Submitted as a Cool Solutions tip
Found this very interesting as we actually answered this in Novell's public forum, almost word-for-word.
With eDirectory 8.8, users can configure LDAP Server to listen on a one or all IP addresses configured on the machine. LDAP Server in eDirectory 8.8 SP2 has been enhanced to listen on specific IP address by configuring the ldapInterfaces attribute.
ldapInterfaces is a multi-valued string attribute used to store IP addresses and port numbers in a format that resembles the LDAP URL. The LDAP server listens on these IP addresses and ports for both clear text and secure ports.
The representation of the ldapInterfaces attribute is upgraded in eDirectory 8.8 SP2. In the eDirectory 8.8 and 8.8 SP1 versions, the ldapInterfaces takes the value of one IP address or "*". The "*" value makes the LDAP Server listen on all the IP addresses configured in the machine.
With eDirectory 8.8 SP2 onwards, the ldapInterfaces attribute is enabled to listen on multiple IP address/ hostnames, each separated by a space. The default value of ldapInterfaces is "ldap:// ldaps://". This means LDAP server listens on all the IP addresses configured in the machine.
For example: To configure an instance of LDAP Server to listen on two IP addresses (for both clear text and secure port) and the loopback address of a machine, follow the steps below:
Using iManager or ldapconfig, modify the ldapinterfaces attribute in the LDAP Server object to add the following:#
ldap://192.168.1.1:389 ldaps://192.168.2.1:636 ldap://192.168.100.101:389 ldaps://192.168.100.101:636 ldap://127.0.0.1:389 ldaps://127.0.0.1:389
For example:#
ldapconfig -s "ldapinterfaces=ldap://192.168.1.1:389 ldaps://192.168.2.1:636 ldap://192.168.100.101:389 ldaps://192.168.100.101:636 ldap://127.0.0.1:389 ldaps://127.0.0.1:389" -a cn=admin.o=acme.com -w secret
Disable the port 389 and 636 in the LDAP Server.#
The server continues to listen on all the interfaces in the machine if cleartext or TLS ports in the LDAP Server object are not disabled.For example:
ldapconfig -s "LDAP Enable TCP=No" -a cn=admin.o=acme.com -w secret ldapconfig -s "LDAP Enable SSL=No" -a cn=admin.o=acme.com -w secret
Note: If you did NOT use iManager (which does an automatic refresh) to configure the server, it is important to refresh the LDAP Server using the following command:
ldapconfig -R -a cn=admin.o=acme.com -w secret