Directory Server concepts

 

Information about Directory Server concepts.

Directory Server implements the Internet Engineering Task Force (IETF) LDAP V3 specifications. It also includes enhancements added by IBM^® in functional and performance areas. This version uses the IBM DB2 Universal Database™ for iSeries™ as the backing store to provide per LDAP operation transaction integrity, high performance operations, and on-line backup and restore capability. It interoperates with the IETF LDAP V3 based clients.

• Directories
  The Directory Server allows access to a type of database that stores information in a hierarchical structure similar to the way that the i5/OS integrated file system is organized.

• Distinguished names (DNs)
  Every entry in the directory has a distinguished name (DN). The DN is the name that uniquely identifies an entry in the directory. The first component of the DN is referred to as the Relative Distinguished Name (RDN).

• Suffix (naming context)
  A suffix (also known as a naming context) is a DN that identifies the top entry in a locally held directory hierarchy.

• Schema
  A schema is a set of rules that governs the way that data can be stored in the directory. The schema defines the type of entries allowed, their attribute structure and the syntax of the attributes.

• Recommended practices for directory structure
  The Directory Server is often used as a repository for users and groups. This section describes some recommended practices for setting up a structure that is optimized for managing users and groups. This structure and associated security model can be extended to other uses of the directory.

• Publishing
  Directory Server provides the ability to have the system publish certain kinds of information to an LDAP directory. That is, the system will create and update LDAP entries representing various types of data.

• Replication
  Replication is a technique used by directory servers to improve performance and reliability. The replication process keeps the data in multiple directories synchronized.

• Realms and user templates
  The realm and user template objects found in the Web administration tool are used in order to relieve the user of the need to understand some of the underlying LDAP issues.

• Search parameters
  To limit the amount of resources used by the server, an administrator can set search parameters to restrict users' search capabilities. Search capabilities can also be extended for special users.

• National language support (NLS) considerations
  NLS considerations include data formats, characters, mapping methods, and string case.

• Language tags
  The term language tags defines a mechanism that enables the Directory Server to associate natural language codes with values held in a directory and enables clients to query the directory for values that meet certain natural language requirements.

• LDAP directory referrals
  Referrals allow Directory Servers to work in teams. If the DN that a client requests is not in one directory, the server can automatically send (refer) the request to any other LDAP server.

• Transactions
  You can configure your Directory Server to allow clients to use transactions. A transaction is a group of LDAP directory operations that are treated as one unit.

• Directory Server security
  Learn how a variety of functions can be used to secure your Directory Server secure.

• Operating system projected backend
  The system projected backend has the ability to map i5/OS objects as entries within the LDAP-accessible directory tree. The projected objects are LDAP representations of the operating system objects instead of actual entries stored in the LDAP server database.

• Directory Server and i5/OS journaling support
  Directory Server uses i5/OS database support to store directory information. Directory Server uses commitment control to store directory entries in the database. This requires i5/OS journaling support.

• Unique attributes
  The unique attributes function ensures that specified attributes always have unique values within a directory.

• Operational attributes
  There are several attributes that have special meaning to the Directory Server known as operational attributes. These are attributes that are maintained by the server and either reflect information the server manages about an entry or affect server operation.

• Server caches
  LDAP caches are fast storage buffers in memory used to store LDAP information such as queries, answers, and user authentication for future use. Tuning the LDAP caches is crucial to improving performance.

• Controls and extended operations
  Controls and extended operations allow the LDAP protocol to be extended without changing the protocol itself.

• Save and restore considerations
  Directory Server stores data and configuration information in several locations.

 

Parent topic:

IBM Directory Server for iSeries (LDAP)