How to configure Netscape Enterprise Web Server to use Novell LDAP v3.0
(Last modified: 09Oct2002)
This document (10013150) is provided subject to the disclaimer at the end of this document.
goal
How to configure Netscape Enterprise Web Server to use Novell LDAP v3.0
fact
Netscape Enterprise Server for NetWare
NLDAP Version 3.0
Formerly TID 2947828
fix
This document is intended to provide general information about configuring Netscape Enterprise Server for NetWare to use LDAP for NDS v 3.0 (this
version of LDAP is included with NetWare 5) as the directory service.
1. --- Install LDAP for NDS v 3.0 ---
LDAP for NDS v 3.0 is included on the NetWare 5 CD. You will install LDAP for NDS v 3.0 from the server (nwconfig) using the NetWare 5 CD. The installation will create a LDAP Server object, LDAP Group object, and possibly an LDAP Catalog object. After a successful installation you should be able to see these object from NWADMIN. You will also see LDAP Services version 3.0.0 in the currently installed products list using NWCONFIG from the server console.
2. --- Create a Proxy User ---
Using NWADMIN, create a new NDS user object that will be used on behalf of the web server when querying NDS via LDAP. For example, create a user called LDAPproxy (the name of this user is not important). Add the Proxy user as a trustee to the Organization object and give it Browse object rights, and Read/Compare for ALL Property rights. This proxy user can not have a password assigned.
***Note: The term proxy is not referring to a "proxy server" but rather to an anonymous user who works on behalf of the web server.
3. --- Configure LDAP Server and LDAP Group Objects ----
From within NWADMIN you will need to configure the LDAP Server and LDAP Group objects. You should configure the following information:
For the LDAP Server object configure the Host Server and LDAP Group properties.
For the LDAP Group object configure the Suffix, Proxy Username and enable "Allow Clear Text Passwords" if an SSL connection is not being used.
*** Note: The on-line help will provide additional information about all of the above properties. If you would like more information about configuring these object click the Help button for context sensitive help.
4. --- Ensure that you have an NDS user that corresponds to the Netscape for NetWare SuperUser ---
During the initial installation of the Netscape for NetWare product you create a SuperUser account that is granted access to the Admin server. In order to use LDAP for NDS you will need to have a NDS user object with the same Username and Password as the Netscape for NetWare SuperUser account.
5. --- Configure the Web Server ---
From the Admin Server select Global Settings and enable LDAP Directory Server. You will need to configure the following fields:
Host Name: 192.168.0.1 (This is the IP address of your LDAP server)
Port: 389 (Port 389 is the standard port used for non encrypted LDAP communications. If using an SSL connection the standard port is 636.)
Base DN: o=Company (This should be the LDAP distinguished name that will be the point from which directory lookups will occur by default).
***Note: The LDAP distinguished name is different from the NDS distinguished name. The syntax for the LDAP distinguished name does not include a leading period and uses commas rather than periods to separate containers. For example, the LDAP distinguished name for .OU=Provo.O=Novell is:
ou=Provo , o=Novell
6. --- Using uid-based distinguished names ---
You will need to manually edit the following configuration file to enable uid-based distinguished names. By default, the administration server uses cn-based distinguished names, but you can change this behavior so that it creates uid-based distinguished names instead. You do this by editing the file:
NOVONYX/SUITESPOT/ADMIN-SERV/CONFIG/DSGW-ORGPERSON.CONF
and setting the useUidForDN variable to true.
7. --- Testing LDAP ---
From the Netscape for NetWare Admin server select the User & Groups option. If the New User Screen appears without any error messages then LDAP is working. You can choose the Manage Users option and use the form presented to search for users in NDS via the LDAP gateway. You can also try to create users and groups using the Netscape for NetWare Admin server User & Group option.
8. --- Troubleshooting ---
1. After enabling LDAP the SuperUser can't access the Netscape for NetWare Admin Server. See Solution 4.0.6633086.2248324
2. "Strong Encryption Required" error message. See Solution 4.0.6633095.2248324 .
document
| Document Title: | How to configure Netscape Enterprise Web Server to use Novell LDAP v3.0 |
| Document ID: | 10013150 |
| Solution ID: | 4.0.6633078.2248324 |
| Creation Date: | 26Jul1999 |
| Modified Date: | 09Oct2002 |
| Novell Product Class: | NetWare Novell eDirectory Novonyx |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.