Today, Identity management is considered as one of the critical elements of
an enterprise's IT infrastructure, particularly when more & more enterprise apps
are being leveraged. To meet the identity requirements, enterprises have the
option of selecting Open Source solutions. Enterprise IT is shifting its focus
from enterprise-focused apps to extranet-focused apps, from dealing with
thousands of users to hundreds of millions of users. Identity demands will also
continue to rise and as an enterprise adds more and more identity management
capabilities, it is becoming more complex to deploy and manage. For instance,
the identity management capabilities can be from directory services to access
management to provisioning to authentication. Access management and Directory
services, are considered to be two key components of an enterprise identity
management initiative.
Identity architecture depends on directory services. Why? The answer is very
simple: To provide secure, reliable access to digital identities and their
credentials. As for the increased networked environments, the directory must
offer a repository for identity data as well as provide secure access to
information present in multiple repositories.
Sun's OpenDS which is based on Sun directory server focuses on shifting
extranet directory scalability from hundreds of millions of user entries to
billions. The goal of OpenDS which was released under the Open Source Common
Development and Distribution License (CDDL) was to attract a community of
developers to build the next generation directory service software. OpenDS
supports different operating system platforms consisting of Windows, Red Hat,
Ubuntu Solaris, Open Solaris, etc. The roadmap for OpenDS will include features
like virtual directory, proxy server, identity synchronization for Windows
capable of synchronizing with the Active Directory instances, etc.
This is the OpenDS directory server quick setup screenshot. It prompts you to enter installation path, hostname, etc. You can also configure LDAP. |
Once the necessary steps have been completed, you will be automatically directed to the control panel. Here you can manage entries, monitor or run backups. |
Primer on Directory Services
The key role of Directory services for the enterprises was to provide
multi-vendor interoperability by agreeing to common network standards. The
directory services were an integral part of an Open System Interconnection
initiative and are simply the software system that is responsible for storing,
organizing and providing access to information in a directory. There can be
several ways to provide a directory service. Depending upon the different
methods, these methods allow different kinds of information to be stored, plus
allows them to place some requirements on how that information can be
referenced, queried, etc. it also defines on how the data can be protected from
unauthorized access, etc. The directory services can be categorized into local
and global directory services. Differentiating local from global services, the
local services provides services to a restricted context for while global offers
much broader context. In global services, the data they contain is usually
spread across many machines and hence are referred to be distributed services.
These services define a uniform namespace which provides similar view of the
data, for instance the Internet Domain Name System (DNS).
Popular Directory Services |
Let's look into some of the directory services
|
The role of directory server includes creating access control, managing user
authentication, centralizing user management, etc.
A little brief on the following components that are installed during the
installation and setup of directory services:
- LDAP server: The core Directory server, the LDAP v3 and all of the
associated plugins, command line tools that help to manage the server and its
database. - Administration server: It is basically a web server that controls the
different portals that access the LDAP server. - Directory Server Console: It is a graphical management console that helps
to save valuable time by reducing the effort of setting and maintaining
directory services. It is an SNMP agent to monitor the directory services with
the help of SNMP protocol.
Installing OpenDS
As discussed before, Open DS supports a number of operating system
platforms, the basic requirement in order to run OpenDS is to have Java. You can
simply download the latest version of Java from this link http://www.java.com/
en/download/manual.jsp. Once you are through, simply run some commands or steps
depending on the OS. For instance, we tried the whole process of installation on
CentOS 5.4. To download the self-extracting RPM files, you must be logged in as
root. Then you simply need to make a directory (/usr/java) where you want to
install it. Change the permission of the file by typing:
# chmod a+x jre-6u-version-linux-i586.rpm.bin
Start the installation process by running:
# ./jre-6u-version-linux.i586.rpm.bin.
After this step, you will be prompted to accept the license
agreement, once done you can simply check by typing 'ls' that will show the
sub-directories installed in the current directory. After the installation
process you simply need to enable and configure it by creating a symbolic link.
Once Java has been successfully installed onto your system,
you can simply download the OpenDS from this link: https://www.opends.org. Hit
the Downloads button and then click on the Quick Setup installer file which has
the extension .jnlp, this will run in Java.