Does not add an additional server to the configuration. Limits communication failures between the webnetwork Server and Directory Service

Similar documents
Installing ITDS WebAdmin Tool into WebSphere Application Server Network Deployment V7.0

webnetwork 5e Installation and Configuration Guide

Immotec Systems, Inc. SQL Server 2008 Installation Document

Accops HyWorks v3.0. Quick Start Guide. Last Update: 4/25/2017

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Time Machine Web Console Installation Guide

Immotec Systems, Inc. SQL Server 2008 Installation Document

TMS Agent Troubleshooting procedures for Cisco TelePresence VCS and TMS

Wireless LAN Controller Web Authentication Configuration Example

Perceptive Connect. Installation and Setup Guide. Beta version: Compatible with ImageNow, versions 6.6.x and 6.7.x

Oracle Enterprise Manager. 1 Before You Install. System Monitoring Plug-in for Oracle Unified Directory User's Guide Release 1.0

vspace Management Center for N-series and vspace 7.0

Globalbrain Administration Guide. Version 5.4

29 March 2017 SECURITY SERVER INSTALLATION GUIDE

BLUEPRINT TEAM REPOSITORY. For Requirements Center & Requirements Center Test Definition

Installing the Is2 Onsite Version - HVAC Office System

Okta Integration Guide for Web Access Management with F5 BIG-IP

SafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem

Integrate MySQL Server EventTracker Enterprise

Version 6.3 Upgrade Guide

Welcome to the e-learning course for SAP Business One Analytics Powered by SAP HANA: Installation and Licensing. This course is valid for release

VII. Corente Services SSL Client

Novell Access Manager

Password Reset Utility. Configuration

Configure Windows Server 2003 Release 2 Server Network File Share (NFS) as an authenticated storage repository for XenServer

SAP NetWeaver Identity Management Virtual Directory Server. Tutorial. Version 7.0 Rev 4. - Accessing LDAP servers

Entrust Connector (econnector) Venafi Trust Protection Platform

WhatsUp Gold 2016 Installation and Configuration Guide

Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide

UNITY CRM INTEGRATION USER GUIDE

Online Backup Manager v7 Quick Start Guide for Synology NAS

LDAP Directory Integration

Integration Configuration

R9.7 erwin License Server:

Status Web Evaluator s Guide Software Pursuits, Inc.

EventSentry Quickstart Guide

InfoRouter LDAP Authentication Web Service InfoRouter Version 7.5 Active Innovations, Inc. Copyright

Integration Configuration

STS INSTALLATION GUIDE

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

FREQUENTLY ASKED QUESTIONS... 2 DOWNLOADING AND INSTALLING THE APPLICATION Microsoft Windows Apple Mac Proxy Authentication...

10ZiG Technology. Thin Desktop Quick Start Guide

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

LDAP Directory Integration

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Cisco TelePresence Management Suite Extension for Microsoft Exchange

akkadian Global Directory 3.0 System Administration Guide

Office 365 Business and Office 365 Pro Plus Deployment Guide V 1.0

SQL AlwaysOn - Skype for Business

Web Console Setup & User Guide. Version 7.1

OneLogin Integration User Guide

Trial Program Installation Guide

A guide to configure agents for log collection in Log360

Overview. ACE Appliance Device Manager Overview CHAPTER

ODBC INSTALLATION Operating System: Windows Bit

Interlink Express Desktop Printing Service Installation Guide

LepideAuditor for File Server. Installation and Configuration Guide

EMS WEB APP Configuration Guide

LiveNX Upgrade Guide from v5.2.0 to v5.2.1

Configuring the WT-4 for ftp (Ad-hoc Mode)

Active Directory 2000 Plugin Installation for Cisco CallManager

Building Block Installation - Admins

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

ForeScout Extended Module for MobileIron

Enforced Client Policy & Reporting Server (EPRS) 2.3. Administration Guide

Installation Procedures

USER MANUAL. SuitePort - SuiteCRM Customer Portal for Joomla TABLE OF CONTENTS. Version: 1.1.0

Load Balancing VMware Workspace Portal/Identity Manager

Copyright Jetro Platforms, Ltd. All rights reserved.

Windows Server 2003 Network Administration Goals

WebSphere Application Server V7: Administration Consoles and Commands

10ZiG Manager Cloud Setup Guide

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Upgrade Tool Guide. July

Lab 3: Configuration of OIM to manage user accounts lifecycle in DSEE application

Installation Guide. 3CX CRM Plugin for ConnectWise. Single Tenant Version

BusinessObjects Enterprise XI

Getting Started with Penn State WikiSpaces

ThinManager and FactoryTalk View SE Deployment Guide

SafeConsole On-Prem Install Guide

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

Deploying. Novell. ifolderª. servers. on Novell NetWare. Networking Services. DEPLOYMENT GUIDE

LiveNX Upgrade Guide from v5.1.2 to v Windows

Secure Mobile Access Module

Remote Indexing Feature Guide

FUSION REGISTRY COMMUNITY EDITION SETUP GUIDE VERSION 9. Setup Guide. This guide explains how to install and configure the Fusion Registry.

OIG 11G R2 Field Enablement Training

Deploying Lightspeed User Agent v

EM L04 Using Workflow to Manage Your Patch Process and Follow CISSP Best Practices

Zemana Endpoint Security Administration Guide. Version

Perceptive Process Mining

Configuring WebConnect

DameWare Server. Administrator Guide

Synchro PRO 2016 Shared User License Manager Installation Instructions

Print Manager Plus 2010 Workgroup Print Tracking and Control

ProfileUnity with FlexApp Technology

DBXL AZURE INSTALLATION GUIDE

VMware AirWatch: Directory and Certificate Authority

Long Beach Unified School District. Portal User s Guide. August 2014

Transcription:

Chapter 21: External Users 398 21.2 OpenDS OpenDS is an open source community project building a free and comprehensive next generation directory service. OpenDS is designed to address large deployments, to provide high performance, to be highly extensible, and to be easy to deploy, manage and monitor. The directory service includes not only the Directory Server, but also other essential directory-related services like directory proxy, virtual directory, namespace distribution and data synchronization. Initial development of OpenDS was done by Sun Microsystems, but is now available under the open source Common Development and Distribution License (CDDL). Implementing OpenDS Because OpenDS is a completely Java-based directory service it makes the perfect directory service platform to embedded with webnetwork for an external directory service. The architecture allows the webnetwork administrator to place the OpenDS directory service on the same physical server as the webnetwork Server. Placing both the webnetwork Server and the OpenDS Service on the same machines has the following benefits: Does not add an additional server to the configuration Limits communication failures between the webnetwork Server and Directory Service Increases performance and stability In the diagram above the webnetwork Server will register both directory services (Corporate and External) and consolidate them into one virtual directory tree. The webnetwork Server will be responsible for managing the connections to both directories and directing requests between the two directory services. The External Directory (OpenDS) can run on the same physical machine as the

399 webnetwork 5.4 Advanced Administrator Training webnetwork Server regardless of the operating system. By default the webnetwork Server is not deployed with OpenDS enabled. It will be up to the webnetwork administrator to: 1) download and install OpenDSDS, and 2) configure the External Directory Service. 1) Downloading and Installing OpenDS OpenDS can be obtained from the project site (https://opends.dev.java.net/public/downloads_index.html) The webnetwork administrator will want to make sure to grab the correct distribution matching the operating system the webnetwork Server is running on. Once the installation files are downloaded the administrator can install the OpenDS service on the webnetwork Server. The administrator should run through the quicksetup for the OpenDS install. The administrator should remember to write down the LDAP Listener Port, Root User DN, and the Password. These parameters will be needed to configure the External User service on the webnetwork Server. It is also recommended the administrator verify the directory service is running and functional by connecting to the OpenDS Directory Service with an LDAP browser. By connecting with an LDAP browser the administrator can verify the directory is functioning on a specific port, can authenticate the admin account, and responding to requests. The administrator can download an open-source LDAP browser from the Internet (LDAPBrowser 2.8.2) and use it to connect to the OpenDS system. The default parameters for the OpenDS Server are:

Chapter 21: External Users 400 TCP Port number 389 (Stoneware recommends using port 10289 to avoid conflict) Admin Account - cn=directory Manager 2) Enabling the External Directory Service Once the OpenDS in installed on the webnetwork Server the administrator will need to configure the External Directory Service through the Stoneware Management Console on the webnetwork Server. The External Directory Service configuration screen can be accessed through the Directory Service configuration on the Management Console. The administrator will be responsible for entering the connection information required to connect to the LDAP agent of the OpenDS service. The admin account name, port, and password are all pre-configured when the OpenDS service is installed and the two configuration files are put in place. Once the service has been configured the administrator will need to stop the webnetwork Server and restart it so it can successfully connect to the OpenDS LDAP agent. When the server has successfully connected to the LDAP agent of the OpenDS server the webnetwork administrator will see an swexternal-users container in the webadmin Tree View and be capable of successfully expanding the container object. 21.3 Managing External Users External users are classified as any user account the organization wishes to exist outside the corporate network. These accounts

401 webnetwork 5.4 Advanced Administrator Training are not created in the default network directory, instead external user accounts are created and managed in an external directory service. When the webnetwork administrator enables the External User Service on the system, a new context will be automatically created at the top of the directory service tree. This new container, swexternal-users is defined in the external directory and configured to store all account information in the local OpenDS instance. The swexternal-users context is defined as a organization unit capable of managing user accounts, groups, other container objects, and Stoneware objects. The goal of the external container is to integrate external users into the webnetwork environment as seamlessly as possible. The webnetwork administrator should not have to dramatically change the management of the system for users who exist outside the organization. webnetwork administrators can manage the external user's directory from within webadmin by simply navigating down the swexternal-users context. All the same management rules apply under the swexternal-users container as they apply in other areas of the directory service tree. The webnetwork administrator should consider how he/she will organize the external user branch of the tree (i.e. - geographically, functionally, etc) before populating the directory with a large number of accounts. Assigning webnetwork Resources

Chapter 21: External Users 402 For a webnetwork administrator managing the assignment of webnetwork resources is not much different for users and groups defined within the external directory. Each webnetwork resources (file system node, link, component, lockbox, etc) will have a new management panel added called EXTERNAL USERS. This panel will allow the administrator to assign user, group, and container objects existing in the external directory. When assigning external users and groups to a resource simply browse and select the user and group objects from the swexternal-users context of the directory service tree. The directory browser will limit the browsing capability of the panel to the swexternal-users container. When selecting a user, group, or container object from the swexternal-user branch of the directory service tree, the administrator will be capable of managing the object just as if it was in the corporate directory structure. The webnetwork administrator can browse both the external and corporate branches of the directory service tree having full rights to assign objects in either branch. 21.4 Chapter 21: Labs 21.4.1 Lab 21-1: Install OpenDS Objective: webnetwork administrator will install OpenDS on the webnetwork Server 1. Start the OpenDS installation. Open windows explorer and run C:\CLASS\APPLICATIONS\openDS\SETUP.BAT 2. Select the NEXT button to continue 3. Enter the LDAP server settings Host Name - 127.0.0.1 LDAP Listener - 10389 Administrator Connector Port: 4444 LDAP Secure Access - disabled Root User DN - cn=directory Manager Password - stoneware Confirm Password - stoneware 4. Select the NEXT button to continue 5. Select the STANDALONE server option 6. Select the NEXT button 7. Enter ou=swexternal-users for Directory Base DN:

403 webnetwork 5.4 Advanced Administrator Training 8. Select the NEXT button 9. Review the settings 10. Uncheck the START SERVER WHEN CONFIGURATION HAS COMPLETED option box 11. Check the RUN OPENDS as a WINDOWS SERVICE option box 12. Select the FINISH button 13. Select the CLOSE button 14. Copy the file 99-stoneware.ldif from C: \STONEWARE\OPENDS\ to C: \CLASS\APPLICATIONS\openDS\CONFIG\SCHEMA 15. Click the Windows START button, choose RUN 16. Enter SERVICES.MSC and press ENTER 17. Find the OPENDS Service and start it Testing Connectivity to OpenDS Once the OpenDS service is started the webnetwork administrator should verify the directory service is functional and available to the webnetwork System before configuring the External Directory service on webnetwork. The steps below will outline how to use an LDAP browser to test LDAP connectivity to the ApacheDS agent. * Note - a LDAP browser has already been installed on the workstation for testing (LDAPBrowser 2.8.2) 1. Select the LDAPBrowser icon located under the START ALL PROGRAMS on the Windows workstation 2. Select the QUICK CONNECT tab at the top of the screen 3. Enter the information required to connect to the LDAP agent of the OpenDS service a. Enter 127.0.0.1 for the HOST (local machine address)

Chapter 21: External Users 404 b. Enter 10389 for the PORT c. Enter ou=swexternal-users for the BASE DN d. Uncheck the ANONYMOUS BIND box e. ENTER cn=directory Manager for the USER DN field f. Enter stoneware for the admin's password 4. Select the CONNECT button 5. The OpenDS directory tree should appear * If the tree appears, continue to the next lab (OpenDS is functional) * If the tree does not appear or an error messages is displayed, review the LDAPBrowser settings or check the OpenDS configuration 21.4.2 Lab 21-2: Configure the External Directory Objective: webnetwork administrator will configure the webnetwork Server to communicate with the OpenDS as an External Directory service. Only proceed if you have successfully tested the communications between the LDAPBrowser and the directory service. 1.Open the Stoneware Management Console 2.Expand the System Link 3.Expand the Loader Link 4.Expand the Profile Link 5.Select the Directory Service Link 6.Select the External Directory button 7. Enter the External Directory Service information (this should be similar to the information entered in the LDAPBrowser) Directory - Select OpenDS as the directory type

405 webnetwork 5.4 Advanced Administrator Training Enabled- Check the ENABLE box to enable the service DNS Name / IP Address - enter the local workstation's IP address or loopback with the LDAP server's port number separated by a colon (:) 127.0.0.1:10389 Admin Account - enter the full DN (distinguished name) of the admin account on the OpenDS system cn=directory Manager Admin Password - enter the admin account's password stoneware 8. Select the SAVE button 9. Restart the webnetwork Server a. From the Management Console expand the System Link b. Select the Loader link c. Select the SHUTDOWN SERVER button d. Startup the webnetwork Server from the desktop icon or the service management screen 10. Verify the OpenDS is accessible through webadmin a. Select the System Link in the Management Console b. Select the WEBADMIN button at the top right of the screen c. Verify there is an swexternal-users container at the top of the directory tree and it can be expanded without erros. 21.4.3 Lab 21-3: Managing Users and Groups in the External Directory Objective: This lab will walk the webnetwork administrator through the process of creating, managing, and deleting users and groups in the External branch of the directory service tree. Creating an External User

Chapter 21: External Users 406 1. Login to the webnetwork System as the ADMIN user 2. Open the webadmin Dashboard under the ADMIN PROGRAMS menu 3. Expand the TREE ROOT folder 4. Right-click on the swexternal-users container and select CREATE OBJECT 5. Select ORGANIZATIONAL UNIT from the list and press the NEXT button 6. Enter the name of Customers for the new ORGANIZATIONAL UNIT 7. Select the NEXT button 7. Enter the name of Vendors for a second ORGANIZATIONAL UNIT 8. Select the NEXT button 9. Select the CLOSE button 10. Expand the swexternal-users container 11. Select the Customers container and right-click 12. Select the CREATE OBJECT option 13. Select USER as the OBJECT TYPE and select NEXT 14. Enter the name of ABC and select the NEXT button 15. Enter the User information for ABC (see below) User Name = ABC Last Name = Stoneware Password = stoneware 16. Select the NEXT button 17. Select the CLOSE button 18. Expand the Customers container and verify the new account exists 19. Close webadmin 20. Logout of the system 21. Login to the system as the ABC account with the password of stoneware * this will verify the account was created properly and the rights the user has in the system

407 webnetwork 5.4 Advanced Administrator Training * The new external user should have no rights to any service when he/she logs into the system. The webnetwork services and applications are assigned under the stoneware branch of the directory service tree and the external users do not inherit any of those right/services. Creating an External Group The next step will create a group called ABCEmployees and assign the ABC user to the group 1. Login to the webnetwork System as the ADMIN user 2. Open the webadmin Dashboard under the ADMIN menu 3. Expand the USER-GROUP ADMIN folder 4. Right-click on the USER-GROUP ADMIN folder and select the CREATE GROUP option 5. Enter a group name of ABCEmployees 6. Select the ADD button to add group members 7. Browse the swexternal-users container and select the ABC user under the customers organizational unit 8. Select the OK button 9. Change the CHOOSE CONTEXT dropdown to CHOOSE OTHER CONTEXT 10. Select the NEXT button 11. Select the ADD button 12. Select the swexternal-users container 13. Select the OK button 14. Select the NEXT button 11. Select the CLOSE button * An external user and group now exists * The next steps will assign the user and group webnetwork resources Assigning webnetwork Link

Chapter 21: External Users 408 The next step will assign various links to the new ABCEmployees group. This demonstrates that the users created in the external directory can have access to the same webnetwork resources as users in the default directory. 1. Login to the webnetwork system as the ADMIN user 2. Expand the USER-GROUP ADMIN folder 3. Select the ABCEmployees group 4. Select the ASSIGNMENTS panel from the dropdown list 5. Select the ADD button in the ASSIGNED LINKS section 6. Select all links in the Account Mgmt folder (Hold down the SHIFT key while selecting) 7. Select the OK button 8. Select the SAVE button 9. Close the webadmin Dashboard 10. Logout of the system 11. Login to the system as the ABC user to verify new link have been assigned to the external group Assigning webnetwork Web Application The next step will assign a web application to the external ABC user. These steps will demonstrate that web applications can be assigned to external users as well has directory service users. 1. Login to the webnetwork System as the ADMIN user 2. Expand the USER-GROUP ADMIN folder 3. Select the ABC user account 4. Select the ASSIGNMENT panel 5. Select the ADD button 6. Browse and select the the APACHE-LINK from under the APPLICATIONS menu 7. Select the OK button 8. Select the CLOSE button

409 webnetwork 5.4 Advanced Administrator Training 9. Select the SAVE button 10. Close the webadmin Dashboard * Logout as the admin user and in as the ABC user to verify the APACHE link is under the APPLICATIONS, the Apache link will run the web application, and the ABC user has rights to the web application Configuring the External User's Desktop Profile This section will configure the webdesktop profile and components for external users 1. Login to the webnetwork System as the ADMIN user 2. Open the webadmin Dashboard under the ADMIN menu 3. Expand the swexternal-users branch of the directory service tree 4. Select the swexternal-users container 5. Select the ASSIGNMENTS panel from the dropdown list 6. Select the ADD button in the DESKTOP PROFILE section 7. Browse and select the wn53-macprofile located under the stoneware container 8. Select the OK button 14. Select the SAVE button 15. Logout of the webnetwork System 16. Login to the webnetwork System as the ABC user 17. Verify the profile has changed 22 Chapter 22: Clustering 22.1 Overview As webnetwork become a critical component of the business landscape, it is important customers can build fault tolerant systems which provide both the flexibility and redundancy they need. With the introduction of Stoneware webnetwork 4.0, organizations can deploy completely fault tolerant webnetwork solution with the implementation of Clustering Services. Clustering services provides a distributed services architecture allowing webnetwork users to gain access to the information they need 24/7.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback