As Linux gains more acceptance in the enterprise, the problem with administering multiple user accounts and network resources becomes more apparent. By itself, Linux may lack a directory service, but Novell has come to the rescue. Novell has recently ported the latest version of its powerful eDirectory to Linux to complement versions that run on NetWare and Windows. Here’s how you get it to work.
Setting the stage
For the purposes of this article, I’ll be integrating a Red Hat Linux 8.0 server into an existing NDS tree. This tree also has a NetWare 6 server and a Windows 2000 server on the same network. For information about running eDirectory on Windows 2000, see the Daily Drill Down “Expand directory options on your Windows 2000 server with Novell’s eDirectory.”
Getting eDirectory for Linux
Before eDirectory can be installed on the Linux system, obviously you’ll need to get it. As of this writing, Novell is offering eDirectory 8.7 as a free download from its Web site in addition to a license for 250,000 users. Make sure to download the software as well as to obtain a license from Novell by following the instructions at the Web site. The name of the downloaded software file is edir87_linux_full.tar.gz. Save this file in the user directory on your Linux server.
Preparing for installation
Before beginning the installation of eDirectory on Linux, there are a few things you need to do first. Start by logging into your server as the root user.
The Linux server that you want to install eDirectory on must have multicast routing enabled. You can check this by typing /bin/netstat -nr at the command line on the system. If there is a line that starts with 18.104.22.168, you’re all set. If not, type /sbin/route add -net 22.214.171.124 netmask 240.0.0.0 eth0 and press [Enter] in order to enable this service. If the interface that you intend to use to communicate with NDS is not called eth0 on your system, replace eth0 in this command with the appropriate device name.
Running the installer
To begin installing eDirectory, you must first expand the edir87_linux_full.tar.gz file. To do so, change to the directory where you saved the eDirectory distribution. Create a directory called edir87 in which to expand the distribution by typing mkdir edir87 and pressing [Enter]. Change into the directory by typing cd edir87 and pressing [Enter].
Now, you can expand the distribution by typing gunzip -dc ../edir87_linux_full.tar.gz | tar xvf – and pressing [Enter]. This will create three directories named documentation, Linux, and nmas. Change into the directory where the installer resides by typing cd Linux/setup and pressing [Enter]. You can then execute the installer by typing ./nds-install and pressing [Enter].
The first decision that you have to make during the installation process involves the components you wish to install. Here you have three choices:
- 1 Novell eDirectory Server
- 2 Novell eDirectory Administration Utilities
- 3 Management Console for Novell eDirectory (ConsoleOne)
At the Select The Components prompt, you’ll enter in the number for each component you want to install. For this installation, I want to install the eDirectory server, administration utilities, as well as ConsoleOne; therefore, the response at the prompt is 1,2,3.
After choosing the components to install, you need to tell the installer where the license file resides. At the Enter The Path To License File prompt, type the path in. After specifying the license file location, Setup installs NICI 2.4.1.
With the information you’ve entered, the eDirectory installation takes place. This is all accomplished with RPM files from the distribution. The status of the RPM installation is presented so that you can track any potential problems. Installation goes very quickly.
After the NDS RPMs are installed, the installer starts the ConsoleOne installation. The first question asked concerns the language that should be used. I’ll use English since I’m in the United States.
The next step asks you to decide which ConsoleOne snap-ins you wish to install. For ease of installation, I will install all of the below; here is a short explanation of each:
- ICE: Allows an administrator to import or export large numbers of users very quickly using LDIF
- Index Manager: Allows an administrator to index NDS objects
- LDAP: Allows an administrator to manage the eDirectory LDAP server
- SLP: Allows an administrator to configure SLP (service location protocol)
- WAN Manager: Allows ConsoleOne to work with the WAN Traffic Manager
- PKI: Allows you to manage your own digital certificates
- Filtered Replica: Allows quick access to selected portions of the tree
Next, you are asked if you wish to install a Java Runtime Environment (JRE). If you don’t have a JRE installed on your server, you must answer yes. If you do already have a JRE on your server—unless you have a good reason to hold on to your current JRE—I would recommend letting the installer use the included version so you can be sure that it will work.
Configuring eDirectory for Linux
All of the required software for eDirectory is now installed. The next step in the process is to configure the software to join your existing NDS tree. This is accomplished with the ndsconfig utility. To add a server to the NDS tree, ndsconfig requires three parameters:
- The name of the tree
- The context where the server object should be located
- The name of an admin user
For example, in my test environment, to add the Linux server to my NDS tree called NDS-LAB, I’d type ndsconfig add -t nds-lab -n o=lab1 -a cn=admin.o=lab1.
Correcting a mistake
On my first try, I added the server to the eDirectory tree without giving it a hostname. As a result, the name localhost appears in NDS. Since I haven’t used the service yet, nothing depends on it. If the same thing happens to you, you can easily remove it from the server and NDS, using the ndsconfig rm -a cn=admin.o=lab1 command. Once this completes, if need be, you can reinstall it using ndsconfig –add.
Once this is done and the tree knows about the new server, you will see messages on any NetWare servers in the tree indicating that communication has been established with the new NDS server.
At this point, you should be able to administer NDS from your Linux server using ConsoleOne. From the console, execute /usr/ConsoleOne/bin/ConsoleOne and log on to the tree. You’ll then see a screen similar to the one shown in Figure A.
|Here is the ConsoleOne directory view on Red Hat Linux 8.|
For more information about running ConsoleOne under Linux, see the Daily Drill Down “ConsoleOne 1.3.3 adds NetWare administration powers to Linux.”
Directory assistance for your penguin-powered server
Novell is well known for NetWare, GroupWise, and eDirectory. Getting NDS to run across NetWare, Windows, and Linux may not sound like a huge deal, but once it is done, you have an accessible, standards-compliant directory for a huge majority of the platforms out there. If you write software that needs a directory in order to operate, or if you need a directory to back your Web site, you can count on eDirectory 8.7 to work on almost any platform you need. Now, you can choose an operating system on merits other than directory software.