77 lines
4.8 KiB
HTML
77 lines
4.8 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="dc.language" scheme="rfc1766" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow"/>
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<title>Directory Server (LDAP) - Plan your Directory Server</title>
|
|
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
|
|
<link rel="stylesheet" type="text/css" href="ic.css" />
|
|
</head>
|
|
<body>
|
|
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
|
|
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
|
|
|
|
|
|
<a name="rzahypln-po"></a>
|
|
<h2 id="rzahypln-po">Plan your Directory Server</h2>
|
|
<p>Before you install Directory Server and begin to configure your LDAP directory,
|
|
you should take a few minutes to plan the directory. Important things to consider
|
|
include the following:</p>
|
|
<ul>
|
|
<li><img src="delta.gif" alt="Start of change" /><span class="bold">Organize the directory</span>. Plan
|
|
the structure of your directory and determine what suffixes and attributes
|
|
your server will require. For more information, see <a href="rzahyrecoprac.htm#rzahyrecoprac">Recommended practices for directory structure</a>, <a href="rzahydefdir.htm#rzahydefdir">Directories</a>, <a href="rzahysuffix.htm#rzahysuffix">Suffix (naming context)</a>, and <a href="rzahyattributes.htm#rzahyattributes">Attributes</a>.<img src="deltaend.gif" alt="End of change" /></li>
|
|
<li><span class="bold">Decide how large your directory will be</span>.
|
|
You can then estimate how much storage you need. The size of the directory
|
|
depends on the following:
|
|
<ul>
|
|
<li>The number of attributes in the servers schema.</li>
|
|
<li>The number of entries on the server.</li>
|
|
<li>The type of information that you store on the server.</li></ul>For example, an empty directory that uses the default Directory Server schema
|
|
requires approximately 10 MB of storage space. A directory that uses the default
|
|
schema and which contains 1000 entries of typical employee information requires
|
|
about 30 MB of storage space. This number will vary depending on the exact
|
|
attributes that you used. It will also increase greatly if you stored large
|
|
objects, such as pictures, in the directory.</li>
|
|
<li><span class="bold">Decide what security measures you will take</span>.
|
|
<p>Directory server allows you to apply a password policy to ensure
|
|
that ensure that users change their passwords periodically, and that the passwords
|
|
meet the organization's syntactic password requirements.</p>
|
|
<p>Directory Server supports
|
|
the use of Secure Sockets Layer (SSL) and Digital Certificates as well as
|
|
Transport Layer Security (TLS) for communication security. Kerberos authentication
|
|
is also supported.</p>
|
|
<p>Directory Server allows you to control access to directory
|
|
objects with access control lists (ACLs). You can also use the operating system's
|
|
security auditing to protect the directory.</p>
|
|
<p>Additionally decide what
|
|
password policy to apply.</p></li>
|
|
<li><span class="bold">Choose an administrator DN and password</span>.
|
|
The default administrator DN is <tt class="xph">cn=administrator</tt>. This
|
|
is the only identity that authority to create or change directory entries
|
|
when the server is initially configured. You can use the default administrator
|
|
DN or select a different DN. You also need to create a password for the administrator
|
|
DN.</li>
|
|
<li><span class="bold">Install prerequisite software for the Directory
|
|
Server Web administration tool</span>. In order to use the Directory Server
|
|
Web administration tool, the following prerequisite products must be installed
|
|
on the iSeries server.
|
|
<ul>
|
|
<li>IBM HTTP Server for iSeries (5722-DG1)</li>
|
|
<li>IBM WebSphere Application Server - Express (5722-IWE Base and Option 2)</li></ul>See the <a href="../rzaie/rzaiemain.htm">IBM HTTP Server</a> topic for more information
|
|
about IBM HTTP Server for iSeries and IBM WebSphere Application Server - Express.</li></ul>
|
|
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
|
|
</body>
|
|
</html>
|