Configuring eDirectory LDAP Server to Listen on Specific IP Addresses/Host Names
Novell Cool Solutions: Tip
By G GireeshKumar
Digg This -
Posted: 7 Nov 2007
Configuring eDirectory LDAP Server to listen on specific IP addresses/host names requires multiple steps. The procedure can be cumbersome and sometimes confusing to users. This tip helps you configure the eDirectory LDAP Server properly.
With eDirectory 8.8, users can configure LDAP Server to listen on a one or all IP addresses configured on the machine. LDAP Server in eDirectory 8.8 SP2 has been enhanced to listen on specific IP address by configuring the ldapInterfaces attribute.
ldapInterfaces is a multi-valued string attribute used to store IP addresses and port numbers in a format that resembles the LDAP URL. The LDAP server listens on these IP addresses and ports for both clear text and secure ports.
The representation of the ldapInterfaces attribute is upgraded in eDirectory 8.8 SP2. In the eDirectory 8.8 and 8.8 SP1 versions, the ldapInterfaces takes the value of one IP address or "*". The "*" value makes the LDAP Server listen on all the IP addresses configured in the machine.
With eDirectory 8.8 SP2 onwards, the ldapInterfaces attribute is enabled to listen on multiple IP address/ hostnames, each separated by a space. The default value of ldapInterfaces is "ldap:// ldaps://". This means LDAP server listens on all the IP addresses configured in the machine.
For example: To configure an instance of LDAP Server to listen on two IP addresses (for both clear text and secure port) and the loopback address of a machine, follow the steps below:
1. Using iManager or ldapconfig, modify the ldapinterfaces attribute in the LDAP Server object to add the following:
ldap://192.168.1.1:389 ldaps://192.168.2.1:636 ldap://192.168.100.101:389 ldaps://192.168.100.101:636 ldap://127.0.0.1:389 ldaps://127.0.0.1:389
ldapconfig -s "ldapinterfaces=ldap://192.168.1.1:389 ldaps://192.168.2.1:636 ldap://192.168.100.101:389 ldaps://192.168.100.101:636 ldap://127.0.0.1:389 ldaps://127.0.0.1:389" -a cn=admin.o=acme.com -w secret
2. Disable the port 389 and 636 in the LDAP Server.
The server continues to listen on all the interfaces in the machine if cleartext or TLS ports in the LDAP Server object are not disabled.
ldapconfig -s "LDAP Enable TCP=No" -a cn=admin.o=acme.com -w secret ldapconfig -s "LDAP Enable SSL=No" -a cn=admin.o=acme.com -w secret
Note: If you use ldapconfig to configure the server, it is important to refresh the LDAP Server using the following command:
ldapconfig -R -a cn=admin.o=acme.com -w secret
The feature is available from eDirectory 8.8 SP2 onwards and is supported on all eDirectory-supported UNIX flavors.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com