Tuesday, October 9, 2007

Sun Java System Directory Server 6.0 as an LDAP Naming Service

A four-part feature articles on BigAdmin, "Sun Java System Directory Server 6.0 as an LDAP Naming Service", describes in great detail how to setup JSDE 6.0 as and LDAP naming service for Solaris 8, 9 and 10 clients.

To create a robust, highly available directory service, 2 servers are configured at one site and 2 more at a secondary site:





There are many users and advantages to using LDAP as a naming service over NIS or individually managed servers:
  • Centralized administration of users who log in to AIX, Linux, and Solaris servers and workstations
  • Groups of users can be created and managed in a centralized repository
  • Password policies governing user passwords are centralized and enforced
  • Netgroups can be used to restrict user access to specified servers and workstations
  • Policies governing inactive users
  • Repository provides high failover capability and high availability
This article makes a number of assumptions
  • Directory Server version 6.0 is installed on the four directory servers, which run the Solaris 10 OS with all the required patches.
  • SSL will be used for all communication between the directory servers and between the directory servers and the AIX, Linux, and Solaris OS clients.
  • There is no existing NIS/NIS+ environment.
  • You will consolidate user data from the local /etc/passwd and /etc/group files on all native LDAP clients, and you will enforce uidNumber uniqueness.
  • The pam_ldap Solaris pluggable authentication module (PAM) is used exclusively for directory users and account management.
  • Netgroups will be used to control user access to any server managed by the Directory Server naming service.

The article is presented in the following four parts:

No comments: