Æ-DIR server

  1. Make yourself familiar with the system architecture.
  2. Install Æ-DIR servers with one of the supported operating systems. Currently the ansible playbooks support fully automated installation/configuration on… If you want to tweak the ansible roles to install on another OS make sure a recent OpenLDAP 2.4.44+ with overlay slapo-deref is available for your OS platform. Older releases are explicitly not recommended!
  3. Install on your admin workstation:
  4. Create DNS entries for all your Æ-DIR servers including correct reverse DNS entries (PTR RRs). While not strictly required it's a good idea to choose a separate DNS subdomain especially not matched by any wild-card certificate you might use.
  5. Prepare to have SSH access to all Æ-DIR servers as user root (via su or sudo) and make yourself familiar with using ansible become.
  6. Issue X.509 TLS server certificates with appropriate CN and subjectAltName values for all replicas with your existing PKI's certificate authority.
    The anti-security concept of wild-card certificates is not compatible with Æ-DIR's security concept! Therefore these cannot be used!
  7. Get the ansible playbooks:
    git clone
  8. Read and understand ansible/
  9. Create ansible inventory file named hosts to match your environment (see file hosts-example for details).
  10. Read comments in file ansible/roles/ae-dir-server/defaults/main.yml and adjust ansible group and host vars to match your environment.
  11. Invoke ansible play in sub-directory ansible/ (here using command su):
    ANSIBLE_HOSTS=hosts ansible-playbook ae-dir-servers.yml --become -K --become-method=su --extra-vars="aedir_init=1"
  12. Log into one provider system become user root and run the following commands to fully initialize your directory:
    1. Add the basic Æ-DIR entries with OpenLDAP command-line tool:
      ldapmodify -f /opt/ae-dir/etc/ae-dir-base.ldif
    2. Set the user password of an initial Æ admin (here msin):
      /opt/ae-dir/bin/ msin