Sophie

Sophie

distrib > Mandriva > 9.1 > i586 > by-pkgid > 155113eb8ef20e5ef7ec0ffbcd223a43 > files > 9

directory_administrator-1.3.5-1mdk.i586.rpm

***************************************
* Directory administrator README
***************************************

Thank you for choosing Directory administrator.  I 
sincerely hope you will find this application useful.

My name is Manuel Amador (Rudd-O).  I am the original author of
this software. Please report any comments to amadorm@usm.edu.ec.
The official Web site is http://diradmin.open-it.org/

Q: What is Directory administrator?

A: Directory administrator is an LDAP POSIX user/group manager.  
That, in plain English, means that it will allow you to easily manage 
your Linux/UNIX users and groups residing in an LDAP database.

It also manages organizational information, per-server/service access
controls, and LDAP mail routing as supported by Sendmail and other 
LDAP-enabled mailers.

Q: What is LDAP?  What can I use it for?

A: That question is an easy one, too.
A directory is a centralized object storage server.  LDAP is a 
lightweight directory protocol.  UNIX and Windows systems can make use of 
a directory server to verify the users' credentials and to grant them 
access to the system.

It makes sense to have a centralized store for credential information, 
but it gets better: you can also store your users' company information  
(such as e-mail address, PBX extension number, and the like).
Nowadays, nearly every network service can authenticate against an
LDAP directory (that includes Linux and other UNIX variants).

So it works like this:

* Set a directory up: install OpenLDAP and migrate authentication 
  information into it (the MigrationTools from PADL can assist you 
  with the task).
* Install Directory administrator: you don't need to install it in
  the same computer as the directory server.
* Set your workstations up to look up authentication information on
  your newly set-up directory server.  This can be done using your 
  operating system setup utilities (e.g., authdrake for Mandrake Linux,
  redhat-config-auth for Red Hat Linux).
* Manage your users and groups via Directory administrator

You can also set several other services up, and they will take advantage 
of the information residing on the directory server.

LDAP has also replication and fault-tolerancy.  This means you could 
have a global directory for all your users, constantly replicating 
between sites.

Not only that, but it, just as NIS+, allows you to have unified user 
IDs and group IDs, effectively being a secure replacement to NIS+.  
This means that all your users will hold the same user IDs across 
servers and workstations.  That is, another administrative nightmare 
has been obliterated.

Q: Why didn't you use iPlanet Directory Server administrative suite?

A: The big deal behind Directory Server is that I couldn't find any 
way of managing POSIX users and groups.  POSIX users and groups are 
stored as any other user, but with a set of additional attributes, 
which iPlanet suite doesn't know about.  So, an user created with 
iPlanet can't be used as a logon user account on a Linux machine.

Nevertheless, a user created with Directory administrator on an iPlanet
Directory Server CAN logon and be used on UNIX environments.  Not only
that, but I recommend Directory Server because of its configurability,
access control policies (you can delegate administration with extreme
control) and reliability.

There are freely available tools for modifying and browsing a 
directory server, but none have the specific target of managing UNIX 
users and groups.  Since LDAP is the perfect replacement for NIS+, 
this tool was the only thing missing.

Q: How do I install and use it?

A: Read the file INSTALL in this directory.

Then open Directory administrator, create a connection profile, 
connect with administrator credentials and start managing your
directory!

Future tools will allow you to set up an LDAP server, migrate user
accounts, and set a computer up to be a client for the LDAP server,
in compliance to the POSIX standards and my drafts.

Q: Are there competing projects?

A: Yes.  There is LinPlanet (linplanet.sourceforge.net).  But I 
haven't used their software, their project page hasn't released any 
code, it also states that it's in pre-alpha state, and I personally 
am looking for an utility that is easier and faster to use, judging 
by the screenshots I saw.  I am also doing a micro-extension to the 
standard, to allow computers participating of the directory to deny 
authentication, based on a set of attributes related to the server 
that user is logging to.

There is LDAP Explorer.  There is GUM.  There is Ganymede. In
some ways they do not perform Directory administrator's tasks.

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional