In my last blog, I talked about the performance improvements in eDirectory 8.8 SP2. I am going to talk about a couple of new features this time.
Configurable LDAP interfaces
A multi-valued string attribute is added to the LDAP server object. This attribute is used to store LDAP URLs on which LDAP server listens (on both cleartext and secure ports). This attribute is useful in configuring multiple instances, that requires each instance of the eDirectory server to listen on a specific interface. The attribute can be configured with the IP addresses and port numbers in the LDAP URL format. The LDAP server listens on these IP addresses and ports.
The default value of ldapInterfaces attribute is ldap://:389 and ldaps://:636 This means, LDAP server listens on default ports on all the IP addresses configured in the machine.
There have been multiple requests in the past to provide Nested Group support in eDirectory. We are there finally. eDirectory 8.8 SP2 comes with an experimental support for nested groups where groups can be member of another groups and rights can be assigned in a more organized way. I call it as experimental because the current implementation comes with its own limited support, such as:
- Nested relationships do not span beyond the local server; the objects, users, and groups involved need to be locally present on the server.
- No duplicate elimination is done in membership listing.
- Nesting of dynamic groups is not supported.
- Nested ACLs as well as the nesting semantics are not supported on older eDirectory servers (version 8.8 SP1 and earlier).Group nesting is possible only within the local server
- Nested groups can be managed only through LDAP tools today. iManager plug-ins are awaited.
An existing static group can be promoted to a nested group by associating the nestedGroupAux auxiliary class. This auxiliary class should be present on both the containing group (groups that exhibit nested property) and the contained group (groups those are member of another group).