Jump To Close Expand all Collapse all Table of contents Deployment Guide Making Open Source More Inclusive Preface Expand section "Preface" Collapse section "Preface" 1. Directory Server Overview 1. Introduction to Directory Services Expand section "1. Introduction to Directory Services" Collapse section "1. Introduction to Directory Services" 1.1. About Directory Services Expand section "1.1. About Directory Services" Collapse section "1.1. About Directory Services" 1.1.1. About Global Directory Services 1.1.2. About LDAP 1.2. Introduction to Directory Server Expand section "1.2. Introduction to Directory Server" Collapse section "1.2. Introduction to Directory Server" 1.2.1. Overview of the Server Frontend 1.2.2. Server Plug-ins Overview 1.2.3. Overview of the Basic Directory Tree 1.3. Directory Server Data Storage Expand section "1.3. Directory Server Data Storage" Collapse section "1.3. Directory Server Data Storage" 1.3.1. About Directory Entries Expand section "1.3.1. About Directory Entries" Collapse section "1.3.1. About Directory Entries" 1.3.1.1. Performing Queries on Directory Entries 1.3.2. Distributing Directory Data 1.4. Directory Design Overview Expand section "1.4. Directory Design Overview" Collapse section "1.4. Directory Design Overview" 1.4.1. Design Process Outline 1.4.2. Deploying the Directory 1.5. Other General Directory Resources 2. Planning the Directory Data Expand section "2. Planning the Directory Data" Collapse section "2. Planning the Directory Data" 2.1. Introduction to Directory Data Expand section "2.1. Introduction to Directory Data" Collapse section "2.1. Introduction to Directory Data" 2.1.1. Information to Include in the Directory 2.1.2. Information to Exclude from the Directory 2.2. Defining Directory Needs 2.3. Performing a Site Survey Expand section "2.3. Performing a Site Survey" Collapse section "2.3. Performing a Site Survey" 2.3.1. Identifying the Applications That Use the Directory 2.3.2. Identifying Data Sources 2.3.3. Characterizing the Directory Data 2.3.4. Determining Level of Service 2.3.5. Considering a Data Supplier 2.3.6. Determining Data Ownership 2.3.7. Determining Data Access 2.4. Documenting the Site Survey 2.5. Repeating the Site Survey 3. Designing the Directory Schema Expand section "3. Designing the Directory Schema" Collapse section "3. Designing the Directory Schema" 3.1. Schema Design Process Overview 3.2. Standard Schema Expand section "3.2. Standard Schema" Collapse section "3.2. Standard Schema" 3.2.1. Schema Format 3.2.2. Standard Attributes 3.2.3. Standard Object Classes 3.3. Mapping the Data to the Default Schema Expand section "3.3. Mapping the Data to the Default Schema" Collapse section "3.3. Mapping the Data to the Default Schema" 3.3.1. Viewing the Default Directory Schema 3.3.2. Matching Data to Schema Elements 3.4. Customizing the Schema Expand section "3.4. Customizing the Schema" Collapse section "3.4. Customizing the Schema" 3.4.1. When to Extend the Schema 3.4.2. Getting and Assigning Object Identifiers 3.4.3. Naming Attributes and Object Classes 3.4.4. Strategies for Defining New Object Classes 3.4.5. Strategies for Defining New Attributes 3.4.6. Deleting Schema Elements 3.4.7. Creating Custom Schema Files 3.4.8. Custom Schema Best Practices Expand section "3.4.8. Custom Schema Best Practices" Collapse section "3.4.8. Custom Schema Best Practices" 3.4.8.1. Naming Schema Files 3.4.8.2. Using 'user defined' as the Origin 3.4.8.3. Defining Attributes before Object Classes 3.4.8.4. Defining Schema in a Single File 3.5. Maintaining Consistent Schema Expand section "3.5. Maintaining Consistent Schema" Collapse section "3.5. Maintaining Consistent Schema" 3.5.1. Schema Checking 3.5.2. Syntax Validation Expand section "3.5.2. Syntax Validation" Collapse section "3.5.2. Syntax Validation" 3.5.2.1. Overview of Syntax Validation 3.5.2.2. Syntax Validation and Other Directory Server Operations 3.5.3. Selecting Consistent Data Formats 3.5.4. Maintaining Consistency in Replicated Schema 3.6. Other Schema Resources 4. Designing the Directory Tree Expand section "4. Designing the Directory Tree" Collapse section "4. Designing the Directory Tree" 4.1. Introduction to the Directory Tree 4.2. Designing the Directory Tree Expand section "4.2. Designing the Directory Tree" Collapse section "4.2. Designing the Directory Tree" 4.2.1. Choosing a Suffix Expand section "4.2.1. Choosing a Suffix" Collapse section "4.2.1. Choosing a Suffix" 4.2.1.1. Suffix Naming Conventions 4.2.1.2. Naming Multiple Suffixes 4.2.2. Creating the Directory Tree Structure Expand section "4.2.2. Creating the Directory Tree Structure" Collapse section "4.2.2. Creating the Directory Tree Structure" 4.2.2.1. Branching the Directory 4.2.2.2. Identifying Branch Points 4.2.2.3. Replication Considerations 4.2.2.4. Access Control Considerations 4.2.3. Naming Entries Expand section "4.2.3. Naming Entries" Collapse section "4.2.3. Naming Entries" 4.2.3.1. Naming Person Entries 4.2.3.2. Naming Group Entries 4.2.3.3. Naming Organization Entries 4.2.3.4. Naming Other Kinds of Entries 4.2.4. Renaming Entries and Subtrees 4.3. Grouping Directory Entries Expand section "4.3. Grouping Directory Entries" Collapse section "4.3. Grouping Directory Entries" 4.3.1. About Groups Expand section "4.3.1. About Groups" Collapse section "4.3.1. About Groups" 4.3.1.1. Listing Group Membership in User Entries 4.3.1.2. Automatically Adding New Entries to Groups 4.3.2. About Roles 4.3.3. Deciding Between Roles and Groups 4.4. Virtual Directory Information Tree Views Expand section "4.4. Virtual Directory Information Tree Views" Collapse section "4.4. Virtual Directory Information Tree Views" 4.4.1. About Virtual DIT Views 4.4.2. Advantages of Using Virtual DIT Views 4.4.3. Example of Virtual DIT Views 4.4.4. Views and Other Directory Features 4.4.5. Effects of Virtual Views on Performance 4.4.6. Compatibility with Existing Applications 4.5. Directory Tree Design Examples Expand section "4.5. Directory Tree Design Examples" Collapse section "4.5. Directory Tree Design Examples" 4.5.1. Directory Tree for an International Enterprise 4.5.2. Directory Tree for an ISP 4.6. Other Directory Tree Resources 5. Defining Dynamic Attribute Values Expand section "5. Defining Dynamic Attribute Values" Collapse section "5. Defining Dynamic Attribute Values" 5.1. Introduction to Managed Attributes 5.2. About Attribute Uniqueness 5.3. About Classes of Service Expand section "5.3. About Classes of Service" Collapse section "5.3. About Classes of Service" 5.3.1. About a Pointer CoS 5.3.2. About an Indirect CoS 5.3.3. About a Classic CoS 5.4. About Managed Entries Expand section "5.4. About Managed Entries" Collapse section "5.4. About Managed Entries" 5.4.1. Defining the Template for Managed Entries 5.4.2. Entry Attributes Written by the Managed Entries Plug-in 5.4.3. Managed Entries Plug-in and Directory Server Operations 5.5. About Linking Attributes Expand section "5.5. About Linking Attributes" Collapse section "5.5. About Linking Attributes" 5.5.1. Schema Requirements for Linking Attributes 5.5.2. Using Linked Attributes with Replication 5.6. About Dynamically Assigning Unique Number Values Expand section "5.6. About Dynamically Assigning Unique Number Values" Collapse section "5.6. About Dynamically Assigning Unique Number Values" 5.6.1. How the Directory Server Manages Unique Numbers 5.6.2. Using DNA to Assign Values to Attributes 5.6.3. Using the DNA Plug-in with Replication 6. Designing the Directory Topology Expand section "6. Designing the Directory Topology" Collapse section "6. Designing the Directory Topology" 6.1. Topology Overview 6.2. Distributing the Directory Data Expand section "6.2. Distributing the Directory Data" Collapse section "6.2. Distributing the Directory Data" 6.2.1. About Using Multiple Databases 6.2.2. About Suffixes 6.3. About Knowledge References Expand section "6.3. About Knowledge References" Collapse section "6.3. About Knowledge References" 6.3.1. Using Referrals Expand section "6.3.1. Using Referrals" Collapse section "6.3.1. Using Referrals" 6.3.1.1. The Structure of an LDAP Referral 6.3.1.2. About Default Referrals 6.3.1.3. Smart Referrals 6.3.1.4. Tips for Designing Smart Referrals 6.3.2. Using Chaining 6.3.3. Deciding Between Referrals and Chaining Expand section "6.3.3. Deciding Between Referrals and Chaining" Collapse section "6.3.3. Deciding Between Referrals and Chaining" 6.3.3.1. Usage Differences 6.3.3.2. Evaluating Access Controls 6.4. Using Indexes to Improve Database Performance Expand section "6.4. Using Indexes to Improve Database Performance" Collapse section "6.4. Using Indexes to Improve Database Performance" 6.4.1. Overview of Directory Index Types 6.4.2. Evaluating the Costs of Indexing 7. Designing the Replication Process Expand section "7. Designing the Replication Process" Collapse section "7. Designing the Replication Process" 7.1. Introduction to Replication Expand section "7.1. Introduction to Replication" Collapse section "7.1. Introduction to Replication" 7.1.1. Replication Concepts Expand section "7.1.1. Replication Concepts" Collapse section "7.1.1. Replication Concepts" 7.1.1.1. Unit of Replication 7.1.1.2. Read-Write and Read-Only Replicas 7.1.1.3. Suppliers and Consumers 7.1.1.4. Replication and Changelogs 7.1.1.5. Replication Agreement 7.1.2. Data Consistency 7.2. Common Replication Scenarios Expand section "7.2. Common Replication Scenarios" Collapse section "7.2. Common Replication Scenarios" 7.2.1. Single-Supplier Replication 7.2.2. Multi-Supplier Replication 7.2.3. Cascading Replication 7.2.4. Mixed Environments 7.3. Defining a Replication Strategy Expand section "7.3. Defining a Replication Strategy" Collapse section "7.3. Defining a Replication Strategy" 7.3.1. Conducting a Replication Survey 7.3.2. Replicate Selected Attributes with Fractional Replication 7.3.3. Replication Resource Requirements 7.3.4. Managing Disk Space Required for Multi-Supplier Replication 7.3.5. Replication Across a Wide-Area Network 7.3.6. Using Replication for High Availability 7.3.7. Using Replication for Local Availability 7.3.8. Using Replication for Load Balancing Expand section "7.3.8. Using Replication for Load Balancing" Collapse section "7.3.8. Using Replication for Load Balancing" 7.3.8.1. Example of Network Load Balancing 7.3.8.2. Example of Load Balancing for Improved Performance 7.3.8.3. Example Replication Strategy for a Small Site 7.3.8.4. Example Replication Strategy for a Large Site 7.4. Using Replication with Other Directory Server Features Expand section "7.4. Using Replication with Other Directory Server Features" Collapse section "7.4. Using Replication with Other Directory Server Features" 7.4.1. Replication and Access Control 7.4.2. Replication and Directory Server Plug-ins 7.4.3. Replication and Database Links 7.4.4. Schema Replication 7.4.5. Replication and Synchronization 8. Designing Synchronization Expand section "8. Designing Synchronization" Collapse section "8. Designing Synchronization" 8.1. Windows Synchronization Overview Expand section "8.1. Windows Synchronization Overview" Collapse section "8.1. Windows Synchronization Overview" 8.1.1. Synchronization Agreements 8.1.2. Changelogs 8.2. Supported Active Directory Versions 8.3. Planning Windows Synchronization Expand section "8.3. Planning Windows Synchronization" Collapse section "8.3. Planning Windows Synchronization" 8.3.1. Resource Requirements 8.3.2. Managing Disk Space for the Changelog 8.3.3. Defining the Connection Type 8.3.4. Considering a Data Supplier 8.3.5. Determining the Subtree to Synchronize 8.3.6. Interaction with a Replicated Environment 8.3.7. Controlling the Sync Direction 8.3.8. Controlling Which Entries Are Synced 8.3.9. Identifying the Directory Data to Synchronize 8.3.10. Synchronizing POSIX Attributes for Users and Groups 8.3.11. Synchronizing Passwords and Installing Password Services 8.3.12. Defining an Update Strategy 8.3.13. Editing the Sync Agreement 8.4. Schema Elements Synchronized Between Active Directory and Directory Server Expand section "8.4. Schema Elements Synchronized Between Active Directory and Directory Server" Collapse section "8.4. Schema Elements Synchronized Between Active Directory and Directory Server" 8.4.1. User Attributes Synchronized Between Directory Server and Active Directory 8.4.2. User Schema Differences between Red Hat Directory Server and Active Directory Expand section "8.4.2. User Schema Differences between Red Hat Directory Server and Active Directory" Collapse section "8.4.2. User Schema Differences between Red Hat Directory Server and Active Directory" 8.4.2.1. Values for cn Attributes 8.4.2.2. Password Policies 8.4.2.3. Values for street and streetAddress 8.4.2.4. Constraints on the initials Attribute 8.4.3. Group Attributes Synchronized Between Directory Server and Active Directory 8.4.4. Group Schema Differences between Red Hat Directory Server and Active Directory 9. Designing a Secure Directory Expand section "9. Designing a Secure Directory" Collapse section "9. Designing a Secure Directory" 9.1. About Security Threats Expand section "9.1. About Security Threats" Collapse section "9.1. About Security Threats" 9.1.1. Unauthorized Access 9.1.2. Unauthorized Tampering 9.1.3. Denial of Service 9.2. Analyzing Security Needs Expand section "9.2. Analyzing Security Needs" Collapse section "9.2. Analyzing Security Needs" 9.2.1. Determining Access Rights 9.2.2. Ensuring Data Privacy and Integrity 9.2.3. Conducting Regular Audits 9.2.4. Example Security Needs Analysis 9.3. Overview of Security Methods 9.4. Selecting Appropriate Authentication Methods Expand section "9.4. Selecting Appropriate Authentication Methods" Collapse section "9.4. Selecting Appropriate Authentication Methods" 9.4.1. Anonymous and Unauthenticated Access 9.4.2. Simple Binds and Secure Binds 9.4.3. Certificate-Based Authentication 9.4.4. Proxy Authentication 9.4.5. Pass-through Authentication 9.4.6. Password-less Authentication 9.5. Designing an Account Lockout Policy 9.6. Designing a Password Policy Expand section "9.6. Designing a Password Policy" Collapse section "9.6. Designing a Password Policy" 9.6.1. How Password Policy Works 9.6.2. Password Policy Attributes Expand section "9.6.2. Password Policy Attributes" Collapse section "9.6.2. Password Policy Attributes" 9.6.2.1. Maximum Number of Failures 9.6.2.2. Password Change After Reset 9.6.2.3. User-Defined Passwords 9.6.2.4. Password Expiration 9.6.2.5. Expiration Warning 9.6.2.6. Grace Login Limit 9.6.2.7. Password Syntax Checking 9.6.2.8. Password Length 9.6.2.9. Password Minimum Age 9.6.2.10. Password History 9.6.2.11. Password Storage Schemes 9.6.2.12. Password Last Change Time 9.6.3. Designing a Password Policy in a Replicated Environment 9.7. Designing Access Control Expand section "9.7. Designing Access Control" Collapse section "9.7. Designing Access Control" 9.7.1. About the ACI Format Expand section "9.7.1. About the ACI Format" Collapse section "9.7.1. About the ACI Format" 9.7.1.1. Targets 9.7.1.2. Permissions 9.7.1.3. Bind Rules 9.7.2. Setting Permissions Expand section "9.7.2. Setting Permissions" Collapse section "9.7.2. Setting Permissions" 9.7.2.1. The Precedence Rule 9.7.2.2. Allowing or Denying Access 9.7.2.3. When to Deny Access 9.7.2.4. Where to Place Access Control Rules 9.7.2.5. Using Filtered Access Control Rules 9.7.3. Viewing ACIs: Get Effective Rights 9.7.4. Using ACIs: Some Hints and Tricks 9.7.5. Applying ACIs to the Root DN (Directory Manager) 9.8. Encrypting the Database 9.9. Securing Server Connections 9.10. Using SELinux Policies 9.11. Other Security Resources 10. Directory Design Examples Expand section "10. Directory Design Examples" Collapse section "10. Directory Design Examples" 10.1. Design Example: A Local Enterprise Expand section "10.1. Design Example: A Local Enterprise" Collapse section "10.1. Design Example: A Local Enterprise" 10.1.1. Local Enterprise Data Design 10.1.2. Local Enterprise Schema Design 10.1.3. Local Enterprise Directory Tree Design 10.1.4. Local Enterprise Topology Design Expand section "10.1.4. Local Enterprise Topology Design" Collapse section "10.1.4. Local Enterprise Topology Design" 10.1.4.1. Database Topology 10.1.5. Local Enterprise Replication Design Expand section "10.1.5. Local Enterprise Replication Design" Collapse section "10.1.5. Local Enterprise Replication Design" 10.1.5.1. Supplier Architecture 10.1.5.2. Supplier Consumer Architecture 10.1.6. Local Enterprise Security Design 10.1.7. Local Enterprise Operations Decisions 10.2. Design Example: A Multinational Enterprise and Its Extranet Expand section "10.2. Design Example: A Multinational Enterprise and Its Extranet" Collapse section "10.2. Design Example: A Multinational Enterprise and Its Extranet" 10.2.1. Multinational Enterprise Data Design 10.2.2. Multinational Enterprise Schema Design 10.2.3. Multinational Enterprise Directory Tree Design 10.2.4. Multinational Enterprise Topology Design Expand section "10.2.4. Multinational Enterprise Topology Design" Collapse section "10.2.4. Multinational Enterprise Topology Design" 10.2.4.1. Database Topology 10.2.4.2. Server Topology 10.2.5. Multinational Enterprise Replication Design Expand section "10.2.5. Multinational Enterprise Replication Design" Collapse section "10.2.5. Multinational Enterprise Replication Design" 10.2.5.1. Supplier Architecture 10.2.6. Multinational Enterprise Security Design A. Directory Server RFC Support Expand section "A. Directory Server RFC Support" Collapse section "A. Directory Server RFC Support" A.1. LDAPv3 Features A.2. Authentication Methods A.3. X.509 Certificates Schema and Attributes Support B. Revision History Legal Notice Settings Close Language: English 简体中文 日本語 한국어 Language: English 简体中文 日本語 한국어 Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: English 简体中文 日本語 한국어 Language: English 简体中文 日本語 한국어 Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF 8.2. Supported Active Directory Versions Windows Synchronization and the Password Sync Service are supported on Windows 2008 R2 and Windows 2012 R2 on both 32-bit and 64-bit platforms. Previous Next