Admin Guide

Penrose Virtual Directory 2.0

Admin Guide

Edition 2.0

Legal Notice

Copyright © 2009 Red Hat, Inc. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0 or later. The latest version of the OPL is presently available at

Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other countries.

All other trademarks referenced herein are the property of their respective owners.

1801 Varsity Drive
RaleighNC 27606-2072USAPhone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588Research Triangle ParkNC 27709USA

Released March 27, 2009

About This Guide
1. Content Overview
2. Examples and Formatting
3. Additional Reading
4. Samples Files
1. Overview of Penrose Virtual Directory
1.1. Explaining Virtual Directories
1.2. Looking at Penrose Virtual Directory
1.3. Planning Penrose Virtual Directory
1.3.1. Identifying Current Data Sources
1.3.2. Configuring a Virtual Directory through Partitions
1.3.3. Joining LDAP, NIS, and Active Directory Servers through Identity Federation
1.3.4. Synchronizing Active Directory and Other LDAP Services
1.3.5. Migrating from NIS Servers to LDAP Servers
1.3.6. Migrating to Red Hat IPA
1.3.7. Planning Authentication
2. Installing Penrose Virtual Directory
2.1. Supported Platforms
2.2. Required Software
2.3. Installing Penrose Server
2.4. Installing Additional Libraries
2.5. Installing Additional Security Providers
2.5.1. Bouncy Castle Security Provider
2.5.2. JCE Unlimited Strength Jurisdiction Policy Files
2.6. Uninstalling Penrose Server
2.7. Upgrading Penrose Virtual Directory
3. Basic Usage
3.1. Starting the Service
3.2. Configuring Penrose Server to Run as a Service
3.3. Configuring Penrose Server Host System Properties
3.3.1. Configuring the Host System Properties in Penrose Studio
3.3.2. Configuring the Host System Properties in the Configuration File
3.4. Setting up the Admin User
3.4.1. Editing the Admin User in Penrose Studio
3.4.2. Editing the Admin User in the Configuration File
3.5. Configuring and Viewing Logs
3.5.1. Configuring Log Settings
3.5.2. Access Logs
3.5.3. Error Logs
3.5.4. Debug Logs
3.6. Configuring Penrose Virtual Directory for SSL
3.6.1. Configuring SSL for Backend Sources
3.6.2. Configuring SSL for Frontend Services
3.7. Running Penrose Server Outside a Firewall
4. Using Penrose Studio
4.1. Installing Penrose Studio
4.1.1. Supported Platforms
4.1.2. Installing Penrose Studio on Red Hat Enterprise Linux
4.1.3. Installing Penrose Studio on Windows
4.2. Starting Penrose Studio
4.2.1. Starting Penrose Studio on Red Hat Enterprise Linux
4.2.2. Starting Penrose Studio on Windows
4.3. Looking at Penrose Studio
4.4. Editing, Copying, and Deleting Entries
4.4.1. Viewing and Editing Entries
4.4.2. Deleting Entries
4.4.3. Copying Entries to Another Penrose Server Instance
4.5. Browsing the LDAP Directory
5. Managing Partitions
5.1. About Partitions
5.2. Adding Partitions
5.3. Exporting and Importing Partitions
5.3.1. Exporting Partitions in Penrose Studio
5.3.2. Importing Partitions in Penrose Studio
5.3.3. Exporting and Importing Partitions in the Command Line
5.4. Starting and Stopping Partitions
5.5. Using Custom Java Classes
6. Configuring Connections
6.1. About Connections
6.2. Adding a NIS Adapter
6.3. Creating Connections in Penrose Studio
6.4. Editing Connections in Penrose Studio
6.5. Creating and Editing Connections Manually
7. Configuring Data Sources
7.1. About Data Sources
7.2. Configuring Sources in Penrose Studio
7.3. Creating and Editing Sources Manually
8. Configuring the Virtual Directory
8.1. About the Virtual Directory Tree and Handling Entries
8.2. Creating and Editing the Virtual Subtrees
8.2.1. Creating the Virtual Directory in Penrose Studio
8.2.2. Editing the Virtual Directory in Penrose Studio
8.2.3. Configuring the Virtual Directory Manually
8.3. Creating Special Directory Entries
8.4. Duplicating Existing LDAP Servers
8.4.1. Mapping an LDAP Tree
8.4.2. Mapping the Root DSE
8.4.3. Mapping Active Directory Schema
8.5. Using Proxy Services
8.5.1. Creating an LDAP Proxy
8.5.2. Configuring an LDAP Proxy Manually
8.5.3. Configuring Authentication for Proxies
8.6. Setting Access Controls on the Virtual Directory
8.6.1. Placing ACIs and ACI Inheritance
8.6.2. Default ACIs
8.6.3. Setting Access Controls in Penrose Studio
8.6.4. Setting Access Controls Manually
9. Mapping Entries and Attributes
9.1. Planning How to Map Entries
9.1.1. Basic Mapping
9.1.2. Nested Mapping
9.1.3. Joined Mapping
9.2. Creating a Single Subtree from Multiple Sources
9.3. Configuring Basic Mapping
9.3.1. Configuring Basic Mapping in Penrose Studio
9.3.2. Configuring Basic Mapping Manually
9.4. Configuring Nested Mapping
9.4.1. Creating a Nested Mapping in Penrose Studio
9.4.2. Creating a Nested Mapping Manually
9.5. Joining Entities into a Single Virtual Entry
9.5.1. Setting up Join Mapping in Penrose Studio
9.5.2. Manually Joining Entries
9.6. Creating Advanced Mappings
9.6.1. Mapping Attribute Fields
9.6.2. Using Scripts
9.6.3. Mapping Attribute Fields and Scripts Manually
10. Configuring Identity Federation
10.1. About Identity Federation
10.2. Creating the Federation Domain
10.3. Creating Templates
10.3.1. Creating Global Templates
10.3.2. Creating LDAP Templates
10.3.3. Creating NIS-Related Templates
10.4. Adding LDAP Local Repositories through Penrose Studio
10.5. Adding NIS Local Repositories Using Penrose Studio
10.6. Linking Identities
10.7. Resolving UID and GID Conflicts
10.8. Checking File Ownership with the Ownership Alignment Tool
10.9. Synchronizing (or Migrating) NIS Data to LDAP
11. Configuring Modules
11.1. Adding Modules
11.1.1. Adding Modules in Penrose Studio
11.1.2. Adding Modules Manually
11.2. Mapping Modules to Data Entries
11.3. Enabling and Disabling Modules
12. Using Services with Penrose Virtual Directory
12.1. About Services in Penrose Virtual Directory
12.2. Configuring Additional Services
12.2.1. Adding Services in Penrose Studio
12.2.2. Adding and Editing Services Manually
12.3. Enabling and Disabling Services
13. Customizing Schema
13.1. About Directory Schema
13.2. Default Schema Elements and Files
13.3. Creating Custom Schema
13.4. Exporting Schema
13.5. Importing Schema Files
13.6. Loading a Schema File Manually
13.7. Converting the Schema Formatting from OpenLDAP to OpenDS
14. Configuring Cache
14.1. About Penrose Cache Types
14.2. Using In-Memory Cache
14.3. Disabling Cache
A. Using Penrose Virtual Directory Command-Line Tools
A.1. Tool Locations