Advertisment

Managing Identities With OpenDS

author-image
PCQ Bureau
New Update

Today, Identity management is considered as one of the critical elements of

an enterprise's IT infrastructure, particularly when more & more enterprise apps

are being leveraged. To meet the identity requirements, enterprises have the

option of selecting Open Source solutions. Enterprise IT is shifting its focus

from enterprise-focused apps to extranet-focused apps, from dealing with

thousands of users to hundreds of millions of users. Identity demands will also

continue to rise and as an enterprise adds more and more identity management

capabilities, it is becoming more complex to deploy and manage. For instance,

the identity management capabilities can be from directory services to access

management to provisioning to authentication. Access management and Directory

services, are considered to be two key components of an enterprise identity

management initiative.

Advertisment

Identity architecture depends on directory services. Why? The answer is very

simple: To provide secure, reliable access to digital identities and their

credentials. As for the increased networked environments, the directory must

offer a repository for identity data as well as provide secure access to

information present in multiple repositories.

Sun's OpenDS which is based on Sun directory server focuses on shifting

extranet directory scalability from hundreds of millions of user entries to

billions. The goal of OpenDS which was released under the Open Source Common

Development and Distribution License (CDDL) was to attract a community of

developers to build the next generation directory service software. OpenDS

supports different operating system platforms consisting of Windows, Red Hat,

Ubuntu Solaris, Open Solaris, etc. The roadmap for OpenDS will include features

like virtual directory, proxy server, identity synchronization for Windows

capable of synchronizing with the Active Directory instances, etc.

This is the OpenDS directory server quick setup screenshot.

It prompts you to enter installation path, hostname, etc. You can also

configure LDAP.
Advertisment
Once the necessary steps have been completed, you will be

automatically directed to the control panel. Here you can manage entries,

monitor or run backups.

Primer on Directory Services



The key role of Directory services for the enterprises was to provide

multi-vendor interoperability by agreeing to common network standards. The

directory services were an integral part of an Open System Interconnection

initiative and are simply the software system that is responsible for storing,

organizing and providing access to information in a directory. There can be

several ways to provide a directory service. Depending upon the different

methods, these methods allow different kinds of information to be stored, plus

allows them to place some requirements on how that information can be

referenced, queried, etc. it also defines on how the data can be protected from

unauthorized access, etc. The directory services can be categorized into local

and global directory services. Differentiating local from global services, the

local services provides services to a restricted context for while global offers

much broader context. In global services, the data they contain is usually

spread across many machines and hence are referred to be distributed services.

These services define a uniform namespace which provides similar view of the

data, for instance the Internet Domain Name System (DNS).

Popular Directory Services

Let's look into some of the directory services

implementations:

  1. Domain Name System (DNS): Well who doesn know about

    DNS. Used everywhere, it is the first directory service on the Internet.

  2. Active Directory: First shipped with Windows Server

    2000 and used in Exchange server, it is Microsoft's directory service for

    Windows.

  3. Red Hat Directory Server: The Red Hat Directory

    Server includes the directory itself and consists of the server-side

    software and a client side GUI. The implementation of LDAP protocol, is

    the main role of server-side software, whereas the client GUI lets the end

    users to search and change entries in directories.

  4. Network Information Service: NIS, was originally

    named as Yellow Pages. It consists of client-server directory protocol and

    was developed by Sun Microsystems.

Advertisment

The role of directory server includes creating access control, managing user

authentication, centralizing user management, etc.

A little brief on the following components that are installed during the

installation and setup of directory services:

  1. LDAP server: The core Directory server, the LDAP v3 and all of the

    associated plugins, command line tools that help to manage the server and its

    database.
  2. Administration server: It is basically a web server that controls the

    different portals that access the LDAP server.
  3. Directory Server Console: It is a graphical management console that helps

    to save valuable time by reducing the effort of setting and maintaining

    directory services. It is an SNMP agent to monitor the directory services with

    the help of SNMP protocol.
Advertisment

Installing OpenDS



As discussed before, Open DS supports a number of operating system

platforms, the basic requirement in order to run OpenDS is to have Java. You can

simply download the latest version of Java from this link http://www.java.com/

en/download/manual.jsp. Once you are through, simply run some commands or steps

depending on the OS. For instance, we tried the whole process of installation on

CentOS 5.4. To download the self-extracting RPM files, you must be logged in as

root. Then you simply need to make a directory (/usr/java) where you want to

install it. Change the permission of the file by typing:

# chmod a+x jre-6u-version-linux-i586.rpm.bin

Start the installation process by running:

Advertisment

# ./jre-6u-version-linux.i586.rpm.bin.

After this step, you will be prompted to accept the license

agreement, once done you can simply check by typing 'ls' that will show the

sub-directories installed in the current directory. After the installation

process you simply need to enable and configure it by creating a symbolic link.

Once Java has been successfully installed onto your system,

you can simply download the OpenDS from this link: https://www.opends.org. Hit

the Downloads button and then click on the Quick Setup installer file which has

the extension .jnlp, this will run in Java.

Next-

Manage

Your Network Storage with Openfiler

Advertisment