みる directory server

From Developer Community

Development Status: End-of-life.
Intended Audience:    System Administrators.
License:              BSD license.

miru directory server is a project aimed at creating an embedded LTSP software package that, when used together with an embedded PC, provides all the network infrastructure dependencies required to create a multi-terminal server environment without the expense of Microsoft Active Directory or overhead of manually setting up NIS, Samba, Kerberos, or LDAP. Samba 4 provides the Active Directory Service with a Kerberos 5 KDC, LDAP Global Catalog, and Windows Domain Control. A typical deployment would look like this:

In addition to directory services the miru directory server can act as a shared Mozilla Thunderbird address book. The server provides a web interface for creating and updating address book cards, whilst Thunderbird provides read only access with search and address auto-complete functionality.

miru directory server is based on a bare-bones version of FreeBSD, Samba, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things manageable.

The code base for the miru directory server is based upon m0n0wall, pfSense, and the FreeNAS projects. The codename for this project is ocean, whilst the product name is miru directory server.

Miru and the Miru logo are trademarks of Miru Limited.

[edit]

File Releases

Edgy-PulseAudio	-	2006-10-17
OCEAN-vm.1.0.beta.1.demo.7z	-	2006-08-10
OCEAN-vm.1.0.beta.5.address-book-demo.zip	-	2006-09-12
nightly	-	2006-08-15
pre-alpha	-	2006-08-15
release 1.0beta1	-	2006-08-15
release 1.0beta2	-	2006-08-28
release 1.0beta3	-	2006-08-29
release 1.0beta4	-	2006-08-29
release 1.0beta5	-	2006-09-12
release 1.0beta6	-	2007-01-25

[ Subversion ]

[edit]

Latest News

[edit]

CardDAV For Address Book Sharing

Mac OS X Server 10.6 Snow Leopard is set to include an "Address Book Server" that includes CardDAV support. CardDAV adds the venerable vCard to WebDAV with functionality similar to LDAP but with a clean defined schema allowing desktop applications such as Mozilla Thunderbird, Evolution, and Microsoft Outlook to not only share address books but importantly to update and maintain the contact information.

--Steve-o 2009-05-11

[edit]

Alternative Directory Servers

Many supported replacements for Active Directory or simply managed directory services are starting to appear now. As Samba 4 is still in development you might wish to investigate this alternative options to the miru directory server.

Mandriva Directory Server - Identity and network services management.
Red Hat Enterprise IPA - Identity management for Linux and Unix systems.

--Steve-o 2009-01-18

[edit]

Kerberos Authentication

The current documentation creates a rather fruity security policy, passwords appear only to be checked on ssh connections, GDM logins completely skip password checking. With Ubuntu 8.04 comes updated documentation and a new nss-ldapd to cope with boot hangs.

Configure common-auth with the following, note that minimum_uid should not be used here.

auth	        sufficient	pam_krb5.so ccache=/tmp/krb5cc_%u
auth	        sufficient	pam_unix.so likeauth nullok_secure use_first_pass
auth	        required	pam_deny.so

Leaving common-account with minmum_uid checks.

account	required	pam_unix.so
account        required	pam_krb5.so minimum_uid=1000

And common-session with more checks and optional home directory creation. Note that if the home directories are NFS mounts and unavailable this can end up creating new local empty accounts which easily confuse end users.

session	required	pam_unix.so
session	optional	pam_foreground.so
session	optional	pam_krb5.so minimum_uid=1000

--Steve-o 2008-05-05

[edit]

Samba TP4

The Samba team released another technology preview of the Active Directory compatible Samba 4 suite. This version concentrates on areas not immediately useful by a standalone directory server, so no new beta for a bit.

The WRAP embedded hardware unit is now EOL as the factory AMD used has stopped production, PC Engines and Soekris have replacement systems under development.

There are a few major issues with the web UI in the current beta release, fixes postponed until they become critical. There has been one instance of passwords expiring requiring a reboot.

--Steve-o 2007-03-15

[edit]

1.0 Beta 6 Release

A new beta of the miru directory server adds some important updates to the Samba suite. Password expiry and time jump issues for Kerberos clients should be alleviated. This release includes the following features:

NEW: Gateway specification for DHCP.
NEW: Secondary group support for users.
NEW: Samba TP3.
NEW: Per VLAN DHCP service (previous implementation had DHCP direct support).
UPDATE: The LDAP schema for Unix accounts changed, gecos is now name, and uid is unixName.
FIX: Updating user & group entries in directory more robust.

This version has a slight update to the menu screen, there is a planned update to the web interface to support the new translations from Rosetta.

New console menu screen

The wiki pages on Ubuntu installation and support have been updated to the full Edgy Eft 6.10 release.

NB: Beta release, implements all features in the initial software requirements specification, likely unstable.

Download the image files from the repository at Novell Forge: 1.0 beta 6. The web interface can be used to upgrade 1.0 beta 6 images using the compressed ISO package.

--Steve-o 2007-01-25

[edit]

Mozilla Thunderbird Extension

Now available via the Thunderbird Add-ons site is the "AddTo Miru Directory Server" extension allowing you to directly add contact information to the LDAP directory. Post your suggestions on the miru-ocean-user and miru-ocean-dev mailing lists for ideas and implementations for the next release.

--Steve-o 2006-10-15

[ News Archive ]

[edit]