Where to start in 389 Directory Server

I’m building a small office company on Fedora Workstation. I’d like to extend this to using a Linux AD/DC solution and the 389 Directory Server since its nicely integrated with cockpit. As someone who has limited Windows AD/DC experience (Mostly upgrading server versions, and restructuring user groups), I need a place to start to understand the operations of the system.

So far I’ve tried manuals and looking for REHL classes, but its going a little over my head.

P.S. I’ve got 6 months to a year before I have to deploy so even long hard options are on the table.

Thank you!

I just followed the 389ds quick start guide: 389 Directory Server - Quick Start

Between that and man sssd-ldap, I was able to get a small Linux network up and running. It’s not a full-fledged FreeIPA server or anything, just an LDAP server. But it is enough for a small network of Fedora Linux workstations.

Thanks for the link, I’ve looked over that before thinking it was just the install directions. That’ll definitely help, I’m also happy its just an ldap setup too since I’m building from scratch I’d build all the other AD/DC tools separately.

Do you know any resources for learning the cockpit ui? I can get by on the cli, but being small I’ll need the ui to train the backup person on basic tasks when I’m gone/unexpected loss of human.

And thank you so much again, I looked past this way too many times.

No. I don’t recall using any. For the most part, and for what little I’ve used the cockpit UI for (i.e. tweaking the occasional LDAP value), the interface was intuitive enough that I haven’t really needed anything. I’m sure I found some instructions for how to install the ssl certs at some point. But it’s been too long ago that I don’t remember where I found them.

As sysadmins, we are always wanting to know everything about everything before we jump in, but in practice that doesn’t tend to be possible. There is just too much to know and too much that is always changing. My experience at least has been more of a trial/baptism by fire. :slight_smile: I’ve certainly made mistakes. For example, when I first configured openldap, I used the plain posix account format. Later I discovered that what I really needed for my use case was the 2307bis posix account format. I don’t even remember the details of why now (I think it was something to do with how the group memberships worked). I ended up having to recreate all the accounts. Thankfully I knew enough Perl scripting to be able to do so fairly quickly.

Good luck! :stuck_out_tongue:

Replying with another answer.

REHL maintains documentation on the service with web-ui documentation under Red Hat Directory Server, and the cockpit information is under “Web Interface”. I’ve attached a link below, thank you Gregory for pointing me in the right direction.

1 Like