Novell is now a part of Micro Focus

eDirectory - A Look Ahead

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 22 Jun 2005

This summary article, adapted from BrainShare 2005 Tutorial 278, discusses what's current and what's ahead for eDirectory - featuring the upcoming eDirectory version 8.8.

Current and Interim Releases

Version 8.7.3 of eDirectory was released in January 2004. Here are some of its key features:

  • Added support for Windows 2003
  • Unix package-based installer
  • Novell Certificate Server 2.7
  • Bundled products
  • Novell iManager 2.0.2
  • Novell Modular Authentication Service 2.3
  • Novell eGuide 2.1.2

Novell has also produced several eDirectory 8.7.3 Interim Releases, from February 2004 to January 2005. These releases have resolved approximately 550 defects.

Version 8.7.3 IR5 was delivered with OES 1.0. It includes bug fixes, NCP engine support on SLES, and installation improvements. Version 8.7.3 IR6 was released in April 2005, featuring better memory management and fixes for localization defects.

Novell eDirectory 8.8 - Focus and Features

Version 8.8 of eDirectory focuses on the following things:

  • Installation and Upgrade Enhancements
  • Performance Improvements
  • Security Enhancements
  • New Developer Interfaces

Installation and Upgrade Enhancements

Here are the main install and upgrade improvements in version 8.8:

  • Installation is fully scriptable.
  • Installs can be done through YaST on SLES.
  • FHS and LSB compliance is supported.
  • An alternate data (DIB) location can be specified.
  • Supervisor rights to the [root] of directory is no longer required to install the service.
  • The service can be run as a non-root user on Linux or UNIX.
  • Installs are patchable.
  • Installs and updates can be done via Ximian Red Carpet.
  • SecretStore is installed by default.
  • The dependency between eDirectory and iManager is removed.
  • Server Health Check and Patch Installer tools are included.

Getting version 8.8 up and running is pretty straightforward: you install the application, run the Configuration Wizard, apply the configuration file, and start the service.

The Server Health Check helps you determine whether the server health is safe before you do an upgrade. This feature runs by default with every upgrade and is triggered before the actual package upgrade. You can also run the diagnostic tool NDScheck (DSCheck on NetWare) to do the health checks.

With the Patch Installer, you can easily update your system with the latest patches, Post eDirectory 8.8. You can also roll back to the previous patch.

Performance Improvements

Data Import "BulkLoad" Improvements

You can select any of the following options to improve data import performance:

  • Disable in-line change cache
  • Disable ACL templates on inetOrgperson
  • ??? No schema check; Indexing off ???
  • Enable Multi-threading on client and server

Priority Sync

Priority Sync is used for instant convergence for real-time attributes such as passwords. It is configurable per attribute. Priority Sync writes change to all replicas at once - the normal replication process negotiates the rest.

The figures below show the write process - first without Priority Sync and then with it.

Figure 1: Write process - no Priority Sync (left); with Priority Sync (right)

Multi-Instance Support

Multi-instance support in Version 8.8 enables you to host more than one instance of eDirectory on a server.

Figure 2: Multiple instances of eDirectory on a server

With multi-instance support, you can:

  • Maximize high-end host hardware.
  • Open up new performance configuration options.
  • Use a dedicated IP address per service instance.
  • Use more than one tree per server.
  • Use multiple replicas of the same tree or partition on a single server.
  • Assign an interface for each partition to accelerate searches.
  • Security Improvements

    New Encryption Options

    In version 8.8 you can encrypt attributes within the DIB. The attribute is encrypted on a per-server basis. Once encrypted, attributes can be accessed through clear text or secure channel (e.g., SSL).

    Encrypted replication can also be done. You can set the replication traffic to be encrypted, on a per-partition or per-replica basis. Per-server is not currently supported but may be in the future.

    Case-Sensitive Passwords

    In eDirectory 8.7.1 and 8.7.3, when you enabled Universal Password, the password was case-sensitive only when you logged in through Novell Client32. The password was not case-sensitive when you logged in through other clients (for example, the eDirectory SDK or iManager).

    With eDirectory 8.8, you can make your passwords case-sensitive for all the clients.

    Object-based Backup and Restore

    Object-based Backup and Restore is implemented through an extension to LDAP. It is used to back up the attributes and attribute values of one object at a time. This process returns same data as the Target Service Agent (TSANDS). This feature is available through C LDAP and the Java LDAP SDK.

    Object-based Backup and Restore has the following advantages:

    • You can do incremental backup, where the object is backed up only if changes have been made to it.
    • It works on all eDirectory-supported platforms.
    • It is reverse-compatible with TSA.

    SASL-GSSAPI Support

    The LDAP SASL-GSSAPI mechanism is an authentication module that helps the LDAP server authenticate to a user based on a Kerberos ticket. This support is targeted at LDAP application users in environments that already have the Kerberos infrastructure in place.

  • These users must be able to use the Kerberos tickets obtained from the Kerberos server to authenticate to the LDAP server, without providing a separate LDAP user password.
  • Below is a diagram of the Kerberos authentication flow:

    Figure 3: Kerberos authentication

    Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

    © Copyright Micro Focus or one of its affiliates