Introduction to LDAP Naming Services (Overview/Reference)

The LDAP chapters describe how to set up a Solaris LDAP naming services client to work with Sun ONE Directory Server (formerly iPlanet Directory Server). However, while using the Sun ONE Directory Server is recommended, it is not required. A brief description of generic directory server requirements appears in Chapter 18, LDAP General Reference (Reference).

Note - A directory server is not necessarily an LDAP server. However, in the context of these chapters, the term "directory server" is synonymous with "LDAP server."

Audience Assumptions

The LDAP naming services chapters are written for system administrators who already have a working knowledge of LDAP. Following is a partial list of concepts with which you must be very familiar. Otherwise, you might have difficulty using this guide to deploy LDAP naming services in the Solaris environment.

• LDAP Information Model (entries, object classes, attributes, types, values)

• LDAP Naming Model (Directory Information Tree (DIT) structure)

• LDAP Functional Model (search parameters: base object (DN), scope, size limit, time limit, filters (browsing indexes for the Sun ONE Directory Server), attribute list)

• LDAP Security Model (authentication methods, access control models)

• Overall planning and design of an LDAP directory service, including how to plan the data and how to design the DIT, topology, replication, and security

Suggested Background Reading

To learn more about any of the aforementioned concepts or to study LDAP and the deployment of directory services in general, refer to the following sources:

• Understanding and Deploying LDAP Directory Services by Timothy A. Howes, Ph.D. and Mark C. Smith

  In addition to providing a thorough treatment of LDAP directory services, this book includes useful case studies on deploying LDAP. Examples of deployments include a large university, a large multinational enterprise, and an enterprise with an extranet.

• Sun ONE Directory Server Deployment Guide, which is included in the documentation CD.

  This guide provides a foundation for planning your directory, including directory design, schema design, the directory tree, topology, replication, and security. The last chapter provides sample deployment scenarios to help you plan both simple, smaller-scale deployments and complex worldwide deployments.

• Sun ONE Directory Server Administration Guide, which is included in the documentation CD.

Additional Prerequisite

If you need to install Sun ONE Directory Server, refer to the Installation Guide for the version of Sun ONE Directory Server that you are using.

LDAP Naming Services Compared to Other Naming Services

The following table shows a comparison between the FNS, DNS, NIS, NIS+, and LDAP naming services.

Advantages of LDAP Naming Services

• LDAP enables you to consolidate information by replacing application-specific databases, which reduces the number of distinct databases to be managed.

• LDAP allows data to be shared by different naming services.

• LDAP provides a central repository for data.

• LDAP allows for more frequent data synchronization between masters and replicas.

• LDAP is multi-platform and multi-vendor compatible.

Restrictions of LDAP Naming Services

Following are some restrictions associated with LDAP naming services:

• Clients prior to Solaris 8 are not supported.

• An LDAP server cannot be its own client.

• Setting up and managing an LDAP naming services is more complex and requires careful planning.

Note - A directory server (an LDAP server) cannot be its own client. That is, you cannot configure the machine that is running the directory server software to become an LDAP naming services client.

LDAP Naming Services Setup (Task Map)