Novell Home

Configuring eDirectory LDAP Server to Listen on Specific IP Addresses/Host Names

Novell Cool Solutions: Tip
By G GireeshKumar

Digg This - Slashdot This

Posted: 7 Nov 2007
 

Problem

Configuring eDirectory LDAP Server to listen on specific IP addresses/host names requires multiple steps. The procedure can be cumbersome and sometimes confusing to users. This tip helps you configure the eDirectory LDAP Server properly.

Solution

With eDirectory 8.8, users can configure LDAP Server to listen on a one or all IP addresses configured on the machine. LDAP Server in eDirectory 8.8 SP2 has been enhanced to listen on specific IP address by configuring the ldapInterfaces attribute.

ldapInterfaces is a multi-valued string attribute used to store IP addresses and port numbers in a format that resembles the LDAP URL. The LDAP server listens on these IP addresses and ports for both clear text and secure ports.

The representation of the ldapInterfaces attribute is upgraded in eDirectory 8.8 SP2. In the eDirectory 8.8 and 8.8 SP1 versions, the ldapInterfaces takes the value of one IP address or "*". The "*" value makes the LDAP Server listen on all the IP addresses configured in the machine.

With eDirectory 8.8 SP2 onwards, the ldapInterfaces attribute is enabled to listen on multiple IP address/ hostnames, each separated by a space. The default value of ldapInterfaces is "ldap:// ldaps://". This means LDAP server listens on all the IP addresses configured in the machine.

For example: To configure an instance of LDAP Server to listen on two IP addresses (for both clear text and secure port) and the loopback address of a machine, follow the steps below:

1. Using iManager or ldapconfig, modify the ldapinterfaces attribute in the LDAP Server object to add the following:

ldap://192.168.1.1:389
ldaps://192.168.2.1:636
ldap://192.168.100.101:389
ldaps://192.168.100.101:636
ldap://127.0.0.1:389
ldaps://127.0.0.1:389

For example:

ldapconfig -s "ldapinterfaces=ldap://192.168.1.1:389 ldaps://192.168.2.1:636 ldap://192.168.100.101:389 ldaps://192.168.100.101:636 ldap://127.0.0.1:389 ldaps://127.0.0.1:389" -a cn=admin.o=acme.com -w secret

2. Disable the port 389 and 636 in the LDAP Server.

The server continues to listen on all the interfaces in the machine if cleartext or TLS ports in the LDAP Server object are not disabled.

For example:

ldapconfig -s "LDAP Enable TCP=No" -a cn=admin.o=acme.com -w secret
ldapconfig -s "LDAP Enable SSL=No" -a cn=admin.o=acme.com -w secret

Note: If you use ldapconfig to configure the server, it is important to refresh the LDAP Server using the following command:

ldapconfig -R -a cn=admin.o=acme.com -w secret

Supported Platforms

The feature is available from eDirectory 8.8 SP2 onwards and is supported on all eDirectory-supported UNIX flavors.

References

http://www.novell.com/documentation/edir88/edir88/data/agq8auc.html


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell