Admin Guide

Next

Penrose Virtual Directory 2.0

Admin Guide

Edition 2.0

Copyright © 2009 Red Hat, Inc.

Legal Notice

Copyright © 2009 Red Hat, Inc. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0 or later. The latest version of the OPL is presently available at http://www.opencontent.org/openpub/.

Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other countries.

All other trademarks referenced herein are the property of their respective owners.

1801 Varsity Drive
Raleigh, NC 27606-2072USAPhone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588Research Triangle Park, NC 27709USA

Released March 27, 2009

About This Guide

1. Content Overview
2. Examples and Formatting
3. Additional Reading
4. Samples Files

1. Overview of Penrose Virtual Directory

1.1. Explaining Virtual Directories

1.2. Looking at Penrose Virtual Directory

1.3. Planning Penrose Virtual Directory

1.3.1. Identifying Current Data Sources
1.3.2. Configuring a Virtual Directory through Partitions
1.3.3. Joining LDAP, NIS, and Active Directory Servers through Identity Federation
1.3.4. Synchronizing Active Directory and Other LDAP Services
1.3.5. Migrating from NIS Servers to LDAP Servers
1.3.6. Migrating to Red Hat IPA
1.3.7. Planning Authentication

2. Installing Penrose Virtual Directory

2.1. Supported Platforms

2.2. Required Software

2.3. Installing Penrose Server

2.4. Installing Additional Libraries

2.5. Installing Additional Security Providers

2.5.1. Bouncy Castle Security Provider
2.5.2. JCE Unlimited Strength Jurisdiction Policy Files

2.6. Uninstalling Penrose Server

2.7. Upgrading Penrose Virtual Directory

3. Basic Usage

3.1. Starting the Service

3.2. Configuring Penrose Server to Run as a Service

3.3. Configuring Penrose Server Host System Properties

3.3.1. Configuring the Host System Properties in Penrose Studio
3.3.2. Configuring the Host System Properties in the Configuration File

3.4. Setting up the Admin User

3.4.1. Editing the Admin User in Penrose Studio
3.4.2. Editing the Admin User in the Configuration File

3.5. Configuring and Viewing Logs

3.5.1. Configuring Log Settings
3.5.2. Access Logs
3.5.3. Error Logs
3.5.4. Debug Logs

3.6. Configuring Penrose Virtual Directory for SSL

3.6.1. Configuring SSL for Backend Sources
3.6.2. Configuring SSL for Frontend Services

3.7. Running Penrose Server Outside a Firewall

4. Using Penrose Studio

4.1. Installing Penrose Studio

4.1.1. Supported Platforms
4.1.2. Installing Penrose Studio on Red Hat Enterprise Linux
4.1.3. Installing Penrose Studio on Windows

4.2. Starting Penrose Studio

4.2.1. Starting Penrose Studio on Red Hat Enterprise Linux
4.2.2. Starting Penrose Studio on Windows

4.3. Looking at Penrose Studio

4.4. Editing, Copying, and Deleting Entries

4.4.1. Viewing and Editing Entries
4.4.2. Deleting Entries
4.4.3. Copying Entries to Another Penrose Server Instance

4.5. Browsing the LDAP Directory

5. Managing Partitions

5.1. About Partitions

5.2. Adding Partitions

5.3. Exporting and Importing Partitions

5.3.1. Exporting Partitions in Penrose Studio
5.3.2. Importing Partitions in Penrose Studio
5.3.3. Exporting and Importing Partitions in the Command Line

5.4. Starting and Stopping Partitions

5.5. Using Custom Java Classes

6. Configuring Connections

6.1. About Connections
6.2. Adding a NIS Adapter
6.3. Creating Connections in Penrose Studio
6.4. Editing Connections in Penrose Studio
6.5. Creating and Editing Connections Manually

7. Configuring Data Sources

7.1. About Data Sources
7.2. Configuring Sources in Penrose Studio
7.3. Creating and Editing Sources Manually

8. Configuring the Virtual Directory

8.1. About the Virtual Directory Tree and Handling Entries

8.2. Creating and Editing the Virtual Subtrees

8.2.1. Creating the Virtual Directory in Penrose Studio
8.2.2. Editing the Virtual Directory in Penrose Studio
8.2.3. Configuring the Virtual Directory Manually

8.3. Creating Special Directory Entries

8.4. Duplicating Existing LDAP Servers

8.4.1. Mapping an LDAP Tree
8.4.2. Mapping the Root DSE
8.4.3. Mapping Active Directory Schema

8.5. Using Proxy Services

8.5.1. Creating an LDAP Proxy
8.5.2. Configuring an LDAP Proxy Manually
8.5.3. Configuring Authentication for Proxies

8.6. Setting Access Controls on the Virtual Directory

8.6.1. Placing ACIs and ACI Inheritance
8.6.2. Default ACIs
8.6.3. Setting Access Controls in Penrose Studio
8.6.4. Setting Access Controls Manually

9. Mapping Entries and Attributes

9.1. Planning How to Map Entries

9.1.1. Basic Mapping
9.1.2. Nested Mapping
9.1.3. Joined Mapping

9.2. Creating a Single Subtree from Multiple Sources

9.3. Configuring Basic Mapping

9.3.1. Configuring Basic Mapping in Penrose Studio
9.3.2. Configuring Basic Mapping Manually

9.4. Configuring Nested Mapping

9.4.1. Creating a Nested Mapping in Penrose Studio
9.4.2. Creating a Nested Mapping Manually

9.5. Joining Entities into a Single Virtual Entry

9.5.1. Setting up Join Mapping in Penrose Studio
9.5.2. Manually Joining Entries

9.6. Creating Advanced Mappings

9.6.1. Mapping Attribute Fields
9.6.2. Using Scripts
9.6.3. Mapping Attribute Fields and Scripts Manually

10. Configuring Identity Federation

10.1. About Identity Federation

10.2. Creating the Federation Domain

10.3. Creating Templates

10.3.1. Creating Global Templates
10.3.2. Creating LDAP Templates
10.3.3. Creating NIS-Related Templates

10.4. Adding LDAP Local Repositories through Penrose Studio

10.5. Adding NIS Local Repositories Using Penrose Studio

10.6. Linking Identities

10.7. Resolving UID and GID Conflicts

10.8. Checking File Ownership with the Ownership Alignment Tool

10.9. Synchronizing (or Migrating) NIS Data to LDAP

11. Configuring Modules

11.1. Adding Modules

11.1.1. Adding Modules in Penrose Studio
11.1.2. Adding Modules Manually

11.2. Mapping Modules to Data Entries

11.3. Enabling and Disabling Modules

12. Using Services with Penrose Virtual Directory

12.1. About Services in Penrose Virtual Directory

12.2. Configuring Additional Services

12.2.1. Adding Services in Penrose Studio
12.2.2. Adding and Editing Services Manually

12.3. Enabling and Disabling Services

13. Customizing Schema

13.1. About Directory Schema
13.2. Default Schema Elements and Files
13.3. Creating Custom Schema
13.4. Exporting Schema
13.5. Importing Schema Files
13.6. Loading a Schema File Manually
13.7. Converting the Schema Formatting from OpenLDAP to OpenDS

14. Configuring Cache

14.1. About Penrose Cache Types
14.2. Using In-Memory Cache
14.3. Disabling Cache

A. Using Penrose Virtual Directory Command-Line Tools

A.1. Tool Locations
A.2. cache.sh
A.3. connection.sh
A.4. module.sh
A.5. monitor.sh
A.6. nis.sh
A.7. partition.sh
A.8. schema.sh
A.9. source.sh

NextAbout This Guide