The Configuration Manager framework requires that a connection to the LDAP server, with read and search permissions, can be created in order to identify which full DN is associated with a given user or host identifier coming from the desktop. As such, the repository must be configured so as to either allow anonymous connection, or a special user with read and search access must be created for that purpose.
The management application creates service trees under entries mapped into entities to hold the configuration data for these entities. As such, user entries used for management purposes need to have the right to create subentries under the entries they are managing.
Authentication of the users of the framework from the desktop clients can be
done with two methods named Anonymous and GSSAPI.
The Anonymous method requires that anonymous access for read
and search is enabled throughout the repository as the desktop clients will not provide
any credentials when attempting to retrieve data from the LDAP server. To use the GSSAPI method (using
Kerberos for authentication),
the LDAP server must be configured as described in the "Managing Authentication and
Encryption” chapter of the Sun JavaTM System
Directory Server 5 2004Q2 Administration Guide.