Download presentation
Presentation is loading. Please wait.
2
Managing Mac OS X with Novell eDirectory
Dan Sinema Novell BrainShare 2004 March 22, 2004
3
Powerful Foundation UNIX based Standards Open source Security
4
The Best Foundation
5
The Best Foundation Secure Scalable Open standards High performance
Rock-solid stability Advanced networking
6
Built on Standards
7
Native Support for Standard Networks
File Printing Home Directory Web Database Mail Security Media IPP LPR PDF HTTP SSL SOAP POP3 IMAP4 SMTP Kerberos SASL AES MPEG-4 MP3 AAC NFS WebDAV LDAPv3 NIS ODBC JDBC NFS
8
Open Source in Mac OS X
9
Open Source in Mac OS X Kernel Networking File systems
Commands and libraries Rendezvous Open Directory KHTML Common Data Security Architecture (CDSA) Common UNIX Printing System (CUPS)
10
Open Source
11
Security
12
Secure Designed from the ground up Open, UNIX based Secure setup
Easy updates Fast response Privacy controls
13
Walter Mossberg, October 23, 2003
“Windows is riddled with security flaws, and new ones turn up regularly. It is increasingly susceptible to all kinds of viruses, malicious Trojan horse programs and spyware…” “...there’s a simple way out of this endless morass: Buy an Apple Macintosh computer.” Walter Mossberg, October 23, 2003
14
6,800 Native Applications
15
Application Development Communities
16
8.5 Million Active Users
17
Mac OS X Architecture
18
Power of UNIX. Simplicity of Mac.
19
Mac OS X Architecture
20
Mac OS X Foundation The Power of UNIX Kernel Networking File Systems
Utilities & Libraries
21
Mach 3 Kernel Performance, stability, scalability
Preemptive multitasking Symmetric multiprocessing Dynamic memory management Protected memory Real-time scheduling Unified buffer cache
22
Next-Generation Internet
Automatic Networking Next-Generation Internet Internet Internet Internet Virtual Private Network (VPN) DSL and Cable Modem PPTP/L2TP IPv4 IPv6 PPoE Wired 10/100/1000 Mbps Wireless 802.11g/b (Wi-Fi) Ethernet
23
Network File Systems SMB/CIFS NFS FTP/WebDAV AFP Apple servers
Windows servers SMB/CIFS NFS UNIX and Linux servers FTP/WebDAV Internet AFP
24
Command-Line Interface
FreeBSD 5 Commands and utilities Shells Editors Scripting languages
25
Familiar UNIX-Based Environment
Commands ls, cp, mv, rm, cat, echo, chmod, cd, pwd, mkdir, rmdir, ln, ps, kill, etc. Utilities grep, ssh, diff, rsh, top, passwd, lpr, lpq, cron, rsync, ftp, whoami, etc. Shells csh, bash, tsch, zsh Scripting languages perl, python, tcl, ruby, php Editors ed, emacs, vim, pico, sed
26
Powerful core technology
Mac OS X Foundation The Power of UNIX Kernel Networking I/O File Systems Utilities & Libraries Familiar UNIX-based environment Powerful core technology Plug-and-play peripherals Easy file sharing Compatible
27
System Services
28
Mac OS X Architecture
29
System Services Directory Security
30
Directory
31
Open Directory in Every Mac
Holds user and system information Managed preferences Authentication Home directory Permissions Open Directory
32
Managed Preferences Access control Authentication
Hide “Sleep,” “Restart,” and “Shutdown” Authentication Access control
33
Managed Preferences Dock preferences Desktop settings
Finder preferences Fast User Switching Applications on the Dock System preferences Restart and Shut Down Software Update View options Printers and print quotas
34
Managed Preferences Servers FireWire drives iDisk Removable media
Eject and burning Home directory
35
Open Directory Architecture
Designed to fit in Supports LDAP-based directories Active Directory BSD configuration files and NIS Public schema format based on RFC 2307 Open APIs
36
Open Directory Architecture
Built into every Mac User applications, system functions, server processes Applications Open Directory API Authentication API Directory services process Network Directory and Authentication Services lookupd Directory Service Framework Security Framework Netinfo NIS Schema LDAPv3 Schema custom map Active Directory schema Crypt, NTLM, Kerberos, SASL Directory access and authentication schema Local Netinfo database Network authentication authority Network directory server
37
Open Directory on the Server
38
Compatible Automatic discovery Schema mappings Map /etc files to local
SunOne Directory Server Open LDAP (Linux) Mac OS X Open Directory IBM Directory Server Novell eDirectory Automatic discovery Schema mappings Map /etc files to local Open Directory
39
Simple and Scalable Management
A directory-enabled operating system Consolidates user and system data Easy to centralize on a server Plugs into any network
40
Security
41
Security built in from the start
Safety by Design Security built in from the start
42
Open Source Means Tight Security
Culture of security Extensive peer review Proactive, not reactive Faster reaction time
43
Conservative defaults and security policies
Secure Setup Conservative defaults and security policies Services off and ports closed Root account disabled New users “standard,” not “admin” Authentication to install applications and change settings Safe mail attachment handling
44
Fast Response Process PGP Signed code Email notification
Software Update Website
45
Core Security Services
CDSA 2.1 architecture System and third-party applications Password management and security features for applications CDSA Consistent Security Services Open source Plug-in modules Encryption Algorithms Certificate Standards Extensible
46
Network Security VPN Internet ipfw Built-in firewall PPTP, L2TP
SSL, SSH Wireless 802.1X (TLS, TTLS, LEAP, PEAP)
47
Strong Authentication
Long user name and passphrase Unified authentication for: Login, wake, and screen saver Changing system settings Single sign-on Authentication for application installation Cached accounts for mobility System keychain
48
Wide Choice of Authentication Methods
UNIX Pluggable Authentication Module (PAM) Local single sign-on Open Directory Active Directory Kerberos single sign-on Smart card support
49
Easy-to-Manage Security
Powerful options Security preference pane Trusted startup Password to wake Automatic logout Keychain Master password Certificate management Cached authentication
50
Security built in from the start
Safety by Design Security built in from the start Open source Secure setup Fast response updates Powerful security architecture Strong data and network security Easy management
51
Simple and scalable management
System Services Directory Security Simple and scalable management Safety by design
52
Mac OS X & eDirectory
53
LDAP Schema
54
Apple Schema Extensions
Designed to extend Apple’s Schema available on every Mac OS X workstation and server File apple.schema located in /etc/openldap/schema Adds 16 object classes (6 auxiliary object classes) Adds 49 attributes notes here
55
Object Classes Designed to extend Auxiliary (Non-effective) apple-user
apple-group apple-machine Structural (Effective) mount apple-computer apple-computer-list notes here
56
Extending the eDirectory schema
LDAP OpenLDAP tools ldapmodify Novell tools ICE iManager ConsoleOne notes here
57
ldapmodify Command to Extend Schema
notes here ldapmodify -v -h <server ip> -D “<admin dn>” -W -x -f <local path to LDIF file>
58
Mapping Mac OS X attributes to eDirectory attributes
LDAPv3 Directory Access application /Applications/Utilities LDAPv3 plug-in Authentication notes here
59
Attribute mappings needed for basic login
Mac OS X eDirectory Object Class RecordName uid, cn inetOrgPerson RealName fullName, cn UniqueID uidNumber posixAccount PrimaryGroupID gidNumber NFSHomeDirectory homeDirectory notes here
60
Attribute mappings needed for Management
Mac OS X eDirectory Object Class HomeDirectory apple-user-homeurl apple-user MCXFlags apple-user-mcxflags MCXSettings apple-user-mcxsettings notes here
61
Config Object LDAP Created for user/group management
Admin defined location in eDirectory Name of object is mcxcache notes here
62
Management Data LDAP apple-user-mcxsettings
XML data for managed preferences apple-user-mcxflags XML data that defines if the user/group is managed notes here
63
Home Directories AFP 3.1 Netware 6.5 optimal Universal Passwords
Netware 5.x/6.x Simple Passwords AFP Guest access turned on restrict guest account in eDirectory with IRFs notes here
64
Configure User for LDAP queries
LDAP Binds Create user account in eDirectory read, write, browse, compare Limit access to container with IRFs Anonymous binds Configure proxy user (Novell TID # ) notes here
65
SSL encrypted LDAP openssl eDirectory 8.7 or greater
RootCert.der from SYS:\PUBLIC Convert to PEM format with openssl tools Set file permission to read-only for all users (Mac OS X) Add TLS_CACERT to ldap.conf file locate in /etc/openldap on Mac OS X workstations notes here
66
Openssl Command to Convert Certificate
notes here openssl x509 -inform DER -outform PEM -in <path to RootCert.der> -out <path to RootCert.pem>
67
Tips for Successful Integration
Tips & Hints Start small Basic mappings, use dscl to confirm Use LDAP browser to confirm data and right to data are correct Configure SSL last notes here
68
Demonstration
70
Q&A
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.