Implementation and practical use of LDAP on the IBM Eserver ISeries server / IBM, International Technical Support Organization.

Format:

Book

Author/Creator:

International Business Machines Corporation, International Technical Support Organization Staff, Corporate Author.

Contributor:

International Business Machines Corporation. International Technical Support Organization.

Series:

IBM redbooks.

IBM redbooks

Language:

English

Subjects (All):

LDAP (Computer network protocol).

Physical Description:

xvi, 574 p. : ill.

Edition:

1st ed.

Place of Publication:

Rochester, Minn. : IBM Corp., International Technical Support Organization, 2002.

Language Note:

English

Contents:

Front cover

Contents

Notices

Trademarks

Preface

The team that wrote this redbook

Comments welcome

Part 1 Introduction

Chapter 1. Directory concepts

1.1 Directories

1.2 Advantages of using a directory

1.3 Directory components

Chapter 2. Planning your directory

2.1 Defining the directory content

2.1.1 Defining directory requirements

2.2 Data design

2.2.1 Sources for data

2.2.2 Characteristics of data elements

2.2.3 Related data

2.3 Organizing your directory

2.3.1 Schema design

2.3.2 Namespace design

2.3.3 Naming style

2.4 Securing directory entries

2.5 Designing your server and network infrastructure

2.5.1 Availability, scalability, and manageability requirements

2.5.2 Topology design

2.5.3 Replication design

2.6 Implementation planning

Chapter 3. The redbook example scenario

3.1 Scenario overview - Stage 1

3.1.1 Stage 2 - The evolution

3.1.2 Stage 3 - Growing the business

3.1.3 Stage 4 - Merging businesses

3.1.4 Stage 5 - The enterprise directory

3.1.5 The scenario Directory Information Tree

Part 2 Configuration and administration

Chapter 4. OS/400 LDAP Directory Services

4.1 Implementation and component overview

4.1.1 OS/400 Directory Services jobs

4.1.2 Saving and restoring Directory Services information

4.2 Installation prerequisites

4.2.1 Hardware requirements

4.2.2 Software requirements

4.3 Configuring OS/400 Directory Services

4.3.1 First-time configuration

4.3.2 Reconfiguring Directory Services

4.4 Publishing system information

4.4.1 Publishing OS/400 system information

4.5 Publishing the System Distribution Directory

4.5.1 System Distribution Directory to LDAP mapping

4.5.2 Scenario objectives

4.5.3 Setting up SDD publishing

4.5.4 Excluding entries from being published.

4.6 Publishing printer information

4.7 Setting up directory replication

4.7.1 Stage 2 set-up scenario

4.8 Setting up directory referrals

4.8.1 Specifying a default server for directory referrals

4.8.2 Creating explicit directory referral entries

4.9 Securing LDAP traffic

4.9.1 When to secure what service

4.9.2 Installation prerequisites

4.9.3 Scenario characteristics

4.9.4 Enabling SSL for the LDAP server

4.9.5 Enabling SSL for the Directory Services publishing client

4.9.6 Enabling SSL for the Directory Services client

4.10 Directory auditing support

4.10.1 Setting up auditing for Directory Services

4.10.2 Audit entry type

Chapter 5. Managing an LDAP directory on iSeries

5.1 Different ways to manage your directory

5.2 Using the DMT to manage the directory

5.2.1 Directory Management Tool installation

5.2.2 Connecting to the LDAP server

5.2.3 Setting up the DMT for using SSL

5.2.4 Adding organization entries using the DMT

5.2.5 Using the DMT to browse the directory schema

5.2.6 Using the DMT to view the directory change log

5.3 Using LDAP utilities to manage the directory

5.3.1 The ldapadd and ldapmodify utilities

5.3.2 The ldapsearch utility

5.3.3 The ldapdelete utility

5.3.4 The ldapmodrdn utility

5.3.5 Using LDAP utilities to view the directory change log

5.4 Exporting and importing information via Operations Navigator

5.4.1 Exporting directory data

5.4.2 Importing directory data

5.5 Writing your own application to manage your directory

5.6 Accessing directory information

5.6.1 Searching the directory with the ldapsearch utility

5.6.2 Searching the directory from a browser

5.6.3 Searching the directory with applications

5.6.4 Searching the directory with your own applications

5.7 Controlling access to directory entries.

5.7.1 How does access control work?

5.7.2 Implementation tasks summary

5.7.3 Creating an access control list (ACL) group

5.7.4 Adding the ACL group to the entry's ACL

5.7.5 Enabling the directory for attribute-level permissions

5.7.6 Editing object and attribute authorities

5.7.7 Changing the protection level for the userPassword attribute

Chapter 6. IBM HTTP Server for iSeries LDAP support

6.1 Introduction

6.2 Scenario characteristics

6.2.1 Prerequisites

6.3 User authentication

6.3.1 Setting up LDAP authentication for the Original server

6.3.2 Setting up LDAP authentication for the powered by Apache server

6.4 Configuration support

6.4.1 Setting up the LDAP configuration support for the Original server

6.4.2 LDAP configuration support for powered by Apache server

Chapter 7. Setting up LDAP on Domino server for iSeries

7.1 Domino Directory implementation and components

7.1.1 The role of Directory Services in Domino

7.1.2 The Domino Directory

7.1.3 Directory Catalog

7.1.4 Directory Assistance

7.1.5 Different ways to do directory searches

7.1.6 Authentication for LDAP clients

7.2 LDAP on Domino in the redbook scenario

7.2.1 Scenario characteristics

7.2.2 Scenario objectives

7.2.3 Installation prerequisites

7.3 Configuring LDAP for Domino

7.3.1 Setting up the Domino server for LDAP

7.3.2 Changes to the LDAP setup on Domino

7.3.3 Configuration changes to the Domino LDAP services

7.4 Using LDIF to exchange directory information

7.4.1 Scenario objectives

7.4.2 Exporting LDIF data from the Domino Directory

7.4.3 Importing LDIF data into an iSeries LDAP

7.4.4 Exporting LDIF data from iSeries LDAP

7.4.5 Importing LDIF data into the Domino Directory

7.5 Connecting directories: The alternative

7.5.1 Scenario objectives.

7.5.2 Creating the Directory Assistance database

7.5.3 Setting up directory referrals

7.5.4 Deploying Directory Assistance and referrals in your domain

Part 3 Practical scenarios

Chapter 8. Single Sign-On with Domino and WebSphere 4.0

8.1 Scenario characteristics

8.2 Scenario objectives

8.3 Prerequisites

8.3.1 Workstation requirements

8.3.2 iSeries requirements

8.4 Task summary

8.5 Single Sign-On security concepts

8.6 Enabling WebSphere Application Server authentication

8.6.1 WebSphere Application Server authentication concepts

8.6.2 Configuring WebSphere Application Server security

8.6.3 Protecting WebSphere resources

8.6.4 Verifying WebSphere Application Server authentication

8.7 Configure Domino HTTP server

8.8 Enabling Domino authentication

8.8.1 Domino authentication concepts

8.8.2 Configure Domino to use iSeries LDAP

8.8.3 Activating Domino Database security

8.8.4 Verifying Domino authentication

8.9 Configuring Single Sign-On

8.9.1 SSO prerequisites

8.9.2 Setting up SSO for WebSphere Application Server

8.9.3 Setting up SSO for Domino

8.9.4 Verifying Single Sign-On

8.10 Enabling SSL with SSO

8.10.1 Enabling WebSphere SSL with SSO

8.10.2 Enabling Domino SSL with SSO

8.10.3 Testing SSO between Domino and WebSphere using SSL

Chapter 9. LDAP directory: The enterprise directory for mail clients

9.1 Scenario characteristics

9.2 Scenario objectives

9.3 Scenario network and system environment

9.4 Scenario prerequisites

9.5 Task summary

9.6 Configure Notes mail clients to use LDAP

9.6.1 Configure LDAP address Look-up on the server for all users

9.6.2 Configure LDAP address look-up on a Notes client

9.6.3 Searching for e-mail addresses in an LDAP directory

9.7 Configure Netscape Messenger to use LDAP.

9.8 Configure Outlook mail clients to use LDAP

Part 4 Developing directory- enabled applications

Chapter 10. Introduction

10.1 Application programming interfaces

10.2 Java applications

10.3 IBM SecureWay Directory Client SDK

Chapter 11. Using APIs to directory-enable your applications

11.1 Overview

11.2 Programming techniques for using APIs and C functions in ILE RPG

11.2.1 Prototypes

11.3 Where to find API and C function documentation

11.4 API flow when searching a directory

11.5 API flow when updating a directory entry

Chapter 12. Using the JNDI to search and update the directory

12.1 The JNDI

12.2 Scenario characteristics and objectives

12.3 Sample application environment

12.4 Application overview

12.4.1 JNDIServlet servlet

12.4.2 ChangeDirEntry servlet

12.4.3 AuthenticatedUser class

12.4.4 LdapAttributes class

12.4.5 Base64 class

12.4.6 Obtaining the sample application code

12.5 Searching the directory

12.5.1 Creating the directory context

12.5.2 Performing the search

12.5.3 Processing the search results

12.6 Changing a directory entry

12.6.1 Creating the directory context

12.6.2 Getting the attributes

12.6.3 Performing the modification

Part 5 Appendixes

Appendix A. Problem determination

OS/400 Directory Services hints and tips

Traces

Symptoms

Directory Management Tool (DMT) hints and tips

Domino problem determination hints and tips

Debugging Domino LDAP

Processing referrals

Adding users to an access control list (ACL)

Domino WebSphere SSO hints and tips

IBM HTTP Server for iSeries LDAP hints and tips

Configuration support

Appendix B. Extending your directory schema

Considerations when extending the schema

Finding the schema definition files on the iSeries server.

The redbook scenario - extending the schema.

Notes:

The "e" in "eserver" is printed as the symbol for electronic.

"SG24-6193-00."

Includes bibliographical references (p. 561-563) and index.

OCLC:

560312082