Configuring the Directory Server

Run the Directory Server Configuration wizard to customize the Directory Server settings.

1. If your system has not been configured to publish information to another LDAP server and no LDAP servers are known to the TCP/IP DNS server, then Directory Server is automatically installed with a limited default configuration.
   Directory Server provides a wizard to assist you in configuring the Directory Server for your specific needs. You can run the wizard later from . Use this wizard when you initially configure the directory server. You can also use the wizard to reconfigure the directory server.

   Note: When you use the wizard to reconfigure the directory server, you start configuring from scratch. The original configuration is deleted rather than changed. However, the directory data is not deleted, but instead remains stored in the library that you selected on installation (QUSRDIRDB by default). The change log also remains intact, in the QUSRDIRCL library by default.

   If you want to start completely from scratch, clear those two libraries before starting the wizard.

   If you want to change the directory server configuration, but not clear it completely, right-click Directory and select Properties. This does not delete the original configuration.

   You must have *ALLOBJ and *IOSYSCFG special authorities to configure the server. If you want to configure security auditing, you must also have *AUDIT special authority.

2. To start the Directory Server Configuration Wizard, take these steps:
   1. In , expand Network > Servers > TCP/IP Servers.
   2. Right-click IBM Tivoli Directory Server for IBM i and select Configure.
   Note: If you have already configured the directory server, click Reconfigure rather than Configure.
3. Follow the instructions in the Configure Directory Server wizard to configure your Directory Server.
   Note: You might also want to put the library that stores the directory data in a user auxiliary storage pool (ASP) rather than the system ASP. However, this library cannot be stored in an Independent ASP and any attempt to configure, reconfigure, or start the server with a library that exists in an Independent ASP will fail.
4. When the wizard is finished, your Directory Server has a basic configuration.
   If you are running Lotus Domino on your system, then port 389 (the default port for the LDAP server) might already be in use by the Domino LDAP function. You must do one of the following:

   • Change the port that Lotus Domino uses. See Host Domino LDAP and Directory Server on the same system in the E-mail topic for more information.
   • Change the port that Directory Server uses. See Changing the port or IP address for more information.
   • Use specific IP addresses. See Changing the port or IP address for more information.
5. Create entries corresponding to the suffix or suffixes that you have configured.
   For more information, see Adding and removing Directory Server suffixes.
6. You might want to do some or all of the following before continuing:
   • Enable Secure Sockets Layer (SSL) security, see Enabling SSL and Transport Layer Security on the Directory Server.
   • Enable Kerberos authentication, see Enabling Kerberos authentication on the Directory Server.
   • Set up a referral, see Specifying a server for directory referrals.
7. Start the Directory Server.
   For more information, see Starting the Directory Server.
8. The existing directory server instance is referred to as the QUSRDIR instance. Its schema files and configuration file are in the /QIBM/UserData/OS400/DirSrv/idsslapd-QUSRDIR directory. The server instance can be automatically created if you attempt to start the default instance. No other instances will be automatically created.