Lab Exercise 7.3: Working with the DirXML eDirectory Driver

 <  Day Day Up  >  

In this lab, you're going to configure the DirXML eDirectory driver on two servers. Then you will test your driver configuration.

Warning

To complete this exercise, you will need a second computer that can communicate through a network medium with the server you have been working with throughout this book. This may present a challenge for you, and you may be tempted to skip this exercise. Before you do, be aware that you will probably need to know how to configure this driver to pass the CLE exam.

VMWare can be particularly useful in this exercise. With enough system RAM, you can run two virtual Linux sessions concurrently on the same physical PC hardware. See http://www.vmware.com for more information.


Complete the following steps:

  1. Secure a second PC system that meets the requirements specified for NNLS.

    Warning

    Be sure you back up any data on this PC that you want to preserve!

  2. Install SLES 8 on this second system. Name the server CLE2.

  3. Configure the server to use CLE1 as its primary DNS server.

  4. Configure the NTP daemon on CLE2 to synchronize its time with CLE1.

  5. Download and install the OpenSLP package on CLE2.

  6. Configure the slp.conf file such that CLE2 is a Directory Agent (DA) and services the same scope as CLE1. Refer to Chapter 5 for specific instructions.

  7. Add the multicast route to CLE2 and start the slpd daemon. Refer to Chapter 5 if you need specific directions on how to do this.

  8. Install NNLS on this second system using the ISO images and NICI files you downloaded for the lab exercises in Chapter 5. Use the following parameters:

    • Install Type ”Express Install

    • Tree Name ”CLE2-TREE

    • Admin Name ”cn=admin.ou=CLE.O=ANNAPOLIS

    • Admin Password ”novell

    • Domain Name for NetMail Server ”CLE1.com

  9. Add containers to hold synchronized objects in your CLE-Tree by completing the following steps:

    1. Run a web browser and open iManager by navigating to https :// your_CLE1_server_IP_address /nps/iManager.html.

    2. Authenticate as admin with a password of novell .

    3. Using the Create Object task under the eDirectory Administration role, create an Organizational Unit named RemoteUsers in IF.CLE.

    4. Using the Create Object task under the eDirectory Administration role, create an Organizational Unit named RemoteGroups in IF.CLE.

  10. Prepare your CLE2-Tree for DirXML synchronization by completing the following steps:

    1. Run a web browser and open iManager by navigating to https:// your_CLE2_server_IP_address /nps/iManager.html.

    2. Authenticate as admin with a password of novell .

    3. Using the Create Object task under the eDirectory Administration role, create an Organizational Unit named RemoteUsers in CLE.ANNAPOLIS.

    4. Using the Create Object task under the eDirectory Administration role, create an Organizational Unit named RemoteGroups in CLE.ANNAPOLIS.

    5. Add the following users to your CLE2-Tree:

      User

      Attribute

      Value

      JAstin

      First Name

      John

       

      Last Name

      Astin

       

      Context

      CLE.ANNAPOLIS

       

      Password

      Novell

       

      Title

      Director of Operations

       

      Location

      Annapolis, MD Office

       

      Department

      Operations

       

      Telephone

      555-555-5551

       

      Fax

      555-555-5552

       

      Email Address

      jastin@cle2.com

      JShannon

      First Name

      Jerry

       

      Last Name

      Shannon

       

      Context

      CLE.ANNAPOLIS

       

      Password

      Novell

       

      Title

      Facilities Manager

       

      Location

      Annapolis, MD Office

       

      Department

      Operations

       

      Telephone

      555-555-5553

       

      Fax

      555-555-5552

       

      Email Address

      jshannon@cle2.com

      KLarsen

      First Name

      Kimberly

       

      Last Name

      Larsen

       

      Context

      CLE.ANNAPOLIS

       

      Password

      Novell

       

      Title

      Facilities Manager

       

      Location

      Annapolis, MD Office

       

      Department

      Operations

       

      Telephone

      555-555-5550

       

      Fax

      555-555-5552

       

      Email Address

      klarsen@cle2.com

      DAverett

      First Name

      Darren

       

      Last Name

      Averett

       

      Context

      CLE.ANNAPOLIS

       

      Password

      Novell

       

      Title

      Administrative Assistant

       

      Location

      Annapolis, MD Office

       

      Department

      Operations

       

      Telephone

      555-555-5554

       

      Fax

      555-555-5552

       

      Email Address

      daverett@cle2.com


  11. Verify that the time on both servers is synchronized by completing the following steps:

    1. Open a terminal session on both servers.

    2. At both shell prompts, enter ntpq -p .

    3. CLE1 should report an offset of less than 1 second with the public NTP time source you configured in an earlier exercise. Remember that the offset is displayed in milliseconds .

    4. CLE2 should report an offset of less than 1 second with CLE1.

      Note

      As an alternative, you could configure CLE2 to get its time from the same public time provider as CLE1. It doesn't matter, as long as the time on the two servers is the same.

    5. If you've lost synchronization, refer to the steps listed in Chapter 5 to reestablish time synchronization using NTP.

  12. Configure the eDirectory driver on CLE1 by completing the following steps:

    1. Run a web browser and open iManager by navigating to https:// your_CLE1_server_IP_address /nps/iManager.html.

    2. Authenticate as admin with a password of novell .

    3. Under the DirXML Management role, select the Create Driver task.

    4. In the Create Driver Welcome screen, select In an new driver set and then click Next .

    5. In the Name field, enter CLEDriverSet2 .

    6. In the Context field, enter IF.CLE .

    7. In the Server field, enter CLE1.IF.CLE and then click Next .

    8. In the Import a pre-configured driver from the server (.XML file) drop-down list, select eDIR-Driver.xml and then click Next.

    9. In the Driver Name field, enter eDIR-Driver .

    10. In the Remote Tree Address and Port fields, enter the IP address of your CLE2 server. Be sure 8196 is entered in the Port field.

    11. In the Configure Data Flow drop-down list, select Bidirectional .

    12. In the Configuration Option drop-down list, select Flat .

    13. In the Base Container field for users, enter RemoteUsers.IF.CLE .

    14. In the Group Container field, enter RemoteGroups.IF.CLE .

      Warning

      In steps m and n, don't use the Browse button. It causes problems!

    15. Click Next .

    16. Select Define Security Equivalences .

    17. Click Add .

    18. Browse to and select admin.IF.CLE and then click OK .

    19. Select Exclude Administrative Roles .

    20. Click Add .

    21. Browse to and select admin.IF.CLE and then click OK .

    22. Click Next .

    23. In the Summary screen, click Finish with Overview .

  13. Configure the filters in the CLE1-Tree by completing the following steps:

    1. In iManager, view the Driver Overview screen by selecting the eDirectory icon.

      Warning

      Don't select the red minus sign, which is used to start and stop the driver.

    2. On the subscriber channel, select the Subscriber Filter icon. The attributes displayed are those that are allowed through the filter.

    3. Notice that the Access Control List (ACL) attribute is allowed through the filter. This should be removed. Most ACLs contain tree-specific information that can cause synchronization problems. Select For All Classes in the Filter .

    4. In the right column, deselect the ACL attribute and then click OK .

    5. Click OK .

    6. On the publisher channel, select the Publisher Filter icon.

    7. Notice that the ACL attribute is also allowed through on the publisher channel. Repeat the preceding steps to remove this attribute.

  14. Review the default publisher and subscriber channel rules by completing the following steps:

    1. On the publisher channel, select the Creation Rule icon.

    2. In the DirXML Rule drop-down list, select Edit XML . Notice that user objects must have the Given Name and Surname attributes populated in order for them to be created in the tree.

    3. Click Cancel .

    4. On the publisher channel, select the Placement Rule icon.

    5. In the DirXML Rule drop-down list, select Edit XML . Notice that users will be placed in RemoteUsers.IF.CLE and groups will be placed in RemoteGroups.IF.CLE .

    6. Click Cancel .

    7. On the publisher channel, select the Matching Rule icon.

    8. In the DirXML Rule drop-down list, select Edit XML . Notice that users will be matched on the CN , Given Name , and Surname attributes. Also, notice that groups will be matched only on the CN attribute.

    9. Click Cancel .

    10. In the Driver Overview screen, notice that the input transformation rule, schema-mapping rule, event transformation rule, and the command transformation rule are all blank. Because we're synchronizing two similar databases, these aren't needed.

    11. Also in the Driver Overview screen, notice that none of the subscribe channel rules are populated. Because the subscriber channel is connected to the publisher channel on the other system, the rules on the remote publisher channel will be used to configure data.

  15. Configure the eDirectory driver on CLE2 by completing the following steps:

    1. Run a web browser and open iManager by navigating to https:// your_CLE2_server_IP_address /nps/iManager.html.

    2. Authenticate as admin with a password of novell .

    3. Under the DirXML Management role, select the Create Driver task.

    4. In the Create Driver Welcome screen, select In an new driver set and then click Next .

    5. In the Name field, enter CLE2DriverSet .

    6. In the Context field, enter CLE.ANNAPLOLIS .

    7. In the Server field, enter CLE2.CLE.ANNAPOLIS and then click Next .

    8. In the Import a pre-configured driver from the server (.XML file) drop-down list, select eDIR-Driver.xml and then click Next .

    9. In the Driver Name field, enter eDIR-Driver .

    10. In the Remote Tree Address and Port fields, enter the IP address of your CLE1 server. Be sure 8196 is entered in the Port field.

    11. In the Configure Data Flow drop-down list, select Bidirectional .

    12. In the Configuration Option drop-down list, select Flat .

    13. In the Base Container field for users, enter RemoteUsers.CLE.ANNAPOLIS .

    14. In the Group Container field, enter RemoteGroups.CLE.ANNAPOLIS .

    15. Click Next .

    16. Select Define Security Equivalences .

    17. Click Add .

    18. Browse to and select admin.CLE.ANNAPOLIS and then click OK .

    19. Select Exclude Administrative Roles .

    20. Click Add .

    21. Browse to and select admin.CLE.ANNAPOLIS and then click OK .

    22. Click Next .

    23. In the Summary screen, click Finish with Overview .

  16. Configure the filters in the CLE2-Tree by completing the following steps:

    1. In iManager, view the Driver Overview screen by selecting the eDirectory icon.

      Warning

      Don't select the red minus sign, which is used to start and stop the driver .

    2. On the subscriber channel, select the Subscriber Filter icon.

    3. Select For All Classes in the Filter .

    4. In the right column, deselect the ACL attribute and then click OK .

    5. Click OK .

    6. On the publisher channel, select the Publisher Filter icon.

    7. Select For All Classes in the Filter .

    8. In the right column, deselect the ACL attribute and then click OK .

    9. Click OK .

  17. Start the eDirectory driver on both servers by completing the following steps:

    1. Open a second browser window and open https:// your_CLE1_server_IP_address /nps/iManager.html.

    2. Authenticate as admin with a password of novell .

    3. Under DirXML Management , select Overview and then select Search .

    4. Select the eDirectory driver icon in the CLEDriverSet2 driver set.

    5. You should now have two browser windows , one with the CLE1 Driver overview displayed, and the other with the CLE2 Driver overview displayed.

    6. In each window, select the red minus sign and then select Start Driver .

    Tip

    If you experience problems with starting the driver, you may need to restart the ndsd daemon. Do this by entering /etc/init.d/ndsd stop and then /etc/init.d/ndsd start . Then refresh the Overview screen.

  18. Check the state of the synchronization by completing the following steps:

    1. In both trees, use the Modify Object task under eDirectory Administration to browse the contents of the RemoteUsers containers.

    2. Notice that they are empty. The eDirectory driver is event driven . Without an event, no synchronization occurs.

    3. Click Cancel .

  19. Manually migrate users by completing the following steps:

    1. In the CLE2 iManager browser window, select the Overview task under the DirXML Management role.

    2. Click Search .

    3. Select the eDirectory driver icon.

    4. Scroll down to the bottom of the page and select Migrate from eDirectory .

    5. In the Migrate Data screen, click Add .

    6. Browse to CLE.ANNAPOLIS and select JAstin .

    7. Repeat this to add the rest of the users, except for admin, eGuidePublicUser, and iFolder_ServiceAgent, in the CLE container.

    8. Click OK .

    9. When prompted that the migration was started, click OK .

    10. Wait while the users are migrated .

    11. When the migration is complete, click OK .

    12. Switch to your CLE1 iManager browser window.

    13. Use the Modify Object task under the eDirectory Administration role to browse the contents of the RemoteUsers.IF.CLE container. You should see all the users you migrated from the remote tree.

    14. Select Cancel , Cancel .

    15. In the CLE1 iManager browser window, repeat the preceding steps to migrate all users in the IF.CLE container, except for admin, eGuidePublicUser, and iFolder_ServiceAgent, to the CLE2-Tree.

    16. Switch back to the CLE2 iManager browser window.

    17. Use the Modify Object task under the eDirectory Administration role to browse the contents of the RemoteUsers.CLE.ANNAPOLIS container. You should see all the users you migrated from the remote tree.

  20. Recall that the matching rule establishes associations between objects in the connected systems. Changes made to one object should be synchronized to its associated object in the other tree. Test synchronization by completing the following steps:

    1. In the CLE2 iManager browser window, use the Modify Object task to change the title of the KLarsen.CLE.ANNAPOLIS user object to Assistant Director .

    2. In the CLE1 iManager browser window, use the Modify Object task to verify that the title of the KLarsen.RemoteUsers.IF.CLE user was changed to Assistant Director .

  21. eDirectory synchronization is working! Before ending this exercise, shut down your DirXML drivers on both servers by completing the following steps:

    1. In your CLE1 iManager browser window, select Overview under DirXML Management .

    2. Select Search .

    3. Click the yin-yang icon for the eDirectory driver and then select Stop Driver .

    4. Switch to your CLE2 iManager window and repeat these steps to shut down the eDirectory driver on CLE2.

    5. In the eDirectory driver overview, select the eDirectory Driver icon.

    6. In the drop-down menu, select Driver Configuration .

    7. Scroll down to the Startup options and select Disabled .

    8. Click OK .

Congratulations! You have just successfully configured and implemented the most difficult component of NNLS. Although difficult to learn, once you get the hang of DirXML, the possibilities are immense.

 <  Day Day Up  >  


Novell Certified Linux Engineer (CLE) Study Guide
Novell Certified Linux Engineer (Novell CLE) Study Guide (Novell Press)
ISBN: 0789732033
EAN: 2147483647
Year: 2004
Pages: 128
Authors: Robb H. Tracy

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net