eDirectory Agent user identification process

The transparent identification process with eDirectory Agent is as follows:

Steps

  1. Novell eDirectory authenticates users as they log on.
  2. eDirectory Agent retrieves information from Novell eDirectory about logged-on users. The agent queries the directory service or user logons at regular intervals (30,000 milliseconds, or 30 seconds, by default).
    The agent detects only users logging on directly to Novell eDirectory server.

  3. eDirectory Agent stores the user name, domain name, and originating IP address from each logon session in a user name-to-IP-address map in local memory, and in the eDirAgent.bak file.
    Note:

    Due to a Novell limitation, user names that exceed 39 characters cannot be successfully stored in the user map.

    If eDirectory Agent receives a new request from an IP address already included in its map, it replaces the existing pairing with the new pair

  4. eDirectory Agent sends user names and IP addresses to Filtering Service using port 30700. Filtering Service records user name/IP address pairs to its own copy of the user map in local memory. No confidential information (such as user passwords) is transmitted.
  5. Filtering Service queries User Service for group information for user names in its user map. User Service queries Novell eDirectory for group information corresponding to those users, and sends the information to Filtering Service.
  6. Filtering Service applies policies to the logged-on users. For more information about applying policies to directory clients, see the Administrator Help for details.