Understanding LDAP design and implementation / Steven Tuttle ... [et al.].

Format:

Book

Contributor:

Tuttle, Steven.

Ehlenberger, Ami.

Gorthi, Ramakrishna.

Leiserson, Jay.

Macbeth, Richard.

Owen, Nathan.

Ranahandola, Sunil.

Storrs, Michael.

Yang, Chunhui.

International Business Machines Corporation. International Technical Support Organization.

Series:

IBM redbooks.

IBM redbooks

Language:

English

Subjects (All):

LDAP (Computer network protocol).

Computer network protocols.

Physical Description:

xxii, 746 p. : ill.

Edition:

2nd ed.

Place of Publication:

White Plains, NY : IBM, International Technical Support Organization, c2004.

Language Note:

English

System Details:

text file

Summary:

The implementation and exploitation of centralized, corporate-wide directories are among the top priority projects in most organizations. The need for a centralized directory emerges as organizations realize the overhead and cost involved in managing the many distributed micro and macro directories introduced in the past decade with decentralized client/server applications and network operating systems. Directories are key for successful IT operation and e-business application deployments in medium and large environments. IBM understands this requirement and supports it by providing directory implementations based on industry standards at no additional cost on all its major platforms and even important non-IBM platforms. The IBM Directory Server implements the Lightweight Directory Access Protocol (LDAP) standard that has emerged quickly in the past years as a result of the demand for such a standard. This IBM Redbook will help you create a foundation of LDAP skills, as well as install and configure the IBM Directory Server. It is targeted at security architects and specialists who need to know the concepts and the detailed instructions for a successful LDAP implementation.

Contents:

Front cover

Contents

Notices

Trademarks

Preface

The team that wrote this redbook

Become a published author

Comments welcome

Summary of changes

June 2004, Second Edition

Part 1 Directories and LDAP

Chapter 1. Introduction to LDAP

1.1 Directories

1.1.1 Directory versus database

1.1.2 LDAP: Protocol or directory

1.1.3 Directory clients and servers

1.1.4 Distributed directories

1.2 Advantages of using a directory

1.3 LDAP history and standards

1.3.1 OSI and the Internet

1.3.2 X.500 the Directory Server Standard

1.3.3 Lightweight Access to X.500

1.3.4 Beyond LDAPv3

1.4 Directory components

1.5 LDAP standards

1.6 IBM's Directory-enabled offerings

1.7 Directory resources on the Web

Chapter 2. LDAP concepts and architecture

2.1 Overview of LDAP architecture

2.2 The informational model

2.2.1 LDIF

2.2.2 LDAP schema

2.3 The naming model

2.3.1 LDAP distinguished name syntax (DNs)

2.3.2 String form

2.3.3 URL form

2.4 Functional model

2.4.1 Query

2.4.2 Referrals and continuation references

2.4.3 Search filter syntax

2.4.4 Compare

2.4.5 Update operations

2.4.6 Authentication operations

2.4.7 Controls and extended operations

2.5 Security model

2.6 Directory security

2.6.1 No authentication

2.6.2 Basic authentication

2.6.3 SASL

2.6.4 SSL and TLS

Chapter 3. Planning your directory

3.1 Defining the directory content

3.1.1 Defining directory requirements

3.2 Data design

3.2.1 Sources for data

3.2.2 Characteristics of data elements

3.2.3 Related data

3.3 Organizing your directory

3.3.1 Schema design

3.3.2 Namespace design

3.3.3 Naming style

3.4 Securing directory entries

3.4.1 Purpose

3.4.2 Analysis of security requirements

3.4.3 Design overview

3.4.4 Authentication design.

3.4.5 Authorization design

3.4.6 Non-directory security considerations

3.5 Designing your server and network infrastructure

3.5.1 Availability, scalability, and manageability requirements

3.5.2 Topology design

3.5.3 Replication design

3.5.4 Administration

Part 2 IBM Tivoli Directory Server overview and installation

Chapter 4. IBM Tivoli Directory Server overview

4.1 Definition of ITDS

4.2 ITDS 5.2

4.3 Resources on ITDS

4.4 Summary of ITDS-related chapters

Chapter 5. ITDS installation and basic configuration - Windows

5.1 Installable components

5.2 Installation and configuration checklist

5.3 System and software requirements

5.3.1 ITDS Client

5.3.2 ITDS Server (including client)

5.3.3 Web Administration Tool

5.4 Installing the server

5.4.1 Create a user ID for ITDS

5.4.2 Installing ITDS with the Installshield GUI

5.4.3 Configuring the Administrator DN and password

5.4.4 Configuring the database

5.4.5 Adding a suffix

5.4.6 Removing or reconfiguring a database

5.4.7 Enabling and disabling the change log

5.5 Starting ITDS

Chapter 6. ITDS installation and basic configuration - AIX

6.1 Installable components

6.2 Installation and configuration checklist

6.3 System and software requirements

6.3.1 ITDS Client

6.3.2 ITDS Server (including client)

6.3.3 Web Administration Tool

6.4 Installing the server

6.4.1 Create a user ID for ITDS

6.4.2 Installing ITDS with the Installshield GUI

6.4.3 Configuring the Administrator DN and password

6.4.4 Configuring the database

6.4.5 Adding a suffix

6.4.6 Removing or reconfiguring a database

6.4.7 Enabling and disabling the change log

6.5 Starting ITDS

6.6 Uninstalling ITDS

Chapter 7. ITDS installation and basic configuration on Intel Linux

7.1 Installable components.

7.2 Installation and configuration checklist

7.3 System and software requirements

7.3.1 ITDS Client

7.3.2 ITDS Server (including client)

7.3.3 Web Administration Tool

7.4 Installing the server

7.4.1 Create a user ID for ITDS

7.4.2 Installing ITDS with the Installshield GUI

7.4.3 Configuring the Administrator DN and password

7.4.4 Configuring the database

7.4.5 Adding a suffix

7.4.6 Removing or reconfiguring a database

7.4.7 Enabling and disabling the change log

7.5 Starting ITDS

7.6 Quick installation of ITDS 5.2 on Intel (minimal GUI)

7.7 Uninstalling ITDS

7.8 Removing all vestiges of an ITDS 5.2 Install on Intel Linux

Chapter 8. IBM Tivoli Directory Server installation - IBM zSeries

8.1 Installing LDAP on z/OS

8.1.1 Using the ldapcnf utility

8.1.2 Running the MVS jobs

8.1.3 Loading the schema

8.1.4 Enabling Native Authentication

8.2 Migrating data to LDAP on z/OS

8.2.1 Migrating LDAP server contents to z/OS

8.2.2 Moving RACF users to the TDBM space

Part 3 In-depth configuration and tuning

Chapter 9. IBM Tivoli Directory Server Distributed Administration

9.1 Web Administration Tool graphical user interface

9.2 Starting the Web Administration Tool

9.3 Logging on to the console as the console administrator

9.4 Logging on to the console as the server administrator

9.5 Logging on as member of administrative group or as LDAP user

9.6 Logging off the console

9.7 Starting and stopping the server

9.7.1 Using Web Administration

9.7.2 Using the command line or Windows Services icon

9.8 Console layout

9.9 Configuration only mode

9.9.1 Minimum requirements for configuration-only mode

9.9.2 Starting LDAP in configuration-only mode

9.9.3 Verifying the server is in configuration-only mode

9.10 Setting up the console.

9.10.1 Managing the console

9.10.2 Creating an administrative group

9.10.3 Enabling and disabling the administrative group

9.10.4 Adding members to the administrative group

9.10.5 Modifying an administrative group member

9.10.6 Removing a member from the administrative group

9.11 ibmslapd command parameters

9.12 Directory administration daemon

9.12.1 The ibmdiradm command

9.12.2 Starting the directory administration daemon

9.12.3 Stopping the directory administration daemon

9.12.4 Administration daemon error log

9.13 The ibmdirctl command

9.14 Manual installation of IBM WAS - Express

9.14.1 Manually installing the Web Administration Tool

9.14.2 Manually uninstalling the Web Administration Tool

9.14.3 Default ports used by IBM WAS - Express

9.15 Installing in WebSphere Version 5.0 or later

Chapter 10. Client tools

10.1 The ldapchangepwd command

10.1.1 Synopsis

10.1.2 Options

10.1.3 Examples

10.1.4 SSL, TLS notes

10.1.5 Diagnostics

10.2 The ldapdelete command

10.2.1 Synopsis

10.2.2 Description

10.2.3 Options

10.2.4 Examples

10.2.5 SSL, TLS notes

10.2.6 Diagnostics

10.3 The ldapexop command

10.3.1 Synopsis

10.3.2 Description

10.3.3 Options

10.4 The ldapmodify and ldapadd commands

10.4.1 Synopsis

10.4.2 Description

10.4.3 Options

10.4.4 Examples

10.4.5 SSL, TLS notes

10.4.6 Diagnostics

10.5 The ldapmodrdn command

10.5.1 Synopsis

10.5.2 Description

10.5.3 Options

10.5.4 Examples

10.5.5 SSL, TLS notes

10.5.6 Diagnostics

10.6 The ldapsearch command

10.6.1 Synopsis

10.6.2 Description

10.6.3 Options

10.6.4 Examples

10.6.5 SSL, TLS notes

10.6.6 Diagnostics

10.7 Summary

Chapter 11. Schema management

11.1 What is the schema

11.1.1 Available schema files

11.1.2 Schema support.

11.1.3 OID

11.1.4 Inheritance

11.2 Modifying the schema

11.2.1 IBMAttributetypes

11.2.2 Working with objectclasses

11.2.3 Working with attributes

11.2.4 Disallowed schema changes

11.3 Indexing

11.4 Migrating the schema

11.4.1 Exporting the schema

11.4.2 Importing the schema

11.5 Dynamic schema

Chapter 12. Group and role management

12.1 Groups

12.1.1 Static groups

12.1.2 Dynamic groups

12.1.3 Nested groups

12.1.4 Hybrid groups

12.1.5 Determining group membership

12.1.6 Group object classes

12.1.7 Group attribute types

12.2 Roles

12.3 Summary

Chapter 13. Replication

13.1 General replication concepts

13.1.1 Terminology

13.1.2 How replication functions

13.2 Major replication topologies

13.2.1 Simple master-replica topology

13.2.2 Master-forwarder-replica topology (ITDS 5.2 and later)

13.2.3 GateWay Replication Topology (ITDS 5.2 and later)

13.2.4 Peer replication

13.3 Replication agreements

13.4 Configuring replication topologies

13.4.1 Simple master-replica topology

13.4.2 Using the command line

13.4.3 Promoting a replica to peer/master

13.4.4 Command line for a complex replication

13.5 Web administration tasks for managing replication

13.5.1 Managing topology

13.5.2 Modifying replication properties

13.5.3 Creating replication schedules

13.5.4 Managing queues

13.6 Repairing replication differences between replicas

13.6.1 The ldapdiff command tool

Chapter 14. Access control

14.1 Overview

14.2 ACL model

14.2.1 EntryOwner information

14.2.2 Access Control information

14.3 Access control attribute syntax

14.3.1 Subject

14.3.2 Pseudo DNs

14.3.3 Object filter

14.3.4 Rights

14.3.5 Propagation

14.3.6 Access evaluation

14.3.7 Working with ACLs

14.4 Summary.

Chapter 15. Securing the directory.

Notes:

"June 2004."

"SG24-4986-01."

Includes bibliographical references and index.

OCLC:

932363551