S 2.239 Planning the use of Novell eDirectory on the Intranet

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Head of IT, Administrator

eDirectory is suitable as a management product for the IT resources of an organisation. For this, the organisation's hierarchy is mapped to an eDirectory tree and access to the objects stored in the directory is assigned accordingly. Automatisms such as the inheritance of access authorisations regarding sub-trees and the configuration of user groups (organisational roles) may facilitate the administration of the directory system.

eDirectory can be operated on different server platforms: Netware, Windows NT/2000, Linux, and Sun Solaris.

In addition to the LDAP access to the eDirectory generally available to all applications, Novell offers specific client software allowing for resource and user management in the eDirectory for certain systems. These systems include:

• Novell client for Windows (currently - February 2002 - in version 4.83 for Windows NT/2000/XP and version 3.31 for Windows 95/98/ME),
• Novell user account management software for Solaris and Linux on Intel platforms.

At the same time, eDirectory may also be used for authenticating Netware servers and for controlling the access to volumes stored there.

The following aspects must be planned when configuring an eDirectory directory service in the intranet:

• the directory tree and the mapping of the IT resources in it,
• the object classes to be used, as well as their sets of attributes,
• planning of a scheme change, if necessary,
• the configuration of users and user groups (see S 2.30 Provisions governing the configuration of users and of user groups),
• the connection of users to the eDirectory (see S 4.157 Setting of access authorisations to Novell eDirectory),
• the access rights of users to the eDirectory (see S 4.157 Setting of access authorisations to Novell eDirectory),
• the administration concept for the eDirectory (see S 3.29 Training on the administration of Novell eDirectory),
• partitioning and replication (see S 2.237 Planning of partitioning and replication in Novell eDirectory),
• the certificate service (see S 4.155 Secure configuration of the Novell eDirectory),
• the client connection to the eDirectory (see S 4.156 Secure configuration of the Novell eDirectory client software),
• the LDAP access to the eDirectory using network applications (see S 4.158 Setting of the LDAP access to Novell eDirectory),
• the encryption of the network traffic,
• the data synchronisation with third party directory services using DirXML,
• the use of the Service Location Protocol (SLP),
• audits (see S 4.160 Monitoring of Novell eDirectory),
• an automated and logged periodic backup (see also S 6.81 Creation of data backups for Novell eDirectory),
• the contingency planning for system failure (see also S 6.106 Creation of a business continuity plan for the failure of a directory service).

Review questions:

• Has it been defined in the plan regarding the use of the eDirectory in the intranet how the IT resources of the organisation are mapped in the directory tree?
• Have the object classes to be used and their sets of attributes of the eDirectory directory service in the intranet been defined?
• Has it been clarified whether and how the network traffic of the eDirectory directory service is encrypted?