How to log in via LDAP with an NMAS method

This document (3307424) is provided subject to the disclaimer at the end of this document.

Environment

Novell eDirectory 8.8.x
NMAS 3.x

Situation

Cannot authenticate with LDAP via a NMAS Method

How to allow a NMAS Method to login to eDirectory through LDAP
How to allow a NMAS Method to authenticate through LDAP
search: try nmas first enable login logon

Resolution

By default LDAP and other server-side utilities use NDS login first and if this fails, it uses the Simple Password login. eDirectory 8.8 has new functionality that will allow the LDAP authentication to use an NMAS method. It uses an environment variable to accomplish this.

Complete the following procedure to allow the LDAP authentication to use a NMAS Method.

1) Set the environment variable:

Linux and UNIX:

Add the following in the ndsd script /etc/init.d/ndsd:

NDSD_TRY_NMASLOGIN_FIRST=true
export NDSD_TRY_NMASLOGIN_FIRST
These lines be placed before the start of the NDSD daemon (approximately line 144 in the default script)
Example of placement in the ndsd script:
initdir=$NDSHOME/etc/init.d
trap 'rm -f /tmp/nds.stat.$$' 0 1 15
NDSD_TRY_NMASLOGIN_FIRST=true
export NDSD_TRY_NMASLOGIN_FIRST
PATH=$PATH:/usr/local/bin
LD_LIBRARY_PATH=/usr/lib/nds-modules:$default_prefix/lib:$default_prefix/lib/nds-modules:/$NDSHOME/opt/novell/lib:/opt/novell/xad/lib/nds-modules:/opt/novell/xad/lib:$default_prefix/lib/nds-modules/jre/lib/i386:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH
#
# Start the ndsd daemon
#
If you are running Mult-instance eDirectory 8.8 on Linux, you need to update the ndsmanage script as well.
Place the lines on approximately line 8 of ndsmanage script before it attempts to start the instances of ndsds.
Example of placement in ndsmanage script: (/opt/novell/eDirectory/bin/ndsmanage)
#Copyright (c) 2007, Novell, Inc. All rights reserved.
version=""
product_name="Novell eDirectory"
NDSD_TRY_NMASLOGIN_FIRST=true
export NDSD_TRY_NMASLOGIN_FIRST
PATH=$PATH:/usr/local/bin
export PATH
ifSun=`uname -a|grep -c SunOS`
OS=`uname`
current_user=`logname`
NetWare:

Add the following in the beginning of c:\nwserver\startup.ncf file:

env NDSD_TRY_NMASLOGIN_FIRST=true

Windows:

Right-click on "My Computer" on the desktop and select Properties. In the Advanced tab click Environment Variables. Under System Variables, Add the variable and set the value to true.

2) Restart the eDirectory server.

3) Set the default login sequence on the user to the NMAS Method implemented.

Ifthis is not set, it will use the NDS login method as the default method. To enforce the method to be used by all users, go to the login policy object in the security container in iManager. Go to the other tab and set the attribute "sasDefaultLoginSequence" to the value of the NMAS Method that has been implemented.

Another alternative would be to change the code for application that is authenticating to use the NMAS LDAP SDK by using the LDAP NMAS bind API call. This API call can pass the Login Sequence that is being used. http://developer.novell.com/ndk/doc/cldap/index.html?page=/ndk/doc/cldap/ldaplibc/data/afcdjj7.html.


Additional Information

If using a third party NMAS Method, consult with the third party vendor regarding their software. The vendor is responsible for the third party methods and implementation of the method.

Formerly known as TID# 10099787

Document

Document ID:3307424
Creation Date:02-26-2008
Modified Date:12-24-2008

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.