Novell Home

Windows Tips for eDirectory - Part 1

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 27 Jul 2004
 

Here are some tips for using eDirectory in a Windows environment. (Look for future articles on tips for Linux and eDirectory as well.)

1: LDAP Traffic and eDirectory Versions

When you run LDAP queries with eDirectory 8.6.x in a W2k environment, the servers may occasionally stop responding to queries, or start refusing all LDAPS (SSL) connections. Upgrading to eDirectory 8.7.3 can help (and still works with SAP implementations).

Server lockups or lag time may be a Windows resource issue. If the LDAP response time is slow on eDirectory 8.7.3, you may need to adjust the Index tab on the LDAP Server Properties.

2) Programatically Changing the Password Expiration Time

If you programatically change the "passwordExpirationTime" attribute, such as by using a PERL script, you may notice that the attribute doesn't pick up the value you set. For example, this script creates an account on eDirectory using LDAP, and sets the expiration date to "20041216124000Z":

.....
$expiration_date="20041216124000Z";
$entry->addValue("passwordAllowChange", "TRUE");
$entry->addValue("passwordExpirationTime", $expiration_date);
....

But the result is that passwordExpirationTime is set to 19920102000000Z instead. The reason: When someone other than the user (such as an Admin or the Help Desk) changes a password via ConsoleOne, the password expiration time is reset to 1/1/1992. That means that when the user logs in the next time, the password will be expired, and the user should be prompted to change the password.

3) Recovering eDirectory Data

When you uninstall eDirectory and re-install it, you can still recover the directory data. You can also recover a DIB set after uninstall and re-install.

4) Getting Exchange Server and eDirectory to Work Together

If you've thought about installing an Exchange Server into an eDirectory tree, it actually won't work. Exchange is a Microsoft product, and it only wants to talk to Windows servers and Active Directory. That means you can't integrate Exchange into eDirectory to get user IDs from edirectory instead of from Active Directory.

What you can do is implement Novell Identity Manager 2 (formerly known as DirXML), along with your new Windows server, MAD tree, and Exchange. This enables all of your users (existing and new) to be automatically provisioned and maintained, making the process as painless as possible.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell