[PDF] Which directory Replication—OpenLDAP uses single master

View - Download Which directory

Previous PDF

Next PDF

WHITE PAPER

www.novell.comDirectory Services

LDAP server?

Which directory

offers the best

Which directory offers

the best LDAP server? 2 2 2 18 26
26
eBUSINESS-READY LDAP

DIRECTORY SERVICE

WHICH DIRECTORY OFFERS THE

BEST LDAP SERVER?

THE LDAP LINEUP

THE eDIRECTORY ADVANTAGE

NOVELL DEVELOPMENT PARTNER

COOL SOLUTIONS

eDIRECTORY: THE RIGHT CHOICE

FOR LDAP

table of contents

Which directory

offers the best

LDAP server?

2 You need an LDAP directory, you really need one, but not just any LDAP directory. You need an enterprise-class, eBusiness-ready LDAP directory service with a rich feature set and superior developer supportÑand itÕd be nice if it ran on your existing platformsÉall of your existing platforms.

Novell

¨NDS¨eDirectory

is that directory. Featuring a native implementation of LDAP, eDirectory runs on virtually every major commercial platform. It is scalable and secure. You can develop to it with Java , ActiveX*, C/C++ or scripting interfaces with confidence that your code will conform to the latest standards. And you donÕt have to write separate applications for all those platforms you currently support. directory service LDAP

WHICH DIRECTORY OFFERS THE BEST

LDAP SERVER?

NDS eDirectory has been awarded the directory

service ÒProduct of the YearÓ honor by Network Magazine, a leading networking focused publication, marking the third year in a row that an NDS product has taken this prize, but this award is just the latest in the list of industry honors received by NDS products in the last several years from Network

Computing, Information Week, Network World and

other internationally recognized organizations.

So, if you need a flexible and scalable LDAP

directoryÑand you know you doÑwhen you compare the other directory products, weÕre sure youÕll decide that there is nothing that really competes with NDS eDirectory. But donÕt take our word for it,

look at the competition and compare the features.Actually, weÕve saved you the trouble and done the

comparison for youÑall you have to do is read on.

THE LDAP LINEUP

LDAP Rocks! The Lightweight Directory Access

Protocol (LDAP) was created by a group of protocol engineers at the University of Michigan as an easy to implement method of accessing X.500 directories over TCP/IP. LDAP has quickly become the de facto directory access standard for Internet- ready user management and e-commerce solutions.

LDAP is widely implemented; every major directory

supports LDAP, while LDAP clients are ubiquitous (Web browsers, for example). There are even

LDAP-only directory servers. Unfortunately,

each vendorÕs LDAP directory provides differing functionality using varying methods. eBusiNess-ready an

Which directory

offers the best

LDAP server?

3

The X.500 specificationsÑthe industry standard

for directoriesÑdescribe a massively scalable directory service designed to serve in highly distributed environments. These standards define distributed operations, methods of inter-server communication, data management methods, and describe a mechanism for providing secure access to the directory. X.500 was originally developed as a means of creating an international ÒWhite PagesÓ with many independent entities owning their own data, and yet having the totality of the information appear as a unified tree to users. X.500 defines a general-purpose directory design and is easily extensible to allow for ongoing enhancements.

Then there were the network operating system

directories; Novell Directory Services

¨, Banyan*

StreetTalk*, NT domains, and, more recently,

Active Directory*. Because they have had an easily available user base, many developers have written applications using them and vendors have developed many tools to simplify usage. Consider the number of available products leveraging NDS, or Windows NT* Domains, both of which have been around long enough to build up market share.

WeÕre going to look at a number of directory

products; LDAP-only, network operating system, and X.500-based directory services. You will be able to see how the architectural foundation and primary intended function of the directory has influenced the resulting directory service. iPlanet iPlanet* Directory Server is an LDAP-only server designed for user authentication and managementin e-commerce, extranet and intranet implementations. iPlanet is the foundation for a suite of e-commerce products delivered by the Sun-Netscape alliance. Sun has recently acquired Innosoft and is incorporating their directory products, including an LDAP proxy server, into the iPlanet line.

Functional aspects

iPlanet was created at Netscape by core members of the team that built the University of Michigan

Standalone LDAP Server(SLAPD). It is a fully

LDAP-compliant directory capable of using its own

datastore or plugging into a relational database.

The just released version 5 has supposedly

undergone a complete re-design to improve scalability, performance and availability. ScalabilityÑiPlanet v5 claims Òvirtually unlimited scalabilityÓ in press releases, but claims only Òover 50 million entries per serverÓ (version 4 supported 50 million objects per server) in its specifications. This version introduces finer- grained partitioning so that the tree may be spread among more servers, hopefully improving scalability as well as performance. iPlanet also provides APIs that enable plugging in a relational database, such as Oracle*, as the data storage system, extending scalability and reliability, but most likely reducing performance. ReplicationÑiPlanet v5 introduces a multi-master model (actually a dual-master) which is, essentially a primary master and a backup master.

Should the primary be unavailable, the secondary

takes over. Once the primary is back on line,

Which directory

offers the best

LDAP server?

4 its updated by the former secondary then reasserts its primacy. Replication is done via LDAP, and is not automaticÑreplication agreement must be manually created for each pair of servers that will be involved in replication.

Replication granularityÑiPlanet v5 introduces

flexible partitioning of the directory tree, allowing sub-trees to be distributed among multiple directory servers. No finer replication filtering capabilities (such as object or attribute replication filters) exist.

SynchronizationÑUpdates are done via changelog

files resulting in possible unneeded data being sent during the replication process. For example, if several changes are made to the same object, rather than sending only the net changes, directories using changelog style synchronization will send all of the interim changes as well. Directory ToolsÑiPlanet includes limited tools, including a Java administration console that allows delegation of administration only at the host, server, or task level, although v5 does introduce the concept of nested roles to improve delegation. The NT Domain Synchronization tool which was a part of version 4 is no longer available in v5. Netscape Communicator* is not only the primary client for iPlanet, it is also used for LDIF import operations.

Technical aspects

The iPlanet directory server is an LDAP-only

directory server that provides a high level of overall performance and manageability. iPlanet support for LDAP v.3 is comprehensive.X.500 complianceÑiPlanet does not support any significant portions of the X.500 standards beyond those mandated by LDAP. iPlanet does not provide automatic server discovery or knowledge reference creation, relying upon manual construction of knowledge references between directory servers. LDAP supportÑAs iPlanet is an LDAP-only directory server, it provides comprehensive support for LDAP v. 3 including extensions such as virtual list views, persistent search, and server-side sorting.

LDIFÑLDIF support for importing and exporting

directory information is provided. Version 5 introduces LDIF support for schema modifications.

SecurityÑiPlanet supports LDAP over SSL, X.509

certificates, the FPS-140 cipher suite, and user- defined mechanisms such as Kerberos via the

Simple Authentication and Security Layer (SASL).

PKCS#11 is supported for hardware accelerated SSL.

While there is a certificate management product

available as part of the iPlanet product line, it is not free. User authentication is provided through user ID/password, X.509v3 public-key certificates, or administrator-defined method. Version 5 also introduces support for digest MD5 authentication.

DNS Integration/FederationÑSupport for DNS

naming via DC objects (RFC 2247) is introduced in iPlanet version 5. DNS SRV records are not used for directory server location.

Developer Outlook

The iPlanet Developer site includes SDKs and

substantial programming resources in the form of documentation, newsgroups, tools, code

Which directory

offers the best

LDAP server?

5 Supported PlatformsÑSun* Solaris 2.6 for SPARC,

Sun Solaris 8 for SPARC, Hewlett Packard* HP-UX*

11.0, IBM* AIX* 4.3.3 (PowerPC), Microsoft*

Windows* NT 4 Server (x86 only), and Microsoft

Windows 2000 Server. HP has bundled iPlanet

with HP-UX.

ConsultingÑThe Sun/Netscape Alliance provides

(for a fee) iPlanet Professional Services to work with your business on all phases of directory- enabling your internet and e-commerce operations, including planning, integration, deployment, and maintenance.

CostÑThe list price for iPlanet server is $995

(with 100 client licenses), additional licenses are 10 for $100 ($10 per CAL). You should also consider the cost of ancillary products like the certificate server, and relatively expensive development tools like the J2EE components.

SecureWay

IBMÕs SecureWay* Directory is an LDAP-only

product designed for Internet user management and e-commerce operations. SecureWay directory is a component of many IBM products including

WebSphere*, SecureWay On-Demand Server,

OS/390*, OS/400*, and AIX.

Functional aspects

SecureWay is an SLAPD-based directory service

using IBMÕs DB/2 database as the data store.

It requires the presence of an SSL-enabled Web

server on the network. Some basic functionality, such as referrals between directory servers, requires manual configuration.samples, TechNotes, whitepapers, and iPlanet server downloads.

InterfacesÑiPlanet programmatic interfaces

include C, Java, JavaScript*, Perl, and HTML via an HTML Gateway. Custom connectors to external data sources can be developed with PerlLDAP.

Software Developer KitÑThere are free

downloadable Netscape* Directory SDKs for C and Java, as well as Perl LDAP for Solaris* and

Windows NT only. Sun has recently announced the

availability of a iPlanet Developer Pack and Java 2

Enterprise Edition (J2EE) Component Library

(which costs $1295 per developer).

Developer SupportÑThe iPlanet developer

community offers support via newsgroups, FAQs, and a newsletter. Although there is no free support, fee-based support is available at a reduced price ($150 v. $300) for community members.

3rd PartyÑiPlanet is being integrated into

an wide variety of business solutions including online wireless, billing, selling, procurement, trading, communication services, and open digital marketplaces.

Business perspective

iPlanet is designed for use outside the corporate firewall as an Internet-based server. With its lack of back-end features, it is most appropriate for

Internet directory deployments, but not designed

for enterprise network management, or large-scale distributed directory applications.

Market AcceptanceÑSun claims 70% of the

LDAP-only directory market with 330 million

licenses worldwide.

Which directory

offers the best

LDAP server?

6 LDAP supportÑLDAP v. 3 is fully supported, as is directory browsing via HTTP.

LDIFÑBasic LDIF support for LDIF-based data

import, export and bulkload operations is provided.

SecurityÑSASL, Kerberos, CRAM MD-5, GSSAPI,

and SSL are supported, although SSL requires installing GSKIT on the SecureWay server.

Password authentication can also use SHA, crypt,

or imask. Audit logging is supported.

DNS Integration/FederationÑIBM provides

comprehensive information on configuring

DNS service (SRV) records for locating

SecureWay servers.

Developer Outlook

SecureWay developer resources are provided in

client SDKs and references documenting directory access using popular programming languages.

InterfacesÑSecureWay allows programmatic

access via C, Java 1.2, JNDI, ODBC, SQL, and browsing via HTTP.

Software Developer KitÑClient and server SDKs

in C and JNDI for Windows NT, AIX, Solaris, and

HP-UX are available from IBM. Plug-in developer

kits allow extension of directory functionality for database-related, auditing, and LDAP operations.

Developer SupportÑIn addition to an online

technical database, SecureWay developer support is provided via newsgroups, newsletters, online documentation, as well as support downloads.

3rd PartyÑIBM has formed partnerships with

companies such as Bowstreet, Lucent, Aventail,ScalabilityÑSecureWay is capable of managing up to 4 billion entries in a single tree.

ReplicationÑSecureWay uses a single-master

replication model and replication relationships must be manually configured. Only direct replication operations are supportedÑnot cascaded replication (where a replica serves as the source for another replica).

Replication granularityÑSelective replication

by attribute or subtree is not supported.

SynchronizationÑSecureWay uses changelog files

for synchronization processes.quotesdbs_dbs26.pdfusesText_32

[PDF] comparaison entre openldap et active directory

[PDF] différence entre ldap et active directory

[PDF] openldap active directory sync

[PDF] synchronisation d'annuaire active directory et de base ldap

[PDF] ldap synchronization connector

[PDF] cours active directory pdf gratuit

[PDF] active directory pdf windows server 2008

[PDF] cours active directory windows server 2008 pdf

[PDF] active directory francais

[PDF] cours active directory ppt

[PDF] installation et configuration windows server 2012 pdf

[PDF] guide de ladministrateur windows server 2012 pdf

[PDF] toutes les formules excel 2007

[PDF] astuces excel 2007 pdf

[PDF] excel astuces formules