Perform the following steps to configure REST APIs for eDirectory:
Download eDirAPI_<version>_Container.tar.gz from Software License and Download portal. For example, eDirAPI_140_Container.tar.gz.
The image has to be loaded into the local Docker registry by using the following commands:
tar -xvf eDirAPI_140_Container.tar.gz
docker load --input eDirAPI_140/eDirAPI_140.tar.gz
Create a docker container using the following command:
docker create --name edirapi-container --volume <volume-name>:/config/ --network=<network-type> --env ACCEPT_EULA=Y edirapi:<version>
For example,
docker create --name edirapi-container --volume edirapi-volume:/config/ --network=host --env ACCEPT_EULA=Y edirapi:1.4.0.0000
NOTE:
You can accept the EULA by setting ACCEPT_EULA environment variable to Y. You can also accept the EULA from the on-screen prompt while starting the container by using -it option in the Docker create command for interactive mode.
--volume parameter in the above command will create a volume for storing configuration and log data. In this case, we have created a sample volume called edirapi-volume.
Copy the server certificate file (.pfx) from your local file system to the container in /etc/opt/novell/eDirAPI/cert/keys.pfx using the following command:
docker cp <absolute path of server certificate file> edirapi-container:/etc/opt/novell/eDirAPI/cert/keys.pfx
For example,
docker cp /home/user/keys.pfx edirapi-container:/etc/opt/novell/eDirAPI/cert/keys.pfx
Copy the CA certificate file (.pem) from your local file system to the container in /etc/opt/novell/eDirAPI/cert/SSCert.pem using the following command:
docker cp <absolute path of CA certificate file> edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert.pem
For example,
docker cp /home/user/SSCert.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert.pem
When you connect to multiple eDirectory trees, you must ensure to obtain individual CA certificate for all the connected trees. For example, if you connect to three eDirectory trees, then you must copy all the three CA certificates in to docker container:
docker cp /home/user/SSCert.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert.pem docker cp /home/user/SSCert1.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert1.pem docker cp /home/user/SSCert2.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert2.pem
Copy the configuration file (edirapi.conf) from your local file system to the container in /etc/opt/novell/eDirAPI/conf/edirapi.conf using the following command:
docker cp <absolute path of CA certificate file> edirapi-container:/etc/opt/novell/eDirAPI/conf/edirapi.conf
For example,
docker cp /home/user/edirapi.conf edirapi-container:/etc/opt/novell/eDirAPI/conf/edirapi.conf
NOTE:To deploy eDirAPI with disable anonymous bind, you must have “ldapserver”, “ldapuser”, and “ldappassword” parameters in edirapi.conf file.
Start the Docker container using the following command:
docker start edirapi-container
The default log file location inside the REST container will be /config/eDirAPI/var/log/. You will find the following log files in this location:
container-startup.log
edirapi.log
NOTE:
The CA certificate for your REST server should begin with BEGIN CERTIFICATE and end with END CERTIFICATE. If you provide any other value, REST server will display an error message.
To support connections up to 42 thousand in your REST container, you must increase the port range by running the following three commands:
ulimit -n 999999 cat /proc/sys/net/ipv4/ip_local_port_range echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
You can ignore the following message in the container startup log file:
Setting IDCONSOLEMODE from Environment to false