Front cover -- Contents -- Notices -- Trademarks -- Preface -- The team that wrote this redbook -- Become a published author -- Comments welcome -- Summary of changes -- June 2004, Second Edition -- Part 1 Directories and LDAP -- Chapter 1. Introduction to LDAP -- 1.1 Directories -- 1.1.1 Directory versus database -- 1.1.2 LDAP: Protocol or directory -- 1.1.3 Directory clients and servers -- 1.1.4 Distributed directories -- 1.2 Advantages of using a directory -- 1.3 LDAP history and standards -- 1.3.1 OSI and the Internet -- 1.3.2 X.500 the Directory Server Standard -- 1.3.3 Lightweight Access to X.500 -- 1.3.4 Beyond LDAPv3 -- 1.4 Directory components -- 1.5 LDAP standards -- 1.6 IBM's Directory-enabled offerings -- 1.7 Directory resources on the Web -- Chapter 2. LDAP concepts and architecture -- 2.1 Overview of LDAP architecture -- 2.2 The informational model -- 2.2.1 LDIF -- 2.2.2 LDAP schema -- 2.3 The naming model -- 2.3.1 LDAP distinguished name syntax (DNs) -- 2.3.2 String form -- 2.3.3 URL form -- 2.4 Functional model -- 2.4.1 Query -- 2.4.2 Referrals and continuation references -- 2.4.3 Search filter syntax -- 2.4.4 Compare -- 2.4.5 Update operations -- 2.4.6 Authentication operations -- 2.4.7 Controls and extended operations -- 2.5 Security model -- 2.6 Directory security -- 2.6.1 No authentication -- 2.6.2 Basic authentication -- 2.6.3 SASL -- 2.6.4 SSL and TLS -- Chapter 3. Planning your directory -- 3.1 Defining the directory content -- 3.1.1 Defining directory requirements -- 3.2 Data design -- 3.2.1 Sources for data -- 3.2.2 Characteristics of data elements -- 3.2.3 Related data -- 3.3 Organizing your directory -- 3.3.1 Schema design -- 3.3.2 Namespace design -- 3.3.3 Naming style -- 3.4 Securing directory entries -- 3.4.1 Purpose -- 3.4.2 Analysis of security requirements -- 3.4.3 Design overview -- 3.4.4 Authentication design.

3.4.5 Authorization design -- 3.4.6 Non-directory security considerations -- 3.5 Designing your server and network infrastructure -- 3.5.1 Availability, scalability, and manageability requirements -- 3.5.2 Topology design -- 3.5.3 Replication design -- 3.5.4 Administration -- Part 2 IBM Tivoli Directory Server overview and installation -- Chapter 4. IBM Tivoli Directory Server overview -- 4.1 Definition of ITDS -- 4.2 ITDS 5.2 -- 4.3 Resources on ITDS -- 4.4 Summary of ITDS-related chapters -- Chapter 5. ITDS installation and basic configuration - Windows -- 5.1 Installable components -- 5.2 Installation and configuration checklist -- 5.3 System and software requirements -- 5.3.1 ITDS Client -- 5.3.2 ITDS Server (including client) -- 5.3.3 Web Administration Tool -- 5.4 Installing the server -- 5.4.1 Create a user ID for ITDS -- 5.4.2 Installing ITDS with the Installshield GUI -- 5.4.3 Configuring the Administrator DN and password -- 5.4.4 Configuring the database -- 5.4.5 Adding a suffix -- 5.4.6 Removing or reconfiguring a database -- 5.4.7 Enabling and disabling the change log -- 5.5 Starting ITDS -- Chapter 6. ITDS installation and basic configuration - AIX -- 6.1 Installable components -- 6.2 Installation and configuration checklist -- 6.3 System and software requirements -- 6.3.1 ITDS Client -- 6.3.2 ITDS Server (including client) -- 6.3.3 Web Administration Tool -- 6.4 Installing the server -- 6.4.1 Create a user ID for ITDS -- 6.4.2 Installing ITDS with the Installshield GUI -- 6.4.3 Configuring the Administrator DN and password -- 6.4.4 Configuring the database -- 6.4.5 Adding a suffix -- 6.4.6 Removing or reconfiguring a database -- 6.4.7 Enabling and disabling the change log -- 6.5 Starting ITDS -- 6.6 Uninstalling ITDS -- Chapter 7. ITDS installation and basic configuration on Intel Linux -- 7.1 Installable components.

7.2 Installation and configuration checklist -- 7.3 System and software requirements -- 7.3.1 ITDS Client -- 7.3.2 ITDS Server (including client) -- 7.3.3 Web Administration Tool -- 7.4 Installing the server -- 7.4.1 Create a user ID for ITDS -- 7.4.2 Installing ITDS with the Installshield GUI -- 7.4.3 Configuring the Administrator DN and password -- 7.4.4 Configuring the database -- 7.4.5 Adding a suffix -- 7.4.6 Removing or reconfiguring a database -- 7.4.7 Enabling and disabling the change log -- 7.5 Starting ITDS -- 7.6 Quick installation of ITDS 5.2 on Intel (minimal GUI) -- 7.7 Uninstalling ITDS -- 7.8 Removing all vestiges of an ITDS 5.2 Install on Intel Linux -- Chapter 8. IBM Tivoli Directory Server installation - IBM zSeries -- 8.1 Installing LDAP on z/OS -- 8.1.1 Using the ldapcnf utility -- 8.1.2 Running the MVS jobs -- 8.1.3 Loading the schema -- 8.1.4 Enabling Native Authentication -- 8.2 Migrating data to LDAP on z/OS -- 8.2.1 Migrating LDAP server contents to z/OS -- 8.2.2 Moving RACF users to the TDBM space -- Part 3 In-depth configuration and tuning -- Chapter 9. IBM Tivoli Directory Server Distributed Administration -- 9.1 Web Administration Tool graphical user interface -- 9.2 Starting the Web Administration Tool -- 9.3 Logging on to the console as the console administrator -- 9.4 Logging on to the console as the server administrator -- 9.5 Logging on as member of administrative group or as LDAP user -- 9.6 Logging off the console -- 9.7 Starting and stopping the server -- 9.7.1 Using Web Administration -- 9.7.2 Using the command line or Windows Services icon -- 9.8 Console layout -- 9.9 Configuration only mode -- 9.9.1 Minimum requirements for configuration-only mode -- 9.9.2 Starting LDAP in configuration-only mode -- 9.9.3 Verifying the server is in configuration-only mode -- 9.10 Setting up the console.

9.10.1 Managing the console -- 9.10.2 Creating an administrative group -- 9.10.3 Enabling and disabling the administrative group -- 9.10.4 Adding members to the administrative group -- 9.10.5 Modifying an administrative group member -- 9.10.6 Removing a member from the administrative group -- 9.11 ibmslapd command parameters -- 9.12 Directory administration daemon -- 9.12.1 The ibmdiradm command -- 9.12.2 Starting the directory administration daemon -- 9.12.3 Stopping the directory administration daemon -- 9.12.4 Administration daemon error log -- 9.13 The ibmdirctl command -- 9.14 Manual installation of IBM WAS - Express -- 9.14.1 Manually installing the Web Administration Tool -- 9.14.2 Manually uninstalling the Web Administration Tool -- 9.14.3 Default ports used by IBM WAS - Express -- 9.15 Installing in WebSphere Version 5.0 or later -- Chapter 10. Client tools -- 10.1 The ldapchangepwd command -- 10.1.1 Synopsis -- 10.1.2 Options -- 10.1.3 Examples -- 10.1.4 SSL, TLS notes -- 10.1.5 Diagnostics -- 10.2 The ldapdelete command -- 10.2.1 Synopsis -- 10.2.2 Description -- 10.2.3 Options -- 10.2.4 Examples -- 10.2.5 SSL, TLS notes -- 10.2.6 Diagnostics -- 10.3 The ldapexop command -- 10.3.1 Synopsis -- 10.3.2 Description -- 10.3.3 Options -- 10.4 The ldapmodify and ldapadd commands -- 10.4.1 Synopsis -- 10.4.2 Description -- 10.4.3 Options -- 10.4.4 Examples -- 10.4.5 SSL, TLS notes -- 10.4.6 Diagnostics -- 10.5 The ldapmodrdn command -- 10.5.1 Synopsis -- 10.5.2 Description -- 10.5.3 Options -- 10.5.4 Examples -- 10.5.5 SSL, TLS notes -- 10.5.6 Diagnostics -- 10.6 The ldapsearch command -- 10.6.1 Synopsis -- 10.6.2 Description -- 10.6.3 Options -- 10.6.4 Examples -- 10.6.5 SSL, TLS notes -- 10.6.6 Diagnostics -- 10.7 Summary -- Chapter 11. Schema management -- 11.1 What is the schema -- 11.1.1 Available schema files -- 11.1.2 Schema support.

11.1.3 OID -- 11.1.4 Inheritance -- 11.2 Modifying the schema -- 11.2.1 IBMAttributetypes -- 11.2.2 Working with objectclasses -- 11.2.3 Working with attributes -- 11.2.4 Disallowed schema changes -- 11.3 Indexing -- 11.4 Migrating the schema -- 11.4.1 Exporting the schema -- 11.4.2 Importing the schema -- 11.5 Dynamic schema -- Chapter 12. Group and role management -- 12.1 Groups -- 12.1.1 Static groups -- 12.1.2 Dynamic groups -- 12.1.3 Nested groups -- 12.1.4 Hybrid groups -- 12.1.5 Determining group membership -- 12.1.6 Group object classes -- 12.1.7 Group attribute types -- 12.2 Roles -- 12.3 Summary -- Chapter 13. Replication -- 13.1 General replication concepts -- 13.1.1 Terminology -- 13.1.2 How replication functions -- 13.2 Major replication topologies -- 13.2.1 Simple master-replica topology -- 13.2.2 Master-forwarder-replica topology (ITDS 5.2 and later) -- 13.2.3 GateWay Replication Topology (ITDS 5.2 and later) -- 13.2.4 Peer replication -- 13.3 Replication agreements -- 13.4 Configuring replication topologies -- 13.4.1 Simple master-replica topology -- 13.4.2 Using the command line -- 13.4.3 Promoting a replica to peer/master -- 13.4.4 Command line for a complex replication -- 13.5 Web administration tasks for managing replication -- 13.5.1 Managing topology -- 13.5.2 Modifying replication properties -- 13.5.3 Creating replication schedules -- 13.5.4 Managing queues -- 13.6 Repairing replication differences between replicas -- 13.6.1 The ldapdiff command tool -- Chapter 14. Access control -- 14.1 Overview -- 14.2 ACL model -- 14.2.1 EntryOwner information -- 14.2.2 Access Control information -- 14.3 Access control attribute syntax -- 14.3.1 Subject -- 14.3.2 Pseudo DNs -- 14.3.3 Object filter -- 14.3.4 Rights -- 14.3.5 Propagation -- 14.3.6 Access evaluation -- 14.3.7 Working with ACLs -- 14.4 Summary.

Chapter 15. Securing the directory.