Highlighted
michelsr Absent Member.
Absent Member.
2097 views

Why so many questions about LDAP during SLES/OES install?

Let me preface this by saying we're currently a NetWare 6.5 organization.

When you install NetWare, it doesn't ask you for the IP address(es) of LDAP servers.

When you try to install OES, it asks you in LOTS of places for the IP address(es) of your "LDAP Servers," including when configuring the following OES services:

-LUM
-iPrint
-NSS
-SMS
-"LDAP Configuration for Open Enterprise Services"

All these LDAP questions are new to us. We don't know how to answer them.

In a 100% NetWare environment, you don't need LDAP, because all of the servers are capable of communicating directly with eDirectory. (Oversimplification, I know. iPrint uses LDAP in NetWare. But in general, this is true.)

My post is too long already, so let me just ask three (hopefully) simple questions:

1. When you install an OES/SLES server, does it automatically become an LDAP server for eDirectory? (In NetWare, it does.)
2. If you have an OES/SLES server functioning as an eDirectory LDAP server, can it serve LDAP requests for partitions whose replicas it does not hold? (In NetWare, it can.)
3. What happens if, during the OES/SLES installation, you give "LDAP Server" addresses of remote servers (i.e.,a different server on the network)? Does the server forever forward LDAP requests to them, and fail if they are unavailable?

Thank you so much.

- Ruth
Labels (2)
0 Likes
4 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Why so many questions about LDAP during SLES/OES install?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good questions.

1. Yes.

2. Yes.

3. The configuration is for various services. The purpose of this is
probably mostly performance. While you can point your Linux User
Management (namcd) service to localhost even when you lack replicas, and
it will probably work, it may not and you will probably enjoy life more if
it goes directly to a replica-holder for objects that may login to the
machine. Requests to the installing server's LDAP service (on its port
389/636) will still be answered by that server's eDirectory instance, but
other services can be configured to go directly to replica-holders so you
can have just a few servers with replicas that do all of that kind of
work. Some services MAY only be supported if they are configured to point
directly to replica-holders but I do not know. LUM may be one of those
since it runs a persistent search via LDAP which needs real data in order
to work perfectly.

Good luck.





On 06/17/2010 04:56 PM, michelsr wrote:
>
> Let me preface this by saying we're currently a NetWare 6.5
> organization.
>
> When you install NetWare, it doesn't ask you for the IP address(es) of
> LDAP servers.
>
> When you try to install OES, it asks you in LOTS of places for the IP
> address(es) of your "LDAP Servers," including when configuring the
> following OES services:
>
> -LUM
> -iPrint
> -NSS
> -SMS
> -"LDAP Configuration for Open Enterprise Services"
>
> All these LDAP questions are new to us. We don't know how to answer
> them.
>
> In a 100% NetWare environment, you don't need LDAP, because all of the
> servers are capable of communicating directly with eDirectory.
> (Oversimplification, I know. iPrint uses LDAP in NetWare. But in
> general, this is true.)
>
> My post is too long already, so let me just ask three (hopefully)
> simple questions:
>
> 1. When you install an OES/SLES server, does it automatically become
> an LDAP server for eDirectory? (In NetWare, it does.)
> 2. If you have an OES/SLES server functioning as an eDirectory LDAP
> server, can it serve LDAP requests for partitions whose replicas it does
> not hold? (In NetWare, it can.)
> 3. What happens if, during the OES/SLES installation, you give "LDAP
> Server" addresses of remote servers (i.e.,a different server on the
> network)? Does the server forever forward LDAP requests to them, and
> fail if they are unavailable?
>
> Thank you so much.
>
> - Ruth
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMGqkIAAoJEF+XTK08PnB5kBUP/RnkYF28FG8MBzN7T0Api2w2
rSezUw5DvGIdAlawNpJ43/gAT3LBQy7iYSgmOOk8x3NOtul0qS8mGomBhBdydOZL
gE8XX+7VLAXQoe2b2CbxREx4MXzJLAv7NbHW/TfQUqH3U2EDMPI7gC/wPGkwyQlS
tV+Nm+58aA/dWYTvI7BiQTeImWjsshGK8/CpDWYrCFnkTYvFBHeEvW3xnA6RJeR3
xWfuQ74TVNQo9mtg5INgysMER7bH2VifeLsUaaGSV+GYuuVNQbjCQsmnrh6KWf4i
STiBbb4splgCUJUXu5Ay5EyUf1EK4P8mNXsgUMYM+yWPqwxJr7F/n6Vh9eUmXs01
gpkVafPbilTD/YelslJOdfVcTfwnjXGb1k7K9QBnNK3Los6htx5YAu6ioIbwxZAC
3yDlzA+ce5wiMc1PH0W0oivZJ1Y0UjfHp9MPZoeWCRasPEwwVchK799MOwrFeJi9
I1xZtOurfQm8Eosll1zFQM/AiiEhIy3G6Lvj7bF2oLls097vOzgmyOkDIrZCvZof
393ORzJnbSUnrlUHBohDIgEzqxY9ZR95pRn0Zxf5QzGSlrzLQezyKbSCp2DAEOpM
bUDptkkl+6ni7sTOb18Fni4mypmoNhcfLlevROTaQvWSVwPuLKamWgLWHAnonvEz
4Vn7jBSkdG7W2F5ipiY7
=hnpq
-----END PGP SIGNATURE-----
0 Likes
elagrew Absent Member.
Absent Member.

Re: Why so many questions about LDAP during SLES/OES install

You will soon lean as I have that just about every service on Linux/OES2 revolves around or is somehow hooked into LDAP.

When I was running Netware, as I have for over 20 years, LDAP was only a thought...it just worked and worked well. However now I need to really change my thinking on how LDAP is set up and how it works because one wrong config or wrong association can send things in to a tail spin quite quickly.

So Yes, LDAP is installed with OES2 and Yes it is associated with all of the services...and YES it is all manual configuration and lots of it. I sure wish Novell would have made all the different services use the same LDAP configuration file. That way, you wouldn't need all those stupid and redundant questions on how you should set it up for each service. Grrrr.

Good Luck!

--El

michelsr;1989341 wrote:
Let me preface this by saying we're currently a NetWare 6.5 organization.

When you install NetWare, it doesn't ask you for the IP address(es) of LDAP servers.

When you try to install OES, it asks you in LOTS of places for the IP address(es) of your "LDAP Servers," including when configuring the following OES services:

-LUM
-iPrint
-NSS
-SMS
-"LDAP Configuration for Open Enterprise Services"

All these LDAP questions are new to us. We don't know how to answer them.

In a 100% NetWare environment, you don't need LDAP, because all of the servers are capable of communicating directly with eDirectory. (Oversimplification, I know. iPrint uses LDAP in NetWare. But in general, this is true.)

My post is too long already, so let me just ask three (hopefully) simple questions:

1. When you install an OES/SLES server, does it automatically become an LDAP server for eDirectory? (In NetWare, it does.)
2. If you have an OES/SLES server functioning as an eDirectory LDAP server, can it serve LDAP requests for partitions whose replicas it does not hold? (In NetWare, it can.)
3. What happens if, during the OES/SLES installation, you give "LDAP Server" addresses of remote servers (i.e.,a different server on the network)? Does the server forever forward LDAP requests to them, and fail if they are unavailable?

Thank you so much.

- Ruth

El LaGrew elbert.lagrew#katun.com elagrew on twitter
0 Likes
michelsr Absent Member.
Absent Member.

Re: Why so many questions about LDAP during SLES/OES install

Awesomely helpful information.

Thank you.
0 Likes
michelsr Absent Member.
Absent Member.

Re: Why so many questions about LDAP during SLES/OES install

I agree with you -- LDAP in NetWare "just worked and it worked well."

You sound like the person I want to be in three months -- looking back and laughing at the steep learning curve between NetWare and OES/SLES.

If you're willing to share, I'd love to know specifically how you answered the LDAP questions for your environment.

For example, how many NetWare servers do you have? How many partitions?

- Ruth
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.