Openfire Setup - Novell eDirectory

Jason_Manous · April 13, 2007, 2:09pm

Can anyone point me in the right direction for setting this up to authenticate against Novell eDirectory? I’'m running into issues regarding invalid base DN and all kinds of other problems that are negating me from getting even a proper test run.

My biggest question would be the nomenclature that novell expects to see as an LDAP server. Are we talking about cn=, dn= and so on or o=, ou=

Any direction on this would be greatly appreciated.

Regards,

Jason Manous

System Admin

University of Georga - Undergraduate Admissions

jcmanous@uga.edu

Ben_Biggie · April 13, 2007, 6:07pm

Hi,

If you search the forum for derefalias you’‘ll find an e-mail I’'ve written about this topic - well, about the difficulty of setting your search base to point to the base of the tree - which, I believe is your problem. Still no answer, though

I’‘d be curious to know if pointing to an aliased entry to the root would do the trick (t=xxxx). Try getting a ldap browser utility to figure out what your tree looks like - the softerra one’'s ok.

Anyway, to answer your question more precisely:

You’‘ll probably need to set your search base to the first container down from the root - e.g o=xx. and search filter (“advanced settings” in panel 2) of something like: (&(objectClass=inetOrgPerson)(uid=)) This config obviously implies you’‘ll only see some of your tree. I tried setting ldap.alternateBaseDN but no luck, so it looks like I might need two servers - but that maybe be a good idea anyway given the size of my institution. My eDir administrator says don’'t bother with groups '‘cause they won’‘t do much for you on our eDir. I trust him. Here’‘s the (doctored) snippet of what your wildfire.xml should look like - notice that the server itself doesn’'t need to authenticate (in our setup, anyway) ourldaphost.ouruni.ac.uk 636 o=xx true true false true cn <![CDATA[ ]]> fullName mail cn member description false (&(objectClass=inetOrgPerson)(uid=))

Ben_Biggie · April 13, 2007, 6:49pm

Got it!

alternateBaseDN needs to directly put into wildfire.xml - not as a system property, which was what I was trying - so try this:

.

…etc

Jason_Manous · April 13, 2007, 8:33pm

I was actually able to figure this one out. The key is to not include the tree name itself in the schema but rather to start with the OU as is.

Your base dn would resemble something like "o=users, o=

-jcm.