Note: this wiki page is a work-in-progress

OS and virtual hardware configure on VM

• Minimal CentOS 7.x installation
• 2 NICs - one on NAT network (192.168.122.0/24), one on isolated private network (192.168.x.0/24)
• enable "epel" repository - yum install epel-release
• Hostname: ds389.cp.net
• IP address: 192.168.x.20/24 on isolated private network

System Software Configuration

Host name resolution

• Primary DNS server for your domain:
  • Add A resource record: ds389.cp.net. IN A 192.168.x.20
  • Add PTR resource record: 20.x.168.192.in-addr.arpa. IN PTR ds389.cp.net.
• If you don't have DNS, add the following record to /etc/hosts
  • 192.168.x.20 ds389.cp.net ds389

Firewall configuration

You need to open tcp ports 389, 636 and 9830 for external access to your 389 directory server.

firewalld.service

Run the following commands to open the ports:

 firewall-cmd --permanent --add-port=389/tcp
 firewall-cmd --permanent --add-port=636/tcp
 firewall-cmd --permanent --add-port=9830/tcp

You need to run the following command to update the current firewall settings:

 firewall-cmd --reload

Please confirm your firewall settings with the following command:

firewall-cmd --list-ports

iptables.service

Run the following command to open the ports

iptables -I INPUT -p tcp --dport 389 -j ACCEPT
iptables -I INPUT -p tcp --dport 636 -j ACCEPT
iptables -I INPUT -p tcp --dport 9830 -j ACCEPT

Run the command to save the current firewall settings:

service iptables save

System resource configuration

• Add the following lines to /etc/sysctl.conf

net.ipv4.tcp_keepalive_time = 300

• Add the following lines to /etc/security/limits.conf

*    soft    nofile    8192
*    hard    nofile    8192

389-DS rpm packages
Requirements for running the setup-ds.pl program
= Post-installation =