All Content is under CCC License, Read MORE

LUM - Linux User Management Fundamentals

Details

This article summarizes the fundamentals of LUM - Linux User Management of OES Server - Open Enterprise Server and how to implement it, this is applicable to other Linux Distributions as well.

Fundementals

  • Some Services on Linux require eDirectory users to be Linux Local users to get use of it, such as Novell Samba, ftp, rsh, login and Novell Remote Manager.
  • Linux Users and groups are managed through POSIX standard Accounts.
  • Users and Groups are managed through eDirectory Accounts.
  • LUM enables eDirectory Accounts to be POSIX accounts to enable eDirectory Users access to Linux Server.
  • POSIX Accounts has standard attributes (username, password, uid, gid, Homedirectory, shell, comment)
  • When Users become LUM enabled, PAM make it possible for eDir Users to authenticate to OES Server using LDAP.
  • Services like NCP Server, NSS, iFolder, and other Web Services doesn't require eDir users to be LUM enabled, but have some LUM Requirements.
  • If NCP Volumes point to other partitions than NSS, the user should be LUM enabled to access all features.
  • NSS: If protocols other than NCP access NSS, then eDirectory users should be LUM Enabled.
  • QuickFinder, iFolder, Web Services: These services configured to run as POSIX Accounts, If Services run on NSS volumes all users should be LUM Enabled.
  • Each LUM Enabled user should be associated with a LUM enabled Group. (eDir admin is enabled by default)

Implementation

  • Decide which users will be LUM enabled based on access services through users.
  • Installing all OES servers in the tree prior enabling Users for LUM on Multiple Servers.
  • LUM enabled group associated to the UNIX Config object or individual UNIX Workstation object, must be created before enable users for LUM.
  • LUM enabled group should be associated to UNIX Config object in case of enabled LUM users on multiple OES Servers.
  • Created LUM Enabled users can be Samba enabled during the creation.
  • iManager should be used for password changes for users.

1) Create LUM Enabled Group 

  • Create new group - iManager - LUM Category - Enable Group for LUM
  • Associate the group to UNIX Workstation if users will be LUM enabled on this server only or to UNIX Config object if users are enabled on multiple servers.
  • we can enter multiple UNIX workstation objects for the group, so that, users will be enabled on specific servers.

2) Create Users

  • Create new user - iManager - LUM Category - Enable User for LUM.
  • Enable User for Samba if required.

 

Cheers,

Ashraf Abdelazim 

Articles

Open Source Articles

MySQL - RDBMS - Technical Overview

Linux Firewalls: SELinux and Novell AppArmor

LUM - Linux User Management Fundamentals

Login Form