Conklin Technology Group, LLC IT Architecture. Identity Management. Unix Administration

OpenDS 2.2 AMI

Conklin Technology Group, LLC
OpenDS 2.2 Amazon EC2 AMI documentation
General Info
The OpenDS 2.2. AMI is based on an openSUSE 11.2 Linux system, running OpenDS 2.2.0, Apache HTTP Server 2.2 and includes the phpLDAPAdmin package to allow for easy administration of your new LDAP server.  All of the software has been installed and pre-configured to get you up and running your own LDAP server in a matter of minutes!
In order to use this AMI, you will need to sign up for an Amazon Web Services account, specifically the Elastic Compute Cloud (EC2) service. Signing up is easy, if you haven't already done so, the URL is:  http://aws.amazon.com/ec2/
The direct URL to purchase this AMI is: https://aws-portal.amazon.com/gp/aws/user/subscription/index.html?ie=UTF8&offeringCode=C831E696
Once you've established your account, you can then begin to create your own instances.  You'll want to search for "conklintechnology" in the list of available AMIs.  Amazon sets prices based on several easy-to-understand metrics, such as compute time in hours, data transfer rates, and storage used.  Plus, you'll only pay for what you use, unlike many standard hosting providers.  Prices are given prior to starting up your new OpenDS instance.
Initial AMI tasks
One of the first steps you will want to perform once your new machine has started, and you have successfully logged in (you can connect via the AWS management console, if you don't have an SSH client available), is to change the hostname to the value provided by Amazon.  This value would be something like:  ec2-123.45.56.78.compute-1.amazonaws.com  From the root prompt at your new machine, simply type:
#    hostname ec-123.45.56.78.compute-1.amazonaws.com
This step is not mandatory, but it will prevent some warning messages when first starting up OpenDS and Apache.  You will need to do this each time the server is restarted, as that change will not be persistent.
Another thing you'll want to change is the ports allowed in your EC2 security group.  This will allow you to connect in remotely to the various services running on your new machine.  Initially, you'll want to at least open port 22 (SSH), port 80 (Apache Web Server) and port 389 (LDAP port).
Creating and Mounting an EBS volume
In order to persist data in the event your instance is stopped or crashes, it is important to configure an Elastic Block Storage (EBS) volume for your server.  Otherwise, any changes made to your LDAP server's database will be lost.
You can create and attach EBS volumes by using the EC2 management console.  Once the volume is created and attached to your running instance, you'll need to create a file system on this new device.  Important: Make sure your volume is in the same zone as your instance, otherwise you will not be able to attach it to your server.
For the initial setup of your new EBS volume, you'll need to create a filesystem on it.  Use:
#    mkfs.xfs /dev/sdf  (or whatever your device name was)
The fstab is already updated with this information -- if you choose a different mount point or device name, just edit the /etc/fstab with the appropriate values for your system.
Then, mount your new filesystem under /data (the mount point already exists):
# mount /data
Use "df -h" to validate the new volume is available with the amount of space you chose when creating it in the AWS console.
OpenDS 2.2
The OpenDS 2.2 software has been installed on your new machine under "/opt/OpenDS2.2.0"  Under this directory, you'll find things like the configuration files, logs, and binaries for stopping and starting your server.
Important: Before starting your new server, make sure that the EBS volume you created is attached and mounted at /data.  Then run this command:
#     cp -r /opt/OpenDS2.2.0/db /data
Relevant information for your new LDAP server:
Ports: 389 (LDAP), 4444 (Admin console)
Base DN: o=root
Directory Manager DN:  cn=directory manager
Directory Manager password:  dirmgr123
To start your new server:
#    cd /opt/OpenDS2.2.0/bin ; ./start-ds
Apache 2.2  & phpldapadmin
To stop/start your Apache server, you can use the apache2ctl command, with either a 'stop', 'start' or 'restart' argument, so for example:
#    apache2ctl start
Once your web server has been started, you can begin to use the phpLDAPadmin tool that has been pre-installed on your new instance.  It can be accessed from this URL:
http://your-public-AMI-address/pla
The installation path of the phpLDAPAdmin software, for things like config files and the HTML files, can be found in /srv/www/htdocs/pla
In order to troubleshoot anything with the Apache Web server. the log files are located at /var/log/apache2, the configuration files are located at /etc/apache2.
Additional Configuration
Contact CTG for professional services, including advanced configurations of your LDAP server, assistance with integrating LDAP authentication into your Unix/Linux servers, or other assistance beyond what is provided in this documentation.
Email:  info@conklintechnology.com
Web:  http://www.conklintechnology.com

OpenDS 2.2 Amazon EC2 AMI documentation


General Info

The OpenDS 2.2. AMI is based on an openSUSE 11.2 Linux system, running OpenDS 2.2.0, Apache HTTP Server 2.2 and includes the phpLDAPAdmin package to allow for easy administration of your new LDAP server.  All of the software has been installed and pre-configured to get you up and running your own LDAP server in a matter of minutes!

In order to use this AMI, you will need to sign up for an Amazon Web Services account, specifically the Elastic Compute Cloud (EC2) service. Signing up is easy, if you haven't already done so, the URL is:  http://aws.amazon.com/ec2/

The direct URL to purchase this AMI is: https://aws-portal.amazon.com/gp/aws/user/subscription/index.html?ie=UTF8&offeringCode=C831E696

Once you've established your account, you can then begin to create your own instances.  You'll want to search for "conklintechnology" in the list of available AMIs (or just use the URL above to find it directly).  Amazon sets prices based on several easy-to-understand metrics, such as compute time in hours, data transfer rates, and storage used.  Plus, you'll only pay for what you use, unlike many standard hosting providers.  Prices are given prior to starting up your new OpenDS instance.

Note: there have been some problems getting the image to launch initially.  If you run into problems, please send your Amazon account number (it's a 12 digit number, found under 'Account Activity' in the AWS console) to info@conklintechnology.com and we can manually grant launch permission to your account.  Also, when searching for the AMI, you can use its AMI number, which is ami-0300ef6a

Initial AMI tasks

One of the first steps you will want to perform once your new machine has started, and you have successfully logged in (you can connect via the AWS management console, if you don't have an SSH client available), is to change the hostname to the value provided by Amazon.  This value would be something like:  ec2-123.45.56.78.compute-1.amazonaws.com  From the root prompt at your new machine, simply type:

#    hostname ec-123.45.56.78.compute-1.amazonaws.com

This step is not mandatory, but it will prevent some warning messages when first starting up OpenDS and Apache.  You will need to do this each time the server is restarted, as that change will not be persistent.

Another thing you'll want to change is the ports allowed in your EC2 security group.  This will allow you to connect in remotely to the various services running on your new machine.  Initially, you'll want to at least open port 22 (SSH), port 80 (Apache Web Server) and port 389 (LDAP port).


Creating and Mounting an EBS volume

In order to persist data in the event your instance is stopped or crashes, it is important to configure an Elastic Block Storage (EBS) volume for your server.  Otherwise, any changes made to your LDAP server's database will be lost.

You can create and attach EBS volumes by using the EC2 management console.  Once the volume is created and attached to your running instance, you'll need to create a file system on this new device.  Important: Make sure your volume is in the same zone as your instance, otherwise you will not be able to attach it to your server.

For the initial setup of your new EBS volume, you'll need to create a filesystem on it.  Use:

#    mkfs.xfs /dev/sdf  (or whatever your device name was)

The fstab is already updated with this information -- if you choose a different mount point or device name, just edit the /etc/fstab with the appropriate values for your system.

Then, mount your new filesystem under /data (the mount point already exists):

# mount /data

Use "df -h" to validate the new volume is available with the amount of space you chose when creating it in the AWS console.


OpenDS 2.2

The OpenDS 2.2 software has been installed on your new machine under "/opt/OpenDS-2.2.0"  Under this directory, you'll find things like the configuration files, logs, and binaries for stopping and starting your server.

Important: Before starting your new server, make sure that the EBS volume you created is attached and mounted at /data.  Then run this command:

#     cp -r /opt/OpenDS2.2.0/db /data

Relevant information for your new LDAP server:

Ports: 389 (LDAP), 4444 (Admin console)

Base DN: o=root
Directory Manager DN:  cn=directory manager
Directory Manager password:  dirmgr123


Note:  The username is "cn=directory manager" including the "cn=" part.  You will need to include the whole DN when attempting to bind to your new server.


To start your new server:

#    cd /opt/OpenDS2.2.0/bin ; sh ./start-ds

Apache 2.2  & phpLDAPadmin

To stop/start your Apache server, you can use the apache2ctl command, with either a 'stop', 'start' or 'restart' argument, so for example:

#    apache2ctl start

Once your web server has been started, you can begin to use the phpLDAPadmin tool that has been pre-installed on your new instance.  It can be accessed from this URL:

http://your-public-AMI-address/pla

The installation path of the phpLDAPAdmin software, for things like config files and the HTML files, can be found in /srv/www/htdocs/pla

In order to troubleshoot anything with the Apache Web server. the log files are located at /var/log/apache2, the configuration files are located at /etc/apache2.  Note that there is warning message when starting Apache, but it can be ignored.


Additional Configuration

Contact CTG for professional services, including advanced configurations of your LDAP server, assistance with integrating LDAP authentication into your Unix/Linux servers, or other assistance beyond what is provided in this documentation.

Email:  info@conklintechnology.com

Web:  http://www.conklintechnology.com