The three 389 web apps (Directory Server Gateway, Directory Express, and Org Chart) are installed separately from the Directory Server itself. After installing and configuring the Directory Server and Administration Server, then you can set up the web applications.
The Directory Server web apps are supported on Fedora 7 and later.
There are two security issues when using the web apps: the bind credentials used for accessing the Directory Server Gateway and the user as which the Directory Server Gateway HTTP server process runs.
binddnfile
parameter which gives the bind DN and bind password used to permit non-anonymous searching of the directory. The binddnfile
should not be stored in the configuration directory (such as /etc/dirsrv/dsgw
) or in any directory that can be accessed over HTTP.root
. This may expose sensitive information about the configuration of the Directory Server.Additionally, the Administration Server must be local to the web applications.
Installing the Directory Server is described in the FDS Install Guide; the basic procedure is outlined here. Both the Directory Server and Administration Server must be set up before you can set up the web apps.
Install the Directory Server packages.
yum install 389-ds
After the Directory Server packages are installed, run the setup-ds-admin.pl
script to set up the default Directory Server instance and the Administration Server.
/usr/sbin/setup-ds-admin.pl
After the Directory Server is configured and a local Administration Server is available, then install and configure the web apps. The web apps packages include the Directory Server Gateway, Directory Express, and Org Chart.
If not already installed, install the Directory Server Gateway package.
yum install 389-dsgw
Run the setup-ds-dsgw
script to set up the default instances of the Directory Server Gateway, Directory Express, Org Chart, and Admin Express. The setup-ds-dsgw
script is in the /usr/sbin
directory.
setup-ds-dsgw
This shell script will configure the Directory Server Gateway, Phonebook and Org Chart web applications to work with the Administration Server.
Reading parameters from Administration Server config . . . Using Administration Server URL http://ldap.example.com:9830...
Reading parameters from Directory Server /etc/dirsrv/slapd-ldap . . .
Using Directory Server URL ldap://ldap.example.com:389/dc=example, dc=com . . .
Generating config file /etc/dirsrv/dsgw/dsgw.conf . . .
Generating config file /etc/dirsrv/dsgw/pb.conf . . .
Generating config file /etc/dirsrv/dsgw/orgchart.conf . . .
Generating config file /etc/dirsrv/dsgw/default.conf . . .
Generating the credential database directory . . .
Adding configuration to httpd config file /etc/dirsrv/admin-serv/httpd.conf . . .
Enabling links to web apps from Administration Server home page . . .
The Directory Server Gateway web applications have been successfully configured.<br>You will need to restart your Administration Server.
Restart the Administration Server. For example:
service dirsrv-admin restart
To open a menu of every web application, go to the Administration Server URL. For example:
http://ldap.example.com:9380/
Then, select the web app from the list. To access a specific gateway instance, use the Administration Server URL with the gateway instance directory. For example:
http://ldap.example.com:9380/dsgwcmd/lang?context=example
The command /usr/sbin/setup-ds-dsgw
configures the Directory Server Gateway and the other web apps to use the Administration Server. This script also writes all of the we app configuration files to /etc/dirsrv/dsgw
. The setup script attempts to determine the appropriate Directory and Administration Servers to use from the files in /etc/dirsrv/slapd-*
and /etc/dirsrv/admin-serv
.
There are four main web app configuration files for the Directory Server Gateway, Directory Server Express, and Org Chart applications. (Admin Express uses the Admin Server configuration, not a separate configuration file.)
Web App | Configuration File | Purpose | More Info |
---|---|---|---|
Directory Server Gateway | dsgw.conf | Configuration file. You can edit this file if necessary. This file is derived from /usr/share/dirsrv/dsgw/config/dsgw.tmpl by setup-ds-dsgw . |
“Configuring General Gateway Behavior (dsgw.conf) |
Directory Server Gateway | dsgw-httpd.conf | Contains the Apache config for the Directory Server Gateway CGI programs and scripts, the static HTML pages and templates, and the help files. setup-ds-dsgw makes the Admin Server’s httpd.conf include this file. You should not touch this file. |
|
Directory Server Express | pb.conf | Configuration file. You can edit this file if necessary. This file is derived from /usr/share/dirsrv/dsgw/pbconfig/pb.tmpl by setup-ds-dsgw . |
“Directory Express Configuration File (pb.conf) |
Org Chart | orgchart.conf | Configuration file. You can edit this file if necessary. This file is derived from /usr/share/dirsrv/dsgw/orghtml/orgchart.tmpl by setup-ds-dsgw . |
“Changing Org Chart Behavior” |
There can be more than one Directory Server Gateway instance; multiple Directory Server Gateway instances can access the same directory data without conflicts or multiple instances can run on the same Administration Server and contact different Directory Server instances.
To access a specific gateway instance, use the Administration Server URL with the gateway instance directory. For example:
<nowiki>http://ldap.example.com:9380/dsgwcmd/lang?context=example</nowiki>
To create a new instance of the Directory Server Gateway, copy the configuration files for an existing instance (the /usr/share/dirsrv/dsgw/html
and /usr/share/dirsrv/dsgw/config
directories and /etc/dirsrv/dsgw/dsgw.conf
file), and then edit a few parameters in the /etc/dirsrv/dsgw/dsgw.conf
file to reflect the new locations:
dsgw.conf
file.gwnametrans
parameter so that it provides a mapping reference to the new HTML directory. For example:
gwnametrans /example/
binddnfile
), and localization. Also, edit the Directory Server parameters if the new Gateway will access a different Directory Server instance./usr/share/dirsrv/dsgw/html
, for the new instance./usr/share/dirsrv/dsgw/config
, for the new instance.Edit the htmldir
and configdir
parameters in the new .conf
to point to the new HTML and configuration directories.
htmldir /usr/share/dirsrv/dsgw/example-html
configdir /usr/share/dirsrv/dsgw/example-config
If the configuration is changed in a way that keeps the web apps from working, or if you just want to restore the default settings, it is possible to run the setup script again. By default, setup-ds-dsgw
will not overwrite an existing installation. However, if you remove the configuration files (dsgw.conf
, pb.conf
, and orgchart.conf
in /etc/dirsrv/dsgw
), the the setup script will restore the defaults.
Alternatively, run the setup-ds-dsgw
script again with the -r
option, which overwrites the edited configuration files with the default settings. For example:
setup-ds-dsgw -r