27.3 Configuring REST Services for eDirectory

Perform the following steps to configure REST APIs for eDirectory:

  1. Download eDirAPI_<version>_Container.tar.gz from Software License and Download portal. For example, eDirAPI_140_Container.tar.gz.

  2. The image has to be loaded into the local Docker registry by using the following commands:

    tar -xvf eDirAPI_140_Container.tar.gz              
    docker load --input eDirAPI_140/eDirAPI_140.tar.gz
  3. Create a docker container using the following command:

    docker create --name edirapi-container --volume <volume-name>:/config/ --network=<network-type> --env ACCEPT_EULA=Y edirapi:<version>

    For example,

    docker create --name edirapi-container --volume edirapi-volume:/config/ --network=host --env ACCEPT_EULA=Y edirapi:1.4.0.0000

    NOTE:

    • You can accept the EULA by setting ACCEPT_EULA environment variable to Y. You can also accept the EULA from the on-screen prompt while starting the container by using -it option in the Docker create command for interactive mode.

    • --volume parameter in the above command will create a volume for storing configuration and log data. In this case, we have created a sample volume called edirapi-volume.

  4. Copy the server certificate file (.pfx) from your local file system to the container in /etc/opt/novell/eDirAPI/cert/keys.pfx using the following command:

    docker cp <absolute path of server certificate file> edirapi-container:/etc/opt/novell/eDirAPI/cert/keys.pfx

    For example,

    docker cp /home/user/keys.pfx edirapi-container:/etc/opt/novell/eDirAPI/cert/keys.pfx
  5. Copy the CA certificate file (.pem) from your local file system to the container in /etc/opt/novell/eDirAPI/cert/SSCert.pem using the following command:

    docker cp <absolute path of CA certificate file> edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert.pem

    For example,

    docker cp /home/user/SSCert.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert.pem

    When you connect to multiple eDirectory trees, you must ensure to obtain individual CA certificate for all the connected trees. For example, if you connect to three eDirectory trees, then you must copy all the three CA certificates in to docker container:

    docker cp /home/user/SSCert.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert.pem
    docker cp /home/user/SSCert1.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert1.pem
    docker cp /home/user/SSCert2.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert2.pem
  6. Copy the configuration file (edirapi.conf) from your local file system to the container in /etc/opt/novell/eDirAPI/conf/edirapi.conf using the following command:

    docker cp <absolute path of CA certificate file> edirapi-container:/etc/opt/novell/eDirAPI/conf/edirapi.conf

    For example,

    docker cp /home/user/edirapi.conf edirapi-container:/etc/opt/novell/eDirAPI/conf/edirapi.conf

    NOTE:To deploy eDirAPI with disable anonymous bind, you must have “ldapserver”, “ldapuser”, and “ldappassword” parameters in edirapi.conf file.

  7. Start the Docker container using the following command:

    docker start edirapi-container

The default log file location inside the REST container will be /config/eDirAPI/var/log/. You will find the following log files in this location:

  • container-startup.log

  • edirapi.log

NOTE:

  • The CA certificate for your REST server should begin with BEGIN CERTIFICATE and end with END CERTIFICATE. If you provide any other value, REST server will display an error message.

  • To support connections up to 42 thousand in your REST container, you must increase the port range by running the following three commands:

    ulimit -n 999999
    cat /proc/sys/net/ipv4/ip_local_port_range
    echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
  • You can ignore the following message in the container startup log file:

    Setting IDCONSOLEMODE from Environment to false