Tom Bialaski, Michael Haines0130306789, 9780130306784
Table of contents :
Contents……Page 5
Definition of a Naming Service……Page 29
Definition of a Directory Service……Page 30
Proliferation of Directory Services……Page 31
Network Information Service……Page 32
NIS+……Page 33
Solaris Naming Service Switch……Page 34
Brief History of LDAP……Page 35
Solaris LDAP Implementation……Page 36
Factors to Consider When Deploying LDAP……Page 37
Evolution of Solaris Naming Services……Page 39
NIS and Files Coexistence……Page 40
Solaris Naming Service Switch……Page 41
nsswitch.conf File……Page 42
NIS Client Server Architecture……Page 44
NIS Maps……Page 45
Creating NIS Maps……Page 46
NIS High Availability Architecture Features……Page 47
NIS+ Architecture Overview……Page 48
NIS+ Client Server Architecture……Page 49
How NIS+ Clients Bind to the NIS+ Server……Page 50
NIS+ Tables……Page 51
NIS+ Interaction with DNS……Page 52
Solaris DNS Architecture Overview……Page 53
DNS Server Architecture……Page 54
LDAP Information Model……Page 55
Directory Objects and Attributes……Page 57
Directory Schema……Page 58
LDAP Functional Model……Page 59
LDAP Security Model……Page 60
LDAP Replication……Page 61
Comparison with Legacy Naming Services……Page 63
Authentication versus Authorization……Page 65
Traditional Solaris Authentication……Page 66
How UNIX Passwords Work……Page 67
NIS+ Credentials……Page 68
LDAP Authentication (Simple Authentication)……Page 69
CRAM-MD5……Page 70
Kerberos as an Authentication Service……Page 73
Kerberos Ticket……Page 74
Authentication Request and Response……Page 75
Additional Tickets……Page 76
Client-Side Certificates……Page 77
iPlanet Directory Server SASL……Page 78
PAM Module Types……Page 80
How PAM Works……Page 81
PAM Configuration File……Page 82
Configuration File Syntax……Page 83
Control Flags……Page 84
Generic pam.conf File……Page 85
How to Add a PAM Module……Page 87
How to Initiate PAM Error Reporting……Page 88
PAM LDAP Module……Page 89
How PAM and LDAP Work……Page 91
pam_ldap Authentication……Page 92
Product Architecture……Page 95
Configuration Data……Page 96
Netscape Console……Page 97
Planning the Installation……Page 98
Disk Storage Partitioning/Layout……Page 99
Installation Procedure……Page 100
Performing a Typical Installation……Page 102
Installation Defaults……Page 106
Starting the Netscape Console……Page 108
Verifying the Installation……Page 109
Installation File Navigation……Page 110
Changing the DB Files Location……Page 111
Changing the Transaction Log Location……Page 112
Changing the DB Backing Files Location……Page 113
Changing the Directory Manager Password……Page 115
Changing the admin Password……Page 116
Initializing the Database……Page 117
Appending to the Database……Page 119
Installation Troubleshooting Tips……Page 120
Planning Directory Replication……Page 121
Setting up Replication……Page 122
Setting up a Secure System Using SSL and Certificates……Page 126
Running the Certificate Setup Wizard……Page 127
Generating a Certificate Request……Page 128
Installing the Server Certificate……Page 129
Enabling SSL on the Server……Page 130
Changing the Trust Database Password or PIN……Page 131
iPlanet Directory Server Startup Files……Page 132
Script Generation Program……Page 133
Installing the NIS Extensions……Page 136
Definition of Native LDAP……Page 139
Native Solaris LDAP Implementation……Page 140
Solaris LDAP Client Profiles……Page 141
NIS Domain……Page 142
pam_unix……Page 143
Proxy Agent……Page 144
Directory Information Tree……Page 145
Naming Context……Page 146
Tools and Techniques……Page 147
Adding an Object to the DIT……Page 148
Setting Permissions by Creating ACI Entries……Page 149
Importing LDIF Files from the Directory Console……Page 150
DIT and Support Entry Creation……Page 151
Step 1. Modifying slapd.user_at.conf……Page 152
Step 2. Modifying slapd.oc.conf……Page 153
Step 3. Modifying slapd.user_oc.conf……Page 154
Step 4. Changing Password Store to Crypt Format……Page 156
Step 5. Adding New Containers……Page 157
Step 7. Setting VLV Control ACI……Page 161
Step 8. Adding the Proxy Agent Entry……Page 162
Step 10. Generating the Client Profile……Page 163
Step 12. Creating Virtual List View Indexes……Page 165
Step 14. Populating the LDAP data……Page 167
How LDAP Clients Initialize……Page 168
Sample /var/ldap/ldap_client_file……Page 169
ldap_cachemgr Daemon……Page 170
ldaplist Command……Page 171
Troubleshooting Tips……Page 172
Login Does Not Work……Page 173
ldapclient Cannot Bind to Server……Page 174
Overview……Page 179
NIS Extensions Architecture……Page 180
Storing NIS Information in LDAP……Page 182
Directory Information Tree (DIT) Structure……Page 184
Generic Mappings……Page 185
Initialization Overview……Page 186
Directory Schema Update……Page 187
Makefile Examination and Modification……Page 188
Initialization Checklist……Page 189
Postinstallation Verification……Page 190
Updating NIS Maps……Page 191
Propagating NIS Maps……Page 192
Server Sizing……Page 193
Directory Size……Page 194
Security Requirements……Page 195
Calculating Directory Database Size……Page 196
Directory Sizing Example……Page 197
Log Files……Page 199
Summary of Disk Storage Requirements……Page 200
Log Files Storage……Page 201
Database Entry Cache……Page 202
Summary of Memory Usage……Page 203
LDAP Test Suite……Page 204
Configuration……Page 206
Read Test with Nonpersistent Connection……Page 207
Modify Tests……Page 208
Qualitative Observations Based on Test Results……Page 209
Importance of Indexing……Page 210
Viewing Indexes……Page 211
Additional Indexes……Page 212
Determining Which Indexes Are Important……Page 214
Index Administration……Page 215
Directory Caches……Page 216
Evaluating Sizing Factors……Page 217
Setting Entry Cache Size……Page 218
Sizing the Database and Entry Caches……Page 219
Tuning Cache Sizes……Page 220
Setting the All IDs Threshold……Page 222
Setting Search Limit Parameters……Page 223
Changing Search Limit Parameters……Page 224
Considering Data Design Issues……Page 225
Design of the Security Rules……Page 226
Removing Unnecessary Plug-ins……Page 227
Tuning Write Performance……Page 228
Optimize Indexes……Page 229
Minimize Write Traffic……Page 230
Tuning Import Performance……Page 231
Troubleshooting Checklist……Page 232
iPlanet Directory Services 4.12 HA Architecture Models……Page 235
Replication Models……Page 236
Referral Models……Page 240
Overview of Sun Cluster 2.2 Software……Page 242
Logical IP Addresses……Page 243
Building a Sun Cluster with HA LDAP Data Services……Page 244
LDAP Fault Monitor……Page 245
iPlanet Directory Server 4.12 Installation……Page 246
Configuring the Sun Cluster HA for iPlanet Data Services……Page 247
Asymmetric (Hot Standby Model) HA……Page 248
Redirecting LDAP Client Requests……Page 250
Access Log……Page 251
To View the Access Log from the Directory Server Console……Page 253
Access Log Configuration Options……Page 254
Setting Log Creation Policies……Page 255
Viewing the Error Log……Page 256
Audit Log……Page 257
Managing Database Transaction Logging……Page 258
Changing the Location of the Database Transaction Log……Page 259
Enabling Durable Transactions……Page 260
Backing Up and Restoring the Directory Database……Page 261
Backing Up the Database from the Command Line……Page 262
Restoring Your Database from the Command Line……Page 263
Placing a Database in Read-Only Mode……Page 264
Exporting and Importing the Database with LDIF……Page 265
Exporting Databases to LDIF from the Command Line……Page 266
Importing Databases from LDIF……Page 267
Establishing Access Control Policies……Page 269
Access Control Instructions……Page 270
Bind Rules……Page 271
Creating Access Control Instructions……Page 272
Adding a New ACI through the Directory Server Console……Page 273
Managing the Directory Schema……Page 274
The Schema Files……Page 275
Modifying the Schema……Page 277
Creating Attributes from the Directory Server Console……Page 278
Creating Object Classes from the Directory Server Console……Page 279
Monitoring Resources……Page 280
Monitoring the Server from the Command Line……Page 283
Monitoring Database Activity……Page 285
Monitoring the Database from the Directory Server Console……Page 287
Monitoring the Database from the Command Line……Page 288
Managing with SNMP……Page 290
Using LDAP MIB……Page 292
Operations Table……Page 293
Interaction Table……Page 295
iPlanet Directory Server KM Overview……Page 296
Basic PATROL Architecture……Page 297
Basic PATROL Agent……Page 298
Basic PATROL Console……Page 299
iPlanet Directory PATROL Components……Page 300
Checking Memory Usage with pmap……Page 302
Benefits of Consolidation……Page 305
Consolidation of LDAP-Enabled Applications……Page 306
Mapping Attributes……Page 307
LDAP Synchronization……Page 308
NT Synchronization Service……Page 309
How Meta-Directory Works……Page 310
Database Connector……Page 311
Deploying iPlanet Meta-Directory……Page 312
SiteMinder……Page 313
How SiteMinder Works……Page 314
Limitation of SiteMinder……Page 315
iDAR Overview……Page 316
High Availability……Page 317
Firewall-like Security……Page 318
Client-Server Compatibility……Page 319
Windows NT Interoperability……Page 321
How the NT User Account Information Is Made Available to Solaris Server……Page 322
How the Synchronization Service Works……Page 323
NT Synchronization Service Installation……Page 324
Active Directory Services Architecture……Page 326
DNS Integration……Page 328
Active Directory Naming……Page 329
Security Model……Page 330
Access Model……Page 331
Replication Model……Page 332
How Active Directory Clients Interact with Servers……Page 333
Solaris Directory Services and Active Directory Services Interactions……Page 334
Specifying LDAP Referrals……Page 335
Using Windows Services in UNIX 2.0……Page 336
Configuration Overview……Page 337
Netscape Communicator Setup……Page 338
Directory Searches……Page 339
Other Features……Page 340
Locating RFCs and Internet Drafts……Page 341
Life Cycle of a RFC……Page 342
LDAP RFCs……Page 343
C API……Page 347
Replication……Page 348
Controls and Extended Operations……Page 349
The North American Directory Forum (NADF) Documents (April 1993)……Page 351
Other ISO Documents……Page 352
General LDAP Books……Page 355
Introduction to Deploying LDAP……Page 356
Online Resources……Page 357
Online Resources……Page 358
LDAP Server Software Vendors……Page 359
LDAP Client SDKs……Page 360
LDAP v3 Result Codes……Page 361
RFC 2307 Network Information Service Schema……Page 369
RFC 2307 Draft Objectclasses……Page 373
Mail Alias Schema……Page 375
Solaris-Specific Schemas……Page 376
Role-Based Access Control Schema……Page 377
Solaris Client Naming Profile Schema……Page 379
Reviews
There are no reviews yet.