This section describes how to setup a basic LDAP Proxy configuration and establish communication among the components that constitute the LDA Proxy environment.
The initial setup for LDAP Proxy consists of installing LDAP Proxy files and NLPManager and configuring the proxy settings for your directory server in the nlpconf.xml file. LDAP Proxy bundles a sample nlpconf.xml file with the installation package located in the /etc/opt/novell/ldapproxy/conf directory.
LDAP Proxy can be customized by configuring additional listeners, back-end servers, back-end server groups, and policies.
Listener: The IP address and the port number where the proxy listens for incoming requests. By default, LDAP Proxy is configured to listen on all interfaces. However, you can customize it to listen only on specific interfaces.
Back-end server: The IP address or domain name and port number of the system on which the back-end server is installed. At least one back-end server must be configured. However, if you plan to facilitate load balancing and fault tolerance, a minimum of two back-end servers must be configured.
Connection route policy: Specifies where the connections are to be routed to. A minimum of one Connection Route policy must be configured. For more information, see Accepting or Denying a Client Connection (Client Network Policy) in the NetIQ LDAP Proxy 1.6 Administration Guide.
The <list-policy> node in the nlpconf.xml file contains a sample Connection Route policy that defines where LDAP Proxy must route the incoming connections. Do not delete this node because there must be at least one Connection Route policy defined in the minimum configuration.
You can also define additional policies to customize LDAP Proxy to filter requests, map schemas, and so on. Optionally, you can also define the proxy paths and monitoring events. After modifying the nlpconf.xml file, save the file and start the nlpd service for the changes to take effect.
LDAP Proxy can be configured on both secure and non-secure ports. The following sections provide instructions for enabling secure and non-secure connections for your back-end directory that you plan to connect to. Perform the following tasks to bring your LDAP Proxy server up and running:
Configure LDAP Proxy on a secure port. To achieve this, you must configure at least one Listener and Back-end server on a secure port. For more information on how to configure listener on a secure port, see Configuring Listener on a Secure Port in the NetIQ LDAP Proxy 1.6 Administration Guide.
Similarly you can configure Back-end server on a secure port. For more information, see Configuring Back-End Server on a Secure Port in the NetIQ LDAP Proxy 1.6 Administration Guide.
Configure LDAP Proxy on a non-secure port. To achieve this, you must configure at least one Listener and Back-end server on a non-secure port. For more information on how to configure listener on a non-secure port, see Configuring Listener on a Non-Secure Port in the NetIQ LDAP Proxy 1.6 Administration Guide.
Similarly you can configure Back-end server on a non-secure port. For more information, see Configuring Back-End Server on a Non-Secure Port in the NetIQ LDAP Proxy 1.6 Administration Guide.
Ensure that the communication ports that you want to use are open in the firewall.
NOTE:If you plan to install LDAP Proxy on the same server where eDirectory is installed, ensure that both the products are using different ports to avoid the port conflict.
Install the LDAP Proxy files and NLPManager. For more information, see the following sections:
(Conditional) Customize the basic proxy configuration. For more information, see Configuring LDAP Proxy.
To monitor, analyze, and manage LDAP events, start the NLPManager console. For more information, see Downloading and Running NLPManager.
(Conditional) Configure LDAP Proxy in a cluster environment. For more information, see Section A.0, Configuring a Linux High Availability Cluster for NetIQ Ldap Proxy.