Understanding LDAP design and implementation
The implementation and exploitation of centralized, corporate-wide directories are among the top priority projects in most organizations. The need for a centralized directory emerges as organizations realize the overhead and cost involved in managing the many distributed micro and macro directories...
| Autor Corporativo: | |
|---|---|
| Otros Autores: | , , , , , , , , |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
White Plains, NY :
IBM, International Technical Support Organization
c2004.
|
| Edición: | 2nd ed |
| Colección: | IBM redbooks.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627169206719 |
Tabla de Contenidos:
- Front cover
- Contents
- Notices
- Trademarks
- Preface
- The team that wrote this redbook
- Become a published author
- Comments welcome
- Summary of changes
- June 2004, Second Edition
- Part 1 Directories and LDAP
- Chapter 1. Introduction to LDAP
- 1.1 Directories
- 1.1.1 Directory versus database
- 1.1.2 LDAP: Protocol or directory
- 1.1.3 Directory clients and servers
- 1.1.4 Distributed directories
- 1.2 Advantages of using a directory
- 1.3 LDAP history and standards
- 1.3.1 OSI and the Internet
- 1.3.2 X.500 the Directory Server Standard
- 1.3.3 Lightweight Access to X.500
- 1.3.4 Beyond LDAPv3
- 1.4 Directory components
- 1.5 LDAP standards
- 1.6 IBM's Directory-enabled offerings
- 1.7 Directory resources on the Web
- Chapter 2. LDAP concepts and architecture
- 2.1 Overview of LDAP architecture
- 2.2 The informational model
- 2.2.1 LDIF
- 2.2.2 LDAP schema
- 2.3 The naming model
- 2.3.1 LDAP distinguished name syntax (DNs)
- 2.3.2 String form
- 2.3.3 URL form
- 2.4 Functional model
- 2.4.1 Query
- 2.4.2 Referrals and continuation references
- 2.4.3 Search filter syntax
- 2.4.4 Compare
- 2.4.5 Update operations
- 2.4.6 Authentication operations
- 2.4.7 Controls and extended operations
- 2.5 Security model
- 2.6 Directory security
- 2.6.1 No authentication
- 2.6.2 Basic authentication
- 2.6.3 SASL
- 2.6.4 SSL and TLS
- Chapter 3. Planning your directory
- 3.1 Defining the directory content
- 3.1.1 Defining directory requirements
- 3.2 Data design
- 3.2.1 Sources for data
- 3.2.2 Characteristics of data elements
- 3.2.3 Related data
- 3.3 Organizing your directory
- 3.3.1 Schema design
- 3.3.2 Namespace design
- 3.3.3 Naming style
- 3.4 Securing directory entries
- 3.4.1 Purpose
- 3.4.2 Analysis of security requirements
- 3.4.3 Design overview
- 3.4.4 Authentication design.
- 3.4.5 Authorization design
- 3.4.6 Non-directory security considerations
- 3.5 Designing your server and network infrastructure
- 3.5.1 Availability, scalability, and manageability requirements
- 3.5.2 Topology design
- 3.5.3 Replication design
- 3.5.4 Administration
- Part 2 IBM Tivoli Directory Server overview and installation
- Chapter 4. IBM Tivoli Directory Server overview
- 4.1 Definition of ITDS
- 4.2 ITDS 5.2
- 4.3 Resources on ITDS
- 4.4 Summary of ITDS-related chapters
- Chapter 5. ITDS installation and basic configuration - Windows
- 5.1 Installable components
- 5.2 Installation and configuration checklist
- 5.3 System and software requirements
- 5.3.1 ITDS Client
- 5.3.2 ITDS Server (including client)
- 5.3.3 Web Administration Tool
- 5.4 Installing the server
- 5.4.1 Create a user ID for ITDS
- 5.4.2 Installing ITDS with the Installshield GUI
- 5.4.3 Configuring the Administrator DN and password
- 5.4.4 Configuring the database
- 5.4.5 Adding a suffix
- 5.4.6 Removing or reconfiguring a database
- 5.4.7 Enabling and disabling the change log
- 5.5 Starting ITDS
- Chapter 6. ITDS installation and basic configuration - AIX
- 6.1 Installable components
- 6.2 Installation and configuration checklist
- 6.3 System and software requirements
- 6.3.1 ITDS Client
- 6.3.2 ITDS Server (including client)
- 6.3.3 Web Administration Tool
- 6.4 Installing the server
- 6.4.1 Create a user ID for ITDS
- 6.4.2 Installing ITDS with the Installshield GUI
- 6.4.3 Configuring the Administrator DN and password
- 6.4.4 Configuring the database
- 6.4.5 Adding a suffix
- 6.4.6 Removing or reconfiguring a database
- 6.4.7 Enabling and disabling the change log
- 6.5 Starting ITDS
- 6.6 Uninstalling ITDS
- Chapter 7. ITDS installation and basic configuration on Intel Linux
- 7.1 Installable components.
- 7.2 Installation and configuration checklist
- 7.3 System and software requirements
- 7.3.1 ITDS Client
- 7.3.2 ITDS Server (including client)
- 7.3.3 Web Administration Tool
- 7.4 Installing the server
- 7.4.1 Create a user ID for ITDS
- 7.4.2 Installing ITDS with the Installshield GUI
- 7.4.3 Configuring the Administrator DN and password
- 7.4.4 Configuring the database
- 7.4.5 Adding a suffix
- 7.4.6 Removing or reconfiguring a database
- 7.4.7 Enabling and disabling the change log
- 7.5 Starting ITDS
- 7.6 Quick installation of ITDS 5.2 on Intel (minimal GUI)
- 7.7 Uninstalling ITDS
- 7.8 Removing all vestiges of an ITDS 5.2 Install on Intel Linux
- Chapter 8. IBM Tivoli Directory Server installation - IBM zSeries
- 8.1 Installing LDAP on z/OS
- 8.1.1 Using the ldapcnf utility
- 8.1.2 Running the MVS jobs
- 8.1.3 Loading the schema
- 8.1.4 Enabling Native Authentication
- 8.2 Migrating data to LDAP on z/OS
- 8.2.1 Migrating LDAP server contents to z/OS
- 8.2.2 Moving RACF users to the TDBM space
- Part 3 In-depth configuration and tuning
- Chapter 9. IBM Tivoli Directory Server Distributed Administration
- 9.1 Web Administration Tool graphical user interface
- 9.2 Starting the Web Administration Tool
- 9.3 Logging on to the console as the console administrator
- 9.4 Logging on to the console as the server administrator
- 9.5 Logging on as member of administrative group or as LDAP user
- 9.6 Logging off the console
- 9.7 Starting and stopping the server
- 9.7.1 Using Web Administration
- 9.7.2 Using the command line or Windows Services icon
- 9.8 Console layout
- 9.9 Configuration only mode
- 9.9.1 Minimum requirements for configuration-only mode
- 9.9.2 Starting LDAP in configuration-only mode
- 9.9.3 Verifying the server is in configuration-only mode
- 9.10 Setting up the console.
- 9.10.1 Managing the console
- 9.10.2 Creating an administrative group
- 9.10.3 Enabling and disabling the administrative group
- 9.10.4 Adding members to the administrative group
- 9.10.5 Modifying an administrative group member
- 9.10.6 Removing a member from the administrative group
- 9.11 ibmslapd command parameters
- 9.12 Directory administration daemon
- 9.12.1 The ibmdiradm command
- 9.12.2 Starting the directory administration daemon
- 9.12.3 Stopping the directory administration daemon
- 9.12.4 Administration daemon error log
- 9.13 The ibmdirctl command
- 9.14 Manual installation of IBM WAS - Express
- 9.14.1 Manually installing the Web Administration Tool
- 9.14.2 Manually uninstalling the Web Administration Tool
- 9.14.3 Default ports used by IBM WAS - Express
- 9.15 Installing in WebSphere Version 5.0 or later
- Chapter 10. Client tools
- 10.1 The ldapchangepwd command
- 10.1.1 Synopsis
- 10.1.2 Options
- 10.1.3 Examples
- 10.1.4 SSL, TLS notes
- 10.1.5 Diagnostics
- 10.2 The ldapdelete command
- 10.2.1 Synopsis
- 10.2.2 Description
- 10.2.3 Options
- 10.2.4 Examples
- 10.2.5 SSL, TLS notes
- 10.2.6 Diagnostics
- 10.3 The ldapexop command
- 10.3.1 Synopsis
- 10.3.2 Description
- 10.3.3 Options
- 10.4 The ldapmodify and ldapadd commands
- 10.4.1 Synopsis
- 10.4.2 Description
- 10.4.3 Options
- 10.4.4 Examples
- 10.4.5 SSL, TLS notes
- 10.4.6 Diagnostics
- 10.5 The ldapmodrdn command
- 10.5.1 Synopsis
- 10.5.2 Description
- 10.5.3 Options
- 10.5.4 Examples
- 10.5.5 SSL, TLS notes
- 10.5.6 Diagnostics
- 10.6 The ldapsearch command
- 10.6.1 Synopsis
- 10.6.2 Description
- 10.6.3 Options
- 10.6.4 Examples
- 10.6.5 SSL, TLS notes
- 10.6.6 Diagnostics
- 10.7 Summary
- Chapter 11. Schema management
- 11.1 What is the schema
- 11.1.1 Available schema files
- 11.1.2 Schema support.
- 11.1.3 OID
- 11.1.4 Inheritance
- 11.2 Modifying the schema
- 11.2.1 IBMAttributetypes
- 11.2.2 Working with objectclasses
- 11.2.3 Working with attributes
- 11.2.4 Disallowed schema changes
- 11.3 Indexing
- 11.4 Migrating the schema
- 11.4.1 Exporting the schema
- 11.4.2 Importing the schema
- 11.5 Dynamic schema
- Chapter 12. Group and role management
- 12.1 Groups
- 12.1.1 Static groups
- 12.1.2 Dynamic groups
- 12.1.3 Nested groups
- 12.1.4 Hybrid groups
- 12.1.5 Determining group membership
- 12.1.6 Group object classes
- 12.1.7 Group attribute types
- 12.2 Roles
- 12.3 Summary
- Chapter 13. Replication
- 13.1 General replication concepts
- 13.1.1 Terminology
- 13.1.2 How replication functions
- 13.2 Major replication topologies
- 13.2.1 Simple master-replica topology
- 13.2.2 Master-forwarder-replica topology (ITDS 5.2 and later)
- 13.2.3 GateWay Replication Topology (ITDS 5.2 and later)
- 13.2.4 Peer replication
- 13.3 Replication agreements
- 13.4 Configuring replication topologies
- 13.4.1 Simple master-replica topology
- 13.4.2 Using the command line
- 13.4.3 Promoting a replica to peer/master
- 13.4.4 Command line for a complex replication
- 13.5 Web administration tasks for managing replication
- 13.5.1 Managing topology
- 13.5.2 Modifying replication properties
- 13.5.3 Creating replication schedules
- 13.5.4 Managing queues
- 13.6 Repairing replication differences between replicas
- 13.6.1 The ldapdiff command tool
- Chapter 14. Access control
- 14.1 Overview
- 14.2 ACL model
- 14.2.1 EntryOwner information
- 14.2.2 Access Control information
- 14.3 Access control attribute syntax
- 14.3.1 Subject
- 14.3.2 Pseudo DNs
- 14.3.3 Object filter
- 14.3.4 Rights
- 14.3.5 Propagation
- 14.3.6 Access evaluation
- 14.3.7 Working with ACLs
- 14.4 Summary.
- Chapter 15. Securing the directory.
