Read an Excerpt
LDAP in the Solaris™ Operating Environment - Deploying Secure Directory Services isone book in a growing collection of books that are part of the Sun BluePrints™program.This book describes best practices for planning and deploying naming servicesbased on the Lightweight Directory Access Protocol (LDAP). Understanding generalLDAP concepts and the specific Solaris implementation is key to successfuldeployment of resilient enterprise-wide naming services.This book is a follow-up to the Sun BluePrints book titled Solaris™ and LDAP NamingService, published in December 2000. The first book introduced LDAP concepts toSolaris system administrators who may not have been familiar with them. It alsocovered implementation details of the first generation of native LDAP in theSolaris™ Operating Environment (Solaris OE).
Much has changed since the first book was written. The directory server that shipswith the Solaris OE has gone through a major revision and several minor ones. TheSolaris OE LDAP client software has been significantly enhanced, especially in thearea of security. New legacy naming service migration tools have been developed inaddition to software that enables co-existence with Microsoft Windowsenvironments.So much new technology, and so many tools have been developed over the past twoand-a-half years, that a simple update to the first book did not make sense. Instead,the content is new. As with the first book, the focus is on how LDAP technology isintegrated into the Solaris OE as a naming service, and not a comprehensive book onLDAP concepts and deployments. This book is not meant to replace the Sun productdocumentation, but rather to complement it by providing expert insight into howthe technology works and how best to deploy it. The first book is not a prerequisitefor this book.
The Solaris 9 Operating Environment delivers the second phase of Sun's vision forthe naming service of the future, and because of the popularity of the Solaris 8 OE,many Solaris 9 OE features have been backported to Solaris 8 OE. New migration tools were included in the first Solaris 9 release and others are included insubsequent updates. The directory server software became integrated in Solaris 9 OEand newer versions are incorporated into Solaris updates.This book is based primarily on the revisions or software that were available when itwas written. Some comparison with older versions is included, so readers who arefamiliar with those versions can easily understand the differences. This book isbased on the following Sun software:
- Solaris 9 4/03 OE
- Solaris 8 OE with Patch 108993-14 (or later version)
- Sun™ ONE Directory Server 5.2 (integrated Solaris OE version)
Many scripts and source code examples are referenced in this book. Rather thanincluding them on a CD-ROM that could quickly become out-of-date, they areposted at http://www.sun.com/solutions/blueprints/tools/index.html.Readers can register, and freely download the examples. See "Obtaining theDownloadable Files for This Book" on page xxvii.
Who Should Use This Book
Three types of readers will find the information in this book useful.
- System architects who are responsible for defining enterprise-wide directory and
- naming service infrastructure.
- System administrators who are tasked with the actual deployment of directory and naming service technology.
- System programmers who must decide on the best way to implement custom features.
You should be familiar with the basic administration and maintenance functions ofthe Solaris OE. You should also have an understanding of standard networkprotocols and topologies.Because this book is designed to be useful to people with varying degrees ofexperience and knowledge about Solaris OE and LDAP technology, your experienceand knowledge will determine the path you choose through this book.
How This Book Is Organized
This book is organized into the following chapters:
- Chapter 1 "Introducing LDAP in the Solaris Operating Environment" - Provides an overview of LDAP-based directory services, the methodologies used to successfully deploy LDAP, and describes terms and concepts commonly used throughout this book.
- Chapter 2 "Assessing Your Needs for Naming Service Transition and Consolidation" - Deals with issues of legacy naming services and reasons why you would move to LDAP-based naming services. This chapter presents business reasons for making the transition, and offers tips on migration planning.
- Chapter 3 "Defining Directory Service Security Architecture" - Discusses the Solaris OE security model for user authentication and naming service. An example of how to extend the security methods to match your company specific security policies is also provided.
- Chapter 4 "Deploying Solaris OE LDAP Naming Services" - Explains methodologies for deploying LDAP as a naming service along with deployment procedures. How to automate the installation and configuration is discussed with step-by-step examples provided.
- Chapter 5 "Migrating Legacy Data to LDAP" - Covers migration strategies and the tools that are available for migration. Emphasis is on how to import existing naming service data, and how to configure the directory services to co-exist with legacy naming services.
- Chapter 6 "Management Tools and Toolkits" - Provides a survey of tools available from several sources for managing your LDAP naming service data, and provides examples of how to use them effectively. This chapter also describes how to create your own customized tools for managing naming service data.
- Chapter 7 "Performing Administrative Tasks" - Presents tricks and tips for administering directory data. The topics covered in this chapter are topics that are not conventionally covered in product documentation.
- Chapter 8 "Selecting Storage for Optimum Directory Server Performance"- Describes how to choose the right computer hardware for directory server deployment based on performance characteristics.
- Chapter 9 "Performing Directory Server Benchmarks" - Describes the methods and tools used by the Sun Performance Group to characterize the performance of the Sun™ ONE Directory Server software.
- Chapter 10 "Emerging Directory Technologies" - Covers important new technologies. These include Directory Service Markup Language (DSML), Sun™ ONE Identity Synchronization for the Windows (ISW) platform and the NIS to LDAP (N2L) transition service.
The following appendices provide supporting material:
- Appendix A, "LDAP Standards Information" - Provides references to important documents such as RFCs.
- Appendix B, "LDAP v3 Result Codes" - Explains some of the common LDAP error codes that might be returned by your LDAP server.
- Appendix C, "Using snoop with LDAP" - Provides information and examples on how to use the snoop utility to debug network related LDAP problems.
- Appendix D, "Solaris OE 9 PAM Architecture" - Details the PAM application programming interface (API) and the PAM service provider interface (SPI). Also included are procedures on how to effectively write PAM modules when using the Solaris 9 OE.
- The Glossary - Provides a list of terms and acronyms used in this book.