Environment
EDIR8703.EXE
EDIR8704.EXE
Situation
LDAP server is not accepting bind requests from clients.
LDAP appears to load fine.
How to disable anonymous binds in LDAP
How to restrict anonymous binds in LDAP.
Resolution
Make sure the EDIR870x.EXE or EDIR870x.TGZ files are installed on your platform, then use the proper platform specific schema extention utility to extend schema with the LDAP.SCH file and associate the attribute to the LDAP server object. Below are the NetWare, NT and UNIX procedures.
NETWARE:
This should first be run on a RW or Master of Root!
a. From the NetWare Console type "LOAD NWCONFIG" - Select Directory Options - Extend Schema
b. Authenticate as admin or a user with admin rights to root. Change the path by pressing F3 - Specify the location of the LDAP.SCH file in the 8703 patch (\NW\SYS\SYSTEM\SCHEMA
c. Force the schema synch process by running the following commands on the console:
SET DSTRACE=ON
SET DSTRACE=+SCHEMA
SET DSTRACE=*SSD
SET DSTRACE=*SSA
Wait for an "All Processed = Yes" on the Directory Services Screen then continue to the ConsoleOne Section of this TID.
NT:
This should first be run on a RW or Master of Root
a. Choose Start - Control Panel - Novell eDirectory Services - Highlight the INSTALL.DLM module - Click Start
b. Choose "Install additional schema files." - Click Next - Authenticate as Admin or a user with admin rights to root
c. Browse to the LDAP.SCH file contained in EDIR870x.EXE (IE., C:\8703\NT\NDS\LDAP.SCH ) - Click Finish
d. Force a Schema Synch Process from either Novell eDirectory Services - DSTRACE or from iManager DSTRACE.
e. Wait for an "All Processed = Yes" on the Directory Services Screen then continue to the ConsoleOne Section of this TID.
UNIX:
This should be run on a RW or Master of Root then
a. Type the following command:
ndssch
b. Authenticate as admin or a user with admin rights to root, and type the admin password when prompted.
c. Force the schema synch process by running the following commands on the console:
ndstrace
set dstrace=nodebug
dstrace +scma +scmd
set dstrace=*ssd
set dstrace=*ssa
Wait for an "All Processed = Yes" on the Directory Services Screen then continue with the ConsoleOne section
CONSOLEONE:
Now a new attribute, ldapBindRestrictions, has been added to schema and associated with the LDAP server class. Now we can associate it to our LDAP server and then populate it with a value.
1. Load ConsoleOne
2. Browse to your LDAP server object
3. Right click - Properties - Other Tab
4. Click on the Attribute Add button - Scroll to the ldapBindRestrictions attribute - OK
5. To disable anonymous binds put a value of 1 in the attribute value field. To allow such connections put in a value of 0.
6. Select Apply - OK
Note: In 8.7.1, a property tab is available for this setting to be toggled on or off. Also the schema will automatically extend for this funtion.
Additional Information
Formerly known as TID# 10077872