000024659 - How to configure LDAP synchronization in RSA ACE/Server 5.1 for Novell eDirectory

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000024659
Applies ToRSA ACE/Server 5.1 (no longer supported as of 7-14-2006)
Novell eDirectory
Novell NetWare
IssueHow to configure LDAP synchronization in RSA ACE/Server 5.1 for Novell eDirectory
LDAP Authentication Test Failed
LDAP authentication failed. Check Bind DN and Password.
LDAP connection error - [LDAP bind] Strong authentication required seen in Summary of Run LDAP Synchronization
Data from a network packet trace:
Lightweight Directory Access Protocol
   Message: Id=1  Bind Result
       Message Length: 59
       Result Code: Strong authentication required (0x08)
       Matched DN: (null)
       Error Message: This LDAP server does not accept cleartext passwords
CauseRSA ACE/Server by default does a "simple bind without SSL", and to accept a simple bind without SSL, eDirectory must be configured to accept clear text passwords.

WARNING: Sending passwords in clear text should not be used outside of a secure environment. Please use SSL when connecting for unsecure environments.
Alternatively, the Binding DN and Password are incorrect
ResolutionEnsure the LDAP Server Information and LDAP Authentication details are entered correctly in the Edit LDAP Synchronization form.

LDAP Server Information

- Ensure your LDAP Host field has the current entry along with the port number of your Novell eDirectory

- Ensure you know the tree structure of your Novell eDirectory to provide the correct Base DN e.g. OU=Customer Support,O=RSA Security

- LDAP Server Type is Novell

- Ensure the ACEUTILS/toolkit/novell.map file is correctly configured to extract the data you require for importing user information

- LDAP Query Filter is related to the LDAP attributes used in the novell.map file. e.g. a typical filter would be 'sn=*'

For more information, see the solution titled How to writeLDAP query filterin RSA ACE/Server for an LDAP Synchronization job.

default novell.map file:

LDAP Authentication

- The Binding DN is related to the Novell eDirectory tree structure configuration e.g. cn=admin,OU=Customer Support,O=RSA Security

Job Output

- Page 96 in the RSA ACE/Server 5.1 Administrator's Guide provides details on where the Job Output files are located. Also, please refer to an LDAP Glossary for more information on terms used with directory servers.

Novell provides information from their knowledgebase on what to do to when encountering a message "Strong Authentication Required" while doing a simple bind without SSL to Novell eDirectory.

Also, a Novell solution was found at http://support.novell.com/cgi-bin/search/searchtid.cgi?/10013152.htm that explains what changes are required on the Novell eDirectory to allow a simple bind.
Legacy Article IDa45750