eDirectory 8.8 SP2 and LDAPInterfaces

Document ID:3929714
Creation Date:22-Feb-2008
Modified Date:01-Aug-2013
- Micro Focus Products:
  eDirectory

Environment

Novell eDirectory 8.8 for All Platforms

Situation

Configuring eDirectory LDAP Server to listen on specific IP addresses requires multiple steps and is often confusing. This document guides you through the configuration.

Resolution

eDirectory 8.8 introduced the feature of configuring the LDAP Server to listen on one or all of the interfaces configured in the machine. LDAP Server in eDirectory 8.8 SP2 has been enhanced to listen on specific interfaces by configuring the 'ldapInterfaces' attribute. The representation of this attribute has been slightly upgraded in the eDirectory 8.8 SP2.

ldapInterfaces is a multi-valued SYN_CI_STRING attribute used to store LDAP URLs on which LDAP server listens (on both cleartext and secure ports). This attribute can be useful in configuring multiple instances, that requires each instance of the eDirectory server to listen on a specific interface. The attribute can be configured with the IP addresses and port numbers in the LDAP URL format. The LDAP server listens on these IP addresses and ports.

The default value of ldapInterfaces attribute is 'ldap://'. This means LDAP server listens on all the IP addresses configured in the machine.

To configure an instance of LDAP server to listen on two IP addresses (on both clear text and secure port) of a machine, follow the steps below:

Use iManager or ldapconfig to modify the ldapinterfaces attribute in the LDAP Server object, to add:
ldap://192.168.1.1:389
ldaps://192.168.2.1:636
ldap://192.168.100.101:389
ldaps://192.168.100.101:636

eg: ldapconfig -s "ldapinterfaces=ldap://192.168.1.1:389, ldaps://192.168.2.1:636, ldap://192.168.100.101:389, ldaps://192.168.100.101:636" -a cn=admin.o=novell -w secret
Disable the port 389 and 636 in the LDAP Server.
The server continues to listen on all the interfaces in the machine if cleartext or TLS ports in the LDAP object are not disabled.

eg: ldapconfig -s "LDAP Enable TCP=No" -a cn=admin.o=novell -w secret
ldapconfig -s "LDAP Enable SSL=No" -a cn=admin.o=novell -w secret

Additional Information

The feature is available from eDirectory 8.8 SP2 onwards and is supported on all Unix flavors that eDirectory supports.

For more information, check the eDirectory 8.8 Administration Guide at:

https://www.novell.com/documentation/edir88/edir88/data/agq8auc.html