Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Red Hat Directory Server 7.1: Page 3 of 5





The RH Console



Click to Enlarge

Large-scale directory population is best accomplished by importing data in LDIF (LDAP Interchange Format). If there's a problem, as I experienced, the process provides and saves excellent feedback about any data that can't be imported in a separate file for troubleshooting. I checked out the feedback, and after a quick reconfiguration of my directory, 650 pieces of information instantly imported into my empty directory.

Directory Server's ACIs (access-control instructions) let you configure security as granularly as you'll ever need. From the point-and-click interface, I designed ACIs with user access limits, including types of access, access targets, hosts from which access is gained and a schedule of when access is allowed.

Directory Server's manual recommends adding ACIs en masse through an LDIF import, but the syntax can cause confusion if you're not familiar with LDAP. Thankfully, Red Hat provides extensive documentation on the LDIF ACI syntax.

I configured the RHEL 4 client to retrieve user authentication information from Directory Server. On modern Linux distributions, this type of setup is simple and requires only two checkboxes, though older RHEL distributions or similar may require more advanced configuration to make this work. On the server side, I used the Console to modify the account profile to include the proper UID, GID and home directory in the Posix User tab obtained from the local RHEL 4 client. Then I logged out of my current user and logged in with the "John Doe" user credentials previously set up. As my user, I set up the Evolution e-mail client to use the Directory Server as an LDAP-based address book. When I created a message, the option to search the LDAP directory was enabled, and typing in "Doe" led me to John Doe's e-mail address in the directory.