Solved

Getting started with Novell eDirectory in Windows Server 2003

Posted on 2004-10-16
6
523 Views
Last Modified: 2010-05-18
I just completed a fresh install of Novell eDirectory in WS2003.  In order to connect to it using LDAP Browser, I need to know the hostname, base dn, and the dn of the admin user.  Can someone please help me get started by providing tips/solutions for the following questions.

1.) Do I have to have a DNS entry for the domain that I am running my eDirectory on?  For instance, external.nds.com?  (If Yes, what exactly do I need to add, and how)

2.) Which IP address and hostname do I use to query my new eDirectory?

3.) How do I determine the DN of the admin user? I'm sort of confused because the top level of my directory installation is t=external, and I was expecting it to be ou=external.  Does the tree name always begin with t ??

Thanks.
0
Comment
Question by:gmahler5th
6 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 12331336
1) Are you running AD also? The term "Domain" in the context of a Directory Service applies only to AD. eDirectory doesn't have Domains, it has an an eDirectory Tree. And nothing silly like "trust relationships".

2) Whatever is the IP address of the machine on which you installed eDirectory.

3) You should have been queried when installing eDirectory for what context in which you wanted to place the Admin user. There should have been a dialog screen that was displayed during the install process that specifically stated the context of the Admin user and probably admonished you to make note of it. Or were you installing into an existing Tree?

The Tree name is whatever you set it to when its created. What my be confusing you is what's called "Fully Qualified" notation for an object. For example, if your Admin user was named "Admin" (doesn't HAVE to be, you know) and was located in Organizational Unit (OU) "Sales" of OU "New York" of Organization (O) "North America" in Tree (T) "IBM", then the fully-qualified notation would be:

            CN=Admin.OU=Sales.OU=New York.O=North America

Here are some handy references: http://techsupt.windowware.com/TS/T000001036003F20.html and http://webhelp.ucs.ed.ac.uk/direct/ndsdir.htm 
0
 

Author Comment

by:gmahler5th
ID: 12333168
I am not running AD.

Thank you for providing this information.  Do you know if Windows DNS is required in order to successfully use eDirectory?  I only plan to use this directory as a test system on my laptop, and no other computers will have to access it.  I have it installed, and I can access it via ConsoleOne.  But when I try connecting to it via LDAP browser or any other client, it times out and cannot connect.  I would expect that when using ldapbrowser for example, I simply use hostname (IP or machine name of my laptop) base DN (such as o=North America) and Admin DN (CN=Admin.OU=Sales.OU=New York.O=North America)  correct?  

I did make note of my Admin DN, but I was confused when I could not connect to my directory via ldapbrowser.  I tried using periods and commas in my DNs, but that didn't seem to work.  So anywas, I have the correct dn now.  I just cannot bind to the directory with anything other than ConsoleOne right now.  

So when using the DN to bind, I use the "." period notation and not commas?

Also, in order for ldapbrowser to connect to my directory, wouldn't I need to configure SLP?  How do I do that?

0
 
LVL 34

Accepted Solution

by:
PsiCop earned 500 total points
ID: 12333970
"Do you know if Windows DNS is required in order to successfully use eDirectory?"

No. eDirectory is not chained to DNS like AD is. You are free to design your Directory Services Tree around your organization's DNS structure, or not, whichever works best for YOU.

I don't recall if eDirectory for W2K3 comes with an LDAP server or not. If it does have one, it may not be enabled by default - it may be a service you need to turn on. As best I recall, you use the period (.) notation and not commas.

I don't see where SLP will help or hinder LDAP connectivity. Two different protocols for two different things.

Hopefully DSPoole will chime in. I'm sure he has more experience with eDirectory on other platforms than just about anyone else around here.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 6

Expert Comment

by:gjohnson99
ID: 12339321
edirectory dose install  LDAP  server but if you have windows LDAP  Running on server they both can not use the default address for LDAP are the same address
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12341060
I think what gjohnson is saying is that if you have both the Windoze and the eDirectory LDAP servers running, then they can't both use the same TCP port on the same IP address. The first one to bind to a given TCP port gets it - the second one won't be able to bind.

So...IF:

1) You still have the Windoze LDAP server running

and

2) You only have one IP address assigned to the box

and

3) eDirectory tries to load its LDAP server

then eDirectory's LDAP server will fail to load because the standard LDAP port is already taken.

Alternatives include adding another IP address to the box and binding the eDirectory LDAP server to that other address (and also making sue the Windoze LDAP server doesn't try to grab it); killing the Windoze LDAP server process; running one (or the other) LDAP server on a different port.
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 12371513
"CN=Admin.OU=Sales.OU=New York.O=North America"

actually, the LDAP method is:

cn=admin,ou=sales,ou=new york,o=north america

notice the use of comma's instead of periods.

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
When it comes to protecting Oracle Database servers and systems, there are a ton of myths out there. Here are the most common.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question