27.3 Configuring REST Services for eDirectory

Perform the following steps to configure REST APIs for eDirectory:

  1. Download eDirAPI_100.tar.gz from NetIQ download website.

  2. The image has to be loaded into the local Docker registry by using the following commands:

    tar -xvf eDirAPI_100.tar.gz              
    docker load --input edirapi.tar
  3. Create a docker container using the following command:

    docker create --name edirapi-container --volume <volume-name>:/config/ --network=<network-type> --env ACCEPT_EULA=Y edirapi:<version>

    For example,

    docker create --name edirapi-container --volume edirapi-volume:/config/ --network=host --env ACCEPT_EULA=Y edirapi:1.0.0

    NOTE:

    • You can accept the EULA by setting ACCEPT_EULA environment variable to Y. You can also accept the EULA from the on-screen prompt while starting the container by using -it option in the Docker create command for interactive mode.

    • --volume parameter in the above command will create a volume for storing configuration and log data. In this case, we have created a sample volume called edirapi-volume.

  4. Copy the server certificate file (.pfx) from your local file system to the container in /etc/opt/novell/eDirAPI/cert/keys.pfx using the following command:

    docker cp <absolute path of server certificate file> edirapi-container:/etc/opt/novell/eDirAPI/cert/keys.pfx

    For example,

    docker cp /home/user/keys.pfx edirapi-container:/etc/opt/novell/eDirAPI/cert/keys.pfx
  5. Copy the CA certificate file (.pem) from your local file system to the container in /etc/opt/novell/eDirAPI/cert/SSCert.pem using the following command:

    docker cp <absolute path of CA certificate file> edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert.pem

    For example,

    docker cp /home/user/SSCert.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert.pem
  6. Copy the configuration file (edirapi.conf) from your local file system to the container in /etc/opt/novell/eDirAPI/conf/edirapi.conf using the following command:

    docker cp <absolute path of CA certificate file> edirapi-container:/etc/opt/novell/eDirAPI/conf/edirapi.conf

    For example,

    docker cp /home/user/edirapi.conf edirapi-container:/etc/opt/novell/eDirAPI/conf/edirapi.conf
  7. Start the Docker container using the following command:

    docker start edirapi-container

The default log file location inside the REST container will be /config/eDirAPI/var/log/. You will find the following log files in this location:

  • container-startup.log

  • edirapi.log

NOTE:

  • The CA certificate for your REST server should begin with BEGIN CERTIFICATE and end with END CERTIFICATE. If you provide any other value, REST server will display an error message.

  • To support connections up to 42 thousand in your REST container, you must increase the port range by running the following three commands:

    ulimit -n 999999
    cat /proc/sys/net/ipv4/ip_local_port_range
    echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
  • You can ignore the following message in the container startup log file:

    Setting IDCONSOLEMODE from Environment to false