Ability to describe the general
features of the Directory Server version 4. |
Factoid:
In early tests, one customer
found that importing 100,000 entries took several hours using version 3.11
of the Server but only 10 minutes with version 4.0. With schema checking
turned off the same operation took only 390 seconds! |
Factoid:
All of Netscape's server
products are directory enabled. |
|
Features
General Description
The Netscape Directory Server simplifies
management and retrieval of corporate user information. Based on an open-systems
server protocol called the Lightweight Directory Access Protocol (LDAP),
the Directory Server is a robust, scalable server designed to manage an
enterprise-wide directory of users and resources. Using the Directory Server,
corporate IS organizations can manage all their user information from a
single point of control, while corporate users can retrieve this information
from multiple, easily accessible network locations.
In the past, organizations have used a range of proprietary databases
and products to handle corporate user information. These incompatible databases
were a resource drain on corporate IS groups, forcing them to synchronize
multiple database systems every time a change was made, no matter how small.
For end-users, these proprietary systems represented a barrier which forced
them to search through multiple systems for needed information.
World's Fastest Directory Server
Fastest lookup performance
Fastest SSL performance
Scales with number of processors
Scales to millions of entries
Best Directory For Extranet Applications
Directory designed for applications, not network operating systems
Ultra-high performance
Best SDK, including source code availability
Embeddable components for ISVs
Powerful Foundation for Security
Enables wide range of authentication from IP-based to passwords to smart
cards
Supports SSL for
authenticated and encrypted client-to-server and server-to-server communications
Supports PKCS 11 for hardware acceleration and smart
cards authentication
Flexible, powerful ACLs
for delegated administration
Industry leading LDAP v3 directory server
-
Standards-based. Fully compatible with LDAP v2 and LDAP v3 clients
-
Internationalized. Support for UTF-8, language tags, and correct sorting
of over 35 languages
-
Intelligent referrals
-
Plugin architecture for third-party syntax, matching rules, and SASL modules
-
Supports LDAP v3 extensions for paged results
Security built in
-
LDAP v3 over SSL
-
Flexible authentication. Directory can identify users by IP
address, DNS
name, username/password, and X.509
v3 certificates; also by strength of encryption
-
Implements unified SuiteSpot ACL syntax and semantics
-
Password policy management. Administrators should be able to control the
following facets of password policy:
-
Minimum password length
-
Permit blank password (on/off)
-
Maximum password age (days)
-
Password history (keep history (on/off), number of passwords to keep history)
-
User must change password at next logon
-
User can/cannot change password
-
Disable account
-
Role-based ACLs. Groups to which access control rules apply can be defined
as arbitrary LDAP filters.
-
Repository for public-key certificates
and CRLs. Schema elements must be defined so that the directory server
can act as the repository for certificates and CRLs.
ISP-ready scalability and performance
-
Millions of entries per instance. Handles up to 5 million entries per instance
-
Easy growth. Grows gracefully by adding server instances
-
Industry-leading performance. Handles 500 queries/second on a 2-CPU 200
MHz Pentium Pro with 256 megabytes of RAM machine with access control and
logging turned on. Support 800 anonymous queries/second on the same machine
with logging turned off.
-
Ready for all applications. Returns any query on an indexed attribute in
less than 1 second for directories containing up to 5 million entries.
-
Fast import. Imports 10,000 entries in less than 15 minutes and 100,000
entries via LDIF
in less than 1 hour with default indices.
-
Outperforms the competition. As measured by DirectoryMark, Directory Server
4.0 performance should outperform all other servers in this category:
-
Microsoft Active Directory (2x)
-
Novell Directory Services (3x)
-
Lotus ccMail (3x)
-
Lotus Domino (10x)
-
Tunable performance. Offers live database performance statistics that enable
administrators to optimize server performance without restarting the server.
7x24 availability
-
Online backup capability. This feature will allow a consistent snapshot
of the database to be taken online, without taking the LDAP server down.
Backups should be available via a command-line interface so it can be automated.
-
Transaction support. Catastrophic failures will not leave the database
in a corrupt state. The server automatically detects database corruption
and restores the database to a consistent state using journalled transactions.
-
Transactions span the main directory database, the replication (change
log) database, and all the indices associated with a particular entry.
-
SNMP. Implement the IETF-standard
MADMAN MIB for integration with SNMP monitoring consoles.
-
On-line server management. Administrators (and, where appropriate, LDAP
clients) should be able to perform important directory operations important
server configuration settings without restarting the server.
-
Change database indices for a particular attribute
-
Set cache sizes
-
Modify the schema
-
Set ACLs
-
Turn SSL on/off
Sophisticated replication capabilities
-
Cascaded replication.
This feature allows slaves to supply other slaves, creating a hierarchy
of replicas. This will be important in large-scale environments running
hundreds of directory server replicas, where the load on a single master
supplier would be prohibitive.
-
Consumer-initiated replication. This feature should compliment the existing
supplier-initiated replication strategy, optionally putting more control
in the replica's hands, allowing it to select what and when to replicate.
This will be an important feature for off-line replicas that synchronize
only occasionally, and under a user's control.
-
Resilience. Replication gracefully handles master, slave, or network failures
by picking up where it left off when the offending component returns to
life.
-
Replication status notification. Administrators should be able to tell
whether replication has succeeded or failed; and if it has failed, where
the failure has occurred.
-
Schema distribution. Schema information should be able to be replicated
along with other directory information to slave sites through the enterprise.
If an administrator defines a new type of directory object, all servers
throughout an enterprise should automatically be able to know about it
in the time it takes to do a normal replication update.
-
Selective attribute replication. An administrator should be able to specify
that only certain attributes of the entries selected for replication should
be replicated. For example, only the name and mail attributes could be
replicated to an LDAP server outside the corporate firewall.
-
Filtered replication. An administrator should be able to specify that only
certain entries within a subtree should be selected for replication. For
example, all the people entries, all the marketing people entries, or all
entries containing a certain attribute value.
Internationalization
-
Multi-byte character support. Supports 8- and (UTF-8) 16-bit characters
without corruption.
-
Language tags. Allows administrators applications to affix language
tags to attributes.
-
Extensible language sorting. Sorts 35 languages correctly. Offers plugin
API to enable 3rd parties to define their own sorting algorithms.
-
Performance. Internationalization does not degrade server performance more
than 10%.
-
Localizable architecture. Strings and other locale-dependent resources
are externalized.
Coexistence with Windows NT
-
Real-time Windows NT directory synchronization tool
-
Synchronizes user, password, and group data
-
Gets enough information from NT to enable SuiteSpot servers (e.g., NT group
= Messaging Server mailing list)
-
Allows administrators to configure which entries get synchronized (in each
direction)
-
Supports LDAP over SSL
-
Perfmon and Eventmon integration for familiar administration
Open architecture with well-defined plugin architecture
-
Database backend plug-in. Allows customers to tightly integrate with existing
data sources such as relational databases.
-
Pre- and post-directory operation plug-ins. Allows customers to execute
arbitrary code before or after any directory operation.
-
Authentication plug-in. Enables plugin SASL components for e.g. Kerberos
integration
- Data store location plugin. Allows developers to map to multiple physical data stores.
- Matching rules. e.g., French phonetic
- LDAP v3 extended operations. e.g., virtual list box controls, paged results
|