Skip to Content
United States [Change]
English
Solaris Operating System
Naming & Directory Services Technical FAQ
Technical QuestionsQ: What new functionality has been introduced in Solaris 9 Operating System (OS) with regard to naming and directory services?
A:
There are several new features introduced in naming services in the Solaris
platform. The three most notable are:
Q: What is the Secure LDAP client?
A:
Solaris 8 native LDAP authentication did not offer any session or password encryption, which matched the Sun ONE Directory Server's encrypted authentication algorithms. In the Solaris 9 OS, SASL/Digest-MD5 and SSL/TLS 1.0 have been added to allow for password or complete session encryption respectively. This allows a high degree of assurance in using LDAP as a naming service.
Q: What additional functionality has been incorporated in the "Secure LDAP client" for Solaris 9 software?
A:
The Solaris 9 LDAP client supports schema mapping and uses a standardized configuration profile. In addition, the Solaris 9 LDAP client is completely backward compatible with the Solaris 8 client. New commands like ldapaddent for more sophisticated LDAP add entry and Idsconfig for more sophisticated configuration utility for the Sun ONE Directory Server 5.1 have been incorporated.
Q: What is the status of NIS+ for the Solaris 9 Operating System?
A:
NIS+ is a mature and stable naming service. Sun's customers have indicated a preference for using IETF standards for naming services based on "LDAP". Sun is indicating formally, that there are plans for NIS+ to be removed after the Solaris 9 release. Customers are encouraged to migrate to the Sun ONE Directory Server v5.1, which is integrated in the Solaris 9 platform. The Sun ONE Directory Server incorporates the latest technology and is based on LDAP standards. For more detailed information on what the EOF announcement means to you visit www.sun.com/directory/nisplus/transition.html.
Q: What migration tools have been provided to help migration from NIS+ to LDAP environments?
A:
The Solaris 9 OS includes NIS+ to LDAP migration tools to help migrate NIS+
environments to LDAP. Migration is a two-step process:
Q: What is the future plan for NIS?
A:
Through products and services, Sun is enabling customers to make the transition to LDAP based naming services. Once these transitions are well underway, Sun will evaluate the appropriate time to formally announce the transition plan for NIS. It is likely that our plan will follow the one for NIS+, modified by experiences gained during that transition. The earliest that such an announcement would occur would be after the next major release following the Solaris 9 OS.
Q: What does the integration of the Sun ONE Directory Server mean to customers?
A:
The integration means that the Sun ONE Directory Server will now be part of the Solaris 9 OS and will support the Solaris package format. In addition, the installation of the directory server will be part of the Solaris installation process thus providing for a smoother installation experience. It is Sun's stated strategic direction to use the directory as the central system repository for various manageability and security functionality that will deliver better service levels at lower service costs.
Q: What are the features of the Sun ONE Directory Server?
A:
The Solaris 9 OS will include the Sun ONE Directory Server 5.1 with a 200,000-user entry license for the enterprise. Based on a highly advanced, carrier-grade architecture, Sun ONE Directory Server 5.1 delivers a high performance, highly scalable, user-management infrastructure that helps organizations manage identity, relationships, and risk. The directory server incorporates several unique features like multi-master replication, chaining, multiple database backend support and DIGEST-MD5 support which allow for improved reliability and scalability. In addition, features like IPv6 support and documented plug-in API along with roles and class of services provide for better manageability and ease of administration. For more details on what the directory can do for your network identity infrastructure please visit
/software/products/directory_srvr/home_directory.xml.
Q: What are limitations of the 200,000-entry license?
A:
The license allows for full-production usage of the Sun ONE Directory Server 5.1 up to 200,000 entries. An entry is defined as a single unique Distinguished Name ("DN") and its contained attributes. Excluded are all necessary objects to support a Solaris user such as NIS/NIS+ tables. The 200,000 entries per enterprise network can be used for either intranet or extranet applications. Thus an entry in essence is defined as one that uses the LDAP store for authentication. System management entries like printers, hosts etc. that are not authentication types of entries are not counted towards the 200,000 entries limit.
Q: What is the mechanics of accounting entries on the master and the replica; do the entries on the replica count towards the 200,000-entry limit?
A:
Only "DN" type entries on the master are considered towards the 200,000-entry limit. Customers can deploy as many replica servers at no charge as long as they are also on the Solaris 9 OS. Any combination of Solaris 9 software and another operating system-NT, Linux, AIX etc.- a license must be purchased to cover the users on the other operating system.
Example Deployment # 1 A customer with the following deployment configuration with deployment of both master and replica on Solaris 9
Example Deployment # 2 A customer has the following deployment scenario of both master and replica
Example Deployment # 3 A customer with the following deployment configuration for entries in the iPla net directory server (LDAP) data store
Q: We are currently using the iPlanet Directory Server 4.16, what is the process for upgrading to the latest version of the Sun ONE Directory Server?
A:
There is couple of ways one could upgrade to using the latest version of the Sun ONE Directory Server. One way is to upgrade to the version of Solaris that has the integrated directory in it. If one however wishes to upgrade on an existing Solaris environment one needs to purchase a support contract for the iPlanet directory Server. The support contract enables upgrade from existing versions of the directory server to newer versions of the directory within the terms as defined in the support contract. Please consult with your Sun sales representative on the exact terms of the support contract.
Q: How is the Sun ONE Directory Server supported? Is the support for the directory part of the overall Solaris software support plan?
A:
Support for the directory server is provided at an additional charge that is based on the number of entries to be supported. Once the support has been purchased it enables you to upgrade to the latest version of the directory at no additional charge. Please ask your Sun sales representative for additional details.
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
