| Deployment Guide Red Hat Directory Server |
| Previous |
Contents |
Index |
Next |
Contents
About This Guide
- Purpose of This Guide
- Directory Server Overview
- Conventions Used in This Guide
- Related Information
Introduction to Directory Services
- What Is a Directory Service?
- About Global Directory Services
- About LDAP
- Introduction to Directory Server
- Overview of Directory Server Architecture
- Overview of the Server Front-End
- Server Plug-ins Overview
- Overview of the Basic Directory Tree
- Directory Server Data Storage
- About Directory Entries
- Distributing Directory Data
- Directory Design Overview
- Design Process Outline
- Deploying Your Directory
- Piloting Your Directory
- Putting Your Directory into Production
- Other General Directory Resources
How to Plan Your Directory Data
- Introduction to Directory Data
- What Your Directory Might Include
- What Your Directory Should Not Include
- Defining Your Directory Needs
- Performing a Site Survey
- Identifying the Applications That Use Your Directory
- Identifying Data Sources
- Characterizing Your Directory Data
- Determining Level of Service
- Considering a Data Master
- Data Mastering for Replication
- Data Mastering for Synchronization
- Data Mastering Across Multiple Applications
- Determining Data Ownership
- Determining Data Access
- Documenting Your Site Survey
- Repeating the Site Survey
How to Design the Schema
- Schema Design Process Overview
- Standard Schema
- Schema Format
- Standard Attributes
- Standard Object Classes
- Mapping Your Data to the Default Schema
- Viewing the Default Directory Schema
- Matching Data to Schema Elements
- Customizing the Schema
- When to Extend Your Schema
- Getting and Assigning Object Identifiers
- Naming Attributes and Object Classes
- Strategies for Defining New Object Classes
- Strategies for Defining New Attributes
- Deleting Schema Elements
- Creating Custom Schema Files
- Custom Schema Best Practices
- Maintaining Consistent Schema
- Schema Checking
- Selecting Consistent Data Formats
- Maintaining Consistency in Replicated Schema
- Other Schema Resources
Designing the Directory Tree
- Introduction to the Directory Tree
- Designing Your Directory Tree
- Choosing a Suffix
- Suffix Naming Conventions
- Naming Multiple Suffixes
- Creating Your Directory Tree Structure
- Branching Your Directory
- Identifying Branch Points
- Replication Considerations
- Access Control Considerations
- Naming Entries
- Naming Person Entries
- Naming Group Entries
- Naming Organization Entries
- Naming Other Kinds of Entries
- Grouping Directory Entries
- About Roles
- Deciding Between Roles and Groups
- About Class of Service
- Directory Tree Design Examples
- Directory Tree for an International Enterprise
- Directory Tree for an ISP
- Virtual Directory Information Tree Views
- Overview
- Introduction to Virtual DIT Views
- Advantages of Using Virtual DIT Views
- Example of Virtual DIT Views
- Views and Other Directory Features
- Effects of Virtual Views on Performance
- Compatibility with Existing Applications
- Other Directory Tree Resources
Designing the Directory Topology
- Topology Overview
- Distributing Your Data
- About Using Multiple Databases
- About Suffixes
- About Knowledge References
- Using Referrals
- The Structure of an LDAP Referral
- About Default Referrals
- Smart Referrals
- Tips for Designing Smart Referrals
- Using Chaining
- Deciding Between Referrals and Chaining
- Usage Differences
- Evaluating Access Controls
- Using Indexes to Improve Database Performance
- Overview of Directory Index Types
- Evaluating the Costs of Indexing
Designing the Replication Process
- Introduction to Replication
- Replication Concepts
- Unit of Replication
- Read-Write Replica/Read-Only Replica
- Supplier/Consumer
- Changelog
- Replication Agreement
- Data Consistency
- Common Replication Scenarios
- Single-Master Replication
- Multi-Master Replication
- Cascading Replication
- Mixed Environments
- Defining a Replication Strategy
- Replication Survey
- Replication Resource Requirements
- Fractional Replication
- Replication across a Wide-Area Network
- Using Replication for High Availability
- Using Replication for Local Availability
- Using Replication for Load Balancing
- Example of Network Load Balancing
- Example of Load Balancing for Improved Performance
- Example Replication Strategy for a Small Site
- Example Replication Strategy for a Large Site
- Using Replication with Other Directory Features
- Replication and Access Control
- Replication and Directory Server Plug-ins
- Replication and Database Links
- Schema Replication
- Replication and Synchronization
Designing a Secure Directory
- About Security Threats
- Unauthorized Access
- Unauthorized Tampering
- Denial of Service
- Analyzing Your Security Needs
- Determining Access Rights
- Ensuring Data Privacy and Integrity
- Conducting Regular Audits
- Example Security Needs Analysis
- Overview of Security Methods
- Selecting Appropriate Authentication Methods
- Anonymous Access
- Simple Password
- Certificate-Based Authentication
- Simple Password over TLS
- Proxy Authentication
- Preventing Authentication by Account Inactivation
- Designing a Password Policy
- How Password Policy Works
- Password Policy Attributes
- Password Change after Reset
- User-Defined Passwords
- Password Expiration
- Expiration Warning
- Grace Login Limit
- Password Syntax Checking
- Password Length
- Password Minimum Age
- Password History
- Password Storage Scheme
- Designing an Account Lockout Policy
- Designing a Password Policy in a Replicated Environment
- Designing Access Control
- About the ACI Format
- Targets
- Permissions
- Bind Rules
- Setting Permissions
- The Precedence Rule
- Allowing or Denying Access
- When to Deny Access
- Where to Place Access Control Rules
- Using Filtered Access Control Rules
- Viewing ACIs: Get Effective Rights
- Using ACIs: Some Hints and Tricks
- Database Encryption
- Securing Connections with SSL and Start TLS
- Securing Connections with SASL
- Other Security Resources
Directory Design Examples
- An Enterprise
- Data Design
- Schema Design
- Directory Tree Design
- Topology Design
- Database Topology
- Server Topology
- Replication Design
- Supplier Architecture
- Supplier Consumer Architecture
- Security Design
- Tuning and Optimizations
- Operations Decisions
- A Multinational Enterprise and Its Extranet
- Data Design
- Schema Design
- Directory Tree Design
- Topology Design
- Database Topology
- Server Topology
- Replication Design
- Supplier Architecture
- Security Design
Glossary
Index
| Previous |
Contents |
Index |
Next |