Installing the Kerberos LDAP Extensions

Kerberos LDAP Extensions provide the functionality to manage Kerberos keys.

Prerequisite

Before installing the Kerberos LDAP Extensions on NetWare or Windows, you must install the LDAP libraries for C. For more information, refer to http://developer.novell.com/ndk/cldap.htm.

Based on where the Kerberos LDAP Extensions must be installed, complete one of the following procedures:

• Installing the Kerberos LDAP Extensions on NetWare
• Installing the Kerberos LDAP Extensions on Windows
• Installing the Kerberos LDAP Extensions on Linux/Solaris

Installing the Kerberos LDAP Extensions on NetWare

The Kerberos LDAP Extensions can be installed from a Windows machine to a remote NetWare machine. You must map the SYS: volume on the NetWare machine to a drive on the Windows machine that you are installing the Kerberos LDAP Extensions from.

1. Double-click Krbldapext_Install.exe at extracted_folder\NMAS_Kerberos_Method_10\Novell\Kerberos\Kerberos_Ldap_ Extensions\NetWare, where extracted_folder is the directory where you extracted the NMAS_Kerberos_Method_10.zip file.

2. Read the Welcome screen, then click Next.

3. Browse to select the drive that is mapped to the SYS volume of the NetWare machine.

   To map a drive, in Windows Explorer, click Tools > Map Network Drive, select the drive on the Windows machine that is to be mapped, and then specify the SYS: volume on the remote NetWare machine as \\NetWare_machine\sys: (where NetWare_machine is the hostname or the IP address of the remote NetWare machine).

4. Click Next to specify the following LDAP authentication information:

   • Bind FDN: The FDN of the administrator or the user with administrator-equivalent rights

     This must be in the format cn=admin,o=org.

   • Bind FDN Password: The password of the Bind FDN
   • LDAP Server: The hostname or IP address of the LDAP Server
   • LDAP Server port (optional): The port that the LDAP server is running on

     If you do not specify the LDAP server port but specify the trusted root certificate, the default port 636 is used.

   • Trusted Root Certificate (optional): The trusted root certificate filename for SSL bind

     If you do not specify the LDAP server port and the trusted root certificate, the default port 389 is used.

     For more information, refer to Exporting the Trusted Root Certificates.

5. Click Next to install the Kerberos LDAP Extensions.

6. Click Finish to complete the installation.

IMPORTANT:  You must manually refresh the LDAP server for the installation changes to take effect. For more information, refer to the eDirectory 8.7.3 Administration Guide.

Installing the Kerberos LDAP Extensions on Windows

1. Double-click Krbldapx_Install.exe at extracted_folder\NMAS_Kerberos_Method_10\Novell\Kerberos\Kerberos_Ldap_Extensions\Windows, where extracted_folder is the directory where you extracted the NMAS_Kerberos_Method_10.zip file.

2. Read the Welcome screen, then click Next to specify the following LDAP authentication information:

   • Bind FDN: The FDN of the administrator or the user with administrator-equivalent rights

     This must be in the format cn=admin,o=org.

   • Bind FDN Password: The password of the Bind FDN
   • LDAP Server: The hostname or IP address of the LDAP Server

     If it is not specified, the name of the local host that Krbldapext_Install.exe is invoked from is used as the default.

   • LDAP Server port (optional): The port that the LDAP server is running on

     If you do not specify the LDAP server port but specify the trusted root certificate, the default port 636 is used.

   • Trusted Root Certificate (optional): The trusted root certificate filename for SSL bind

     If you do not specify the LDAP server port and the trusted root certificate, the default port 389 is used.

     For more information, refer to Exporting the Trusted Root Certificates.

3. Click Next to install the Kerberos LDAP Extensions.

4. Click Finish to complete the installation.

IMPORTANT:  You must manually refresh the LDAP server for the installation changes to take effect. For more information, refer to the eDirectory 8.7.3 Administration Guide.

Installing the Kerberos LDAP Extensions on Linux/Solaris

1. Log in as root or root-equivalent user on the machine where you want to install the Kerberos LDAP Extensions for NMAS.

2. Extract the files from the tar file:

   • On Linux: extracted_folder/NMAS_Kerberos_Method_10/Novell/Kerberos/Kerberos_Ldap_Extensions/Linux/Linux_ldapx_install.tar.gz
   • On Solaris: extracted_folder/NMAS_Kerberos_Method_10/Novell/Kerberos/Kerberos_Ldap_Extensions/Solaris/Solaris_ldapx_install.tar.gz

   where extracted_folder is the directory where you extracted the NMAS_Kerberos_Method_10.zip file.

3. Execute the krbldapx_install script by entering:

   krbldapx_install -i -D bind_fdn [-w bind_fdn_password] [-h ldap_server] [-p port] [-e trusted_root_file]

   where

   • bind_fdn is the FDN of the administrator or the user with administrator-equivalent rights. This must be in the format cn=admin,o=org.
   • bind_fdn_password is the password of the bind_fdn.
   • ldap_server is the hostname or IP address of the LDAP server.
   • port is the port that the LDAP server is running on.
   • trusted_root_file is the trusted root certificate filename for the SSL bind.

     For more information on exporting the trusted root certificate, refer to Exporting the Trusted Root Certificates.

   NOTE:  If you do not specify the -h option, the name of the local host that krbldapx_install is invoked from is used as the default.

   If you do not specify the LDAP server port and the trusted root certificate, the default port 389 is used.

   If you do not specify the LDAP server port but specify the trusted root certificate, the default port 636 is used.

4. Specify the root directory where Novell eDirectory modules are installed.

   If you do not specify a directory, /usr/lib/nds-modules is used as the default directory.

If the installation is successful, the LDAP server is restarted and a success message is displayed.