Home > Store

Solaris and LDAP Naming Services: Deploying LDAP in the Enterprise

Register your product to gain access to bonus material or receive a coupon.

Solaris and LDAP Naming Services: Deploying LDAP in the Enterprise

Book

  • Sorry, this book is no longer in print.
Not for Sale

About

Features

Description

  • Copyright 2001
  • Edition: 1st
  • Book
  • ISBN-10: 0-13-030678-9
  • ISBN-13: 978-0-13-030678-4

Solaris and LDAP Naming Services is a practical guide to implementing Solaris 8 native LDAP on clients and servers. Basic LDAP concepts are covered, as well as naming and authentication architectural details. This BluePrint outlines strategies for consolidating legacy directory services using LDAP technology.

Sample Content

Online Sample Chapter

Solaris Naming Services Architecture

Downloadable Sample Chapter

Click here for a sample chapter for this book: 0130306789.pdf

Table of Contents



1. Solaris Naming Services Overview.

Definition of a Naming Service. Definition of a Directory Service. Directory Service versus Database Servers. Proliferation of Directory Services. Solaris Directory ServicesÑHistorical Perspective. Network Information Service. NIS+. Domain Name System. Solaris Naming Service Switch. LDAP Background. Brief History of LDAP. LDAP Goals and Specifications. Solaris LDAP Implementation. Factors to Consider When Deploying LDAP.



2. Solaris Naming Services Architecture.

Evolution of Solaris Naming Services. NIS and Files Coexistence. NIS and DNS Coexistence. Solaris Naming Service Switch. NIS Architecture Overview. NIS Client Server Architecture. How NIS Clients Bind to the NIS Server. NIS Maps. NIS High Availability Architecture Features. NIS+ Architecture Overview. NIS+ Client Server Architecture. How NIS+ Clients Bind to the NIS+ Server. NIS+ Tables. NIS+ Interaction with DNS. NIS+ High Availability Architecture Features. Solaris DNS Architecture Overview. DNS Client Architecture. DNS Server Architecture. DNS High Availability Features. LDAP Architecture Overview. LDAP Information Model. LDAP Naming Model. LDAP Functional Model. LDAP Security Model. LDAP Replication. Comparison with Legacy Naming Services.



3. Security Models.

Authentication versus Authorization. Traditional Solaris Authentication. How UNIX Passwords Work. NIS+ Credentials. Alternative Authentication Mechanisms. LDAP Authentication (Simple Authentication). CRAM-MD5. Kerberos. Secure Socket Layer Authentication. Security Infrastructure. Planet Directory Server SASL. Solaris PAM Framework. PAM Module Types. How PAM Works. PAM Configuration File. Generic pam.conf File. PAM LDAP Module. How PAM and LDAP Work.



4. iPlanet Directory Server Installation and Configuration.

Product Architecture. Administration Domains. Configuration Data. Login Accounts. Netscape Console. Planning the Installation. Installation Procedure. Performing a Typical Installation. Installation Defaults. Starting the Netscape Console. Verifying the Installation. Installation File Navigation. Postinstallation Procedures. Changing Common Installation Configuration Parameters. Importing Directory Data. Reinstalling iPlanet Directory Server. Installation Troubleshooting Tips. Directory Replication. Planning Directory Replication. Verifying Replication. Troubleshooting Replication Problems. Modifying the Supplier Initiated Agreement. Setting up a Secure System Using SSL and Certificates. Planning a Secure Server Configuration. Running the Certificate Setup Wizard. Rebooting the Secure Server. Changing the Trust Database Password or PIN. Using SSL for Replication. iPlanet Directory Server Startup Files. Script Generation Program. Installing the NIS Extensions.



5. Solaris 8 Native LDAP Configuration.

Definition of Native LDAP. Native Solaris LDAP Implementation. Solaris LDAP Client Profiles. NIS Domain. Authentication Method. Proxy Agent. Directory Information Tree. Loading Data. Naming Context. Server Configuration Procedure. Tools and Techniques. Importing LDIF Files from the Command Line. Summary of Steps Required. Client Configuration. How LDAP Clients Initialize. LDAP Client Initialization Example. Troubleshooting Tips. Unresolved Host Name. Unable to Reach Systems in the LDAP Domain Remotely. Sendmail Fails to Deliver/Receive Mail To/From Remote Users. Login Does Not Work.



6. NIS Extensions Configuration.

Overview. What the Extensions Are. Storing NIS Information in LDAP. NIS Extensions Initialization. Initialization Checklist. Postinstallation Verification.



7. Capacity Planning and Performance Tuning.

Server Sizing. Directory Considerations. Directory Size. Directory Access. Security Requirements. Replication Strategy. Capacity Planning Methodology. Calculating Directory Database Size. Summary of Disk Storage Requirements. Memory Sizing. Summary of Memory Usage. Estimating CPU Usage. LDAP Test Suite. Results of Experimentation. Configuration. Simple Read Test with Persistent Connection. Read Test with Nonpersistent Connection. Modify Tests. Authentication Tests. Qualitative Observations Based on Test Results. Performance Tuning. Definition of Indexing. Indexing Summary. Caching for Performance. Directory Caches. Evaluating Sizing Factors. Setting the Database Cache Size. Setting Entry Cache Size. Sizing the Database and Entry Caches. Tuning Cache Sizes. Setting the All IDs Threshold. Tuning the All IDs Threshold Value. Setting Search Limit Parameters. Considering Data Design Issues. Designing an LDAP Client. Removing Unnecessary Plug-ins. Tuning Write Performance. Tuning Import Performance. Troubleshooting Checklist.



8. Deploying Highly Available LDAP Data Services.

iPlanet Directory Services 4.12 HA Architecture Models. High Availability Strategy. Overview of Sun Cluster 2.2 Software. Logical IP Addresses. Data Services for Sun Cluster. Building a Sun Cluster with HA LDAP Data Services. LDAP Fault Monitor. iPlanet Directory Server 4.12 Installation. Configuring the Sun Cluster HA for iPlanet Data Services. LDAP Cluster Deployment Options. Asymmetric (Hot Standby Model) HA. Active Server Model. Redirecting LDAP Client Requests.



9. Preventive Maintenance.

Directory Log Files. Access Log. Viewing the Access Log. Access Log Configuration Options. Error Log. Viewing the Error Log. Audit Log. Managing Database Transaction Logging. Changing the Location of the Database Transaction Log. Changing the Database Checkpoint Interval. Enabling Durable Transactions. Backing Up and Restoring the Directory Database. Backing Up the Database from the Directory Server Console. Backing Up the Database from the Command Line. Restoring the Database from the Directory Server Console. Restoring Your Database from the Command Line. Deleting Database Backups. Restoring Databases That Include Replicated Entries. Placing a Database in Read-Only Mode. Exporting and Importing the Database with LDIF. Exporting Databases to LDIF from the Command Line. Importing Databases from LDIF.



10. Managing Directory Services.

Establishing Access Control Policies. LDAP Security Model Review. Access Control Instructions. Creating Access Control Instructions. Managing the Directory Schema. The Schema Files. How Schema Files Are Read. Modifying the Schema. Monitoring the Directory Server. Monitoring Resources. Monitoring the Server from the Command Line. Monitoring Database Activity. Monitoring the Database from the Directory Server Console. Monitoring the Database from the Command Line. Managing with SNMP. Using LDAP MIB. Managing the LDAP Directory Server with BMC PATROL. iPlanet Directory Server KM Overview. Introduction to BMC PATROL. Checking Memory Usage with pmap.



11. Directory Services Consolidation.

Benefits of Consolidation. LDAP as a Consolidation Choice. Consolidation Approaches. Consolidation of LDAP-Enabled Applications. LDAP Gateways. LDAP Synchronization. Password Synchronization. NIS Extensions for Solaris. NT Synchronization Service. iPlanet Meta-Directory Server. How Meta-Directory Works. Meta-Directory Connectors. Deploying iPlanet Meta-Directory. Unified Login and Single Sign-on. Kerberos and LDAP. SiteMinder. iPlanet Directory Access Router. iDAR Overview. iPlanet Directory Access Router Feature Set.



12. Microsoft Windows Interoperability.

Windows NT Interoperability. Windows NT Security Model. How the NT User Account Information Is Made Available to Solaris Server. Mapping NT User Account Information to LDAP. How the Synchronization Service Works. Windows 2000 Interoperability. Active Directory Services Architecture. Information Model. Security Model. Access Model. Replication Model. How Active Directory Clients Interact with Servers. How Applications Access Active Directory Services. Solaris Directory Services and Active Directory Services Interactions. Signing On Only Once. Joining a Windows 2000 Tree or Forest. Specifying LDAP Referrals. Using Windows Services in UNIX 2.0. IETF Schemas. RFC 2307 Network Information Service Schema. RFC 2307 Draft Objectclasses. Mail Alias Schema.



Glossary.


Index.

Preface

Preface

This book is one of an on-going series of books collectively known as the Sun BluePrints program. The Solaris and LDAP Naming Services BluePrint describes best practices for planning and deploying naming services based on the Lightweight Directory Access Protocol (LDAP). The introduction of native LDAP in the Solaris 8 operating environment provides powerful capabilities but is based on a model unfamiliar to most Solaris system administrators. Understanding general LDAP concepts and the specific Solaris implementation is key to successful deployment of resilient enterprise-wide naming services.

Sun BluePrints Program

The mission of the Sun BluePrints Program is to empower Sun customers with the technical knowledge required to implement reliable, extensible, and secure information systems within the data center using Sun products. The Sun BluePrints Program is managed by the Enterprise Engineering Group, which is part of the Customer Quality and Availability organization. This group provides a framework to identify, develop, and distribute best practices information that applies across the Sun product lines. Technical subject matter experts in various areas contribute to the program and focus on the scope and usefulness of the information.

The Enterprise Engineering Group is the primary provider of the technical content of the Sun BluePrints Program that includes books, guides, and online articles. Through these vehicles, Sun can provide guidance, installation and implementation experiences, real-life scenarios, and late-breaking technical information.

The monthly electronic magazine, Sun BluePrints OnLine, is located on the Web at http://www.sun.com/blueprints. To be notified about updates to the Sun BluePrints Program, please register yourself on this site.

Who Should Use This Book

This book is primarily intended for two types of readers: IT planners and system administrators. IT planners who must decide how to implement their future corporate naming services infrastructure will find the chapters Capacity Planning and Performance Tuning, Directory Services Consolidation, and Microsoft Windows Interoperability useful. System administrators will find helpful installation and management tips in the chapters iPlanet Directory Server Installation and Configuration, Solaris 8 Native LDAP Configuration, NIS Extensions Configuration, Deploying Highly Available LDAP Data Services, and Preventive Maintenance, Managing Directory Services.

Before You Read This Book

You should be familiar with basic Solaris system administration functions and possess some understanding of NIS or NIS+ and DNS. Some knowledge of LDAP concepts is helpful, but not required.

How This Book Is Organized

This book contains the following chapters and appendixes.

Chapter 1, "Solaris Naming Services Overview," introduces to naming service concepts and the Sun implementation of these concepts in the Solaris operating environment. The chapter discusses how the Solaris naming service infrastructure evolved into what it is today and why naming services are important.

Chapter 2, "Solaris Naming Services Architecture," explains how naming services are plugged into the Solaris operating environment and how Solaris clients interact with naming services. The Solaris Naming Service Switch is discussed in detail. An overview of NIS and NIS+ features is presented and contrasted with the Solaris 8 LDAP implementation.

Chapter 3, "Security Models," details the role naming services and directories play in authentication services. The Solaris Pluggable Authentication Module (PAM) infrastructure is discussed in detail to show how new authentication methods, such as LDAP binding, are integrated. When to deploy them and how the various authentication methods such as Public Key Infrastructure (PKI), Kerberos, and UNIX crypt work is discussed.

Chapter 4, "iPlanet Directory Server Installation and Configuration," describes how to install and configure the core components of the iPlanet Directory Server that ships with the Solaris 8 operating environment. Configuration tips that improve the directory performance and availability are included.

Chapter 5, "Solaris 8 Native LDAP Configuration," explains how to configure the iPlanet Directory Server to support the LDAP features in the Solaris 8 operating environment. A discussion of the directory schema extensions required to support Solaris 8 LDAP clients is presented.

Chapter 6, "NIS Extensions Configuration," describes how to configure the iPlanet Directory Server to support the NIS extensions and how to bulk-load NIS maps into the directory. How the iPlanet Directory Server running the extensions interacts with real NIS servers is explained.

Chapter 7, "Capacity Planning and Performance Tuning," presents heuristics, based on past deployments and benchmark results, for sizing a directory. Procedures for optimizing directory server performance are included.

Chapter 8, "Deploying Highly Available LDAP Data Services," describes when to cluster the iPlanet Directory Server and how to deploy Sun Cluster software running the Data Services for LDAP. Alternative methods, such as directory replication, to clustering are presented along with deployment scenarios.

Chapter 9, "Preventive Maintenance," explains how to perform routine directory maintenance such as pruning log files and backing up the directory database. How to examine the directory log files and spot potential problems is presented.

Chapter 10, "Managing Directory Services," discusses the use of the iPlanet Directory Server tools to perform routine directory management functions like setting access control policies, updating the directory schema, and monitoring the health of the directory server. SNMP management with the LDAP Management Information Base (MIB) and deployment of BMC PATROL to monitor the iPlanet Directory Server are explained.

Chapter 11, "Directory Services Consolidation," presents an overview of the iPlanet Meta-Directory Server and describes how it can be used to unify disparate data sources. Creating a single-sign-on environment with SiteMinder is also explained.

Chapter 12, "Microsoft Windows Interoperability," explains how the iPlanet Windows NT Synchronization services can be deployed to provide an unified login between Windows clients and the iPlanet Directory Server. Windows 2000 Active Directory Services is introduced, followed by a discussion of how it can interoperate with the Solaris 8 operating environment.

Appendix A, "Using Netscape Communicator as an LDAP Client" is a procedure for extending the LDAP features in Netscape Communicator so directory data can be viewed and searched.

Appendix B, "LDAP Standards Information" lists RFCs and other standards that define LDAP.

Appendix C, "Additional Information," lists sources of helpful information and LDAP related tools.

Appendix D, "LDAP v3 Result Codes" describes error messages that iDS generates.

Appendix E, "Schema Information" describes the LDAP object classes and attributes required to support native Solaris LDAP.

Glossary is a list of terms and acronyms used frequently in describing naming, directory, and authentication services.

Ordering Sun Documents

The SunDocs program provides more than 250 manuals from Sun Microsystems, Inc. If you live in the United States, Canada, Europe, or Japan, you can purchase documentation sets or individual manuals through this program.

Accessing Sun Documentation Online

The docs.sun.com Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com/

Updates

Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020