Blog Entry

Further to my last post, I thought I would start to talk about the solution we have built to connect eDirectory to Apples Open Directory. In fact this could be used to connect any IDM connected system to the Apple directory.

Below is a high level overview of the process of user creation and log in.

Click to view.

1.User Creation User is created into Identity Vault

2.User is created in File & Print Tree.

User account is synced to the eDirectory on the OESv2 Linux server Providing user access to the following services: iFolder, iPrint Other Novell services in eDirectory.

3.User is SAMBA Enabled.

Using the Identity Scripting driver and Samba linux command line, the user account is enabled for Samba access. Providing access to: Samba Shares Home Directory.

Please note: AFP / CIFS will be used once OESv2 Support Pack 1 is released. Using these native protocols will eliminate the need for scripting driver.

4.User is created in Open Directory.

The Identity Scripting driver & Apple scripts are used to create the user in Apple Open Directory on OSX 10.5.x. The scripts also set: User password (set from eDirectory password) and Apple Unique ID. User now has access to Apple services on OSX 10.5.x

5.User Attributes are synced to Open Directory.

The Novell Identity Management LDAP Connector is used to sync the users attributes to and from eDirectory & Apple Open Directory. These include: User Full Name, Home Directory details and Group Memberships.

6.User logs into OSX using Open Directory.

Using the Directory Utility on OSX an LDAP connection is set up between workstations and the Apple Open Directory Server. Users log into Apple Open Directory, using their Apple ID and password.

7.User is connected to File Share. Using SMB connection the users home directory is mounted during the log in process.

We are still in the process of documenting this solution with more technical details. We are also working with Apple engineering to look at areas where we could simplify the solution.