To set up a new LDAP server:

- Install the RPM 389-ds-base with yum
- root# env NSS_NONLOCAL_IGNORE=1 useradd -r -d /var/lib/dirsrv fedora-ds
- root# /usr/sbin/setup-ds.pl
    - Choose a typical install
    - Tell it to use the fedora-ds user and group
    - Directory server identifier: scripts
    - Suffix: dc=scripts,dc=mit,dc=edu
    - Input directory manager password
- yum install ldapvi
- /sbin/service dirsrv start
- Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
- Also set nsslapd-ldapifilepath: /var/run/dirsrv/slapd-scripts.socket
  and nsslapd-ldapilisten: on, otherwise ldapi won't work.
- /sbin/service dirsrv stop
- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
- wget http://web.mit.edu/geofft/Public/scripts-ca.pem
- certutil -d /etc/dirsrv/slapd-scripts -A -n "scripts.mit.edu CA" -t CT,, -a -i scripts-ca.pem
- Generate a pkcs12 cert for the server:
- openssl pkcs12 -export -in c-w.pem -inkey c-w.key -name 'ldap/cats-whiskers' -out c-w.pkcs12
- pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts
- Put LDAP keytab in /etc/dirsrv/keytab
- Uncomment and modify in /etc/syscnfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
- mkdir -p /var/tmp/dirsrv
- chown fedora-ds:fedora-ds /var/tmp/dirsrv
- chmod 755 /var/run/dirsrv
- /sbin/service dirsrv restart
- Use ldapvi -b cn=config to add these indexes:

add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: nsIndex
cn: apacheServerName
nsSystemIndex: false
nsIndexType: eq
nsIndexType: pres

add cn=apacheServerAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: nsIndex
cn: apacheServerAlias
nsSystemIndex: false
nsIndexType: eq
nsIndexType: pres

- Build the indexes with:
    - /usr/lib64/dirsrv/slapd-scripts/db2index.pl -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerName
    - Watch the progress with: ldapsearch -x -y /etc/signup-ldap-pw -D 'cn=Directory Manager' -b cn=tasks,cn=config
    - Wait for it to finish before:
    - /usr/lib64/dirsrv/slapd-scripts/db2index.pl -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerAlias

- Set up replication:
  (basically, execute
   http://directory.fedoraproject.org/sources/contrib/mmr.pl
   manually)
