Previous Topic: Configure Domino Directory ConnectionsNext Topic: Configure Novell eDirectory LDAP Directory Connections


How to Configure a Novell eDirectory LDAP Directory Connection

You can use a Novell eDirectory LDAP user directory as a user store. The following process lists the steps for creating the user store connection to the Policy Server:

  1. Configure NetWare
  2. Configure Anonymous LDAP Access on Novell eDirectory

    or

    Create access for a specific SiteMinder Administrator:

  3. Ping the User Store System
  4. Configure a Novell eDirectory LDAP Directory Connection
Configure NetWare

The goal of the configuration described in this section is to allow the Policy Server to log into the Novell eDirectory, view the contents of the directory, and retrieve directory attributes. For some advanced features of SiteMinder, you may also need to configure the Novell eDirectory to allow the Policy Server write-access to the directory.

If you installed LDAP as part of your Novell eDirectory installation, you should have a server in Novell eDirectory called LDAP Server and an LDAP group named LDAP Group. LDAP Server should be a member of the LDAP Group.

To create the LDAP Server and LDAP Group in Novell eDirectory

  1. Create an LDAP Server in Novell eDirectory. (For this example, it is called LDAP Server.)
  2. Create an LDAP Group in Novell eDirectory. (For this example, it is called LDAP Group.)
  3. Assign LDAP Group to LDAP Server.
    1. In the NW Admin tool, right click on LDAP Server.

      Note: If you are using the Netware ConsoleOne tool instead of the NW Admin tool to modify your Novell eDirectory, you must complete the same tasks using the tools available in ConsoleOne. The interface for the two tools is similar. See your Novell documentation for more information.

    2. From the popup menu, select Details.
    3. Type LDAP Group in the LDAP Group field.
    4. Click OK.

More information:

Directory Attributes Overview

Configure Anonymous LDAP Access on Novell eDirectory

In order for the Policy Server to interact with an Novell eDirectory, you must create an account with enough administrative privileges to allow access to the directory.

The easiest configuration is to generate an anonymous user on the LDAP server and make this the proxy user. The user should be assigned enough power to perform all functions necessary for SiteMinder on the LDAP server.

The instructions below assign administrator privileges to an anonymous user, although you can configure the user with more limited privileges. The effect of this is that any anonymous access to the LDAP directory will gain the same privileges you give to SiteMinder.

To configure anonymous LDAP access

  1. Create a user called LDAP_Anonymous.

    The following procedure is an example which may differ based on your version of Novell products.

    1. From the menu bar of the NW Admin tool, select Object, Create, User.
    2. Add the name LDAP_Anonymous.
    3. Do not assign a password.
    4. In the right frame, select Security Equal To and add the admin user (for example, Admin.transpolar).
    5. Click OK.
  2. Set up a proxy account:

    The following procedure is an example which may differ based on your version of Novell products.

    1. In the NW Admin tool, select LDAP Group.
    2. From the popup menu, select Details.
    3. Click Continue.
    4. In Proxy Username field, enter LDAP_Anonymous.
    5. In right frame, select Access Control and click Add.
    6. In the LDAP ACL Name field, enter LDAP_Anonymous.
    7. Select the LDAP Distinguished Name check box and enter cn=LDAP_Anonymous.
    8. Select the All Attributes and Object Rights check box.
    9. Click OK.
    10. In right frame, select Access Control and click Add.
    11. In box labeled LDAP ACL Name, enter Everyone.
    12. Select the Everything check box.
    13. Select the All Attributes and Object Rights check box.
    14. Click OK.
    15. Click OK.

      To continue configuring your Novell eDirectory for use with the Policy Server, see Configure a Novell eDirectory LDAP Connection in Policy Server User Interface.

Special Access for the SiteMinder Administrator

The alternate instructions below allow special access only to the Policy Servers and may be more appropriate in some environments.

  1. Create an Novell eDirectory user to represent the SiteMinder administrator (for example called SiteMinder_admin).
  2. Give this user a password generated by the SiteMinder administrator which will be entered in the Administrative UI.
Create a Novell eDirectory User Account for SiteMinder Administration

You can give the SiteMinder Administration a user account using the NW Admin tool.

To create a Novell eDirectory user account for SiteMinder administration

  1. In the NW Admin tool, right click LDAP Group.
  2. From the popup menu, select Details.
  3. In the right panel, click Access Control.
  4. Add an ACL.
  5. Enter a name for the ACL.
  6. In the Access By List screen, click Add.
  7. In the Access By List panel, click LDAP Distinguished Name.
  8. Enter cn=SiteMinder_admin.

By default, set the access level to Read, which is sufficient for SiteMinder’s basic functions. Customers whose use active APIs or some of SiteMinder’s advanced features (for example, Password Services, User Disablement, Registration Services) may require Write access.

Ping the User Store System

Pinging the user store system verifies that a network connection exists between the Policy Server and the user directory or database.

Note: Some user store systems may require the Policy Server to present credentials.