Chapter 8 Introduction to LDAP Naming Services (Overview/Reference)

The LDAP chapters describe how to set up a Solaris LDAP naming services client to work with Sun Java System Directory Server (formerly Sun ONE Directory Server). However, while using the Sun Java System Directory Server is recommended, it is not required. A brief description of generic directory server requirements appears in Chapter 14, LDAP General Reference (Reference).

A directory server is not necessarily an LDAP server. However, in the context of these chapters, the term “directory server” is synonymous with “LDAP server.”

Audience Assumptions

The LDAP naming services chapters are written for system administrators who already have a working knowledge of LDAP. Following is a partial list of concepts with which you must be very familiar. Otherwise, you might have difficulty using this guide to deploy LDAP naming services in the Solaris system.

• LDAP Information Model (entries, object classes, attributes, types, values)

• LDAP Naming Model (Directory Information Tree (DIT) structure)

• LDAP Functional Model (search parameters: base object (DN), scope, size limit, time limit, filters (browsing indexes for the Sun Java System Directory Server), attribute list)

• LDAP Security Model (authentication methods, access control models)

• Overall planning and design of an LDAP directory service, including how to plan the data and how to design the DIT, topology, replication, and security

Suggested Background Reading

To learn more about any of the aforementioned concepts or to study LDAP and the deployment of directory services in general, refer to the following sources:

• Understanding and Deploying LDAP Directory Services by Timothy A. Howes, Ph.D. and Mark C. Smith

  In addition to providing a thorough treatment of LDAP directory services, this book includes useful case studies on deploying LDAP. Examples of deployments include a large university, a large multinational enterprise, and an enterprise with an extranet.

• Sun Java System Directory Server Deployment Guide, which is included with the Sun Java Enterprise System documentation

  This guide provides a foundation for planning your directory, including directory design, schema design, the directory tree, topology, replication, and security. The last chapter provides sample deployment scenarios to help you plan both simple, smaller-scale deployments and complex worldwide deployments.

• Sun Java System Directory Server Administration Guide, which is included with the Sun Java Enterprise System documentation

Additional Prerequisite

If you need to install Sun Java System Directory Server, refer to the Installation Guide for the version of Sun Java System Directory Server that you are using.

LDAP Naming Services Compared to Other Naming Services

The following table shows a comparison between the DNS, NIS, NIS+, and LDAP naming services.

Advantages of LDAP Naming Services

• LDAP enables you to consolidate information by replacing application-specific databases, which reduces the number of distinct databases to be managed.

• LDAP allows data to be shared by different naming services.

• LDAP provides a central repository for data.

• LDAP allows for more frequent data synchronization between masters and replicas.

• LDAP is multi-platform and multi-vendor compatible.

Restrictions of LDAP Naming Services

Following are some restrictions associated with LDAP naming services:

• Clients prior to Solaris 8 are not supported.

• An LDAP server cannot be its own client.

• Setting up and managing an LDAP naming services is more complex and requires careful planning.

• A NIS client and a Native LDAP client cannot co-exist on the same client machine.

A directory server (an LDAP server) cannot be its own client. That is, you cannot configure the machine that is running the directory server software to become an LDAP naming services client.

LDAP Naming Services Setup (Task Map)