Creating a new instance in Tivoli Directory Server (using command line)

To create a TDS instance follow the commands below

1) Create the new instance
idsicrt -I inst1 -e thisismyinst

2) Create a system user on Linux box
idsadduser -u inst1 -g idsldap -w inst123 -n

3) Create the db2 instance
idscfgdb -I inst1 -a inst1 -w inst123 -t inst1 -l /home/inst1 -n

4) Add a suffix to TDS instance
idscfgsuf -I inst1 -s o=sample -n

5) Set the password for cn=root.
idsdnpw -I inst1 -u cn=root -p root -n

6) Start the TDS instance.
ibmslapd -I inst1 -t


To drop TDS instance issue the following command

   idsidrop -I inst1 -n -r

Tivoli Directory Server: "Insufficient access --- Error, Password may not be modified"

When you create a normal interOrgPerson entry using cn=root in Tivoli Directory Server, it has this attribute

entryOwner: access-id:CN=ROOT


Because of this when you try to change the password, you will see an error like below

[root@localhost etc]# idsldapchangepwd -D "cn=chirag,ou=users,ou=JK Enterprise,O=sample" -w passwd -n chirag1! -p 1389
ldap_simple_bind:  Error, Password must be changed after reset
changing password for entry cn=chirag,ou=users,ou=JK Enterprise,O=sample
Insufficient access --- Error, Password may not be modified

Change the attribute like this and then attempt to change the password

entryOwner: access-id:CN=this

[root@localhost etc]# idsldapchangepwd -D "cn=chirag,ou=users,ou=JK Enterprise,O=IDAAS" -w passwd -n chirag1! -p 1389

ldap_simple_bind:  Error, Password must be changed after reset

changing password for entry cn=chirag,ou=users,ou=JK Enterprise,O=sample

Enabling password policy on Tivoli Directory Server

Check if the pwdpolicy is enabled:
[root@localhost ~]# ldapsearch -D cn=root -w 123lab -p 1389 -s sub -b cn=pwdpolicy,cn=ibmpolicies objectclass=*
cn=pwdpolicy,cn=ibmpolicies
objectclass=container
objectclass=pwdPolicy
objectclass=ibm-pwdPolicyExt
objectclass=ibm-pwdGroupAndIndividualPolicies
objectclass=top
cn=pwdPolicy
pwdAttribute=userPassword
pwdInHistory=0
pwdCheckSyntax=0
pwdGraceLoginLimit=0
pwdLockoutDuration=0
pwdMaxFailure=0
pwdFailureCountInterval=0
passwordMaxRepeatedChars=0
passwordMaxConsecutiveRepeatedChars=0
pwdMaxAge=0
pwdMinAge=0
pwdExpireWarning=0
pwdMinLength=0
passwordMinAlphaChars=0
passwordMinOtherChars=0
passwordMinDiffChars=0
ibm-pwdPolicy=false
pwdLockout=false
pwdAllowUserChange=true
pwdMustChange=true
pwdSafeModify=false
ibm-pwdGroupAndIndividualEnabled=false

Enable the ibm-pwdPolicy:

[root@localhost ~]# idsldapmodify -p 1389 -D cn=root -w 123lab

dn: cn=pwdpolicy,cn=ibmpolicies

changetype: modify

replace: ibm-pwdpolicy

ibm-pwdpolicy:true

Operation 0 modifying entry cn=pwdpolicy,cn=ibmpolicies

Enable the ibm-pwdGroupAndIndividualEnabled (note I have used -k option, which is admin control switch):

[root@localhost ~]# idsldapmodify -p 1389 -D cn=root -w 123lab -k

dn: cn=pwdpolicy,cn=ibmpolicies

changetype: modify

replace: ibm-pwdGroupAndIndividualEnabled

ibm-pwdGroupAndIndividualEnabled: true

Operation 0 modifying entry cn=pwdpolicy,cn=ibmpolicies

Now you can see that pwdpolicy is enabled for Individual and Groups

[root@localhost ~]#  ldapsearch -D cn=root -w 123lab -p 1389 -s sub  -b cn=pwdpolicy,cn=ibmpolicies objectclass=*

cn=pwdpolicy,cn=ibmpolicies

objectclass=container

objectclass=pwdPolicy

objectclass=ibm-pwdPolicyExt

objectclass=ibm-pwdGroupAndIndividualPolicies

objectclass=top

cn=pwdPolicy

pwdAttribute=userPassword

pwdInHistory=0

pwdCheckSyntax=0

pwdGraceLoginLimit=0

pwdLockoutDuration=0

pwdMaxFailure=0

pwdFailureCountInterval=0

passwordMaxRepeatedChars=0

passwordMaxConsecutiveRepeatedChars=0

pwdMaxAge=0

pwdMinAge=0

pwdExpireWarning=0

pwdMinLength=0

passwordMinAlphaChars=0

passwordMinOtherChars=0

passwordMinDiffChars=0

pwdLockout=false

pwdAllowUserChange=true

pwdMustChange=true

pwdSafeModify=false

ibm-pwdpolicy=true

ibm-pwdPolicyStartTime=20141006090751Z

ibm-pwdGroupAndIndividualEnabled=true

Installing & remotely accessing desktop environment in RHEL7.

1) You will need to configure a yum repository. In my case I mounted the ISO locally and created the repo.

mount /dev/cdrom /mnt
vi /etc/yum.repos.d/rhel.repo and paste the following content
[dvd]
baseurl=file:///mnt
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

2) Use the yum groupinstall feature.

yum groupinstall "Server with GUI"


In my case this installed around 800+ RPMs and desktop environment was installed.

3) Now if you can install tiger-vnc 

yum install tigervnc-server
vncserver :1

The default file /root/.vnc/xstartup wasn't good for me. I could login to VNC, but it won't show me anything. So I replaced the contents of /root/.vnc/xstartup with following

#!/bin/sh

[ -r /etc/sysconfig/i18n ] && . /etc/sysconfig/i18n
export LANG
export SYSFONT
vncconfig -iconic &
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
OS=`uname -s`
if [ $OS = 'Linux' ]; then
  case "$WINDOWMANAGER" in
    *gnome*)
      if [ -e /etc/SuSE-release ]; then
        PATH=$PATH:/opt/gnome/bin
        export PATH
      fi
      ;;
  esac
fi
if [ -x /etc/X11/xinit/xinitrc ]; then
  exec /etc/X11/xinit/xinitrc
fi
if [ -f /etc/X11/xinit/xinitrc ]; then
  exec sh /etc/X11/xinit/xinitrc
fi
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &
~

ifconfig doesn't work on default RHEL7 installation.

The default installation on RHEL7 will not have the ifconfig command.

ifconfig -a
bash: ifconfig: command not found

You need to install the RPM named net-tools.

[root@localhost Packages]# rpm -ivh net-tools-2.0-0.17.20131004git.el7.x86_64.rpm
warning: net-tools-2.0-0.17.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:net-tools-2.0-0.17.20131004git.el################################# [100%]

[root@localhost Packages]# ifconfig

ens192: flags=4163  mtu 1500

        inet 10.213.21.133  netmask 255.255.255.0  broadcast 10.213.21.255

        inet6 2002:976:2c08:610:20c:29ff:feee:3857  prefixlen 64  scopeid 0x0

        inet6 fe80::20c:29ff:feee:3857  prefixlen 64  scopeid 0x20

        ether 00:0c:29:ee:38:57  txqueuelen 1000  (Ethernet)

        RX packets 184253  bytes 1087049370 (1.0 GiB)

        RX errors 0  dropped 50  overruns 0  frame 0

        TX packets 82604  bytes 6774921 (6.4 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10

        loop  txqueuelen 0  (Local Loopback)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0