How eDirectory Agent works

eDirectory Agent does not authenticate users directly. Instead, the agent uses Netware Core Protocol (NCP) to gather user logon session information from Novell eDirectory, which authenticates users logging on to the network. (The query protocol can be changed; see Configuring the default directory protocol.)

eDirectory Agent associates each authenticated user with an IP address and records user name-to-IP-address pairings in its user map, then supplies the information to Filtering Service.

• User name: The name by which the user is identified and authenticated in the network.

  eDirectory Agent correlates the Novell eDirectory Common Name (cn) attribute to a user logging in. The cn acts as a unique identifier of an object within the Novell eDirectory structure.

• IP address: The IP address of a logged-on user. eDirectory correlates the Novell attribute “networkAddress” with the user.

  It is possible for each user to have zero, 1, or more attributes with this name. For each successful logon, Novell eDirectory server adds 1 networkAddress entry to a user’s attribute profile. If the networkAddress attribute is not present for a user, it means the user is not logged on to Novell eDirectory. eDirectory Agent scans all the networkAddress attributes of a user and adds corresponding user name/IP address entries to its user map.

  Note: From a Novell client running Windows, multiple users can log on to a single Novell eDirectory server. This associates one IP address with multiple users. In this scenario, eDirectory Agent’s user map only retains the user name/IP address pairing for the last user logged on from a given IP address.