Home > Store

Understanding and Deploying LDAP Directory Services, 2nd Edition

Register your product to gain access to bonus material or receive a coupon.

Understanding and Deploying LDAP Directory Services, 2nd Edition

Book

  • Sorry, this book is no longer in print.
Not for Sale

Description

  • Copyright 2003
  • Edition: 2nd
  • Book
  • ISBN-10: 0-672-32316-8
  • ISBN-13: 978-0-672-32316-4

Lightweight Directory Access Protocol (LDAP) is the standard for directory information access and is the underlying protocol for a variety of email systems, Web systems, and enterprise applications. LDAP enables central management of users, groups, devices, and other data, thereby simplifying directory management and reducing the total cost of ownership. Understanding and Deploying LDAP Directory Services, written by the creators of the protocol, is known as the LDAP bible and is the classic text for learning about LDAP and how to utilize it effectively. The Second Edition builds on this success by acting as an exhaustive resource for designing, deploying, and maintaining LDAP directory services. Topics such as implementation pitfalls, establishing and maintaining user access to information, troubleshooting, and real-world scenarios will be thoroughly explored.

Sample Content

Downloadable Sample Chapter

Download Sample Chapter 4 related to this title.

Table of Contents

I. INTRODUCTION TO DIRECTORY SERVICES AND LDAP.

1. Directory Services Overview and History.

What a Directory Is.

Directories Are Dynamic.

Directories Are Flexible.

Directories Can Be Secure.

Directories Can Be Personalized.

Directory Described.

What a Directory Can Do for You.

Finding Things.

Managing Things.

Lightweight Database Applications.

Security Applications.

What a Directory Is Not.

Directories versus Databases.

Directories versus File Systems.

Directories versus Web Servers.

Directories versus FTP Servers.

Directories versus DNS Servers.

The Complementary Directory.

The History and Origins of LDAP.

The Dawn of Standard Directories: X.500.

The Creation and Rise of LDAP.

The Key Advantages of LDAP.

Further Reading.

Looking Ahead.

2. Introduction to LDAP.

What Is LDAP?

The LDAP Protocol.

The LDAP Protocol on the Wire.

The LDAP Models.

The LDAP Information Model.

The LDAP Naming Model.

The LDAP Functional Model.

The LDAP Security Model.

LDIF.

LDIF Representation of Directory Entries.

LDIF Update Statements.

LDAP Server Software.

LDAP Command-Line Utilities.

The ldapsearch Command-Line Utility.

The ldapmodify Command-Line Utility.

LDAP APIs.

Overview of the LDAP C API.

Other LDAP APIs.

LDAP and Internationalization.

LDAP Overview Checklist.

Further Reading.

Looking Ahead.

3. LDAPv3 Extensions.

How LDAPv3 Is Extended.

LDAP Controls.

LDAP Extended Operations.

SASL Authentication Mechanisms.

The Root DSE and Extension Discovery.

Selected LDAPv3 Extensions.

The ManageDSAIT Control.

The Persistent Search Request and Entry Change Notification Response Controls.

The Server-Side Sorting Request and Response Controls.

The Virtual List View Request and Response Controls.

The Proxied Authorization Control.

Password Expiration Controls.

Bulk Import Extended Operations.

The EXTERNAL SASL Mechanism.

The DIGEST-MD5 SASL Mechanism.

Future Directions: Where Is LDAP Headed Next?

Increased Integration into Operating Systems and Middleware.

Emerging Standards Work.

Other LDAP-Related Standards Work.

LDAP and XML.

DSML.

LDAP Extensions and Future Directions Checklists.

Further Reading.

Looking Ahead.

4. Overview of Netscape Directory Server.

Basic Installation.

Extracting and Starting the Setup Program.

Answering Installation Questions.

Completing the Installation and Loading Sample Data.

A Brief Hands-on Tour of Netscape Directory Server.

Searching.

Manipulating Netscape Directory Server Databases.

Controlling Access to Directory Data.

Changing the Server Configuration Using LDAP.

Product Focus and Feature Set.

Origin.

Product Focus.

Feature Set.

Extending the Netscape Server: A Simple Plug-in Example.

Problem Statement.

The Design of the Value Constraint Plug-In.

The Source Code for the Value Constraint Plug-In.

Compiling and Installing the Value Constraint Plug-In.

The Resulting Server Behavior.

Ideas for Improvement.

Further Reading.

Looking Ahead.

II. Designing Your Directory Service.

5. Directory Design Road Map.

The Directory Life Cycle.

Design.

Deployment.

Maintenance.

Directory Design Checklist.

Further Reading.

Looking Ahead.

6. Defining Your Directory Needs.

Overview of the Directory Needs Definition Process.

Step 1: Analyze Your Environment.

Step 2: Determine and Prioritize Needs.

Step 3: Choose an Overall Directory Design and Deployment Approach.

Step 4: Set Goals and Milestones.

Analyzing Your Environment.

Organizational Structure and Geography.

Computer Systems.

The Network.

Application Software.

Determining and Prioritizing Application Needs.

Data.

Performance.

Level of Service.

Security.

Prioritizing Application Needs.

Determining and Prioritizing Users' Needs and Expectations.

Asking Your Users.

Accuracy and Completeness of Data.

Privacy.

Audience.

The Relationship of User Needs to Application Needs.

Prioritizing Your Users' Needs.

Determining and Prioritizing Deployment Constraints.

Resources.

Openness of the Process.

Skills of the Directory System Designers.

Skills and Needs of System Administrators.

The Political Climate.

Prioritizing Your Deployment Constraints.

Determining and Prioritizing Other Environmental Constraints.

Hardware and Software.

The Network.

Criticality of Service.

Security.

Coexistence with Other Databases and Directories.

Prioritizing Your Environmental Constraints.

Choosing an Overall Directory Design and Deployment Approach.

Match the Prevailing Philosophy.

Take Constraints into Account.

Favor Simple over Complex.

Focus on the Most Important Needs.

Setting Some Goals and Milestones.

Goals.

Milestones.

Recommendations for Setting Goals and Milestones.

Defining Your Directory Needs Checklist.

Further Reading.

Looking Ahead.

7. Data Design.

Data Design Overview.

Common Data-Related Problems.

Creating a Data Policy Statement.

Identifying Which Data Elements You Need.

General Characteristics of Data Elements.

Format.

The Size of Each Data Value.

The Number of Distinct Data Values.

Data Ownership and Restrictions.

Consumers.

Frequency of Changes in Values: Dynamic or Static?

Range of Applicability: Shared or Application-Specific?

Relationships with Other Data Elements.

A Data Element Characteristics Example.

Analyzing Data Elements.

Sources of Data.

Other Directory Services and Network Operating Systems.

Databases.

Files.

Applications.

Administrators.

End Users.

Maintaining Good Relationships with Other Data Sources.

Replication.

Synchronization.

Batch Updates.

Political Considerations.

Data Design Checklist.

Further Reading.

Looking Ahead.

8. Schema Design.

The Purpose of a Schema.

Elements of LDAP Schemas.

Attributes.

Object Classes.

Schema Element Summary.

Directory Schema Formats.

The LDAPv3 Schema Format.

The ASN.1 Schema Format.

The Schema-Checking Process.

Schema-Checking Examples.

Schema Design Overview.

A Few Words about Schema Configuration.

The Relationship of Schema Design to Data Design.

Let's Call the Whole Thing Off.

Sources of Predefined Schemas.

Directory-Enabled Applications.

Standard Schemas.

Schemas Provided by Directory Vendors.

Adding a Schema to an Installed Directory Server.

Defining New Schema Elements.

Choosing Names for New Attribute Types and Object Classes.

Obtaining and Assigning Object Identifiers.

Modifying Existing Schema Elements.

Subclassing an Existing Object Class.

Adding Auxiliary Information to a Directory Object.

Accommodating New Types of Objects.

Tips for Defining New Schemas.

Documenting and Publishing Your Schemas.

Schema Maintenance and Evolution.

Establishing a Schema Review Board.

Granting Permission to Change the Schema Configuration.

Changing Existing Schemas.

Upgrading Directory Service Software.

Schema Design Checklist.

Further Reading.

Looking Ahead.

9. Namespace Design.

The Structure of a Namespace.

The Purposes of a Namespace.

Analyzing Your Namespace Needs.

Choosing a Suffix.

Flat and Hierarchical Schemes.

Naming Attributes.

Application Considerations.

Administrative Considerations of Naming Attributes and RDNs.

Privacy Considerations.

Anticipating the Future.

Examples of Namespaces.

Flat Namespace Examples.

Hierarchical Namespace Examples.

Namespace Design Checklist.

Further Reading.

Looking Ahead.

10. Topology Design.

Directory Topology Overview.

Definition of a Partition.

Gluing the Directory Together: Knowledge References.

Name Resolution in the Distributed Directory.

Configuring a Distributed Directory.

Authentication in a Distributed Directory.

Security Implications.

Advantages and Disadvantages of Partitioning.

Designing Your Directory Server Topology.

Step 1: Inventory Your Directory-Enabled Applications.

Step 2: Understand Your Directory Server Software and Its Capabilities.

Step 3: Create a Map of Your Physical Network.

Step 4: Review Your Directory Namespace Design.

Step 5: Consider Political Constraints.

Directory Partition Design Examples.

Topology Design Checklist.

Further Reading.

Looking Ahead.

11. Replication Design.

Why Replicate?

Replication Concepts.

Suppliers, Consumers, and Replication Agreements.

The Unit of Replication.

Consistency and Convergence.

Incremental and Total Updates.

Initial Population of a Replica.

Replication Strategies.

Replication Protocols.

Advanced Replication Features.

Replicating a Subset of Directory Information.

Active Directory GC Servers.

Scheduling Replication.

Scheduling Update Latency by Attribute Type.

Schemas and Replication.

Access Control and Replication.

Designing Your Directory Replication System.

Designing for Maximum Reliability.

Designing for Maximum Performance.

Other Considerations.

Choosing Replication Solutions.

Replication Design Checklist.

Further Reading.

Looking Ahead.

12. Privacy and Security Design.

Security Guidelines.

The Purpose of Security.

Security Threats.

Unauthorized Access.

Unauthorized Tampering.

Denial-of-Service Attacks.

Security Tools.

Analyzing Your Security and Privacy Needs.

Directory Requirements.

Understanding Your Environment.

Understanding Your Users.

Understanding Your Corporate Policies and Applicable Laws.

Designing for Security.

Authentication.

Access Control.

Information Privacy and Integrity.

Administrative Security.

Respecting Your Users' Privacy.

Security versus Deployability.

Privacy and Security Design Checklist.

Further Reading.

Looking Ahead.

III. Deploying Your Directory Service.

13. Evaluating Directory Products.

Making the Right Product Choice.

Categories of Directory Software.

NOS Applications.

Intranet Applications.

Extranet Applications.

Internet-Facing Hosted Applications.

Lightweight Database Applications.

Evaluation Criteria for Directory Software.

Core Features.

Management Features.

Reliability.

Performance and Scalability.

Security.

Standards Compliance.

Interoperability.

Cost.

Flexibility and Extensibility.

Other Considerations.

An Evaluation Criteria Example.

Reaching a Decision.

Gathering Basic Product Information.

Quizzing the Software Vendors.

Challenging the Vendors to Show What Their Products Can Do.

Conducting a Directory Services Pilot.

Negotiating the Best Possible Deal.

Evaluating Directory Products Checklist.

Further Reading.

Looking Ahead.

14. Piloting Your Directory Service.

A Piloting Road Map.

Prepilot Testing.

Defining Your Goals.

Defining Your Scope and Time Line.

Developing Documentation and Training Materials.

Selecting Your Users.

Setting Up Your Environment.

Rolling Out the Pilot.

Collecting Feedback.

Scaling Up the Pilot.

Applying What You've Learned.

Piloting Your Directory Service Checklist.

Looking Ahead.

15. Analyzing and Reducing Costs.

The Politics of Costs.

Reducing Costs.

General Principles of Cost Reduction.

Design, Piloting, and Deployment Costs.

Design Costs.

Piloting Costs.

Deployment Hardware Costs.

Deployment Software Costs.

Ongoing Costs of Providing Your Directory Service.

Software Upgrade Costs.

Hardware Upgrade and Replacement Costs.

Monitoring Costs.

Data Maintenance Costs.

Backup and Restore Costs.

Disaster Recovery Plan Costs.

Support and Training Costs.

Support and Maintenance Contract Costs.

Costs of Adding New Directory-Enabled Applications.

Analyzing and Reducing Costs Checklist.

Further Reading.

Looking Ahead.

16. Putting Your Directory Service into Production.

Creating a Plan for Putting Your Directory Service into Production.

List the Resources Needed for the Rollout.

Create a List of Prerequisite Tasks.

Create a Detailed Rollout Plan.

Develop Criteria for Success.

Create a Publicity and Marketing Plan.

Advice for Putting Your Directory Service into Production.

Don't Jump the Gun.

Maintain Focus.

Adopt an Incremental Approach.

Prepare Yourself Well.

Executing Your Plan.

Putting Your Directory Service into Production Checklist.

Looking Ahead.

IV. Maintaining Your Directory Service.

17. Backups and Disaster Recovery.

Backup and Restore Procedures.

Backing Up and Restoring Directory Data Using Traditional Techniques.

Other Things to Back Up.

Using Replication for Backup and Restore.

Using Replication and Traditional Backup Techniques Together.

Safeguarding Your Backups.

Verifying Your Backups.

Disaster Planning and Recovery.

Types of Disasters.

Developing a Directory Disaster Recovery Plan.

Directory-Specific Issues in Disaster Recovery.

Backups and Disaster Recovery Checklist.

Further Reading.

Looking Ahead.

18. Maintaining Data.

The Importance of Data Maintenance.

The Data Maintenance Policy.

Application-Maintained Data.

Centrally Maintained Data.

User-Maintained Data.

Handling New Data Sources.

Handling Exceptions.

Checking Data Quality.

Methods of Checking Quality.

Implications of Checking Quality.

Correcting Bad Data.

Maintaining Data Checklist.

Further Reading.

Looking Ahead.

19. Monitoring.

Introduction to Monitoring.

Methods of Monitoring.

General Monitoring Principles.

Selecting and Developing Monitoring Tools.

Monitoring Your Directory with SNMP and an NMS.

Monitoring Your Directory with Custom Probing Tools.

Notification Techniques.

Basic Notification Principles.

Notification Methods.

Testing Your Notification System.

Taking Action.

Planning Your Course of Action.

Minimizing the Effect.

Understanding the Root Cause.

Correcting the Problem.

Documenting What Happened.

A Sample Directory Monitoring Utility.

Performance Analysis.

Obtaining Raw Usage Data.

Digesting and Analyzing Raw Performance Data.

Drawing Conclusions.

Monitoring Checklist.

Further Reading.

Looking Ahead.

20. Troubleshooting.

Discovering Problems.

Types of Problems.

Directory Outages.

Performance Problems.

Problems with Directory Data.

Security Problems.

Troubleshooting and Resolving Problems.

Step 1: Assess the Problem, and Inform Affected Persons.

Step 2: Contain the Damage.

Step 3: Put the System Back into Service by Applying a Short-Term Fix.

Step 4: Fully Understand the Problem, and Devise a Long-Term Fix.

Step 5: Implement the Long-Term Fix, and Take Steps to Prevent the Problem from Recurring.

Step 6: Arrange to Monitor for the Problem.

Step 7: Document What Happened.

Troubleshooting Checklist.

Directory Outages.

Performance Problems.

Problems with Directory Data.

Security Problems.

Further Reading.

Looking Ahead.

V. Leveraging Your Directory Service.

21. Developing New Applications.

Reasons to Develop Directory-Enabled Applications.

Lowering Your Data Management Costs.

Adapting the Directory to Fit Your Organization.

Saving on Deployment and Maintenance Costs.

Creating Entirely New Kinds of Applications.

When It Does Not Make Sense to Directory-Enable.

Common Ways That Applications Use Directories.

Locating and Sharing Information.

Verifying Authentication Credentials.

Aiding the Deployment of Other Services.

Making Access Control Decisions.

Enabling Location Independence.

Tools for Developing LDAP Applications.

LDAP SDKs.

LDAP Command-Line Tools.

LDAP Tag Libraries for Web Development.

Directory-Agnostic SDKs.

Advice for LDAP Application Developers.

Striving to Fit In.

Communicating Your Application's Directory Needs.

Designing for Good Performance and Scalability.

Developing a Prototype and Conducting a Pilot.

Leveraging Existing Code.

Avoiding Common Mistakes.

Example 1: setpwd, a Password-Resetting Utility.

Directory Use.

The Help Desk Staff's Experience.

The Source Code.

Ideas for Improvement.

Example 2: SimpleSite, a Web Site with User Profile Storage.

Directory Use.

The User Experience.

The Source Code.

Ideas for Improvement.

Developing New Applications Checklist.

Further Reading.

Looking Ahead.

22. Directory-Enabling Existing Application

Reasons to Directory-Enable Existing Applications.

Enabling New Features in Applications.

Lowering Data Management Costs.

Simplifying Life for End Users.

Bringing the Directory Service to Your End Users.

Advice for Directory-Enabling Existing Applications.

Hide the Directory Integration.

Make the New Directory Capabilities Visible.

Use a Protocol Gateway to Achieve Integration.

Avoid Problematic Architectural Choices.

Consider How the Directory Service Will Be Affected.

Plan for a Smooth Transition.

Be Creative, and Consider All Your Options.

Example 1: A Directory-Enabled finger Service.

The Integration Approach.

Directory Use.

The End-User Experience.

The Source Code.

Ideas for Improvement.

Example 2: Adding LDAP Address Lookup to an E-Mail Client.

The Integration Approach.

The End-User Experience.

The Source Code.

Ideas for Improvement.

Directory-Enabling Existing Applications Checklist.

Further Reading.

Looking Ahead.

23. Directory Coexistence.

Why Is Coexistence Important?

Coexistence Techniques.

Migration.

One-Way Synchronization.

Two-Way Synchronization.

N-Way Join.

Virtual Directory.

Data Translation.

Privacy and Security Considerations.

The Join Attribute.

Data Transport.

Data Source Security.

Determining Your Coexistence Requirements.

Directory Coexistence Implementation Considerations.

Implementation Options.

Performance Implications.

Directory Coexistence Tools.

Tuning and Troubleshooting.

Monitoring and Caring for Your Coexistence Solution.

Example: The ldapsync Tool: One-Way Synchronization with Join.

How It Works.

Usage Examples.

The Source Code.

Ideas for Improvement.

Directory Coexistence Checklist.

Further Reading.

Looking Ahead.

VI. Case Studies.

24. Case Study: Netscape Communications Corporation 797

Overview of the Organization.

Directory Drivers.

Directory Service Design.

Needs.

Data.

Schema.

Namespace.

Topology.

Replication.

Privacy and Security.

Directory Service Deployment.

Product Choice.

Piloting.

Putting Your Directory Service into Production.

Directory Service Maintenance.

Data Backups and Disaster Recovery.

Maintaining Data.

Monitoring.

Leveraging the Directory Service.

Directory Deployment Impact.

Summary and Lessons Learned.

Further Reading.

Looking Ahead.

25. Case Study: A Large Multinational Enterprise.

Overview of the Organization.

Directory Drivers.

Directory Service Design.

Needs.

Data.

Schema.

Namespace.

Topology.

Replication.

Privacy and Security.

Directory Service Deployment.

Product Choice.

Piloting.

Analyzing and Reducing Costs.

Putting the Directory Service into Production.

Directory Service Maintenance.

Data Backups and Disaster Recovery.

Maintaining Data.

Monitoring.

Troubleshooting.

Leveraging the Directory Service.

Applications.

Directory Deployment Impact.

Summary and Lessons Learned.

Further Reading.

Looking Ahead.

26. Case Study: An Enterprise with an Extranet.

Overview of the Organization.

Directory Drivers.

Directory Service Design.

Needs.

Data.

Schema.

Namespace.

Topology.

Replication.

Privacy and Security.

Directory Service Deployment.

Product Choice.

Piloting.

Putting Your Directory Service into Production.

Directory Service Maintenance.

Data Backups and Disaster Recovery.

Maintaining Data.

Monitoring.

Troubleshooting.

Leveraging the Directory Service.

Directory Deployment Impact.

Summary and Lessons Learned.

Looking Ahead.

Index. 0672323168T04142003

Preface

In the past decade, LDAP directories have risen from a relatively obscure offshoot of an equally obscure field to become one of the linchpins of modern computing. Increasingly, LDAP directories are becoming the nerve center of an organization's computing infrastructure, providing naming, location, management, security, and other services that have traditionally been provided by network operating systems. Design and deployment of a successful LDAP directory service can be complex and challenging, yet little information is available explaining the ins and outs of this important task.

When two of us (Mark and Tim) finished writing a previous book, LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol in early 1997, we soon realized there was another, much bigger piece of the directory puzzle still to be addressed. The previous book was aimed at directory application programmers, but nothing similar was available to address the needs of directory decision makers, designers, and administrators. This book is aimed at that audience.

Recognizing the size of the task ahead of us and remembering the joys of giving up evenings and weekends for months at a time to meet deadlines for our first book, we quickly decided to expand our team. Just as quickly, we decided there was no one we'd rather share the fun with than our longtime friend and colleague, Gordon Good, at the time a senior directory developer at Netscape. Aside from being the third leg of the LDAP development team at the University of Michigan (U-M), Gordon brought a wealth of system administration experience from his past life as a directory and e-mail administrator and Web master for U-M. With Gordon on board, the three of us set about writing a book that we only half-jokingly referred to as the "LDAP Bible." The first edition of Understanding and Deploying LDAP Directory Services was published in 1999.

Two years later, we realized that it was time to update this book and publish a second edition. LDAPv3 work in the IETF was mostly complete. Numerous extensions to the basic LDAP protocol were being developed. LDAP support in commercial and open-source software was widespread. In this edition, we cover these recent directory services developments. In addition, in response to reader suggestions we have streamlined the text, added more hands-on examples, updated the examples to reflect currently available software versions, and updated the case studies to reflect current directory practice. We thank all the readers of the first edition who provided helpful suggestions, and we hope that you find this second edition even more valuable.

The Book's Organization

This book includes 26 chapters in 6 parts. Part I introduces directories and LDAP. Parts II through IV each address a different part of the directory life cycle. Part V discusses how to leverage your directory service after it's up and running. Finally, Part VI presents three directory services deployment case studies.

Part I, "An Introduction to Directory Services and LDAP," provides a comprehensive introduction to directories and LDAP. For readers unfamiliar with the topic, this section should bring them up to speed and provide the background necessary to understand the rest of the book. It also includes a section on the history of directories for readers interested in how all this technology came about.

Part II, "Designing Your Directory Service," begins to delve into the directory life cycle by covering the first and in many ways most important phase: design. We cover all aspects of directory design, from determining your needs, to designing your data sources, schema, namespace, topology, replication, and finally privacy and security.

Part III, "Deploying Your Directory Service," covers the next phase in the directory life cycle: deployment. We cover everything from choosing the right directory products to piloting your service to putting your service into production. We've also included a section about analyzing the cost of your service and how to help reduce those costs.

Part IV, "Maintaining Your Directory Service," concludes our coverage of the directory life cycle with a look at the maintenance phase. We cover such topics as backup and disaster recovery, maintaining data, monitoring your directory system, and troubleshooting problems when they occur.

Part V, "Leveraging Your Directory Service," talks about how to take advantage of the service you have designed and deployed. We discuss the benefits and pitfalls of directory-enabling existing applications, creating new applications that use the directory, and how your directory can coexist with other data sources.

Part VI, "Case Studies," closes the book by presenting several directory case studies. Some of the case studies presented are real, and some are fictitious, but all are designed to illustrate the concepts of directory design, deployment, and maintenance in action.

The Book's Audience

This book is primarily intended for three kinds of readers: decision makers, architects, and administrators. In addition, anyone who wants to know more about LDAP or directories in general will find the book useful, as will software engineers who develop directory applications.

Directory decision makers will find this book useful in understanding directories and the kinds of business problems they help solve. Decision makers will find Part I useful for explaining the basics of directories. Part VI should also prove useful by providing some realistic examples of how directories are used and the benefits they can bring.

Directory architects will find this book useful in defining the design problem and providing a methodology for producing a comprehensive directory design. The design methodology is focused on a practical approach to design based on real-world requirements. We highly recommend that directory architects and designers read the whole book, with special emphasis on Parts II, III, and IV. A good directory design results in large part from a clear understanding of the other aspects of the directory life cycle and how the directory will be used.

Directory administrators will find Part IV especially useful. It focuses on the maintenance phase of the directory life cycle, where administrators spend much of their lives. We also highly recommend that administrators read the rest of the book to get an idea of the directory big picture, as well as to understand some of the directory design decisions that are bound to make their lives either miserable or enjoyable.

Other interested readers can pick and choose from the sections of the book that interest them. We encourage all readers to at least skim Part I, to ensure that they have the background required to benefit from the rest of the book. We've tried to structure the book so that each chapter stands by itself as much as possible. Readers should be able to read the chapters covering topics that interest them, without wading through chapters of less interest. Finally, we think all readers will find the case studies presented in Part VI interesting. They give different perspectives on directories designed to illustrate the trade-offs that different directory needs imply.

Contacting Us

Finally, if you have comments or suggestions about this book or if you'd like to tell us about an interesting directory deployment or application you've developed, we'd like to hear from you. Feel free to drop us a line at the following addresses:

Tim Howeshowes@opsware.com
Mark Smithmcs@netscape.com
Gordon Goodggood@opsware.com

We'll try our best to get back to you, but keep in mind that we all have day jobs!



0672323168P01092003

Index

Download the Index file related to this title.

Updates

Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020