# Install 389ds

```
apt install 389-ds 389-ds-base
# Put ds_instance.inf into root
cd /root 
dscreate from-file ds_instance.inf
systemctl start dirsrv.target
systemctl enable dirsrv.target
# Palace ldap.conf into /etc/ldap

ldapsearch -x -H ldap://smime.neuro.uni-bremen.de -s base -b "" "objectclass=*"
```

# 389ds: Add SSL certificates

```
# Find the PIN in 
cat /etc/dirsrv/slapd-smime/pin.txt

cd /certs
openssl pkcs12 -export -inkey key.pem -in crt.pem -out crt.p12 -name ’Server-Cert’
cd /etc/dirsrv/slapd-smime/
pk12util -i /certs/crt.p12 -d . 

certutil -A -d /etc/dirsrv/slapd-smime/ -n "Uni Chain 1" -t "CT,," -i /certs/cari_1.pem
certutil -A -d /etc/dirsrv/slapd-smime/ -n "Uni Chain 2" -t "CT,," -i /certs/cari_2.pem
certutil -A -d /etc/dirsrv/slapd-smime/ -n "Uni Chain 3" -t "CT,," -i /certs/cari_3.pem

# Show certs
certutil -L -d /etc/dirsrv/slapd-smime/
# Show keys
certutil -K -d /etc/dirsrv/slapd-smime/
# Show Server Settings
ldapsearch -H ldap://localhost:389 -D 'cn=admin' -W -Z -b 'cn=encryption,cn=config' -x

# 389ds cockpit fix (Ubuntu package is broken)
wget https://github.com/389ds/389-ds-base/archive/389-ds-base-2.0.15.tar.gz
tar xzf 389-ds-base-2.0.15.tar.gz
cd /root/389-ds-base-389-ds-base-2.0.15/src/cockpit/389-console
# Wait until "webpack compiled successfully"
sh buildAndRun.sh
cp dist/* /usr/share/cockpit/389-console
systemctl restart cockpit
# We use the cockpit to activate the security mode

# Open the firewall but we want to close the port later and disable the cockpit service
ufw allow 9090
```

# Cockpit SSL

Put the certificates and key as 1.cert  1.key in /etc/cockpit/ws-certs.d/ and remove the self-signed ones.

# Remove acces to cockpit

```
ufw status numbered | grep 9090 
ufw delete ????
systemctl disable cockpit
systemctl stop cockpit
systemctl stop cockpit.socket
```