Handheld devices never connect directly to eDirectory.
The following components connect to eDirectory:
- ZHM Server back-end: Connects to eDirectory by logging in as a user whose ID was supplied during installation. The server uses secure LDAP (by default, port 636) to connect to eDirectory.
- ZHM Access Point: Connects to the eDirectory to verify the users when the user-based ZHM management is turned on. The Access Point serviceuses secure LDAP to connect to eDirectory. The Access Point service acts on the behalf of the handheld device, and tries to log in as the user whose ID is entered on the handheld device in the eDirectory Authentication screen.
- ConsoleOne: Used for administration.
- Containers: O, OU, Country, Locality etc.
- Objects with objectclass name: zen*
- Objects with objectclass name: zfh*
- User Group
- Browse rights to all types of objects listed above.
- Create, Rename, Delete rights to all containers where the ZHM7 Service object is created, and in the containers where the handheld devices will be automatically imported.
- Supervisor, Compare, Read, Write, "Add Self" rights to the following attributes: zen*, zfh*, ObjectClass, Member.
- Compare and Read rights to the following attributes: GUID, Revision, GroupMembership, NetworkAddress.