Start YaST and select Security and Users+Linux User Management.

If you do not see the Linux User Management entry in YaST, select Software+Software Management first and install the yast2-linux-user-mgnt package.

In the Linux User Management LDAP Server Configuration window, specify whether eDirectory is running on the computer itself (Local System) or on another computer on the network (Remote System).

If eDirectory is running on a remote system, specify the remote system's IP address.

Optionally, provide the eDirectory Admin Name with Context, and the Admin Password.

The admin name and context must be entered in LDAP syntax, which uses a comma instead of a period (for example: cn=admin,o=novell).

If you do not have rights to create objects in the eDirectory tree, leave these fields blank. Contact your eDirectory administrator, give him the host name of your client, and ask him to create a LUM Workstation object with your host name. Ask where you can get a copy of the CA certificate for the LDAP server and place this certificate in the /var/nam directory. The name of the CA certificate matches the name of the “preferred-server” entry in the /etc/nam.conf file and has a .der extension. You can type namconfig get preferred-server to get the name. For example, if namconfig get preferred-server returns server.xyz.com, your certificate file name is .server.xyz.com.der.

Click Next and specify the location of the Linux/UNIX Config object.

The Linux/UNIX Config object stores a list of the locations (contexts) where Linux/UNIX Workstation objects reside on the network. It also controls the range of numbers to be assigned as user IDs (UIDs) and group IDs (GIDs) when User and Group objects are created. This object is created when LUM is configured on the eDirectory server, and is usually located in an upper container of the eDirectory tree (for example, o=novell). Contact your eDirectory administrator for the context.

For more information, see Understanding eDirectory Objects and Linux in the Novell Linux User Management Technology Guide.

Optionally, specify the location of the LUM Workstation object.

The LUM Workstation object represents the actual computer a user logs in to. If you have rights to create objects in the eDirectory tree, which means you are able to specify the eDirectory administrator name, context, and password in Step 4), this object is automatically created as part of the workstation configuration and is usually placed in an Organization (O) or Organizational Unit (OU) container in the eDirectory tree. You can also create a LUM Workstation object by clicking Linux User Management+Create Linux Workstation Object in iManager.

If you have disabled anonymous binds to the LDAP server, specify a Proxy User Name with Context, and a Proxy User Password that has rights to the LDAP tree.

Click Next to continue.

Select which login access methods should use eDirectory for authentication.

Click Finish.

Installing and configuring LUM technology sets up the SUSE Linux Enterprise Desktop workstation to validate login requests against user account information stored in eDirectory. Before users can log in, they must have eDirectory user accounts created with iManager and extended for LUM, and their User objects must be associated with the workstation they will log in to. See Section 34.2, “Using iManager to Enable Users for eDirectory Authentication” for more information.

Launch iManager by entering the following in the address field of a network browser: http:// target_server/nps/iManager where target_server is the IP address or domain name of the eDirectory server. You are prompted to provide the full context of the admin user (for example, admin.novell) and password.

Make sure you are in the Roles and Tasks view by clicking Roles and Tasks Icon on the top button bar, then select Linux User Management in the navigation panel on the left.

Click Enable Users for Linux, select the User object you want to enable, then click Next.

When an eDirectory User object is extended to hold Linux user-login properties, it is said to be LUM enabled or enabled for Linux. When enabled for Linux, a user can simply access the Linux computer using Telnet, SSH, or other supported methods (see Step 9) and enter a username and password. The access request is redirected to find the appropriate username and login information stored in eDirectory.

When extended for Linux, the eDirectory User object holds Linux-related properties, such as user ID, primary group ID, primary group name, location of home directory, and preferred shell.

Assign the user to a group, then click Next.

The group and its corresponding group ID are assigned as the user's primary GID. If the selected user account already has a primary GID, this group's GID is assigned to the user as secondary. You can choose any of the following ways to assign the user to a group:

Select the workstations that the users in the group should have access to, then click Next.

Click Finish to apply the changes, then click OK.

Users should now be able to use their eDirectory user login credentials to log in to their SUSE Linux Enterprise Desktop workstations.