Configure Directory Server

1. If your system has not been configured to publish information to another LDAP server and no LDAP servers are known to the TCP/IP DNS server, then Directory Server is automatically installed with a limited default configuration. See Default configuration for Directory Server for more information. Directory Server provides a wizard to assist you in configuring the Directory Server for your specific needs. You can run this wizard as part of EZ-Setup or run the wizard later from iSeries Navigator. Use this wizard when you initially configure the directory server. You can also use the wizard to reconfigure the directory server.
   Note:
   When you use the wizard to reconfigure the directory server, you start configuring from scratch. The original configuration is deleted rather than changed. However, the directory data is not deleted, but instead remains stored in the library that you selected on installation (QUSRDIRDB by default). The change log also remains intact, in the QUSRDIRCL library by default.

   If you want to start completely from scratch, clear those two libraries before starting the wizard.

   If you want to change the directory server configuration, but not clear it completely, right-click Directory and select Properties. This does not delete the original configuration.

   You must have *ALLOBJ and *IOSYSCFG special authorities to configure the server. If you want to configure security auditing, you must also have *AUDIT special authority.
2. To start the Directory Server Configuration Wizard, take these steps:
   1. In iSeries Navigator, expand Network.
   2. Expand Servers.
   3. Click TCP/IP.
   4. Right-click IBM Directory Server and select Configure.
      Note:
      If you have already configured the directory server, click Reconfigure rather than Configure.
3. Follow the instructions in the Configure Directory Server wizard to configure your Directory Server.
   Note:
   You might also want to put the library that stores the directory data in a user auxiliary storage pool (ASP) rather than the system ASP. However, this library cannot be stored in an Independent ASP and any attempt to configure, reconfigure, or start the server with a library that exists in an Independent ASP will fail.
4. When the wizard is finished, your Directory Server has a basic configuration. If you are running Lotus Domino on your system, then port 389 (the default port for the LDAP server) might already be in use by the Domino LDAP function. You must do one of the following:
   • Change the port that Lotus Domino uses. See" Host Domino LDAP and Directory Server on the same iSeries " in the E-mail topic for more information.
   • Change the port that Directory Server uses. See Change the port or IP address for more information.
   • Use specific IP addresses. See Change the port or IP address for more information.
5. Create entries corresponding to the suffix or suffixes that you have configured. For more information, see Add and remove Directory Server suffixes.

You might want to do some or all of the following before continuing:

• Import data to the server, see Import/Export an LDIF file.
• Enable Secure Sockets Layer (SSL) security, see Enable SSL and Transport Layer Security on the Directory Server.
• Enable Kerberos authentication, see Enable Kerberos authentication on the Directory Server.
• Set up a referral, see Specify a server for directory referrals.