This chapter covers command-line installation with additional information on setup options. Make sure you have the correct Java environment installed. JavaRequirements $ java -version java version "1.6.0_24" Java(TM) SE Runtime Environment (build 1.6.0_24-b07-334-9M3326) Java HotSpot(TM) 64-Bit Server VM (build 19.1-b02-334, mixed mode) If your default Java environment is not appropriate, set OPENDS_JAVA_HOME to the path to the correct Java environment, or set OPENDS_JAVA_BIN to the absolute path of the java command. The latter environment variable is useful for example if you have both 32-bit and 64-bit versions of the Java environment installed, and want to make sure you use the 64-bit version. Downloading OpenDJ Get the appropriate installation packages from the OpenDJ download page. OpenDJ-.zip Cross-platform OpenDJ directory server installation files opendj.zip SVR4 format native packages for Solaris OpenDJ--DSML.war Cross-platform OpenDJ DSML gateway web archive File descriptor requirements Allow OpenDJ software to use at least 64K (65536) file descriptors to operate properly. How you set the maximum number of file descriptors per process depends on your system. Read your system documentation for instructions. Typically you use the ulimit -a command to list current settings. DSML gateway If you plan to install OpenDJ DSML gateway, make sure you have an appropriate application server installed. If you plan to configure SSL or TLS to secure network communications between the server and client applications, get a properly signed digital certificate that your client applications recognize, such as one that fits with your organization's PKI or one provided by a recognized certificate authority. To use the certificate during installation, the certificate must be located in a key store provided with Java (JKS, JCEKS, PKCS#12), or on a PKCS#11 token. To import a signed certificate into a key store, you can use the Java keytool command. See Preparing For Secure Communications in the Administration Guide for examples. Command-line installation Unzip OpenDJ-.zip in the file system directory where you want to install the server. Unlike the web-based Quick Setup install, the setup command uses the directory where you unzipped the files as the installation directory, and does not ask you where to install OpenDJ. Therefore, if you want to install elsewhere on the file system, unzip the files in that location. Run the setup --cli command found in the OpenDJ- directory. This command starts the setup program in interactive mode on the command line, prompting you for each option. Alternatively, use additional setup options to specify values for the options you choose during interactive mode, thus scripting the installation process. See setup --help and the notes below. Silent installation To perform a non-interactive, silent installation, provide all the options to configure OpenDJ, and then also use the -n or --no-prompt option. The setup command without the --cli option runs the Quick Start GUI installer with your local version of software, as does Java WebStart with a remote version of the software. $ /path/to/OpenDJ-/setup --cli OpenDJ Please wait while the setup program initializes... What would you like to use as the initial root user DN for the Directory Server? [cn=Directory Manager]: Please provide the password to use for the initial root user: Please re-enter the password for confirmation: On which port would you like the Directory Server to accept connections from LDAP clients? [1389]: On which port would you like the Administration Connector to accept connections? [4444]: Do you want to create base DNs in the server? (yes / no) [yes]: Provide the base DN for the directory data: [dc=example,dc=com]: Options for populating the database: 1) Only create the base entry 2) Leave the database empty 3) Import data from an LDIF file 4) Load automatically-generated sample data Enter choice [1]: 3 Please specify the path to the LDIF file containing the data to import: \ /path/to/Example.ldif Do you want to enable SSL? (yes / no) [no]: Do you want to enable Start TLS? (yes / no) [no]: Do you want to start the server when the configuration is completed? (yes / no) [yes]: Setup Summary ============= LDAP Listener Port: 1389 Administration Connector Port: 4444 LDAP Secure Access: disabled Root User DN: cn=Directory Manager Directory Data: Create New Base DN dc=example,dc=com. Base DN Data: Import Data from LDIF File (/path/to/Example.ldif) Start Server when the configuration is completed What would you like to do? 1) Set up the server with the parameters above 2) Provide the setup parameters again 3) Print equivalent non-interactive command-line 4) Cancel and exit Enter choice [1]: See /var/....log for a detailed log of this operation. Configuring Directory Server ..... Done. Importing LDIF file /path/to/Example.ldif ........... Done. Starting Directory Server ........... Done. To see basic server configuration status and configuration you can launch \ /path/to/OpenDJ-/bin/status Some notes on the options follow. Initial root user DN The root user Distinguished Name identifies a user who can perform all administrative and other operations allowed for the server, called root user due to the similarity to the UNIX root. The default, cn=Directory Manager, is a well-known name. If you have reason to be paranoid, you might opt for a different name. Initial root user password The root user will use simple, password-based authentication. Later you can limit cleartext access to avoid snooping, but for now use a strong password here unless this is a throwaway server. LDAP port The default for LDAP is 389. If you are working as a user who cannot open port 389, setup suggests 1389 as a default. Administration port This is the service entrance used to configure the server, run tasks, and so forth. The default is 4444. Create base DNs You need a base Distinguished Name, such as the default dc=example,dc=com, to add directory data. If you already have LDIF, the base DN you want is the distinguished name suffix common to all entries in your LDIF. You can provide more than one base DN if your data belongs in more than one suffix. Import LDIF LDAP data interchange format is the standard text format for expressing LDAP data. If you have LDIF already, one reason you might not want to import the data at the same time you install is because your data uses attributes not defined in the default schema, and so you will wait to add schema definitions before you import. If you have a huge data set to import, you no doubt should also increase the import cache size, which you can do by passing a Java properties file. You might also prefer to perform data import offline. Enable SSL and TLS Enabling Secure Sockets Layer or Transport Layer Security lets you protect the network traffic between directory clients and your server. SSL SSL requires its own, separate port for LDAPS traffic. The default port for LDAPS is 636. If you are working as a user who cannot open port 636, setup suggests 1636 by default. TLS TLS lets you use StartTLS to negotiate a secure connection between a client and server, starting from the same server port you configured for LDAP. X.509 certificates The digital certificate you need for SSL and TLS can be self-signed and created on the fly. Trouble is, client applications view self-signed certificates like fake IDs, and so do not trust them. Self-signed certificates facilitate testing, but are not intended for production use. Start the server If you do not start the server during installation, you can use the bin/start-ds command later. Run the status command to make sure your OpenDJ server is working as expected. $ /path/to/OpenDJ-/bin/status >>>> Specify OpenDJ LDAP connection parameters Administrator user bind DN [cn=Directory Manager]: Password for user 'cn=Directory Manager': --- Server Status --- Server Run Status: Started Open Connections: 1 --- Server Details --- Host Name: opendj.example.com Administrative Users: cn=Directory Manager Installation Path: /path/to/OpenDJ- Version: OpenDJ Java Version: 1.6.0_24 Administration Connector: Port 4444 (LDAPS) --- Connection Handlers --- Address:Port : Protocol : State -------------:----------:--------- -- : LDIF : Disabled 0.0.0.0:161 : SNMP : Disabled 0.0.0.0:636 : LDAPS : Disabled 0.0.0.0:1389 : LDAP : Enabled 0.0.0.0:1689 : JMX : Disabled --- Data Sources --- Base DN: dc=example,dc=com Backend ID: userRoot Entries: 160 Replication: Disabled You can install OpenDJ in unattended and silent fashion by using the setup command with the --no-prompt option, specifying values for all the other options you require. DSML gateway The OpenDJ DSML gateway functions as a web application located in a web application container. The DSML gateway runs independently of OpenDJ directory server. You configure the gateway to access your directory service by editing the ldap.host and ldap.port parameters in the WEB-INF/web.xml configuration file. Deploy OpenDJ--DSML.war according to the instructions for your application server. Edit WEB-INF/web.xml to ensure the values for ldap.host and ldap.port are correct. Restart the web application container according to the instructions for your application server.