30 april 1998ibm1 directory services best practices ellen stokes, directory architect ibm austin...
TRANSCRIPT
30 April 1998 IBM 1
Directory ServicesBest Practices
Ellen Stokes, Directory Architect
IBM Austin
30 April 1998 IBM 2
Agenda
• Why Best Practices• Topics
– Heterogeneity– Directory Content– Schema and the Namespace– Finding Things
• Summary
30 April 1998 IBM 3
Why Best Practices?
• Aid in planning deployment and use of directory services
• Avoid the pitfalls & learn from collective experiences, such as– Leverage the directory as a cost effective part of your
total distributed solution– Don’t make the directory do what it wasn’t designed to
do, e.g. directories are not general purpose RDBMSs– Make effective use of the namespace for flexibility and
scalability of applications
30 April 1998 IBM 4
Heterogeneity
• The directory space is heterogeneous– Multiple platforms– Multiple directories
• Portability via APIs• Interoperability via Protocols• Customer decides how much synergy he
wants between directories - there are choices, such as– Meta-directory– Federation– Loose coupling (relationships, e.g. DNS)
30 April 1998 IBM 5
Directory Content - I
• Directory content is fairly static• Not all data from miscellaneous files goes in
the directory– Users, groups, configuration info, location info, policy,
user preferences are good candidates– Bootstrap information is not a good candidate
• Store as discrete entities or blobs?– Discrete entities allows for visual inspection and re-use
across products– Blobs limit use to a specific product
30 April 1998 IBM 6
Directory Content - II
• Secure sensitive information– Use ACLs: groups and roles to grant rights
– Request extensions to
• encrypt data for privacy
• digitally sign requests or data for integrity
30 April 1998 IBM 7
Schema & Namespace - I
• The namespace is global - structure it– Let the customer define the structure
– Hierarchy is good; it aids in
• partitioning for replication
• finding information
– Limit use of aliases (admin + and -)
– Enable schema checking
30 April 1998 IBM 8
Schema & Namespace - II
• Schema: model the data– Use industry standard objects and attributes where
possible
– Extend existing or define new schema as necessary
– Use auxiliary object classes where sub-classing not viable, e.g. extending the person object
– Use DNs to define relationships
30 April 1998 IBM 9
Finding Things
• Directory Servers– Define a ‘home server’ as a user preference– Let the ‘system’ help you
• DNS• DHCP• Referrals
• Objects and attributes– Use well-formed searches
30 April 1998 IBM 10
Summary
• Make directory use the default, not the option
• Do what meets your needs