M-Link & Directory
On this page you'll find information on M-Link's use of Directory. On other pages you'll find a general overview of Isode's M-Link XMPP Server, M-Link's security features, support for wide and local area clustering and reliability, boundary controls using M-Link Edge, management tools and standards conformance.
Directory for Authentication
M-Link uses Directory to hold user authentication and configuration information. This will often be an external enterprise directory using standard schema that has already been set up. A common choice for those not using M-Vault for this purpose is Microsoft's Active Directory. By using the directory for authentication, M-Link can share authentication credentials and authentication management with other applications that make use of the same infrastructure
M-Link’s primary use of the authentication directory is to authenticate users. By using the directory for authentication, M-Link can share authentication credentials and authentication management with other applications that make use of the same infrastructure.
XMPP users have a 'profile' that contains information about the user, such as the user’s name, nickname and phone number. M-Link provides capabilities to manage this information in conjunction with equivalent information held in the authentication directory.
Directory information is mapped to profile information according to XEP 0154, and then a configurable mapping is used to support the widely deployed vCard profiles (XEP 0054). This enables easy use of profile information from the directory and avoids duplication of information, as well as ensuring that key information is kept under administrative control.
M-Link controls which information is taken from the directory, and also allows selected information to be written back to the directory. The directory also enables use of Web based and GUI configuration and management tools. More details on M-Link use of directory is given in the whitepaper [XMPP, M-Link and Directory].
This integrated authentication approach enables common authentication and shared passwords between XMPP and other applications. M-Link also support Kerberos Authentication, the default for Active Directory.
Directory for Group Support
M-Link provides support for general LDAP groups as well as for Active Directory groups configured in the authentication directory. Groups can also be configured in the configuration directory, giving the option to define a group by an LDAP search, which can allow groups to be specified without duplicating information. Groups can be used for two purposes:
- Roster Pre-Population. Here a group is used to define Roster members. This allows pre-population of appropriate peer groups, which avoids the overhead of users having to manually set up the roster. Users can add to and delete from these pre-defined roster groups.
- MUC (Multi-User Chat) access control. Directory defined groups can be used to control access to MUC rooms. This can often be more convenient than configuring users individually within the MUC group access control fields.
User account and password information is maintained in the directory and used by M-Link and other applications for authentication. The screenshot below (click to show/hide larger version) shows password policy controls in the Directory.
Click to show/hide detail
Passwords may be controlled with Isode's password policy framework. This is described in the white paper [Password Policy for Directories].