LDAP in the Solaris Operating Environment: Deploying Secure Dictionory ServiceS

LDAP in the Solaris Operating Environment: Deploying Secure Dictionory ServiceS

by Michael Haines, Tom Bialaski
     
 

LDAP in the Solaris Operating Environment Deploying Secure Directory Services

  • Provides an in-depth discussion of Solaris Operating Environment security methods and how they relate to LDAP as a naming service
  • Covers migration planning tips from NIS/NIS+ to an LDAP-based naming service including capacity planning

…  See more details below

Overview

LDAP in the Solaris Operating Environment Deploying Secure Directory Services

  • Provides an in-depth discussion of Solaris Operating Environment security methods and how they relate to LDAP as a naming service
  • Covers migration planning tips from NIS/NIS+ to an LDAP-based naming service including capacity planning
  • Presents an overview of LDAP tools and toolkits, and how they are used to administer LDAP as a naming service
  • Discusses performance principles and benchmarking techniques for optimizing directory server performance

LDAP in the Solaris Operating Environment is a follow-on to the Sun BluePrints book Solaris and LDAP Naming Services, and describes the significant improvements to the Solaris LDAP client and directory server. Deploying the Solaris Secured LDAP Client is covered in detail. This Sun BluePrints book introduces NIS/NIS+ migration tools and techniques to aid in the transition to an LDAP-based naming service. Troubleshooting tips, examples of extending Solaris authentication methods, and examples of extending Solaris authentication methods using the Pluggable Authentication Module (PAM) framework are provided.

Product Details

ISBN-13:
9780131456938
Publisher:
Prentice Hall
Publication date:
09/18/2003
Series:
Sun BluePrints, The Official Sun Microsystems Resource Series
Pages:
704
Product dimensions:
6.90(w) x 9.00(h) x 1.50(d)

Read an Excerpt

Preface

LDAP in the Solaris™ Operating Environment - Deploying Secure Directory Services isone book in a growing collection of books that are part of the Sun BluePrints™program.This book describes best practices for planning and deploying naming servicesbased on the Lightweight Directory Access Protocol (LDAP). Understanding generalLDAP concepts and the specific Solaris implementation is key to successfuldeployment of resilient enterprise-wide naming services.This book is a follow-up to the Sun BluePrints book titled Solaris™ and LDAP NamingService, published in December 2000. The first book introduced LDAP concepts toSolaris system administrators who may not have been familiar with them. It alsocovered implementation details of the first generation of native LDAP in theSolaris™ Operating Environment (Solaris OE).

Much has changed since the first book was written. The directory server that shipswith the Solaris OE has gone through a major revision and several minor ones. TheSolaris OE LDAP client software has been significantly enhanced, especially in thearea of security. New legacy naming service migration tools have been developed inaddition to software that enables co-existence with Microsoft Windowsenvironments.So much new technology, and so many tools have been developed over the past twoand-a-half years, that a simple update to the first book did not make sense. Instead,the content is new. As with the first book, the focus is on how LDAP technology isintegrated into the Solaris OE as a naming service, and not a comprehensive book onLDAP concepts and deployments. This book is not meant to replace the Sun productdocumentation, but rather to complement it by providing expert insight into howthe technology works and how best to deploy it. The first book is not a prerequisitefor this book.

The Solaris 9 Operating Environment delivers the second phase of Sun's vision forthe naming service of the future, and because of the popularity of the Solaris 8 OE,many Solaris 9 OE features have been backported to Solaris 8 OE. New migration tools were included in the first Solaris 9 release and others are included insubsequent updates. The directory server software became integrated in Solaris 9 OEand newer versions are incorporated into Solaris updates.This book is based primarily on the revisions or software that were available when itwas written. Some comparison with older versions is included, so readers who arefamiliar with those versions can easily understand the differences. This book isbased on the following Sun software:

  • Solaris 9 4/03 OE
  • Solaris 8 OE with Patch 108993-14 (or later version)
  • Sun™ ONE Directory Server 5.2 (integrated Solaris OE version)

Many scripts and source code examples are referenced in this book. Rather thanincluding them on a CD-ROM that could quickly become out-of-date, they areposted at http://www.sun.com/solutions/blueprints/tools/index.html.Readers can register, and freely download the examples. See "Obtaining theDownloadable Files for This Book" on page xxvii.

Who Should Use This Book

Three types of readers will find the information in this book useful.

  • System architects who are responsible for defining enterprise-wide directory and
  • naming service infrastructure.
  • System administrators who are tasked with the actual deployment of directory and naming service technology.
  • System programmers who must decide on the best way to implement custom features.
Before You Read This Book

You should be familiar with the basic administration and maintenance functions ofthe Solaris OE. You should also have an understanding of standard networkprotocols and topologies.Because this book is designed to be useful to people with varying degrees ofexperience and knowledge about Solaris OE and LDAP technology, your experienceand knowledge will determine the path you choose through this book.

How This Book Is Organized

This book is organized into the following chapters:

  • Chapter 1 "Introducing LDAP in the Solaris Operating Environment" - Provides an overview of LDAP-based directory services, the methodologies used to successfully deploy LDAP, and describes terms and concepts commonly used throughout this book.
  • Chapter 2 "Assessing Your Needs for Naming Service Transition and Consolidation" - Deals with issues of legacy naming services and reasons why you would move to LDAP-based naming services. This chapter presents business reasons for making the transition, and offers tips on migration planning.
  • Chapter 3 "Defining Directory Service Security Architecture" - Discusses the Solaris OE security model for user authentication and naming service. An example of how to extend the security methods to match your company specific security policies is also provided.
  • Chapter 4 "Deploying Solaris OE LDAP Naming Services" - Explains methodologies for deploying LDAP as a naming service along with deployment procedures. How to automate the installation and configuration is discussed with step-by-step examples provided.
  • Chapter 5 "Migrating Legacy Data to LDAP" - Covers migration strategies and the tools that are available for migration. Emphasis is on how to import existing naming service data, and how to configure the directory services to co-exist with legacy naming services.
  • Chapter 6 "Management Tools and Toolkits" - Provides a survey of tools available from several sources for managing your LDAP naming service data, and provides examples of how to use them effectively. This chapter also describes how to create your own customized tools for managing naming service data.
  • Chapter 7 "Performing Administrative Tasks" - Presents tricks and tips for administering directory data. The topics covered in this chapter are topics that are not conventionally covered in product documentation.
  • Chapter 8 "Selecting Storage for Optimum Directory Server Performance"- Describes how to choose the right computer hardware for directory server deployment based on performance characteristics.
  • Chapter 9 "Performing Directory Server Benchmarks" - Describes the methods and tools used by the Sun Performance Group to characterize the performance of the Sun™ ONE Directory Server software.
  • Chapter 10 "Emerging Directory Technologies" - Covers important new technologies. These include Directory Service Markup Language (DSML), Sun™ ONE Identity Synchronization for the Windows (ISW) platform and the NIS to LDAP (N2L) transition service.

The following appendices provide supporting material:

  • Appendix A, "LDAP Standards Information" - Provides references to important documents such as RFCs.
  • Appendix B, "LDAP v3 Result Codes" - Explains some of the common LDAP error codes that might be returned by your LDAP server.
  • Appendix C, "Using snoop with LDAP" - Provides information and examples on how to use the snoop utility to debug network related LDAP problems.
  • Appendix D, "Solaris OE 9 PAM Architecture" - Details the PAM application programming interface (API) and the PAM service provider interface (SPI). Also included are procedures on how to effectively write PAM modules when using the Solaris 9 OE.
  • The Glossary - Provides a list of terms and acronyms used in this book.

Meet the Author

Michael Haines is a principal staff engineer for Sun Microsystems, Inc. He started his career in the CTE engineering group and has been at Sun almost 14 years. Michael has held various engineering positions within Sun, and he is the coauthor of the Sun BluePrints Solaris and LDAP Naming Services--Deploying LDAP in the Enterprise, published in 2001. Tom Bialaski is a senior staff engineer in the Enterprise Engineering group at Sun Microsystems. He began his career at Sun as a systems engineer almost 20 years ago and has held various customer-focused engineering positions since then. Tom is the coauthor of the Sun BluePrints Solaris and LDAP Naming Services--Deploying LDAP in the Enterprise, published in 2001.

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >