Changing the Default Port Setting
The LDAP port is set during Directory server installation. This value can be changed in the baseurl parameter. Example 2.2 shows the syntax used to specify a port number that is different than the default port number of 389.
Example 2.2 Changing LDAP port in the baseurl parameter
baseurl "ldaps://dirserver.airius.com:3000/o%3Dairius.com"
Setting Up the Directory Manager
When the Directory server is installed, the Directory Manager is by default set to the root DN. The Directory Server 4.0 installation requires a root DN. If no root DN was configured when the Directory server was installed, then no default Directory Manager is configured for the gateway.
Note.
For security reasons, Netscape recommends setting the Directory Manager to an entry other than the root DN.
Configuring the Directory Manager DN
Use this procedure to configure the gateway Directory Manager to reference the correct DN.
Create an entry for the Directory Manager, making sure to set a password for the entry.
Set the permissions for the Directory Manager so that it has read and write authority for the entries it manages.
When necessary, change the dirmgr parameter to refer to the Directory Manager's distinguished name.
Note.
End users frequently forget their passwords, so give the Directory Manager write access to the userPassword attribute for the entries it manages.
The dirmgr parameter is described in "dirmgr" on page 83. Creating directory entries is described in the Netscape Directory Server Administrator's Guide.
Authenticating as Directory Manager
Figure 2.3 shows the authentication login screen for the default gateway. Administrators can use it to authenticate as the Directory Manager. The Authenticate as Directory Manager button is displayed only when a Directory Manager has been configured for the gateway.
The authlifetime parameter, which defines the number of seconds that a user may remain authenticated, is described in "location" on page 85.
Figure 2.3 Authenticating as Directory Manager
Setting up the Suffix for Adding Entries
The location-suffix parameter is defined in dsgw.conf, and identifies the suffix under which the gateway creates new entries in the directory. The location-suffix parameter can point to any suffix in a directory.
Setting the location-suffix parameter is described in "include" on page 85. The Netscape Directory Server Administrator's Guide describes the Suffix parameter and provides syntax examples. Setting the root suffix is also described in the Netscape Directory Server Installation Guide.
Setting Up SSL Support
When the Directory server is installed, the gateway is configured to communicate with the Directory server using a non-SSL host name and port number. This information is stored in the baseurl parameter.
Configuring the gateway to use SSL when communicating with the Directory server requires modification of the securitypath and baseurl parameters in dsgw.conf.
Enabling SSL communications on the Directory Server is described in the Netscape Directory Server Administrator's Guide. Information about managing key and certificate databases is provided in Managing Netscape Servers.
Configuring the Gateway to Use SSL
The syntax in Example 2.3 shows the securitypath parameter specifying the location of the certificate database.
Example 2.3 Specifying the Path for Certificate Database
securitypath "/export/TEST/alias/cert.db"
The syntax in Example 2.4 shows the baseurl parameter configured to use ldaps (instead of ldap, the default) and standard SSL port number 636.
Example 2.4 Specifying SSL Communication
baseurl "ldaps://dir.airius.com:636/o%3Dairius.com"
Note.
Before configuring SSL, verify that the gateway's Certificate database contains a server certificate or Certificate Authority certificate needed to communicate with the Directory Server.
See Also
"baseurl" on page 80
Setting Up Localization
There are two considerations for configuring the gateway character set: the directory contents and the HTTP clients. The ideal character set supports all the characters in the directory, and is displayed properly by all HTTP clients. UTF-8 best supports the Directory Server's internal character (which is UTF-8). However, HTTP clients that are not designed for localization may display UTF-8 poorly.
If a single character set works well for most gateway users, define it using the charset parameter in the gateway's .conf file. For users who require a character set that supports another language, create the appropriate ../dsgw/LANG/dsgwcharset.conf file (where LANG represents a language, such as "en" or "fr") and configure the HTTP clients for these users to specify their language in the HTTP Accept-language header.
Setting the language and character set for communication with HTTP clients is described in Chapter 3, "Gateway Localization"
Setting Locations and newtypes
See Also
"Mapping Locations and Entry Types" on page 48
Setting vCard Properties
Mappings between VCARD properties and LDAP attribute type are described in "vcard-property" on page 90.