Home Page Icon
Home Page
Table of Contents for
Part 1 Directories and LDAP
Close
Part 1 Directories and LDAP
by Chunhui Yang, Michael Storrs, Sunil Ranahandola, Nathan Owen, Richard Macbeth, J
Understanding LDAP - Design and Implementation
Front cover
Notices
Trademarks
Preface
The team that wrote this redbook
Become a published author
Comments welcome
Summary of changes
June 2004, Second Edition
Part 1 Directories and LDAP
Chapter 1. Introduction to LDAP
1.1 Directories
1.1.1 Directory versus database
1.1.2 LDAP: Protocol or directory
1.1.3 Directory clients and servers
1.1.4 Distributed directories
1.2 Advantages of using a directory
1.3 LDAP history and standards
1.3.1 OSI and the Internet
1.3.2 X.500 the Directory Server Standard
1.3.3 Lightweight Access to X.500
1.3.4 Beyond LDAPv3
1.4 Directory components
1.5 LDAP standards
1.6 IBM’s Directory-enabled offerings
1.7 Directory resources on the Web
Chapter 2. LDAP concepts and architecture
2.1 Overview of LDAP architecture
2.2 The informational model
2.2.1 LDIF
2.2.2 LDAP schema
2.3 The naming model
2.3.1 LDAP distinguished name syntax (DNs)
2.3.2 String form
2.3.3 URL form
2.4 Functional model
2.4.1 Query
2.4.2 Referrals and continuation references
2.4.3 Search filter syntax
2.4.4 Compare
2.4.5 Update operations
2.4.6 Authentication operations
2.4.7 Controls and extended operations
2.5 Security model
2.6 Directory security
2.6.1 No authentication
2.6.2 Basic authentication
2.6.3 SASL
2.6.4 SSL and TLS
Chapter 3. Planning your directory
3.1 Defining the directory content
3.1.1 Defining directory requirements
3.2 Data design
3.2.1 Sources for data
3.2.2 Characteristics of data elements
3.2.3 Related data
3.3 Organizing your directory
3.3.1 Schema design
3.3.2 Namespace design
3.3.3 Naming style
3.4 Securing directory entries
3.4.1 Purpose
3.4.2 Analysis of security requirements
3.4.3 Design overview
3.4.4 Authentication design
3.4.5 Authorization design
3.4.6 Non-directory security considerations
3.5 Designing your server and network infrastructure
3.5.1 Availability, scalability, and manageability requirements
3.5.2 Topology design
3.5.3 Replication design
3.5.4 Administration
Part 2 IBM Tivoli Directory Server overview and installation
Chapter 4. IBM Tivoli Directory Server overview
4.1 Definition of ITDS
4.2 ITDS 5.2
4.3 Resources on ITDS
4.4 Summary of ITDS-related chapters
Chapter 5. ITDS installation and basic configuration - Windows
5.1 Installable components
5.2 Installation and configuration checklist
5.3 System and software requirements
5.3.1 ITDS Client
5.3.2 ITDS Server (including client)
5.3.3 Web Administration Tool
5.4 Installing the server
5.4.1 Create a user ID for ITDS
5.4.2 Installing ITDS with the Installshield GUI
5.4.3 Configuring the Administrator DN and password
5.4.4 Configuring the database
5.4.5 Adding a suffix
5.4.6 Removing or reconfiguring a database
5.4.7 Enabling and disabling the change log
5.5 Starting ITDS
Chapter 6. ITDS installation and basic configuration - AIX
6.1 Installable components
6.2 Installation and configuration checklist
6.3 System and software requirements
6.3.1 ITDS Client
6.3.2 ITDS Server (including client)
6.3.3 Web Administration Tool
6.4 Installing the server
6.4.1 Create a user ID for ITDS
6.4.2 Installing ITDS with the Installshield GUI
6.4.3 Configuring the Administrator DN and password
6.4.4 Configuring the database
6.4.5 Adding a suffix
6.4.6 Removing or reconfiguring a database
6.4.7 Enabling and disabling the change log
6.5 Starting ITDS
6.6 Uninstalling ITDS
Chapter 7. ITDS installation and basic configuration on Intel Linux
7.1 Installable components
7.2 Installation and configuration checklist
7.3 System and software requirements
7.3.1 ITDS Client
7.3.2 ITDS Server (including client)
7.3.3 Web Administration Tool
7.4 Installing the server
7.4.1 Create a user ID for ITDS
7.4.2 Installing ITDS with the Installshield GUI
7.4.3 Configuring the Administrator DN and password
7.4.4 Configuring the database
7.4.5 Adding a suffix
7.4.6 Removing or reconfiguring a database
7.4.7 Enabling and disabling the change log
7.5 Starting ITDS
7.6 Quick installation of ITDS 5.2 on Intel (minimal GUI)
7.7 Uninstalling ITDS
7.8 Removing all vestiges of an ITDS 5.2 Install on Intel Linux
Chapter 8. IBM Tivoli Directory Server installation - IBM zSeries
8.1 Installing LDAP on z/OS
8.1.1 Using the ldapcnf utility
8.1.2 Running the MVS jobs
8.1.3 Loading the schema
8.1.4 Enabling Native Authentication
8.2 Migrating data to LDAP on z/OS
8.2.1 Migrating LDAP server contents to z/OS
8.2.2 Moving RACF users to the TDBM space
Part 3 In-depth configuration and tuning
Chapter 9. IBM Tivoli Directory Server Distributed Administration
9.1 Web Administration Tool graphical user interface
9.2 Starting the Web Administration Tool
9.3 Logging on to the console as the console administrator
9.4 Logging on to the console as the server administrator
9.5 Logging on as member of administrative group or as LDAP user
9.6 Logging off the console
9.7 Starting and stopping the server
9.7.1 Using Web Administration
9.7.2 Using the command line or Windows Services icon
9.8 Console layout
9.9 Configuration only mode
9.9.1 Minimum requirements for configuration-only mode
9.9.2 Starting LDAP in configuration-only mode
9.9.3 Verifying the server is in configuration-only mode
9.10 Setting up the console
9.10.1 Managing the console
9.10.2 Creating an administrative group
9.10.3 Enabling and disabling the administrative group
9.10.4 Adding members to the administrative group
9.10.5 Modifying an administrative group member
9.10.6 Removing a member from the administrative group
9.11 ibmslapd command parameters
9.12 Directory administration daemon
9.12.1 The ibmdiradm command
9.12.2 Starting the directory administration daemon
9.12.3 Stopping the directory administration daemon
9.12.4 Administration daemon error log
9.13 The ibmdirctl command
9.14 Manual installation of IBM WAS - Express
9.14.1 Manually installing the Web Administration Tool
9.14.2 Manually uninstalling the Web Administration Tool
9.14.3 Default ports used by IBM WAS - Express
9.15 Installing in WebSphere Version 5.0 or later
Chapter 10. Client tools
10.1 The ldapchangepwd command
10.1.1 Synopsis
10.1.2 Options
10.1.3 Examples
10.1.4 SSL, TLS notes
10.1.5 Diagnostics
10.2 The ldapdelete command
10.2.1 Synopsis
10.2.2 Description
10.2.3 Options
10.2.4 Examples
10.2.5 SSL, TLS notes
10.2.6 Diagnostics
10.3 The ldapexop command
10.3.1 Synopsis
10.3.2 Description
10.3.3 Options
10.4 The ldapmodify and ldapadd commands
10.4.1 Synopsis
10.4.2 Description
10.4.3 Options
10.4.4 Examples
10.4.5 SSL, TLS notes
10.4.6 Diagnostics
10.5 The ldapmodrdn command
10.5.1 Synopsis
10.5.2 Description
10.5.3 Options
10.5.4 Examples
10.5.5 SSL, TLS notes
10.5.6 Diagnostics
10.6 The ldapsearch command
10.6.1 Synopsis
10.6.2 Description
10.6.3 Options
10.6.4 Examples
10.6.5 SSL, TLS notes
10.6.6 Diagnostics
10.7 Summary
Chapter 11. Schema management
11.1 What is the schema
11.1.1 Available schema files
11.1.2 Schema support
11.1.3 OID
11.1.4 Inheritance
11.2 Modifying the schema
11.2.1 IBMAttributetypes
11.2.2 Working with objectclasses
11.2.3 Working with attributes
11.2.4 Disallowed schema changes
11.3 Indexing
11.4 Migrating the schema
11.4.1 Exporting the schema
11.4.2 Importing the schema
11.5 Dynamic schema
Chapter 12. Group and role management
12.1 Groups
12.1.1 Static groups
12.1.2 Dynamic groups
12.1.3 Nested groups
12.1.4 Hybrid groups
12.1.5 Determining group membership
12.1.6 Group object classes
12.1.7 Group attribute types
12.2 Roles
12.3 Summary
Chapter 13. Replication
13.1 General replication concepts
13.1.1 Terminology
13.1.2 How replication functions
13.2 Major replication topologies
13.2.1 Simple master-replica topology
13.2.2 Master-forwarder-replica topology (ITDS 5.2 and later)
13.2.3 GateWay Replication Topology (ITDS 5.2 and later)
13.2.4 Peer replication
13.3 Replication agreements
13.4 Configuring replication topologies
13.4.1 Simple master-replica topology
13.4.2 Using the command line
13.4.3 Promoting a replica to peer/master
13.4.4 Command line for a complex replication
13.5 Web administration tasks for managing replication
13.5.1 Managing topology
13.5.2 Modifying replication properties
13.5.3 Creating replication schedules
13.5.4 Managing queues
13.6 Repairing replication differences between replicas
13.6.1 The ldapdiff command tool
Chapter 14. Access control
14.1 Overview
14.2 ACL model
14.2.1 EntryOwner information
14.2.2 Access Control information
14.3 Access control attribute syntax
14.3.1 Subject
14.3.2 Pseudo DNs
14.3.3 Object filter
14.3.4 Rights
14.3.5 Propagation
14.3.6 Access evaluation
14.3.7 Working with ACLs
14.4 Summary
Chapter 15. Securing the directory
15.1 Directory security
15.2 Authentication
15.2.1 Anonymous authentication
15.2.2 Basic authentication
15.2.3 Authentication using SASL
15.2.4 Kerberos
15.3 Password policy enforcement
15.3.1 Overview
15.4 Password encryption
15.5 SSL/TLS support
15.5.1 Overview of TLS
15.5.2 Overview of SSL
15.5.3 SSL utilities
15.5.4 Configuring SSL security
15.6 Protection against DoS attacks
15.6.1 Non-blocking sockets
15.6.2 Extended operation for killing connections
15.6.3 Emergency thread
15.6.4 Connection reaping
15.6.5 Allow anonymous bind
15.7 Access control
15.8 Summary
Chapter 16. Performance Tuning
16.1 ITDS application components
16.2 ITDS LDAP caches
16.2.1 LDAP caches
16.2.2 LDAP filter cache
16.2.3 Filter cache bypass limits
16.2.4 LDAP entry cache
16.2.5 Measuring filter and entry cache sizes
16.2.6 LDAP ACL Cache
16.2.7 Setting other LDAP cache configuration variables
16.2.8 LDAP Attribute Cache (only on 5.2 and later)
16.2.9 Configuring attribute caching
16.3 Transaction and Event Notification
16.4 Additional slapd and ibmslapd settings
16.4.1 Tune the IBM Directory Server configuration file
16.4.2 Suffixes
16.4.3 Recycle the IBM Directory Server
16.4.4 Verify suffix order
16.5 DB2 tuning
16.5.1 Warning when IBM Directory Server is running
16.5.2 DB2 buffer pool tuning
16.5.3 LDAPBP buffer pool size
16.5.4 IBMDEFAULTBP buffer pool size
16.5.5 Setting buffer pool sizes
16.5.6 Warnings about buffer pool memory usage
16.5.7 Other DB2 configuration parameters
16.5.8 Warning about MINCOMMIT
16.5.9 More DB2 configuration settings
16.5.10 Configuration script
16.6 Directory size
16.7 Optimization and organization
16.7.1 Optimization
16.7.2 reorgchk and reorg
16.7.3 Indexes
16.7.4 Distributing the database across multiple physical disks
16.7.5 Create file systems and directories on the target disks
16.7.6 Backing up the existing database
16.7.7 Perform a redirected restore of the database
16.8 DB2 backup and restore
16.9 Concurrent updates on Symmetric Multi-Processor systems
16.10 AIX operating system tuning
16.10.1 Enabling large files
16.10.2 Tuning process memory size limits
16.10.3 AIX-specific process size limits
16.10.4 AIX data segments and LDAP process DB2 connections
16.10.5 Verifying process data segment usage
16.11 Adding memory after installation on Solaris systems
16.12 SLAPD_OCHANDLERS variable on Windows
16.13 IBM Directory Change and Audit Log
16.13.1 When to configure the LDAP change log
16.13.2 When to configure the LDAP audit log
16.14 Hardware tuning
16.14.1 Disk speed improvements
16.15 Monitoring performance
16.15.1 ldapsearch with "cn=monitor"
16.15.2 Monitor examples
16.16 Troubleshooting error files
Chapter 17. Monitoring IBM Tivoli Directory Server
17.1 Overview
17.2 Monitoring tools
17.2.1 Viewing server state
17.2.2 Viewing status of worker threads
17.2.3 Viewing connections information
17.2.4 Viewing other general information about the directory server
17.2.5 Analyzing changelog
17.2.6 Analyzing log files
17.3 Operating system commands for monitoring ITDS
17.4 Summary
Part 4 Developing directory-enabled applications
Chapter 18. Debugging IBM Tivoli Directory Server related issues
18.1 Overview
18.2 Debugging problems
18.2.1 Debugging configuration problems
18.2.2 Debugging directory server related errors using log files
18.2.3 Using server debug modes
18.2.4 DB2 error log file
18.3 Summary
Chapter 19. Developing C-based applications
19.1 Overview
19.2 Typical API usage
19.3 API flow when searching a directory
19.3.1 ldap_init()
19.3.2 ldap_simple_bind_s()
19.3.3 ldap_search_s()
19.3.4 ldap_first_entry()
19.3.5 ldap_first_attribute()
19.3.6 ldap_get_values()
19.3.7 ldap_next_attribute()
19.3.8 ldap_get_values()
19.3.9 ldap_next_entry()
19.3.10 ldap_unbind_s()
19.4 Sample code to search a directory
19.5 API flow when updating a directory entry
19.5.1 ldap_init()
19.5.2 ldap_simple_bind_s()
19.5.3 ldap_modify_s()
19.5.4 ldap_unbind_s()
19.6 Sample code to update a directory entry
Chapter 20. Developing JNDI-based applications
20.1 The JNDI
20.2 Searching the directory
20.2.1 Creating the directory context
20.2.2 Performing the search
20.2.3 Processing the search results
20.3 Changing a directory entry
20.3.1 Creating the directory context
20.3.2 Performing the modification
Part 5 Appendixes
Appendix A. DSML Version 2
DSML Version 2 Introduction
DSML Version 2 - IBM implementation
ITDS DSML Service Deployment
Java programming examples on DSML
References to the DSML official specifications
Appendix B. Directory Integration - IBM Tivoli Directory Integrator
Why Directory Integration is important
Directory Integration Services
User provisioning applications
Directory Integration technologies
Virtual directories vs. metadirectory technology
Overview of IBM Tivoli Directory Integrator
Configuration of ITDI assembly lines
Configuration of an ITDI Event Handler
ITDI solution example
ITDI solution design
Solution components
Summary
Appendix C. Moving RACF users to TBDM
Sample programs to move RACF users to TBDM
Appendix D. Schema changes that are not allowed
Operational attributes
Restricted attributes
Root DSE attributes
Schema definition attributes
Configuration attributes
User Application attributes
Related publications
IBM Redbooks
Online resources
How to get IBM Redbooks
Help from IBM
Back cover
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Summary of changes
Next
Next Chapter
Chapter 1. Introduction to LDAP
Directories and LDAP
In this part we introduce directories and LDAP. Specifically, we provide an introduction to LDAP, cover LDAP concepts and architecture, and provide some information on how to plan for a directory deployment in your environment.
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset