|  Index    
DocHome    
Next | 
| iPlanet Directory Server 5.1 Deployment Guide | 
Contents 
About This Guide 
Purpose of This Guide 
Conventions Used in This Guide 
Related Information 
Chapter 1 Introduction to Directory Server 
What is a Directory Service? 
About Global Directory Services 
About LDAP 
Introduction to iPlanet Directory Server 
Overview of Directory Server Architecture 
Overview of the Server Front-End 
Server Plug-ins Overview 
Overview of the Basic Directory Tree 
Directory Server Data Storage 
About Directory Entries 
Distributing Directory Data 
Directory Design Overview 
Design Process Outline 
Deploying Your Directory 
Piloting Your Directory 
Putting Your Directory Into Production 
Other General Directory Resources 
Chapter 2 How to Plan Your Directory Data 
Introduction to Directory Data 
What Your Directory Might Include 
What Your Directory Should Not Include 
Defining Your Directory Needs 
Performing a Site Survey 
Identifying the Applications that Use Your Directory 
Identifying Data Sources 
Characterizing Your Directory Data 
Determining Level of Service 
Considering a Data Master 
Data Mastering for Replication 
Data Mastering Across Multiple Applications 
Determining Data Ownership 
Determining Data Access 
Documenting Your Site Survey 
Repeating the Site Survey 
Chapter 3 How to Design the Schema 
Schema Design Process Overview 
iPlanet Standard Schema 
Schema Format 
Standard Attributes 
Standard Object Classes 
Mapping Your Data to the Default Schema 
Viewing the Default Directory Schema 
Matching Data to Schema Elements 
Customizing the Schema 
When to Extend Your Schema 
Getting and Assigning Object Identifiers 
Naming Attributes and Object Classes 
Strategies for Defining New Object Classes 
Strategies for Defining New Attributes 
Deleting Schema Elements 
Creating Custom Schema Files 
Custom Schema Best Practices 
Maintaining Data Consistency 
Schema Checking 
Selecting Consistent Data Formats 
Maintaining Consistency in Replicated Schema 
Other Schema Resources 
Chapter 4 Designing the Directory Tree 
Introduction to the Directory Tree 
Designing Your Directory Tree 
Choosing a Suffix 
Suffix Naming Conventions 
Naming Multiple Suffixes 
Creating Your Directory Tree Structure 
Branching Your Directory 
Identifying Branch Points 
Replication Considerations 
Access Control Considerations 
Naming Entries 
Naming Person Entries 
Naming Organization Entries 
Naming Other Kinds of Entries 
Grouping Directory Entries 
Static and Dynamic Groups 
Managed, Filtered, and Nested Roles 
Deciding Between Groups and Roles 
Class of Service 
Directory Tree Design Examples 
Directory Tree for an International Enterprise 
Directory Tree for an ISP 
Other Directory Tree Resources 
Chapter 5 Designing the Directory Topology 
Topology Overview 
Distributing Your Data 
About Using Multiple Databases 
About Suffixes 
About Knowledge References 
Using Referrals 
The Structure of an LDAP Referral 
About Default Referrals 
Smart Referrals 
Tips for Designing Smart Referrals 
Using Chaining 
Deciding Between Referrals and Chaining 
Usage Differences 
Evaluating Access Controls 
Using Indexes to Improve Database Performance 
Overview of Directory Index Types 
Evaluating the Costs of Indexing 
Chapter 6 Designing the Replication Process 
Introduction to Replication 
Replication Concepts 
Replica 
Supplier/Consumer 
Change Log 
Unit of Replication 
Replication Agreement 
Replication Identity 
Data Consistency 
Common Replication Scenarios 
Single-Master Replication 
Multi-Master Replication 
Cascading Replication 
Mixed Environments 
Defining a Replication Strategy 
Replication Survey 
Replication Resource Requirements 
Using Replication for High Availability 
Using Replication for Local Availability 
Using Replication for Load Balancing 
Example of Network Load Balancing 
Example of Load Balancing for Improved Performance 
Example Replication Strategy for a Small Site 
Example Replication Strategy for a Large Site 
Using Replication with other Directory Features 
Replication and Access Control 
Replication and Directory Server Plug-ins 
Replication and Database Links 
Schema Replication 
Chapter 7 Designing a Secure Directory 
About Security Threats 
Unauthorized Access 
Unauthorized Tampering 
Denial of Service 
Analyzing Your Security Needs 
Determining Access Rights 
Ensuring Data Privacy and Integrity 
Conducting Regular Audits 
Example Security Needs Analysis 
Overview of Security Methods 
Selecting Appropriate Authentication Methods 
Anonymous Access 
Simple Password 
Certificate-Based Authentication 
Simple Password Over TLS 
Proxy Authorization 
Preventing Authentication by Account Inactivation 
Designing a Password Policy 
Password Policy Attributes 
Password Change After Reset 
User-Defined Passwords 
Password Expiration 
Expiration Warning 
Password Syntax Checking 
Password Length 
Password Minimum Age 
Password History 
Password Storage Scheme 
Designing a Password Policy in a Replicated Environment 
Designing an Account Lockout Policy 
Designing Access Control 
About the ACI Format 
Targets 
Permissions 
Bind Rules 
Setting Permissions 
The Precedence Rule 
Allowing or Denying Access 
When to Deny Access 
Where to Place Access Control Rules 
Using Filtered Access Control Rules 
Using ACIs: Some Hints and Tricks 
Securing Connections With SSL 
Other Security Resources 
Chapter 8 Directory Design Examples 
An Enterprise 
Data Design 
Schema Design 
Directory Tree Design 
Topology Design 
Database Topology 
Server Topology 
Replication Design 
Supplier Architecture 
Supplier Consumer Architecture 
Security Design 
Tuning and Optimizations 
Operations Decisions 
A Multinational Enterprise and its Extranet 
Data Design 
Schema Design 
Directory Tree Design 
Topology Design 
Database Topology 
Server Topology 
Replication Design 
Supplier Architecture 
Security Design 
Index 
Index DocHome Next
Copyright © 2002 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated February 26, 2002