Configure IBM Security Directory Server manually

We can configure the directory server manually. We must have the directory server and a database installed. See Database installation and configuration and Install a directory server. To configure the directory server, we must create and configure a directory server instance.

Enter all commands on a single line. The command might be split in the document for formatting purposes.

1. Create a user. Issue one of these commands.

   • On Windows operating systems

     LDAP_Install_Location\sbin\idsadduser -u ldapinst -w ldapinstpwd

     Where
     • ldapinst is the user name.
     • ldapinstpwd is the password.

   • On UNIX or Linux operating systems

     LDAP_Install_Location/sbin/idsadduser -u ldapinst -w ldapinstpwd -g idsldap –l /home/ldapinst

     Where
     • ldapinst is the user name.
     • ldapinstpwd is the password.
     • idsldap is the default LDAP group.
     • /home/ldapinst is the instance home directory.

2. Create a directory server instance. Issue the command. ISIM LDAP_Install_Location/sbin/idsicrt -I ldapinst -e encryptionseed –l /home/ldapinst Where
   • ldapinst is the LDAP instance name.
   • encryptionseed is the encryption seed.
   • /home/ldapinst is the instance home directory.

3. Create a database for the LDAP instance. Issue the command. LDAP_Install_Location/sbin/idscfgdb -I ldapinst -a dbadmin -w dbadminpwd -t dbname -l /home/ldapinst Where
   • ldapinst is the LDAP instance name.
   • dbadmin is the database administrator name.
   • dbadminpwd is the database administrator password.
   • dbname is the database name.
   • /home/ldapinst is the instance home directory.

4. Set the password for directory server instance Principal DN. Issue the command. LDAP_Install_Location/sbin/idsdnpw -I ldapinst -u cn=root -p root Where
   • ldapinst is the LDAP instance name.
   • cn=root is the Principal DN.
   • root is the Principal DN password.

5. Add the suffix dc=com in the directory server instance. Issue the command on a single line. LDAP_Install_Location/sbin/idscfgsuf -I ldapinst -s dc=com Where
   • ldapinst is the LDAP instance name.
   • dc=com is the suffix.

6. Start the directory server instance.

   • On Windows operating systems

     Use the Windows Services application to start the LDAP instance.

   • On UNIX or Linux operating systems issue the command.LDAP_Install_Location/sbin/ibmslapd -I ldapinst -n -t

7. Create an ldif file such as dccom.ldif with the following content.

   dn:dc=com
   objectclass:domain

8. Run the following command. LDAP_Install_Location/bin/idsldapadd -p ldap_server_port -D bind_dn -w bind_dn_password -f dccom.ldifWhere
   • ldap_server_port is the port on which the LDAP server listens.
   • bind_dn is the distinguished name that binds to the LDAP directory.
   • bind_dn_password is the password for authentication
   • dccom.ldif is the name of the ldif file.
   For example,

   On Windows operating system.

   Program Files\IBM\ldap\V6.3.1\bin\idsldapadd -D cn=root -w secret -p 389 -f dccom.ldi.

   On UNIX or Linux operating system.

   /opt/IBM/ldap/V6.3.1/bin/idsldapadd -D cn=root -w secret -p 389 -f dccom.ldi.

Parent topic: IBM Security Directory Server configuration

Related

• Successful suffix object configuration verification

Related tasks

• Update the IBM Security Directory Server configuration for IBMLDAP_ATTR_INCLUDE_BINARY to FALSE
• Manually tuning the IBM Security Directory Server database