Sun and Oracle Channel Sun How to Buy Log In United States [Change] English

Solaris and LDAP Naming Services

Sun Microsystems Press
»   Search By Title
»   Search By Author
»   Search By Subject
»   Just Published
»   Soon to be Published
»   Notification Form
»   Listings
 
Related:
»   Translations
»   Sun BluePrints Series
»   Java Series
»   Solaris Series
 
See Also:
»   Prentice Hall PTR
»   Addison-Wesley
»   Sun Developer Network
»   Sun Tech Days
 

Solaris and LDAP Naming Services

Deploying LDAP in the Enterprise
By Tom Bialaski and Michael Haines
First edition, 372 pages
ISBN 0-13-030678-9
Sample Chapter


buy now ยป


Active Tab Table of Contents

Table of Contents

Acknowledgements

Preface

Chapter 1: Solaris Naming Services Overview

Definition of a Naming Service
Definition of a Directory Service
Directory Service versus Database Servers
Proliferation of Directory Services Solaris Directory Services-Historical Perspective
Network Information Service
NIS+ 5
Domain Name System
Solaris Naming Service Switch LDAP Background
Brief History of LDAP
LDAP Goals and Specifications Solaris LDAP Implementation
Factors to Consider When Deploying LDAP

Chapter 2: Solaris Naming Services Architecture

Evolution of Solaris Naming Services
NIS and Files Coexistence
NIS and DNS Coexistence 13
Solaris Naming Service Switch NIS Architecture Overview
NIS Client Server Architecture
How NIS Clients Bind to the NIS Server
NIS Maps
NIS High Availability Architecture Features NIS+ Architecture Overview
NIS+ Client Server Architecture
How NIS+ Clients Bind to the NIS+ Server
NIS+ Tables
NIS+ Interaction with DNS
NIS+ High Availability Architecture Features Solaris DNS Architecture Overview
DNS Client Architecture
DNS Server Architecture
DNS High Availability Features LDAP Architecture Overview
LDAP Information Model
LDAP Naming Model
LDAP Functional Model
LDAP Security Model
LDAP Replication Comparison with Legacy Naming Services

Chapter 3: Security Models

Authentication versus Authorization
Traditional Solaris Authentication
How UNIX Passwords Work
NIS+ Credentials Alternative Authentication Mechanisms
LDAP Authentication (Simple Authentication)
CRAM-MD5
Kerberos
Secure Socket Layer Authentication Security Infrastructure
iPlanet Directory Server SASL
Solaris PAM Framework
PAM Module Types
How PAM Works
PAM Configuration File
Generic pam.conf File
PAM LDAP Module
How PAM and LDAP Work

Chapter 4: iPlanet Directory Server Installation and Configuration

Product Architecture
Administration Domains
Configuration Data
Login Accounts
Netscape Console
Planning the Installation Installation Procedure
Performing a Typical Installation
Installation Defaults
Starting the Netscape Console
Verifying the Installation
Installation File Navigation
Postinstallation Procedures
Changing Common Installation Configuration Parameters
Importing Directory Data
Reinstalling iPlanet Directory Server
Installation Troubleshooting Tips Directory Replication
Planning Directory Replication
Setting up Replication
Verifying Replication
Troubleshooting Replication Problems
Modifying the Supplier Initiated Agreement Setting up a Secure System Using SSL and Certificates
Planning a Secure Server Configuration
Running the Certificate Setup Wizard
Rebooting the Secure Server
Changingthe Trust Database Password or PIN
Using SSL for Replication iPlanet Directory Server Startup Files
Script Generation Program Installing the NIS Extensions

Chapter 5: Solaris 8 Native LDAP Configuration

Definition of Native LDAP
Native Solaris LDAP Implementation
Solaris LDAP Client Profiles
NIS Domain
Authentication Method
Proxy Agent
Directory Information Tree
Loading Data
Naming Context Server Configuration Procedure
Tools and Techniques
Importing LDIF Files from the Command Line
Summary of Steps Required
Step 1. Modifying slapd.user_at.conf
Step 2. Modifying slapd.oc.conf
Step 3. Modifying slapd.user_oc.conf
Step 4. Changing Password Store to Crypt Format
Step 5. Adding New Containers
Step 6. Modifying Self-Entry Modification
Step 7. Setting VLV Control ACI
Step 8. Adding the Proxy Agent Entry
Step 9. Setting Password Read Permission for proxyagent
Step 10. Generating the Client Profile
Step 11. Creating Indexes
Step 12. Creating Virtual List View Indexes
Step 13. Creating Sample Test Entries
Step 14. Populating the LDAP data Client Configuration
How LDAP Clients Initialize
LDAP Client Initialization Example Troubleshooting Tips
Unresolved Host Name
Unable to Reach Systems in the LDAP Domain Remotely
Sendmail Fails to Deliver/Receive Mail To/From Remote Users
Login Does Not Work

Chapter 6: NIS Extensions Configuration

Overview
What the Extensions Are
Storing NIS Information in LDAP
NIS Extensions Initialization
Initialization Checklist
Initialization Procedure
Postinstallation Verification

Chapter 7: Capacity Planning and Performance Tuning

Server Sizing
Directory Considerations
Directory Size
Directory Access
Security Requirements
Replication Strategy Capacity Planning Methodology
Calculating Directory Database Size
Summary of Disk Storage Requirements
Memory Sizing
Summary of Memory Usage
Estimating CPU Usage
LDAP Test Suite Results of Experimentation
Configuration
Simple Read Test with Persistent Connection
Read Test with Nonpersistent Connection
Modify Tests
Authentication Tests Qualitative Observations Based on Test Results
Performance Tuning
Definition of Indexing
Indexing Summary Caching for Performance
Directory Caches
Evaluating Sizing Factors
Setting the Database Cache Size
Setting Entry Cache Size
Sizing the Database and Entry Caches
Tuning Cache Sizes
Setting the All IDs Threshold
Tuning the All IDs Threshold Value
Setting Search Limit Parameters
Considering Data Design Issues
Designing an LDAP Client
Removing Unnecessary Plug-ins
Tuning Write Performance
Tuning Import Performance Troubleshooting Checklist

Chapter 8: Deploying Highly Available LDAP Data Services

iPlanet Directory Services 4.12 HA Architecture Models
High Availability Strategy Overview of Sun Cluster 2.2 Software
Logical IP Addresses
Data Services for Sun Cluster Building a Sun Cluster with HA LDAP Data Services
LDAP Fault Monitor
iPlanet Directory Server 4.12 Installation
Configuring the Sun Cluster HA for iPlanet Data Services LDAP Cluster Deployment Options
Asymmetric (Hot Standby Model) HA
Active Server Model Redirecting LDAP Client Requests

Chapter 9: Preventive Maintenance

Directory Log Files
Access Log
Viewing the Access Log
Access Log Configuration Options
Error Log
Viewing the Error Log
Audit Log Managing Database Transaction Logging
Changing the Location of the Database Transaction Log
Changing the Database Checkpoint Interval
Enabling Durable Transactions
Backing Up and Restoring the Directory Database
Backing Up the Database from the Directory Server Console
Backing Up the Database from the Command Line
Restoring the Database from the Directory Server Console
Restoring Your Database from the Command Line
Deleting Database Backups
Restoring Databases That Include Replicated Entries
Placing a Database in Read-Only Mode Exporting and Importing the Database with LDIF
Exporting Databases to LDIF from the Command Line
Importing Databases from LDIF

Chapter 10: Managing Directory Services

Establishing Access Control Policies
LDAP Security Model Review
Access Control Instructions
Creating Access Control Instructions
Adding a New ACI through the Directory Server Console Managing the Directory Schema
The Schema Files
How Schema Files Are Read
Modifying the Schema
Creating Attributes from the Directory Server Console
Creating Object Classes from the Directory Server Console Monitoring the Directory Server
Monitoring Resources
Monitoring Server Performance from the Directory Server Console
Monitoring the Server from the Command Line
Monitoring Database Activity
Monitoring the Database from the Directory Server Console
Monitoring the Database from the Command Line Managing with SNMP
Using LDAP MIB Managing the LDAP Directory Server with BMC PATROL
iPlanet Directory Server KM Overview
Introduction to BMC PATROL
Checking Memory Usage with pmap

Chapter 11: Directory Services Consolidation

Benefits of Consolidation
LDAP as a Consolidation Choice
Consolidation Approaches
Consolidation of LDAP-Enabled Applications LDAP Gateways
LDAP Synchronization
Password Synchronization
NIS Extensions for Solaris
NT Synchronization Service
iPlanet Meta-Directory Server
How Meta-Directory Works
Meta-Directory Connectors
Deploying iPlanet Meta-Directory Unified Login and Single Sign-on
Kerberos and LDAP
SiteMinder iPlanet Directory Access Router
iDAR Overview
iPlanet Directory Access Router Feature Set

Chapter 12: Microsoft Windows Interoperability

Windows NT Interoperability
Windows NT Security Model
How the NT User Account Information Is Made Available to Solaris Server
Mapping NT User Account Information to LDAP
How the Synchronization Service Works Windows 2000 Interoperability
Active Directory Services Architecture
Information Model
Security Model
Access Model
Replication Model
How Active Directory Clients Interact with Servers
How Applications Access Active Directory Services Solaris Directory Services and Active Directory Services Interactions
Signing On Only Once
Joining a Windows 2000 Tree or Forest
Specifying LDAP Referrals
Using Windows Services in UNIX 2.0

Appendix A: Using Netscape Communicator as an LDAP Client

Appendix B: LDAP Standards Information

Appendix C: Additional Information

Appendix D: LDAP v3 Result Codes

Appendix ESchema Information

IETF Schemas
RFC 2307 Network Information Service Schema
RFC 2307 Draft Objectclasses
Mail Alias Schema

Glossary

Index