260 OES 2 SP2: Planning and Implementation Guidenovdocx (en) 22 June 2009I.2.1 What Are Proxy Users?As the name implies, proxy users are user objects that perform functions on behalf of OES services.Proxy user accounts do not represent people, rather they are eDirectory objects that provide veryspecific and limited functionality to OES services. Generally, this includes only retrieving service-related information, such as user passwords and service attributes, but sometimes proxy users alsowrite service information in eDirectory.Many but not all OES services rely on proxy users to run on Linux (see “Which Services RequireProxy Users and Why?” on page 260). Proxy user creation and/or configuration is therefore anintegral part of configuring OES.None of the OES services require that you specify proxy user information during the OESinstallation, but some, such as DNS/DHCP, AFP, CIFS, and iFolder, give you the option to do so.Others, such as NCS and NSS create proxy users without user input, while Archive and VersioningServices always uses the install admin as its proxy user.I.2.2 Why Are Proxy Users Needed on OES?OES provides the Novell services that were previously only available on NetWare.To make its services available on Linux, Novell had to accommodate a fundamental differencebetween the way services run on NetWare and the way they run on Linux. NetWare Services: The NetWare operating system and eDirectory are tightly integrated. Thisallows the services (NLMs) on NetWare to assume the identity of a server object in eDirectory,thus gaining access to the other objects and information in eDirectory that are needed for theservices to run. OES Services: eDirectory also runs very well on OES, and it provides the infrastructure onwhich OES services rely, but it is not integrated with the Linux operating system.On Linux servers there is no concept of a service, such as Apache or iFolder running as a serverobject. Instead, each service runs using a User ID (uid) and a Group ID (gid) that the Linuxserver recognizes as being valid.I.2.3 Which Services Require Proxy Users and Why?The following services utilize a proxy user.Table I-3 Proxy Users Functions Listed by ServiceAssociated Service Example Proxy User Name Services That the User ProvidesAFP AfpProxyUser-servername Retrieves passwords for AFP users.Archive Versioning adminThe install admin is alwaysspecified.The service runs as this user.CIFS CifsProxyUser-servername Retrieves passwords for CIFS users.