Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsConsumer electronicsDIRECTORY SERVER 7.1 SP7 - S
51525354555657585960
Installing or Upgrading NetIQ eDirectory on Windows 57
Based on the results obtained from the health checks, the upgrade will either continue or exit as
follows:
If all the health checks are successful, the upgrade will continue.
If there are minor errors, the upgrade will prompt you to continue or exit.
If there are critical errors, the upgrade will exit.
See Appendix B, “eDirectory Health Checks,” on page 119 for a list of minor and critical error
conditions.
Skipping Server Health Checks
To skip server health checks, disable server health checks when prompted in the installation wizard
For more information, see Appendix B, “eDirectory Health Checks,” on page 119.
3.6.3 Communicating with eDirectory through LDAP
When you install eDirectory, you must select a port that the LDAP server monitors so that it can
service LDAP requests. The following table lists options for various installations:
Port 389, the Industry-Standard LDAP Clear-Text Port
The connection through port 389 is not encrypted. All data sent on a connection made to this port is
clear. Therefore, a security risk exists. For example, LDAP passwords can be viewed on a simple bind
request.
An LDAP Simple Bind requires only a DN and a password. The password is in clear text. If you use
port 389, the entire packet is in clear text. By default, this option is disabled during the eDirectory
installation.
Because port 389 allows clear text, the LDAP server services Read and Write requests to the Directory
through this port. This openness is adequate for environments of trust, where spoofing doesn't occur
and no one inappropriately captures packets.
To disallow clear passwords and other data, select the Require TLS for Simple Bind with Password
option during installation. As part of default configuration, the ports numbers for clear text and SSL
are set to 389 and 636.
Scenario: Require TLS for Simple Bind with Password Is Enabled: Olga is using a client that asks
for a password. After Olga enters a password, the client connects to the server. However, the LDAP
server does not allow the connection to bind to the server over the clear-text port. Everyone is able to
view Olga's password, but Olga is unable to get a bound connection.
Installation Option Result
eDirectory 8.8 Clear text (port 389) Selects port 389.
eDirectory 8.8 Encrypted (port 636) Selects port 636.
eDirectory 8.8 Require TLS for simple bind Keeps (on the LDAP Group object) a
parameter asked about during
installation.