Book description
Lightweight Directory Access Protocol (LDAP) is the standard for directory information access and is the underlying protocol for a variety of email systems, Web systems, and enterprise applications. LDAP enables central management of users, groups, devices, and other data, thereby simplifying directory management and reducing the total cost of ownership. Understanding and Deploying LDAP Directory Services, written by the creators of the protocol, is known as the LDAP bible and is the classic text for learning about LDAP and how to utilize it effectively. The Second Edition builds on this success by acting as an exhaustive resource for designing, deploying, and maintaining LDAP directory services. Topics such as implementation pitfalls, establishing and maintaining user access to information, troubleshooting, and real-world scenarios will be thoroughly explored.
Table of contents
- Copyright
- Preface
- Acknowledgments
- About the Authors
-
I. Introduction to Directory Services and LDAP
-
1. Directory Services Overview and History
- What a Directory Is
- What a Directory Can Do for You
- What a Directory Is Not
- The History and Origins of LDAP
- Further Reading
- Looking Ahead
-
2. Introduction to LDAP
- What Is LDAP?
- The LDAP Models
- LDIF
- LDAP Server Software
- LDAP Command-Line Utilities
- LDAP APIs
- LDAP and Internationalization
- LDAP Overview Checklist
- Further Reading
- Looking Ahead
-
3. LDAPv3 Extensions
- How LDAPv3 Is Extended
- The Root DSE and Extension Discovery
-
Selected LDAPv3 Extensions
- The ManageDSAIT Control
- The Persistent Search Request and Entry Change Notification Response Controls
- The Server-Side Sorting Request and Response Controls
- The Virtual List View Request and Response Controls
- The Proxied Authorization Control
- Password Expiration Controls
- Bulk Import Extended Operations
- The EXTERNAL SASL Mechanism
- The DIGEST-MD5 SASL Mechanism
- Future Directions: Where Is LDAP Headed Next?
- LDAP Extensions and Future Directions Checklists
- Further Reading
- Looking Ahead
- 4. Overview of Netscape Directory Server
-
1. Directory Services Overview and History
-
II. Designing Your Directory Service
- 5. Directory Design Road Map
-
6. Defining Your Directory Needs
- Overview of the Directory Needs Definition Process
- Analyzing Your Environment
- Determining and Prioritizing Application Needs
- Determining and Prioritizing Users' Needs and Expectations
- Determining and Prioritizing Deployment Constraints
- Determining and Prioritizing Other Environmental Constraints
- Choosing an Overall Directory Design and Deployment Approach
- Setting Some Goals and Milestones
- Defining Your Directory Needs Checklist
- Further Reading
- Looking Ahead
-
7. Data Design
- Data Design Overview
- Common Data-Related Problems
- Creating a Data Policy Statement
- Identifying Which Data Elements You Need
-
General Characteristics of Data Elements
- Format
- The Size of Each Data Value
- The Number of Distinct Data Values
- Data Ownership and Restrictions
- Consumers
- Frequency of Changes in Values: Dynamic or Static?
- Range of Applicability: Shared or Application-Specific?
- Relationships with Other Data Elements
- A Data Element Characteristics Example
- Analyzing Data Elements
- Sources of Data
- Maintaining Good Relationships with Other Data Sources
- Data Design Checklist
- Further Reading
- Looking Ahead
-
8. Schema Design
- The Purpose of a Schema
- Elements of LDAP Schemas
- Directory Schema Formats
- The Schema-Checking Process
- Schema Design Overview
- Sources of Predefined Schemas
- Defining New Schema Elements
- Documenting and Publishing Your Schemas
- Schema Maintenance and Evolution
- Schema Design Checklist
- Further Reading
- Looking Ahead
- 9. Namespace Design
-
10. Topology Design
- Directory Topology Overview
-
Gluing the Directory Together: Knowledge References
- Name Resolution in the Distributed Directory
- Configuring a Distributed Directory
- Authentication in a Distributed Directory
- Advantages and Disadvantages of Partitioning
-
Designing Your Directory Server Topology
- Step 1: Inventory Your Directory-Enabled Applications
- Step 2: Understand Your Directory Server Software and Its Capabilities
- Step 3: Create a Map of Your Physical Network
- Step 4: Review Your Directory Namespace Design
- Step 5: Consider Political Constraints
- Directory Partition Design Examples
- Topology Design Checklist
- Further Reading
- Looking Ahead
-
11. Replication Design
- Why Replicate?
- Replication Concepts
- Advanced Replication Features
- Designing Your Directory Replication System
- Replication Design Checklist
- Further Reading
- Looking Ahead
-
12. Privacy and Security Design
- Security Guidelines
- The Purpose of Security
- Security Threats
- Security Tools
- Analyzing Your Security and Privacy Needs
- Designing for Security
- Privacy and Security Design Checklist
- Further Reading
- Looking Ahead
-
III. Deploying Your Directory Service
- 13. Evaluating Directory Products
- 14. Piloting Your Directory Service
-
15. Analyzing and Reducing Costs
- The Politics of Costs
- Reducing Costs
- Design, Piloting, and Deployment Costs
- Ongoing Costs of Providing Your Directory Service
- Analyzing and Reducing Costs Checklist
- Further Reading
- Looking Ahead
- 16. Putting Your Directory Service into Production
-
IV. Maintaining Your Directory Service
-
17. Backups and Disaster Recovery
- Backup and Restore Procedures
- Disaster Planning and Recovery
- Directory-Specific Issues in Disaster Recovery
- Backups and Disaster Recovery Checklist
- Further Reading
- Looking Ahead
- 18. Maintaining Data
-
19. Monitoring
- Introduction to Monitoring
- Selecting and Developing Monitoring Tools
- Notification Techniques
- Taking Action
- A Sample Directory Monitoring Utility
- Performance Analysis
- Monitoring Checklist
- Further Reading
- Looking Ahead
-
20. Troubleshooting
- Discovering Problems
- Types of Problems
-
Troubleshooting and Resolving Problems
- Step 1: Assess the Problem, and Inform Affected Persons
- Step 2: Contain the Damage
- Step 3: Put the System Back into Service by Applying a Short-Term Fix
- Step 4: Fully Understand the Problem, and Devise a Long-Term Fix
- Step 5: Implement the Long-Term Fix, and Take Steps to Prevent the Problem from Recurring
- Step 6: Arrange to Monitor for the Problem
- Step 7: Document What Happened
- Troubleshooting Checklist
- Further Reading
- Looking Ahead
-
17. Backups and Disaster Recovery
-
V. Leveraging Your Directory Service
-
21. Developing New Applications
- Reasons to Develop Directory-Enabled Applications
- Common Ways That Applications Use Directories
- Tools for Developing LDAP Applications
- Advice for LDAP Application Developers
- Example 1: setpwd, a Password-Resetting Utility
- Example 2: SimpleSite, a Web Site with User Profile Storage
- Developing New Applications Checklist
- Further Reading
- Looking Ahead
- 22. Directory-Enabling Existing Applications
-
23. Directory Coexistence
- Why Is Coexistence Important?
- Coexistence Techniques
- Privacy and Security Considerations
- Determining Your Coexistence Requirements
- Directory Coexistence Implementation Considerations
- Example: The ldapsync Tool: One-Way Synchronization with Join
- Directory Coexistence Checklist
- Further Reading
- Looking Ahead
-
21. Developing New Applications
-
VI. Case Studies
- 24. Case Study: Netscape Communications Corporation
- 25. Case Study: A Large Multinational Enterprise
- 26. Case Study: An Enterprise with an Extranet
Product information
- Title: Understanding and Deploying LDAP Directory Services, Second Edition
- Author(s):
- Release date: April 2003
- Publisher(s): Addison-Wesley Professional
- ISBN: 9780672323164
You might also like
video
Spring Security LDAP Integration and SAML Extension
Spring Security is a Java/Java EE framework that provides authentication, authorization and other security features for …
book
LDAP System Administration
Be more productive and make your life easier. That's what LDAP System Administration is all about.System …
book
LDAP Directories Explained: An Introduction and Analysis
Directory technology promises to solve the problem of decentralized information that has arisen with the explosion …
book
Understanding LDAP - Design and Implementation
Lightweight Directory Access Protocol (LDAP) is a fast-growing technology for accessing common directory information. LDAP has …