DirXML Starter Pack

Previous page
Table of content
Next page

Originally released in the fall of 1991, DirXML has become an award-winning and groundbreaking tool for integrating the diverse systems in today's modern networks. NetWare 6.5 includes, for the first time, a fully functional version of DirXML suitable for linking some of today's most common directory systems into a cohesive whole.

Derived from DirXML 1.1a, the DirXML Starter Pack lets you bi-directionally synchronize data and passwords between Novell eDirectory, Microsoft Active Directory, and Microsoft Windows NT domains. In addition to the "big three," Starter Pack includes several other system drivers that are provided with 90-day evaluation licenses so they can be tried out in a lab environment, including GroupWise, Exchange 5.5 and Exchange 2000, Lotus Notes, LDAP, Delimited Text, JDBC, PeopleSoft, SAP HR, NIS, IBM Websphere MQ, and SIF.

How DirXML Works

DirXML Starter Pack allows you to link your disparate network data sources together using Novell eDirectory as the central repository for sharing data, as shown in Figure 12.12.

Figure 12.12. Logical DirXML architectureHub and Spoke.

graphics/12fig12.gif

The DirXML architecture is comprised of several components that work together to achieve effective data and password synchronization:

  • DirXML Engine: Running on NetWare 6.5, the DirXML engine functions as the communications hub that provides data and password synchronization between your central eDirectory tree and any participating external systems. The DirXML engine uses Extensible Markup Language (XML) to create object models of any data event. It then applies a set of rules to determine if, and how, the data modifications are sent to participating systems. The centralized DirXML engine makes sure that data events are processed consistently throughout your network environment.

  • DirXML Drivers: Customized to each system that will participate in DirXML synchronization, the DirXML drivers act as communications " spokes ," or channels between your central eDirectory tree and any participating external systems. DirXML drivers are configured to subscribe to data changes made in the central eDirectory tree, and publish data changes that occur locally to the central eDirectory tree. This publish/subscribe model gives you complete control over the nature and direction of data synchronization.

    NOTE

    To simplify configuration, DirXML Starter Pack provides configuration files that you can import into a driver during installation to automatically set up driver rules, filters, and transformation documents that dictate what data from this system should be exchanged with other systems, and how this data should be exchanged.


  • Filters: Filters specify which objects and attributes can be shared between the central eDirectory tree and a given target system. Each DirXML driver supports two sets of filters. The Subscriber filter determines the objects and attributes that are shared from eDirectory to the target system. The Publisher filter determines the objects and attributes that are shared from the target system to eDirectory. A list of default attribute mappings for Active Directory and NT Domain drivers is provided in Table 12.1.

  • Rules: Rules are used to specify requirements for the management of object creation, matching, and placement that take place as part of a data synchronization event. For example, a Creation rule might specify that any User object created through a synchronization event must first have certain attributes defined, such as Surname and Email address.

  • Style Sheets: Style Sheets use Extensible Stylesheet Language Transformations (XSLT) documents to transform XML events and data as needed to suit the needs of the various DirXML-integrated systems. For example, XSLT can be used to transform data received from one system into a format consumable by another system to which the data must be synchronized.

  • Password Synchronization Filters and Agents : PasswordSync filters capture changes to passwords and pass these changes to PasswordSync agents over secure channels. PasswordSync integrates with DirXML drivers to determine how password changes should be applied across systems. For example, changing the password for JHARRIS in an NT domain could mean the new password should be sent to JLHARRIS.PROVO.QUILLS.COM in the eDirectory environment.

  • Remote Loader Service: The Remote Loader Service is a communications mechanism whereby the DirXML engine and central eDirectory tree can effectively communicate with a DirXML driver that is actually loaded and running on a separate server. For example, the DirXML engine leverages the Remote Loader Service to communicate with the DirXML driver for Active Directory, which is loaded on a Windows 2000 Active Directory server.

Table 12.1. DirXML Starter Pack Configuration Files Set Bi-Directional Synchronization Between the Following Object Attributes

EDIRECTORY OBJECT ATTRIBUTES

ACTIVE DIRECTORY

NT DOMAINS

User

User

User

CN

userprincipalName

Name

Description

description

Comment

DirXML-ADAliasName

sAMAccountName

NT4AccountName

Facsimile Telephone

   

Number

facsimileTelephone

FullName

Full Name

Number

 

Given Name

displayName

 

Group Membership

givenName

Logon Disabled

Login Disabled

memberOf

nadLoginName

nadLoginName

   

Owner

userAccountControl

PasswordChange

Password Allow

nadLoginName

PasswordRequired

Change

managedBy

 

Password Required

   

Physical Delivery

   

Office Name

I

 

Postal Code

postalCode

 

Post Office Box

postOfficeBox

 

S

st

 

SA

streetAddress

 

See Also

seeAlso

 

Surname

sn

 

Telephone Number

telephoneNumber

 

Title

title

 

Unique ID

mailNickname

 

Group

Group

 

CN

cn

 

Member

member

 

Organizational Unit

Organizational Unit

 

OU

ou

 

Installing the DirXML Engine

DirXML Starter Pack components are installed on those servers that will participate in the data synchronization process. iManager components must also be installed on your iManager server if it is different from the server running the DirXML engine. To install the DirXML engine on your NetWare 6.5 server, complete the following steps:

  1. At the NetWare 6.5 server where you want to install DirXML, insert the DirXML Starter Pack CD-ROM.

  2. From the GUI server console, click the Novell button and select Install.

  3. At the Installed Products screen, click Add.

  4. At the Source Path screen, browse to the DirXML Starter Pack CD-ROM, select \NW\PRODUCT.NI , and then click OK twice.

  5. At the DirXML Starter Pack Product Installation page, click Next .

  6. At the License Agreement screen, select the appropriate language to view the license agreement. Once you have reviewed the agreement, click I Accept.

  7. On the Components page, select the DirXML components you want to install and click Next. As mentioned previously, DirXML drivers and management components can be installed on separate servers from the DirXML engine if desired.

  8. On the Schema Extension page, provide the user ID and password of a user with administrative rights to the root of your eDirectory tree, and then click Next.

  9. At the Components screen, select the DirXML drivers you want to install and click Next. Typically, you will only be installing the eDirectory DirXML driver for now. All other drivers are product-specific and require those products to be present.

    NOTE

    DirXML drivers that cannot be installed on a NetWare server cannot be selected. All drivers marked Evaluation are subject to a 90-day evaluation license, and should be used only in a lab environment.

  10. (Conditional) If you have chosen to install one or more pre-configured DirXML drivers, select those drivers at the Components screen, and click Next.

  11. Review the information on the Installation Summary screen, and click Finish. At this point, eDirectory will be shut down so that the schema extensions can be applied, and the file copy will occur.

  12. At the Installation Complete screen, click Close.

  13. (Conditional) If you have chosen to install the iManager plug-ins for DirXML, restart your Web services by typing the following commands at the NetWare 6.5 server console: 

     
     TC4STOP TOMCAT4

With Tomcat restarted, when you load iManager, you will see two new DirXML options in the left navigation frame: DirXML Management and DirXML Planning. These will be used for configuring the actual data synchronization process, described later in this chapter.

Installing Remote Loaders and Drivers

With the DirXML engine installed, you can install DirXML drivers on those are ready to start configuring your DirXML environment. The first step in doing this is to make sure that the Remote Loader is installed on any systems that will use it. For both Active Directory and NT domain synchronization, the DirXML driver and Remote Loader must be installed on an appropriate Domain Controller. The Domain Controller should have the following characteristics:

  • Active Directory: Domain Controller running Windows 2000 Server with Support Pack 1 and Internet Explorer 5.5 or later

  • NT Domain: Primary Domain Controller (PDC) running Windows NT 4 with Service Pack 6a or later

To install Remote Loader and DirXML driver on a Windows 2000 server running Active Directory, complete the following steps. For more information on performing the same type of installation on an NT 4 server, see the NetWare 6.5 online documentation.

  1. At the Windows 2000 server that will host the driver, insert the DirXML Starter Pack CD-ROM. After a few moments, the DirXML Starter Pack Installation screen will appear. Click Next.

  2. At the License Agreement screen, select the appropriate language to view the license agreement. Once you have reviewed the agreement, click I Accept.

  3. On the Components screen, select DirXML Remote Loader and Drivers, and click Next.

  4. At the Location screen, specify the path to which the Remote Loader will be installed, and click Next. It is usually best to just accept the default path.

  5. At the Select Drivers for Remote Loader Install screen, select DirXML Remote Loader Service and DirXML Driver for Active Directory, and then click Next.

  6. Review the information on the Installation Summary screen, and click Finish. You will see a warning about LDAP conflicts. Click OK to close the message box.

  7. At the Create Shortcut screen, click Yes. This will create a shortcut on your Windows desktop to the Remote Loader Configuration wizard.

  8. At the Installation Complete screen, click Close.

  9. Launch the DirXML Remote Loader Configuration Wizard. At the Welcome page, click Next.

  10. At the Command Port screen, click Next. This is the port that will be used by this instance of the remote loader to listen for DirXML activity. Novell recommends keeping the default port.

  11. At the Configuration File screen, click Next. This is the name and location of the log file that will be used to record Remote Loader configuration options.

  12. At the DirXML Driver screen, select Native and make sure that ADDRIVER.DLL is listed in the drop-down list. Click Next.

  13. At the Connection to DirXML screen, provide the required information and click Next.

    • Port: Specify the port that Remote Loader will use to listen for the DirXML engine. Novell recommends keeping the default port.

    • Address: Specify the IP address that Remote Loader will use to communicate with the DirXML engine.

    • Use SSL: Check the Use SSL box if you want secure communications between the DirXML engine and Remote Loader. You will have to provide the self-signed certificate from the DirXML server in order to use SSL. For more information on using SSL, see the NetWare 6.5 online documentation.

  14. At the Tracing screen, specify the level of tracking data that you want recorded, the location of the trace file, and click Next. You will likely want to set up tracing while installing and configuring your driver. However, once configured, you will probably want to set the trace level to 0 to prevent the log file from growing to fill your entire hard drive over time.

    • Level 0: No information display or tracking

    • Level 1: General informational messages about processing

    • Level 2: Displays messages from level 1 plus the XML documents that are passed between the engine and driver

    • Level 3: Displays messages from level 2 plus documents sent and received between the Remote Loader and the DirXML engine

    • Level 4: Displays messages from level 3 plus information about the connection between the Remote Loader and the DirXML engine

  15. At the Install as a Service screen, check Mark Install the Remote Loader Instance as a Service, and click Next. Doing this lets Remote Loader continue to run even after you have logged out of the Windows system.

  16. At the Passwords screen, specify the password you want to set for access to Remote Loader and the Driver object, and click Next.

  17. At the Summary screen, review your configuration settings, and click Finish. When prompted, click Yes to start the Remote Loader service. This will launch the Remote Loader trace screen, as shown in Figure 12.13.

    Figure 12.13. Remote Loader trace screen.

    graphics/12fig13.gif

With Remote Loader configured, DirXML will now be able to synchronize data between your central eDirectory tree and your secondary Active Directory environment. Data is mapped from one directory structure to the other as discussed previously (see Table 12.1). The Remote Loader trace screen will show you the communication activities between the two directory environments.

Installing DirXML on a Secondary eDirectory Tree

Each eDirectory tree that you want to synchronize with DirXML must have a DirXML driver installed and configured on a replica server of the secondary eDirectory tree. The first DirXML driver for eDirectory was installed as part of the DirXML engine installation, described previously. The DirXML driver installation for eDirectory will vary based on the version of NetWare that the host server is running. DirXML supports the following NetWare versions:

  • NetWare 5.1 SP6 or later

  • NetWare 6.0 SP3 or later

  • NetWare 6.5

For more information on installing the DirXML driver in a secondary eDirectory tree, see the NetWare 6.5 online documentation.

Configuring a DirXML Driver

Now that all the DirXML components are in place, you can do the actual DirXML driver configuration. This is done through the iManager plug-ins for DirXML that were installed previously. You can also use ConsoleOne to do the DirXML configuration if desired.

In order to simplify the configuration process, you can import the pre-configured driver settings that you have copied to your systems as part of the DirXML installation process, described previously. To import a pre-configured DirXML driver, complete the following steps:

  1. Launch iManager from the server where the DirXML plug-ins have been installed.

  2. Open the DirXML Management link in the left navigation frame and click Import Drivers.

  3. Select the radio button next to In a New Driver Set, and click Next.

  4. Provide the required information and click Next.

    • Name: Provide a name for the driver set.

    • Context: Specify the context in which you want the driver set object to be created.

    • Server: Specify the server object on which DirXML is installed.

    • Create a new partition on this driver set: Selecting this option will create a new directory partition in which DirXML data will be stored, where it can be isolated from the rest of the day-to-day eDirectory activity. Novell recommends that you configure DirXML in this way.

  5. Select the specific driver configuration file you want to import and click Next. You can select multiple drivers, if desired.

  6. Provide the required information to configure the driver and click Next. If you have selected multiple drivers, you will have fill out the appropriate configuration information for each driver. For more information on the specific information requested by each driver type, see the NetWare 6.5 online documentation.

  7. Provide the required information to configure administrative rights for the DirXML driver and click Next.

    • Click Define Security Equivalence, add Admin, and click OK. This grants the DirXML driver security equivalence to Admin in eDirectory so that sufficient rights are granted the driver to perform its synchronization operations.

    • Click Exclude Administrative Roles, add Admin, and click Next. You should add any objects with administrative roles to this list in order to avoid problems with similar objects that may exist in other directories. Typically, administrative roles are specific to a given directory tree and don't need to be synchronized.

  8. At the Summary screen, click Finish. You can also click Finish with Overview if you want to view a synopsis of the driver's settings.

With the DirXML driver configured, you will see a new driver set in the DirXML Overview screen. From here you can enable the driver, and then perform synchronization tests to make sure the driver is functioning properly. You can use the driver's trace screen to monitor activities as well as the Trace options in iMonitor. For advanced settings and detailed information on DirXML driver configuration, see the NetWare 6.5 online documentation.

DirXML Password Synchronization

In addition to the synchronization of data between disparate systems such as eDirectory, Active Directory, and NT domains, DirXML Starter Pack also enables you to synchronize passwords between these systems. DirXML Password Synchronization for Windows, known as PasswordSync, allows passwords to be transparently and securely synchronized between eDirectory and the Active Directory/NT domains for which you have DirXML drivers configured.

PasswordSync uses filters and agents to capture changes to passwords and securely pass those changes to included systems. DirXML is capable of understanding object mappings across systems so that each user object is associated with the proper object in every other system. Because of this, synchronizing passwords across the systems becomes much easier.

The specifics of how PasswordSync is installed depends on the systems involved. For example, because Microsoft clients forward password change requests to their respective Domain Controllers for processing, PasswordSync Filters are installed on all Domain Controllers in Active Directory and NT environments. On the other hand, because Novell clients never send passwords across the network, PasswordSync filters for eDirectory are installed on the client workstation and are part of the Novell clients that ship with NetWare 6.5.

Unfortunately, because password synchronization with DirXML relies on PasswordSync filters and agents communicating the changes throughout the environment, if a password is synchronized through an unsupported mechanism, the synchronization will not occur. One example of this is an LDAP client such as Novell eGuide. Using an LDAP client to change your eDirectory password will not be synchronized to your Active Directory and/or NT Domain environments because the PasswordSync filters are never involved in the process. Similarly, if a password is changed from a non-Windows environment, the change will not be synchronized.

Bottom line here: Use Password Sync if you can be confident that password changes will only occur in one of the Windows methods supported by PasswordSync. For example:

  • Workstation running the Novell client

  • Workstation not running the Novell client

  • Windows server or workstation running Microsoft Management Console

  • Windows workstation or server running ConsoleOne

  • Workstation or server running Novell iManager

For more information on configuring and using PasswordSync, see the NetWare 6.5 online documentation.


Previous page
Table of content
Next page
Novell NetWare 6. 5 Administrator's Handbook
Novell NetWare 6.5 Administrators Handbook
ISBN: 0789729849
EAN: 2147483647
Year: 2002
Pages: 172
Authors: Jeffrey Harris
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Metrics and Models in Software Quality Engineering (2nd Edition)
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy