Directory Services Appliance

With our Fedora Directory Server-based appliance, you can configure directory and central authentication services for your applications

Saturday, March 01, 2008

An LDAP directory is like the 'yellow pages' for your organization, one which can store all the contact information (names, addresses, telephone numbers, email ids and what not) of your organization, departments (organizational units) and users (employees and other stakeholders). The information can also include user passwords. Thus, besides being a directory, an LDAP server can also be used to authenticate users. With an LDAP server in place, users can use a single set of login credentials (username and password) to log on to various applications running in the organization. If a user wants to change his password, he only needs to change it at one place-at the LDAP server. Subsequently, he would be able to log on to all the applications with his new password. PCQLinux 2008 appliances for content management, messaging and web meeting can be authenticated with the PCQLinux 2008 directory server appliance using LDAP. Articles on these appliances will explain how to achieve this. So, before we move forward, let's get back to, first, booting up and setting up the Directory Server appliance. Note that the directory server has been pre-configured for an organization, let's say PCQuest. The root DN (Distinguished Name) has been setup to dc=pcquest, dc=net. If you are new to LDAP and to the terms like DN, then refer to the article “Yellow Pages for your Network” at http://pcquest.ciol.com/ content/ linux/ 103060201.asp.

In this article we will create a simple directory structure with two organizational units named 'Accounts' and 'Human Resources.' Under each organizational unit we will have employees (who work for these units).

Setting up the directory
Refer to the article that teaches us how to install appliances on PCQLinux 2008. Login as root and launch X Windows by issuing the Startx command. Right click and open a terminal window (Open Terminal). Here, issue 'fedora-idm-console' command to launch the Management Console to configure the directory server. Now follow the steps given on the next page. Once you're done, you can repeat the steps to add more departments and users. Your LDAP based directory is ready even for other PCQLinux appliances to authenticate against the User ID and Password you had specified while creating users. Note that, you can choose to connect to the Management Console from a remote machine too, including a Windows machine. Refer to the section “Windows Console for Fedora DS 1.1” at the URL http://directory.fedoraproject.org/ wiki/Download. For this to work, you must set up your DNS (Domain Name Service) to point directory.pcquest.net to the IP address of the appliance. Alternately, you can append a line, 'directory.

pcquest.net ' in the file named “hosts” found in c:\windows\system32\ drivers\etc. For comprehensive information on Fedora Directory Server, refer to the URL http://directory.fedoraproject. org/.

On the login box type, cn=Directory Manager, pass@word and http://localhost:9830 for User ID, Password and Administration URL respectively. Click on OK.	In the next screen you will see a tree like structure on the left pane. Expand the tree besides the directory.pcquest.net> Server Group. Double click on 'Directory Server' directory
A new window to set up the LDAP directory will open. Click on the tab labeled 'Directory.' Expanding the pcquest directory will reveal three nodes: Groups, People and Special Users	Right click on the node 'pcquest' and select New>Organizational Unit. For Name, type in 'Accounts' and click on OK. Repeat to create an organizational unit for 'Human Resources'
Next we create employees or users under each unit. Right click on Accounts and select New>User. Fill in all the details in the form and click on OK	Note: PCQLinux 2008 appliances authenticate with the Directory Server using MD5. For this to work, the password encryption (for users) is set to 'clear text' or 'no encryption'

Page(s)   1