Novell eGuide | Novell Open Enterprise Server Administrators Handbook, SUSE LINUX Edition

Novell eGuide is a "white pages" application that provides a simple browser-based interface from which your employees can search through your LDAP directory (such as eDirectory) for all the people, places, and things they may need to locate.

eGuide may look like a standard address book, but it is completely platform- and application-independent. It can be accessed by any authorized user via a standard web browser.

You can use eGuide to search multiple LDAP data sources at the same time. This means that you can provide a unified view of data from disparate LDAP sources.

eGuide is also capable of launching secondary applications depending on the type of search a user runs. For example, when users find the people they are looking for, eGuide allows them to launch whatever type of communication fits their current needsemail, instant messaging, and even video conferencing.

Installing eGuide

Novell eGuide can be installed as an optional component during the OES Linux installation, or it can be installed after the fact through YaST.

To install eGuide using YaST, complete the following steps:

1.	Access YaST from a terminal using `yast`, or from a graphical environment using `yast2` or the YaST launcher from the application menu.
2.	Select the Network Services category in YaST. From within this category, locate and select the eGuide module. This module will detect that the RPMs for eGuide are missing and ask if you want to install them. Select Continue to install the necessary packages.
3.	At the conclusion of the software installation, `SuSEconfig` is executed to update the system configuration. When this completes, the configuration of the OES component will begin automatically.
4.	At the eGuide LDAP Server Configuration screen, enter the following information and click Next: Local or Remote Directory Server Select the radio button that indicates whether eDirectory is running on the local server or a remote server. Directory Server Address If a remote eDirectory server is in use, enter the IP address for this server. Admin Name with Context Enter the eDirectory administrator's credentials using fully qualified dot notation, for example, `cn=admin.o=novell`. Admin Password Enter the password for the administrator user. Port Details If necessary, select this button to change the configured ports for the eDirectory server specified above. The default LDAP port for unencrypted communications is `389` and port `636` is used for SSL- encrypted communications.
5.	For eGuide to be active, select to restart Apache and Tomcat when prompted.

When the installation is complete, you are ready to configure eGuide for your particular environment.

Configuring eGuide

Because eGuide is an LDAP client, it targets data and uses data from eDirectory and other LDAP-compliant data sources. To configure eGuide, you must identify the LDAP data source and specify how eGuide will access it. For more information on configuring LDAP with eDirectory, see Chapter 7, "Novell eDirectory Management."

There are three things you should know about your LDAP server configuration prior to configuring eGuide:

Does it support Anonymous bind? Anonymous bind is an LDAP connection that does not contain a username or password. With eDirectory, an Anonymous bind provides access rights as [Public]. Because [Public] cannot browse object attributes, this is typically too restrictive for eGuide use. However, you can grant [Public] restricted attribute browse rights, suitable for the basic eGuide searches you want to allow in this case. For information on granting eDirectory rights, see Chapter 7.
WARNING

Granting rights to [Public] will, because of inheritance rules, grant those same rights to all eDirectory objects. This can have unintended consequences. A better solution is a Proxy user, described next.
Does it provide a Proxy user? A Proxy user is a predefined user object, configured explicitly to provide the privileges required for an anonymous bind. With eDirectory, a Proxy user gives you the flexibility to offer an anonymous connection without potentially causing security problems by changing [Public]. For more information on configuring a Proxy user, see Chapter 7.
Does it use Transport Layer Security (TLS)? You need to know how the LDAP server handles secure connections. eDirectory 8.7 uses TLS, an open-source Secure Socket Layer (SSL) implementation, to secure LDAP connections. For more information on configuring TLS with OES Linux, see Chapter 7. If the LDAP server is configured to use a secure connection, you must enable eGuide to also use a secure connection.

Beyond the LDAP information already noted, users can authenticate using their own eDirectory user object. In this case, each user views objects and attributes through eGuide based upon the effective rights associated with their user object. For more information on configuring and calculating effective rights in eDirectory, see Chapter 8, "Users and Network Security."

With this LDAP information in mind you can move forward with the configuration of eGuide.

Although eGuide is fully configured after an OES installation, it is a good idea to double-check the configuration options prior to allowing user access. To check several important configuration options, complete the following steps:

Open the eGuide Administration Utility by appending the eGuide path (/eGuide/admin/index.html) to the IP address or DNS name of the web server where eGuide was installed. For example:

https://www.quills.com/eGuide/admin/index.html

From the Navigation frame, select LDAP Data Source under the Configuration heading. From this screen the default LDAP source can be configured, or a new LDAP source can be added to the eGuide configuration. Selecting Edit for the default data source will provide access to the following configuration items, as shown in Figure 15.15.

Enabled Determines whether or not the data source is available to eGuide.
Display Name Specifies a descriptive name for the LDAP server. The default LDAP source name cannot be changed.
Host name Specifies the DNS name, or IP address, of the LDAP server hosting the data source.
Port Specifies the port for LDAP communications. The default LDAP port is 389 and should work unless you have changed the LDAP port on your LDAP server for some reason.
Enable SSL Select Enable SSL to instruct eGuide to communicate with the LDAP server through a secure TLS connection.
Secure Port Specifies the port for secure LDAP communications. The default LDAP port is 636 and should work unless you have changed the port on your LDAP server for some reason.

NOTE

TLS imposes a significant performance impact. If eGuide and eDirectory are both running on servers in the same secure domain, you might consider disabling TLS to get better performance.
Search Root Contains the distinguished name of the container from which searching is allowed. If nothing is entered, the entire tree is searched.
Search Sub-Containers Determines whether a single level or the entire subtree is searched during eGuide operations.
Max Search Entries Determines the maximum number of search results returned with each query. This number should not be set higher than 1000.
Proxy User Name Specifies the eGuide proxy user name to be used for LDAP queries, for example: cn=user,ou=provo,o-quills. If the name is not entered, eGuide uses anonymous credentials (which are translated by eDirectory to be either [Public] rights or the rights assigned to an eDirectory LDAP proxy user).
Proxy Password Specifies the password for the Proxy user.
Authentication Group Enables the authentication based on user accounts stored within the directory. For Data Sources not in the Authentication Group, eGuide uses the default proxy credentials.
Authentication User Name Specifies the LDAP object name that eGuide should use when authenticating users to a Login server. This user must have Read rights to all distinguished names and to the attribute used as the user authentication key within eGuide.
Authentication Password Specifies the password for the Authentication user name.
Authentication Search Root Specify the location in the LDAP tree where eGuide should start looking to authenticate users attempting to use the eGuide service.

Figure 15.15. LDAP data source configuration in the eGuide Administration Utility.

After making changes, click Save to complete the modifications.

When the initial configuration is complete, you can use the eGuide Administration Utility to further configure and customize eGuide. However, this advanced configuration is typically not required to begin to use eGuide. For more information on additional eGuide configuration, see the OES online documentation.

Using eGuide

After you've configured eGuide, accessing it to perform LDAP searches is simple. Open the eGuide search utility by appending "eGuide" to the IP address or DNS name of the web server where eGuide was installed. For example:

https://www.quills.com/eGuide

You will be required to authenticate using your regular eDirectory username and password. Upon successful authentication you will see the eGuide search page, as shown in Figure 15.16.

Figure 15.16. eGuide Search page.

From this page you can search for any user objects to which you have rights, as defined in eDirectory.