Complete Contents
Introduction
Chapter 1 Welcome to the Directory Server
Chapter 2 Directory Deployment Overview
Chapter 3 Planning Your Directory Data
Chapter 4 Planning Directory Schema
Chapter 5 Planning Security Policies
Chapter 6 Directory Tree Design
Chapter 7 Planning Replication
Chapter 8 Planning Referrals
Chapter 9 Directory Design Examples
Chapter 10 Extending Your Directory Service
Appendix A Quick Start
Contents Bookshelf



A
access
  anonymous 58, 71
  determining general types of 71
  precedence rule 60
  restricting by physical location 72
access rules
  overview 55
access-control
  branching to support 87
  planning 24
access-control information (ACI) 59
  bind rules 64, 65, 66
  filtered rules 63, 87
  format 64-69
  in the directory tree 87
  permission 64
  target 64, 65
  usage advice 67
  where to place 62, 127
access-control list (ACL) 59
  defined 59
  permissions 59
ACI, See access-control information
ACL, See access-control list
adding object classes 47
  strategies 48
allow permissions 61
  usage advice 61
analyzing the site survey 34
anonymous access 71
  for read 38
  overview 58
API, server 143
applications 31
architecture 16
attribute 42
  overview 44-46
  required and allowed 44
  values 45
attribute-data pair 29, 42
authentication 55, 57
  certification-based 56
  overview 55
  root DN 59
  with Directory Server NT 57

B
base distinguished name 20
bind DN 55
bind rules 64, 65, 66
binding to the directory 55
  anonymously 58
  certificate-based 56
branch point 76
  DN attributes 82
    searching 84
    traditional 83
  for access-control 87
  for international trees 88
  for replication and referrals 86
  network names 86
  strategies 84
  usage advice 82

C
c attribute 88
C SDK 142
cascading replication 97
certificate-based authenticate 56
changelog 102
circular groups 71
clients 15
  API 140
  bind algorithm 56
  referrals and 123
  SDK 142
cn attribute 42, 43, 89, 147
commonName attribute 42, 43, 89, 91
configuration directory 148
consumer server 94, 95
consumer servers 95
consumer-initiated replication 100
  required directory entries 102
conventions, in this book 10
country attribute 62, 88
custom filters 139
  strategies 140
custom LDAP clients 139
  building 141
custom programs 139
  client SDKs 142
  clients, building 141
customizing the directory service 139
customizing the schema 40, 47-52
  being consistent 50
  FAQ 51

D
data access 37
data management
  local management example 133
  planning 24
  replication example 111
data mastering 34
  for multiple applications 35
  for replication 35, 107
data migration 140
data ownership 36
database 16
  access rules 55
  replacing 143
  with ISPs 79
database plug-in 16, 143
default permissions 60
deny permissions 60
  usage advice 61
  when to use 61
deployment advice 25
Directory Access Protocol (DAP) 14
directory applications 31
  browsers 31
  email 31
directory data 27-40
  access 37
  characteristics 29
  creating 149
  entry size 106
  examples of 30
  mastering 34
    for multiple applications 35
    for replication 35
  model 45
  ownership 36
  planning 28, 31
    site survey 33-40
  representation 42
  what not to include 30
directory deployment team 33
directory design
  activities 24
  advice 23
  examples
    extranet 137
    international corporation 131-136
      multiple suffix, local data management 134
      single suffix, global replication 131
      single suffix, local data management 133
    small organization 125
    state government 129
directory entries
  creating 149
directory information tree 17
directory manager 20
directory of directories 134
directory schema 40
directory service 12-15
  extending 139
  global 14
  LDAP 15
  n+1 problem 13
  Netscape solution 16
  uses of 13
  X.500 14, 129
directory suffix 76
  country root point 78
  planning 78
  recommended 79, 146
directory tree 17, 75-91
  branch point 76, 126, 129
    DN attributes 82
      searching 84
      traditional 83
    for access-control 87
    for international trees 88
    for replication and referrals 86
    network names 86
    strategies 84
    usage advice 82
  consumer 95
  design advice 147
  overview 76
  planning 25
  populating 149
  replicated 96
  suffix 76, 126, 129
    country root point 78
    planning 78
    recommended 79, 146
  supplier 94
distinguished name 18
  name collision 90
    avoiding 147
  naming non-person entries 91
  naming person entries 89
  usage advice 147
DIT 17
DN, See distinguished name
DNS 13, 103
  network sort 104
  round robin 103

E
email applications 31
enterprise 12
examples
  directory design 125-138
    extranet 137
    international corporation 131-136
      multiple suffix, local data management 134
      single suffix, global replication 131
      single suffix, local data management 133
    small organization 125
    state government 129
  replication
    large sites 110
    load balancing server traffic 112
    local data management 111
    messaging traffic 114
    small sites 110
extended operations 142, 143
extending the directory service 139
extending the schema 47
  FAQ 51
extranet
  example 137
  replication 98
  smart referrals 121

F
filtered access-control rules 63
fonts, in this book 10

G
global directory services 14
group attribute 62
groups
  circular 71
  examples 126
  naming 91
  nested 71
  planning 25, 69
  usage advice 71

H
highly available directory services 102

I
index 115
inetOrgPerson attribute 62
inheritance, in object classes 43
international enterprise
  branching to support 88
interoperating with legacy directories 140

J
java SDK 142

L
LDAP, See Lightweight Directory Access Protocol
LDAP client API 140
LDAP Data Interchange Format (LDIF) 149
LDIF 149
legacy directory, interoperating with 140
Lightweight Directory Access Protocol (LDAP) 15
  client 15
    API 140
    authentication 55
      anonymous 58
      certificate-based 56
    custom 139
    custom, building 141
  custom operations 142
  directory service architecture 15
  directory services 15
  extended operations 142
  referral handling 123
  server 15
load balancing
  the network 106
  the server 105
local data management 133

M
mail attribute 90
mastering directory data 34
  for multiple applications 35
  for replication 35
migrating directory data 140
multiple suffixes 77
  with enterprises 80
  with extranets 81
  with ISPs 79

N
n+1 directory problem 13
name collision 90
  avoiding 147
nested groups 71
Netscape Directory Server 11, 15-17
  API 143
  architecture 16
  authentication 55
    anonymous 58
    certificate-based 56
  capabilities 15
  concepts 17-21
  database 16
  deployment advice 25
  extended operations 142
  extending 139, 143
  load balancing 105
  performance 104
  plug-ins 139
  security policy 54
Netscape Messaging Server
  indexes, required 115
  replication example 114
network names, branching to reflect 86
network sort 104
network, load balancing 106
non-person entries
  naming 91

O
object class 42
  adding new 47
  inheritance 43
  overview 43-44
  standard 43
object class violation 44
organization attribute 62
organizationalPerson object class 43
organizationalUnit attribute 62
organizations, naming 91

P
passwords, NT Directory Server and 57
performance (server) 104
permissions 60
  ACL and 59
  allow 61
  bind rules 64, 65, 66
  default 60
  deny 60
    when to use 61
  on ACIs 64
  precedence rule 60
  usage advice 61
persistent search 142
person entries, naming 89
planning
  access-control 24
  data management 24
  directory contents 24
  directory data 28
    site survey 33-40
      analyzing 34
      documenting 39
  directory tree 25
  groups 25
  referrals 25
  replication 25
planning directory data 31
  what to consider 32
plug-in 16, 139
  server, writing 143
points of access 72
populating the directory 149
precedence rule 60

Q
quick deployment 145-150

R
RDN, See relative distinguished name 89
referrals 77, 117-124
  branching to support 86
  client handling 123
  handling by LDAP client 123
  overview 118
  planning 25
  smart referrals
    client handling 123
    how to use 121
    overview 118
    usages 121
  when returned 118
relational database 143
relative distinguished name (RDN) 89
  non-person entries 91
  person entries 89
replication 93-102
  agreement 100
  architecture 94
  branching to support 86
  cascading 97
  consumer server 94, 95
  consumer-initiated 100
  directory trees 96
  examples
    large sites 110
    load balancing server traffic 112
    local data management 111
    messaging traffic 114
    small sites 110
  extranet 98
  for high availability 102
  initiating synchronization 100
  load balancing 104
    the network 106
    the server 105
  local availability 107
  modifying data 95
  multiple subtrees 98
  overview 94
  planning 25
  single master 94
  strategies 108
    example 131
  subtrees 98
  supplier server 94
  supplier-initiated 100
replication master 131
root distinguished name 20
root DN 20
  authentication 59
  defined 59
  password 59
root DSE 76
root entry 19, 126, 129
root password 59

S
schema 40, 41-52
  customizing 40, 47-52
    being consistent 50
    FAQ 51
  deleting standard elements 47
  extending 47
  overview 42-46
schema checking 45
  overview 46
SDK, See software developer kits
secure sockets layer 21, 56
security policy 38, 53
  creating 69-73
  overview 54
server database 16
server performance 104
server plug-in 143
site survey 33-40
  analyzing 34
  documenting 39
  multinational enterprises 33
  network capabilities 108
smart referral 77
  client handling 123
  example 130, 136
  how to use 121
  overview 118
  usages 121
sn attribute 43
software developer kits (SDKs) 142
SSL (see Secure Sockets Layer)
standard object classes 43
streetAddress attribute 43
styles, in this book 10
subtree replication 98
  multiple subtrees 98
suffix 18, 76, 126, 129
  country root point 78
  multiple 77
    with extranets 81
    with ISPs 79
    with large enterprises 80
  planning 78
  recommended 79, 146
supplier DN 101
supplier servers 94
  capabilities of 94
  synchronization and 100
supplier-initiated replication 100
  required directory entries 101
surname attribute 43

T
telephoneNumber attribute 43
terms, in this book 10
top object class 43

U
uid attribute 43, 90
user authentication 55
user IDs 148
userPassword attribute 43

X
X.500 14, 51, 82, 83
X.500, coexisting with 129
 

© Copyright 1998 Netscape Communications Corporation