Creating a directory server instance with custom settings

Edit online

Use Instance Administration Server to create a directory server instance with custom values as per your requirement.

Before you begin

To create a directory server instance, you must complete the following tasks:

Install IBM® Security Directory Server with the Server feature. See Installing with IBM Installation Manager.
To create a full directory server with RDBM backend, install DB2®. See Installing with IBM Installation Manager.
Verify whether the ldapdb.properties file contains DB2 installation path and version information. See Updating the ldapdb.properties file manually.

Procedure

Start Instance Administration Tool. See Starting Instance Administration Tool.
Click Create an instance.
In the Create or migrate panel of the Create new directory server instance window, click Create a new directory server instance.
Click Next.
In theInstance details panel of the Create new directory server instance window, specify the following values:
1. From the User name list, select the user name that owns the directory server instance.
  The directory server instance is assigned the same name as the user name.
2. If you want to associate a new user account with the instance, click Create user.
  In the Create new user for directory server instance window, complete the following steps:
  1. In the User Name field, enter the user name.
  2. In the Password field, enter a password for the user account.
  3. In the Confirm password field, enter the password for the user account.
  4. In the Home directory field, enter the home directory to configure for the user account. You can click Browse and specify the home directory.
  5. In the Primary group field, enter the primary group name of the user.
  6. To create the user account, click Create.
3. To modify an existing user account, select the user name from the User name list and click Edit user.
  In the Edit the user for directory server instance window, complete the following steps:
  1. The User Name field is populated with the user name.
  2. In the Password field, enter a password for the user account.
  3. In the Confirm password field, enter the password for the user account.
  4. In the Home directory field, enter the home directory to configure for the user account. You can click Browse and specify the home directory.
  5. In the Primary group field, enter the primary group name of the user.
  6. To edit the user account, click Edit.
In the Instance location field, enter the location of the directory server instance. You can click Browse and specify the instance home directory.
The location must contain at least 30 MB of free disk space.
On Windows systems, the location is a disk drive, such as C:. The directory instance files are stored in the \idsslapd-instance_name directory on the disk drive you specify. The instance_name variable is the name of the directory server instance.
On AIX®, Linux®, and Solaris systems, the home directory of the directory server instance owner is the default instance location, but you can specify a different path.
In the Encryption seed string field, enter the encryption seed for the directory server instance.
Remember: You must remember the encryption seed of a directory server instance since it might be required for other configuration tasks.
The encryption seed must contain only printable ISO-8859-1 ASCII characters with values in the range of 33 to 126. The encryption seed must contain a minimum of 12 and a maximum of 1016 characters. For information about the characters to use, see ASCII characters from 33 to 126. The directory server uses the encryption seed to generate a set of Advanced Encryption Standard (AES) secret key values. The key stash file of a directory server instance store the key values, and are used to encrypt and decrypt password and attributes.
In the Confirm encryption seed field, enter the encryption seed for the directory server instance.
If you want to provide an encryption salt value, click Use encryption salt value.
1. In the Encryption salt string field, enter an encryption salt value for the directory server instance.
  The encryption salt must contain only printable ISO-8859-1 ASCII characters with values in the range of 33 to 126. The encryption salt must contain 12 characters. For information about the characters to use, see ASCII characters from 33 to 126. To cryptographically synchronize a directory server with another directory server instance, you must use the same encryption seed and salt values.
2. In the Confirm encryption salt field, enter the encryption salt value for the directory server instance.
Optional: In the Instance description field, a description of the directory server instance.
The description helps in identifying the instance.
Click Next.
In the DB2 instance name field on the DB2 instance details panel, specify the DB2 instance name for the directory server instance.
Note: The DB2 instance for the directory server instance must not be configured or used by other programs or products.

By default, the DB2 instance name is the same as the directory server instance name. However, you can specify a different name for the DB2 instance. If you specify a different name, a system user ID with the same name must exist on the computer. This user account name must not be associated with another directory server instance.
Click Next.
In the TCP/IP settings for multihomed hosts panel, select one of the following options:
- If you want the directory server instance to listen on all IP addresses, select Listen on all configured IP addresses.
- If you want the instance to listen on a particular set of IP addresses that are configured on the computer, complete the following steps:
  1. Clear Listen on all configured IP addresses.
  2. From the Select the specific IP addresses to listen on list, select the IP address or addresses that you want the instance to listen on.
Click Next.
In the TCP/IP port settings panel, specify the following values:
Note: You must assign a unique port numbers to the directory server ports and must not conflict with existing ports that are in use on the computer. ON AIX, Linux, and Solaris systems, port numbers in the range of 1 - 1000 can be used only by root.
1. In the Server port field, enter the port number that you want the server to use as its unsecured port. The number must be in range of 1 - 65535.
2. In the Server secure port field, enter the port number that you want the server to use as its secured port. The number must be in the range of 1 - 65535.
3. In the Administration server port field, enter the port number that you want the administration server to use as its unsecured port. The number must be in the range of 1 - 65535.
4. In the Administration server secure port field, enter the port number that you want the administration server to use as its secured port. The number must be in the range of 1 - 65535.
5. Click Next.
In the Optional steps panel, complete the following steps:
1. To configure the administrator DN and password for the directory server instance, select Configure administrator DN and password.
  You must set the administrator DN and password for a proxy server and full directory server.
2. To configure the database for the directory server instance, select Configure database.
3. Click Next.
In the Configure administrator DN and password panel, complete the following steps:
1. In the Administrator DN field, enter a valid DN or accept the default DN, cn=root.
  The administrator DN value is not case-sensitive. The administrator DN user has full access to all data in the directory server instance.
2. In the Administrator Password field, enter the password for the administrator DN.
  Passwords are case-sensitive. Double byte character set (DBCS) characters in the password are not valid.
3. In the Confirm password field, enter the password for the administrator DN.
  You must remember the password for future reference.
4. Click Next.
In the Configure database panel, complete the following tasks to configure the database for the directory server instance:
Instance Administration Tool adds the database information in the configuration file, ibmslapd.conf, for the directory server instance. If the database does not exist, Instance Administration Tool creates the database.
1. In the Database user name field, enter a valid DB2 administrator ID.
  The DB2 administrator ID must exist on the computer and must contain the required access permission before you configure the database.
  Note: The DB2 administrator ID must set the appropriate locale for the language in which you want server messages to be displayed before the server startup.
2. In the Password field, enter the password for the DB2 administrator.
  The password is case-sensitive.
  Note: If you change the system password for the DB2 administrator, you cannot update it with Instance Administration Tool. You must use Configuration Tool or the idscfgdb command with the -w parameter. For more information, see Management of the DB2 database administrator password.
3. In the Database name field, enter a DB2 database name. The name must be in the range of 1 - 8 characters long.
4. Optional: If you want to set any of the following DB2 configuration settings, select Show advanced tablespace options.
5. Optional: Specify the Tablespace container as File or Raw device .
  
  File
  
  Select this option if you want to create the table space container on a file system.
  
  Specify the Directory path for the table space container location. You can click Browse to select the directory.
  
  Specify the File name for the table space. The default file name is AUTOSPACE.
  
  Under Other properties, specify the Extendable size (Pages) of the table space in pages. The default value for the extension size is 8192 pages.
  
  Raw device
  
  Select this option if you want to create the table space container on a a raw device where no file system is installed, such as a hard disk that does not contain a file system. If the database table space container location is in a raw device, a raw table space is created. In this case, the size of the database table space container is fixed and cannot be expanded.
  
  In the Device path field, enter the location of the raw device. On Windows, the path must start with \\.\. For example, a path with device name can be: \\.\device_name. On AIX, Linux, and Solaris, the device path must be a valid path.
  
  Note: The default tablespace for IBM Security Directory Server is automatic storage tablespace. From DB2, Version 10.1 Fix Pack 1 onwards the database managed spaces (DMS) table space type and system managed spaces (SMS) table space type is deprecated for permanent table spaces that are defined by the user.
  
  If you clear Show advanced tablespace options, the USERSPACE1 and LDAPSPACE table spaces are created with default sizes and locations. On AIX, Linux, and Solaris, the default path and file name for the USERSPACE1 table space is database_location/instance_name/NODE0000/SQL00001/USPACE. On Windows, the default path and file name for the USERSPACE1 table space is database_location\instance_name\NODE0000\SQL00001\USPACE. On AIX, Linux, and Solaris, the default path and file name for the LDAPSPACE table space is database_location/ldap32kcont_instance_name/ldapspace. On Windows, the default path and file name for the LDAPSPACE table space is database_location\ldap32kcont_instance_name\ldapspace.
6. Click Next.
In the Database options panel, complete the following steps:
1. In the Database install location field, enter the database location path. You can click Browse to specify a directory.
  On Windows, you must provide a disk drive location, C:. On AIX, Linux, and Solaris, the location must be a directory name, such as /home/ldapdb.
  Note: The minimum disk space that is required for a DMS database is 1 GB. For an SMS database, a minimum of 150 MB of disk space is required. These requirements are for an empty database. When you store data in the database, more disk space is required.
2. To configure the directory server with database for online backup, complete the following steps:
  1. Select Configure for online backup.
  2. In the Database backup location field, enter the location where you want to store the backup image. You can click Browse to specify the location.
  Note: Do not exit Instance Administration Tool when the backup operation is running.
  When you configure the database for online backup after the database configuration is complete an initial, offline backup of the database is run. After the offline backup operation is complete, the administration server is restarted.
  You can also configure online backup for a directory server instance with the idscfgdb command. However, you cannot unconfigure online backup with the idscfgdb command and the -c parameter. If you configure online backup for an instance with Instance Administration Tool or Configuration Tool, you can unconfigure it with Configuration Tool or the idscfgdb command.
3. In the Character-set option area, choose one of the following options to create a database type:
  Note: Create a universal DB2 database if you plan to store data in multiple languages in the directory server. A DB2 Universal Database is also most efficient because less data translation is needed. If you want to use language tags, the database must be a UTF-8 database. For more information about UTF-8, see UTF-8 support.
  - To create an UCS Transformation Format (UTF-8) database in which LDAP clients can store UTF-8 character data, click Create a universal DB2 database .
  - To create a database in the local code page, click Create a local codepage DB2 database.
4. Click Next.
If you selected Show advanced tablespace options in the Configure database panel, you must complete the following values in the Configure Database Tablespaces panel:
1. From the Select database tablespace type list, select a database type.
  The DMS database table space type is the default. If you select SMS database table space type, all other fields are disabled.
  DMS table space support is used only for the USERSPACE1 and LDAPSPACE table spaces. All other table spaces, such as catalog and temporary table spaces, are of type SMS.
1. Under the USERSPACE1 tablespace details area, specify the following details:
  1. From the Tablespace container list, select the container type. If you want the USERSPACE1 table space location on the file system, select File. If the database table space container location is in a file system, a DMS cooked table space is created. You can specify the initial size for the table space and an extendable unit size, and the table space is automatically expanded when required. If you want to create the USERSPACE1 table space on a raw device, select Raw device. A raw device is a device where no file system is installed, such as a hard disk that does not contain a file system. If the database table space container location is in a raw device, a DMS raw table space is created. In this case, the size of the database table space container is fixed and cannot be expanded. If you select Raw device, specify the size along with the container location instead of accepting the default values.
  2. If you selected File in the Tablespace container list, specify the following details:
    1. In the Directory path field, specify the directory path where you want create the USERSPACE1 table space. You can click Browse to select the directory.
    2. In the File name field, enter the file name of the table space that you want to create, or accept the default file name, USPACE.
    3. In the Initial size field, enter the initial size for the USERSPACE1 table space in pages or accept the default value. For the File type table space container, the USERSPACE1 table space container is of auto-incremental type. You can provide the initial size in the Initial size field, and an extendable unit size in the Extendable size field. The default value for the initial size is 16 K pages, and the default extendable unit size is 8 K pages. The page size for the USERSPACE1 table space container is 4 KB per page.
  3. If you selected Raw device in the Tablespace container list, specify the following details:
    1. In the Device path field, enter the location of the raw device. On Windows, the path must start with \\.\. An example that shows the path with device name, \\.\device_name. On AIX, Linux, and Solaris, the device path must be a valid path.
    2. In the Initial size field, enter the initial size for the USERSPACE1 table space or accept the default value. For the Raw Device type table space container, the size of the USERSPACE1 table space container is fixed. The default size is 16 K pages. For better results, specify the size you want.
2. Under the LDAPSPACE tablespace details area, specify the following details:
  1. From the Tablespace container list, select the container type. If you want the LDAPSPACE table space location on a file system, select File. If you want to create the LDAPSPACE table space on a raw device, select Raw device. A raw device is a device where no file system is installed, such as a hard disk that does not contain a file system.
  2. If you selected File in the Tablespace container list, specify the following details:
    1. In the Directory path field, specify the directory path where you want create the LDAPSPACE table space. You can click Browse to select the directory.
    2. In the File name field, enter the file name of the table space that you want to create, or accept the default file name, ldapspace.
    3. In the Initial size field, enter the initial size for the LDAPSPACE table space in pages or accept the default value. For the File type table space container, the LDAPSPACE table space container is of auto-incremental type. You can provide the initial size in the Initial size field, and an extendable unit size in the Extendable size field. The default value for the initial size is 16 K pages, and the default extendable unit size is 8 K pages. The page size for the LDAPSPACE table space container is 32 KB per page.
  3. If you selected Raw device in the Tablespace container list, specify the following details:
    1. In the Device path field, enter the location of the raw device. On Windows, the path must start with \\.\. An example that shows the path with device name, \\.\device_name. On AIX, Linux, and Solaris, the device path must be a valid path.
    2. In the Initial size field, enter the initial size for the LDAPSPACE table space or accept the default value. For the Raw Device type table space container, the size of the LDAPSPACE table space container is fixed. The default size is 16 K pages. For better results, specify the size you want.
3. If you selected File in one or both of the Tablespace container fields, specify the number of pages by which to expand the table space containers in the Extendable size field.
4. Click Next.
In the Verify settings panel, verify the summary that is generated.
To start the directory server instance creation, click Finish.
In the Results window, verify the log messages that are generated for the instance creation operations.
To close the Results window, click Close.
To close Instance Administration Tool, click Close.

Results

Instance Administration Tool creates a directory server instance on the computer.

What to do next

You must start the ibmslapd process and the administration server that is associated with the directory server instance. See Start or stop a directory server and an administration server.