Role-based Entitlement plugin and Multiple instances of eDirectory 8.8

  • 7000085
  • 14-Apr-2008
  • 26-Apr-2012

Environment

Novell eDirectory 8.8 for All Platforms
Novell iManager 2.6

Situation

Role-based Entitlement plugin in iManager uses LDAP Server object to figure out what port LDAP is listening in order to configure entitlements. If there are multiple instances of eDirectory running on the server and KB 3929714 was used to configure multiple ldap interfaces you may get this error when trying to access entitlements through Role-based Entitlement plugin in iManager:

Error:Close
Error Unable to obtain an LDAP context. Possible causes: the LDAP server is not running, or the LDAP server is for a tree other than the one iManager was originally set up for, and SSL has not been set up between the iManager server and the LDAP server. Either start the LDAP server, or set up SSL by importing a trusted certificate.


Resolution

Role-based entitlement plugin in iManager uses LDAP Server object in eDirectory to figure out what ports LDAP is listening on. If those ports are disabled it thinks there is no ldap running an it will throw the above error.

If you follow the above KB 3929714 to enable multiple LDAP interfaces you may want to modify it in a following way:

In Resolution, step 2, instead of disabling ports 389 and 636, change it to another unused port that the LDAP can listen to. You will end up with LDAP listening on multiple ports.
This way, Role-based Entitlement can read the LDAP settings from the LDAP Server object and successfully connect to the server LDAP.