Index DocHome Next |
iPlanet Directory Server Deployment Guide |
Contents
About This GuidePurpose of This Guide
iPlanet Directory Server 5.0 Overview
Conventions Used in This Guide
Related Information
Chapter 1 Introduction to Directory ServerWhat is a Directory Service?
About Global Directory Services
Introduction to iPlanet Directory Server
About LDAP
Overview of Directory Server Architecture
Directory Design Overview
Overview of the Server Front-End
Directory Server Data Storage
Server Plug-ins Overview
Overview of the Basic Directory Tree
About Directory Entries
Distributing Directory Data
Design Process Outline
Other General Directory Resources
Deploying Your Directory
Piloting Your Directory
Putting Your Directory Into Production
Chapter 2 How to Plan Your Directory DataIntroduction to Directory Data
What Your Directory Should Not Include
Defining Your Directory Needs
Performing a Site Survey
Identifying the Applications that Use Your Directory
Identifying Data Sources
Characterizing Your Directory Data
Determining Level of Service
Considering a Data Master
Data Mastering for Replication
Determining Data Ownership
Data Mastering Across Multiple Applications
Determining Data Access
Documenting Your Site Survey
Repeating the Site Survey
Chapter 3 How to Design the SchemaSchema Design Process Overview
iPlanet Standard Schema
Schema Format
Mapping Your Data to the Default Schema
Standard Attributes
Standard Object Classes
Viewing the Default Directory Schema
Customizing the Schema
Matching Data to Schema Elements
When to Extend Your Schema
Maintaining Consistent Schema
Getting and Assigning Object Identifiers
Naming Attribute and Object Classes
Strategies for Defining New Object Classes
Strategies for Defining New Attributes
Deleting Schema Elements
Schema Checking
Other Schema Resources
Selecting Consistent Data Formats
Maintaining Consistency in Replicated Schema
Chapter 4 Designing the Directory TreeIntroduction to the Directory Tree
Designing Your Directory Tree
Choosing a Suffix
Grouping Directory Entries
Suffix Naming Conventions
Creating Your Directory Tree Structure
Naming Multiple Suffixes
Branching Your Directory
Naming Entries
Identifying Branch Points
Replication Considerations
Access Control Considerations
Naming Person Entries
Naming Group Entries
Naming Organization Entries
Naming Other Kinds of Entries
About Roles
Directory Tree Design Examples
Deciding Between Roles and Groups
About Class of Service
Directory Tree for an International Enterprise
Other Directory Tree Resources
Directory Tree for an ISP
Chapter 5 Designing the Directory TopologyTopology Overview
Distributing Your Data
About Using Multiple Databases
About Knowledge References
About Suffixes
Using Referrals
Using Indexes to Improve Database Performance
The Structure of an LDAP Referral
Using Chaining
About Default Referrals
Smart Referrals
Tips for Designing Smart Referrals
Deciding Between Referrals and Chaining
Usage Differences
Evaluating Access Controls
Overview of Directory Index Types
Evaluating the Costs of Indexing
Chapter 6 Designing the Replication ProcessIntroduction to Replication
Replication Concepts
Common Replication Scenarios
Unit of Replication
Data Consistency
Read-Write Replica/Read-Only Replica
Supplier/Consumer
Change Log
Replication Agreement
Single-Master Replication
Defining a Replication Strategy
Multi-Master Replication
Cascading Replication
Mixed Environments
Replication Survey
Using Replication with other Directory Features
Replication Resource Requirements
Using Replication for High Availability
Using Replication for Local Availability
Using Replication for Load Balancing
Example of Network Load Balancing
Example Replication Strategy for a Small Site
Example of Load Balancing for Improved Performance
Example Replication Strategy for a Large Site
Replication and Access Control
Replication and Directory Server Plug-ins
Replication and Database Links
Schema Replication
Chapter 7 Designing a Secure DirectoryAbout Security Threats
Unauthorized Access
Analyzing Your Security Needs
Unauthorized Tampering
Denial of Service
Determining Access Rights
Overview of Security Methods
Ensuring Data Privacy and Integrity
Conducting Regular Audits
Example Security Needs Analysis
Selecting Appropriate Authentication Methods
Anonymous Access
Preventing Authentication by Account Inactivation
Simple Password
Certificate-Based Authentication
Simple Password Over TLS
Proxy Authentication
Designing a Password Policy
Password Policy Attributes
Designing Access Control
Password Change After Reset
Designing a Password Policy in a Replicated Environment
User-Defined Passwords
Password Expiration
Expiration Warning
Password Syntax Checking
Password Length
Password Minimum Age
Password History
Password Storage Scheme
Designing an Account Lockout Policy
About the ACI Format
Securing Connections With SSL
Targets
Setting Permissions
Permissions
Bind Rules
The Precedence Rule
Using ACIs: Some Hints and Tricks
Allowing or Denying Access
When to Deny Access
Where to Place Access Control Rules
Using Filtered Access Control Rules
Other Security Resources
Chapter 8 Directory Design ExamplesAn Enterprise
Index
Data Design
A Multinational Enterprise and its Extranet
Schema Design
Directory Tree Design
Topology Design
Database Topology
Replication Design
Server Topology
Supplier Architecture
Security Design
Supplier Consumer Architecture
Tuning and Optimizations
Operations Decisions
Data Design
Schema Design
Directory Tree Design
Topology Design
Database Topology
Replication Design
Server Topology
Supplier Architecture
Security Design
Index DocHome Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated March 15, 2001