information technology central services at the university of michigan TuesdayDecember022008
University of Michiganitcs home
search itcs
find a person or group at U-M
Novell at University of Michigan
LNGS Home
Novell Home
ITCS Services
eDirectory
Schema Extensions
eDir Upgrade Procedure
Kerberos Login Method
OES - Netware/Linux
SuSE
How-To
ZENworks
Training
Licenses
Help
eDirectory at University of Michigan

Last Updated: August 23, 2007
Novell eDirectory is a cross-platform Lightweight Directory Access Protocol (LDAP)-enabled, directory-based identity management system which centralizes the management of user identities, access privileges and many other network resources.

eDirectory stores identity and resource information in an object oriented hierarchical structure called a tree. The main eDirectory on campus is the Michigan Tree. One of eDirectory's strengths is it's ability to delegate administrative authority of branches within the tree. A unit can have complete control over their own branch of the tree, but not have any access to other branches. Yet, the unit can still offer services to other branches if they wish to. This is particularly advantageous in our higher education campus environment where autonomy and collaboration are of equal, yet often conflicting, priority.

Michigan Tree History and Current State
The Michigan Tree started life with the installation of a NetWare 4.0 server on September 25, 1993 at 11:11:55pm. NetWare 4.0 was the first version of NetWare to be shipped with eDirectory (called Novell Directory Services [NDS] at the time). Currently the tree holds servers running many different versions of NetWare including 5.1, 6.0, 6.5 and OES - Netware/Linux. The tree is also capable of holding servers running Windows NT/2000/2003, Linux, AIX, and Solaris. The first release of eDirectory (NDS) was version 4.0. The Michigan Tree currently consists of eDirectory versions 7.x, 85.x, 8.6.x, and 8.7.x.

Michigan Tree Stats
The Michigan Tree serves 70 distinct, individually managed units who run approximately 137 servers cumulatively. These units manage, and offer resources, to approximately 20,000 user objects.

Schema
Schema is a rule book for a directory. The Schema contains the rules about what can exist in the directory and how it has to be formatted. To see a list of what extensions have been made to the Michigan Tree schema, click here.

Currently Supported DS Versions in the Michigan Tree
NetWare 6.5 max (preferred): eDir 8.7.3.9 (10553.73)
NetWare 6.5 min: eDir 8.7.1 sp1 (10550.68)

NetWare 6 max (preferred): eDir 8.7.3.9 (10553.73)
NetWare 6 min: eDir 8.6.2 sp3 (10350.13)

Netware 5.1 max (preferred): eDir 8.7.3.9 (10553.73)
NetWare 5.1 min: DS 7.62b or eDir 8.6.2 sp3 (10350.13)

Click here for the current eDirectory upgrade procedure.

Projects currently underway to integrate the Michigan Tree with other UMCE services

Kerberos
The Novell NMAS Kerberos Login Method enables a user to authenticate to eDirectory using Kerberos Tickets. Our implementation utilizes the existing MIT Kerberos V system on campus (the UMICH.EDU realm.) The integration of this solution into the Michigan Tree allows units to offer services to someone on campus without them needing to remember another password. This should allow the unit to offer services to a larger subset of the population.
For details and configuration information, click here.

U of M Online Directory (UMOD) Identity Provisioning
UMOD Identity Provision

For departments using the ID Provisioning system, there is a web page available for changing your UMICH.EDU Kerberos passwords, eDirectory passwords, and Active Directory passwords.

To offer constructive criticism, or provide other feedback about our site, click here.

ITCS
Information Technology Central Services at the University of Michigan