Directory Services and LDAP
Services
Skills 1st offers consultancy and training:- Directory Service design and deployment
- Directory Synchronisation and meta-directory consultancy
- LDAP training from fundamentals to schema design
- OpenLDAP installation and support
- OpenLDAP training courses
- IBM Tivoli Directory Server consultancy and training
- IBM Tivoli Directory Integrator consultancy and training
- LDAP security and access control design and implementation
- LDAP-integrated mail system design
Call Andrew Findlay to discuss your requirements:
+44 1628 782565andrew.findlay@skills-1st.co.uk
Resources
- Planning Directory Services - a booklet written for European Public Sector Administrators outlining the benefits of Directory Services and the process of planning for their introduction. This was written in 1998, but a surprising amount is still relevant today.
- Implementing An Organisational Directory Service A detailed look at Directory Services, their benefits, the legal and organisational framework that they exist in, and the issues involved in planning and deploying them. (Euroview deliverable) Uxbridge, 1999.
- Security with LDAP It is possible to use LDAP as a Network Information Service as well as for the more traditional white-pages service. This requires support from operating systems and has new security implications. This paper examines how open-source implementations are rising to the challenge. The paper was first presented at the UKUUG Winter Technical Conference, London, February 2002.
-
LDAP Schema Design
It is possible to make one LDAP directory serve many applications in
an organisation. This has the advantage of reducing the effort
required to maintain the data, but it does mean that the design must
be thought out very carefully before implementation starts.
Schema is the term used to describe the shape of the directory and the rules that govern its content. This paper takes the reader through the schema design process from requirements capture to tree layout to entry design. Some traps and pitfalls along the way are discussed, and an example design is sketched out. - Selected LDAP Attributes This is a document that I give to all my LDAP design clients: it collects together descriptions of most of the commonly-used attributes. For each attribute I give the definition from the standard and a commentary on how it is used in practice.
-
Writing Access Control Policies for LDAP
Most non-trivial LDAP deployments have an access policy. Writing this policy
and translating it into the access-control language of the server requires
some care. This paper suggests an approach to designing and testing
access control rules.
It includes worked examples to illustrate some common use-cases.
The paper was presented at the UKUUG Spring 2009 Conference in London. -
Best Practices in LDAP Security
LDAP servers are part of the critical infrastructure of most large organisations. They hold personal data subject to legal protection, and often act as the authoritative source of authentication and authorisation for multiple applications.
This paper divides LDAP security into three major requirements: availability, integrity, and confidentiality. Appropriate controls are proposed for each topic, noting the interactions and compromises that are required. Most of the controls are technical, relating to design and administration issues that affect all LDAP server products. The tradeoff between technical and organisational controls is discussed, with reference to common human factors issues.
The paper was presented at the LDAPCon2011 conference in Heidelberg.
See also Andrew Findlay's list of papers
More Directory Service Sites
- We manage the TDI Users website - a Wiki for the Tivoli Directory Integrator community.
- The LDAP Best Practices Wiki is a growing collection of good LDAP practices.