System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

Chapter 12 Introduction to the LDAP Naming Service (Overview/Reference)

The LDAP chapters describe how to set up a Solaris naming client to work with the iPlanet Directory Server 5.1. A brief discussion of generic directory server requirements is in Chapter 18, General Reference.


Note –

Though a directory server is not necessarily an LDAP server, in the context of these chapters, the term, “directory server”, is considered synonymous with “LDAP server”.


Audience Assumptions

The LDAP Naming Service chapters are written for system administrators who already have a working knowledge of LDAP. The following is a partial list of concepts with which you must be very familiar prior to deploying a Solaris-based LDAP naming service using this guide.

Suggested Background Reading

If you need to learn more about any of the aforementioned concepts or would like to study LDAP and the deployment of directory services in general, the following are useful titles.

Additional Prerequisites

If you are transitioning from using NIS+ to using LDAP, refer to the Appendix entitled, “Transitioning from NIS+ to LDAP” in System Administration Guide: Naming and Directory Services (FNS and NIS+) and complete the transition before proceeding with these chapters.

If you need to Install the iPlanet Directory Server 5.1, refer to the iPlanet Directory Server 5.1 Installation Guide.

LDAP Naming Service Versus Other Naming Services

Below is a quick comparison between FNS, DNS, NIS, NIS+ and LDAP naming services.

 

DNS 

NIS 

NIS+ 

FNS 

LDAP 

NAMESPACE 

Hierarchical 

Flat 

Hierarchical 

Hierarchical 

Hierarchical 

DATA STORAGE 

Files/ 

resource records 

2 column maps 

Multi columned tables 

Maps 

Directories [varied] 

Indexed database 

SERVERS  

Master/slave 

Master 

/slave 

Root master/ 

non-root master; primary/ 

secondary; cache/stub 

N/A 

Master/replica 

Multi master replica 

SECURITY 

none 

None (root or nothing) 

DES 

Authentication  

None (root or nothing) 

SSL, varied 

TRANSPORT 

TCP/IP 

RPC 

RPC 

RPC 

TCP/IP 

SCALE 

Global 

LAN 

LAN 

Global (with DNS)/LAN 

Global 

Using Fully Qualified Domain Names

One significant difference between an LDAP client and a NIS or NIS+ client is that an LDAP client always returns a Fully Qualified Domain Name (FQDN) for a host name, similar to those returned by DNS. For example, if your domain name is


west.example.net

both gethostbyname() and getipnodebyname() return the FQDN version when looking up the hostname server.


server.west.example.net

Also if you use interface specific aliases like server-#, a long list of fully qualified host names is returned. If you are using host names to share file systems or have other such checks you need to account for it. This is especially true if you assume non-FQDN for local hosts and FQDN only for remote DNS resolved hosts. If you setup LDAP with a different domain name from DNS you might be surprised when the same host has two different FQDNs, depending on the lookup source.

Advantages of LDAP Naming Service

Disadvantages of LDAP Naming Service

The following are some disadvantages to using LDAP instead of other naming services.


Note –

A directory server (an LDAP server) cannot be its own client. In other words, you cannot configure the machine that is running the directory server software to become an LDAP naming service client.


New LDAP Naming Service Features for Solaris 9

Transitioning from NIS+ to LDAP


Note –

NIS+ might not be supported in a future release. Tools to aid the migration from NIS+ to LDAP are available in the Solaris 9 operating environment.

For more information, visit http://www.sun.com/directory/nisplus/transition.html.


For information on transitioning from NIS+ to LDAP, see the Appendix, “Transitioning From NIS+ to LDAP” in System Administration Guide: Naming and Directory Services (FNS and NIS+).

LDAP Naming Service Setup (Task Map)

Table 12–1

Task 

For Instructions 

Plan the Network Model 

Planning the Network Model

Plan the DIT 

Planning the Directory Information Tree (DIT)

Set up replica servers 

Replica Servers

Plan the security model 

Planning the Security Model

Choose client profiles and default attribute values 

Planning Client Profiles and Default Attribute Values

Plan the data population 

Planning the Data Population

Configure the iPlanet Directory Server 5.1 prior to using it with LDAP naming services 

Using Express and Typical Configuration

Set up the iPlanet Directory Server 5.1 for use with LDAP naming clients 

Chapter 15, iPlanet Directory Server 5.1 Setup (Tasks)

Manage printer entries 

Managing Printer Entries

Initialize an LDAP client 

Initializing a Client

Initialize a client using profiles 

Using Profiles to Initialize a Client

Initialize a client manually  

Initializing a Client Manually

Un-initialize a client 

Un-initializing a Client

Use Service Search Descriptors to modify client profiles 

Using Service Search Descriptors to Modify Client Access to Various Services

Retrieve naming service information 

Retrieving Naming Service Information

Customize a client environment 

Customizing the Client Environment