Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
919293949596979899100
Chapter 8 Troubleshooting LDAP Servers and the AMC Working with the AMC
Advanced Technical Reference Guide 4.1 June 2000 87
Working with the AMC
Before Starting the Account Management Client
The LDAP Server must be running in the background before starting the AMC. The server and AMC must bind
with each other before being able to talk to one another.
Before starting the AMC, you must do the following:
1. Confirm that Use LDAP Account Management is checked in the Security Policy GUI Properties Setup
window LDAP tab.
2. Confirm that User Management is checked on the Account Unit’s General tab.
3. Check that the LDAP server is accessible from the VPN/FireWall Module machine (e.g. no rule prevents
the access, routing, etc.)
4. Confirm that there is a VPN-1/FireWall-1 workstation object with the IP address of your LDAP server.
5. Confirm that there is a VPN-1/FireWall-1 server object for an LDAP server using the LDAP Account
Unit.
6. In Login DN (Account Unit’s General tab), use the same logon DN that you created when you created the
Netscape LDAP server (cn=loginname…). Note that the DN is case sensitive.
You may need to edit the AMC.properties file, in order to ensure compatibility between the Account
Management Client and the particular version of the LDAP server. (See Ensuring compatibility between the
AMC and the specific LDAP server on page 84,).
The Organizational Unit
An organizational unit is created to hold lists of users, groups and templates. After connecting to the LDAP
server, the AMC shows organizational units, users, groups, and templates to exist as part of the LDAP database.
Likewise, if users and organizational units are created in the LDAP server itself, they will also appear in the
AMC.
Warning: “ou=” is implied. Do not type it. If you type it (for example, “ou=Accounting”), then the
organizational unit’s name will include “ou=” (for example, “ou=ou=Accounting”).
Deleting an Organizational Unit
You cannot delete an organizational unit using the AMC. You must use the ldapmodify utility, as follows:
To delete the organizational unit from the AMC:
1. Start the appropriate command-line interface.
2. Locate ldapmodify.exe (Windows) or ldapmodify (Solaris).
3. Enter the following command at the prompt:
ldapmodify -h <host> -d “<login DN>” -w <bind password>
ldapmodify will wait for input statements terminated by CNTRL-D.
4. To delete a branch, enter the following statements with this syntax (The ou object can be any DN starting
with ou):
dn: ou=name,o=name