Ease of Management through Novell iManager
Novell eDirectory allows for easy, powerful, and flexible management of network resources. It also serves as a repository of user information for groupware and other applications. These applications access your directory through the industry-standard Lightweight Directory Access Protocol (LDAP).
eDirectory ease-of-management features include a powerful tree structure, an integrated management utility, and single login and authentication.
Novell iManager lets you manage the directory and users, and access rights and network resources within the directory, from a Web browser and a variety of handheld devices. The eDirectory plug-ins to iManager give you access to basic directory management tasks, and to the eDirectory management utilities you previously had to run on the eDirectory server, such as DSRepair, DSMerge, and Backup and Restore.
After iManager is installed on a Web server, you can access iManager from any server or workstation running Internet Explorer 5.5 or later or Netscape 6.2 or later.
For more information, see the Novell iManager 2.0.x Administration Guide.
Powerful Tree Structure
Novell eDirectory organizes objects in a tree structure, beginning with the top Tree object, which bears the tree's name.
Whether your eDirectory servers are running NetWare, UNIX, or Windows, all resources can be kept in the same tree. You won't need to access a specific server or domain to create objects, grant rights, change passwords, or manage applications.
The hierarchical structure of the tree gives you great management flexibility and power. These benefits primarily result from the following two features:
Container Objects
Container objects allow you to manage other objects in sets, rather than individually. There are three common classes of container objects, as seen in Figure 3:
Figure 3Common Classes of Container Objects
The Tree object is the top container object in the tree. It usually contains your company's Organization object.
Organization is normally the first container class under the Tree object. The Organization object is typically named after your company. Small companies keep management simple by having all other objects directly under the Organization object.
Organizational Unit objects can be created under the Organization to represent distinct geographical regions, network campuses, or individual departments. You can also create Organizational Units under other Organizational Units to further subdivide the tree.
Other classes of container objects are Country and Locality, which are typically used only in multinational networks.
The Domain object can be created under the Tree object or under Organization, Organizational Unit, Country, and Locality objects.
You can perform one task on the container object that applies to all objects within the container. Suppose you want to give a user named Amy complete management control over all objects in the Accounting container. (See Figure 4.)
Figure 4Container Object
To do this, right-click the Accounting object, select Trustees of This Object, then add Amy as a trustee. Next, select the rights you want Amy to have, then click OK. Now Amy has rights to manage the Database application, the Bookkeepers group, the LaserPrinter printer, and the users Amy, Bill, and Bob.
Inheritance
Another powerful feature of eDirectory is rights inheritance. Inheritance means that rights flow down to all containers in the tree. This allows you to grant rights with very few rights assignments. For example, suppose you want to grant management rights to the objects shown in Figure 5.
Figure 5Sample eDirectory Objects
You could make any of the following assignments:
- If you grant a user rights to Allentown, the user can manage only objects in the Allentown container.
- If you grant a user rights to East, the user can manage objects in the East, Allentown, and Yorktown containers.
- If you grant a user rights to YourCo, the user can manage any objects in any of the containers shown.
For more information on assigning rights, see eDirectory Rights.
Web-Based Management Utility
Novell iManager is a browser-based tool used for administering, managing, and configuring eDirectory objects. Novell iManager gives you the ability to assign specific tasks or responsibilities to users and to present the user with only the tools (with the accompanying rights) necessary to perform those sets of tasks.
You can use iManager on any server or workstation running Internet Explorer 5.5 SP2 or later or Netscape 6.2 or later to perform the following supervisory tasks:
- Configure LDAP- and XML-based access to eDirectory
- Create objects representing network users, devices, and resources
- Define templates for creating new user accounts
- Find, modify, move, and delete network objects
- Define rights and roles to delegate administrative authority
- Extend the eDirectory schema to allow custom object types and properties
- Partition and replicate the eDirectory database across multiple servers
- Run eDirectory management utilities such as DSRepair, DSMerge, and Backup and Restore
You can use iManager to perform other management functions based on plug-ins that have been loaded into iManager. The following eDirectory plug-ins are installed with iManager 1.5:
- eDirectory Backup and Restore
- eDirectory Log Files
- eDirectory Merge
- eDirectory Repair
- eDirectory Service Manager
- eGuide Content
- iManager Base Content
- Import Convert Export Wizard
- Index Management
- iPrint
- LDAP
- NLS
- NMAS
- PKI/Certificate
- Filtered Replica Configuration Wizard
- SNMP
- WAN Traffic Manager
For more information on installing, configuring, and running iManager, see the Novell iManager 2.0.x Administration Guide.
Single Login and Authentication
With eDirectory, users log in to a global directory, so you don't need to manage multiple server or domain accounts for each user, and you don't need to manage trust relationships or pass-through authentication among domains.
A security feature of the directory is authentication of users. Before a user logs in, a User object must be created in the directory. The User object has certain properties, such as a name and password.
When the user logs in, eDirectory checks the password against the one stored in the directory for that user and grants access if they match.