2.2 Creating a New Configuration File

You can create an XML configuration file through NLPManager. However, to use the newly created file to configure NetIQ LDAP Proxy, you must name the file as nlpconf.xml and place it in the /etc/opt/novell/ldapproxy/conf directory on the machine where you installed LDAP Proxy.

Run the ./NLPManager command to start the NLPManager.
To start a new configuration file, do one of the following:
- Click the icon.
- In the Provisioning menu, click New Configuration.
The New LDAP Proxy Configuration Project window is displayed.
Specify the following.
- Filename: A name for the new configuration file.
- Enter or select the parent folder: The location where you want to save the configuration file.
The proxy configuration is displayed in the Project Explorer pane.
Click Finish.
Add listeners:
1. Click the Listeners option in the Project Explorer pane.
  
  The Listeners tab is displayed in the Editor pane.
2. To add a listener, click the icon.
  
  The Add New Listener window is displayed.
3. Specify a name to identify the listener you are configuring and then click OK.
  
  The name must be a unique alphanumeric value.
  
  The listener configuration fields are displayed in the Editor pane.
4. Specify the following:
  - Address Type: The address type of the interface where the listener is going to listen for requests.
    
    To provide the IP address of the system where you installed the LDAP Proxy, select IPv4 or IPv6.
    
    To provide the domain name of the system where you installed the LDAP Proxy, select DNS.
  - Address: The value of the IP address or domain name, depending on the address type you have specified.
  - Protocol: Specify either ldap or ldaps.
  - Port: The port number of the listener interface.
  - Certificate File Name: The name of the certificate file, if the protocol specified is ldaps.
    
    Ensure that you have placed the certificate file in the /etc/opt/novell/ldapproxy/conf/ssl/private directory.
5. Add more listeners, repeat Step 5.b to Step 5.d.
6. Click Provisioning > Save to save your changes.
To add back-end servers:
1. Click the Backend Servers option in the Project Explorer pane.
2. To add a back-end server, click the icon.
  
  The Add New Backend Server window is displayed.
3. Specify a name to identify the back-end server you are configuring and click OK. The name must be a unique alphanumeric value.
  
  The back-end server configuration fields are displayed in the Editor pane.
4. Specify the following configuration details:
  - Address Type: The address type of the interface through which the directory server receives the requests from LDAP Proxy.
    
    NOTE:All mandatory fields are marked in red.
    
    To provide the IP address of the LDAP directory server, select IPv4 or IPv6.
    
    To provide the domain name of the LDAP directory server, select DNS.
  - Address: The value of the IP address or domain name, depending on the address type you have specified.
  - Protocol: Specify either ldap or ldaps.
    
    If you specify the protocol as ldaps, it is mandatory to place the certificate file in the conf/ssl/trustedcert directory.
  - Port: The port number of the interface.
  The following optional fields can also be configured to enhance the performance of the back-end server:
  - Maximum Connections: The maximum number of connections that could be handled by the back-end server.
  - Capability: The capability of the back-end server relative to the other servers. For example, if the capability of a back-end server is 2, it can be loaded two times more than the other servers.
  - Connection Pool: Specify if a connection pool must be created. If you select this field, then specify the pool size value in the Start Pool Size field.
  - Start Pool Size: The number of connections to be created so that the connections can be reused for incoming requests. The value must always be less than the maximum connections value.
  - Use Anonymous Login: Specify if anonymous login is required to create a connection pool. If anonymous bind is disabled on a particular server, then to nullify the connection identity you must specify the User Distinguished Name (user DN) in the associated Bind DN field.
  - Bind DN: The Bind DN to be used to nullify a connection identity.
  - Health Check: Whether a health check must be performed to detect a slow server. If you select this field, you must specify the Bind DN and Maximum Response Time.
  - Bind DN: The User DN on which the health check must be performed.
  - Maximum Response Time: The maximum time within which a bind request must receive a response.
5. Specify the time interval for performing a health check on all the back-end servers:
  1. Click the drop-down list.
  2. Specify the time interval for performing health checks to detect slow or unavailable back-end servers. By default, the value is 60.
6. To add more back-end servers, follow Step 6.b to Step 6.d.
7. Click Provisioning > Save to save the changes.
To add back-end server groups:
1. Click the Backend Server Groups option in the Project Explorer pane.
  
  The Backend Server Group tab is displayed.
2. To add a server group, click the icon.
  
  The Add New Server Group window is displayed.
3. Specify a name to identify the back-end server group you are configuring and click OK.
  
  The name must be a unique alphanumeric value.
  
  The back-end server group configuration is displayed in the Editor pane.
4. Specify the following:
  - Load Balancing: Specify whether the type of load balancing is Connection Based or Dynamic.
  - Selected Servers: The back-end servers to be defined in the server group. You can use the arrow buttons to sort servers between the Selected Servers and Available Servers lists.
    
    The back-end servers configured in a group must host the same DIT.
5. To add more server groups, repeat Step 7.b to Step 7.d.
6. Click Provisioning > Save to save the changes.
To use this configuration file to configure LDAP Proxy:
1. Rename the newly created XML file as nlpconf.xml.
2. Place the nlpconf.xml file in the /etc/opt/novell/ldapproxy/conf directory on the machine where you installed LDAP Proxy.
  
  The default nlpconf.xml file is replaced with the newly created configuration file.

IMPORTANT:NLPManager is not recommended to configure LDAP Proxy for complex scenarios. NLPManager should only be used for monitoring the LDAP events. You must define your configuration manually in the nlpconf.xml file.