IBM Tivoli Directory Server for z/OS

IBM Tivoli Directory Server for z/OS

by Karan Singh, Corey C Bryant, Jonathan Cottrell, Gillian Gainsford, Saheem Granados, Robert Green, Diane Lia, Nilesh T Patel, John M Walsh
Released June 2011
Publisher(s): IBM Redbooks
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

This IBM® Redbooks® publication examines the IBM Tivoli® Directory Server for z/OS®. IBM Tivoli Directory Server is a powerful Lightweight Directory Access Protocol (LDAP) infrastructure that provides a foundation for deploying comprehensive identity management applications and advanced software architectures.

This publication provides an introduction to the IBM Tivoli Directory Server for z/OS that provides a brief summary of its features and a examination of the possible deployment topologies. It discusses planning a deployment of IBM Tivoli Directory Server for z/OS, which includes prerequisites, planning considerations, and data stores, and provides a brief overview of the configuration process. Additional chapters provide a detailed discussion of the IBM Tivoli Directory Server for z/OS architecture that examines the supported back ends, discusses in what scenarios they are best used, and provides usage examples for each back end. The discussion of schemas breaks down the schema and provides guidance on extending it. A broad discussion of authentication, authorization, and security examines the various access protections, bind mechanisms, and transport security available with IBM Tivoli Directory Server for z/OS. This chapter also provides an examination of the new Password Policy feature. Basic and advanced replication topologies are also covered. A discussion on plug-ins provides details on the various types of plug-ins, the plug-in architecture, and creating a plug-in, and provides an example plug-in. Integration of IBM Tivoli Directory Server for z/OS into the IBM Workload Manager environment is also covered.

This publication also provides detailed information about the configuration of IBM Tivoli Directory Server for z/OS. It discusses deploying IBM Tivoli Directory Server for z/OS on a single system, with examples of configuring the available back ends. Configuration examples are also provided for deploying the server in a Sysplex, and for both basic and advanced replication topologies. Finally it provides guidance on monitoring and debugging IBM Tivoli Directory Server for z/OS.

Table of contents

  1. Notices
    1. Trademarks
  2. Preface
    1. The team who wrote this book
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  3. Part 1: Overview
  4. Chapter 1: Tivoli Directory Server for z/OS
    1. z/OS LDAP - features
    2. IBM Tivoli Directory Server for z/OS
    3. Directory Architecture
    4. Server Architectures
      1. Single-Server
      2. Multi-Server (Sysplex)
      3. Master-Replica Replication
      4. Forwarding (Cascading) Replication
      5. Peer-to-Peer Replication
      6. Gateway Replication
      7. Remote security services using the z/OS LDAP server
      8. Further Information
  5. Chapter 2: Planning
    1. Planning and Considerations
    2. Where to store your data
    3. Required products
      1. Optional products
    4. Configuring IBM Tivoli Directory Server for z/OS
      1. Where and how to store user passwords?
      2. Configuring for advanced replication and LDAP password policy
      3. Activity and audit logging
      4. Using the dsconfig utility
  6. Part 2: Concepts
  7. Chapter 3: Back ends
    1. Back end overview
    2. TDBM back end
      1. TDBM configuration
      2. Porting TDBM data from IBM Tivoli Directory Server for z/OS to IBM Tivoli Directory Server for z/OS
      3. Porting TDBM data from ISS to IBM Tivoli Directory Server for z/OS
      4. Using the TDBM back end
      5. Tuning the TDBM back end
    3. LDBM back end
      1. LDBM configuration
      2. Porting LDBM data
      3. Creating a sample server with an LDBM back end
      4. Using the LDBM back end
      5. Tuning the LDBM back end
      6. Sample LDBM benchmark data
    4. CDBM back end
      1. CDBM Configuration
      2. Using the CDBM back end
      3. Tuning the CDBM back end
    5. SDBM back end
      1. SDBM Configuration
      2. Using the SDBM back end
      3. Searching the SDBM back end
      4. Tuning the SDBM back end (RACF database)
      5. RACF resources (1/2)
      6. RACF resources (2/2)
    6. GDBM back end
      1. GDBM configuration
      2. Enabling change logging
      3. Additional configuration for RACF change logging
      4. Using the GDBM back end
      5. Tuning the GDBM back end
  8. Chapter 4: Schemas
    1. Schema
    2. Schema configuration in IBM Tivoli Directory Server for z/OS
      1. Applying schema to IBM Tivoli Directory Server for z/OS
    3. Attribute Types
      1. Attributetypes and ibmattributetypes attribute format
    4. Object Classes
      1. objectclasses attribute value format
    5. Defining additional schema in IBM Tivoli Directory Server for z/OS
      1. Defining additional schema example
    6. Defining additional schema for use with RACF custom fields
  9. Chapter 5: Authentication, authorization, and security
    1. Overview
    2. Authentication mechanisms supported by IBM Tivoli Directory Server for z/OS
      1. Anonymous
      2. Simple
      3. CRAM-MD5
      4. DIGEST-MD5
      5. GSS-API (Kerberos)
      6. External (SSL)
    3. Native authentication
      1. Setting up native authentication
      2. Changing a password or password phrase of an entry participating in native authentication
    4. Authorization using Tivoli Directory Server Access Control Lists (ACL)
      1. Setting up IBM Tivoli Directory Server Authorization
      2. Normalization
      3. Propagation
      4. Authorization Permissions
      5. Precedence
      6. Determining the Subject
      7. Calculating Effective Permissions
      8. Filtered Access Control
      9. Testing Authorization Configurations
      10. Closing thoughts on authorization
    5. Groups and group gathering in IBM Tivoli Directory Server for z/OS
      1. Static, dynamic, and nested groups
      2. Querying group membership
      3. Static, dynamic, and nested group pros and cons
      4. Group gathering
    6. Password Policy
      1. Multiple password policies
      2. Meaning of various attributes in password policy
    7. Encryption and Hashing
    8. SSL/TLS
      1. Certificates and key repositories
      2. Setting up IBM Tivoli Directory Server for z/OS to use SSL/TLS
    9. Persistent Search
  10. Chapter 6: Reliability, availability, and scalability
    1. Reliability, Availability and Scalability
      1. Availability
    2. Sysplex
    3. Replication
    4. Topology
      1. Master - Replica
      2. Peer - Peer
      3. Forwarding/Cascading
      4. Gateway
      5. Sysplex and Replication
    5. Setting up Replication
      1. Consumer Configuration
      2. Supplier Configuration
      3. Synchronizing the servers
      4. Maintaining the Topology
    6. Additional Advanced Replication Features
      1. Scheduling
      2. Filtering
  11. Chapter 7: Plug-ins
    1. IBM Tivoli Directory Server for z/OS Server Plug-ins
    2. Pre-operation and post-operation plug-ins
    3. Client-operation plug-ins
    4. Building an IBM Tivoli Directory Server for z/OS server plug-in
    5. Steps for writing a IBM Tivoli Directory Server for z/OS server plug-in
    6. IBM Tivoli Directory Server for z/OS Server Plug-in Sample
      1. Stepping through plugin_sample.c
      2. Steps for building and running the sample plug-in
    7. Exploiters of IBM Tivoli Directory Server for z/OS Plug-in Support
  12. Chapter 8: Workload Management
    1. Workload Management Overview
    2. Using Configuration Options
      1. Configuring WLM to support incoming requests
      2. Configuring LDAP to exploit WLM
    3. Using Workload Manager and Operations Monitor together
    4. Workload Manager Health
  13. Part 3: Installation and configuration examples
  14. Chapter 9: Implementing IBM Tivoli Directory Server on a single system
    1. A basic IBM Tivoli Directory Server server with LDBM
      1. Prepare the z/OS system
      2. Implementing IBM Tivoli Directory Server with dsconfig
      3. Starting and verifying IBM Tivoli Directory Server operation
    2. A basic IBM Tivoli Directory Server server with TDBM
      1. Prepare the z/OS system
      2. DB2 setup for IBM Tivoli Directory Server
      3. Implementing IBM Tivoli Directory Server with dsconfig
      4. Starting and verifying IBM Tivoli Directory Server operation
    3. Set up file-based GDBM to track changes
    4. Set up DB2-based GDBM to track changes
    5. A basic IBM Tivoli Directory Server server with SDBM
    6. Loading the IBM-supplied schema
    7. Loading the IBM-supplied sample.ldif file
    8. Securing the IBM Tivoli Directory Server administration ID
    9. Using CRAM-MD5 and DIGEST-MD5 binds
    10. Enabling SSL authentication (1/3)
    11. Enabling SSL authentication (2/3)
    12. Enabling SSL authentication (3/3)
    13. Password policy implementation (1/2)
    14. Password policy implementation (2/2)
  15. Chapter 10: Using IBM Tivoli Directory Server in a Parallel Sysplex
    1. Setting up the LDBM back end for sysplex
      1. Changes to the configuration file
      2. Starting and verifying operation
    2. Setting up the TDBM server for sysplex
      1. Changes to the configuration file
      2. Starting and verifying operation
    3. Other shared back ends
    4. Setup a shared GDBM to track changes
    5. Set up a shared CDBM for advanced replication and password policy
  16. Chapter 11: Replication
    1. Basic Replication
      1. Master - replica topology
      2. Peer to peer topology (1/2)
      3. Peer to peer topology (2/2)
    2. Advanced Replication
      1. Major replication topologies
      2. Configuring replication topologies
      3. Master-Replica replication configuration in advanced replication.
      4. Peer to peer replication topology configuration in advanced replication (1/2)
      5. Peer to peer replication topology configuration in advanced replication (2/2)
  17. Chapter 12: Using LDAP and HCD
    1. Hardware Configuration Definition (HCD) and LDAP
    2. Securing IBM Tivoli Directory Server for z/OS HCD
    3. Configuring HCD and LDAP
      1. Setting up the IBM Tivoli Directory Server for z/OS
      2. Setting up the HCD LDAP plug-in
      3. Integrating the LDAP schema for HCD
    4. Using HCD and LDAP
      1. Authentication
      2. Usage examples
  18. Chapter 13: Monitoring
    1. Server monitoring
      1. Monitor search with scope=sub
    2. Monitoring and managing advanced replication
      1. Showing advanced replication configuration information:
      2. Extended operations related to advanced replication
      3. Monitoring advanced replication status
    3. Using activity logging
    4. Operations monitor
    5. Audit logging
  19. Chapter 14: Debugging
    1. Overview
    2. Debugging problems
      1. Debugging configuration problems
      2. Using server debug modes
      3. Using CTRACE in-memory records
  20. Part 4: Appendixes
  21. Appendix A: Sample plug-in code
    1. Source code for plugin_sample.c (1/3)
    2. Source code for plugin_sample.c (2/3)
    3. Source code for plugin_sample.c (3/3)
  22. Appendix B: Sample C code
    1. Description of sample code (1/2)
    2. Description of sample code (2/2)
  23. Related publications
    1. IBM Redbooks
    2. Other publications
    3. Online resources
    4. How to get Redbooks
    5. Help from IBM
  24. Index (1/2)
  25. Index (2/2)
  26. Back cover

Product information

  • Title: IBM Tivoli Directory Server for z/OS
  • Author(s): Karan Singh, Corey C Bryant, Jonathan Cottrell, Gillian Gainsford, Saheem Granados, Robert Green, Diane Lia, Nilesh T Patel, John M Walsh
  • Release date: June 2011
  • Publisher(s): IBM Redbooks
  • ISBN: None