eDirectory LDAP Server Tips


Although this isn't an eDirectory book, the following section provides a few tips for enabling LDAP on a NetWare or Linux server just the same:

  • The NetWare server you have configured to service LDAP requests must have the module NLDAP.NLM loaded.

  • The Linux server you have configured to service LDAP requests must be running the NDS daemon ndsd. By default, with eDirectory on the Linux platform, LDAP is automatically running. So there is generally no special process to run; just make sure that eDirectory is running on the Linux server. The commands to control the eDirectory daemon on a Linux server are as shown here:

    /etc/rc.d/ndsd {start | stop | status | restart | reload}

  • The NetWare or Linux server that services LDAP requests does not need any replicas on it; however, it is ideal that it have a copy of each eDirectory replica for every partition in the tree. By having eDirectory replicas for all partitions of the tree, the LDAP requests are serviced more quickly.

  • The LDAP server must allow clear-text passwords. By default, eDirectory's LDAP Group object is not configured to allow clear-text passwords. You will encrypt those clear-text passwords when you enable SSL, so there's no harm to do this at this point. Remember, this setting is not enabled as the default, so you are going to need to check it.

The following instructions for confirming that you have the Allow Clear Text Passwords option enabled assume that you have the LDAP snap-ins to ConsoleOne installed:

  1. To confirm that your LDAP server supports clear-text passwords, edit the object in your eDirectory tree called LDAP Group - Server Name. For example, in the WorldWide Widgets Tree, the object is called LDAP Group WWWFS1, and this object is in the same OU as the server called WWWFS1.

  2. Edit the properties of the LDAP Group object. On the LDAP Group General properties page, make sure that the Allow Clear Text Passwords option is checked.

    If you do not have the correct Snap-ins to ConsoleOne, you may not have a General properties page. If this is the case, go to the Other property page and do the following:

    1. Highlight the attribute titled LDAP Allow Clear Text Password.

    2. Click the Modify button, and change the value to TRue.

    3. Click the Apply button.

Note

If you enable the clear-text option, you generally do not need to unload and reload the eDirectory LDAP services. They will detect the changes in configuration, and update dynamically.


That's all that you need to do from an LDAP perspective on the eDirectory platform. You should, of course, make sure that your eDirectory tree is healthy, and available 100% of the time.



NOVELL GroupWise 7 Administrator Solutions Guide
Novell GroupWise 7 Administrator Solutions Guide
ISBN: 0672327880
EAN: 2147483647
Year: 2003
Pages: 320
Authors: Tay Kratzer

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net