Novell Home

LDAP Authentication Tips

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 10 Nov 2004
 

Here are some tips on LDAP authentication in a variety of scenarios. If you don't already have the LDAP Browser / Editor, you can download it from http://www-unix.mcs.anl.gov/~gawor/ldap/download.html See TID 10075010 for installation and operating instructions.

Non-Secure (389) Anonymous Access

  1. Select New, then name the Session. For example: 389 anonymous
  2. On the Connection Tab make the following updates:
  3. * Host: Enter the IP address of the LDAP server. For example: 192.168.70.12
    * Port: Enter 389.
    * Base DN: Enter the name of your Organization. For example: o=novell
    * Verify that Anonymous Bind is checked.

Non-Secure (389) Authenticated

  1. Select New, then name the Session. For example: 389 authenticated
  2. On the Connection Tab make the following updates:
  3. * Host: Enter the IP address of the LDAP server. For example: 192.168.70.12
    * Port: Enter 389.
    * Base DN: Enter the name of your Organization. For example: o=novell
    * Uncheck Anonymous Bind.
    * User DN: Enter a username to authenticate as. For example: cn=admin,o=novell (Note: LDAP uses commas to separate username and context.)
    * Password: Enter the user's password.

Secure (636) Anonymous

  1. Select New, then name the Session. For example: 636 anonymous
  2. On the Connection Tab make the following updates:
  3. * Host: Enter the IP address of the LDAP server. Example: 192.168.70.12
    * Port: Enter 636.
    * Base DN: Enter the name of your Organization. For example: o=novell
    * Check the SSL option.
    * Verify that Anonymous Bind is checked.

Secure (636) Authenticated

  1. Select "New" then name the Session - Example: 636 authenticated
  2. On the Connection Tab make the following updates:
  3. * Host: Insert the IP address of the LDAP server. For example: 192.168.70.12
    * Port: Enter 636.
    * Base DN: Enter the name of your Organization. For example: o=novell
    * Check the SSL option.
    * Verify that Anonymous Bind is unchecked.
    * User DN: Enter a username to authenticate as. For example: cn=admin,o=novell (Note: LDAP uses commas to seperate username and context)
    * Password: Enter the user's password

Alternate Method - Using ConsoleOne and ICE

  1. Open ConsoleOne and find the LDAP server object for the server the test will be performed on.
  2. View the properties of the object and select the SSL/TLS tab.
  3. Mark down the entry for Server Certificate. This should be SSL CertificateDNS or SSL CertificateIP. Make sure the TLS (SSL) port is 636.
  4. Click Cancel.
  5. If no certificate is present, click Browse at the bottom of the certificate box, then select the SSL CertificateDNS, Click Apply, then Close. Or, use PKIDiag to create certificates.
  6. Browse for the SSL certificate found in the previous step. For example, if the server name is DS8, then the certificate should be something like SSL CertificateDNS - DS8.
  7. View the properties of this object.
  8. Select the Certificates tab and the Trusted Root Certificate page.
  9. Click Export.
  10. When prompted to export the private key with the certificate, click No, then Next.
  11. Select the File in binary DER format and select a location to save the certificate, such as the local drive.
  12. Click Next. The export certificate summary will appear.
  13. Click Finish, then cancel the Properties window for the certificate object.
  14. Select the Wizards menu bar option and then select NDS Import/Export.
  15. Select Export LDIF File and click Next.
  16. Enter the IP address of the server being tested, which should be the same server the certificate was exported from.
  17. Enter 636 as the port number.
  18. For a DER file, browse to the exported certificate saved to the local client from step 10.
  19. Choose Authenticated Login.
  20. Enter the admin user in the LDAP context and then the password.
  21. Click Next.
  22. For Base DN, enter a container in the tree, such as the top O in the tree. Be sure to enter the context in LDAP format, such as o=novell.
  23. Select Base as the scope, then click Next.
  24. Enter an output destination LDIF file, such as c:\export1.ldf. The next window is the ICE command summary screen.
  25. Click Finish.

The ICE window provides messages on whether the process was successful. The LDIF should be in the location you entered. If secure LDAP is working properly, this process should succeed, and the export1.ldf file will be created.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell