jimgoodall Respected Contributor.
Respected Contributor.
350 views

9.1.x change LDAP ports on upgrade?

Hi folks,

I have a sandbox that is a Windows DC and is also running eDirectory 9.0.3

I have my eDirectory LDAP ports set up as 8389 and 8636 so as not to conflict with MAD.

I can successfully authenticate as cn=admin,ou=services,o=demo using Apache Directory studio on port 8636.

When I execute eDirectory_913_Windows_x86_64.exe I can get as for as the first screen, however I am unable to authenticate. Looking at the advanced screen, the LDAP ports are set to 389 and 636, no worries, I'll just change the port numbers, and away we go......

Except I can't, the settings are greyed out 😞

I have looked at the silent install instructions, however the Econfig powershell script is not where it is mentioned in the documentation - I have found it in my users temporary files, but running it does not seem to do anything.

Oh how I love eDirectory on Windows!

Any suggestions gratefully accepted 🙂
Labels (1)
0 Likes
3 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: 9.1.x change LDAP ports on upgrade?

On 04/23/2019 04:54 AM, jimgoodall wrote:
>
> I have a sandbox that is a Windows DC and is also running eDirectory
> 9.0.3


I know it's convenient to do, but I think neither microsoft, nor Novell
(back in the day), recommended running eDir on a DC. DCs are already busy
with other things, and they (as I recall) are not designed well for things
with lots of files (due to filesystem caching changes specific to DCs, or
so I've heard from windows experts, of which I am certainly not). As a
result, it would solve a lot of problems if you didn't run on a DC, or
windows at all for that matter.

> I have my eDirectory LDAP ports set up as 8389 and 8636 so as not to
> conflict with MAD.
>
> I can successfully authenticate as cn=admin,ou=services,o=demo using
> Apache Directory studio on port 8636.
>
> When I execute eDirectory_913_Windows_x86_64.exe I can get as for as the
> first screen, however I am unable to authenticate. Looking at the


Just to be clear, it seems unlikely that any eDirectory native
authentication is going to use LDAP, so focusing on LDAP at this point
might be a red herring. If eDirectory does not load fully (at all)
because of conflicting LDAP ports (probably what you are assuming) then
sure, that could block all authentication to eDirectory, but I really
doubt that any eDirectory installer will rely on LDAP for authentication.

> advanced screen, the LDAP ports are set to 389 and 636, no worries, I'll
> just change the port numbers, and away we go......
>
> Except I can't, the settings are greyed out 😞


That seems..... broken.

> I have looked at the silent install instructions, however the Econfig
> powershell script is not where it is mentioned in the documentation - I
> have found it in my users temporary files, but running it does not seem
> to do anything.
>
> Oh how I love eDirectory on Windows!


I wish I had something that you might consider helpful; my best
recommendation is to use Linux instead, or barring that, don't use a DC to
hose eDirectory. You could also submit an enhancement request with
microsoft to finally allow changing the LDAP and LDAPS ports for microsoft
active directory (MAD), but I think they've been ignoring that request
from customers for a long time.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
jimgoodall Respected Contributor.
Respected Contributor.

Re: 9.1.x change LDAP ports on upgrade?

Thanks for the response. In the real world, I'd never install eDirectory on a DC, just useful to be able to run both products on a single box for demo purposes.

eDirectory has been running just fine, IDM and authentication were happy

I have tried various different angles of silent upgrades - the docs are not awfully clear, and have now managed to hose it! I'm writing this off as a bad job.

For the purposes of my demo, I have now spun up a Redhat to host my vault and IDM box, which behaves exactly as I would expect 🙂

I shall uninstall everything else and just put a remote loader on the DC.

Would be interesting to get some feedback from NetIQ on why the ports were greyed out and whether the install is using LDAP or NCP at that point.

Have a great day!

Cheers

Jim
0 Likes
Knowledge Partner
Knowledge Partner

Re: 9.1.x change LDAP ports on upgrade?

When it comes ti windows and off behaviour I always start with suspecting rights. You could have a faulty installera as well.
If you have the posdibility you could open a SR to ask why the ports are greyed out.

Cheers
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.