This article summarizes the fundamentals of LUM - Linux User Management of OES Server - Open Enterprise Server and how to implement it, this is applicable to other Linux Distributions as well.
Fundementals
- Some Services on Linux require eDirectory users to be Linux Local users to get use of it, such as Novell Samba, ftp, rsh, login and Novell Remote Manager.
- Linux Users and groups are managed through POSIX standard Accounts.
- Users and Groups are managed through eDirectory Accounts.
- LUM enables eDirectory Accounts to be POSIX accounts to enable eDirectory Users access to Linux Server.
- POSIX Accounts has standard attributes (username, password, uid, gid, Homedirectory, shell, comment)
- When Users become LUM enabled, PAM make it possible for eDir Users to authenticate to OES Server using LDAP.
- Services like NCP Server, NSS, iFolder, and other Web Services doesn't require eDir users to be LUM enabled, but have some LUM Requirements.
- If NCP Volumes point to other partitions than NSS, the user should be LUM enabled to access all features.
- NSS: If protocols other than NCP access NSS, then eDirectory users should be LUM Enabled.
- QuickFinder, iFolder, Web Services: These services configured to run as POSIX Accounts, If Services run on NSS volumes all users should be LUM Enabled.
- Each LUM Enabled user should be associated with a LUM enabled Group. (eDir admin is enabled by default)
Implementation
- Decide which users will be LUM enabled based on access services through users.
- Installing all OES servers in the tree prior enabling Users for LUM on Multiple Servers.
- LUM enabled group associated to the UNIX Config object or individual UNIX Workstation object, must be created before enable users for LUM.
- LUM enabled group should be associated to UNIX Config object in case of enabled LUM users on multiple OES Servers.
- Created LUM Enabled users can be Samba enabled during the creation.
- iManager should be used for password changes for users.
1) Create LUM Enabled Group
- Create new group - iManager - LUM Category - Enable Group for LUM
- Associate the group to UNIX Workstation if users will be LUM enabled on this server only or to UNIX Config object if users are enabled on multiple servers.
- we can enter multiple UNIX workstation objects for the group, so that, users will be enabled on specific servers.
2) Create Users
- Create new user - iManager - LUM Category - Enable User for LUM.
- Enable User for Samba if required.
Cheers,
Ashraf Abdelazim