Novell eDirectory ™ Administration and Management Using iManager Sophia K Johnson Software Engineering Manager Novell, Inc. Wayne Long Senior Software Engineer Novell, Inc.
Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
Deployed Versions Novell eDirectory ™ and Novell Directory Services ® (NDS) Product VersionBuild VersionPlatforms NetWare 5.1 SP4 (NDS 7)DS.nlm v7.57NetWare 5.1 NetWare 5.1 SP 4 (NDS 8)DS.nlm v8.79NetWare 5.1 eDirectory 8DS.nlm & DS.dlm v8.79NetWare 5.0,Win NT/2K eDirectory 8.5.xDS v85.23NetWare 5.x,Win,Solaris NetWare 6 (eDirectory 8.6)DS.nlm v NetWare 6 eDirectory 8.6.1DS v NW 5.1,NW 6,Win,Solaris,Linux NetWare 6 SP1 (eDirectory 8.6.2)DS.nlm v NetWare 6 eDirectory 8.6.2DS v103xx.xxNW 5.1,NW 6,Win,Solaris,Linux eDirectory 8.7DS v10410.xxNW 5.1,NW 6,Win,Solaris,Linux,AIX
Differences Between eDirectory and NDS ® NetWare 6 NetWare NDSeDirectory NOS directory focused on managing NetWare ® servers A cross-platform, scalable, standards-based directory used for managing identities that span all aspects of the network—eDirectory is the foundation for eBusiness NetWare 5
Agenda Architectural overview Architecture overview eDirectory administration using iManager Install Role-based services eDirectory management eDirectory utilities eGuide—self-administration
Agenda (cont.) Role-based services in-depth Schema Administration Admin provisioning End user provisioning Scope Administration hierarchies Best practices
Agenda (cont.) Using the Template Task Builder Extending the schema Creating a plug-in Task Book Demonstration
Terminology eMFrame Directory Management Framework (Framework) Plug-ins Content that extends eMFrame RBS Role-Based Services Scope The container and/or sub-containers where rights are granted RBS Collection The container where Roles and Tasks are stored in the directory
Terminology (cont.) eDAS eDirectory Access Service Template Contains the HTML UI code Property Object Data returned from the directory Self-Administration The ability to edit/manage your own directory attributes
Architectural Overview
eMFrame Is Client/Server Based Request Response Client Server
Client/Server Model (cont.) Request Response ClientServer - NetWare - NT - Win Solaris - Linux - PC - Pocket PC - Phone
Client/Server Model (cont.) Request Response Client Server - OS - Web Server - Java Servlet Gateway - iManager - PC - Pocket PC - Phone - PDA - Other Client UI (HTML, HDML, WML, Web Clippings, Compact HTML)
Middleware Server/eDirectory Request Response - iManager - eMFrame - eMBox Protocols LDAP, NDAP, SOAP eDirectory
Novell iManager Architecture iManager (eMFrame) LDAP Plug-in Schema Manager Plug-in ICE Plug-in DSMerge Plug-in DSRepair Plug-in Backup/Restore Plug-in eDir SDK eMBox SDK DHost Process ServerWeb Server LDAP eMBox HTTP Stack SOAP Service... Service Manager Merge eMTool Repair eMTool Backup/Restore eMTool eDirectory
iManager Web Server Configuration iManager installs Apache and Tomcat if a web server is not present (on Windows) eMFrame.cfg contains all configurable settings for iManager, for example Default login information (tree name and context) Log file location, size, and duration Other settings necessary for iManager to run iManager can run with other web servers and Servlet gateways
Web Security Authentication is passed from the client to the middleware server If you are running outside a firewall, HTTPS needs to be enabled on your web server Temporary cookies need to be turned on in your browser to prevent hijacking Some LDAP plug-ins require LDAP SSL to be enabled and will not work, if SSL is not on? LDAP SSL setting can be turned on or off in the eMFrame.cfg
Role-Based Services
Role-Based Schema eMFrame uses the Role-Based Service (RBS) schema extension definitions
The defined schema objects are rbsCollection rbsModule –rbsBook –rbsTask rbsRole –rbsScope Role-Based Schema Objects
rbsCollection Object Top most container for all RBS objects There can be multiple collections in a tree Users are assigned as an owner of a collection to allow management of RBS Containment Country Domain Locality Organization Organizational Unit
rbsRole Object Container object that represents a role Tasks and books are assigned to a role Members are associated to a role in a specific scope of the tree A member can be a User, Group, Organization or OU Containment rbsCollection
rbsModule Object Container object that holds task and book objects Use product as name For example: NMAS, PKI, NSSO Containment rbsCollection
rbsTask Object Leaf object that describes the behavior of a task Entry point to invoke the task Parameters string for miscellaneous data to perform the task List of attributes that rights are assigned to perform the task Back link to all roles the task is assigned to Containment rbsModue
rbsBook Object Leaf object that describes a book Entry point to launch the book Parameters string for miscellaneous data for the book List of page attributes that are assigned rights for the book
rbsBook Object (cont.) Back link to all roles the book is assigned List of pages assigned to the book Object class types the book supports Containment rbsModule
rbsScope Object Inherits from Group Leaf object used for ACL assignments instead of making assignments for each User object User objects are assigned to the rbsScope object Has a reference to the scope it is associated with
How Administration Hierarchies Work The “super admin” assigns roles and tasks to different administrators, depending on their job functions Those administrators only see the roles and tasks they are assigned Benefits Limited UI Small learning curve Division of labor Cost savings
Setting Up Administration Hierarchies Whoever installs iManager is given the super admin role Assigned to all roles and tasks Assign the roles and tasks to various administrators— depending on their job function
Flow of Administration Hierarchies “Super admin” End users/self-administration with eGuide Help deskeDirectory adminsiPrint admins
Tree View of Administration Hierarchies Role Based ServicesGroupsUsers iPrint Admins Help Desk eDirectory Admins Module Book Task Role Scope Self-Administration Foo Tree
Setting Up Administration Hierarchies
Novell iManager Content
iManager—Install InstallAnywhere Cross-platform Linux, Solaris, NetWare, Windows, AIX Detects the presence of a web server and servlet gateway On Windows, installs Apache and tomcat 3.3a if a web server and Servlet gateway are not present
iManager Framework(eMFrame) eMFrame provides the following functionality for plug-ins Search and Browse mode for Object Selection Advanced Selection Multiple Object Operations (MOO) Template Task (Plug-in builder) Role-Based Administration Property Book Navigation
iManager eDirectory Administration eDirectory Management Plug-ins User management Group management LDAP Server management Password management Rights management Dynamic Groups management Auxiliary Class management Partition and Replication management Base Schema Object management
iManager eDirectory Utilities iManager eDirectory utilities: Repair Merge Backup and restore ICE WanMan
iManager/eGuide Self-Administration iManager manages eGuide Self-Administration eGuide consumes the assigned Roles and Tasks eGuide is an eDirectory enabled end user self provisioning tool that allows users to quickly access directory information Corporate White Pages With RBS, eGuide now empowers users to edit information, without carnal knowledge of directories
iManager Content demonstratio
Custom Content
iManager at Work at Mt. Sinai Novell Consulting Custom Development (NCCD) has built a custom browser-based console for Mt. Sinai called Web Console Web Console is based on Novell’s iManager—it allows administrators to add and edit users in eDirectory, while maintaining the strict control of data rules and formatting Mt. Sinai requires
DirXML ™ Project Overview
DirXML Project Overview In order to create the central user and group object repository for all synchronized directories the new (third) NDS tree, Workforce tree was created—It is a flat tree, containing users, groups and template objects only The Workforce tree will act as the smart meta-directory that will be the central source for all information consolidated from the other directories and applications— All the user administration will originate from the WKF tree All modifications will be synchronized to the main NOS infrastructure (INF) tree
Workforce Tree
Template Task What is the Template Task? Builds template files for developers and admins Supports most standard syntaxes Example: Boolean, Strings, Lists, Interval, etc. Can be extend by developers to handle to attributes or syntaxes Uses eDirectory Access for reading and writing data to the directory
Task Builder What is the Task Builder? Dynamic Plug-in creation Supports most standard syntaxes Example: Boolean, Strings, Lists, Interval, etc. Uses eDirectory Access to read and write data to the directory Provides a step-by-step wizard Install the new plug-in, into the directory
Customer Scenario Scenario Company Foo customizes eDirectory to fit their needs by extending the directory and adding the following objects fooManager, fooEmployee, fooContractor, fooExec How are they going to manage these new object? Novell iManager
Create Custom Content Step 1 Extend schema using Schema Manager Step 2 Create the object in eDirectory Step 3 Create a plug-in using the Template Task Select the object type, device and task or property book type Select the attributes Position the labels Preview Assign to a book or a role
demonstratio Creating Custom Content
Getting More Information: Brainshare 2002 IO116 iManager Introduction and Overview DCB202 Developing to Novell iManager IO123 eGuide Introduction and Overview TUT340 Expose the Power of eDirectory Using Novell eGuide: Advanced Configuration and Customization BUS201 Creating Custom User Management Plug-ins for iManage TUT231 Tips and Tricks for Using eDirectory Utilities TUT234 Keeping Your Business Online with eDirectory Backup and Restore