Otecia International: Targeting your enterprise security needs / Identity & Access Management (MIIS, ILM, IAM, IdM, OAM, OIM, Tivoli, ADFS, OVD) Expert Consulting Services and Training, Solutions

Home

Sitemap

Our Solutions ...

Directory Services

Directory services is becoming a very important component of enterprise infrastructure and is often used as a centralized storage for corporate identities. Most SSO and IDM software require LDAP either to store identities or policies and their related information.

The existing mix of directory and database technology fails to resolve issues that arise when organizations roll out applications to different types of users (employees, contractors, clients). Today's directory server technology forces building a single, managed data infrastructure that requires huge political discussions on: what data it should contain, who will manage it, and more importantly, who will fund it. Issues such as who should pay for directories and who should manage them become critical factors that affect the success of deploying what should be relatively simple database technology.

The new trends of business-to-business web services and inter-business applications now means that the data sources belonging to external partners must be considered in the creation of a directory services and security infrastructure strategy.

Directory Design

Because a directory service is a specialized database, some of the most important directory design considerations involve data. It is critical that all relevant information be exposed via the directory service and LDAP protocol, including how it is obtained, managed, and accounted for.

Schema Design

A directory schema is a set of rules that determine what can be stored in a directory service and how directory servers and clients should treat information during directory operations such as searches. Before a directory server stores a new or modified entry, it checks the entry's contents against the schema rules. Whenever directory clients or servers compare two attribute values, they consult the schema to determine what comparison algorithm to use.

Below are the tasks involved during an LDAP design:

	Determine directory needs and what applications will use the directory
	Determine data needs
	Determine LDAP schema
	Determine LDAP namespace
	Determine LDAP topology
	Determine directory replication scheme
	Determine security and privacy controls

Solutions | Services | Training | Partners