33.1 Setting Up Workstations to Use eDirectory Authentication
Before users can use their eDirectory usernames and passwords to log in, the
SUSE Linux Enterprise Desktop workstation must be configured with Linux User Management components.
You can set up eDirectory Authentication during the SUSE Linux Enterprise Desktop installation, or you
can use YaST to set it up anytime after installation.
To install and configure LUM during the SUSE Linux Enterprise Desktop installation, select
Step 3 through
Step 10 below. It it is not
already installed, you will be prompted to install the
as the authentication method on the User
Authenticating Method screen, then complete
Figure 33-1 User Authentication Method
Screen in the SUSE Linux Enterprise Desktop Installation
To install and configure LUM on an already running workstation:
On the workstation, launch the YaST Control Center.
Specify whether eDirectory is running on the computer itself
) or on another computer on the network
If eDirectory is running on a remote system, specify the remote system's IP
(Optional) Specify the eDirectory admin name, context, and password, then
The admin name and context must be entered in LDAP syntax which uses a
comma instead of a period (for example, cn=admin,o=novell).
If you don’t have rights to create objects in the eDirectory tree,
leave these fields blank. You will need to contact your eDirectory
administrator, give them the host name of your client, and ask them to
create a LUM Workstation object with your host name. You should also ask
them where you can get a copy of the CA certificate for the LDAP server.
You will need to place this certificate in the
The name of the CA certificate matches the name of the
“preferred-server” entry in the
/etc/nam.conf file and has a
.der extension. You can type namconfig get
preferred-server to get the name. For example, if
namconfig get preferred-server returns
server.xyz.com, your certificate file name will be
Specify the location of the Linux/UNIX Config object.
The Linux/UNIX Config object stores a list of the locations (contexts)
where Linux/UNIX Workstation objects reside on the network. It also
controls the range of numbers to be assigned as UIDs and GIDs when User and
Group objects are created. This object is created when LUM is configured on
the eDirectory server, and is usually located in an upper container of the
eDirectory tree (for example, o=novell). Contact your eDirectory
administrator for the context.
For more information, see
eDirectory Objects and Linux” in the
Linux User Management Technology Guide
(Optional) Specify the location of the LUM Workstation object.
The LUM Workstation object represents the actual computer a user logs in
to. If you have rights to create objects in the eDirectory tree (that is,
you were able to specify the eDirectory admin name, context, and password
in Step 5), this object is
automatically created as part of the workstation configuration and is
usually placed in an Organization (O) or Organizational Unit (OU) container
in the eDirectory tree. You can also create a LUM Workstation object by
clicking in iManager.
(Optional) If you have disabled anonymous binds to the LDAP server, specify
a proxy user name, context, and password that has rights to the LDAP tree.
Click to continue.
Select which login access methods should use eDirectory for authentication.
Installing and configuring LUM technology sets up the SUSE Linux Enterprise Desktop workstation to
validate login requests against user account information stored in
eDirectory. Before users can log in, they must have eDirectory user
accounts created with iManager and extended for LUM, and their User object
must be associated with the workstation they will log in to. See
Using iManager to Enable Users for eDirectory
Authentication for more