Sun ONE logo     Previous      Index      Next     
Sun ONE Directory Server 5.2 Deployment Guide


Purpose of This Guide
Typographical Conventions
Default Paths and Filenames
Downloading Directory Server Tools
Suggested Reading

Part 1 Directory Server Design

Chapter 1 Directory Server Design and Deployment Overview
Directory Design Overview
Design Process Outline
Directory Deployment Overview

Chapter 2 Planning and Accessing Directory Data
Introduction to Directory Data
What Your Directory Might Include
What Your Directory Should Not Include
Defining Your Directory Needs
Accessing Your Directory Data with DSML over HTTP/SOAP
DSMLv2 Over HTTP/SOAP Deployment
Performing a Site Survey
Identifying the Applications That Use Your Directory
Identify How Applications Will Access Your Directory
Identifying Data Sources
Characterizing Your Directory Data
Determining Directory Availability Requirements
Considering a Data Master Server
Determining Data Ownership
Determining Data Access
Documenting Your Site Survey
Repeating the Site Survey

Chapter 3 Designing the Schema
Sun ONE Directory Server Schema
Schema Design Process Overview
Mapping Your Data to the Default Schema
Viewing the Default Directory Schema
Matching Data to Schema Elements
Customizing the Schema
When to Extend Your Schema
Getting and Assigning Object Identifiers
Naming Attributes and Object Classes
Strategies for Defining New Object Classes
Strategies for Defining New Attributes
Deleting Schema Elements
Creating Custom Schema Files - Best Practices and Pitfalls
Maintaining Data Consistency
Schema Checking
Selecting Consistent Data Formats
Maintaining Consistency in Replicated Schema
Other Schema Resources

Chapter 4 Designing the Directory Tree
Introduction to the Directory Tree
Designing Your Directory Tree
Choosing a Suffix
Creating Your Directory Tree Structure
Naming Entries
Grouping Directory Entries and Managing Attributes
Static and Dynamic Groups
Managed, Filtered, and Nested Roles
Role Enumeration and Role Membership Enumeration
Role Scope
Role Limitations
Deciding Between Groups and Roles
Managing Attributes with Class of Service (CoS)
About CoS
Cos Definition Entries and CoS Template Entries
CoS Priorities
Pointer CoS, Indirect CoS, and Classic CoS
CoS Limitations
Directory Tree Design Examples
Directory Tree for an International Enterprise
Directory Tree for an ISP
Other Directory Tree Resources

Chapter 5 Designing the Directory Topology
Topology Overview
Distributing Your Data
Using Multiple Databases
About Suffixes
About Referrals and Chaining
Using Referrals
Using Chaining
Deciding Between Referrals and Chaining

Chapter 6 Designing the Replication Process
Introduction to Replication
Replication Concepts
Common Replication Scenarios
Single-Master Replication
Multi-Master Replication
Cascading Replication
Mixed Environments
Fractional Replication
Defining a Replication Strategy
Replication Backward Compatibility
Replication Survey
Replication Resource Requirements
Using Replication for High Availability
Using Replication for Local Availability
Using Replication for Load Balancing
Example Replication Strategy for a Small Site
Example Replication Strategy for a Large Site
Replication Strategy for a Large, International Enterprise
Using Replication with Other Directory Features
Replication and Access Control
Replication and Directory Server Plug-Ins
Replication and Chained Suffixes
Schema Replication
Replication and Multiple Password Policies
Replication Monitoring

Chapter 7 Designing a Secure Directory
About Security Threats
Unauthorized Access
Unauthorized Tampering
Denial of Service
Analyzing Your Security Needs
Determining Access Rights
Ensuring Data Privacy and Integrity
Conducting Regular Audits
Example Security Needs Analysis
Overview of Security Methods
Selecting Appropriate Authentication Methods
Anonymous Access
Simple Password
Proxy Authorization
Simple Password Over a Secure Connection
Certificate-Based Client Authentication
SASL-Based Client Authentication
Preventing Authentication by Account Inactivation
Designing your Password Policies
Password Policy Features
Configuring Your Password Policies
Designing an Account Lockout Policy
Designing Password Policies in a Replicated Environment
Designing Access Control
About the ACI Format
Default ACIs
Deciding How to Set Permissions
Requesting Effective Rights Information
Tips on Using ACIs
ACI Limitations
Securing Connections With SSL
Encrypting Attributes
What is Attribute Encryption?
Attribute Encryption Implementation
Attribute Encryption and Performance
Attribute Encryption Usage Considerations
Grouping Entries Securely
Using Roles Securely
Using CoS Securely
Securing Configuration Information
Other Security Resources

Chapter 8 Monitoring Your Directory
Defining a Monitoring and Event Management Strategy
Directory Server Monitoring Tools
Directory Server Monitoring
Monitoring Directory Server Activity
Monitoring Database Activity
Monitoring Disk Status
Monitoring Replication Activity
Monitoring Indexing Efficiency
Monitoring Security
SNMP Monitoring
About SNMP
SNMP Monitoring in Sun ONE Directory Server

Part 2 Directory Server Deployment Scenario and Reference Architectures

Chapter 9 Banking Deployment Scenario
Business Challenge
Deployment Context and Replication Topology
Deployment Context
Replication Topology
Performance Requirements
User Demands
Hardware Guidelines
Schema, Data, and Directory Information Tree Design
Directory Information Tree
Security Considerations

Chapter 10 Architectural Strategies
Addressing Failure and Recovery
Planning a Backup Strategy
Choosing a Backup Method
Choosing a Restoration Method
Sample Replication Topologies
Single Data Center
Two Data Centers
Three Data Centers
Five Data Centers
Single Data Center Using the Retro Change Log Plug-In

Appendix A Accessing Data Using DSMLv2 Over HTTP/SOAP
An Empty Anonymous DSML "Ping" Request
A DSML Request Issuing a User Binding
A DSML Search Request

Previous      Index      Next     
Copyright 2003 Sun Microsystems, Inc. All rights reserved.