Contents


About This Guide

Purpose of This Guide
Conventions Used in This Guide
Related Information

Chapter 1 Introduction to Directory Server

What is a Directory Service?

About Global Directory Services
About LDAP

Introduction to iPlanet Directory Server

Overview of Directory Server Architecture

Overview of the Server Front-End
Server Plug-ins Overview
Overview of the Basic Directory Tree

Directory Server Data Storage

About Directory Entries
Distributing Directory Data

Directory Design Overview

Design Process Outline
Deploying Your Directory

Piloting Your Directory
Putting Your Directory Into Production

Other General Directory Resources

Chapter 2 How to Plan Your Directory Data

Introduction to Directory Data

What Your Directory Might Include
What Your Directory Should Not Include

Defining Your Directory Needs
Performing a Site Survey

Identifying the Applications that Use Your Directory
Identifying Data Sources
Characterizing Your Directory Data
Determining Level of Service
Considering a Data Master

Data Mastering for Replication
Data Mastering Across Multiple Applications

Determining Data Ownership
Determining Data Access
Documenting Your Site Survey
Repeating the Site Survey

Chapter 3 How to Design the Schema

Schema Design Process Overview
iPlanet Standard Schema

Schema Format
Standard Attributes
Standard Object Classes

Mapping Your Data to the Default Schema

Viewing the Default Directory Schema
Matching Data to Schema Elements

Customizing the Schema

When to Extend Your Schema
Getting and Assigning Object Identifiers
Naming Attributes and Object Classes
Strategies for Defining New Object Classes
Strategies for Defining New Attributes
Deleting Schema Elements
Creating Custom Schema Files
Custom Schema Best Practices

Maintaining Data Consistency

Schema Checking
Selecting Consistent Data Formats
Maintaining Consistency in Replicated Schema

Other Schema Resources

Chapter 4 Designing the Directory Tree

Introduction to the Directory Tree
Designing Your Directory Tree

Choosing a Suffix

Suffix Naming Conventions
Naming Multiple Suffixes

Creating Your Directory Tree Structure

Branching Your Directory
Identifying Branch Points
Replication Considerations
Access Control Considerations

Naming Entries

Naming Person Entries
Naming Organization Entries
Naming Other Kinds of Entries

Grouping Directory Entries

Static and Dynamic Groups
Managed, Filtered, and Nested Roles
Deciding Between Groups and Roles
Class of Service

Directory Tree Design Examples

Directory Tree for an International Enterprise
Directory Tree for an ISP

Other Directory Tree Resources

Chapter 5 Designing the Directory Topology

Topology Overview
Distributing Your Data

About Using Multiple Databases
About Suffixes

About Knowledge References

Using Referrals

The Structure of an LDAP Referral
About Default Referrals
Smart Referrals
Tips for Designing Smart Referrals

Using Chaining
Deciding Between Referrals and Chaining

Usage Differences
Evaluating Access Controls

Using Indexes to Improve Database Performance

Overview of Directory Index Types
Evaluating the Costs of Indexing

Chapter 6 Designing the Replication Process

Introduction to Replication

Replication Concepts

Replica
Supplier/Consumer
Change Log
Unit of Replication
Replication Agreement
Replication Identity

Data Consistency

Common Replication Scenarios

Single-Master Replication
Multi-Master Replication
Cascading Replication
Mixed Environments

Defining a Replication Strategy

Replication Survey
Replication Resource Requirements
Using Replication for High Availability
Using Replication for Local Availability
Using Replication for Load Balancing

Example of Network Load Balancing
Example of Load Balancing for Improved Performance

Example Replication Strategy for a Small Site
Example Replication Strategy for a Large Site

Using Replication with other Directory Features

Replication and Access Control
Replication and Directory Server Plug-ins
Replication and Database Links
Schema Replication

Chapter 7 Designing a Secure Directory

About Security Threats

Unauthorized Access
Unauthorized Tampering
Denial of Service

Analyzing Your Security Needs

Determining Access Rights
Ensuring Data Privacy and Integrity
Conducting Regular Audits
Example Security Needs Analysis

Overview of Security Methods
Selecting Appropriate Authentication Methods

Anonymous Access
Simple Password
Certificate-Based Authentication
Simple Password Over TLS
Proxy Authorization

Preventing Authentication by Account Inactivation
Designing a Password Policy

Password Policy Attributes

Password Change After Reset
User-Defined Passwords
Password Expiration
Expiration Warning
Password Syntax Checking
Password Length
Password Minimum Age
Password History
Password Storage Scheme

Designing a Password Policy in a Replicated Environment
Designing an Account Lockout Policy

Designing Access Control

About the ACI Format

Targets
Permissions
Bind Rules

Setting Permissions

The Precedence Rule
Allowing or Denying Access
When to Deny Access
Where to Place Access Control Rules
Using Filtered Access Control Rules

Using ACIs: Some Hints and Tricks

Securing Connections With SSL
Other Security Resources

Chapter 8 Directory Design Examples

An Enterprise

Data Design
Schema Design
Directory Tree Design
Topology Design

Database Topology
Server Topology

Replication Design

Supplier Architecture
Supplier Consumer Architecture

Security Design
Tuning and Optimizations
Operations Decisions

A Multinational Enterprise and its Extranet

Data Design
Schema Design
Directory Tree Design
Topology Design

Database Topology
Server Topology

Replication Design

Supplier Architecture

Security Design

Index