ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins.Read more for important details.

Using IDM to sync Users to Apple Open Directory

Absent Member.
Absent Member.
0 3 4,005
0 Likes
Further to my last post, I thought I would start to talk about the solution we have built to connect eDirectory to Apples Open Directory. In fact this could be used to connect any IDM connected system to the Apple directory.

Below is a high level overview of the process of user creation and log in.


Click to view.



1.User Creation User is created into Identity Vault

2.User is created in File & Print Tree.

User account is synced to the eDirectory on the OESv2 Linux server Providing user access to the following services: iFolder, iPrint Other Novell services in eDirectory.

3.User is SAMBA Enabled.

Using the Identity Scripting driver and Samba linux command line, the user account is enabled for Samba access. Providing access to: Samba Shares Home Directory.

Please note: AFP / CIFS will be used once OESv2 Support Pack 1 is released. Using these native protocols will eliminate the need for scripting driver.

4.User is created in Open Directory.

The Identity Scripting driver & Apple scripts are used to create the user in Apple Open Directory on OSX 10.5.x. The scripts also set: User password (set from eDirectory password) and Apple Unique ID. User now has access to Apple services on OSX 10.5.x

5.User Attributes are synced to Open Directory.

The Novell Identity Management LDAP Connector is used to sync the users attributes to and from eDirectory & Apple Open Directory. These include: User Full Name, Home Directory details and Group Memberships.

6.User logs into OSX using Open Directory.

Using the Directory Utility on OSX an LDAP connection is set up between workstations and the Apple Open Directory Server. Users log into Apple Open Directory, using their Apple ID and password.

7.User is connected to File Share. Using SMB connection the users home directory is mounted during the log in process.

We are still in the process of documenting this solution with more technical details. We are also working with Apple engineering to look at areas where we could simplify the solution.
3 Comments
Absent Member.
Absent Member.
Why do you use the Scripting driver? I assume NOT with the remote loader on the Mac (since I do not recall there being a Mac RL for that driver). To run scripts on a third box (SLES/OES I imagine) that call out to the Open Directory server to create the user?

Could you not use a Java call to run an executable on RL host for the LDAP driver instead? (Scripting is an extra licensing cost for most customers).
Absent Member.
Absent Member.
IDM is an extra cost for most users too. I'm very interested to see the final outcome of this project. Good documentation on implementing this solution would be greatly appreciated. 🙂
Absent Member.
Absent Member.
While you cannot use the bundled edition to do this, if you are large enough to need a solution like this, you probably are large enough to need and use IDM as well! (But that is only my opinion).
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.