Creating a directory server
You can create a directory server to centrally manage and share information about network resources and users while acting as the central authority for network security.
- Select Global Settings > Directory Servers in the left window pane.
- Select Edit > Create Directory Server
.
The Properties window appears displaying the values for the directory server it has found on the master's domain. Enter the required missing information into the respective boxes or modify the pre-selected values to those of another directory server to add.
Parameter
Description
Name
Enter the user-friendly name of the directory server, under which it is known, into this field. This name may be any combination of characters.
Notes
Free text field that may be edited to display general information about the object and its contents.
Directory Server Proxy
Specify the device to be defined as the directory server proxy by clicking the Select a Device icon to the right.
Type
Select from this drop-down list the type of directory server that is to be defined. Based on the directory type, the other options are populated. The options include:
- Specify the credentials as required. The options include:
- Anonymous Access: Select this option if you want to log on to the directory server with an anonymous login. Depending on the ACL lists of the server you may or may not be allowed to connect and/or synchronize. For security reasons it is recommended to not use this option. Checking this option is the same as using an authenticated access without specifying a user and password.
- Authenticated Access: Select this option to log on to the directory server with a specific user login and perform the following actions:
- Click
next to the Account Credentials field. In the Add an account credentials window, select an existing account credential or click Create a new credential.
If the administrator account, which is used to authenticate the directory server, has a top-level domain name, for example, .com / .org / .net / .local, then the test connection may fail with 'Invalid Credentials' error message. In this case, update the administrator account and remove the domain name extension from the domain name field.
- Click
- Check that the entered values are correct by clicking the Test Login button.
- Click OK to confirm.
A new directory server with the specified data was created.
List of supported directory servers
Microsoft Active Directory
Parameter | Description |
|---|---|
AD Server Name | Enter the known network name of the directory server in this field. This value may be either the complete (recommended) or short network name, such as scotty.bridge.enterprise.com or scotty, or it may be the IP address of the server in its dotted notation, for example, 175.175.2.1 or 2001:db8:85a3::8a2e:370:7334. |
Port Number | Enter the number of the port in this field at which the directory server database may be accessed (389 by default). |
Alias | The name of the eDirectory tree to which you want to connect. It corresponds to the client field of the same name provided by Novell in the Advanced settings; it is the same as an Active Directory Alias and may be required in certain cases. A user of context europe.world.enterprise.com may for example be part of a tree called Americas in which exists a unit USA. |
IBM Domino
Parameter | Description |
|---|---|
Domino Server Name | Enter the known network name of the directory server in this field. This value may be either the complete (recommended) or short network name, such as scotty.bridge.enterprise.com or scotty , or it may be the IP address of the server in its dotted notation, for example, 175.175.2.1 or 2001:db8:85a3::8a2e:370:7334. |
Port Number | Enter the number of the port in this field at which the directory server database may be accessed (389 by default). |
Organizational Unit | The name of the Domino organizational unit to which the user belongs, similar entity to the alias and OU of Directory Server, for example, a Domino directory of which the organization name is World and which includes the organizational units Americas , Europe and Asia. |
LDAP Server
Parameter | Description |
|---|---|
LDAP Server Name | Enter the known network name of the directory server in this field. This value may be either the complete (recommended) or short network name, such as scotty.bridge.enterprise.com or scotty , or it may be the IP address of the server in its dotted notation, for example, 175.175.2.1 or 2001:db8:85a3::8a2e:370:7334. |
Port Number | Enter the number of the port in this field at which the directory server database may be accessed (389 by default). |
Base DN | Enter the unique name of the base DN to which you want to connect. The base DN is the entry point to the directory organization and different from all others. You can enter this value either in LDAP or UNC format. For example: the entry world.entreprise.com of Active Directory can be entered in LDAP notation as dc=world, dc=enterprise, dc=com or as world.enterprise.com in UNC notation. |
Domain Alias | The name of the eDirectory tree to which you want to connect. It corresponds to the client field of the same name provided by Novell in the Advanced settings; it is the same as an Active Directory Alias and may be required in certain cases. A user of context europe.world.enterprise.com may for example be part of a tree called Americas in which exists a unit USA. |
Linux LDAP servers
When you add an LDAP server which is running on Linux, you might be unable to connect to the LDAP server. When you click Test Login, you might see the result Initialization of LDAP library failed. This is caused by being unable to locate the ./libldap.so and ./liblber.so libraries.
You can workaround this problem by creating symbolic links to the library and restarting the BCM agent. For example, on CentOS 7, as root, enter the following commands:
ln -s /usr/lib64/libldap-2.4.so.2 /usr/local/bmc-software/client-management/client/bin/libldap.so
ln -s /usr/lib64/liblber-2.4.so.2 /usr/local/bmc-software/client-management/client/bin/liblber.so
/etc/init.d/BMCClientManagementAgent stop
/etc/init.d/BMCClientManagementAgent startNovell eDirectory
Parameter | Description |
|---|---|
eDirectory Server Name | Enter the known network name of the directory server in this field. This value may be either the complete (recommended) or short network name, such as scotty.bridge.enterprise.com or scotty, or it may be the IP address of the server in its dotted notation, for example, 175.175.2.1 or 2001:db8:85a3::8a2e:370:7334. |
Port Number | Enter the number of the port in this field at which the directory server database may be accessed (389 by default). |
Context | The name of the context that is to be referred in eDirectory. It corresponds to the client field of the same name provided by Novell in the Advanced settings and is the same as a complete domain name in Active Directory. A context called world.enterprise.com that redirects to the directory part referencing the desired user. |
Tree | The name of the eDirectory tree to which you want to connect. It corresponds to the client field of the same name provided by Novell in the Advanced settings; it is the same as an Active Directory Alias and may be required in certain cases. A user of context europe.world.enterprise.com may for example be part of a tree called Americas in which exists a unit USA. |
Comments
Please add a note under 'Authenticated Access:' description that covers DRZKZ-2727 workaround.
>> If the administrator account being used to authenticate directory server has top level domain name, example: .com / .org / .net / .local then the test connection may fail with 'Invalid Credentials' error message.
>> Update the administrator account and remove the domain name extension from the domain name field.
Thanks, Sagar! I have added a note as per your suggestion.
Log in or register to comment.