Configuring Ldap Failover Servers - Novell SENTINEL RAPID DEPLOYMENT 6.1 - INSTALLATION GUIDE 12-2009 Installation Manual

For each existing LDAP user, right-click and select User Details and enter the fully
qualified DN of the LDAP user in the LDAP User DN field.
For more information on creating an LDAP user, see
LDAP
Sentinel Rapid Deployment Hotfix 2: Create a domain user with the same username as

the eDirectory username or Active Directory sAMAccountName.
For more information on creating a domain user, see
Domain
You have successfully configured Sentinel 6.1 Rapid Deployment server for LDAP authentication
and the user can log in to Sentinel Control Center and Sentinel Solution Designer by using the
LDAP username and password.

4.9.2 Configuring LDAP Failover Servers

To configure one or more LDAP servers as failover servers for LDAP authentication:
1 Log in to the Sentinel server as
2 Stop the Sentinel service.
/etc/init.d/sentinel stop
3 Change to the
cd <Install_Directory>/config
4 Open the
vi auth.login
5 Update the
each URL by a blank space.
For example:
userProvider="ldap://ldap-url1 ldap://ldap-url2"
For more information on specifying multiple LDAP URLs, see the description of the
userProvider
security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html).
6 Save the changes.
7 Add each failover LDAP server certificate to the keystore that is created in
NOTE: Ensure that you set the necessary ownership and permissions of the certificate file for
each failover severs.
<Install_Directory>/jre64/bin/keytool -importcert -noprompt -trustcacerts
-file <certificate-file> -alias <alias_name> -keystore
ldap_server.keystore -storepass sentinel
where
<alias_name>
IMPORTANT: Ensure that you specify the alias. If no alias is specified, the keytool takes
mykey
specifying an alias, the keytool reports an error that the alias already exists.
46 Sentinel 6.1 Rapid Deployment Installation Guide
Authentication" in the Sentinel 6.1 Rapid Deployment User Guide.
Authentication" in the Sentinel 6.1 Rapid Deployment User Guide.
<Install_Directory>/config
file for editing.
auth.login
in the LdapLogin section to specify multiple LDAP URLs. Separate
userProvider
option in Class LdapLogin Module (http://java.sun.com/javase/6/docs/jre/api/
is the LDAP certificate filename in Base64-encoded format and
<certificate-file>
is the alias name for the certificate to be imported.
as the alias by default. When you import multiple certificates into the keystore without
.
admin
directory:
"Creating a User Account Through
"Creating a User Account Through
Step 8 on page 45.