Virtual Directory Server 6.1 - Virtual Directory Server User Guide

88851: How to overcome a page size limit set on target LDAP system 89110: Error with BINDS in Active Directories 107560: Unix ODBC Configuration 107701: Install on 64-bit Linux 108986: Upgrade Guide 109131: Memory Limits

INTEGRATION WITH OTHER PRODUCTS FROM DELL SOFTWARE

SAML Support with Cloud Access Manager Securing the Environment and Auditing Modifications with ChangeAuditor

Operation (start / stop)

Note: On *NIX systems the application may not run right away and may require some extra libraries to be installed. Under Linux installing wxGTK should be sufficient. ((You may need to add extra software sources if you do not find it as a package for your Linux distribution.))

((You may need to add extra software sources if you do not find it as a package for your Linux distribution.))

Under Solaris the situation is more complicated. For Solaris x86 there is the SUNWwxwidgets package from the OpenSolaris project. For Solaris SPARC there is the wxgtk package from the sunfreeware.com site, which also requires installing all the dependent packages.

Configuration

Note: The certificate issued for *.vdsdemo.com is self-signed. This means that for some applications, such as the average web-browser, you may receive a warning or error message notifying you that the application does not recognise the CA or that the CA is invalid. Most browsers include a set of certificates from well-known commercial CAs. If you choose to continue to use the bundled certificate, you can choose either to add a security exception in your browser to ignore the missing CA. Or you can import the CA certificate into your browser in your browser preferences. However, we recommend that for production servers you purchase a valid signed certificate from a commercial certificate authority and replace the included certificate.

Users and Roles

Users & Roles

All the information on what users can invoke the RAS and what operations they are allowed to perform can be found in the following two files: users.ldif and roles.ldif. To edit user permissions, you may either make use of the "Admin" GUI that is included with the RAS Monitor application that can run out of your system tray; or you may edit the users.ldif and roles.ldif configuration files directly by hand.

`users.ldif`

The users and passwords for RAS access, together with the roles configured for each, can be found in the following file: admrem/users.ldif. This file can be edited with any text editor to add or modify the users that have access to the tool.

Attributes uid and (encrypted value) epasswd are the credentials a DSGUI instance will need to pass (via Basic HTTP Authentication) to the RAS to identify itself as a user allowed to send commands. After changing them in your RAS configuration, you obviously need to change them in your DSGUI Preferences (see Admin Server Preferences ).

These values are also used to set the authentication of users accessing the WRAS tool, using a web browser. Typically, the browser will automatically cause an Authentication dialog window to pop up when a page is accessed, and will expect matching username/uid and password/epasswd values to be provided.

This is the fragment that corresponds to the user "demanager", who has the "administrator" role:

  dn: uid=demanager,ou=users,cn=conf,o=dsproxyremote
  objectclass: RASuser
  uid: demanager
  epasswd: 56BVBjTBf33TU3I7MI98dA==
  role: administrator

`roles.ldif`

The file which describes the different roles that can be assigned to each user is: admrem/roles.ldif. This file can be edited with any text editor to configure existing roles or to add new ones.

Each role is described as a set of permissible operations. allowopgui values refer to commands sent by the DSGUI interface; while allowopras are related to WRAS operations. For a complete list with description of the operations please check sections DSGUI, Operation IDs and WRAS, Operation IDs.

This is the fragment that corresponds to the "administrator" role, which has all operations enabled by default:

  dn: role=administrator,ou=roles,cn=conf,o=dsproxyremote
  objectclass: RASrole
  role: administrator
  allowopgui: ListRoots
  allowopgui: CreateDir
  allowopgui: GetFile
  allowopgui: PutFile
  allowopgui: ListDirectory
  allowopgui: GetFileInfo
  allowopgui: PutConf
  allowopgui: RmConf
  allowopgui: GetConf
  allowopgui: GetStatus
  allowopgui: Start
  allowopgui: Stop
  allowopgui: GDump
  allowopgui: FetchLog
  allowopwras: access
  allowopwras: start
  allowopwras: stop
  allowopwras: restart
  allowopwras: remove
  allowopwras: rfile
  allowopwras: wfile
  allowopwras: rlog

Auditing

As seen in the section titled Main Configuration, RAS can be flexibly configured to output audit information of the operations it performs. The directory where the auditing files are stored is admrem/log. This is a sample:

  20081024192441|deguest|127.0.0.1|GUI|ListRoots|200|OK
  20081024192457|deoperator|127.0.0.1|GUI|ListRoots|200|OK
  20081024195707|demanager|127.0.0.1|WRAS|access,CacheSearchesDesign|200|OK
  20081024195710|demanager|127.0.0.1|WRAS|rlog,live,/opt/dell/vds/R6.1.0/confs\
      /CacheSearchesDesign/logs/STDOUT|200|OK

The audit information is formatted in columns separated by the "|" character, each having the following meaning:

1- Date and time of the operation, in "YYYYMMDDHHMMSS" format

2- Uid of the user performing the operation

3- IP of the machine from which the access is performed

4- Identifier of the tool that performs the operation (GUI if DSGUI interface, or WRAS)

5- Operation identifier and parameters

6- HTTP result

7- Operation result (OK or Error message)

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem