- Make yourself familiar with the system architecture.
Install Æ-DIR servers with one of the supported operating
systems. Currently the ansible playbooks support fully automated
- openSUSE Tumbleweed
- SLES 12SP2
- Debian Jessie with OpenLDAP packages from Debian APT repository of LTB project
- Soon coming: CentOS 7 with OpenLDAP packages from YUM repository of LTB project
- Install on your admin workstation:
- Create DNS entries for all your Æ-DIR servers including correct reverse DNS entries (PTR RRs). While not strictly required it's a good idea to choose a separate DNS subdomain especially not matched by any wild-card certificate you might use.
Prepare to have SSH access to all Æ-DIR servers as user
sudo) and make yourself familiar with using ansible become.
Issue X.509 TLS server certificates with appropriate CN and
subjectAltName values for all replicas with your existing
PKI's certificate authority.
The anti-security concept of wild-card certificates is not compatible with Æ-DIR's security concept! Therefore these cannot be used!
Get the ansible playbooks:
git clone https://ae-dir.com/git/ae-dir.git
Read and understand
- Create ansible inventory file named hosts to match your environment (see file hosts-example for details).
Read comments in file
ansible/roles/ae-dir-server/defaults/main.ymland adjust ansible group and host vars to match your environment.
Invoke ansible play in sub-directory
ansible/(here using command
ANSIBLE_HOSTS=hosts ansible-playbook ae-dir-servers.yml --become -K --become-method=su --extra-vars="aedir_init=1"
Log into one provider system become user root and run the
following commands to fully initialize your directory:
Add the basic Æ-DIR entries with OpenLDAP command-line tool:
ldapmodify -f /opt/ae-dir/etc/ae-dir-base.ldif
Set the user password of an initial Æ admin (here msin):
- Add the basic Æ-DIR entries with OpenLDAP command-line tool: