Skip to main content

Installing the 389-ds LDAP Directory on CentOS 6.5

Installing and and using the openLDAP server is sometimes not the most simple of tasks; in order to simplify this Red Hat developed their IDM Directory Server which is at version 9.1 currently. This is available on CentOS and Fedora as the 389-ds and we will take a look at the preparation, installation and setup in this tutorial.


I know from previous tutorials I have written that this is a step that is easily forgotten but you must be able to resolve the FQDN of you host that you will install the 389-ds on. This can be via the local hosts file or via DNS. In my system this is made via DNS but you will see that within the video I add in the local hosts entry to /etc/hosts, in my case, as: ldap1


If you have a host based firewall then you will need to open up the following ports:

  • 389
  • 636
  • 9830

Network Tuning

The following lines should be added or adjusted within the /etc/sysctl.conf

net.ipv4.tcp_keepalive_time = 300
net.ip_local_port_range = 1024 65535


To obtain the software to install the 389-ds server and the dependencies you will need to add in the  EPEL and REMI repositories. the repo files can be downloaded as an rpm and then installed to create the correct entries in /etc/yum.repos.d


 Create Service Account

Rather than using the account ‘nobody’ which is the default we will create a user from 389-ds

useradd ldapuser
passwd ldapuser


This then becomes a simple matter of installing but the install will add in java if not installed so is not small:

yum install -y 389-da openldap-clients


There is a script to configure the server and this saves a lot of the hassle in creating the LDIF files for an initial setup with openLDAP. The video steps you through the script but to start:

Starting the GUI Console

The server can be managed from the GUI java console. this can be install on the server on on another client. For ease ours is on the server.

389-console -a

The video show this for you you and I hope you enjoy.