Lab Exercise 5.5: Managing eDirectory

< Day Day Up >

In this lab, you're going to practice creating, deleting, and modifying eDirectory objects as well as working with eDirectory partitions. Complete the following:

Start iManager by opening a web browser (using the Mozilla icon on your desktop) and navigating to https :// your_server's_IP_address /nps/iManager.html.
If prompted to accept a security certificate from your server, click OK .
In the Username field, enter admin .
In the password field, enter novell and then click Login .
Create a new Organizational Unit in the CLE container by completing the following steps:
1. Scroll down to eDirectory Administration and select Create Object .
2. In the Available Object Classes field, scroll down to and select Organizational Unit and then click OK .
3. In the Organizational Unit name field, enter SLC .
4. In the Context field, enter CLE and then click OK .
5. When prompted that the operation was successful, click OK .
6. Verify that the object was created by selecting Modify Object .
7. Next to the Object Name field, click the Browse button.
8. Select Browse .
9. Next to CLE, select the blue down arrow . You should see two containers listed: IF and SLC .
10. Select Cancel , Cancel .
Create a new user in the IF and SLC containers by completing the following steps:
1. Select Create Object .
2. In the Available Object Classes field, scroll down to and select User and then click OK .
3. Enter the following information in the respective fields:
  
  Username: CGrayson
  
  First Name: Christopher
  
  Last Name: Grayson
  
  Context: IF.CLE
  
  Password: novell
  
  Title: Director
  
  Location: Idaho Falls, Idaho Office
  
  Department: Training
  
  Telephone: 555-555-5555
  
  Fax Number: 555-555-4444
  
  E-mail Address: cgrayson@cle.com
4. Select OK , OK .
5. When prompted to convert the user to a LUM object, click Cancel .
6. Repeat this process to create the following user:
  
  Username: DCoughanour
  
  First Name: Dave
  
  Last Name: Coughanour
  
  Context: SLC.CLE
  
  Password: novell
  
  Title: President
  
  Location: Salt Lake City, Utah Office
  
  Department: Executive Management
  
  Telephone: 555-555-5555
  
  Fax Number: 555-555-4444
  
  E-mail Address: dcoughanour@cle.com
Give CGrayson management rights to the IF container by completing the following steps:
1. In iManager, scroll down to Rights and select Modify Trustees .
2. In the Object Name field, enter IF.CLE and then click OK .
3. Select Add Trustee .
4. Select Browse .
5. Browse to and select CGrayson.IF.CLE .
6. Next to CGrayson.IF.CLE, select Assigned Rights .
7. On the Entry Rights line, mark Browse , Create , Rename , Delete .
8. Select Done , OK , OK .
Verify that CGrayson.IF.CLE has the rights you assigned by completing the following steps:
1. In iManager, select View Effective Rights .
2. In the Trustee Name field, enter CGrayson.IF.CLE and then click OK .
3. In the Object Name field, browse to and select IF.CLE .
4. In the Property Name field, select Entry Rights . You should see Browse, Create, Rename, and Delete rights listed.
5. In the Object Name field, browse to and select CLE .
6. Select Entry Rights . CGrayson.IF.CLE should only have Browse rights to the CLE container.
7. Click Done .
Real World

CGrayson.IF.CLE has the Browse right because every user in the tree is security equivalent to [Public]. Remember that [Public] has the Browse right to the root of the tree .
Create an Organizational role and make Dcoughanour.SLC.CLE the role's occupant by completing the following steps:
1. In iManager, select Create Object under eDirectory Administration .
2. In the Available Object Classes field, select Organizational Role and then click OK .
3. In the Organizational Role Name field, enter Manager .
4. In the Context field, enter CLE and then select OK , OK .
5. Select Modify Object .
6. In the Object Name field, enter Manager.CLE and then click OK.
7. In the drop-down list, select Role Occupant .
8. In the Role Occupant field, browse to and select DCoughanour.SLC.CLE .
9. Click OK .
Grant Manager.CLE administrative rights to the CLE container by completing the following steps:
1. In iManager, scroll down to Rights and select Modify Trustees .
2. In the Object Name field, enter CLE and then click OK .
3. Select Add Trustee .
4. Select Browse .
5. Browse to and select Manager.CLE .
6. Next to Manager.CLE, select Assigned Rights .
7. On the Entry Rights line, mark Browse , Create , Rename , Delete .
8. Select Done , OK , OK .
Verify that DCoughanour.SLC.CLE has the rights you assigned to Manager.CLE by completing the following steps:
1. In iManager, select View Effective Rights .
2. In the Trustee Name field, enter DCoughanour.SLC.CLE and then click OK .
3. In the Object Name field, browse to and select CLE .
4. Select Entry Rights . You should see Browse, Create, Rename, and Delete rights listed.
5. In the Object Name field, browse to and select . CLE-TREE .
6. Select Entry Rights . DCoughanour.SLC.CLE should only have Browse rights to the tree root.
7. Repeat this process to check the effective rights DCoughanour has to the IF and SLC containers. He should have Browse, Create, Rename, and Delete rights to each.
8. Click Done .
Partition the eDirectory tree at the CLE, IF, and SLC levels by completing the following steps:
1. Under Partitions and Replica Management , select Create Partition .
2. In the Container field, enter CLE and then click OK .
3. Wait while the process is completed.
4. When prompted that the partition has been completed, select Repeat Task .
5. Using the preceding steps, create a partition at the IF.CLE and SLC.CLE container levels.
Verify that your partitions were made and that your server holds a Master replica of each by completing the following steps:
1. In iManager, select View Partition Information .
2. In the Partition field, select the Browse icon.
3. Select Browse .
4. Browse to and select the CLE partition .
5. Click OK .
6. Verify that the partition exists and that your server holds the Master replica.
7. Repeat the preceding steps to check the IF.CLE and the SLC.CLE partitions.
8. When you're done, click Close .
9. Check your replica status by selecting Replica View .
10. In the Partition or Server object, enter CLE1.IF.CLE and then click OK .
11. You should see that your server has a Master replica of the four partitions in your tree: The tree root, CLE, IF.CLE, and SLC.CLE partitions. This is shown in Figure 5.34.
  
  Figure 5.34. Replica view.
  
  Warning
  
  If we had multiple servers in our tree, we could place additional replicas of each partition on them. However, because we only have a single-server tree, we must use the replication shown in Figure 5.34 .
12. Click Done .

That's it for this exercise. You learned how to create eDirectory objects, modify their properties, assign eDirectory rights, and partition the tree. Let's move on and discuss how eDirectory works with the Lightweight Directory Access Protocol (LDAP).

< Day Day Up >

Real World

Figure 5.34. Replica view.