Jump to: navigation, search

Report Issues (via Forums) and/or TWEET:@rootvgnet

MD5 Checksum

AC32D59182706C0238F4C1FE947A6052 aixtools.idsldap.

This originated as lab exercise to play with ITDS (aka TDS or Tivoli Directory Server) V6.3

Within a week after getting it "finished" the product was no longer TDS but SDS (for IBM Security Directory Server) V6.3.1

The goal of the lab was to be able to install AIX LDAP server and client in less than 10 minutes - after the downloads are completed (one time operation!) from so-called Try and Buy versions. The link below took me (as of 07 March 2016) to the Try and Buy for V6.3.1 (I am told the scripts also work with SDS-V6.4.0 - the latest version).

The good news is I have just tested the scripts against both the Try and Buy of V6.3 and V6.3.1 and one package works for both. Still need to test against a normal DVD image.


Goal is a test system

I'll prepare a short(er) lab description. Just remember, the primary purpose is to be able to rapidly install AIX LDAP on a test server - to help gain knowledge about the specifics needed to get your production server just the way you want.

The main reason I would not consider this an "out of the box" production server is because of the SSL certification keys and passwords - you will want your own - not self-signed with some default passwords I thought up for the scripts.

In short, this is not meant to be a "one size fits all" AIX LDAP installer. At the very least, run the command /opt/idsldap/bin/idsInit.ksh and then review the files /var/idsldap/server.env and /var/idsldap/client.env. These files provide the env variables the other scripts use for making the SSL keys

If you only want to install the filesets - /opt/idsldap/bin/idsInstall.ksh -s for the server (and client sometimes) and /opt/idsldap/bin/idsInstall.ksh -c to install only the client software. Note: GSKIT is always installed, under the assumption you will be using SSL for connections between the LDAP client and the LDAP server.

HOWTO prepare for using idsldap

1. Download IBM Security Directory Server was Tivoli Directory Server - note: you will need a (free) IBM Userid to do the download.

2. Download the idsldap package/fileset.

3. After the downloads complete, unpack them in a directory - e.g., /itds/tdsV6.3 or /tmp/sdsV6.3.1

Install LDAP Server for AIX

1. define/update and export two environment variables

  • # export IDSDIR=/itds/tdsV6.3 (mandatory) (Note: use the subdir the tarfiles unpack into!)
  • # export PATH=${PATH}:/opt/idsldap/bin (optional - you can also use full pathname to start scripts)

2. install the DB2 database software - server ONLY

  • # /opt/idsldap/bin/idsDB2

3. Install the TDS software and create a LDAP server with SSL

  • # idsServer

Install LDAP client for AIX

1. define/update two environment variables

  • # export IDSDIR=/itds/tdsV6.3 (mandatory) (Note: use the subdir the tarfiles unpack into!)
  • # export PATH=${PATH}:/opt/idsldap/bin (optional)

2. create /var/idsldap/client.env file and edit the hostname variable (localhost by default)

  • # /opt/idsldap/bin/idsInit.ksh
  • # vi /var/idsldap/client.env (modify LDAP_SERVER variable)

3. Install the TDS software and connect to $LDAP_SERVER using SSL

  • # idsClient

Note: the server hostname is hard-coded as localhost. You will need to edit for additional systems.

Simplified CHANGELOG

Updated to work with both old TDS try and buy layout AND SDSV361 layout

  • version 0.0.4 - Initial Release - 08-Nov-2013
  • version 0.0.5 - corrections - 10-Nov-2013
    • typo in idsInit.ksh
    • improvements in idsRemove
    • Note: idsRemove is to unconfigure the mksecldap -s command by dropping both the IDS and DB2 instances - so you can run idsServer and start out all over again. Very useful when experimenting with IDSLDAP server setups.
Personal tools