A directory server such as Sun Java System Directory Server allows you to manage all your user information from a single source. You can also configure the directory server to allow your users to retrieve directory information from multiple, easily accessible network locations.
In Sun Java System Web Server 6.1, you can configure three different types of directory services to authenticate and authorize users and groups. If no other directory service is configured, the new directory service created will be set to the value default, irrespective of its type.
When you create an a directory service, the server-root/userdb/dbswitch.conf file is updated with the directory service details.
The different types of directory services supported by Sun Java System Web Server 6.1 are:
LDAP: Stores user and group information in an LDAP-based directory server.
If the LDAP service is the default service, the dbswitch.conf file is updated as shown in the example below:
directory default ldap://test22.india.sun.com:589/dc%3Dindia%2Cdc%3Dsun%2Cdc%3Dcom default:binddn cn=Directory Manager default:encoded bindpw YWRtaW5hZG1pbg==
If the LDAP service is a non-default service, the dbswitch.conf file is updated as shown in the example below:
directory ldap ldap://test22.india.sun.com:589/dc%3Dindia%2Cdc%3Dsun%2Cdc%3Dcom ldap:binddn cn=Directory Manager ldap:encoded bindpw YWRtaW5hZG1pbg==
Key File: A key file is a text file that contains the user’s password in a hashed format, and the list of groups to which the user belongs. The users and groups stored in a key file are used for authorization and authentication by the file realm alone; these bear no relationship to system users and groups. For more information about the file realm, see File realm.
The key file format can only be used when the intent is to use HTTP Basic authentication. For more information about this authentication method, see Specifying Users and Groups.
When you create a key file-based database, the dbswitch.conf file is updated as shown in the example below:
directory keyfile file keyfile:syntax keyfile keyfile:keyfile D:\test22\keyfile\keyfiledb
Digest File: Stores user and group information based on encrypted username and password.
The digest file format is meant to support using HTTP Digest authentication. It does, however, also support Basic authentication, so it can be used for both authentication methods. For more information about these methods, see Specifying Users and Groups.
When you create a digest-based database, the dbswitch.conf file is updated as shown in the example below:
directory digest file digest:syntax digest digest:digestfile D:\test22\digest\digestdb
If you want to set up distributed administration, the default directory service must be an LDAP-based directory service.