Understanding and Deploying LDAP Directory Services / Edition 2

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 97%)
Other sellers (Hardcover)
  • All (7) from $1.99   
  • Used (7) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$1.99
Seller since 2011

Feedback rating:

(772)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

Good
Used books may not include access codes or one time use codes. Proven Seller with Excellent Customer Service. Choose expedited shipping and get it FAST.

Ships from: Conway, AR

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$2.48
Seller since 2013

Feedback rating:

(4)

Condition: Acceptable
2003 Hardcover Fair

Ships from: Adrian, MI

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$2.61
Seller since 2008

Feedback rating:

(450)

Condition: Good
2003 Hardcover Highlighting on about 4 pages. Good condition. CHARITY SALE! 100% of the proceeds benefit the literacy and educational efforts of Books for America.

Ships from: Fairfax, VA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$15.00
Seller since 2010

Feedback rating:

(8)

Condition: Very Good
Hardcover Very Good 0672323168 No dust jacket. Hardcover has slight wear. Ex-owner's name has ex-owner's name. Side of book (pages) has slight smudges/stains. Second edition, ... 2003. Read more Show Less

Ships from: alameda, CA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$236.69
Seller since 2011

Feedback rating:

(0)

Condition: Good
2003 Softcover Good Lightweight Directory Access Protocol (LDAP) is the standard for directory information access and is the underlying protocol for a variety of email ... systems, Web systems, and enterprise applications. LDAP enables central management of users, groups, devices, and other data, thereby simplifying directory management and reducing the total cost of ownership. Understanding and Deploying LDAP Directory Services, written by the creators of the protocol, is known as the LDAP bible and is the classic text for learning about LDAP and how to utilize it effectively. The Second Edition builds on this success by acting as an exhaustive resource for designing, deploying, and maintaining LDAP directory services. Topics such as implementation pitfalls, establishing and maintaining user access to information, troubleshooting, and real-world scenarios will be thoroughly explored. While early directory standards (such as X.500) offer some cross-platform functionality, none has the flexibility and widesp Read more Show Less

Ships from: Hamburg, Germany

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$325.63
Seller since 2011

Feedback rating:

(0)

Condition: Good
Softcover Good Understanding and Deploying LDAP Directory Services (2nd Edition) by Howes, T... *****PLEASE NOTE: This item is shipping from an authorized seller in Europe. In ... the event that a return is necessary, you will be able to return your item within the US. To learn more about our European sellers and policies see the BookQuest FAQ section***** Read more Show Less

Ships from: Hamburg, Germany

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$500.00
Seller since 2009

Feedback rating:

(22262)

Condition: Good
Our feedback rating says it all: Five star service and fast delivery! We have shipped four million items to happy customers, and have one MILLION unique items ready to ship today!

Ships from: Toledo, OH

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Page 1 of 1
Showing All
Close
Sort by

Overview

Increasingly, organizations are using Lightweight Directory Access Protocol (LDAP) directories as the nerve centers of their computing infrastructures. LDAP--the Internet standard for directory information access--now provides the naming, location, and security traditionally supplied by network operating systems.

In this expanded second edition of the seminal LDAP reference, Understanding and Deploying LDAP Directory Services, three LDAP experts explain the protocol and how to apply it effectively in numerous network environments. The book begins with an introduction to directory services and LDAP, including coverage of LDAPv3 extensions and the Netscape Directory Server. It then moves on to explore:

  • Designing directory services, including data sources, schema, naming, topology, replication, privacy, and security
  • Deploying directory services, including establishing user access to information, implementation pitfalls, and cost analysis
  • Maintaining directory services, including backup, disaster recovery, and troubleshooting
  • Creating and enabling directory-service applications
  • Integrating directory services

Full of practical implementation advice and real-world examples, Understanding and Deploying LDAP Directory Services, Second Edition, will give you the necessary footing to successfully implement LDAP directory-service projects.

0672323168B03212003


This is the companion volume to the author``s prior publication, LDAP : Programming Directory-Enabled Applications with Lightweight Directory Access Protocol. While that edition focused on the LDAP API, tools and programming issues, this publication focuses on design, deployment and maintenance of directory services. Primarily intended for designers and administrators, this text assumes that you are familiar with networking concepts, performance issues and directory service requirements. LDAP is the standard for directory services in networked enterprises. In the past, these services were usually provided by network operating systems; directory services are fundamental to the management, security, operation and performance of all networked business enterprises.

Read More Show Less

Editorial Reviews

Bill Camarda
Imagine phones with no phone books and no 411. That's what it's like on most enterprise networks, which somehow survive with no directory services at all. But there's a change coming. LDAP, the open standard directory service protocol, is rapidly being adopted by virtually every new email system, and by many key enterprise apps. LDAP is certainly "lightweight" compared with its clumsy X.500 ancestor, but implementing it is no walk in the park. The solution: UNDERSTANDING AND DEPLOYING LDAP DIRECTORY SERVICES.

In this book, three prominent members of the LDAP standards community explain what LDAP services are, and how you can leverage them (in obvious and not-so-obvious ways). You'll learn how to define your directory requirements in detail, and design a directory service that meets them. Once you've done so, the book offers practical help for comparing "LDAP-compliant" products on features, management tools, reliability, performance, scalability, security, standards conformance, interoperability, cost, and other yardsticks.

Having chosen a vendor, you'll walk through piloting your application -- and testing it for performance, scalability, and reliability. Finally, the authors show how to put the system into production, keep it running smoothly and securely, provide for backups and disaster recovery, and make improvements over time. The final section of the book presents four thorough deployment case studies, showing how diverse organizations can use LDAP as a simple, versatile solution for a wide variety of problems -- including some you're probably facing right now.

Read More Show Less

Product Details

  • ISBN-13: 9780672323164
  • Publisher: Addison-Wesley
  • Publication date: 5/30/2003
  • Edition description: Second Edition
  • Edition number: 2
  • Pages: 899
  • Product dimensions: 7.60 (w) x 9.50 (h) x 1.54 (d)

Meet the Author

Timothy A. Howes, Ph.D., coinventor of the LDAP protocol, is the cofounder and chief technology officer of Opsware Inc., the leading provider of data center automation software. Previously, Dr. Howes served as vice president of technology for America Online, as chief technology officer of Netscape¿s Server Products division, and as chief architect of several Netscape server products.

Mark C. Smith is the chief architect for directory products at Netscape Communications Corporation, an AOL Time Warner company, where he is responsible for the technical evolution of Netscape Directory Server and several other products and services. Mr. Smith is coauthor of LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol (Macmillan, 1997) and has written many RFCs and Internet Drafts.

Gordon S. Good is a senior software engineer at Opsware, Inc. Before joining Opsware, he worked at Netscape Communications Corporation, where he led the directory-server-replication development team. Gordon has written several RFCs and Internet Drafts.

0672323168AB03212003

Read More Show Less

Read an Excerpt

In the past decade, LDAP directories have risen from a relatively obscure offshoot of an equally obscure field to become one of the linchpins of modern computing. Increasingly, LDAP directories are becoming the nerve center of an organization's computing infrastructure, providing naming, location, management, security, and other services that have traditionally been provided by network operating systems. Design and deployment of a successful LDAP directory service can be complex and challenging, yet little information is available explaining the ins and outs of this important task.

When two of us (Mark and Tim) finished writing a previous book, LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol, in early 1997, we soon realized there was another, much bigger piece of the directory puzzle still to be addressed. The previous book was aimed at directory application programmers, but nothing similar was available to address the needs of directory decision makers, designers, and administrators. This book is aimed at that audience.

Recognizing the size of the task ahead of us and remembering the joys of giving up evenings and weekends for months at a time to meet deadlines for our first book, we quickly decided to expand our team. Just as quickly, we decided there was no one we'd rather share the fun with than our longtime friend and colleague, Gordon Good, at the time a senior directory developer at Netscape. Aside from being the third leg of the LDAP development team at the University of Michigan (U-M), Gordon brought a wealth of system administration experience from his past life as a directory and e-mail administrator and Webmaster for U-M. With Gordon on board, the three of us set about writing a book that we only half-jokingly referred to as the "LDAP Bible." The first edition of Understanding and Deploying LDAP Directory Services was published in 1999.

Two years later, we realized that it was time to update this book and publish a second edition. LDAPv3 work in the IETF was mostly complete. Numerous extensions to the basic LDAP protocol were being developed. LDAP support in commercial and open-source software was widespread. In this edition, we cover these recent directory services developments. In addition, in response to reader suggestions we have streamlined the text, added more hands-on examples, updated the examples to reflect currently available software versions, and updated the case studies to reflect current directory practice. We thank all the readers of the first edition who provided helpful suggestions, and we hope that you find this second edition even more valuable.The Book's Organization

This book includes 26 chapters in 6 parts. Part I introduces directories and LDAP. Parts II through IV each address a different part of the directory life cycle. Part V discusses how to leverage your directory service after it's up and running. Finally, Part VI presents three directory services deployment case studies.

Part I, Introduction to Directory Services and LDAP, provides a comprehensive introduction to directories and LDAP. For readers unfamiliar with the topic, this section should bring them up to speed and provide the background necessary to understand the rest of the book. It also includes a section on the history of directories for readers interested in how all this technology came about.

Part II, Designing Your Directory Service, begins to delve into the directory life cycle by covering the first, and in many ways most important, phase: design. We cover all aspects of directory design, from determining your needs, to designing your data sources, schema, namespace, topology, replication, and finally privacy and security.

Part III, Deploying Your Directory Service, covers the next phase in the directory life cycle: deployment. We cover everything from choosing the right directory products to piloting your service to putting your service into production. We've also included a chapter about analyzing the cost of your service and how to help reduce those costs.

Part IV, Maintaining Your Directory Service, concludes our coverage of the directory life cycle with a look at the maintenance phase. We cover such topics as backups and disaster recovery, maintaining data, monitoring your directory system, and troubleshooting problems when they occur.

Part V, Leveraging Your Directory Service, talks about how to take advantage of the service you have designed and deployed. We discuss how to directory-enable existing applications, how to create new applications that use the directory, and how your directory can coexist with other data sources.

Part VI, Case Studies, closes the book by presenting several directory case studies. Some of the case studies presented are real, and some are fictitious, but all are designed to illustrate the concepts of directory design, deployment, and maintenance in action.The Book's Audience

This book is intended for primarily three kinds of readers: decision makers, architects, and administrators. In addition, anyone who wants to know more about LDAP or directories in general will find the book useful, as will software engineers who develop directory applications.

Directory decision makers will find this book useful for aiding an understanding of directories and the kinds of business problems they help solve. Decision makers will find Part I useful for explaining the basics of directories. Part VI should also prove useful by providing some realistic examples of how directories are used and the benefits they can bring.

Directory architects will find this book useful in defining the design problem and providing a methodology for producing a comprehensive directory design. The design methodology is focused on a practical approach to design based on real-world requirements. We highly recommend that directory architects and designers read the whole book, paying special attention to Parts II, III, and IV. A good directory design results in large part from a clear understanding of the other aspects of the directory life cycle and how the directory will be used.

Directory administrators will find Part IV especially useful. It focuses on the maintenance phase of the directory life cycle, where administrators spend much of their lives. We also highly recommend that administrators read the rest of the book to get an idea of the directory big picture, as well as to understand some of the directory design decisions that are bound to make their lives either miserable or enjoyable.

Other interested readers can pick and choose from the sections of the book that interest them. We encourage all readers to at least skim Part I, to ensure that they have the background required to benefit from the rest of the book. We've tried to structure the book so that each chapter stands by itself as much as possible. Readers should be able to read the chapters covering topics that interest them, without wading through chapters of less interest.

Finally, we think all readers will find the case studies presented in Part VI interesting. They give different perspectives on directories designed to illustrate the trade-offs that different directory needs imply.Contacting Us

If you have comments or suggestions about this book, or if you'd like to tell us about an interesting directory deployment or application you've developed, we'd like to hear from you. Feel free to drop us a line at the following addresses:

Tim Howes:
howes@opsware.com
Mark Smith: mark@bradesmith.com
Gordon Good: ggood@opsware.com

We'll try our best to get back to you, but keep in mind that we all have day jobs!

Read More Show Less

Table of Contents

I. INTRODUCTION TO DIRECTORY SERVICES AND LDAP.

1. Directory Services Overview and History.

What a Directory Is.

Directories Are Dynamic.

Directories Are Flexible.

Directories Can Be Secure.

Directories Can Be Personalized.

Directory Described.

What a Directory Can Do for You.

Finding Things.

Managing Things.

Lightweight Database Applications.

Security Applications.

What a Directory Is Not.

Directories versus Databases.

Directories versus File Systems.

Directories versus Web Servers.

Directories versus FTP Servers.

Directories versus DNS Servers.

The Complementary Directory.

The History and Origins of LDAP.

The Dawn of Standard Directories: X.500.

The Creation and Rise of LDAP.

The Key Advantages of LDAP.

Further Reading.

Looking Ahead.

2. Introduction to LDAP.

What Is LDAP?

The LDAP Protocol.

The LDAP Protocol on the Wire.

The LDAP Models.

The LDAP Information Model.

The LDAP Naming Model.

The LDAP Functional Model.

The LDAP Security Model.

LDIF.

LDIF Representation of Directory Entries.

LDIF Update Statements.

LDAP Server Software.

LDAP Command-Line Utilities.

The ldapsearch Command-Line Utility.

The ldapmodify Command-Line Utility.

LDAP APIs.

Overview of the LDAP C API.

Other LDAP APIs.

LDAP and Internationalization.

LDAP Overview Checklist.

Further Reading.

Looking Ahead.

3. LDAPv3 Extensions.

How LDAPv3 Is Extended.

LDAP Controls.

LDAP Extended Operations.

SASL Authentication Mechanisms.

The Root DSE and Extension Discovery.

Selected LDAPv3 Extensions.

The ManageDSAIT Control.

The Persistent Search Request and Entry Change Notification Response Controls.

The Server-Side Sorting Request and Response Controls.

The Virtual List View Request and Response Controls.

The Proxied Authorization Control.

Password Expiration Controls.

Bulk Import Extended Operations.

The EXTERNAL SASL Mechanism.

The DIGEST-MD5 SASL Mechanism.

Future Directions: Where Is LDAP Headed Next?

Increased Integration into Operating Systems and Middleware.

Emerging Standards Work.

Other LDAP-Related Standards Work.

LDAP and XML.

DSML.

LDAP Extensions and Future Directions Checklists.

Further Reading.

Looking Ahead.

4. Overview of Netscape Directory Server.

Basic Installation.

Extracting and Starting the Setup Program.

Answering Installation Questions.

Completing the Installation and Loading Sample Data.

A Brief Hands-on Tour of Netscape Directory Server.

Searching.

Manipulating Netscape Directory Server Databases.

Controlling Access to Directory Data.

Changing the Server Configuration Using LDAP.

Product Focus and Feature Set.

Origin.

Product Focus.

Feature Set.

Extending the Netscape Server: A Simple Plug-in Example.

Problem Statement.

The Design of the Value Constraint Plug-In.

The Source Code for the Value Constraint Plug-In.

Compiling and Installing the Value Constraint Plug-In.

The Resulting Server Behavior.

Ideas for Improvement.

Further Reading.

Looking Ahead.

II. Designing Your Directory Service.

5. Directory Design Road Map.

The Directory Life Cycle.

Design.

Deployment.

Maintenance.

Directory Design Checklist.

Further Reading.

Looking Ahead.

6. Defining Your Directory Needs.

Overview of the Directory Needs Definition Process.

Step 1: Analyze Your Environment.

Step 2: Determine and Prioritize Needs.

Step 3: Choose an Overall Directory Design and Deployment Approach.

Step 4: Set Goals and Milestones.

Analyzing Your Environment.

Organizational Structure and Geography.

Computer Systems.

The Network.

Application Software.

Determining and Prioritizing Application Needs.

Data.

Performance.

Level of Service.

Security.

Prioritizing Application Needs.

Determining and Prioritizing Users' Needs and Expectations.

Asking Your Users.

Accuracy and Completeness of Data.

Privacy.

Audience.

The Relationship of User Needs to Application Needs.

Prioritizing Your Users' Needs.

Determining and Prioritizing Deployment Constraints.

Resources.

Openness of the Process.

Skills of the Directory System Designers.

Skills and Needs of System Administrators.

The Political Climate.

Prioritizing Your Deployment Constraints.

Determining and Prioritizing Other Environmental Constraints.

Hardware and Software.

The Network.

Criticality of Service.

Security.

Coexistence with Other Databases and Directories.

Prioritizing Your Environmental Constraints.

Choosing an Overall Directory Design and Deployment Approach.

Match the Prevailing Philosophy.

Take Constraints into Account.

Favor Simple over Complex.

Focus on the Most Important Needs.

Setting Some Goals and Milestones.

Goals.

Milestones.

Recommendations for Setting Goals and Milestones.

Defining Your Directory Needs Checklist.

Further Reading.

Looking Ahead.

7. Data Design.

Data Design Overview.

Common Data-Related Problems.

Creating a Data Policy Statement.

Identifying Which Data Elements You Need.

General Characteristics of Data Elements.

Format.

The Size of Each Data Value.

The Number of Distinct Data Values.

Data Ownership and Restrictions.

Consumers.

Frequency of Changes in Values: Dynamic or Static?

Range of Applicability: Shared or Application-Specific?

Relationships with Other Data Elements.

A Data Element Characteristics Example.

Analyzing Data Elements.

Sources of Data.

Other Directory Services and Network Operating Systems.

Databases.

Files.

Applications.

Administrators.

End Users.

Maintaining Good Relationships with Other Data Sources.

Replication.

Synchronization.

Batch Updates.

Political Considerations.

Data Design Checklist.

Further Reading.

Looking Ahead.

8. Schema Design.

The Purpose of a Schema.

Elements of LDAP Schemas.

Attributes.

Object Classes.

Schema Element Summary.

Directory Schema Formats.

The LDAPv3 Schema Format.

The ASN.1 Schema Format.

The Schema-Checking Process.

Schema-Checking Examples.

Schema Design Overview.

A Few Words about Schema Configuration.

The Relationship of Schema Design to Data Design.

Let's Call the Whole Thing Off.

Sources of Predefined Schemas.

Directory-Enabled Applications.

Standard Schemas.

Schemas Provided by Directory Vendors.

Adding a Schema to an Installed Directory Server.

Defining New Schema Elements.

Choosing Names for New Attribute Types and Object Classes.

Obtaining and Assigning Object Identifiers.

Modifying Existing Schema Elements.

Subclassing an Existing Object Class.

Adding Auxiliary Information to a Directory Object.

Accommodating New Types of Objects.

Tips for Defining New Schemas.

Documenting and Publishing Your Schemas.

Schema Maintenance and Evolution.

Establishing a Schema Review Board.

Granting Permission to Change the Schema Configuration.

Changing Existing Schemas.

Upgrading Directory Service Software.

Schema Design Checklist.

Further Reading.

Looking Ahead.

9. Namespace Design.

The Structure of a Namespace.

The Purposes of a Namespace.

Analyzing Your Namespace Needs.

Choosing a Suffix.

Flat and Hierarchical Schemes.

Naming Attributes.

Application Considerations.

Administrative Considerations of Naming Attributes and RDNs.

Privacy Considerations.

Anticipating the Future.

Examples of Namespaces.

Flat Namespace Examples.

Hierarchical Namespace Examples.

Namespace Design Checklist.

Further Reading.

Looking Ahead.

10. Topology Design.

Directory Topology Overview.

Definition of a Partition.

Gluing the Directory Together: Knowledge References.

Name Resolution in the Distributed Directory.

Configuring a Distributed Directory.

Authentication in a Distributed Directory.

Security Implications.

Advantages and Disadvantages of Partitioning.

Designing Your Directory Server Topology.

Step 1: Inventory Your Directory-Enabled Applications.

Step 2: Understand Your Directory Server Software and Its Capabilities.

Step 3: Create a Map of Your Physical Network.

Step 4: Review Your Directory Namespace Design.

Step 5: Consider Political Constraints.

Directory Partition Design Examples.

Topology Design Checklist.

Further Reading.

Looking Ahead.

11. Replication Design.

Why Replicate?

Replication Concepts.

Suppliers, Consumers, and Replication Agreements.

The Unit of Replication.

Consistency and Convergence.

Incremental and Total Updates.

Initial Population of a Replica.

Replication Strategies.

Replication Protocols.

Advanced Replication Features.

Replicating a Subset of Directory Information.

Active Directory GC Servers.

Scheduling Replication.

Scheduling Update Latency by Attribute Type.

Schemas and Replication.

Access Control and Replication.

Designing Your Directory Replication System.

Designing for Maximum Reliability.

Designing for Maximum Performance.

Other Considerations.

Choosing Replication Solutions.

Replication Design Checklist.

Further Reading.

Looking Ahead.

12. Privacy and Security Design.

Security Guidelines.

The Purpose of Security.

Security Threats.

Unauthorized Access.

Unauthorized Tampering.

Denial-of-Service Attacks.

Security Tools.

Analyzing Your Security and Privacy Needs.

Directory Requirements.

Understanding Your Environment.

Understanding Your Users.

Understanding Your Corporate Policies and Applicable Laws.

Designing for Security.

Authentication.

Access Control.

Information Privacy and Integrity.

Administrative Security.

Respecting Your Users' Privacy.

Security versus Deployability.

Privacy and Security Design Checklist.

Further Reading.

Looking Ahead.

III. Deploying Your Directory Service.

13. Evaluating Directory Products.

Making the Right Product Choice.

Categories of Directory Software.

NOS Applications.

Intranet Applications.

Extranet Applications.

Internet-Facing Hosted Applications.

Lightweight Database Applications.

Evaluation Criteria for Directory Software.

Core Features.

Management Features.

Reliability.

Performance and Scalability.

Security.

Standards Compliance.

Interoperability.

Cost.

Flexibility and Extensibility.

Other Considerations.

An Evaluation Criteria Example.

Reaching a Decision.

Gathering Basic Product Information.

Quizzing the Software Vendors.

Challenging the Vendors to Show What Their Products Can Do.

Conducting a Directory Services Pilot.

Negotiating the Best Possible Deal.

Evaluating Directory Products Checklist.

Further Reading.

Looking Ahead.

14. Piloting Your Directory Service.

A Piloting Road Map.

Prepilot Testing.

Defining Your Goals.

Defining Your Scope and Time Line.

Developing Documentation and Training Materials.

Selecting Your Users.

Setting Up Your Environment.

Rolling Out the Pilot.

Collecting Feedback.

Scaling Up the Pilot.

Applying What You've Learned.

Piloting Your Directory Service Checklist.

Looking Ahead.

15. Analyzing and Reducing Costs.

The Politics of Costs.

Reducing Costs.

General Principles of Cost Reduction.

Design, Piloting, and Deployment Costs.

Design Costs.

Piloting Costs.

Deployment Hardware Costs.

Deployment Software Costs.

Ongoing Costs of Providing Your Directory Service.

Software Upgrade Costs.

Hardware Upgrade and Replacement Costs.

Monitoring Costs.

Data Maintenance Costs.

Backup and Restore Costs.

Disaster Recovery Plan Costs.

Support and Training Costs.

Support and Maintenance Contract Costs.

Costs of Adding New Directory-Enabled Applications.

Analyzing and Reducing Costs Checklist.

Further Reading.

Looking Ahead.

16. Putting Your Directory Service into Production.

Creating a Plan for Putting Your Directory Service into Production.

List the Resources Needed for the Rollout.

Create a List of Prerequisite Tasks.

Create a Detailed Rollout Plan.

Develop Criteria for Success.

Create a Publicity and Marketing Plan.

Advice for Putting Your Directory Service into Production.

Don't Jump the Gun.

Maintain Focus.

Adopt an Incremental Approach.

Prepare Yourself Well.

Executing Your Plan.

Putting Your Directory Service into Production Checklist.

Looking Ahead.

IV. Maintaining Your Directory Service.

17. Backups and Disaster Recovery.

Backup and Restore Procedures.

Backing Up and Restoring Directory Data Using Traditional Techniques.

Other Things to Back Up.

Using Replication for Backup and Restore.

Using Replication and Traditional Backup Techniques Together.

Safeguarding Your Backups.

Verifying Your Backups.

Disaster Planning and Recovery.

Types of Disasters.

Developing a Directory Disaster Recovery Plan.

Directory-Specific Issues in Disaster Recovery.

Backups and Disaster Recovery Checklist.

Further Reading.

Looking Ahead.

18. Maintaining Data.

The Importance of Data Maintenance.

The Data Maintenance Policy.

Application-Maintained Data.

Centrally Maintained Data.

User-Maintained Data.

Handling New Data Sources.

Handling Exceptions.

Checking Data Quality.

Methods of Checking Quality.

Implications of Checking Quality.

Correcting Bad Data.

Maintaining Data Checklist.

Further Reading.

Looking Ahead.

19. Monitoring.

Introduction to Monitoring.

Methods of Monitoring.

General Monitoring Principles.

Selecting and Developing Monitoring Tools.

Monitoring Your Directory with SNMP and an NMS.

Monitoring Your Directory with Custom Probing Tools.

Notification Techniques.

Basic Notification Principles.

Notification Methods.

Testing Your Notification System.

Taking Action.

Planning Your Course of Action.

Minimizing the Effect.

Understanding the Root Cause.

Correcting the Problem.

Documenting What Happened.

A Sample Directory Monitoring Utility.

Performance Analysis.

Obtaining Raw Usage Data.

Digesting and Analyzing Raw Performance Data.

Drawing Conclusions.

Monitoring Checklist.

Further Reading.

Looking Ahead.

20. Troubleshooting.

Discovering Problems.

Types of Problems.

Directory Outages.

Performance Problems.

Problems with Directory Data.

Security Problems.

Troubleshooting and Resolving Problems.

Step 1: Assess the Problem, and Inform Affected Persons.

Step 2: Contain the Damage.

Step 3: Put the System Back into Service by Applying a Short-Term Fix.

Step 4: Fully Understand the Problem, and Devise a Long-Term Fix.

Step 5: Implement the Long-Term Fix, and Take Steps to Prevent the Problem from Recurring.

Step 6: Arrange to Monitor for the Problem.

Step 7: Document What Happened.

Troubleshooting Checklist.

Directory Outages.

Performance Problems.

Problems with Directory Data.

Security Problems.

Further Reading.

Looking Ahead.

V. Leveraging Your Directory Service.

21. Developing New Applications.

Reasons to Develop Directory-Enabled Applications.

Lowering Your Data Management Costs.

Adapting the Directory to Fit Your Organization.

Saving on Deployment and Maintenance Costs.

Creating Entirely New Kinds of Applications.

When It Does Not Make Sense to Directory-Enable.

Common Ways That Applications Use Directories.

Locating and Sharing Information.

Verifying Authentication Credentials.

Aiding the Deployment of Other Services.

Making Access Control Decisions.

Enabling Location Independence.

Tools for Developing LDAP Applications.

LDAP SDKs.

LDAP Command-Line Tools.

LDAP Tag Libraries for Web Development.

Directory-Agnostic SDKs.

Advice for LDAP Application Developers.

Striving to Fit In.

Communicating Your Application's Directory Needs.

Designing for Good Performance and Scalability.

Developing a Prototype and Conducting a Pilot.

Leveraging Existing Code.

Avoiding Common Mistakes.

Example 1: setpwd, a Password-Resetting Utility.

Directory Use.

The Help Desk Staff's Experience.

The Source Code.

Ideas for Improvement.

Example 2: SimpleSite, a Web Site with User Profile Storage.

Directory Use.

The User Experience.

The Source Code.

Ideas for Improvement.

Developing New Applications Checklist.

Further Reading.

Looking Ahead.

22. Directory-Enabling Existing Application

Reasons to Directory-Enable Existing Applications.

Enabling New Features in Applications.

Lowering Data Management Costs.

Simplifying Life for End Users.

Bringing the Directory Service to Your End Users.

Advice for Directory-Enabling Existing Applications.

Hide the Directory Integration.

Make the New Directory Capabilities Visible.

Use a Protocol Gateway to Achieve Integration.

Avoid Problematic Architectural Choices.

Consider How the Directory Service Will Be Affected.

Plan for a Smooth Transition.

Be Creative, and Consider All Your Options.

Example 1: A Directory-Enabled finger Service.

The Integration Approach.

Directory Use.

The End-User Experience.

The Source Code.

Ideas for Improvement.

Example 2: Adding LDAP Address Lookup to an E-Mail Client.

The Integration Approach.

The End-User Experience.

The Source Code.

Ideas for Improvement.

Directory-Enabling Existing Applications Checklist.

Further Reading.

Looking Ahead.

23. Directory Coexistence.

Why Is Coexistence Important?

Coexistence Techniques.

Migration.

One-Way Synchronization.

Two-Way Synchronization.

N-Way Join.

Virtual Directory.

Data Translation.

Privacy and Security Considerations.

The Join Attribute.

Data Transport.

Data Source Security.

Determining Your Coexistence Requirements.

Directory Coexistence Implementation Considerations.

Implementation Options.

Performance Implications.

Directory Coexistence Tools.

Tuning and Troubleshooting.

Monitoring and Caring for Your Coexistence Solution.

Example: The ldapsync Tool: One-Way Synchronization with Join.

How It Works.

Usage Examples.

The Source Code.

Ideas for Improvement.

Directory Coexistence Checklist.

Further Reading.

Looking Ahead.

VI. Case Studies.

24. Case Study: Netscape Communications Corporation 797

Overview of the Organization.

Directory Drivers.

Directory Service Design.

Needs.

Data.

Schema.

Namespace.

Topology.

Replication.

Privacy and Security.

Directory Service Deployment.

Product Choice.

Piloting.

Putting Your Directory Service into Production.

Directory Service Maintenance.

Data Backups and Disaster Recovery.

Maintaining Data.

Monitoring.

Leveraging the Directory Service.

Directory Deployment Impact.

Summary and Lessons Learned.

Further Reading.

Looking Ahead.

25. Case Study: A Large Multinational Enterprise.

Overview of the Organization.

Directory Drivers.

Directory Service Design.

Needs.

Data.

Schema.

Namespace.

Topology.

Replication.

Privacy and Security.

Directory Service Deployment.

Product Choice.

Piloting.

Analyzing and Reducing Costs.

Putting the Directory Service into Production.

Directory Service Maintenance.

Data Backups and Disaster Recovery.

Maintaining Data.

Monitoring.

Troubleshooting.

Leveraging the Directory Service.

Applications.

Directory Deployment Impact.

Summary and Lessons Learned.

Further Reading.

Looking Ahead.

26. Case Study: An Enterprise with an Extranet.

Overview of the Organization.

Directory Drivers.

Directory Service Design.

Needs.

Data.

Schema.

Namespace.

Topology.

Replication.

Privacy and Security.

Directory Service Deployment.

Product Choice.

Piloting.

Putting Your Directory Service into Production.

Directory Service Maintenance.

Data Backups and Disaster Recovery.

Maintaining Data.

Monitoring.

Troubleshooting.

Leveraging the Directory Service.

Directory Deployment Impact.

Summary and Lessons Learned.

Looking Ahead.

Index. 0672323168T04142003

Read More Show Less

Preface

In the past decade, LDAP directories have risen from a relatively obscure offshoot of an equally obscure field to become one of the linchpins of modern computing. Increasingly, LDAP directories are becoming the nerve center of an organization's computing infrastructure, providing naming, location, management, security, and other services that have traditionally been provided by network operating systems. Design and deployment of a successful LDAP directory service can be complex and challenging, yet little information is available explaining the ins and outs of this important task.

When two of us (Mark and Tim) finished writing a previous book, LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol, in early 1997, we soon realized there was another, much bigger piece of the directory puzzle still to be addressed. The previous book was aimed at directory application programmers, but nothing similar was available to address the needs of directory decision makers, designers, and administrators. This book is aimed at that audience.

Recognizing the size of the task ahead of us and remembering the joys of giving up evenings and weekends for months at a time to meet deadlines for our first book, we quickly decided to expand our team. Just as quickly, we decided there was no one we'd rather share the fun with than our longtime friend and colleague, Gordon Good, at the time a senior directory developer at Netscape. Aside from being the third leg of the LDAP development team at the University of Michigan (U-M), Gordon brought a wealth of system administration experience from his past life as a directory and e-mail administrator and Web master for U-M. With Gordon on board, the three of us set about writing a book that we only half-jokingly referred to as the "LDAP Bible." The first edition of Understanding and Deploying LDAP Directory Services was published in 1999.

Two years later, we realized that it was time to update this book and publish a second edition. LDAPv3 work in the IETF was mostly complete. Numerous extensions to the basic LDAP protocol were being developed. LDAP support in commercial and open-source software was widespread. In this edition, we cover these recent directory services developments. In addition, in response to reader suggestions we have streamlined the text, added more hands-on examples, updated the examples to reflect currently available software versions, and updated the case studies to reflect current directory practice. We thank all the readers of the first edition who provided helpful suggestions, and we hope that you find this second edition even more valuable.

The Book's Organization

This book includes 26 chapters in 6 parts. Part I introduces directories and LDAP. Parts II through IV each address a different part of the directory life cycle. Part V discusses how to leverage your directory service after it's up and running. Finally, Part VI presents three directory services deployment case studies.

Part I, Introduction to Directory Services and LDAP, provides a comprehensive introduction to directories and LDAP. For readers unfamiliar with the topic, this section should bring them up to speed and provide the background necessary to understand the rest of the book. It also includes a section on the history of directories for readers interested in how all this technology came about.

Part II, Designing Your Directory Service, begins to delve into the directory life cycle by covering the first, and in many ways most important, phase: design. We cover all aspects of directory design, from determining your needs, to designing your data sources, schema, namespace, topology, replication, and finally privacy and security.

Part III, Deploying Your Directory Service, covers the next phase in the directory life cycle: deployment. We cover everything from choosing the right directory products to piloting your service to putting your service into production. We've also included a chapter about analyzing the cost of your service and how to help reduce those costs.

Part IV, Maintaining Your Directory Service, concludes our coverage of the directory life cycle with a look at the maintenance phase. We cover such topics as backups and disaster recovery, maintaining data, monitoring your directory system, and troubleshooting problems when they occur.

Part V, Leveraging Your Directory Service, talks about how to take advantage of the service you have designed and deployed. We discuss how to directory-enable existing applications, how to create new applications that use the directory, and how your directory can coexist with other data sources.

Part VI, Case Studies, closes the book by presenting several directory case studies. Some of the case studies presented are real, and some are fictitious, but all are designed to illustrate the concepts of directory design, deployment, and maintenance in action.

The Book's Audience

This book is intended for primarily three kinds of readers: decision makers, architects, and administrators. In addition, anyone who wants to know more about LDAP or directories in general will find the book useful, as will software engineers who develop directory applications.

Directory decision makers will find this book useful for aiding an understanding of directories and the kinds of business problems they help solve. Decision makers will find Part I useful for explaining the basics of directories. Part VI should also prove useful by providing some realistic examples of how directories are used and the benefits they can bring.

Directory architects will find this book useful in defining the design problem and providing a methodology for producing a comprehensive directory design. The design methodology is focused on a practical approach to design based on real-world requirements. We highly recommend that directory architects and designers read the whole book, paying special attention to Parts II, III, and IV. A good directory design results in large part from a clear understanding of the other aspects of the directory life cycle and how the directory will be used.

Directory administrators will find Part IV especially useful. It focuses on the maintenance phase of the directory life cycle, where administrators spend much of their lives. We also highly recommend that administrators read the rest of the book to get an idea of the directory big picture, as well as to understand some of the directory design decisions that are bound to make their lives either miserable or enjoyable.

Other interested readers can pick and choose from the sections of the book that interest them. We encourage all readers to at least skim Part I, to ensure that they have the background required to benefit from the rest of the book. We've tried to structure the book so that each chapter stands by itself as much as possible. Readers should be able to read the chapters covering topics that interest them, without wading through chapters of less interest.

Finally, we think all readers will find the case studies presented in Part VI interesting. They give different perspectives on directories designed to illustrate the trade-offs that different directory needs imply.

Contacting Us

If you have comments or suggestions about this book, or if you'd like to tell us about an interesting directory deployment or application you've developed, we'd like to hear from you. Feel free to drop us a line at the following addresses:

Tim Howes: howes@opsware.com
Mark Smith: mark@bradesmith.com
Gordon Good: ggood@opsware.com

We'll try our best to get back to you, but keep in mind that we all have day jobs!

0672323168P04142003

Read More Show Less

Introduction

In the past decade, LDAP directories have risen from a relatively obscure offshoot of an equally obscure field to become one of the linchpins of modern computing. Increasingly, LDAP directories are becoming the nerve center of an organization's computing infrastructure, providing naming, location, management, security, and other services that have traditionally been provided by network operating systems. Design and deployment of a successful LDAP directory service can be complex and challenging, yet little information is available explaining the ins and outs of this important task.

When two of us (Mark and Tim) finished writing a previous book, LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol, in early 1997, we soon realized there was another, much bigger piece of the directory puzzle still to be addressed. The previous book was aimed at directory application programmers, but nothing similar was available to address the needs of directory decision makers, designers, and administrators. This book is aimed at that audience.

Recognizing the size of the task ahead of us and remembering the joys of giving up evenings and weekends for months at a time to meet deadlines for our first book, we quickly decided to expand our team. Just as quickly, we decided there was no one we'd rather share the fun with than our longtime friend and colleague, Gordon Good, at the time a senior directory developer at Netscape. Aside from being the third leg of the LDAP development team at the University of Michigan (U-M), Gordon brought a wealth of system administration experience from his past life as a directory and e-mail administrator andWeb master for U-M. With Gordon on board, the three of us set about writing a book that we only half-jokingly referred to as the "LDAP Bible." The first edition of Understanding and Deploying LDAP Directory Services was published in 1999.

Two years later, we realized that it was time to update this book and publish a second edition. LDAPv3 work in the IETF was mostly complete. Numerous extensions to the basic LDAP protocol were being developed. LDAP support in commercial and open-source software was widespread. In this edition, we cover these recent directory services developments. In addition, in response to reader suggestions we have streamlined the text, added more hands-on examples, updated the examples to reflect currently available software versions, and updated the case studies to reflect current directory practice. We thank all the readers of the first edition who provided helpful suggestions, and we hope that you find this second edition even more valuable.

The Book's Organization

This book includes 26 chapters in 6 parts. Part I introduces directories and LDAP. Parts II through IV each address a different part of the directory life cycle. Part V discusses how to leverage your directory service after it's up and running. Finally, Part VI presents three directory services deployment case studies.

Part I, Introduction to Directory Services and LDAP, provides a comprehensive introduction to directories and LDAP. For readers unfamiliar with the topic, this section should bring them up to speed and provide the background necessary to understand the rest of the book. It also includes a section on the history of directories for readers interested in how all this technology came about.

Part II, Designing Your Directory Service, begins to delve into the directory life cycle by covering the first, and in many ways most important, phase: design. We cover all aspects of directory design, from determining your needs, to designing your data sources, schema, namespace, topology, replication, and finally privacy and security.

Part III, Deploying Your Directory Service, covers the next phase in the directory life cycle: deployment. We cover everything from choosing the right directory products to piloting your service to putting your service into production. We've also included a chapter about analyzing the cost of your service and how to help reduce those costs.

Part IV, Maintaining Your Directory Service, concludes our coverage of the directory life cycle with a look at the maintenance phase. We cover such topics as backups and disaster recovery, maintaining data, monitoring your directory system, and troubleshooting problems when they occur.

Part V, Leveraging Your Directory Service, talks about how to take advantage of the service you have designed and deployed. We discuss how to directory-enable existing applications, how to create new applications that use the directory, and how your directory can coexist with other data sources.

Part VI, Case Studies, closes the book by presenting several directory case studies. Some of the case studies presented are real, and some are fictitious, but all are designed to illustrate the concepts of directory design, deployment, and maintenance in action.

The Book's Audience

This book is intended for primarily three kinds of readers: decision makers, architects, and administrators. In addition, anyone who wants to know more about LDAP or directories in general will find the book useful, as will software engineers who develop directory applications.

Directory decision makers will find this book useful for aiding an understanding of directories and the kinds of business problems they help solve. Decision makers will find Part I useful for explaining the basics of directories. Part VI should also prove useful by providing some realistic examples of how directories are used and the benefits they can bring.

Directory architects will find this book useful in defining the design problem and providing a methodology for producing a comprehensive directory design. The design methodology is focused on a practical approach to design based on real-world requirements. We highly recommend that directory architects and designers read the whole book, paying special attention to Parts II, III, and IV. A good directory design results in large part from a clear understanding of the other aspects of the directory life cycle and how the directory will be used.

Directory administrators will find Part IV especially useful. It focuses on the maintenance phase of the directory life cycle, where administrators spend much of their lives. We also highly recommend that administrators read the rest of the book to get an idea of the directory big picture, as well as to understand some of the directory design decisions that are bound to make their lives either miserable or enjoyable.

Other interested readers can pick and choose from the sections of the book that interest them. We encourage all readers to at least skim Part I, to ensure that they have the background required to benefit from the rest of the book. We've tried to structure the book so that each chapter stands by itself as much as possible. Readers should be able to read the chapters covering topics that interest them, without wading through chapters of less interest.

Finally, we think all readers will find the case studies presented in Part VI interesting. They give different perspectives on directories designed to illustrate the trade-offs that different directory needs imply.

Contacting Us

If you have comments or suggestions about this book, or if you'd like to tell us about an interesting directory deployment or application you've developed, we'd like to hear from you.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)