Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Mac OS X with Novell eDirectory

Similar presentations


Presentation on theme: "Managing Mac OS X with Novell eDirectory"— Presentation transcript:

1

2 Managing Mac OS X with Novell eDirectory
Dan Sinema Novell BrainShare 2004 March 22, 2004

3 Powerful Foundation UNIX based Standards Open source Security

4 The Best Foundation

5 The Best Foundation Secure Scalable Open standards High performance
Rock-solid stability Advanced networking

6 Built on Standards

7 Native Support for Standard Networks
File Printing Home Directory Web Database Mail Security Media IPP LPR PDF HTTP SSL SOAP POP3 IMAP4 SMTP Kerberos SASL AES MPEG-4 MP3 AAC NFS WebDAV LDAPv3 NIS ODBC JDBC NFS

8 Open Source in Mac OS X

9 Open Source in Mac OS X Kernel Networking File systems
Commands and libraries Rendezvous Open Directory KHTML Common Data Security Architecture (CDSA) Common UNIX Printing System (CUPS)

10 Open Source

11 Security

12 Secure Designed from the ground up Open, UNIX based Secure setup
Easy updates Fast response Privacy controls

13 Walter Mossberg, October 23, 2003
“Windows is riddled with security flaws, and new ones turn up regularly. It is increasingly susceptible to all kinds of viruses, malicious Trojan horse programs and spyware…” “...there’s a simple way out of this endless morass: Buy an Apple Macintosh computer.” Walter Mossberg, October 23, 2003

14 6,800 Native Applications

15 Application Development Communities

16 8.5 Million Active Users

17 Mac OS X Architecture

18 Power of UNIX. Simplicity of Mac.

19 Mac OS X Architecture

20 Mac OS X Foundation The Power of UNIX Kernel Networking File Systems
Utilities & Libraries

21 Mach 3 Kernel Performance, stability, scalability
Preemptive multitasking Symmetric multiprocessing Dynamic memory management Protected memory Real-time scheduling Unified buffer cache

22 Next-Generation Internet
Automatic Networking Next-Generation Internet Internet Internet Internet Virtual Private Network (VPN) DSL and Cable Modem PPTP/L2TP IPv4 IPv6 PPoE Wired 10/100/1000 Mbps Wireless 802.11g/b (Wi-Fi) Ethernet

23 Network File Systems SMB/CIFS NFS FTP/WebDAV AFP Apple servers
Windows servers SMB/CIFS NFS UNIX and Linux servers FTP/WebDAV Internet AFP

24 Command-Line Interface
FreeBSD 5 Commands and utilities Shells Editors Scripting languages

25 Familiar UNIX-Based Environment
Commands ls, cp, mv, rm, cat, echo, chmod, cd, pwd, mkdir, rmdir, ln, ps, kill, etc. Utilities grep, ssh, diff, rsh, top, passwd, lpr, lpq, cron, rsync, ftp, whoami, etc. Shells csh, bash, tsch, zsh Scripting languages perl, python, tcl, ruby, php Editors ed, emacs, vim, pico, sed

26 Powerful core technology
Mac OS X Foundation The Power of UNIX Kernel Networking I/O File Systems Utilities & Libraries Familiar UNIX-based environment Powerful core technology Plug-and-play peripherals Easy file sharing Compatible

27 System Services

28 Mac OS X Architecture

29 System Services Directory Security

30 Directory

31 Open Directory in Every Mac
Holds user and system information Managed preferences Authentication Home directory Permissions Open Directory

32 Managed Preferences Access control Authentication
Hide “Sleep,” “Restart,” and “Shutdown” Authentication Access control

33 Managed Preferences Dock preferences Desktop settings
Finder preferences Fast User Switching Applications on the Dock System preferences Restart and Shut Down Software Update View options Printers and print quotas

34 Managed Preferences Servers FireWire drives iDisk Removable media
Eject and burning Home directory

35 Open Directory Architecture
Designed to fit in Supports LDAP-based directories Active Directory BSD configuration files and NIS Public schema format based on RFC 2307 Open APIs

36 Open Directory Architecture
Built into every Mac User applications, system functions, server processes Applications Open Directory API Authentication API Directory services process Network Directory and Authentication Services lookupd Directory Service Framework Security Framework Netinfo NIS Schema LDAPv3 Schema custom map Active Directory schema Crypt, NTLM, Kerberos, SASL Directory access and authentication schema Local Netinfo database Network authentication authority Network directory server

37 Open Directory on the Server

38 Compatible Automatic discovery Schema mappings Map /etc files to local
SunOne Directory Server Open LDAP (Linux) Mac OS X Open Directory IBM Directory Server Novell eDirectory Automatic discovery Schema mappings Map /etc files to local Open Directory

39 Simple and Scalable Management
A directory-enabled operating system Consolidates user and system data Easy to centralize on a server Plugs into any network

40 Security

41 Security built in from the start
Safety by Design Security built in from the start

42 Open Source Means Tight Security
Culture of security Extensive peer review Proactive, not reactive Faster reaction time

43 Conservative defaults and security policies
Secure Setup Conservative defaults and security policies Services off and ports closed Root account disabled New users “standard,” not “admin” Authentication to install applications and change settings Safe mail attachment handling

44 Fast Response Process PGP Signed code Email notification
Software Update Website

45 Core Security Services
CDSA 2.1 architecture System and third-party applications Password management and security features for applications CDSA Consistent Security Services Open source Plug-in modules Encryption Algorithms Certificate Standards Extensible

46 Network Security VPN Internet ipfw Built-in firewall PPTP, L2TP
SSL, SSH Wireless 802.1X (TLS, TTLS, LEAP, PEAP)

47 Strong Authentication
Long user name and passphrase Unified authentication for: Login, wake, and screen saver Changing system settings Single sign-on Authentication for application installation Cached accounts for mobility System keychain

48 Wide Choice of Authentication Methods
UNIX Pluggable Authentication Module (PAM) Local single sign-on Open Directory Active Directory Kerberos single sign-on Smart card support

49 Easy-to-Manage Security
Powerful options Security preference pane Trusted startup Password to wake Automatic logout Keychain Master password Certificate management Cached authentication

50 Security built in from the start
Safety by Design Security built in from the start Open source Secure setup Fast response updates Powerful security architecture Strong data and network security Easy management

51 Simple and scalable management
System Services Directory Security Simple and scalable management Safety by design

52 Mac OS X & eDirectory

53 LDAP Schema

54 Apple Schema Extensions
Designed to extend Apple’s Schema available on every Mac OS X workstation and server File apple.schema located in /etc/openldap/schema Adds 16 object classes (6 auxiliary object classes) Adds 49 attributes notes here

55 Object Classes Designed to extend Auxiliary (Non-effective) apple-user
apple-group apple-machine Structural (Effective) mount apple-computer apple-computer-list notes here

56 Extending the eDirectory schema
LDAP OpenLDAP tools ldapmodify Novell tools ICE iManager ConsoleOne notes here

57 ldapmodify Command to Extend Schema
notes here ldapmodify -v -h <server ip> -D “<admin dn>” -W -x -f <local path to LDIF file>

58 Mapping Mac OS X attributes to eDirectory attributes
LDAPv3 Directory Access application /Applications/Utilities LDAPv3 plug-in Authentication notes here

59 Attribute mappings needed for basic login
Mac OS X eDirectory Object Class RecordName uid, cn inetOrgPerson RealName fullName, cn UniqueID uidNumber posixAccount PrimaryGroupID gidNumber NFSHomeDirectory homeDirectory notes here

60 Attribute mappings needed for Management
Mac OS X eDirectory Object Class HomeDirectory apple-user-homeurl apple-user MCXFlags apple-user-mcxflags MCXSettings apple-user-mcxsettings notes here

61 Config Object LDAP Created for user/group management
Admin defined location in eDirectory Name of object is mcxcache notes here

62 Management Data LDAP apple-user-mcxsettings
XML data for managed preferences apple-user-mcxflags XML data that defines if the user/group is managed notes here

63 Home Directories AFP 3.1 Netware 6.5 optimal Universal Passwords
Netware 5.x/6.x Simple Passwords AFP Guest access turned on restrict guest account in eDirectory with IRFs notes here

64 Configure User for LDAP queries
LDAP Binds Create user account in eDirectory read, write, browse, compare Limit access to container with IRFs Anonymous binds Configure proxy user (Novell TID # ) notes here

65 SSL encrypted LDAP openssl eDirectory 8.7 or greater
RootCert.der from SYS:\PUBLIC Convert to PEM format with openssl tools Set file permission to read-only for all users (Mac OS X) Add TLS_CACERT to ldap.conf file locate in /etc/openldap on Mac OS X workstations notes here

66 Openssl Command to Convert Certificate
notes here openssl x509 -inform DER -outform PEM -in <path to RootCert.der> -out <path to RootCert.pem>

67 Tips for Successful Integration
Tips & Hints Start small Basic mappings, use dscl to confirm Use LDAP browser to confirm data and right to data are correct Configure SSL last notes here

68 Demonstration

69

70 Q&A


Download ppt "Managing Mac OS X with Novell eDirectory"

Similar presentations


Ads by Google