You are an IT planner for a large multi-national corporation, or perhaps you are a systems manager responsible for a few hundred Solaris OE servers. In any case, you are aware of how critical a naming service is to the smooth operation of your data center. You may be deploying NIS, NIS+, or your own schema for updating naming service data by propagating text files around the network.
Your current naming service works okay, but you are not totally comfortable with the way it is deployed. Security is a concern and the proliferation of multiple data stores containing user and employee information is creating an administration nightmare. You have also learned that Sun is planning to stop supporting NIS+ in future releases and has similar plans for NIS. LDAP technology is clearly the direction Sun is moving towards as a replacement for NIS and NIS+, but it is not clear what you should be doing about it.
In a nutshell , the purpose of this book is to educate the you about Sun's LDAP implementations so a deployment plan can be established.
In Six Sigma terminology, the steps are:
Whether your company is guided by Six Sigma methodology or not, you most likely perform similar activities. This book addresses these five activities in terms of planning and deploying LDAP technology.
Defining the Problem
Quantifying the problem is the first step to developing a solution. In some cases, you might not even be aware that a problem exists. To help in this phase, Chapter 2 "Assessing Your Needs for Naming Service Transition and Consolidation" provides a look at problems typical enterprises face and why they exist.
Measuring the Scope
Recognizing the problem is the first step, and measuring the scope of the problem is the second step. You might be surprised to find out how and where your naming service data is used, and what the authoritative source is. Chapter 2 "Assessing Your Needs for Naming Service Transition and Consolidation" provides a list of common uses and sources of naming service data and can be used as a guide to determining the impact a naming service transition can have.
Analyzing Alternative Solutions
Before you can make an informed deployment decision, you need to know what options are available. There are several chapters that address this activity. Chapter 3 "Defining Directory Service Security Architecture" discusses security options, including how to implement your own security policy. Knowledge about the default behavior of Solaris OE security mechanisms like the Pluggable Authentication Module (PAM) framework is important and included in this book.
Chapter 4 "Deploying Solaris OE LDAP Naming Services" discusses options for deploying a native version of the LDAP naming service client. The term native is used because the client uses LDAP operations to interact with the name service. This is in contrast to the Remote Procedure Call (RPC) interface used by NIS and NIS+ clients . Additional security options covered in Chapter 3 "Defining Directory Service Security Architecture" are specific to the Secured LDAP Client.
Another deployment option is to maintain your current NIS and NIS+ clients, but use an LDAP directory as the back end. The NIS+ migration tool for doing this is covered in Chapter 5 "Migrating Legacy Data to LDAP."
If you have a deployment of Windows 2000 Active Directory servers or Windows NT servers, you may want to visit Chapter 10 "Emerging Directory Technologies" to become familiar with the user account and password synchronization using the Sun ONE Identity Synchronization for the Windows technology.
After you have decided on an approach that is right for your enterprise, you need to develop an implementation plan. Chapter 5 "Migrating Legacy Data to LDAP" provides the details on how to implement a native solution. Details on how to implement the NIS+ migration tool are discussed in Chapter 5 "Migrating Legacy Data to LDAP." Another aspect of deployment is converting your current naming service data to LDAP directory data. Techniques for doing this are discussed in Chapter 5 "Migrating Legacy Data to LDAP."
Deciding what hardware is right for your deployment is important. You want to make sure the servers can handle the current load and have headroom for anticipated loads in the future. However, you probably do not have an infinite budget to spend on hardware. Chapter 8 "Selecting Storage for Optimum Directory Server Performance" provides you with guidelines for server sizing and capacity planning.
After your initial deployment, the directory data you imported for the LDAP naming service needs to be managed, and client access needs to be controlled. There are many tools and tool kits for doing this. Traditional ones are discussed in Chapter 6 "Management Tools and Toolkits." Emerging technology, namely DSML, for creating tools is covered in Chapter 10 "Emerging Directory Technologies."