Understanding and Deploying LDAP Directory Services, Second Edition

Table of contents

1. Copyright
   1. Dedication
2. Preface
   1. The Book's Organization
   2. The Book's Audience
   3. Conventions Used in This Book
   4. Contacting Us
3. Acknowledgments
4. About the Authors
5. I. Introduction to Directory Services and LDAP
   1. 1. Directory Services Overview and History
      1. What a Directory Is
         1. Directories Are Dynamic
         2. Directories Are Flexible
            1. Flexible Content
            2. Flexible Organization
         3. Directories Can Be Secure
         4. Directories Can Be Personalized
         5. Directory Described
            1. Read-to-Write Ratio
            2. Information Extensibility
            3. Data Distribution
            4. Data Replication
            5. Performance
            6. Standards and Interoperability
            7. Transactions and Join
            8. Directory Description Summary
      2. What a Directory Can Do for You
         1. Finding Things
         2. Managing Things
         3. Lightweight Database Applications
         4. Security Applications
      3. What a Directory Is Not
         1. Directories versus Databases
         2. Directories versus File Systems
         3. Directories versus Web Servers
         4. Directories versus FTP Servers
         5. Directories versus DNS Servers
         6. The Complementary Directory
      4. The History and Origins of LDAP
         1. The Dawn of Standard Directories: X.500
            1. X.500 Innovations
            2. X.500 Flaws
            3. Early X.500 Implementations and Pilots
         2. The Creation and Rise of LDAP
            1. Forerunners of LDAP: DIXIE and DAS
            2. The Creation of LDAP
            3. LDAP Innovations
            4. Early LDAP Implementations
            5. LDAP as a Standalone Directory Service
            6. LDAP Momentum
            7. LDAP Version 3 Developed
         3. The Key Advantages of LDAP
      5. Further Reading
         1. Bibliography
      6. Looking Ahead
   2. 2. Introduction to LDAP
      1. What Is LDAP?
         1. The LDAP Protocol
            1. The LDAP Protocol Operations
            2. LDAP Extensibility
         2. The LDAP Protocol on the Wire
      2. The LDAP Models
         1. The LDAP Information Model
            1. Entries, Attributes, and Values
            2. Maintaining Order: Directory Schemas
         2. The LDAP Naming Model
            1. Why Is Naming Important?
            2. Multivalued RDNs, and Why You Should Avoid Using Them
            3. Escaping
            4. Aliases
         3. The LDAP Functional Model
            1. The LDAP Interrogation Operations
               1. The LDAP Search Operation
                  1. Base Object
                  2. Search Scope
                  3. Alias Dereferencing Options
                  4. Size Limit
                  5. Time Limit
                  6. Attributes-Only Parameter
                  7. Search Filter
                  8. List of Attributes to Return
               2. The LDAP Search Filters
                  1. Equality Filters
                  2. Substring Filters
                  3. Approximate Filters
                  4. “Greater Than or Equal To” and “Less Than or Equal To” Filters
                  5. Presence Filters
                  6. Extensible Matching
                  7. Negation
                  8. Combining Filter Terms
                  9. Escaping in Search Filters
                  10. Common Types of Searches
                  11. Hiding LDAP Filters from Users
               3. The Compare Operation
            2. The LDAP Update Operations
               1. The Add Operation
               2. The Delete Operation
               3. The Rename (Modify DN) Operation
               4. The Modify Operation
            3. The LDAP Authentication and Control Operations
               1. The Bind Operation
               2. The Unbind Operation
               3. The Abandon Operation
         4. The LDAP Security Model
            1. LDAPv3 Authentication Methods
            2. Access Control Models
            3. Transport Layer Security (TLS)
      3. LDIF
         1. LDIF Representation of Directory Entries
         2. LDIF Update Statements
            1. Adding a New Entry
            2. Deleting an Entry
            3. Modifying an Entry
            4. Renaming and/or Moving an Entry
      4. LDAP Server Software
      5. LDAP Command-Line Utilities
         1. The ldapsearch Command-Line Utility
            1. Retrieving a Single Entry
            2. Binding (Authenticating)
            3. Retrieving Only Certain Attributes
            4. More Complex Filters
            5. Using SSL to Search the Directory
            6. ldapsearch Command-Line Option Reference
         2. The ldapmodify Command-Line Utility
            1. Adding Entries
            2. Continuous Mode (–c) and Rejects File (–e) Options
            3. ldapmodify Command-Line Option Reference
      6. LDAP APIs
         1. Overview of the LDAP C API
         2. Other LDAP APIs
      7. LDAP and Internationalization
      8. LDAP Overview Checklist
      9. Further Reading
         1. Bibliography
      10. Looking Ahead
   3. 3. LDAPv3 Extensions
      1. How LDAPv3 Is Extended
         1. LDAP Controls
         2. LDAP Extended Operations
         3. SASL Authentication Mechanisms
      2. The Root DSE and Extension Discovery
      3. Selected LDAPv3 Extensions
         1. The ManageDSAIT Control
         2. The Persistent Search Request and Entry Change Notification Response Controls
         3. The Server-Side Sorting Request and Response Controls
         4. The Virtual List View Request and Response Controls
         5. The Proxied Authorization Control
         6. Password Expiration Controls
         7. Bulk Import Extended Operations
         8. The EXTERNAL SASL Mechanism
            1. SDK Support
         9. The DIGEST-MD5 SASL Mechanism
      4. Future Directions: Where Is LDAP Headed Next?
         1. Increased Integration into Operating Systems and Infrastructure Middleware
         2. Emerging Standards Work
            1. An Update to the LDAP Standard
            2. Access Control Model for LDAP
            3. LDAP Client Update Protocol (LCUP)
         3. Other LDAP-Related Standards Work
         4. LDAP and XML
         5. DSML
      5. LDAP Extensions and Future Directions Checklists
      6. Further Reading
         1. Bibliography
      7. Looking Ahead
   4. 4. Overview of Netscape Directory Server
      1. Basic Installation
         1. Extracting and Starting the Setup Program
         2. Answering Installation Questions
         3. Completing the Installation and Loading Sample Data
      2. A Brief Hands-on Tour of Netscape Directory Server
         1. Searching
         2. Manipulating Netscape Directory Server Databases
         3. Controlling Access to Directory Data
         4. Changing the Server Configuration Using LDAP
      3. Product Focus and Feature Set
         1. Origin
         2. Product Focus
         3. Feature Set
      4. Extending the Netscape Server: A Simple Plug-in Example
         1. Problem Statement
         2. The Design of the Value Constraint Plug-In
         3. The Source Code for the Value Constraint Plug-In
         4. Compiling and Installing the Value Constraint Plug-In
         5. The Resulting Server Behavior
         6. Ideas for Improvement
      5. Further Reading
         1. Bibliography
      6. Looking Ahead
6. II. Designing Your Directory Service
   1. 5. Directory Design Road Map
      1. The Directory Life Cycle
         1. Design
         2. Deployment
         3. Maintenance
      2. Directory Design Checklist
      3. Further Reading
         1. Bibliography
      4. Looking Ahead
   2. 6. Defining Your Directory Needs
      1. Overview of the Directory Needs Definition Process
         1. Step 1: Analyze Your Environment
         2. Step 2: Determine and Prioritize Needs
         3. Step 3: Choose an Overall Directory Design and Deployment Approach
         4. Step 4: Set Goals and Milestones
      2. Analyzing Your Environment
         1. Organizational Structure and Geography
         2. Computer Systems
         3. The Network
         4. Application Software
      3. Determining and Prioritizing Application Needs
         1. Data
         2. Performance
         3. Level of Service
         4. Security
         5. Prioritizing Application Needs
      4. Determining and Prioritizing Users' Needs and Expectations
         1. Asking Your Users
         2. Accuracy and Completeness of Data
         3. Privacy
         4. Audience
         5. The Relationship of User Needs to Application Needs
         6. Prioritizing Your Users' Needs
      5. Determining and Prioritizing Deployment Constraints
         1. Resources
         2. Openness of the Process
         3. Skills of the Directory System Designers
         4. Skills and Needs of System Administrators
         5. The Political Climate
         6. Prioritizing Your Deployment Constraints
      6. Determining and Prioritizing Other Environmental Constraints
         1. Hardware and Software
         2. The Network
         3. Criticality of Service
         4. Security
         5. Coexistence with Other Databases and Directories
         6. Prioritizing Your Environmental Constraints
      7. Choosing an Overall Directory Design and Deployment Approach
         1. Match the Prevailing Philosophy
         2. Take Constraints into Account
         3. Favor Simple over Complex
         4. Focus on the Most Important Needs
      8. Setting Some Goals and Milestones
         1. Goals
         2. Milestones
         3. Recommendations for Setting Goals and Milestones
      9. Defining Your Directory Needs Checklist
      10. Further Reading
          1. Bibliography
      11. Looking Ahead
   3. 7. Data Design
      1. Data Design Overview
      2. Common Data-Related Problems
      3. Creating a Data Policy Statement
      4. Identifying Which Data Elements You Need
      5. General Characteristics of Data Elements
         1. Format
         2. The Size of Each Data Value
         3. The Number of Distinct Data Values
         4. Data Ownership and Restrictions
         5. Consumers
         6. Frequency of Changes in Values: Dynamic or Static?
         7. Range of Applicability: Shared or Application-Specific?
         8. Relationships with Other Data Elements
         9. A Data Element Characteristics Example
         10. Analyzing Data Elements
      6. Sources of Data
         1. Other Directory Services and Network Operating Systems
         2. Databases
         3. Files
         4. Applications
         5. Administrators
         6. End Users
      7. Maintaining Good Relationships with Other Data Sources
         1. Replication
         2. Synchronization
         3. Batch Updates
         4. Political Considerations
      8. Data Design Checklist
      9. Further Reading
         1. Bibliography
      10. Looking Ahead
   4. 8. Schema Design
      1. The Purpose of a Schema
      2. Elements of LDAP Schemas
         1. Attributes
            1. An Attribute Type Example
            2. Attribute Hierarchies
            3. Attribute Syntaxes
            4. Matching Rules
         2. Object Classes
            1. An Object Class Example
            2. The Presence of Multiple-Object Classes
            3. Object Class Inheritance
            4. The LDAPv3 extensibleObject Object Class
         3. Schema Element Summary
      3. Directory Schema Formats
         1. The LDAPv3 Schema Format
            1. LDAPv3 Attribute Type Definitions
            2. LDAPv3 Object Class Definitions
         2. The ASN.1 Schema Format
            1. ASN.1 Attribute Type Definitions
            2. ASN.1 Object Class Definitions
      4. The Schema-Checking Process
         1. Schema-Checking Examples
      5. Schema Design Overview
         1. A Few Words about Schema Configuration
         2. The Relationship of Schema Design to Data Design
         3. Let's Call the Whole Thing Off
      6. Sources of Predefined Schemas
         1. Directory-Enabled Applications
         2. Standard Schemas
         3. Schemas Provided by Directory Vendors
         4. Adding a Schema to an Installed Directory Server
      7. Defining New Schema Elements
         1. Choosing Names for New Attribute Types and Object Classes
         2. Obtaining and Assigning Object Identifiers
         3. Modifying Existing Schema Elements
         4. Subclassing an Existing Object Class
         5. Adding Auxiliary Information to a Directory Object
         6. Accommodating New Types of Objects
         7. Tips for Defining New Schemas
      8. Documenting and Publishing Your Schemas
      9. Schema Maintenance and Evolution
         1. Establishing a Schema Review Board
         2. Granting Permission to Change the Schema Configuration
         3. Changing Existing Schemas
         4. Upgrading Directory Service Software
      10. Schema Design Checklist
      11. Further Reading
          1. Bibliography
      12. Looking Ahead
   5. 9. Namespace Design
      1. The Structure of a Namespace
      2. The Purposes of a Namespace
      3. Analyzing Your Namespace Needs
         1. Choosing a Suffix
         2. Flat and Hierarchical Schemes
         3. Naming Attributes
            1. Naming Entries by Using Existing Unique Names
            2. Naming Entries by Constructing New Unique Identifiers
         4. Application Considerations
         5. Administrative Considerations of Naming Attributes and RDNs
         6. Privacy Considerations
         7. Anticipating the Future
      4. Examples of Namespaces
         1. Flat Namespace Examples
         2. Hierarchical Namespace Examples
      5. Namespace Design Checklist
      6. Further Reading
         1. Bibliography
      7. Looking Ahead
   6. 10. Topology Design
      1. Directory Topology Overview
         1. Definition of a Partition
      2. Gluing the Directory Together: Knowledge References
         1. Name Resolution in the Distributed Directory
            1. Handling Distribution in the Client: LDAP Referrals and Search Result Continuation References
               1. The Structure of LDAP Referrals and Search Result Continuation References
            2. Handling Distribution in the Server: Chaining
            3. Deciding between Client-Side and Server-Side Processing of Knowledge Reference Information
         2. Configuring a Distributed Directory
            1. Configuring Distribution with Netscape Directory Server 6
               1. Configuring Distribution with Client-Side Processing
               2. Configuring Distribution with Server-Side Processing
      3. Authentication in a Distributed Directory
         1. Security Implications
      4. Advantages and Disadvantages of Partitioning
      5. Designing Your Directory Server Topology
         1. Step 1: Inventory Your Directory-Enabled Applications
         2. Step 2: Understand Your Directory Server Software and Its Capabilities
         3. Step 3: Create a Map of Your Physical Network
         4. Step 4: Review Your Directory Namespace Design
         5. Step 5: Consider Political Constraints
         6. Directory Partition Design Examples
            1. A Single-Partition Directory Design Example
               1. Background
               2. Inventory of Directory-Enabled Applications
               3. Capabilities of Directory Software
               4. Physical Network Topology
               5. Namespace Design
               6. Conclusions
            2. A Multiple-Partition Directory Design Example
               1. Background
               2. Inventory of Directory-Enabled Applications
               3. Capabilities of Directory Software
               4. Physical Network Topology
               5. Namespace Design
               6. Conclusions
      6. Topology Design Checklist
      7. Further Reading
         1. Bibliography
      8. Looking Ahead
   7. 11. Replication Design
      1. Why Replicate?
      2. Replication Concepts
         1. Suppliers, Consumers, and Replication Agreements
         2. The Unit of Replication
         3. Consistency and Convergence
         4. Incremental and Total Updates
            1. The Netscape Directory Server 6 Update Process
         5. Initial Population of a Replica
         6. Replication Strategies
            1. Single-Master Replication
            2. Multimaster Replication
               1. Conflict Resolution
                  1. Sequence Numbers
                  2. Granularity
                  3. Unique Identifiers
                  4. Client Updates versus Replica Updates
                  5. Replica Update Vectors
               2. Update Resolution Policies
                  1. Entry Naming Conflicts
                  2. Conflicts Involving Deleted Entries
                  3. Conflicts Involving Single-Value Constraints
         7. Replication Protocols
      3. Advanced Replication Features
         1. Replicating a Subset of Directory Information
         2. Active Directory GC Servers
         3. Scheduling Replication
         4. Scheduling Update Latency by Attribute Type
         5. Schemas and Replication
         6. Access Control and Replication
      4. Designing Your Directory Replication System
         1. Designing for Maximum Reliability
         2. Designing for Maximum Performance
         3. Other Considerations
         4. Choosing Replication Solutions
      5. Replication Design Checklist
      6. Further Reading
         1. Bibliography
      7. Looking Ahead
   8. 12. Privacy and Security Design
      1. Security Guidelines
      2. The Purpose of Security
      3. Security Threats
         1. Unauthorized Access
         2. Unauthorized Tampering
         3. Denial-of-Service Attacks
      4. Security Tools
      5. Analyzing Your Security and Privacy Needs
         1. Directory Requirements
            1. Read or Write
            2. Sensitivity of Data
            3. Replication and Synchronization
            4. Administration
         2. Understanding Your Environment
            1. The User Community
            2. Directory Accessibility
            3. The Network Environment
            4. Physical Security
         3. Understanding Your Users
         4. Understanding Your Corporate Policies and Applicable Laws
      6. Designing for Security
         1. Authentication
         2. Access Control
            1. Overview of Access Control Models
            2. Implementing an Access Control Policy
               1. ACL Example 1
               2. ACL Example 2
               3. ACL Example 3
            3. ACL Placement
         3. Information Privacy and Integrity
         4. Administrative Security
         5. Respecting Your Users' Privacy
         6. Security versus Deployability
      7. Privacy and Security Design Checklist
      8. Further Reading
         1. Bibliography
      9. Looking Ahead
7. III. Deploying Your Directory Service
   1. 13. Evaluating Directory Products
      1. Making the Right Product Choice
      2. Categories of Directory Software
         1. NOS Applications
         2. Intranet Applications
         3. Extranet Applications
         4. Internet-Facing Hosted Applications
         5. Lightweight Database Applications
      3. Evaluation Criteria for Directory Software
         1. Core Features
         2. Management Features
         3. Reliability
         4. Performance and Scalability
         5. Security
         6. Standards Compliance
         7. Interoperability
         8. Cost
         9. Flexibility and Extensibility
         10. Other Considerations
         11. An Evaluation Criteria Example
      4. Reaching a Decision
         1. Gathering Basic Product Information
         2. Quizzing the Software Vendors
         3. Challenging the Vendors to Show What Their Products Can Do
         4. Conducting a Directory Services Pilot
         5. Negotiating the Best Possible Deal
      5. Evaluating Directory Products Checklist
      6. Further Reading
         1. Bibliography
      7. Looking Ahead
   2. 14. Piloting Your Directory Service
      1. A Piloting Road Map
         1. Prepilot Testing
         2. Defining Your Goals
         3. Defining Your Scope and Time Line
         4. Developing Documentation and Training Materials
         5. Selecting Your Users
         6. Setting Up Your Environment
         7. Rolling Out the Pilot
         8. Collecting Feedback
         9. Scaling Up the Pilot
         10. Applying What You've Learned
      2. Piloting Your Directory Service Checklist
      3. Looking Ahead
   3. 15. Analyzing and Reducing Costs
      1. The Politics of Costs
      2. Reducing Costs
         1. General Principles of Cost Reduction
      3. Design, Piloting, and Deployment Costs
         1. Design Costs
            1. Reducing Design Costs
         2. Piloting Costs
            1. Reducing Piloting Costs
         3. Deployment Hardware Costs
            1. Reducing Deployment Hardware Costs
         4. Deployment Software Costs
            1. Reducing Deployment Software Costs
      4. Ongoing Costs of Providing Your Directory Service
         1. Software Upgrade Costs
            1. Reducing Software Upgrade Costs
         2. Hardware Upgrade and Replacement Costs
            1. Reducing Hardware Upgrade and Replacement Costs
         3. Monitoring Costs
            1. Reducing Monitoring Costs
         4. Data Maintenance Costs
            1. Reducing Data Maintenance Costs
         5. Backup and Restore Costs
            1. Reducing Backup and Restore Costs
         6. Disaster Recovery Plan Costs
            1. Reducing Disaster Recovery Plan Costs
         7. Support and Training Costs
            1. Reducing Support and Training Costs
         8. Support and Maintenance Contract Costs
            1. Reducing Support and Maintenance Contract Costs
         9. Costs of Adding New Directory-Enabled Applications
            1. Reducing Costs of Adding New Directory-Enabled Applications
      5. Analyzing and Reducing Costs Checklist
      6. Further Reading
         1. Bibliography
      7. Looking Ahead
   4. 16. Putting Your Directory Service into Production
      1. Creating a Plan for Putting Your Directory Service into Production
         1. List the Resources Needed for the Rollout
         2. Create a List of Prerequisite Tasks
         3. Create a Detailed Rollout Plan
         4. Develop Criteria for Success
         5. Create a Publicity and Marketing Plan
      2. Advice for Putting Your Directory Service into Production
         1. Don't Jump the Gun
         2. Maintain Focus
         3. Adopt an Incremental Approach
         4. Prepare Yourself Well
      3. Executing Your Plan
      4. Putting Your Directory Service into Production Checklist
      5. Looking Ahead
8. IV. Maintaining Your Directory Service
   1. 17. Backups and Disaster Recovery
      1. Backup and Restore Procedures
         1. Backing Up and Restoring Directory Data Using Traditional Techniques
            1. Restoring Directory Data from a Snapshot
            2. Backing Up to LDIF Files
            3. Restoring Data from LDIF Files
         2. Other Things to Back Up
         3. Using Replication for Backup and Restore
         4. Using Replication and Traditional Backup Techniques Together
         5. Safeguarding Your Backups
         6. Verifying Your Backups
      2. Disaster Planning and Recovery
         1. Types of Disasters
         2. Developing a Directory Disaster Recovery Plan
            1. Step 1: Perform a Risk Assessment, and Rank the Risks from Most Likely to Least Likely
            2. Step 2: Understand the Business Implications of Each Type of Risk
            3. Step 3: Design and Implement the Recovery Solution
            4. Step 4: Periodically Review and Update the Plan
      3. Directory-Specific Issues in Disaster Recovery
      4. Backups and Disaster Recovery Checklist
      5. Further Reading
         1. Bibliography
      6. Looking Ahead
   2. 18. Maintaining Data
      1. The Importance of Data Maintenance
      2. The Data Maintenance Policy
         1. Application-Maintained Data
         2. Centrally Maintained Data
         3. User-Maintained Data
            1. Update-Capable Clients
            2. Authentication and Security
            3. Training and Support Costs
            4. System Effects
            5. Data Validation
      3. Handling New Data Sources
      4. Handling Exceptions
      5. Checking Data Quality
         1. Methods of Checking Quality
         2. Implications of Checking Quality
         3. Correcting Bad Data
      6. Maintaining Data Checklist
      7. Further Reading
         1. Bibliography
      8. Looking Ahead
   3. 19. Monitoring
      1. Introduction to Monitoring
         1. Methods of Monitoring
         2. General Monitoring Principles
            1. Monitor Unobtrusively
            2. One Failure Can Cause Other Failures
            3. Keep a Problem History
            4. Have a Plan
      2. Selecting and Developing Monitoring Tools
         1. Monitoring Your Directory with SNMP and an NMS
            1. Introduction to SNMP
            2. Directory Servers and the Directory Server Monitoring MIB
            3. Monitoring Your Directory Server Using Host-Based SNMP Agents
         2. Monitoring Your Directory with Custom Probing Tools
            1. Log File Analysis
            2. Operating System Performance Data
            3. Monitoring Synchronization Processes and Data Quality
            4. Indirect Monitoring
      3. Notification Techniques
         1. Basic Notification Principles
         2. Notification Methods
         3. Testing Your Notification System
      4. Taking Action
         1. Planning Your Course of Action
         2. Minimizing the Effect
         3. Understanding the Root Cause
         4. Correcting the Problem
         5. Documenting What Happened
      5. A Sample Directory Monitoring Utility
      6. Performance Analysis
         1. Obtaining Raw Usage Data
            1. Directory Server Access Logs
            2. Operating System Logs
         2. Digesting and Analyzing Raw Performance Data
         3. Drawing Conclusions
            1. Spotting Problems
            2. Spotting Trends
      7. Monitoring Checklist
      8. Further Reading
         1. Bibliography
      9. Looking Ahead
   4. 20. Troubleshooting
      1. Discovering Problems
      2. Types of Problems
         1. Directory Outages
            1. Causes
            2. Implications
            3. Resolution
         2. Performance Problems
            1. Causes
            2. Implications
            3. Resolution
         3. Problems with Directory Data
            1. Causes
            2. Implications
            3. Resolution
         4. Security Problems
            1. Causes
            2. Implications
            3. Resolution
      3. Troubleshooting and Resolving Problems
         1. Step 1: Assess the Problem, and Inform Affected Persons
         2. Step 2: Contain the Damage
         3. Step 3: Put the System Back into Service by Applying a Short-Term Fix
         4. Step 4: Fully Understand the Problem, and Devise a Long-Term Fix
         5. Step 5: Implement the Long-Term Fix, and Take Steps to Prevent the Problem from Recurring
         6. Step 6: Arrange to Monitor for the Problem
         7. Step 7: Document What Happened
      4. Troubleshooting Checklist
         1. Directory Outages
         2. Performance Problems
         3. Problems with Directory Data
         4. Security Problems
      5. Further Reading
         1. Bibliography
      6. Looking Ahead
9. V. Leveraging Your Directory Service
   1. 21. Developing New Applications
      1. Reasons to Develop Directory-Enabled Applications
         1. Lowering Your Data Management Costs
         2. Adapting the Directory to Fit Your Organization
         3. Saving on Deployment and Maintenance Costs
         4. Creating Entirely New Kinds of Applications
         5. When It Does Not Make Sense to Directory-Enable
      2. Common Ways That Applications Use Directories
         1. Locating and Sharing Information
         2. Verifying Authentication Credentials
         3. Aiding the Deployment of Other Services
         4. Making Access Control Decisions
         5. Enabling Location Independence
      3. Tools for Developing LDAP Applications
         1. LDAP SDKs
         2. LDAP Command-Line Tools
         3. LDAP Tag Libraries for Web Development
         4. Directory-Agnostic SDKs
      4. Advice for LDAP Application Developers
         1. Striving to Fit In
         2. Communicating Your Application's Directory Needs
         3. Designing for Good Performance and Scalability
         4. Developing a Prototype and Conducting a Pilot
         5. Leveraging Existing Code
         6. Avoiding Common Mistakes
      5. Example 1: setpwd, a Password-Resetting Utility
         1. Directory Use
         2. The Help Desk Staff's Experience
         3. The Source Code
         4. Ideas for Improvement
      6. Example 2: SimpleSite, a Web Site with User Profile Storage
         1. Directory Use
         2. The User Experience
         3. The Source Code
         4. Ideas for Improvement
      7. Developing New Applications Checklist
      8. Further Reading
         1. Bibliography
      9. Looking Ahead
   2. 22. Directory-Enabling Existing Applications
      1. Reasons to Directory-Enable Existing Applications
         1. Enabling New Features in Applications
         2. Lowering Data Management Costs
         3. Simplifying Life for End Users
         4. Bringing the Directory Service to Your End Users
      2. Advice for Directory-Enabling Existing Applications
         1. Hide the Directory Integration
         2. Make the New Directory Capabilities Visible
         3. Use a Protocol Gateway to Achieve Integration
         4. Avoid Problematic Architectural Choices
         5. Consider How the Directory Service Will Be Affected
         6. Plan for a Smooth Transition
         7. Be Creative, and Consider All Your Options
      3. Example 1: A Directory-Enabled finger Service
         1. The Integration Approach
         2. Directory Use
         3. The End-User Experience
         4. The Source Code
         5. Ideas for Improvement
      4. Example 2: Adding LDAP Address Lookup to an E-Mail Client
         1. The Integration Approach
         2. The End-User Experience
         3. The Source Code
         4. Ideas for Improvement
      5. Directory-Enabling Existing Applications Checklist
      6. Further Reading
         1. Bibliography
      7. Looking Ahead
   3. 23. Directory Coexistence
      1. Why Is Coexistence Important?
      2. Coexistence Techniques
         1. Migration
         2. One-Way Synchronization
         3. Two-Way Synchronization
         4. N-Way Join
         5. Virtual Directory
         6. Data Translation
      3. Privacy and Security Considerations
         1. The Join Attribute
         2. Data Transport
         3. Data Source Security
      4. Determining Your Coexistence Requirements
      5. Directory Coexistence Implementation Considerations
         1. Implementation Options
         2. Performance Implications
         3. Directory Coexistence Tools
         4. Tuning and Troubleshooting
         5. Monitoring and Caring for Your Coexistence Solution
      6. Example: The ldapsync Tool: One-Way Synchronization with Join
         1. How It Works
         2. Usage Examples
         3. The Source Code
         4. Ideas for Improvement
      7. Directory Coexistence Checklist
      8. Further Reading
         1. Bibliography
      9. Looking Ahead
10. VI. Case Studies
    1. 24. Case Study: Netscape Communications Corporation
       1. Overview of the Organization
       2. Directory Drivers
       3. Directory Service Design
          1. Needs
          2. Data
          3. Schema
          4. Namespace
          5. Topology
          6. Replication
          7. Privacy and Security
       4. Directory Service Deployment
          1. Product Choice
          2. Piloting
          3. Putting Your Directory Service into Production
       5. Directory Service Maintenance
          1. Data Backups and Disaster Recovery
          2. Maintaining Data
             1. The Windows NT Domain User and Group Database
             2. NIS
             3. PeopleSoft
             4. Data Whose Authoritative Source Is the Directory Itself
          3. Monitoring
       6. Leveraging the Directory Service
          1. Directory Deployment Impact
       7. Summary and Lessons Learned
       8. Further Reading
          1. Bibliography
       9. Looking Ahead
    2. 25. Case Study: A Large Multinational Enterprise
       1. Overview of the Organization
       2. Directory Drivers
       3. Directory Service Design
          1. Needs
          2. Data
          3. Schema
          4. Namespace
          5. Topology
          6. Replication
          7. Privacy and Security
       4. Directory Service Deployment
          1. Product Choice
          2. Piloting
          3. Analyzing and Reducing Costs
          4. Putting the Directory Service into Production
       5. Directory Service Maintenance
          1. Data Backups and Disaster Recovery
          2. Maintaining Data
          3. Monitoring
          4. Troubleshooting
       6. Leveraging the Directory Service
          1. Applications
          2. Directory Deployment Impact
       7. Summary and Lessons Learned
       8. Further Reading
          1. Bibliography
       9. Looking Ahead
    3. 26. Case Study: An Enterprise with an Extranet
       1. Overview of the Organization
       2. Directory Drivers
       3. Directory Service Design
          1. Needs
          2. Data
          3. Schema
          4. Namespace
          5. Topology
          6. Replication
          7. Privacy and Security
             1. Access Control
             2. Protection against Attack
       4. Directory Service Deployment
          1. Product Choice
          2. Piloting
          3. Putting Your Directory Service into Production
       5. Directory Service Maintenance
          1. Data Backups and Disaster Recovery
          2. Maintaining Data
          3. Monitoring
          4. Troubleshooting
       6. Leveraging the Directory Service
          1. Directory Deployment Impact
       7. Summary and Lessons Learned
       8. Looking Ahead