An LDAP directory is like the 'yellow pages' for your organization, one which
can store all the contact information (names, addresses, telephone numbers,
email ids and what not) of your organization, departments (organizational units)
and users (employees and other stakeholders). The information can also include
user passwords. Thus, besides being a directory, an LDAP server can also be used
to authenticate users. With an LDAP server in place, users can use a single set
of login credentials (username and password) to log on to various applications
running in the organization. If a user wants to change his password, he only
needs to change it at one place-at the LDAP server. Subsequently, he would be
able to log on to all the applications with his new password. PCQLinux 2008
appliances for content management, messaging and web meeting can be
authenticated with the PCQLinux 2008 directory server appliance using LDAP.
Articles on these appliances will explain how to achieve this. So, before we
move forward, let's get back to, first, booting up and setting up the Directory
Server appliance. Note that the directory server has been pre-configured for an
organization, let's say PCQuest. The root DN (Distinguished Name) has been setup
to dc=pcquest, dc=net. If you are new to LDAP and to the terms like DN, then
refer to the article “Yellow Pages for your Network” at http://pcquest.ciol.com/
content/ linux/ 103060201.asp.
In this article we will create a simple directory structure with two
organizational units named 'Accounts' and 'Human Resources.' Under each
organizational unit we will have employees (who work for these units).
Setting up the directory
Refer to the article that teaches us how to install appliances on PCQLinux
2008. Login as root and launch X Windows by issuing the Startx command. Right
click and open a terminal window (Open Terminal). Here, issue
'fedora-idm-console' command to launch the Management Console to configure the
directory server. Now follow the steps given on the next page. Once you're done,
you can repeat the steps to add more departments and users. Your LDAP based
directory is ready even for other PCQLinux appliances to authenticate against
the User ID and Password you had specified while creating users. Note that, you
can choose to connect to the Management Console from a remote machine too,
including a Windows machine. Refer to the section “Windows Console for Fedora DS
1.1” at the URL http://directory.fedoraproject.org/ wiki/Download. For this to
work, you must set up your DNS (Domain Name Service) to point
directory.pcquest.net to the IP address of the appliance. Alternately, you can
append a line, 'directory.
pcquest.net
“hosts” found in c:\windows\system32\ drivers\etc. For comprehensive information
on Fedora Directory Server, refer to the URL http://directory.fedoraproject.
org/.
On the login box type, cn=Directory Manager, pass@word and http://localhost:9830 for User ID, Password and Administration URL respectively. Click on OK. |
In the next screen you will see a tree like structure on the left pane. Expand the tree besides the directory.pcquest.net> Server Group. Double click on 'Directory Server' directory |
A new window to set up the LDAP directory will open. Click on the tab labeled 'Directory.' Expanding the pcquest directory will reveal three nodes: Groups, People and Special Users |
Right click on the node 'pcquest' and select New>Organizational Unit. For Name, type in 'Accounts' and click on OK. Repeat to create an organizational unit for 'Human Resources' |
Next we create employees or users under each unit. Right click on Accounts and select New>User. Fill in all the details in the form and click on OK |
Note: PCQLinux 2008 appliances authenticate with the Directory Server using MD5. For this to work, the password encryption (for users) is set to 'clear text' or 'no encryption' |