Oracle Internet Directory Administrator's Guide Release 2.1.1 Part Number A86101-01 |
|
This chapter is an introduction to online directories, provides an overview of the Lightweight Directory Application Protocol (LDAP) version 3, and explains some of the unique features and benefits of Oracle Internet Directory.
This chapter contains these topics:
A directory organizes information so that you can find it easily. It lists objects--for example, people, books in a library, or merchandise in a department store--and gives details about each one. A telephone book is a familiar type of directory, a card catalog in a library is another, and a department store catalog still another.
This section contains these topics:
An online directory is a specialized database that stores and retrieves collections of information about objects. Such information can represent any resources that require management: employee names, titles, and security credentials; information about e-commerce partners; or information about shared network resources such as conference rooms and printers.
Directories can be used by a variety of users and applications, for a variety of purposes. A few typical scenarios include:
A database is a structured collection of data. Although an online directory is a database, it is not a relational database. The following table contrasts online directories with relational databases.
According to some estimates, each of the world's largest companies has an average of 180 different directories, each designated for a special purpose. Add to that the various enterprise applications, each with its own additional directory of user names, and the actual number of special purpose directories becomes even higher.
Managing so many special purpose directories can cause three problems:
For example, when an enterprise hires a new employee, administrators must create a new user identity on the network, create a new e-mail account, add the user to the human-resources database, and set up all applications that the employee may need--for example, user accounts on development, testing, and production database systems. Later, if the employee leaves the company, administrators must reverse the process to disable all these user accounts. In addition to this administrative overhead, it can be difficult for multiple administrators entering redundant information in multiple systems to synchronize this employee information across all systems. The result can be inconsistent data across the enterprise.
Clearly there is need for a more general purpose directory infrastructure, one based on a common standard for supporting a wide variety of applications and services. Oracle Internet Directory answers this need through its use of the Lightweight Directory Access Protocol (LDAP).
The Lightweight Directory Access Protocol (LDAP) is a standard, extensible directory access protocol. It is a common language that LDAP clients and servers use to communicate.
LDAP was conceived as an internet-ready, lightweight implementation of the International Standardization Organization (ISO) X.500 standard for directory services. It requires a minimal amount of networking software on the client side, which makes it particularly attractive for internet-based, thin client applications.
This section contains these topics:
The LDAP standard simplifies management of directory information in three ways:
The most recent version of LDAP, Version 3, was approved as a proposed Internet Standard by the Internet Engineering Task Force in December 1997. LDAP Version 3 improves on LDAP Version 2 in several important areas:
See Also:
Oracle Internet Directory is a general purpose directory service that enables retrieval of information about dispersed users and network resources. It combines LDAP Version 3 with the high performance, scalability, robustness, and availability of Oracle8i.
This section contains these topics:
Oracle Internet Directory runs as an application on Oracle 8i. It communicates with the database, which may be on the same or on a different operating system, by using Net8, Oracle's operating system-independent database connectivity solution. Figure 1-1 illustrates this relationship.
Oracle Internet Directory includes:
Oracle Internet Directory provides these significant benefits:
Oracle Internet Directory exploits the strengths of Oracle8i, enabling support for terabytes of directory information. In addition, such technologies as multithreaded LDAP servers and database connection pooling allow it to support thousands of concurrent clients with subsecond search response times.
Oracle Internet Directory also provides data management tools, such as Oracle Directory Manager and a variety of command line tools, for manipulating large volumes of LDAP data.
Oracle Internet Directory is designed to meet the needs of a variety of important applications. For example, Oracle Internet Directory supports full, multi-master replication between directory servers: If one server in a replication community becomes unavailable, then a user can access the data from another server. Information about changes made to data on a server is stored in special tables on the Oracle8i database. These are replicated throughout the directory environment by Oracle's Advanced Symmetric Replication (ASR), a robust replication mechanism.
Oracle Internet Directory also takes advantage of all the availability features of the Oracle8i. Because directory information is stored securely in the Oracle8i database, it is protected by Oracle's backup capabilities. Additionally, the Oracle8i database, running with large datastores and heavy loads, can recover from system failures quickly.
Oracle Internet Directory offers comprehensive and flexible access control. An administrator can grant or control access to a specific directory object or to an entire directory subtree. Moreover, Oracle Internet Directory implements three levels of user authentication, namely, anonymous, password-based, and certificate-based using Secure Socket Layer (SSL) Version 3 for authenticated access and data privacy.
|
Copyright © 1996-2000, Oracle Corporation. All Rights Reserved. |
|