www.novell.com directory development fundamentals ed shropshire nds partner programs novell, inc....
TRANSCRIPT
www.novell.com
Directory Development FundamentalsDirectory Development Fundamentals
Ed ShropshireNDS Partner ProgramsNovell, [email protected]
Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries
MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
Deployed Versions Novell eDirectory™ and Novell Directory Services® (NDS)
Product Version Build Version
Platforms
NetWare 5.1 SP4 (NDS 7) DS.nlm v7.57 NetWare 5.1
NetWare 5.1 SP 4 (NDS 8) DS.nlm v8.79 NetWare 5.1
eDirectory 8 DS.nlm & DS.dlm v8.79
NetWare 5.0,Win NT/2K
eDirectory 8.5.x DS v85.23 NetWare 5.x,Win,Solaris
NetWare 6 (eDirectory 8.6) DS.nlm v10110.20 NetWare 6
eDirectory 8.6.1 DS v10210.43 NW 5.1,NW 6,Win,Solaris,Linux
NetWare 6 SP1 (eDirectory 8.6.2)
DS.nlm v10310.17 NetWare 6
eDirectory 8.6.2 DS v103xx.xx NW 5.1,NW 6,Win,Solaris,Linux
eDirectory 8.7 DS v10410.xx NW 5.1,NW 6,Win,Solaris,Linux,AIX
Differences Between eDirectory and NDS®
NetWare 6
NetWare
NDS eDirectory
NOS directory focused on managing NetWare® servers
A cross-platform, scalable, standards-based directory
used for managing identities that span all aspects of the network—eDirectory
is the foundation for eBusiness
NetWare 5
Novell one Net and eBusiness VisionNovell provides Net services software that gives organizations the ability to simplify the complexities of the Net, securely extend and integrate networks and applications between companies and accelerate eBusiness transformations
Novell eDirectory™
NW
NET ServicesNET Services
…
What’s New with Novell eDirectory
• Novell eDirectory 8.6.1 and 8.7• Product of the Year—Network Magazine • The Name—Novell eDirectory• SunTone Certification• Partner Redistribution Program• Free eDirectory for Developers• LDAPZone• AIX • LDAP 2000 Server Brand• LDAP Java SDK• LDAP Java Beans
Novell eDirectory Partner Redistribution Kit Program
• Get started Download unlimited eDirectory licenses for
development purposes—visit developer.novell.com/eDirectory/download.htm
• Get profitable Offer commercial solutions that include FREE
250,000 user versions of eDirectory Save each application customer up to a half-
million US dollars in up-front licensing costs Visit developer.novell.com/eDirectory
Novell eDirectory Partner Redistribution Kit Program
• OEMs/ISVs can (AT NO COST): Distribute 250,000 eDirectory user versions with
each copy of their shipping products Distribute full-featured versions of eDirectory to
an unlimited number of application customers Distribute the latest Multi-OS version of
eDirectory—Windows*, Sun Solaris*, Linux*, NetWare®, and IBM AIX* (*future)
Increase software/hardware/server sales Rely on proven embedded technology Build competitive advantage with added
services and lower up-front deployment costs
LDAPzone.com
Why LDAPzone?• Comprehensive
Resources and information on everything LDAP
• Community Share ideas, sample code,
forums, tips and tricks
• Directions The latest LDAP news,
updates and developments
www.ldapzone.com
Novell Developer Offerings
• Support options What can you get if you pay
• Benefits 24 hour turnaround• Developer labs• Priority support• Dedicated support contacts
• Certification• Solutions search• Developer labs• Developer training
eGuide
iInstall
iMonitor
iManage
Novell eDirectory Architecture
eD
irecto
ry M
anagem
ent Fra
mew
ork
Database
Storage Management Interface (SMI)
Replication
Security
Maintenance
SchemaUtilities
RepairMergeBackup
Access
LDAP NDAPSyste
m A
bstra
ction La
yer (S
AL)
Linux
NetWare
NT
Solaris
DirXML™ OnDemandSM SSO iChain®
AIX
???
How do I simplify my businessprocess and eliminate redundant
and inconsistent data?
How do I use the Internetto let my partners, customers
and employees access secure applications and data?
How do I use the Internetto let my partners, customers
and employees access secure applications and data?
Web Server
Web Server
Browser
iChain
How do I simplify my businessprocess and eliminate redundant
and inconsistent data?
Net Directory Service Solutions
How do I accelerate myexisting business systems so my customers, employees and
IS professionals are not waiting for them?
App 1
App 2
App 3
App 4
•
••
SSO/NMAS
DirXML™
HRApplication
PBXApplication
E-mailApplication
eDirectory• Novell Account Management• Novell Authentication Services
168 Applications Before Zero-Day Start
Personica1002
Tracks resume, job openings,offer letters etc.
PeopleSofta1001
New "Regular"Employee
Documents
HR Departm ent Em ployeeT erm ination(T erm )
Notification Process Via E-Mail
(Em T erm )(HR Line 1)
InfoSourcea1008
(W orkForce Data)
Maxim oa1011
(O ld FacilitiesApplicaton)
B IG (Requests byPhone 1-6000(F irst Phase)
Vantive(Help Desk)(HD)
NW Adm in. (Tool that facilitates account
creation, activation etc.)
NDS(Novell D irectory
Services)
G roupW ise
i1001Reg. Employee Inf.
TerminationInf.
InfoSource E-m ailO r
Help Desk(HD)Personnel E-Mail
TerminationInf.
Termination Inf.V ia E-Mail (W eekly Report)
Termination Inf.V ia E-Mail (Daily Notification)
Security Personnel or Access Utah/SJF
Adm inistrators &Managers
Budget Analysts orFinancial Planning
Analysis (FP&A)
Oraclea4001
Request entered intoO racle W ebRequisitions
HardwareRequest
Arc
hib
us D
ata
Syn
c/M
an
ua
l
Request Module for lights, heat, ac,p lum bing, boxes for m ove, furniture
m oves, to ilet p lugs, paper products, SJFkeys, vending requests, equipm ent
service requists
Notification to Que on Web
Call requests to HD forEm ployee Account
T erm ination
Notification to Vantive(Creates Vantive incident)
HD deactivates accountsin Infosource
(No incident is created)
Subscribers T oT erm ination Data
(W eekly Report)FromHum an Resources
Vantive notifies HD foraccount activation/
deactivation
Build ing T echs, CachValley Elect.,
Com puCom , HR &BayQ uality, AccessFor Incidents/W ork
O rders
UNS(Unique Nam e
Search)(Searches NDS,G W & Alliases in SMT P
Agent 86
W estinghouseAccess Control
System
EPI(Security Badgecreation App.)
W orkForce AccessApplication
filled out & approvedby Manager
ID Badge CreatedW ith "AccessRequirements
Number"
Badge created & Bar Coded(Bar Codes are linked to Employee ID,
but said linkage is not being used)
Badge activated with Access R ights
Adm inistrators &Managers
ContingentW orkforceDocuments
Oracle, Equity Edge, Metlife,ADP, Etc.
(401k, Health, Stock etc.)
IS-NDS & G .W .G ateway U tility
T elecom m unications(Telephone # Ext. are
entered into Infosourceby Admins)(Telecom
Personnel sync jack#'sinto Infosource)(Audix# 's& Names entered Man.)
(K1) Single office keys cut(K2) Keys cut w ith Security approval
Facilities Move/Preventive Maintenance/Cushm an & W akefield
Bon Appe'tit
W eb(Browser Access)
Archibus DB(Located in Phoenix AZ )(DB used by BIG)(W ill be
used to house CADdrawings)
Security Approval forK2 (Master Keys)
No Special Approvalfor O ffice Keys
(K1)(Key Info Stored inKeyCode Sybase DB)
K2 Req.Forwarded
T hanksG iving Point (Landscape &G ardening)
PBX
Phone Ext.RetrievedFrom PBX
16411 AuxilliaryPhone System
Extract For16411
Entered
Archer Managem ent(Account Codes, Em p
Status, Pref. Nam e,Adm in Info checked in
InfoSource)(Som em ailstop correctionsm ade to InfoSource)
ARIST O DB(DB used byArcher, m ail
delivery)
O utsourced W ork Flow& W ork O rders for
Contractors w ith BIGw eb queue
W eb(Browser Access For
Incident and W ork O rdercreation in Vantive)
Incidents or W ork Requestsentered via Innerweb
NDSDis. Name, Dep. Name, F irst-Last Name, Phone#,Fax, Job T itle, Mail Stop, Infosource ID , W orkForce ID
CorporateD irectory
i1032 (Mail Stop/Domain, PostOffice,GroupWise User ID 'e-mail name'
Busness phone, Fax#, Full Context)
Preferred Nam e or Legal Nam e(if Preferred is b lank), Business T itle,
Status, Account Code, Manager ID ,W orkforce ID, Regular-T em porary
One Net Simplifies Business Processes
iClick
PeopleSoft
Personic
NDSInfrastructure
Tree
D irX M L In terface
D irX M L In terface
GroupW ise
D irX M L
Em ployee form sscanned in to
system
PBX
NDSW ork force
T ree
B.I.GApps
Em ployeeAssim ilation
Process
TrackApplicantProcess
Self ServiceInform ationforewarded
to PeopleSoft
NDS Custom er
Tree
Vantive
D irX M L
D irX M L
NDSAuthentication
Tree
W estingHouse
e-Guide
Oracle/SeibelEtc.
W ITS(Mail Delivery
System )
D irX M L EPI
ManagerSelf
ServiceProcess
LDAPXMLIP
SSL
Enlightened Workforce (Intelligent Portal)
The Three Views Novell eDirectory
• Let’s take a look at it from a different perspective
Logical View
Names
Rights
PerspectivePhysical View
Partitions
Replicas
Schema View
Top
Person
User
What Makes It Different?
• Extensible schema• Inherited rights• Multi-master replication• Filtered replica• Referential integrity• Scalable data store• Multi-protocol support (discovery—access
protocols)• Multi-authentication support• Developer interfaces• Platform support
eDirectory Features
ADSI ProviderTranslates ADSI calls into LDAP
Apps developed to ADSI are fully supported
LDAP SupportLDAP v3 support including SSL
OpenLDAP SDK
Improved search speed
Cross-platform supportAlready runs on NetWare, NT 4, Linux,
Windows 2000 and Solaris
Looking at other UNIX and mainframe platforms (e.g AIX)
Improved administration toolsMonitoring and repair tools in
ConsoleOne®
ICE (Import/Convert/Export) utilityiMonitor utility
Feature details
Filtered replicaA new replica type that enables
flexible control of what’s replicated
Down to the attribute level
DirXML SupportProvides foundation for integrating
network information for any system, application, device, etc.
What is LDAP?
• A standardized protocol for accessing X.500 directories• A version of DAP* that contains less code than DAP• An enabled client with TCP/IP access to X.500 directories• Lightweight means you don’t have to manage all of the
connection overhead in your application• Lightweight doesn’t mean limited access functionality• LDAP is a client-server protocol
LDAP began life as an attempt to simplify access to x.500 (DAP) directories, thus the name:
Lightweight Directory Access Protocol
Technical LDAP Benefits
MicrosoftNetscape
Novell eDirectory
LD
AP
LDA
P
LDAP
Directory-EnabledDirectory-EnabledApplicationsApplications
• Applications can be directory-neutral
• Directories can be interchanged
• Note: All directories are not equal
Licenses in use: 40 M
Licenses in use: 174 M
Licenses in use: 4.5 M
Overview
• LDAP is a client/server access protocol
• LDAP also describes a data model (ACI, Schema, Replication)
• LDAP is controlled by the IETF community
• LDAP certifications Works with LDAP (for applications) and LDAP 2000 (for
servers)
Novell is a founding member of the Interoperability Forum/Open Group
Novell eDirectory SDK
• Everything to integrate with eDirectory Libraries, tools, sample code, and
documentation Platforms (server and workstation)
• NetWare®
• Windows 2000• NT• Windows 95/98 • Solaris, Linux
http://developer.novell.com/ndk/ndssdk.htm
Novell O
DB
C d
river
for
eD
irecto
ryN
ovell O
DB
C d
river
for
eD
irecto
ry
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Bean
s f
or
Novell
serv
ices
Bean
s f
or
Novell
serv
ices
eM
Fra
mew
ork
eM
Fra
mew
ork
Novell J
DB
C d
river
for
eD
irecto
ryN
ovell J
DB
C d
river
for
eD
irecto
ry
JNDIJNDI
NJCLNJCL
eDir libraries for C
eDir libraries for C
NDAP/NCPNDAP/NCP
LDAP service
provider for JNDI
LDAP service
provider for JNDI
LD
AP
lib
rari
es f
or
CLD
AP
lib
rari
es f
or
C
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell e
Com
merc
e B
ean
sN
ovell e
Com
merc
e B
ean
s
LD
AP
Cla
ss L
ibra
ries f
or
Java
LD
AP
Cla
ss L
ibra
ries f
or
Java
LDAPLDAP
Novell eDirectoryNovell eDirectory
Novell O
DB
C d
river
for
eD
irecto
ryN
ovell O
DB
C d
river
for
eD
irecto
ry
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Bean
s f
or
Novell
serv
ices
Bean
s f
or
Novell
serv
ices
eM
Fra
mew
ork
eM
Fra
mew
ork
Novell J
DB
C d
river
for
eD
irecto
ryN
ovell J
DB
C d
river
for
eD
irecto
ry
JNDIJNDI
NJCLNJCL
NDS libraries for C
NDS libraries for C
NDAP/NCPNDAP/NCP
LDAP service
provider for JNDI
LDAP service
provider for JNDI
LD
AP
lib
rari
es f
or
CLD
AP
lib
rari
es f
or
C
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell e
Com
merc
e B
ean
sN
ovell e
Com
merc
e B
ean
s
LD
AP
Cla
ss L
ibra
ries f
or
Java
LD
AP
Cla
ss L
ibra
ries f
or
Java
LDAPLDAP
Novell eDirectoryNovell eDirectory
Novell O
DB
C d
river
for
eD
irecto
ryN
ovell O
DB
C d
river
for
eD
irecto
ry
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Bean
s f
or
Novell
serv
ices
Bean
s f
or
Novell
serv
ices
eM
Fra
mew
ork
eM
Fra
mew
ork
Novell J
DB
C d
river
for
eD
irecto
ryN
ovell J
DB
C d
river
for
eD
irecto
ry
JNDIJNDI
NJCLNJCL
NDS libraries for C
NDS libraries for C
NDAP/NCPNDAP/NCP
LDAP service
provider for JNDI
LDAP service
provider for JNDI
LD
AP
lib
rari
es f
or
CLD
AP
lib
rari
es f
or
C
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell e
Com
merc
e B
ean
sN
ovell e
Com
merc
e B
ean
s
LD
AP
Cla
ss L
ibra
ries f
or
Java
LD
AP
Cla
ss L
ibra
ries f
or
Java
LDAPLDAP
Novell eDirectoryNovell eDirectory
Novell O
DB
C d
river
for
eD
irecto
ryN
ovell O
DB
C d
river
for
eD
irecto
ry
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Bean
s f
or
Novell
serv
ices
Bean
s f
or
Novell
serv
ices
eM
Fra
mew
ork
eM
Fra
mew
ork
Novell J
DB
C d
river
for
eD
irecto
ryN
ovell J
DB
C d
river
for
eD
irecto
ry
JNDIJNDI
NJCLNJCL
NDS libraries for C
NDS libraries for C
NDAP/NCPNDAP/NCP
LDAP service
provider for JNDI
LDAP service
provider for JNDI
LD
AP
lib
rari
es f
or
CLD
AP
lib
rari
es f
or
C
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell e
Com
merc
e B
ean
sN
ovell e
Com
merc
e B
ean
s
LD
AP
Cla
ss L
ibra
ries f
or
Java
LD
AP
Cla
ss L
ibra
ries f
or
Java
LDAPLDAP
Novell eDirectoryNovell eDirectory
Novell ODBC Driver for eDirectory
• ODBC driver specifically designed to query and retrieve eDirectory data
Supports standard SQL statements Makes reporting and retrieving data quick and
easy Abstracts the directory tree into accessible
relational database tables Hides the complexity of the underlying
directory syntax
How ODBC Maps eDirectory Data
• Mapping eDirectory data to relational tables eDirectory hierarchical directory data is mapped to
a flattened relational database table• eDirectory object classes correspond to the tables• eDirectory class attributes correspond to columns of the table• Entries correspond to rows of the table
SurnameSurname Given nameGiven name
TitleTitle
Jones
Nelson
Smith
Wilson
Kim
Chris
Sam
Lynn
Manager
Engineer
Tester
Writer
Troubleshooting Novell ODBC Driver
• Common problems Insufficient resources
• Select fewer attributes or specify the attributes rather than using a wildcard to include all attributes
• Examine the attributes you select to ensure that only a few of them are multi-valued
• Restrict the number of objects selected by specifying only one container
eDirectory rights SQL statement errors
• Use the correct table and column names in SQL statements
• Read-only access to eDirectory
Novell O
DB
C d
river
for
eD
irecto
ryN
ovell O
DB
C d
river
for
eD
irecto
ry
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Bean
s f
or
Novell
serv
ices
Bean
s f
or
Novell
serv
ices
eM
Fra
mew
ork
eM
Fra
mew
ork
Novell J
DB
C d
river
for
eD
irecto
ryN
ovell J
DB
C d
river
for
eD
irecto
ry
JNDIJNDI
NJCLNJCL
NDS libraries for C
NDS libraries for C
NDAP/NCPNDAP/NCP
LDAP service
provider for JNDI
LDAP service
provider for JNDI
LD
AP
lib
rari
es f
or
CLD
AP
lib
rari
es f
or
C
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell e
Com
merc
e B
ean
sN
ovell e
Com
merc
e B
ean
s
LD
AP
Cla
ss L
ibra
ries f
or
Java
LD
AP
Cla
ss L
ibra
ries f
or
Java
LDAPLDAP
Novell eDirectoryNovell eDirectory
Novell eDirectory LDAP Compliance
• Novell LDAP SDKs fully implement• IETF draft for C Interface
– draft-ietf-ldapext-c-api-05.txt
• IEFT draft for Java Interface– draft-ietf-ldapext-java-api-13.txt– eDirectory supports all LDAP version 3 required
functionality
• IETF RFCs 2247, 2251, 2252, 2253, 2254, 2255 and 2256
• eDirectory also supports most optional functionality
More About LDAP
• Users given “server view” vs. a “tree view”• LDAP uses UTF-8 encoding of character strings
Allowing strings of any language to be used in the API
• LDAP servers listen on two TCP/IP ports 389—Provides clear text connections 636—Secure connections using SSL
• An LDAP bind (connection) is an eDirectory login LDAP requires that individual users have passwords No password is interpreted as an anonymous bind
• Specifies no file access mechanisms• Novell eDirectory event mechanism coming soon
Novell Extensions to LDAP
• Novell LDAP extensions Partitions—split, join, get number of entries, abort
operation Replicas—add, remove, change type, list on server,
return information Replica synchronization—to a specified server, to
all replicas, at a specified time Schema synchronization Get effective eDirectory rights for attributes Get DN of logged-in caller Restart the LDAP server
Novell O
DB
C d
river
for
eD
irecto
ryN
ovell O
DB
C d
river
for
eD
irecto
ry
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Bean
s f
or
Novell
serv
ices
Bean
s f
or
Novell
serv
ices
eM
Fra
mew
ork
eM
Fra
mew
ork
Novell J
DB
C d
river
for
eD
irecto
ryN
ovell J
DB
C d
river
for
eD
irecto
ry
JNDIJNDI
NJCLNJCL
NDS libraries for C
NDS libraries for C
NDAP/NCPNDAP/NCP
LDAP service
provider for JNDI
LDAP service
provider for JNDI
LD
AP
lib
rari
es f
or
CLD
AP
lib
rari
es f
or
C
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell e
Com
merc
e B
ean
sN
ovell e
Com
merc
e B
ean
s
LD
AP
Cla
ss L
ibra
ries f
or
Java
LD
AP
Cla
ss L
ibra
ries f
or
Java
LDAPLDAP
Novell eDirectoryNovell eDirectory
LDAP Class Libraries for Java
• Now available on the Novell Developer Kit (NDK) Conforms to the IETF LDAP Java interface Socket, threads, queues, connection manager Referrals Schema management Security SSL and SASL Extensions and controls Exposes additional classes and methods
• ASN.1/BER Protocol Methods (APIs)
Benefits of LDAP Libraries for Java
• Classes and methods reflect LDAP protocol• Small footprint• Easy to learn and use• Synchronous and asynchronous interfaces• Pure Java solution• Extensions for eDirectory management• Tuned and tested with eDirectory• Works with other LDAP-aware directories• SSL secured through Novell Security Technologies• Open Source available on the OpenLDAP Site
www.openldap.org
Novell O
DB
C d
river
for
eD
irecto
ryN
ovell O
DB
C d
river
for
eD
irecto
ry
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Bean
s f
or
Novell
serv
ices
Bean
s f
or
Novell
serv
ices
eM
Fra
mew
ork
eM
Fra
mew
ork
Novell J
DB
C d
river
for
eD
irecto
ryN
ovell J
DB
C d
river
for
eD
irecto
ry
JNDIJNDI
NJCLNJCL
NDS libraries for C
NDS libraries for C
LDAP service
provider for JNDI
LDAP service
provider for JNDI
NDAP/NCPNDAP/NCPLD
AP
lib
rari
es f
or
CLD
AP
lib
rari
es f
or
C
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell e
Com
merc
e B
ean
sN
ovell e
Com
merc
e B
ean
s
LD
AP
Cla
ss L
ibra
ries f
or
Java
LD
AP
Cla
ss L
ibra
ries f
or
Java
LDAPLDAP
Novell eDirectoryNovell eDirectory
What is JNDI?
• Java Naming and Directory Interface (JNDI) An addition to JavaSoft’s enterprise API set Object-oriented look and feel Abstracted view
• Naming-system neutral, enabling many different service providers to be accessed via the same interface
• Promotes interaction between naming systems• Provider issues tend to show through
Providers may or may not be pure Java• Platform support is provider-dependent• Providers tend to be vendor-specific
Novell O
DB
C d
river
for
eD
irecto
ryN
ovell O
DB
C d
river
for
eD
irecto
ry
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Bean
s f
or
Novell
serv
ices
Bean
s f
or
Novell
serv
ices
eM
Fra
mew
ork
eM
Fra
mew
ork
Novell J
DB
C d
river
for
eD
irecto
ryN
ovell J
DB
C d
river
for
eD
irecto
ry
JNDIJNDI
NJCLNJCL
NDS libraries for C
NDS libraries for C
NDAP/NCPNDAP/NCP
LDAP service
provider for JNDI
LDAP service
provider for JNDI
LD
AP
lib
rari
es f
or
CLD
AP
lib
rari
es f
or
C
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell e
Com
merc
e B
ean
sN
ovell e
Com
merc
e B
ean
s
LD
AP
Cla
ss L
ibra
ries f
or
Java
LD
AP
Cla
ss L
ibra
ries f
or
Java
LDAPLDAP
Novell eDirectoryNovell eDirectory
Use Novell LDAP Libraries for C
• Use the Novell LDAP Libraries for C vs. other SDKs
Extensions for eDirectory management Tuned and tested for eDirectory Works with other LDAP-aware directories Available on NetWare, Windows, UNIX Supported by Novell Worldwide Developer Support Internationalized and localized SSL-secured through Novell Security Technologies
• LDAP Libraries for C Open Source• Novell LDAP Libraries for C leverage
www.OpenLDAP.org
Novell O
DB
C d
river
for
eD
irecto
ryN
ovell O
DB
C d
river
for
eD
irecto
ry
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Bean
s f
or
Novell
serv
ices
Bean
s f
or
Novell
serv
ices
eM
Fra
mew
ork
eM
Fra
mew
ork
Novell J
DB
C d
river
for
eD
irecto
ryN
ovell J
DB
C d
river
for
eD
irecto
ry
JNDIJNDI
NJCLNJCL
NDS libraries for C
NDS libraries for C
NDAP/NCPNDAP/NCP
LDAP service
provider for JNDI
LDAP service
provider for JNDI
LD
AP
lib
rari
es f
or
CLD
AP
lib
rari
es f
or
C
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell e
Com
merc
e B
ean
sN
ovell e
Com
merc
e B
ean
s
LD
AP
Cla
ss L
ibra
ries f
or
Java
LD
AP
Cla
ss L
ibra
ries f
or
Java
LDAPLDAP
Novell eDirectoryNovell eDirectory
Novell JDBC Driver for eDirectory
• Conforms to the JDBC specification• Requires the JNDI LDAP service provider
for eDirectory• Supports standard SQL statements• Abstracts the directory tree into
accessible relational database tables• Hides the complexity of the underlying
directory syntax • Provides “read only” access of eDirectory
Novell O
DB
C d
river
for
eD
irecto
ryN
ovell O
DB
C d
river
for
eD
irecto
ry
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Bean
s f
or
Novell
serv
ices
Bean
s f
or
Novell
serv
ices
eM
Fra
mew
ork
eM
Fra
mew
ork
Novell J
DB
C d
river
for
eD
irecto
ryN
ovell J
DB
C d
river
for
eD
irecto
ry
JNDIJNDI
NJCLNJCL
NDS libraries for C
NDS libraries for C
NDAP/NCPNDAP/NCP
LDAP service
provider for JNDI
LDAP service
provider for JNDI
LD
AP
lib
rari
es f
or
CLD
AP
lib
rari
es f
or
C
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell e
Com
merc
e B
ean
sN
ovell e
Com
merc
e B
ean
s
LD
AP
Cla
ss L
ibra
ries f
or
Java
LD
AP
Cla
ss L
ibra
ries f
or
Java
LDAPLDAP
Novell eDirectoryNovell eDirectory
Novell Controls for ActiveX • Application Administration
(NWAppA) • Bindery (NWBind) • Browser (NWBrowse) • Catalog Administration (NWCatA) • Client and Server Socket
(NWCliSkt and NWSvrSkt) • Directory (NWDir) • Directory Administration (NWDirA)• Directory Authenticator
(NWDirAuth) • Directory Query (NWDirQ) • Internet Directory (NWIDir) • Internet Directory Query
(NWIDirQ)
• Internet Directory Entries (NWIDirE)
• NDPS Printer Administration (NWDPPrtA)
• Network Selector (NWSelect) • Peer Socket (NWPrSkt) • Print Queue Administration
(NWPQA) • Print Server Administration
(NWPSA) • SecretStore (NWSecStr) • Server Administration (NWSrvA) • Session Management (NWSess) • User Group (NWUsrGrp) • Volume Administration (NWVolA)
Novell O
DB
C d
river
for
eD
irecto
ryN
ovell O
DB
C d
river
for
eD
irecto
ry
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Novell c
on
trols
for
Acti
veX
(N
WD
ir)
Bean
s f
or
Novell
serv
ices
Bean
s f
or
Novell
serv
ices
eM
Fra
mew
ork
eM
Fra
mew
ork
Novell J
DB
C d
river
for
eD
irecto
ryN
ovell J
DB
C d
river
for
eD
irecto
ry
JNDIJNDI
NJCLNJCL
NDS libraries for C
NDS libraries for C
NDAP/NCPNDAP/NCP
LDAP service
provider for JNDI
LDAP service
provider for JNDI
LD
AP
lib
rari
es f
or
CLD
AP
lib
rari
es f
or
C
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell c
on
trols
for
Acti
veX
(N
WID
ir)
Novell e
Com
merc
e B
ean
sN
ovell e
Com
merc
e B
ean
s
LD
AP
Cla
ss L
ibra
ries f
or
Java
LD
AP
Cla
ss L
ibra
ries f
or
Java
LDAPLDAP
Novell eDirectoryNovell eDirectory
Beans for Novell eDirectory
• eCommerce LDAP beans Components for integrating web applications with LDAP
directories Enabling authentication Read/write directory access Contextless login SSL security
• NDS bean Enables access to and manipulation of eDirectory entries Dependent upon the Novell class libraries for Java Requires the Novell Client
Scripting Options
• Third Party Scripting Options Perl Python PHP
• Visit LDAPZone for a complete list and options
www.LDAPZone.com
Supercharge Your Web Applications with Novell eDirectory
• Realize the benefit of using Novell eDirectory to personalize web server applications
The objective of this seminar is to provide ideas and examples that will assist you in developing and deploying more powerful and flexible web-based applications
Why Tie Web Applicationsto Novell eDirectory?
• Enhance and strengthen business relationships
Allowing secure access to information and applications
• Provide the ability to simply and securely provide access to personalized and sensitive information
This may be the difference between gaining or disappointing a customer or partner
Use Novell eDirectory to
• Store identity profiles • Control data access• Maintain customer identity relationships• Manage user security • Manage data at the network level• Abstract service locations• Increase throughput
HTTP is Stateless
• To enable session tracking, utilize• Realms
– Browser passes user and password with each request• Hidden form fields
– Hidden input types that are not displayed when read by the browser
• Cookies– Keyed piece of data created by the server and stored by
the client browser• URL rewriting
– Requested URL is modified to include a session ID• Servlet HTTPsession objects
– Enables name/value pairs to be stored per session
Use Novell eDirectory to Track Sessions
• Take advantage of GUIDs* Identify who is accessing the site
• GUIDs eliminate the need to store personal data• GUIDs are globally unique across all trees and servers• eDirectory automatically creates a GUID for each new
entry– GUIDs do not change throughout life of object
• Administrators may want to create an index on GUID to enhance response time
Operational Attribute
*Globally Unique Identifiers
Use Novell eDirectory to Personalizethe User Experience
• Case example (CNN) Provides worldwide news, sports, financial data
and other information Customized and personalized advertising and
content using the GUID as a cookie Customization is transparent to the user
Netscape web servers on Solaris(CNN Web Farm)
(Cookie)
LDAP Client
eDirectory on NetWare 5 Load Directory Servers- Compaq 6400R- 2GB RAM/72GB RAID 0- 1 Intel Pro/100 Server Adapter
(ad-injection)
InternalInternalFirewallFirewall
eDirectory on NetWare and SolarisDevelopment Servers- Compaq 1850R - 2GB RAM/72GB RAID 0- 1 Intel Pro/100 Server Adapter- SUN Sparc U60- Solaris 2.6
eDirectory on NetWare 5Staging Server- Compaq 1850R -2GB RAM/72GB RAID 0- 1 Intel Pro/100 Server Adapter
HTTP
CNN eDirectoryArchitecture
Tune Your Application and eDirectory to Achieve High Throughput
• Filter the scope of data searches• Create well-formed schema extensions• Tune eDirectory
Tune memory/cache Use proper tree design Co-locate servers
• Distributed nature of eDirectory gives better throughput
Utilize filtered replicas Index on critical attributes
Directory Services and Databases
• Let’s look at the strengths and weaknesses of both
• When are they exclusive of each other?
• When do they compliment each other?
• The whys and wherefores
Directory Services and Databases (cont.)
Directory Service Strengths
• Fast on the read• Distributed• Object-oriented• Hierarchical• Standardized schema• Replication• Attributes can be
multi-valued
Relational Database Strengths
• Designed to handle transactions
• Schema tuned for exact application needs
• Can be modeled to handle very complex needs
• Data integrity built in• Management of data
failures
When to Use What??
• Each has it’s own best use• Directories are used most often for
Authentication Authorization Personalization
• RDBMS’s used most often for Transaction processing Highly volatile data Very complex data requirements
• Examples of each usage
Making the Choice…
• Frequency of data modifications
• Primary data requirements
• Security
• Flexibility
• Model the data needs
• Determine transactional requirements
What Is So Important About Schema?
• It sets some structure
• Provides a framework
• Identifies syntax
• Schema=Data Dictionary
Schema compone
nts
Directory compone
ntsRules for
Tree structure
rules
Tree structure
rules
Object classesObject classes
Attribute types
Attribute types
Attribute syntaxesAttribute syntaxes
Directory tree
Directory tree
ObjectsObjects
Attributes
Attributes
ValuesValues
What Is in the Schema?
• Object classes
• Attributes types
• Syntaxes
• Matching rules
• Naming and containment rules
Tree structure
rules
Tree structure
rules
Object classesObject classes
Attribute types
Attribute types
Attribute syntaxesAttribute syntaxes
Directory tree
Directory tree
ObjectsObjects
Attributes
Attributes
ValuesValues
Schema compone
nts
Directory compone
ntsRules for
eDirectory Has an Extensible Schema
• You can extend the schema, you do not change the schema
Create new classes Add optional attributes Use auxiliary classes Delete non-base classes that do not have any
object instantiated Delete attributes that are not used in any
classes
• Schema extensions do not impact directory performance
Extension Options
• You can make extensions programmatically or by using an LDIF file with the ldapmodify utility
Programmatically• Easier to control• Not as many files
LDIF• No need to recompile changes• Easy to run multiple
New Schema Recommendations
• Determine exact purpose of new classes and attributes
• Don’t define anything for “future use”• Remember to include the domain containment • Understand any flags you use• Use auxiliary classes whenever possible
Don’t add new attributes to existing classes if possible
• Reuse/extend existing schema definitions If small, change to existing definition
• Add your attributes first, then your classes
Syntaxes
• Define what your data looks like
• Not extensible
• eDirectory supports LDAP equivalence of eDirectory syntaxes
• Recommendations For readability limit use of octet string
Matching Rules
• Equality Defines how two values are compared
• i.e., caseIgnoreMatch
• Ordering Used to determine if a value is greater or less
than another value
• SUBSTR Defines the way substring matches work
Attribute Types
• Attribute type is a string value containingvarious fields
• What makes up an attribute ASN.1 id - OID acts as an unique identifier Human readable name A description Matching rules Syntax Flag
• i.e., if attribute is single valued
Attribute Type Example
• (2.5.4.20• NAME ‘telephone number’• DESC ‘Standard Attribute’• EQUALITY telephoneNumberMatch• SUBSTR telephoneNumberSubstringMatch• SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
• (2.5.4.28• NAME ‘preferredDeliveryMethod’• SYNTAX 1.3.6.1.4.1.1466.115.121.1.14• SINGLE-Value )
Attribute Types
• MUST—Mandatory Attributes In LDAP these are referred to as MUST When you create an object of this type, you must populate
these attributes Cannot add MUST attributes once objects are created from
object class
• MAY—Optional Attributes In LDAP these are referred to as MAY eDirectory does not store these attributes with an object
unless they have a value You can add more optional attributes to a class after the
class is created
LDAP Attribute Options
• NO-USER-MODIFICATION Equivalent to non-removable in eDirectory
• SINGLE-VALUE Default multi-valued
• Upper Bound Specified after syntax within { }
Operational Attributes
• Standard modifyTimeStamp createTimeStamp modifersName creatorsName subschemaSubEntry
• eDirectory-Specific structuralObjectClass (baseClass) subordinateCount entryFlags
Object Class Types
• Structural—default Used to create entries
• Abstract Building block class
• Used for sub-classing
• Auxiliary Used to add attributes to existing entries
• If type is not specified, default will be structural
Object Class Definition
• ASN.1 id - Object ID (OID)• Human readable name• List of superior object classes• Identifier• List of required (MUST) attributes• List of optional (MAY) attributes
Example of Object Class Definition
• (2.5.6.6• NAME ‘person’
• SUP top
• Structural
• MUST ( sn $ cn)
• MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
Defining a New Object Class SUP=Inheritance
• This is the class you inherit from
• Your class automatically gets attributes from the parent, as well as any additional that you specify
• Multiple levels of inheritance is possible
• You can add superclasses starting in eDirectory 8.5
Naming
• The naming list specifies which attributes which can be used to name the object
• Naming can be specified in LDAP with the X-NDS_NAMING option
• Naming attribute can be multi-valued• Complete control over how to name and access the
object• Defaults (if not supplied)
Inherit from superclass definition if possible The combination of all string attributes in the MUST and
MAY lists
Containment
• Containment identifies the other object types which can contain this class
• Note that this is not the container flag• If a class is a container, it can be defined to
be able to contain itself• Containment is now modifiable in eDirectory
8.5 You can add containment
Containment (cont.)
• Containment can be specified in LDAP with the X-NDS_CONTAINMENT option
• The defaults if not supplied are Inherit from Super Class definition, if possible “C”, “L”, “O”, “OU”, and “domain”
Auxiliary Classes
• Auxiliary (or aux) classes are a collection of attributes
• Aux classes are applied at the object level
• Only the objects that need the attributes have them
• Doesn’t change the object class definition
Using Auxiliary classes
• Two steps Modify the object class of an existing object to
include the aux class name Write values to attributes as you would any
other attributes for that class
• Easy to remove Delete the aux class name from the objectClass
attribute
• Note—auxiliary classes are available from eDirectory 8 and beyond
X-NDS Class Options
• The changes you can make to class definitions using the X-NDS options are
Flags • X-NDS_NOT_CONTAINER• X-NDS_NONREMOVABLE
Containment • X-NDS_CONTAINMENT
Naming • X-NDS_NAMING
Mapping • X-NDS_NAME
• All X-NDS options have default values
X-NDS Attribute Options
• Most attribute options are flags X-NDS_PUBLIC_READ X-NDS_SERVER_READ X-NDS_NEVER_SYNC
• NDS per replica flag X-NDS_NOT_SCHED_SYNC_IMMEDIATE X-NDS_SCHED_SYNC_NEVER X-NDS_NAME_VALUE_ACCESS
• NDS write managed flag
• One other attribute option X-NDS_LOWER_BOUND
Schema Naming Recommendations
• LDAP schema name valid character set Alpha-numeric and dash First character must be alpha Nothing else
• Name format Lowercase prefix, followed by uppercase words
• Old—“MYAPP:New Attribute Name”• New—“myappNewAttributeName”
• Don’t use delimiter characters
Schema Naming Recommendations
• If you follow the naming rules, LDAP mappingfor the names are not needed
• If you haven’t followed rules in past (or future), then mappings are needed for access to schema items via LDAP
• What are mappings, anyway? Object Class objectClass
Schema Available Definitions
• LDAP ships with a subset of inetOrgPerson mapped to the eDirectory user class
• Schema extensions are available for… Full inetOrgPerson mapped to eDirectory user Full inetOrgPerson residentialPerson newPilotPerson www.novell.com/products/nds/schema/
index.html
ASN 1 OIDs and Prefixes
• What is an OID? Novell’s base OID 2.16.840.1.113719
• joint-iso-ccitt(2) country(16) us(840) organization(1) Novell(113719)
• LDAP allows access via the OID• Be sure to have OIDs for your application• How do you use your allocated sub-arc?
2.16.840.1.113719.2.<a>.4.<x>.<v> 2.16.840.1.113719.2.<a>.6.<x>.<v>
• <a> is your assigned subarc value• <x> is the sequence number you assign• <v> is the version number you assign
• Find out more about OIDs www.alvestrand.no/harald/objectid/
ASN 1 OID Registration Sites
• Find out more about OIDs www.alvestrand.no/harald/objectid/
• Sites to obtain OIDs Novell Developer Support
• developer.novell.com/• Will allocate and register a schema prefix for you,
and optionally allocate an OID sub-arc for you Internet Assigned Numbers Authority (IANA)
• www.isi.edu/cgi-bin/iana/enterprise.pl
Sample Schema Output#This LDIF file was generated by Novell's ICE and the LDIF destination handler.version: 1
dn: cn=schemachangetype: addldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.1 X-NDS_SYNTAX '9' )ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.2 X-NDS_SYNTAX '9' )ldapSyntaxes: ( 2.16.840.1.113719.1.1.5.1.6 X-NDS_SYNTAX '6' )objectClass: topobjectClass: subschemaobjectClasses: ( 2.5.6.0 NAME 'top' DESC 'Standard ObjectClass' STRUCTURAL MUST objectClass MAY (cAPublicKey $ CAPrivateKey $ certificateValidityInterval $ authorityRevocation $ lastReferencedTime $ equivalentToMe $ ACL $ backLink $ binderyProperty $ Obituary $ Reference $ revision $ certificateRevocation $ usedBy $ GUID $ otherGUID $ DirXML-Associations $ creatorsName $ modifiersName $ unknownBaseClass $ unknownAuxiliaryClass $ auditFileLink $ masvProposedLabel $ masvDefaultRange $ masvAuthorizedRange ) X-NDS_NAME 'Top' X-NDS_NONREMOVABLE '1' )objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' DESC 'Standard ObjectClass' SUP person STRUCTURAL MAY (facsimileTelephoneNumber $ l $ eMailAddress $ ou $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ st $ street $ title $ mailboxLocation $ mailboxID $ uid $ mail $ employeeNumber $ destinationIndicator $ internationaliSDNNumber $ preferredDeliveryMethod $ registeredAddress $ teletexTerminalIdentifier $ telexNumber $ x121Address $ businessCategory $ roomNumber $ x500UniqueIdentifier ) X-NDS_NAMING ('cn' 'ou' 'uid' ) X-NDS_CONTAINMENT ('organization' 'organizationalUnit’ 'domain' ) X-NDS_NAME 'Organizational Person' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )attributeTypes: ( 2.5.18.1 NAME 'createTimeStamp' DESC 'Operational Attribute' SINGLE-VALUE NO-USER-MODIFICATION SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )attributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'Standard Attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} X-NDS_NAME 'CN' X-NDS_LOWER_BOUND '1')
Sample LDIF
• dn: cn=schema• changetype: modify• add: attributetypes• attributetypes: ( 2.16.840.1.113719.1.186.4.0• NAME 'aspenCourseName'• DESC 'The name of the course'• SYNTAX
1.3.6.1.4.1.1466.115.121.1.15• SINGLE-VALUE• )
If not present, this creates “testAttr1”, then adds a mapping to the just created or existing “Test Attr 1” attribute
LDIF File Example—inetOrgPerson# Full definition of the standard inetOrgPerson
# as a separate class
version: 1
#Delete the existing class mapping "inetOrgPerson ==> User" class to allow "inetOrgPerson ==> inetOrgPerson".
dn: cn=schema
changetype: modify
delete: objectclasses
objectclasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' X-NDS_NAME 'User')
# Add the inetOrgPerson object class - 17
dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' SUP organizationalPerson MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledUri $ mail $ manager $ mobile $ pager $ ldapPhoto $ preferredLanguage $ roomNumber $ secretary $ uid $ userCertificate $ userSMIMECertificate $ x500UniqueIdentifier $ displayName ) X-NDS_CONTAINMENT ( 'country' 'locality' 'organizationalUnit' 'organization' 'domain' ) X-NDS_NAMING ( 'cn' 'uid' 'givenName' 'mail' 'sn' ) )
Schema Changes in eDirectory 8.5
• Some attributes made public read, some made multivalued• New classes defined—domain and ndsLoginProperties• Syntax changed on existing attributes • Several classes changed to be containers• Some changed to be effective or added domain containment• O and OU added ndsLoginProperties• Device class now effective• Operational attributes
creatorsName modifiersName modifyTimeStamp createTimeStamp
Schema Changes in eDirectory 8.6
• Unlimited LDAP schema name size—up to 63K long (was previously 64 characters)
• Ability to have more that 63K total worth of schema name mappings (depending on size of names, was limited to less than 2000 mappings)
• Ability to save and retrieve the description field from a schema definition
• New schema definitions for dynamic groups and for persistent search
Schema Changes in eDirectory 8.7
Informational Draft
• LDAP Schema for eDirectory document
http://search.ietf.org/internet-drafts/
The Novell Import Convert Export Tool
• Features Client/server (remote) architecture LDIF import LDIF export Data migration between LDAP servers Efficient
• Availability Included with eDirectory 8.5
• ConsoleOne® snap-in Included in Novell Developer Kit (NDK)
in C Libraries for LDAP• Command line only (developer use)
Architecture
ICE Engine
• Orchestrates the interaction between source and destination handler
• Provides logging facility• Provides an “error LDIF logging” facility
Writes all records that fail to an output file in LDIF format
Used to help debug import or export sessions
Can aid in dealing with “rogue” records
Currently Available Handlers
• Source Handlers LDIF
• Reads in a LDIF data file LDAP
• Performs searches and retrieves LDAP data
• Destination Handlers LDIF
• Writes to an LDIF data file LDAP
• Writes to an LDAP server• Supports—LBURP (up to 10 times faster adds), forward
references, hashed passwords, and more
What Handlers Are Comingin the Future?
• Source Handlers DELIM
• Reads in data from a delimited file DirLoad
• Generates data from a template and data files• For creating test trees and environments
ECM• Generates a LDAP record from an LDAP search• For example you can create a group from all users
that are from Provo (L: Provo) SCH
• Reads in data from a SCH file (SCH files are legacy NDS schema data files)
What Handlers Are Comingin the Future? (cont.)
• Destination Handlers DELIM
• Writes to a delimited data file
Novell eDirectory Development Options
• Broad range of SDKs available Pick appropriate SDK based on
• Information needed from Novell eDirectory– Are you looking for data from eDirectory or to
manage the directory itself?
• Operations you want to perform on eDirectory
• Your preferred programming language• Protocol preference
– LDAP– NDAP– HTTP
Novell LDAP Developer’s Guide
To Learn More About LDAP
• www.LDAPZone.com• Novell LDAP Developer Guide• Novell NDS Developer Guide
• DeveloperNet® University http://developer.novell.com/education/
• http://developer.novell.com/nds/• http://developer.novell.com/nds/ndsldap.htm• http://developer.novell.com/ndk/doc/ldapover/
The LDAP Community
• IETF LDAP discussions and proposals • www.ietf.org• www.ietf.org/maillist.html
• IETF announcement list– E-mail: [email protected] – subj: subscribe – body: subscribe
• IETF general discussion list– E-mail: [email protected] – subj: subscribe– body: subscribe