Penrose Virtual Directory 2.0 Release Notes
Copyright © 2009 Red Hat, Inc.
Copyright © 2009 Red Hat, Inc. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0 or later. The latest version of the OPL is presently available at http://www.opencontent.org/openpub/.
Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other countries.
All other trademarks referenced herein are the property of their respective owners.
1801 Varsity Drive
Raleigh, NC 27606-2072USAPhone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588Research Triangle Park, NC 27709USA
Released March 27, 2009
These Release Notes contain important information about Penrose Virtual Directory 2.0, including overviews of new features, installation notes, and known issues.
Penrose Virtual Directory has three important components: Penrose Server, client tools to help manage the server, and Penrose Studio, a user interface to help manage Penrose Server.
A virtual directory creates a consolidated, high-level directory view from different sources of information. Information from different sources are consolidated into a single, LDAP-style directory structure, with virtual object classes and attributes populated by the information in different sources. The data doesn't have to be copied from one application to another; Penrose Virtual Directory uses mappings pull information from the entries and generate the new, virtual entry on the fly.
Penrose Virtual Directory is a simple and flexible way to make accessing information across a network environment easier, whether this involves a new view of LDAP and database sources, bridging between Active Directory and other LDAP servers, or performing an easier NIS migration.
Penrose Virtual Directory 2.0 enhances and expands its virtual directory operations, introduces synchronization and migration tools for NIS, allows identity federation for user entries in multiple types of sources, and offers an improved user interface.
In the virtual directory, there has to be some way to relate the attributes in the source — which could be an Active Directory server, NIS domain, or database — to the OpenLDAP-style directory attributes. This is accomplished through fields and mappings for virtual directory sources, which map the attribute in the source (field) to the virtual directory entry.
Penrose Virtual Directory 2.0 supports advanced mappings which can run scripts to transform the source data before it is carried into the virtual directory entry or after the entry is generated.
Penrose Virtual Directory 2.0 expands and strengthens its identity federation feature.
Regular virtual directory mappings require that at sources share at least one attribute value in common; this shared value is the way that the virtual directory server recognizes what identities to join to form the virtual entry.
Identity federation, or identity linking, is a way to create a single combined identity when the data sources do not share a common attribute. An administrator can manually identify entries the entries to link togetner in LDAP, Active Directory, or NIS sources. These identities are then copied into a centralized repository and synchronized.
Penrose Virtual Directory 2.0 introduces a new directory structure for identity federation, new modules to handle identity linking, caching, and user and group synchronization, and tools to resolve ID number collisions and change file and directory ownership based on reassigned ID numbers.
When users have multiple accounts on multiple servers, it is very likely that user and group ID numbers are not uniformly asigned. With isolated and local servers, that isn't a problem. As the different identities are grouped into a single global repository, however, there can be conflicts when two users share the same IDs or when a single user has multiple IDs. Two tools are available in Penrose Virtual Directory 2.0, UID Conflict Detection and GID Conflict Detection, to help manage ID numbers in the global repository used for identity federation.
When UID/GID conflicts are resolved, the file permissions on NIS servers may be out of sync. This tool identifies and lists all of the files and directories affected by UID/GID conflict detection, which allows administrators to reset file permissions easily.
Identity federation is supported for three types of sources: Active Directory servers, LDAPv3-compliant servers like Red Hat Directory Server, and NIS servers and clients. Because the federated identities are stored in a new, separate global repository, identity federation can be used to migrate NIS domains to Active Directory or other LDAP servers. To help with that, identity federation also includes tools for NIS synchronization, to manually copy new entries or modifications from the NIS domain into the global repository.
The entire user interface has been redesigned, with simplified and easier to navigate menus and a clear hierarchy to view virtual directory entries, browse virtual and real LDAP directories, and configure Penrose Server by adding entries, importing and exporting schema, and managing services.
There have also been numerous bug fixes and design enhancements to make using Penrose Studio easier.