30 April 1998 IBM 1

Directory ServicesBest Practices

Ellen Stokes, Directory Architect

IBM Austin

stokes@austin.ibm.com

30 April 1998 IBM 2

Agenda

• Why Best Practices• Topics

– Heterogeneity– Directory Content– Schema and the Namespace– Finding Things

• Summary

30 April 1998 IBM 3

Why Best Practices?

• Aid in planning deployment and use of directory services

• Avoid the pitfalls & learn from collective experiences, such as– Leverage the directory as a cost effective part of your

total distributed solution– Don’t make the directory do what it wasn’t designed to

do, e.g. directories are not general purpose RDBMSs– Make effective use of the namespace for flexibility and

scalability of applications

30 April 1998 IBM 4

Heterogeneity

• The directory space is heterogeneous– Multiple platforms– Multiple directories

• Portability via APIs• Interoperability via Protocols• Customer decides how much synergy he

wants between directories - there are choices, such as– Meta-directory– Federation– Loose coupling (relationships, e.g. DNS)

30 April 1998 IBM 5

Directory Content - I

• Directory content is fairly static• Not all data from miscellaneous files goes in

the directory– Users, groups, configuration info, location info, policy,

user preferences are good candidates– Bootstrap information is not a good candidate

• Store as discrete entities or blobs?– Discrete entities allows for visual inspection and re-use

across products– Blobs limit use to a specific product

30 April 1998 IBM 6

Directory Content - II

• Secure sensitive information– Use ACLs: groups and roles to grant rights

– Request extensions to

• encrypt data for privacy

• digitally sign requests or data for integrity

30 April 1998 IBM 7

Schema & Namespace - I

• The namespace is global - structure it– Let the customer define the structure

– Hierarchy is good; it aids in

• partitioning for replication

• finding information

– Limit use of aliases (admin + and -)

– Enable schema checking

30 April 1998 IBM 8

Schema & Namespace - II

• Schema: model the data– Use industry standard objects and attributes where

possible

– Extend existing or define new schema as necessary

– Use auxiliary object classes where sub-classing not viable, e.g. extending the person object

– Use DNs to define relationships

30 April 1998 IBM 9

Finding Things

• Directory Servers– Define a ‘home server’ as a user preference– Let the ‘system’ help you

• DNS• DHCP• Referrals

• Objects and attributes– Use well-formed searches

30 April 1998 IBM 10

Summary

• Make directory use the default, not the option

• Do what meets your needs