Understanding and Deploying LDAP Directory Services

Timothy A. Howes, Mark C. Smith, Gordon S. Good

Publisher: MacMillan, 1999, 846 pages

ISBN: 1-57870-070-1

Keywords: Networks, System Administration

Last modified: May 16, 2021, 7:25 p.m.

Synopsis

Lightweight Directory Access Protocol (LDAP) is quickly becoming the standard directory service protocol for virtually all modern email systems, Web systems, and an increasing number of enterprise applications. Understanding and Deploying LDAP Directory Services helps you make the most of your directories and directory-enabled applications by revealing key insights into effective design, deployment, and management issues. This book provides network architects, and software designers with a thorough treatment of LDAP directory services.

  • Comprehensive introduction to directory services and LDAP — what they are, what they can do for you, and why they are important.
  • Exhaustive resource for directory service designers — how to analyze directory service, name space design, schema design, server topology design, replication design, directory security design, and privacy of directory information.
  • Vital information on deploying a directory service — product selection, piloting, analyzing and reducing costs, and ensuring a successful move to production operations.
  • Extensive treatment of directory service maintenance — backups and disaster recovery, maintaining data, monitoring your directory service, troubleshooting problems, and avoiding security breaches.
  • Overview of how to leverage your directory service for maximum return on investment — developing new directory-enabled applications, enhancing existing applications, and implementing a directory coexistance strategy.
  • Case studies — a selection that shows real-world examples of directory deployments illustrating the design tradeoffs.

Providing the most important and up-to-date information available, Understanding and Deploying LDAP Directory Services gives you the confidence and capabilities to successfully implement your own directory service projects.

Table of Contents

  1. An Introduction to Directory Services and LDAP
    1. Directory Services Overview
      • What Is a Directory?
        • Directories Are Dynamic
        • Directories Are Flexible
        • Directories Can Be Secure
        • Directories Can Be Personalized
        • Directory Described
      • What Can a Directory Do for You?
        • Finding Things
        • Managing Things
        • Lightweight Database Applications
        • Security Applications
      • What a Directory Is Not
        • Database Comparison
        • File System Comparison
        • Web Comparison
        • FTP Comparison
        • DNS Comparison
        • The Complementary Directory
      • Directory Services Overview Checklist
      • Further Reading
      • Looking Ahead
    2. A Brief History of Directories
      • Prehistory and Early Electronic Directories
        • Early Electronic Directories
        • Distributed Computing Research and the Grapevine System
        • The Arrival of the Internet
      • Application-Specific and Special-Purpose Directories
        • Application-Specific Directories
        • Centralized Internet Directories
      • Network Operating System Directories
        • Novell Directory Services
        • Microsoft's Active Directory
        • Status of NOS Directories
      • General-Purpose, Standards-Based Directories
        • The Dawn of Standards Directories: X.500
        • The Creation and Rise of LDAP
        • Other Standards-Based, General-Purpose Directories
      • Directory Services Future
        • Metadirectories as an Important Product Directory Category
        • Tighter Operating System Integration
        • Directories Are Making Operating Systems Less Important
        • LDAP as a Database Access Protocol
        • LDAP's Continued Dominance
        • Directories Are Becoming Truly Ubiquitous
      • Conclusion
      • Directory Services Time Line
      • Further Reading
      • Looking Ahead
    3. An Introduction to LDAP
      • What Is LDAP?
        • What Can LDAP Do For You?
        • How DOes LDAP Work?
        • The LDAP Protocol on the Wire
      • The LDAP Models
        • The LDAP Information Model
        • The LDAP Naming Model
        • The LDAP Functional Model
        • The LDAP Security Model
      • LDAP APIs
        • An Overview of the C LDAP API
        • Other LDAP APIs
      • LDIF
        • LDIF Representation of Directory Entries
        • LDIF Update Statements
      • LDAP and Internationalization
      • LDAP Overview Checklist
      • Further Reading
      • Looking Ahead
  2. Designing Your Directory Service
    1. Directory Road Map
      • The Directory Life Cycle
        • Design
        • Deployment
        • Maintenance
      • Directory Design Checklist
      • Further Reading
      • Looking Ahead
    2. Defining Your Directory Needs
      • An Overview of the Directory Needs Definition Process
        • Analyzing Your Environment
        • Determining and Prioritizing Needs
        • Choosing an Overall Directory Design and Deployment Approach
        • Setting Goals and Milestones
      • Analyzing Your Environment
        • Organizational Structure and Geography
        • Computer Systems
        • The Network
        • Application Software
        • Users
        • System Designers and Administrators
        • The Political Climate
        • Resources
      • Determining and Prioritizing Application Needs
        • Data
        • Performance
        • Availability
        • Level of Service
        • Security
        • Prioritizing Application Needs
      • Determining and Prioritizing Users' Needs and Expectations
        • Asking Your Users
        • Accuracy and Completeness of Data
        • Privacy
        • Audience
        • The Relationship of User Needs to Application Needs
        • Prioritizing Your Users' Needs
      • Determining and Prioritizing Deployment Constraints
        • resources
        • Openness of the Process
        • Skills of the Directory Project Team
        • The Skills and Needs of System Administrators
        • The Political Climate
        • Prioritizing Your Deployment Constraints
      • Determining and Prioritizing Other Environmental Constraints
        • Computing Hardware and Software
        • The Network
        • Criticality of Service
        • Security
        • Coexistence with Other Databases and Directories
        • Prioritizing Your Environmental Constraints
      • Choosing an Overall Directory Design and Deployment Approach
        • Matching the Prevailing Philosophy
        • Taking Constraints into Account
        • Favoring Simple Solutions over Complex Ones
        • Focusing on Your Most Important Needs
        • The Bottom Line
      • Setting Goals and Milestones
        • Goals
        • Milestones
        • Recommendations for Setting Goals and Milestones
      • Defining Your Directory Needs Checklist
      • Further Reading
      • Looking Ahead
    3. Data Design
      • Data Design Overview
      • Common Data-Related Problems
      • Creating a Data Policy Statement
      • Identifying Which Data Elements You Need
      • General Characteristics of Data Elements
        • Format
        • Size of Data Values
        • Number of Occurrences
        • Data Ownership
        • Consumers
        • Dynamic Versus Static Data Elements
        • Shared Versus Application-Specific Data Elements
        • Relationship with Other Data Elements
        • A Data Element Characteristics Example
      • Sources for Data
        • Other Directory Services and Network Operating Systems
        • Databases
        • Files
        • Applications
        • Administrators
        • End Users
      • Maintaining Good Relationships with Other Data Sources
        • Replication
        • Synchronization
        • Batch Updates
        • Political Considerations
      • Data Design Checklist
      • Further Reading
      • Looking Ahead
    4. Schema Design
      • The Purpose of a Schema
      • Elements of LDAP Schemas
        • Attributes
        • Object Classes
        • Schema Element Summary
      • Directory Schema Formats
        • The slapd.conf Schema Format
        • The ASN.1 Schema Format
        • The LDAPv3 Schema Format
      • The Schema Checking Process
      • Schema Design Overview
        • A Few Words About Schema Configuration
        • The Relationship of Schema Design to Data Design
        • Let's Call the Whole Thing Off
      • Sources for Predefined Schemas
        • Directory-Enabled Applications
        • Standard Schemas
        • Schemas Provided by Directory Vendors
      • Defining New Schema Elements
        • Choosing Names for New Attribute Types and Object Classes
        • Obtaining and Assigning Object Identifiers
        • Modifying Existing Schema Elements
        • Subclassing an Existing Object Class
        • Adding Auxiliary Information to a Directory Object
        • Accommodating New Types of Objects
        • Tips for Defining New Schemas
      • Documenting and Publishing Your Schemas
      • Schema Maintenance and Evolution
        • Establishing a Schema Review Bond
        • Granting Permission to Change the Schema Configuration
        • Changing Existing Schemas
        • Upgrading Directory Service Software
      • Schema Design Checklist
      • Further Reading
      • Looking Ahead
    5. Namespace Design
      • The Structure of a Namespace
      • The Purposes of a Namespace
      • Analyzing Your Namespace Needs
        • Choosing a Suffix
        • Flat and Hierarchical Schemes
        • Naming Attributes
        • Application Considerations
        • Administrative Considerations
        • Privacy Considerations
        • Anticipating the Future
      • Examples of Namespaces
        • Flat Namespace Examples
        • Hierarchical Namespace Examples
      • Namespace Design Checklist
      • Further Reading
      • Looking Ahead
    6. Topology Design
      • Directory Topology Overview
      • Gluing the Directory Together: Knowledge References
        • Name Resolution in the Distributed Directory
        • Putting Knowledge Information into Your Directory
      • Authentication in a Distributed Directory
        • Security Implications
        • Advantages and Disadvantages of Partitioning
      • Designing Your Directory Server Topology
        • Directory Partition Design Examples
      • Topology Design Checklist
      • Further Reading
      • Looking Ahead
    7. Replication Design
      • Why Replicate?
      • Replication Concepts
        • Suppliers, Consumers, and Replication Agreements
        • The Unit Replication
        • Consistency and Convergence
        • Incremental and Total Updates
        • The Netscape Directory Server Update Process
        • The Novell Directory Services Update Process
        • Initial Population of a Replica
        • Replication Strategies
        • Conflict Resolution in Multi-master Replication
      • Advanced Features
        • Scheduling Replication
        • Scheduling Update Latency by Attribute Type
        • Schema and Replication
        • Access Control and Replication
      • Designing Your Directory Replication System
        • Designing for Maximum Reliability
        • Designing for Maximum Performance
        • Other Considerations
        • Choosing Replication Solutions
      • Replication Checklist
      • Further Reading
      • Looking Ahead
    8. Privacy and Security Design
      • Security Guidelines
      • The Purpose of Security
      • Security Threats
        • Unauthorized Access
        • Unauthorized Tampering
        • Denial-of-service Attacks
      • Security Tools
      • Analyzing Your Security and Privacy Needs
        • Directory Requirements
        • Understanding Your Environment
        • Understanding Your Users
      • Designing for Security
        • Authentication
        • Access Control
        • Information Privacy and Integrity
        • Respecting Your Users' Privacy
        • Security Versus Deployability
      • Further Reading
      • Looking Ahead
  3. Deploying Your Directory Service
    1. Choosing Directory Products
      • Making the Right Product Choice
      • Categories of Directory Software
        • Network Operating System Applications
        • Intranet Applications
        • Extranet Applications
        • Internet and Hosted Applications
        • Lightweight Database Applications
      • Evaluation Criteria for Directory Software
        • Core Features
        • Management Features
        • Reliability
        • Performance and Scalability
        • Security
        • Standards Conformance
        • Interoperability
        • Cost
        • Flexibility and Extensibility
        • Other Considerations
        • An Evaluation Criteria Example
      • Reaching a Decision
        • gathering Basic Product Information
        • Quizzing the Software Vendors
        • Challenging the Vendors to Show What Their Products Can Do
        • Conducting a Directory Services Pilot
        • Negotiating the Best Possible Deal
      • Directory Software Options
        • Directory Server Software
        • Directory-Enabled Applications
        • SDKs
      • Choosing Directory Products Checklist
      • Further Reading
      • Looking Ahead
    2. Piloting Your Directory Service
      • Pre-Pilot Testing
      • A Piloting Road Map
        • Defining Your Goals
        • Defining Your Scope
        • Developing Documentation and Training Materials
        • Selecting Your Users
        • Setting Up Your Environment
        • Rolling Out the Pilot
        • Collecting Feedback
        • Scaling It Up
        • Applying What You've Learned
      • Piloting Checklist
      • Further Reading
      • Looking Ahead
    3. Analyzing and Reducing Costs
      • The Politics of Costs
      • Reducing Costs
        • General Principles of Cost Reduction
      • Design, Piloting, and Deployment Costs
        • Design Costs
        • Piloting Costs
        • Deployment Hardware Costs
        • Deployment Software Costs
      • Ongoing Costs of Providing Your Directory Service
        • Software Upgrade Costs
        • Hardware Upgrade and Replacement Costs
        • Monitoring Costs
        • Data Maintenance Costs
        • Backup and Restore Costs
        • Disaster Recovery Plan Costs
        • Support and Training Costs
        • Software Support Contracts and Hardware Maintenance Contracts
        • Costs of Adding New Directory-Enabled Applications
      • Analyzing and Reducing Costs Checklist
      • Further Reading
      • Looking Ahead
    4. Going Production
      • Creating a Plan for Going Production
        • List the Resources Needed for Your Rollout
        • Create a List of Prerequisite Tasks
        • Create a Detailed Service Rollout Plan
        • Develop Criteria for Success
        • Create a Publicity and Marketing Plan
      • Advice for Going Production
        • Don't Jump the Gun
        • Don't Loose Focus
        • Adopt an Incremental Approach
        • Prepare Yourself Well
      • Executing Your Plan
      • Going Production Checklist
      • Looking Ahead
  4. Maintaining Your Directory Service
    1. Backups and Disaster Recovery
      • Backup and Restore Procedures
        • Backing Up and Restoring Directory Data Using Traditional Techniques
        • Other Things to Back Up
        • Using Replication for Backup and Restore
        • Using Replication and Traditional Backup Techniques Together
        • Safeguarding Your Backups
        • Verifying Your Backups
      • Disaster Planning and Recovery
        • Type of Disasters
        • Developing a Directory Disaster Recovery Plan
      • Directory-Specific Issues in Disaster Recovery
      • Summary
      • Backups and Disaster Recovery Checklist
      • Further Reading
      • Looking Ahead
    2. Maintaining Data
      • The Importance of Data Maintenance
      • The Data Maintenance Policy
        • Application-Maintained Data
        • Centrally Maintained Data
        • User-Maintained Data
      • Handling New Data Sources
      • Handling Exceptions
      • Checking Data Quality
        • Methods of Checking Quality
        • Implications of a Checking Quality
        • Correcting Bad Data
      • Data Maintenance Checklist
      • Further Reading
      • Looking Ahead
    3. Monitoring
      • An Introduction to Monitoring
        • Methods of Monitoring
        • General Monitoring principles
      • Selecting and Developing Monitoring Tools
        • Monitoring Your Directory with SNMP and a Network Management System
        • Monitoring Your Directory with Custom Probing Tools
      • Proactive Monitoring
      • Notification Techniques
        • Basic Notification Principles
        • Notification Methods
        • Testing Your Notification System
      • Taking Action
        • Planning Your Course of Action
        • Minimizing the Effect
        • Understanding the Root Cause
        • Correcting the Problem
        • Documenting What Happened
      • A Sample Directory Monitoring Utility
      • Monitoring Checklist
      • Further Reading
      • Looking Ahead
    4. Troubleshooting
      • Discovering Problems
      • Types of Problems
        • Directory Outages
        • Performance Problems
        • Problems with Directory Data
        • Security Problems
      • Troubleshooting and Resolving Problems
        • Step 1: Assess the Problem and Inform Affected Persons
        • Step 2: Contain the Damage
        • Step 3: Put the System Back into Service by Applying a Short-Term Fix
        • Step 4: Fully Understand the Problem and Devise a Long-Term Fix
        • Step 5: Implement the Long-Term Fix and Take Steps to Prevent the Problem from Recurring
        • Step 6: Arrange to Monitor for the Problem
        • Step 7: Document What Happened
      • Troubleshooting Checklist
        • Directory Outages
        • Performance Problems
        • Problems with Directory Data
        • Security Problems
      • Looking Ahead
  5. Leveraging Your Directory Service
    1. Developing New Applications
      • Reasons to Develop Directory-Enabled Applications
        • Lowering Your Data Management Costs
        • Adapting the Directory to Fit Your Organization
        • Saving on Deployment and Maintenance Costs
        • Creating Entirely New Kinds of Applications
        • When It Does Not Make Sense to Directory-Enable
      • Common Ways Applications Use Directories
        • Locating and Sharing Information
        • Verifying Authentication Credentials
        • Aiding the Deployment of Other Services
        • Making Access Control Decisions
        • Enabling Location Independence
      • Tools for Developing LDAP Applications
        • LDAP SDKs
        • LDAP Scripting Components for JavaScript and Perl
        • LDAP Command-Line Tools
        • Directory-Agnostic SDKs
      • Advice for LDAP Application Developers
        • Striving to Fit In
        • Communicating Your Application's Directory Needs
        • Designing for Good Performance and Scalability
        • Developing a Prototype and Conducting a Pilot
        • Leveraging Existing Code
        • Avoiding Common Mistakes
      • Example 1: A Password-Resetting Utility
        • Directory Use
        • The Source Code
        • The Help Desk Staff's Experience
        • Ideas for Improvement
      • Example 2: An Employee Time-Off Request Web Application
        • Directory Use
        • The Employee's Experience
        • The Manager's Experience
        • Ideas for Improvement
      • Developing New Applications Checklist
      • Further Reading
      • Looking Ahead
    2. Directory-Enabling Existing Applications
      • Reasons to Directory-Enable Existing Applications
        • Enabling New Features in Applications
        • Lowering Your Data Management Costs
        • Simplifying Life for End Users
        • Bringing the Directory Service to Your End Users
      • Advice for Directory-Enabling Existing Applications
        • Hiding the Directory Integration
        • Making the New Directory Capabilities Visible
        • Using a Protocol Gateway to Achieve Integration
        • Avoiding Problematic Architectural Choices
        • Considering How the Directory Service Will Be Affected
        • Planning for a Transition
        • Being Creative and Considering All Your Options
      • Example 1: A Directory-Enabled Finger Service
        • The Integration Approach
        • The Source Code
        • The Resulting End User Experience
        • Ideas for Improvement
      • Example 2: Adding LDAP Lookup to an Email Client
        • The Integration Approach
        • The Code
        • The Resulting End User Experience
        • Ides for Improvement
      • Directory-Enabling Existing Applications Checklist
      • Further Reading
      • Looking Ahead
    3. Directory Coexistence
      • Why Is Coexistence Important?
      • Determining Your Requirements
      • Coexistence Techniques
        • Migration
        • One-Way Synchronization
        • Two-Way Synchronization
        • N-Way Join
        • Virtual Directory
      • Privacy and Security Considerations
        • Join Attribute
        • Data Transport
        • Foreign Directory Security
      • Example 1: One-Way Synchronization with Join
      • Example 2: A Virtual Directory
      • Directory Coexistence Checklist
      • Further Reading
      • Looking Ahead
  6. Case Studies
    1. Case Study: Netscape Communications Corporation
      • An Overview of the Organization
      • Directory Drivers
      • Directory Service Design
        • Needs
        • Data
        • Schema
        • Namespace
        • Topology
        • Replication
        • Privacy and Security
      • Directory Service Deployment
        • Product Choice
        • Piloting
        • Going Production
      • Directory Service Maintenance
        • Data Backups and Disaster Recovery
        • Maintaining Data
        • Monitoring
      • Leveraging the Directory Service
        • Directory Deployment Impact
      • Summary and Lessons Learned
      • Further Reading
      • Looking Ahead
    2. Case Study: A Large University
      • An Overview of the Organization
      • Directory Drivers
      • Directory Service Design
        • Needs
        • Data
        • Schema
        • Namespace
        • Topology
        • Replication 
        • Privacy and Security
      • Deployment
        • Product Choice
        • Piloting
        • Analyzing and reducing Costs
        • Going Production
      • Maintenance
        • Data Backup and Disaster Recovery
        • Maintaining Data
        • Monitoring
        • Troubleshooting
      • Leveraging the Directory Service
      • Applications
      • Directory Deployment Impact
      • Summary and Lessons Learned.
      • Looking Ahead
    3. Case Study: A Large Multinational Enterprise
      • An Overview of the Organization
      • Directory Drivers
      • Directory Service Design
        • Needs
        • Data
        • Schema
        • Namespace
        • Topology
        • Replication
        • Privacy and Security
      • Deployment
        • Product Choice
        • Piloting
        • Analyzing and Reducing Costs
        • Going Production
      • Maintenance
        • Data Backup and Disaster Recovery
        • Maintaining Data
        • Monitoring
        • Troubleshooting
      • Leveraging the Directory Service
        • Applications
        • Directory Deployment Impact
      • Summary and Lessons Learned
      • Further Reading
      • Looking Ahead
    4. Case Study: An Enterprise with an Extranet
      • An Overview of the Organization
      • Directory Drivers
      • Directory Service Design
        • Needs
        • Data
        • Schema
        • Namespace
        • Topology
        • Replication
        • Privacy and Security
      • Deployment
        • Product Choice
        • Piloting
        • Going Production
      • Maintenance
        • Data Backup and Disaster Recovery
        • Maintaining Data
        • Monitoring
        • Troubleshooting
      • Leveraging the Directory Service
        • Applications
        • Directory Deployment Impact
      • Summary and Lessons Learned
        • The Big Picture
      • Further Reading

Reviews

Understanding and Deploying LDAP Directory Services

Reviewed by Roland Buresund

Very Good ******** (8 out of 10)

Last modified: May 21, 2007, 2:51 a.m.

Opinion

Everything you ever wanted to know (or prefered to never know) about Directory Services.

A very comprehensive book. I liked it.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required