Directory Server concepts
Information about Directory Server concepts.
Directory Server implements the Internet Engineering Task Force (IETF) LDAP V3 specifications. It also includes enhancements added by IBM® in functional and performance areas. This version uses the IBM DB2 Universal Database™ for iSeries™ as the backing store to provide per LDAP operation transaction integrity, high performance operations, and on-line backup and restore capability. It interoperates with the IETF LDAP V3 based clients.
- Directories
The Directory Server allows access to a type of database that stores information in a hierarchical structure similar to the way that the i5/OS integrated file system is organized.
- Distinguished names (DNs)
Every entry in the directory has a distinguished name (DN). The DN is the name that uniquely identifies an entry in the directory. The first component of the DN is referred to as the Relative Distinguished Name (RDN).
- Suffix (naming context)
A suffix (also known as a naming context) is a DN that identifies the top entry in a locally held directory hierarchy.
- Schema
A schema is a set of rules that governs the way that data can be stored in the directory. The schema defines the type of entries allowed, their attribute structure and the syntax of the attributes.
- Recommended practices for directory structure
The Directory Server is often used as a repository for users and groups. This section describes some recommended practices for setting up a structure that is optimized for managing users and groups. This structure and associated security model can be extended to other uses of the directory.
- Publishing
Directory Server provides the ability to have the system publish certain kinds of information to an LDAP directory. That is, the system will create and update LDAP entries representing various types of data.
- Replication
Replication is a technique used by directory servers to improve performance and reliability. The replication process keeps the data in multiple directories synchronized.
- Realms and user templates
The realm and user template objects found in the Web administration tool are used in order to relieve the user of the need to understand some of the underlying LDAP issues.
- Search parameters
To limit the amount of resources used by the server, an administrator can set search parameters to restrict users' search capabilities. Search capabilities can also be extended for special users.
- National language support (NLS) considerations
NLS considerations include data formats, characters, mapping methods, and string case.
- Language tags
The term language tags defines a mechanism that enables the Directory Server to associate natural language codes with values held in a directory and enables clients to query the directory for values that meet certain natural language requirements.
- LDAP directory referrals
Referrals allow Directory Servers to work in teams. If the DN that a client requests is not in one directory, the server can automatically send (refer) the request to any other LDAP server.
- Transactions
You can configure your Directory Server to allow clients to use transactions. A transaction is a group of LDAP directory operations that are treated as one unit.
- Directory Server security
Learn how a variety of functions can be used to secure your Directory Server secure.
- Operating system projected backend
The system projected backend has the ability to map i5/OS objects as entries within the LDAP-accessible directory tree. The projected objects are LDAP representations of the operating system objects instead of actual entries stored in the LDAP server database.
- Directory Server and i5/OS journaling support
Directory Server uses i5/OS database support to store directory information. Directory Server uses commitment control to store directory entries in the database. This requires i5/OS journaling support.
- Unique attributes
The unique attributes function ensures that specified attributes always have unique values within a directory.
- Operational attributes
There are several attributes that have special meaning to the Directory Server known as operational attributes. These are attributes that are maintained by the server and either reflect information the server manages about an entry or affect server operation.
- Server caches
LDAP caches are fast storage buffers in memory used to store LDAP information such as queries, answers, and user authentication for future use. Tuning the LDAP caches is crucial to improving performance.
- Controls and extended operations
Controls and extended operations allow the LDAP protocol to be extended without changing the protocol itself.
- Save and restore considerations
Directory Server stores data and configuration information in several locations.
Parent topic:
IBM Directory Server for iSeries (LDAP)