Messaging and Directory Server software used around the world in the Government, Military, Aviation and Commercial sectors.
On this page you'll find information on M-Link's use of Directory.
On other pages you'll find a general overview of Isode's M-Link XMPP Server, M-Link's security features, support for wide and local area clustering, boundary controls using M-Link Edge, management tools and standards conformance.
Directory for Authentication & Configuration
M-Link uses Directory to hold authentication and configuration information and can be set up to use two independent directories for these functions or to use a single directory for both functions.
- The authentication directory holds information on users. This will often be an external enterprise directory using standard schema that has already been set up. A common choice for those not using M-Vault for this purpose is Microsoft's Active Directory.
- The configuration directory holds information on M-Link configuration and permanent MUC rooms. M-Vault, which is bundled with M-Link will generally be used for this.
Authentication
M-Link’s primary use of the authentication directory is to authenticate users. By using the directory for authentication, M-Link can share authentication credentials and authentication management with other applications that make use of the same infrastructure.
User Profile
XMPP users have a 'profile' that contains information about the user, such as the user’s name, nickname and phone number. M-Link provides capabilities to manage this information in conjunction with equivalent information held in the authentication directory.
Directory information is mapped to profile information according to XEP 0154, and then a configurable mapping is used to support the widely deployed vCard profiles (XEP 0054). This enables easy use of profile information from the directory and avoids duplication of information, as well as ensuring that key information is kept under administrative control.
M-Link controls which information is taken from the directory, and also allows selected information to be written back to the directory. The directory also enables use of Web based and GUI configuration and management tools. More details on M-Link use of directory is given in the whitepaper [XMPP, M-Link and Directory].
This integrated authentication approach enables common authentication and shared passwords between XMPP and other applications. M-Link also support Kerberos Authentication, the default for Active Directory.
Directory for Group Support
M-Link provides support for general LDAP groups as well as for Active Directory groups configured in the authentication directory. Groups can also be configured in the configuration directory, giving the option to define a group by an LDAP search, which can allow groups to be specified without duplicating information. Groups can be used for two purposes:
- Roster Pre-Population. Here a group is used to define Roster members. This allows pre-population of appropriate peer groups, which avoids the overhead of users having to manually set up the roster. Users can add to and delete from these pre-defined roster groups.
- MUC (Multi-User Chat) access control. Directory defined groups can be used to control access to MUC rooms. This can often be more convenient than configuring users individually within the MUC group access control fields.
Configuration
M-Link holds server configuration and permanent MUC room configuration in the directory. This enables sharing of configuration information between cluster nodes, provides straightforward configuration visualization, and enables configuration using directory management tools. This is described in more detail in the Management Tools section.
Password Policy Controls
User account and password information is maintained in the directory and used by M-Link and other applications for authentication. The screenshot below (click to enlarge) shows password policy controls in the Directory.
Passwords may be controlled with Isode's password policy framework. This is described in the white paper [Password Policy for Directories].
