Ease of Management through ConsoleOne

eDirectory allows for easy, powerful, and flexible management of network resources. It also serves as a repository of user information for groupware and other applications. These applications access your directory through the industry-standard Lightweight Directory Access Protocol (LDAP).

eDirectory ease-of-management features include a powerful tree structure, an integrated management utility, and single login and authentication.

The management console for eDirectory is ConsoleOne which is a 100-percent Java*, directory-enabled framework for running Novell network administration utilities. Management applications are snapped into ConsoleOne, which provides an intuitive graphical interface and a single point of control for all network administration and management functions. The Novell snap-ins to ConsoleOne fully leverage eDirectory to enable role-based administration and greater levels of security.

For more information, refer to ConsoleOne User Guide.

Powerful Tree Structure

eDirectory organizes objects in a tree structure, beginning with the top Tree object, which bears the tree's name.

Whether your eDirectory servers are running NetWare^®, UNIX*, or Windows* NT*/2000, all resources can be kept in the same tree. You won't need to access a specific server or domain to create objects, grant rights, change passwords, or manage applications.

The hierarchical structure of the tree gives you great management flexibility and power. These benefits primarily result from two features: container objects and inheritance.

The [Root] object, which was used in earlier versions of eDirectory, has been renamed Tree as shown in Figure 3.

Figure 3
Tree Object in ConsoleOne

Container Objects

Container objects allow you to manage other objects in sets, rather than individually. There are three common classes of container objects as seen in Figure 4:

Figure 4
Common Classes of Container Objects

Tree object icon The Tree object is the top container object in the tree. It usually contains your company's Organization object.

Organization object icon Organization is normally the first container class under the Tree object. The Organization object is typically named after your company. Small companies keep management simple by having all other objects directly under the Organization object.

Organizational Unit object icon Organizational Unit objects can be created under the Organization to represent distinct geographical regions, network campuses, or individual departments. You can also create Organizational Units under other Organizational Units to further subdivide the tree.

Other classes of container objects are Country and Locality, which are typically used only in multinational networks.

Domain icon The Domain object is new to eDirectory 8.6 and can be created under the Tree object or under Organization, Organizational Unit, Country, and Locality objects.

You can perform one task on the container object that applies to all objects within the container. Suppose you want to give a user named Amy complete management control over all objects in the Accounting container. See Figure 5.

Figure 5
Container Object in ConsoleOne

To do this, right-click the Accounting object > select Trustees of This Object > add Amy as a trustee. Next, select the rights you want Amy to have > click OK. Now Amy has rights to manage the Database application, the Bookkeepers group, the LaserPrinter printer, and the users Amy, Bill, and Bob.

Inheritance

Another powerful feature of eDirectory is rights inheritance. Inheritance means that rights flow down to all containers in the tree. This allows you to grant rights with very few rights assignments. For example, suppose you want to grant management rights to the objects shown in Figure 6.

Figure 6
Sample Objects in ConsoleOne

You could make any of the following assignments:

If you grant a user rights to Allentown, the user can only manage objects in the Allentown container.

If you grant a user rights to East, the user can manage objects in the East, Allentown, and Yorktown containers.

If you grant a user rights to YourCo, the user can manage any objects in any of the containers shown.

For more information on assigning rights, see eDirectory Rights.

Integrated Management Utility (ConsoleOne)

ConsoleOne is a utility for managing the entire network. It is like a central console with controls for every aspect of the network.

You can use ConsoleOne on a Windows 95, 98, or NT computer, on a NetWare server, or on a UNIX system to perform the following supervisory tasks:

Configure LDAP- and XML-based access to eDirectory

Create objects representing network users, devices, and resources

Define templates for creating new user accounts

Find, modify, move, and delete network objects

Define rights and roles to delegate administrative authority

Extend the eDirectory schema to allow custom object types and properties

Partition and replicate the eDirectory database across multiple servers

Manage files and folders on NetWare volumes

ConsoleOne is an extensible framework that you can use to perform other management functions based on the application snap-ins that have been loaded in to ConsoleOne. For more information, see "Administration Basics" in ConsoleOne User Guide.

The following is a list of eDirectory snap-ins to ConsoleOne:

NDS^® Import/Export Wizard

Novell Certificate Server^TM

NDS Administration

NDS Partition and Replication

Novell Reporting Services

Filtered Replica Configuration Wizard

Service Location Protocol (SLP)

Index Manager

Novell LDAP (NLDAP)

NDS Wanman

Single Login and Authentication

With eDirectory, users log in to a global directory, so you don't need to manage multiple server or domain accounts for each user, and you don't need to manage trust relationships or pass-through authentication among domains.

A security feature of the directory is authentication of users. Before a user logs in, a User object must be created in the directory. The User object has certain properties, such as a name and password.

When the user logs in, eDirectory checks the password against the one stored in the directory for that user and grants access if they match.