Isode Products

Directory Products

M-Vault in Depth

Directory Management

Directory Evaluations

Isode Directory ProductsM-Vault Server Management tools can be split into four categories:

  • Directory Configuration Management
  • Directory Operational Management
  • Directory Data Access & Management
  • Directory Synchronization

This section covers Data Access and Management, looking at Isode's Sodium management tool.

You can find information on Configuration Management (Enterprise Directory Management), Operational Management (DConsole, SNMP monitoring, Audit, Event and Fault Logging), Data Access & Management (using the web-based Directory Services Interface) and Directory Synchronization (Sodium-Sync) by following the links.

 

Secure Open Data, Identity and User Manager (Sodium)

Sodium is used to manage the data held in LDAP/X.500 enterprise directory servers. It provides information managers and system administrators with an easy to use Graphical User Interface.

Sodium is part of the Isode directory product set, and is ideal for use with M-Vault. It may also be used with any directory server which supports X.500 DAP (Directory Access Protocol) or LDAP Lightweight Directory Access Protocol).

Sodium features include:

  • Support for Strong Authentication and Signed Operations (more)
  • X.509 certificate request and management functions (more)
  • Extensive built-in schema support (more)
  • Easy Browsing and Searching (more)
  • Extensive Data modification, addition and checking facilities (more)
  • Bulk Load/Dump of LDIF files (more)
  • Flexible template configuration (more)

Sodium Features

Support for Strong Authentication

Sodium's Bind Manager contains configuration details for stored directory server connections. Each configuration contains details of the protocol (LDAP or DAP), address details and the type of authentication being used (Anonymous, Simple or Strong).

Sodium Strong Bind

The bind profiles can be modified at a later stage or copied for use as a template for another connection configuration. Isode whitepaper's relating to Strong Authentication can be found here.

Sodium also supports Directory signed operations: providing additional security by applying an X.509 digital signature to individual directory operations and to the results returned, you can read more about Signed Operations in this whitepaper.

X.509 Certificate Management

Sodium simplifies the process of creating and managing certificate signing requests (CSRs) for an entry, issuing that CSR to a Certificate Authority (CA) and creating identities from X.509 certificates returned from the CA.

Sodium's 'Create Identity' wizard will automatically create a Certificate Signing Request (CSR) for passing onto the CA and, when the certificate has been issued, create a PKCS#12 file representing the identity. Operations can be deferred for later action in situations where the time delay between CSR and the issuing of the certificate makes it impractical to wait.

On completion of the identity creation, Sodium allows for storing the certificate information inside the directory by associating it with the entry matching that of the certificate. Sodium enables secure identity creation for:

  • Full installation for users with accounts on the local system.
  • Full installation for an M-Vault server running on the local system.
  • Provision of files that can be used for any user or server.

Secure Bind Profiles

Sodium stores configured servers in a bind profile. This may be encrypted, using a key prompted for each time Sodium starts. When an encrypted profile is used, it can hold passwords and pass phrases of PKCS#12 files. This provides the convenience of not having to type passwords for each server connection, while giving good data security.

Bind profiles allow setting of security and protocol parameters for each directory. Multiple profiles may be established for a single server, with different security and protocol options.

Extensive built-in schema support

Sodium includes extensive built-in schema support, including templates for military (ACP133) and aviation (ATN Directory) markets.

Sodium schema support

Attribute names and values are displayed in groups appropriate to the schema within tabs attached to the object.

Browsing and Searching with Sodium

Sodium's main window can support multiple tabs, which can be re-arranged and moved to additional Sodium windows.

  • The Browse Tab: opened when you connect to a directory server. This is the default view that shows directory entries in a tree, structured by their distinguished name.

Sodium Browse Tab

  • Search Tab: If the user performs a search, results from that search are displayed in a Search Tab. The search tab view is similar to that of the Browse tab, but only entries matching the search filter are displayed. The screenshot below shows results for the search criteria (cn=Kate*)

Sodium search

  • Log: Sodium will display warnings and error messages in a 'Log' tab. If there are no warnings or errors, this tab will not be displayed.

Data modification, addition and checking

Entries can be viewed and edited using the standard browser interface. The interface allows for entry removal, addition of entries at any place in the DIT or added using the current entry as a template.

Sodium data modification

 

There are number of editing features that make it easy to manage information in the directory. These include:

  • Modifying the templates to be used for an object.
  • Viewing the object in "schema view", and selecting the object classes to be used (underlying the templates).
  • Drag and drop move of sub-trees.
  • Delete sub-trees.
  • Copy and paste attribute values.
  • Copy of DNs (Distinguished Names), to easily enter values for DN value attributes.
  • Clone an existing entry, to make it easy to create a new entry based on an existing one.
  • Validate DN attributes, with graphical display of object class and quick link to see the associated entry.
  • "Referential Integrity Check" of sub-tree, to identify DN values that do not point to an entry in the directory.
  • Syntax validation of all attributes.
  • Graphical display of many structured attributes.
  • Validation of expiry dates in Certificates and Certificate Revocation Lists.
  • Management of the component Certificates in Cross Certificate Pairs.
  • Option to display operational attributes.

Password Policy Controls

Sodium can be used to manage password policy. It allows:

  • Setting of password policy preferences.
  • Choice of hash algorithm (or plain passwords).
  • Management of password policy exclusions.
  • Account locking.

Futher information on password policy is given in the Isode white paper Password Policy for Directories.

Bulk Load/Dump of LDIF files

Sodium allows for flexible bulk load and dump of LDIF (LDAP Data Interchange Format) files. This includes the ability to load data to any part of the DIT, automatically changing names and references to other names.

LDIF bulk load

In addition to Sodium, Isode provides a family of bulk load tools based on Isode's Tcldish directory scripting tool. As these are written in the Tcl scripting language, they can be easily adapted for use in slightly different environments or with different data sources. These tools support two useful formats:

  1. Comma Separated Value (CSV). This format is generated by many popular applications, and is a convenient and simple means to load data.
  2. LDIF. (LDAP Interchange Format). LDIF is a directory data format, which is likely to be standardized, and is already used by some data tools. As well as being a standard format, LDIF enables incremental loading of data into the directory.

These are client/server tools which give a great deal of flexibility and should be used where possible. Isode also provides tools for loading and dumping LDIF files directly to the M-Vault database, which are useful when the very highest performance is needed.

Templates

Sodium templates are XML based, allowing new templates to be rapidly generated for specific user requirements, to modify support for current schema or to add support for new schema.

Templates may be created with default values. This will be convenient where entries are often created with the same values. Where an object type has multiple templates, typically reflecting different sets of default values, the user is prompted for the choice of which template to use.

Evaluations

Sodium is bundled as part of our M-Vault Directory Server and can be evaluated as part of our M-Vault Evaluation package.

 
Copyright © 2008 Isode privacy   feedback Subscribe to our rss newsfeed