Deployment Guide
Red Hat Directory Server                                                            



About This Guide

Purpose of This Guide
Directory Server Overview
Conventions Used in This Guide
Related Information

Introduction to Directory Services

What Is a Directory Service?
About Global Directory Services
About LDAP
Introduction to Directory Server
Overview of Directory Server Architecture
Overview of the Server Front-End
Server Plug-ins Overview
Overview of the Basic Directory Tree
Directory Server Data Storage
About Directory Entries
Distributing Directory Data
Directory Design Overview
Design Process Outline
Deploying Your Directory
Piloting Your Directory
Putting Your Directory into Production
Other General Directory Resources

How to Plan Your Directory Data

Introduction to Directory Data
What Your Directory Might Include
What Your Directory Should Not Include
Defining Your Directory Needs
Performing a Site Survey
Identifying the Applications That Use Your Directory
Identifying Data Sources
Characterizing Your Directory Data
Determining Level of Service
Considering a Data Master
Data Mastering for Replication
Data Mastering for Synchronization
Data Mastering Across Multiple Applications
Determining Data Ownership
Determining Data Access
Documenting Your Site Survey
Repeating the Site Survey

How to Design the Schema

Schema Design Process Overview
Standard Schema
Schema Format
Standard Attributes
Standard Object Classes
Mapping Your Data to the Default Schema
Viewing the Default Directory Schema
Matching Data to Schema Elements
Customizing the Schema
When to Extend Your Schema
Getting and Assigning Object Identifiers
Naming Attributes and Object Classes
Strategies for Defining New Object Classes
Strategies for Defining New Attributes
Deleting Schema Elements
Creating Custom Schema Files
Custom Schema Best Practices
Maintaining Consistent Schema
Schema Checking
Selecting Consistent Data Formats
Maintaining Consistency in Replicated Schema
Other Schema Resources

Designing the Directory Tree

Introduction to the Directory Tree
Designing Your Directory Tree
Choosing a Suffix
Suffix Naming Conventions
Naming Multiple Suffixes
Creating Your Directory Tree Structure
Branching Your Directory
Identifying Branch Points
Replication Considerations
Access Control Considerations
Naming Entries
Naming Person Entries
Naming Group Entries
Naming Organization Entries
Naming Other Kinds of Entries
Grouping Directory Entries
About Roles
Deciding Between Roles and Groups
About Class of Service
Directory Tree Design Examples
Directory Tree for an International Enterprise
Directory Tree for an ISP
Virtual Directory Information Tree Views
Introduction to Virtual DIT Views
Advantages of Using Virtual DIT Views
Example of Virtual DIT Views
Views and Other Directory Features
Effects of Virtual Views on Performance
Compatibility with Existing Applications
Other Directory Tree Resources

Designing the Directory Topology

Topology Overview
Distributing Your Data
About Using Multiple Databases
About Suffixes
About Knowledge References
Using Referrals
The Structure of an LDAP Referral
About Default Referrals
Smart Referrals
Tips for Designing Smart Referrals
Using Chaining
Deciding Between Referrals and Chaining
Usage Differences
Evaluating Access Controls
Using Indexes to Improve Database Performance
Overview of Directory Index Types
Evaluating the Costs of Indexing

Designing the Replication Process

Introduction to Replication
Replication Concepts
Unit of Replication
Read-Write Replica/Read-Only Replica
Replication Agreement
Data Consistency
Common Replication Scenarios
Single-Master Replication
Multi-Master Replication
Cascading Replication
Mixed Environments
Defining a Replication Strategy
Replication Survey
Replication Resource Requirements
Fractional Replication
Replication across a Wide-Area Network
Using Replication for High Availability
Using Replication for Local Availability
Using Replication for Load Balancing
Example of Network Load Balancing
Example of Load Balancing for Improved Performance
Example Replication Strategy for a Small Site
Example Replication Strategy for a Large Site
Using Replication with Other Directory Features
Replication and Access Control
Replication and Directory Server Plug-ins
Replication and Database Links
Schema Replication
Replication and Synchronization

Designing a Secure Directory

About Security Threats
Unauthorized Access
Unauthorized Tampering
Denial of Service
Analyzing Your Security Needs
Determining Access Rights
Ensuring Data Privacy and Integrity
Conducting Regular Audits
Example Security Needs Analysis
Overview of Security Methods
Selecting Appropriate Authentication Methods
Anonymous Access
Simple Password
Certificate-Based Authentication
Simple Password over TLS
Proxy Authentication
Preventing Authentication by Account Inactivation
Designing a Password Policy
How Password Policy Works
Password Policy Attributes
Password Change after Reset
User-Defined Passwords
Password Expiration
Expiration Warning
Grace Login Limit
Password Syntax Checking
Password Length
Password Minimum Age
Password History
Password Storage Scheme
Designing an Account Lockout Policy
Designing a Password Policy in a Replicated Environment
Designing Access Control
About the ACI Format
Bind Rules
Setting Permissions
The Precedence Rule
Allowing or Denying Access
When to Deny Access
Where to Place Access Control Rules
Using Filtered Access Control Rules
Viewing ACIs: Get Effective Rights
Using ACIs: Some Hints and Tricks
Database Encryption
Securing Connections with SSL and Start TLS
Securing Connections with SASL
Other Security Resources

Directory Design Examples

An Enterprise
Data Design
Schema Design
Directory Tree Design
Topology Design
Database Topology
Server Topology
Replication Design
Supplier Architecture
Supplier Consumer Architecture
Security Design
Tuning and Optimizations
Operations Decisions
A Multinational Enterprise and Its Extranet
Data Design
Schema Design
Directory Tree Design
Topology Design
Database Topology
Server Topology
Replication Design
Supplier Architecture
Security Design




© 2001 Sun Microsystems, Inc. Used by permission. © 2005 Red Hat, Inc. All rights reserved.
Read the Full Copyright and Third-Party Acknowledgments.

last updated May 20, 2005