Directory Services Appliance

An LDAP directory is like the 'yellow pages' for your organization, one which

can store all the contact information (names, addresses, telephone numbers,

email ids and what not) of your organization, departments (organizational units)

and users (employees and other stakeholders). The information can also include

user passwords. Thus, besides being a directory, an LDAP server can also be used

to authenticate users. With an LDAP server in place, users can use a single set

of login credentials (username and password) to log on to various applications

running in the organization. If a user wants to change his password, he only

needs to change it at one place-at the LDAP server. Subsequently, he would be

able to log on to all the applications with his new password. PCQLinux 2008

appliances for content management, messaging and web meeting can be

authenticated with the PCQLinux 2008 directory server appliance using LDAP.

Articles on these appliances will explain how to achieve this. So, before we

move forward, let's get back to, first, booting up and setting up the Directory

Server appliance. Note that the directory server has been pre-configured for an

organization, let's say PCQuest. The root DN (Distinguished Name) has been setup

to dc=pcquest, dc=net. If you are new to LDAP and to the terms like DN, then

refer to the article “Yellow Pages for your Network” at http://pcquest.ciol.com/

content/ linux/ 103060201.asp.

In this article we will create a simple directory structure with two

organizational units named 'Accounts' and 'Human Resources.' Under each

organizational unit we will have employees (who work for these units).

Setting up the directory



Refer to the article that teaches us how to install appliances on PCQLinux

2008. Login as root and launch X Windows by issuing the Startx command. Right

click and open a terminal window (Open Terminal). Here, issue

'fedora-idm-console' command to launch the Management Console to configure the

directory server. Now follow the steps given on the next page. Once you're done,

you can repeat the steps to add more departments and users. Your LDAP based

directory is ready even for other PCQLinux appliances to authenticate against

the User ID and Password you had specified while creating users. Note that, you

can choose to connect to the Management Console from a remote machine too,

including a Windows machine. Refer to the section “Windows Console for Fedora DS

1.1” at the URL http://directory.fedoraproject.org/ wiki/Download. For this to

work, you must set up your DNS (Domain Name Service) to point

directory.pcquest.net to the IP address of the appliance. Alternately, you can

append a line, 'directory.

pcquest.net ' in the file named

“hosts” found in c:\windows\system32\ drivers\etc. For comprehensive information

on Fedora Directory Server, refer to the URL http://directory.fedoraproject.

org/.

On the login box type, cn=Directory Manager, pass@word and http://localhost:9830 for User ID, Password and Administration URL respectively. Click on OK.	In the next screen you will see a tree like structure on the left pane. Expand the tree besides the directory.pcquest.net> Server Group. Double click on 'Directory Server' directory
A new window to set up the LDAP directory will open. Click on the tab labeled 'Directory.' Expanding the pcquest directory will reveal three nodes: Groups, People and Special Users	Right click on the node 'pcquest' and select New>Organizational Unit. For Name, type in 'Accounts' and click on OK. Repeat to create an organizational unit for 'Human Resources'
Next we create employees or users under each unit. Right click on Accounts and select New>User. Fill in all the details in the form and click on OK	Note: PCQLinux 2008 appliances authenticate with the Directory Server using MD5. For this to work, the password encryption (for users) is set to 'clear text' or 'no encryption'