Environment
Situation
How to allow a NMAS Method to login to eDirectory through LDAP
How to allow a NMAS Method to authenticate through LDAP
Resolution
By default LDAP and other server-side utilities use NDS login first and if this fails, it uses the Simple Password login. eDirectory 8.8 has new functionality that will allow the LDAP authentication to use an NMAS method. It uses an environment variable to accomplish this.
Complete the following procedure to allow the LDAP authentication to use a NMAS Method.
1) Set the environment variable:
Linux and UNIX:
Add the following in the pre_ndsd_start script /opt/novell/eDirectory/sbin (formerly found in in /etc/init.d with 8.8.5.0 and earlier):
These lines should be placed anywhere in the file.
Add the following in the beginning of c:\nwserver\startup.ncf file:
env NDSD_TRY_NMASLOGIN_FIRST=true
Windows:
Right-click on "My Computer" on the desktop and select Properties. In the Advanced tab click Environment Variables. Under System Variables, Add the variable and set the value to true.
2) Restart the eDirectory server.
3) Set the default login sequence on the user to the NMAS Method implemented.
If this is not set, it will use the NDS login method as the default method. To enforce the method to be used by all users, go to the login policy object in the security container in iManager. Go to the other tab and set the attribute "sasDefaultLoginSequence" to the value of the NMAS Method that has been implemented.
Another alternative would be to change the code for application that is authenticating to use the NMAS LDAP SDK by using the LDAP NMAS bind API call. This API call (ldap_bind_nmas_s) can pass the Login Sequence that is being used.
Additional Information
Formerly known as TID# 10099787
Change Log
2013-08-13 KK: Corrected URL and moved it behind the actual API name, ldap_bind_nmas_s for easier searching.