of requesting a server certificate for Admin Server and Directory server? The console works fine.
I am using openssl to generate certificates in x509 format.
There is a script which creates a self signed CA cert, then uses that CA to create server certs, using the certutil and pk12util command line tools. Have you seen this - http://directory.fedoraproject.org/wiki/Howto:SSL#Script
2. In order to setup subsequent FDS servers, I should copy
/etc/dirsrv ; /usr/lib/dirsrv / ; /var/lib/dirsrv to the other hosts. Is this correct?
No.
And Run register-ds-admin.pl
No.
You should not copy anything. You should simply run setup-ds-admin.pl on each machine. If you want to use a centralized console, that is, if you want to be able to see all of your servers no matter where you run the console, then you should select the option to use an existing configuration directory server on each server (other than the first one, of course).
Have you read the Install Guide - http://www.redhat.com/docs/manuals/dir-server/8.1/install/index.html
3.If I do as in 2. Not sure if the certificates will cause
issue. Also I am using ldap.domain.com as server identifier and mapping a virtual IP for load balancing purpose. I read that server name should be same as hostname, but I am using a DNS record if ldap.domain.com. Will it cause any issues?
Yes. You will probably want to use subjectAltName in your directory server certificates. See http://directory.fedoraproject.org/wiki/Howto:SSL#Using_Subject_Alt_Name
Thanks, Prashanth
-- 389 users mailing list 389-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org