When a user accesses system resources, the user's profile must be checked for access rights. This requires a one-to-one mapping between the user or group name and system-identifiable numbers such as the User ID or Group ID to enable user provisioning. This is done by name service providers that make name service calls to obtain user or group profiles from user or group databases.
Typically, the Name Service Switch (NSS) redirector is used to isolate name service providers from applications. Linux User Management provides a name service switch provider, nss_nam, that retrieves user or group profiles from eDirectory. The switch allows different database providers to be registered for each database, and when an application invokes the NSS, it chains through the providers listed for that database. The nss_nam module uses LDAP to retrieve this information from eDirectory.
The nss_nam module is plugged in through the /etc/nsswitch.conf configuration file. Sample entries from the file are given below:
passwd: files nam group: files nam
The first field on each line is the name of the Linux database. The second and subsequent entries, if any, specify the name of the service provider.
eDirectory provides a hierarchical organization of various entities such as users, groups, Linux workstations, and so on. Each User object in eDirectory is a leaf node in a specific branch of the organization-wide tree. The user is identified by a corresponding context, for example, chuck.javagroup.us.novell.
By providing a transparent mechanism for contextless login, nss_nam does away with the need for Linux users to remember the eDirectory context. nss_nam resolves the contextless name provided by the Linux user during login. The contextless name is resolved to the Linux Workstation object for the current host in eDirectory. The Linux Workstation object specifies the groups with access to the Linux system. Only those users who are members of these groups are allowed to log into the workstation. If a matching user is found, the corresponding Linux profile is returned.