Novell eDirectory 8.8 Installation Guide - NetIQ

More documents

Recommendations

Info

Because port 389 allows clear text, the LDAP server services Read and Write requests to the Directory through this port. This openness is adequate for environments of trust, where spoofing doesn't occur and no one inappropriately captures packets. To disallow clear passwords and other data, select the Require TLS for Simple Bind with Password option during installation. novdocx (en) 11 July 2008 As the following figure illustrates, the page gives defaults of 389, 636, and Require TLS for Simple Bind with Password. Figure 2-1 Defaults for the LDAP Configuration Screen Scenario: Require TLS for Simple Bind with Password Is Enabled: Olga is using a client that asks for a password. After Olga enters a password, the client connects to the server. However, the LDAP server does not allow the connection to bind to the server over the clear-text port. Everyone is able to view Olga's password, but Olga is unable to get a bound connection. The Require TLS for Simple Bind with Password discourages users from sending observable passwords. If this setting is disabled (that is, not checked), users are unaware that others can observe their passwords. This option, which does not allow the connection, only applies to the clear-text port. If you make a secure connection to port 636 and have a simple bind, the connection is already encrypted. No one can view passwords, data packets, or bind requests. Port 636, the Industry-Standard Secure Port The connection through port 636 is encrypted. TLS (formerly SSL) manages the encryption. By default, the eDirectory installation selects this port. 30 Novell eDirectory 8.8 Installation Guide
The following figure illustrates the selected port. Figure 2-2 LDAP Server Connections Page in iManager novdocx (en) 11 July 2008 A connection to port 636 automatically instantiates a handshake. If the handshake fails, the connection is denied. IMPORTANT: This default selection might cause a problem for your LDAP server. If a service already loaded on the host server (before eDirectory was installed) uses port 636, you must specify another port. Installations earlier than eDirectory 8.7 treated this conflict as a fatal error and unloaded nldap.nlm. The eDirectory 8.7.3 onwards installation loads nldap.nlm, places an error message in the dstrace.log file, and runs without the secure port. Scenario: Port 636 Is Already Used: Your server is running Active Directory*. Active Directory is running an LDAP program, which uses port 636. You install eDirectory. The installation program detects that port 636 is already used and doesn't assign a port number for the Novell LDAP server. The LDAP server loads and appears to run. However, because the LDAP server does not duplicate or use a port that is already open, the LDAP server does not service requests on any duplicated port. If you are not certain that port 389 or 636 is assigned to the Novell LDAP server, run the ICE utility. If the Vendor Version field does not specify Novell, you must reconfigure LDAP Server for eDirectory and select a different port. See Verifying That The LDAP Server Is Running (http:// www.novell.com/documentation/edir88/edir88/data/ai8wt35.html) in the Novell eDirectory 8.8 Administration Guide for more information. Scenario: Active Directory Is Running: Active Directory is running. Clear-text port 389 is open. You run the ICE command to port 389 and ask for the vendor version. The report displays Microsoft*. You then reconfigure the Novell LDAP server by selecting another port, so that the eDirectory LDAP server can service LDAP requests. Installing or Upgrading Novell eDirectory on Windows 31
Page 1 and 2: Installation Guide AUTHORIZED DOCUM
Page 3 and 4: Novell Trademarks Client32 is a tra
Page 5 and 6: Contents About This Book 9 novdocx
Page 7 and 8: 6 Relocating the DIB 115 6.1 Linux
Page 9 and 10: About This Book This Installation G
Page 11 and 12: 1Installing or Upgrading Novell eDi
Page 13 and 14: Objects Processor Memory Hard Disk
Page 15 and 16: • “Server Health Checks” on p
Page 17 and 18: 1.7.5 Installing into a Tree with D
Page 19 and 20: Figure 1-4 Modifying the package va
Page 21 and 22: Figure 1-7 Compiling the SPK novdoc
Page 25 and 26: • Entry rights: browse rights ove
Page 27 and 28: 2.6 Disk Space Check on Upgrading t
Page 29: See “Installing NMAS Server Softw
Page 33 and 34: Figure 2-3 eDirectory Installation
Page 35 and 36: Installation Syntax You can also us
Page 37 and 38: Figure 2-5 Installing eDirectory no
Page 39 and 40: Figure 2-7 LDAP Configuration novdo
Page 41 and 42: Need to remove files=true Primary/S
Page 43 and 44: SummaryPrompt=false prompt=false Th
Page 47 and 48: For more information on installing
Page 49 and 50: • Section 3.5.3, “Upgrading Thr
Page 51 and 52: This command updates all the eDirec
Page 53 and 54: 4. Click Run Now. 5. Click Continue
Page 55 and 56: If the eDirectory health status is
Page 57 and 58: 3.6 Installing eDirectory The follo
Page 59 and 60: 3.6.2 Installing NICI NICI should b
Page 61 and 62: nds-install Parameter Description -
Page 63 and 64: export MANPATH=/opt/novell/man:/opt
Page 65 and 66: To ensure that NICI is set to serve
Page 67 and 68: Configuring eDirectory 8.8 Multiple
Page 69 and 70: export MANPATH=custom_location/eDir
Page 71 and 72: A new tree is installed with the sp
Page 73 and 74: ndsconfig Parameter -a admin FDN De
Page 75 and 76: The method to configure multiple in
Page 77 and 78: You can either create a new tree or
Page 79 and 80: Planning the Setup Mary specifies t
Page 81 and 82:
To configure NMAS and create NMAS o
Page 83 and 84:
4Installing or Upgrading Novell eDi
Page 85 and 86:
(Conditional) If you are installing
Page 87 and 88:
• Section 4.6.3, “Installing NI
Page 89 and 90:
For more information, refer to the
Page 91 and 92:
eDirectory Component Packages Insta
Page 93 and 94:
novell/lib:/opt/novell/lib:/opt/nov
Page 95 and 96:
ndsconfig def -t treename -n server
Page 97 and 98:
nmasinst will prompt you for a pass
Page 99 and 100:
5Installing or Upgrading Novell eDi
Page 101 and 102:
eDirectory scales well on a single
Page 103 and 104:
See Appendix B, “eDirectory Healt
Page 105 and 106:
sudo installp -acgXd /home/build/AI
Page 107 and 108:
For more information on the nmasins
Page 109 and 110:
ndsconfig new -t treename -n server
Page 111 and 112:
NOTE: The HTML files created using
Page 113 and 114:
2 Install NOVLsubag as root. 3 Expo
Page 115 and 116:
6Relocating the DIB After installin
Page 117 and 118:
7Upgrade Requirements of eDirectory
Page 119 and 120:
Figure 7-2 ndsdibupg Help Screen no
Page 121 and 122:
Figure 7-3 Upgrade Process novdocx
Page 123 and 124:
8Configuring Novell eDirectory on L
Page 125 and 126:
Parameter n4u.nds.advertise-life-ti
Page 127 and 128:
Parameter n4u.server.sid-caching En
Page 129 and 130:
8.3 Security Considerations We reco
Page 131 and 132:
9Migrating to eDirectory 8.8 SP3 Th
Page 133 and 134:
9.2 Migrating to eDirectory 8.8 SP3
Page 135 and 136:
10Uninstalling Novell eDirectory Th
Page 137 and 138:
A response file is a text file cont
Page 139 and 140:
10.2.3 Uninstalling NICI 1 On the W
Page 141 and 142:
ALinux, Solaris, and AIX Packages f
Page 143 and 144:
Package NOVLlmgnt NOVLxis NOVLsas D
Page 145 and 146:
BeDirectory Health Checks Novell ®
Page 147 and 148:
Similarly, it gets the HTTP and HTT
Page 149 and 150:
Figure B-2 Health Check with a Crit
Page 151 and 152:
CConfiguring OpenSLP for eDirectory
Page 153 and 154:
4. Querying DHCP for network-config
show all

Novell eDirectory 8.8 Installation Guide - NetIQ

Create successful ePaper yourself

Delete template?

Save as template?