Best vector of attack – Blogs, Wikis, etc.

[drighi]

I do not think augmented records would be a solution for the issue below, as augmented records “come together” at the client. Any ideas? Here’s the challenge:

Have Novell eDirectory successfully configured in Directory Access on Leopard Server. dscl works to read records, as well as WGM, and iChat server works for all 500 users.

Promoted server to OD Master to allow use of collaboration services.

Would love to deploy the blog/wiki/calendar components. If I create a user in 127.0.0.1 directory in WGM, it can use those services successfully. Users from the eDirectory cannot. I presume this is because:

A. It’s read-only to my server.
B. The necessary schema is not there.

Did some browsing in WGM with the inspector, and found that there are “Collaboration” pieces in the schema.

Novell admin is not comfortable letting Leopard Server write to Novell at this time. So, I won’t be extending the eDirectory schema or getting write access. No hard feelings.

So my options are:

A. Set up a connection in Identity Manager in Novell that would populate my server with real OD records, and delete them when they go.
B. Try to figure out augmented records somehow for my OD directory.

The real trick is to get things going so that maintenance is automatic as accounts are created and deleted in Novell.

Looking for any ideas, advice!

[drighi]

[i][quote]Augmented records were created for exactly the purpose you’re looking to use them. In the case of the wiki and the blog, the clients have no need of them, just the server itself. Which in this case is acting as a directory service “client.”[/quote][/i]

This is what I sort of thought. But, I don’t understand in what directory on the server it all comes together on. Do I configure the OS X server like the client in your paper? I ask because I’d think that the OS X server as also a source of data — the stub we need. (Gotta figure out what chunks we need for that, too. Probably the collaboration chunk, etc)

[i][quote]Read through our article on augments, see if you can get it to work by hand. There’s nothing from your description of your setup that would prevent it from having the effect you’re looking for.[/quote][/i]

Now that is an encouraging statement! Where would you begin here? I’m having a tough time conceptualizing where everything will go. Where does th stub come from? That’s the biggest question I have.

[i][quote]If you can get it to work by hand, you should be able to get the Novell ID manager to create and remove the augment stub from OD as the users are created and removed.[/quote][/i]

It would create it on the OD Server directory, not eDirectory, right?

[i][quote]Also.. you’ll most likely need to enable plaintext authentication to the blog and wiki to work with Novell.[/quote][/i]

Done.

[i][quote]Try it first without touching things, maybe the stars will align and MD5 hashes will work, but be prepared to read the Apple Kbases on using the blog and wiki with AD.
[/quote][/i]

Well, I had to disable cram-md5 for iChat to work through OD, so I assume this will be the same issue.

-D

[dave@mmu]

It’s actually pretty easy: once the server can read the edirectory credentials, create an OD group in workgroup manager and then in that group’s membership list, click the + button then on the new user/groups sidebar change the node from LDAPv3/127.0.0.1 to LDAPv3/your edirectory server’s IP. Then type the username in the box for the user you want to look for, once it appears in the list below drag it into your OD group. I’ve had this working fine without extending the edirectory schema at all. Hope that helps!

Dave

[Author]

Posts