In my previous – quite long – post, I showed you all how to install from scratch IBM SDS LDAP server with some additional fancy tools. Today I’ll show you how to create two service files for SDS (one for the Directory Administrator instance and one for the LDAP server instance) to make the system able to automatically start or stop those processes during system boot or halt. Let’s get started.
Creating service file for LDAP server instance
First things first, we need to know where my instances are and what the name of the instance. To do so, issue the following command as root:
/opt/ibm/ldap/V6.4/bin/idsilist -a
which list all the configured instances on the system, in my case my instance name is: idsldap
Now we can create a systemd service file with the content below:
cat >> /etc/systemd/system/ibmslapd_idsldap.service << EOF # Start of service file [Unit] Description=IBM Security Directory Server idsldap After=network.target [Service] Type=forking ExecStart=/opt/IBM/ldap/V6.4/sbin/ibmslapd -I idsldap -n ExecStop=/opt/IBM/ldap/V6.4/sbin/ibmslapd -I idsldap -k [Install] WantedBy=multi-user.target # End of service file EOF
Final step on RHEL is to enable and then start the newly created service with the following command:
systemctl enable ibmslapd_idsldap.service systemctl start ibmslapd_idsldap.service
If you did everything fine, issuing the following command once the start command finished will report that idsldap IBM SDS instance is up and running:
systemctl status ibmslapd_idsldap.service ● ibmslapd_idsldap.service - IBM Security Directory Server <ISDS_Instance_Name> Loaded: loaded (/etc/systemd/system/ibmslapd_idsldap.service; enabled; vendor preset: disabled) Active: active (running) since h 2018-10-29 11:12:01 CET; 32s ago Process: 2287 ExecStart=/opt/IBM/ldap/V6.4/sbin/ibmslapd -I idsldap -n (code=exited, status=0/SUCCESS) CGroup: /system.slice/ibmslapd_idsldap.service ├─2340 db2wdog 0 [idsldap] ├─2343 db2sysc 0 ├─2353 db2ckpwd 0 ├─2354 db2ckpwd 0 ├─2355 db2ckpwd 0 ├─2357 db2vend (PD Vendor Process - 1) 0 ├─2368 db2acd 0 ,0,0,0,1,0,0,0,0000,1,0,995db8,14,1e014,2,0,1,41fc0,0x210000000,0x210000000,1600000,10002,2,a0011 └─2408 /opt/ibm/ldap/V6.4/sbin/64/ibmslapd -I idsldap -n okt 29 11:11:43 sds64 ibmslapd[2287]: GLPSRV207I Group conflict resolution during replication is disabled. okt 29 11:11:43 sds64 ibmslapd[2287]: GLPSRV221I Replication of security attributes feature is disabled. okt 29 11:11:43 sds64 ibmslapd[2287]: GLPSRV200I Initializing primary database and its connections. okt 29 11:12:01 sds64 ibmslapd[2287]: GLPRDB126I The directory server will not use DB2 selectivity. okt 29 11:12:01 sds64 ibmslapd[2287]: GLPCOM024I The extended Operation plugin is successfully loaded from libloga.so. okt 29 11:12:01 sds64 ibmslapd[2287]: GLPCOM024I The extended Operation plugin is successfully loaded from libidsfget.so. okt 29 11:12:01 sds64 ibmslapd[2287]: GLPSRV232I Pass-through authentication is disabled. okt 29 11:12:01 sds64 ibmslapd[2287]: GLPSRV234I Pass-through support for compare operations is disabled. okt 29 11:12:01 sds64 ibmslapd[2287]: GLPCOM003I Non-SSL port initialized to 389. okt 29 11:12:01 sds64 systemd[1]: Started IBM Security Directory Server idsldap.
Creating service file for Directory Administration instance
To create the other service file for the Directory Administrator instance, we create a similar service file:
cat >> /etc/systemd/system/ibmdiradm_idsldap.service << EOF # Start of service file [Unit] Description=IBM Security Directory Admin Server idsldap After=network.target [Service] Type=forking ExecStart=/opt/IBM/ldap/V6.4/sbin/ibmdiradm -I idsldap ExecStop=/opt/IBM/ldap/V6.4/sbin/ibmdiradm -I idsldap -k [Install] WantedBy=multi-user.target # End of service file EOF
Final step on RHEL is to enable and then start the newly created service with the following command:
systemctl enable ibmdiradm_idsldap.service systemctl start ibmdiradm_idsldap.service
If you did everything fine, issuing the following command once the start command finished will report that idsldap IBM Directory Administration instance is up and running:
systemctl status ibmdiradm_idsldap.service
● ibmdiradm_idsldap.service - IBM Security Directory Admin Server idsldap
Loaded: loaded (/etc/systemd/system/ibmdiradm_idsldap.service; enabled; vendor preset: disabled)
Active: active (running) since h 2018-10-29 11:16:29 CET; 6s ago
Process: 2852 ExecStart=/opt/IBM/ldap/V6.4/sbin/ibmdiradm -I idsldap (code=exited, status=0/SUCCESS)
Main PID: 2865 (ibmdiradm)
CGroup: /system.slice/ibmdiradm_idsldap.service
└─2865 /opt/ibm/ldap/V6.4/sbin/64/ibmdiradm -I idsldap
okt 29 11:16:28 sds64 systemd[1]: Starting IBM Security Directory Admin Server idsldap...
okt 29 11:16:28 sds64 ibmdiradm[2852]: GLPWRP123I The program '/opt/ibm/ldap/V6.4/sbin/64/ibmdiradm' is used with the following arguments ...idsldap'.
okt 29 11:16:28 sds64 ibmdiradm[2852]: GLPADM056I Admin server starting.
okt 29 11:16:29 sds64 ibmdiradm[2852]: GLPCOM025I The audit plugin is successfully loaded from libldapaudit.so.
okt 29 11:16:29 sds64 ibmdiradm[2852]: GLPCOM022I The database plugin is successfully loaded from libback-config.so.
okt 29 11:16:29 sds64 ibmdiradm[2852]: GLPADM060I The admin server backup and restore server configuration entry is not enabled.
okt 29 11:16:29 sds64 ibmdiradm[2852]: GLPCOM024I The extended Operation plugin is successfully loaded from libloga.so.
okt 29 11:16:29 sds64 ibmdiradm[2852]: GLPCOM003I Non-SSL port initialized to 3538.
okt 29 11:16:29 sds64 systemd[1]: Started IBM Security Directory Admin Server idsldap.
Hint: Some lines were ellipsized, use -l to show in full.