Revision as of 14:49, 15 November 2016

Note: this wiki page is a work-in-progress

OS and virtual hardware configure on VM

Minimal CentOS 7.x installation
2 NICs - one on NAT network (192.168.122.0/24), one on isolated private network (192.168.x.0/24)
enable "epel" repository - yum install epel-release
Hostname: ds389.cp.net
IP address: 192.168.x.20/24 on isolated private network

Primary DNS server for your domain:
- Add A resource record: ds389.cp.net. IN A 192.168.x.20
- Add PTR resource record: 20.x.168.192.in-addr.arpa. IN PTR ds389.cp.net.
If you don't have DNS, add the following record to /etc/hosts
- 192.168.x.20 ds389.cp.net ds389

You need to open tcp ports 389, 636 and 9830 for external access to your 389 directory server.

Run the following commands to open the ports:

 firewall-cmd --permanent --add-port=389/tcp
 firewall-cmd --permanent --add-port=636/tcp
 firewall-cmd --permanent --add-port=9830/tcp

You need to run the following command to update the current firewall settings:

 firewall-cmd --reload

Please confirm your firewall settings with the following command:

firewall-cmd --list-ports

Run the following command to open the ports

iptables -I INPUT -p tcp --dport 389 -j ACCEPT
iptables -I INPUT -p tcp --dport 636 -j ACCEPT
iptables -I INPUT -p tcp --dport 9830 -j ACCEPT

Run the command to save the current firewall settings:

service iptables save

net.ipv4.tcp_keepalive_time = 300

*    soft    nofile    8192
*    hard    nofile    8192

389-DS rpm packages
Requirements for running the setup-ds.pl program
= Post-installation =

@@ Line 43: / Line 43: @@
 service iptables save
 </pre>
+= System resource configuration =
+* Add the following lines to /etc/sysctl.conf
+<pre>
+net.ipv4.tcp_keepalive_time = 300
+</pre>
+* Add the following lines to /etc/security/limits.conf
+<pre>
+*    soft    nofile    8192
+*    hard    nofile    8192
 = 389-DS rpm packages =