Re: LDAP AUthentication on Netware

["Mark H. Wood" <mwood@IUPUI.Edu>]

My knowledge stops with Netware 4 (alas!) but if v6 is still sufficiently
like it then what you need is to make your directory look enough like NDS
that your servers will recognize it and offer to use it.  IIRC this
wouldn't have been possible in v4 as Netware still used the NDS-specific
APIs, but I'm under the impression that this should have changed by now.

The problem is analogous to getting Windows to treat your
directory+Kerberos as ADS, but the methods will be different.  (And like
the ADS problem, most of it isn't specific to OpenLDAP or even LDAP.)

There's extensive documentation of the NDS schema, and how Netware uses
it, in Novell's SDK.  One bit that may not stand out is that Netware uses
SLP to locate directory servers, so you'll need to set that up.

Another particularly interesting area is the authentication itself.  I
believe that Netware uses X.509 certificates as attributes of the user
objects for this, but I've not come across precise details of how it
works.  There are probably a lot of ways to configure a certificate which
is valid but won't work with Netware.

I would suggest asking some Netware programming lists or newsgroups, but
last time I looked there weren't any.  The big emphasis on programming
w.r.t. Netware these days is on XML and Java anyway.

It sounds like a fascinating project.  Do let us know how it works out.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".