eDirectory - A Look Ahead
Novell Cool Solutions: Feature
Digg This -
Posted: 22 Jun 2005
This summary article, adapted from BrainShare 2005 Tutorial 278, discusses what's current and what's ahead for eDirectory - featuring the upcoming eDirectory version 8.8.
Current and Interim Releases
Version 8.7.3 of eDirectory was released in January 2004. Here are some of its key features:
- Added support for Windows 2003
- Unix package-based installer
- Novell Certificate Server 2.7
- Bundled products
- Novell iManager 2.0.2
- Novell Modular Authentication Service 2.3
- Novell eGuide 2.1.2
Novell has also produced several eDirectory 8.7.3 Interim Releases, from February 2004 to January 2005. These releases have resolved approximately 550 defects.
Version 8.7.3 IR5 was delivered with OES 1.0. It includes bug fixes, NCP engine support on SLES, and installation improvements. Version 8.7.3 IR6 was released in April 2005, featuring better memory management and fixes for localization defects.
Novell eDirectory 8.8 - Focus and Features
Version 8.8 of eDirectory focuses on the following things:
- Installation and Upgrade Enhancements
- Performance Improvements
- Security Enhancements
- New Developer Interfaces
Installation and Upgrade Enhancements
Here are the main install and upgrade improvements in version 8.8:
- Installation is fully scriptable.
- Installs can be done through YaST on SLES.
- FHS and LSB compliance is supported.
- An alternate data (DIB) location can be specified.
- Supervisor rights to the [root] of directory is no longer required to install the service.
- The service can be run as a non-root user on Linux or UNIX.
- Installs are patchable.
- Installs and updates can be done via Ximian Red Carpet.
- SecretStore is installed by default.
- The dependency between eDirectory and iManager is removed.
- Server Health Check and Patch Installer tools are included.
Getting version 8.8 up and running is pretty straightforward: you install the application, run the Configuration Wizard, apply the configuration file, and start the service.
The Server Health Check helps you determine whether the server health is safe before you do an upgrade. This feature runs by default with every upgrade and is triggered before the actual package upgrade. You can also run the diagnostic tool NDScheck (DSCheck on NetWare) to do the health checks.
With the Patch Installer, you can easily update your system with the latest patches, Post eDirectory 8.8. You can also roll back to the previous patch.
Data Import "BulkLoad" Improvements
You can select any of the following options to improve data import performance:
- Disable in-line change cache
- Disable ACL templates on inetOrgperson
- ??? No schema check; Indexing off ???
- Enable Multi-threading on client and server
Priority Sync is used for instant convergence for real-time attributes such as passwords. It is configurable per attribute. Priority Sync writes change to all replicas at once - the normal replication process negotiates the rest.
The figures below show the write process - first without Priority Sync and then with it.
Figure 1: Write process - no Priority Sync (left); with Priority Sync (right)
Multi-instance support in Version 8.8 enables you to host more than one instance of eDirectory on a server.
Figure 2: Multiple instances of eDirectory on a server
With multi-instance support, you can:
- Maximize high-end host hardware.
- Open up new performance configuration options.
- Use a dedicated IP address per service instance.
New Encryption Options
In version 8.8 you can encrypt attributes within the DIB. The attribute is encrypted on a per-server basis. Once encrypted, attributes can be accessed through clear text or secure channel (e.g., SSL).
Encrypted replication can also be done. You can set the replication traffic to be encrypted, on a per-partition or per-replica basis. Per-server is not currently supported but may be in the future.
In eDirectory 8.7.1 and 8.7.3, when you enabled Universal Password, the password was case-sensitive only when you logged in through Novell Client32. The password was not case-sensitive when you logged in through other clients (for example, the eDirectory SDK or iManager).
With eDirectory 8.8, you can make your passwords case-sensitive for all the clients.
Object-based Backup and Restore
Object-based Backup and Restore is implemented through an extension to LDAP. It is used to back up the attributes and attribute values of one object at a time. This process returns same data as the Target Service Agent (TSANDS). This feature is available through C LDAP and the Java LDAP SDK.
Object-based Backup and Restore has the following advantages:
- You can do incremental backup, where the object is backed up only if changes have been made to it.
- It works on all eDirectory-supported platforms.
- It is reverse-compatible with TSA.
The LDAP SASL-GSSAPI mechanism is an authentication module that helps the LDAP server authenticate to a user based on a Kerberos ticket. This support is targeted at LDAP application users in environments that already have the Kerberos infrastructure in place.
Below is a diagram of the Kerberos authentication flow:
Figure 3: Kerberos authentication
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com