close Warning: Can't synchronize with repository "(default)" (/common/SVN/wimax does not appear to be a Subversion repository.). Look in the Trac log for more information.

Changes between Version 14 and Version 15 of dSite/e0LDAP


Ignore:
Timestamp:
Oct 10, 2014, 9:35:44 PM (6 years ago)
Author:
ssugrim
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • dSite/e0LDAP

    v14 v15  
    55=== Post-installation OS Services Configuration ===
    66
    7 Run the OS configuration script:
    8 {{{
     7 1. Run the OS configuration script:
     8    {{{
    99/usr/sbin/geni_os_setup.rb
    10 }}}
    11 It should produce:
    12 {{{
     10    }}}
     11    It should produce:
     12    {{{
    1313user@testcons:~# sudo /usr/sbin/geni_os_setup.rb
    1414Loading /etc/omf-aggmgr-5.4/site.yaml... done.
     
    108108SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    109109SASL SSF: 0
    110 }}}
    111 
    112 After this script is run, we will need to point the dns resolver to the localhost. To do this edit ''/etc/network/interfaces'' file and change the '''dns-nameservers''' line to use '''localhost''', e.g.:
    113 {{{
     110    }}}
     111 2. After this script is run, we will need to point the dns resolver to the localhost. To do
     112    this edit ''/etc/network/interfaces'' file and change the '''dns-nameservers''' line to
     113    use '''localhost''', e.g.:
     114    {{{
    114115# The primary network interface
    115116auto eth2
     
    120121      dns-nameservers localhost
    121122
    122 }}}
    123 then restart the networking service to reflect the DNS change:
    124 {{{
     123    }}}
     124    then restart the networking service to reflect the DNS change:
     125    {{{
    125126/etc/init.d/networking restart
    126 }}}
    127 Once this setting is done you can test the local dns by tring to resolve node names e.g.:
    128 {{{
     127    }}}
     128    Once this setting is done you can test the local dns by tring to resolve node names e.g.:
     129    {{{
    129130host node1.geni.rutgers.edu
    130131node1.geni.rutgers.edu has address 10.1.1.1
    131 }}}
    132 External name resolution should also work.
    133 
    134 Next edit ''/etc/nsswitch.conf'' file so that is has the follow non comment lines:
    135 {{{
     132    }}}
     133    External name resolution should also work.
     134
     135 3. Edit ''/etc/nsswitch.conf'' file so that is has the follow non comment lines:
     136    {{{
    136137    passwd:         files ldap compat
    137138    group:          files ldap compat
     
    147148
    148149    netgroup:       nis
    149 }}}
    150 Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command).
    151 {{{
     150    }}}
     151 4. Add the follow line to the /etc/sudoers file (note this is done with the visudo command).
     152    {{{
    152153    %admin ALL=(ALL) ALL
    153154    %sysadmin ALL=NOPASSWD: ALL
    154 }}}
     155    }}}
    155156 
    156157
    157 In file /etc/ldap/ldap.conf make sure you have:
    158 {{{
     158 5. Edit the file /etc/ldap/ldap.conf and make sure the following lines have these values (add
     159    them if they are missing):
     160    {{{
    159161TLS_CACERT      /etc/ssl/certs/cacert.pem
    160162TLS_REQCERT     never
    161 }}}
    162 
    163 === Import initial LDAP content ===
     163    }}}
     164    then restart the ldap daemon with:
     165    {{{
     166/etc/init.d/slapd restart
     167    }}}
     168
     169=== Import initial GENI LDAP content ===
    164170Next we will import initial content consisting of first groups and accounts that will be used as administrators for the range of services. The deployment assumes the following delegated accounting structure: users are organized into groups based on their organization or project (or in LDAP terms organizational units (OUs)). Each group can have number of administrators (or users with group management capabilities) but has to have one person who is the main administrator for the OU (the principal investigator - PI). While most of the account management is performed through Control Panel functions, the initial site administrator and the first OU need to be added to LDAP manually. This can be done through ''phpldapadmin'' or through LDIF configuration file and command line tools. The LDIF config for initial import looks like:
    165171{{{