|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] I have an idea
|
> > > I think LDAP is similar to Novell's NDS (eDirectory) or MS Active
> > > Directory,isn't it?
> >
> > No. e-Directory and Microsoft Active Directory (i.e., MAD :-) are much
> > more than LDAP. A full directory service contains info on ALL KINDS of
> > things that are in a network - users, machines, addresses, access
> > rights, etc.
>
> Users: got it
> addresses: got it
> access rights: I think I have it, need a better definition
> machines: need more info
Well, in my NDS tree I can register workstations. For example, when you log
into the NDS tree, it registers the workstation you're using. In my case,
witha combination of user ID, machine name, MAC address, OS and CPU. So I
have entries like:
MJL-MIKE_LEONE-0090273eb80b-(WINNT-PENTIUM)
which means MJL (my user ID), MIKE_LEONE (my machine name), the MAC address,
the fact that this machine runs WINNT, and the CPU class (it's actually a
PIII). This entry can be included in a group (it's in the
SYSTEMS-WORKSTATIONS groupof workstations). I can see the login history of
this workstation, and the user IDs that have logged into it. I can see the
IP address of this station.
You can also include applications in NDS (such as an install of MS Office,
for example) - it keeps a copy of all files and registry changes involved in
the installation of a piece of software. Using NDS, I can assign these
applications to be associated with this physical station, so that - when
that station logs into the NDS tree, it will be checked to see that it has
all it's assigned apps; if not, the tree pushes the apps down onto the
workstation (using a free Novell product called ZEN - Zero Effort
Networking), and can remove them when the use logs out, if desired. Kind of
like MS's SMS software does. You can also assign apps by user ID, too, so
that your apps can follow you around as you log into different stations,
kind of like roaming profiles.
Makes configuring new workstations a LOT easier.
Also, with the full paid version of the ZEN product, you can do remote
control of workstations, too. As well as inventory - of hardware and
software installed locally on the machine. All this data is available inside
the NDS tree itself.
NDS also (obviously) integrates well with other, NDS-aware apps. We use
Netware as a RAS (Remote Access Server), and (some of ) the access rights
for a particular user to be aable to access the RAS modems can be specified
in NDS. Same for their email, firewall, etc, products. With their Single
Sign On add-on, you can coordinate Netware, NT and Unix passwords, too.
And of course, you assign rights to volumes, directories and files in NDS,
too.
> Active Directory is essentially an extended ldap directory that uses
> kerberos (I believe) for authentication. The linux journal had an article
> about it a month or 3 ago.
It does. It's MS's extended Kerebos, tho - they made use of some reserved
fields, which reportedly broke interoperability with other Kerebos's (for a
while, anyway).
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|