Ability to describe the general features of the Directory Server version 4.


 
 
 
 
 
 
 
Factoid:

In early tests, one customer found that importing 100,000 entries took several hours using version 3.11 of the Server but only 10 minutes with version 4.0.  With schema checking turned off the same operation took only 390 seconds!



Factoid:

All of Netscape's server products are directory enabled.

Features

General Description

The Netscape Directory Server simplifies management and retrieval of corporate user information. Based on an open-systems server protocol called the Lightweight Directory Access Protocol (LDAP), the Directory Server is a robust, scalable server designed to manage an enterprise-wide directory of users and resources. Using the Directory Server, corporate IS organizations can manage all their user information from a single point of control, while corporate users can retrieve this information from multiple, easily accessible network locations. 

In the past, organizations have used a range of proprietary databases and products to handle corporate user information. These incompatible databases were a resource drain on corporate IS groups, forcing them to synchronize multiple database systems every time a change was made, no matter how small. For end-users, these proprietary systems represented a barrier which forced them to search through multiple systems for needed information.

World's  Fastest Directory Server

  • Fastest lookup performance 
  • Fastest SSL performance
  • Scales with number of processors
  • Scales to millions of entries 
  • Best Directory For Extranet Applications 

  • Directory designed for applications, not network operating systems 
  • Ultra-high performance 
  • Best SDK, including source code availability 
  • Embeddable components for ISVs 
  • Powerful Foundation for Security 

  • Enables wide range of authentication from IP-based to passwords to smart cards 
  • Supports SSL for authenticated and encrypted client-to-server and server-to-server communications 
  • Supports PKCS 11 for hardware acceleration and smart cards authentication 
  • Flexible, powerful ACLs for delegated administration 
  • Industry leading LDAP v3 directory server

    • Standards-based. Fully compatible with LDAP v2 and LDAP v3 clients 
    • Internationalized. Support for UTF-8, language tags, and correct sorting of over 35 languages 
    • Intelligent referrals 
    • Plugin architecture for third-party syntax, matching rules, and SASL modules 
    • Supports LDAP v3 extensions for paged results 

    Security built in

    • LDAP v3 over SSL
    • Flexible authentication. Directory can identify users by IP address, DNS name, username/password, and X.509 v3 certificates; also by strength of encryption 
    • Implements unified SuiteSpot ACL syntax and semantics 
    • Password policy management. Administrators should be able to control the following facets of password policy: 
      • Minimum password length 
      • Permit blank password (on/off) 
      • Maximum password age (days) 
      • Password history (keep history (on/off), number of passwords to keep history) 
      • User must change password at next logon 
      • User can/cannot change password 
      • Disable account 
    • Role-based ACLs. Groups to which access control rules apply can be defined as arbitrary LDAP filters. 
    • Repository for public-key certificates and CRLs. Schema elements must be defined so that the directory server can act as the repository for certificates and CRLs. 

    ISP-ready scalability and performance

    • Millions of entries per instance. Handles up to 5 million entries per instance 
    • Easy growth. Grows gracefully by adding server instances 
    • Industry-leading performance. Handles 500 queries/second on a 2-CPU 200 MHz Pentium Pro with 256 megabytes of RAM machine with access control and logging turned on. Support 800 anonymous queries/second on the same machine with logging turned off. 
    • Ready for all applications. Returns any query on an indexed attribute in less than 1 second for directories containing up to 5 million entries. 
    • Fast import. Imports 10,000 entries in less than 15 minutes and 100,000 entries via LDIF in less than 1 hour with default indices. 
    • Outperforms the competition. As measured by DirectoryMark, Directory Server 4.0 performance should outperform all other servers in this category:
      • Microsoft Active Directory (2x)
      • Novell Directory Services (3x)
      • Lotus ccMail (3x)
      • Lotus Domino (10x)
    • Tunable performance. Offers live database performance statistics that enable administrators to optimize server performance without restarting the server. 

    7x24 availability

    • Online backup capability. This feature will allow a consistent snapshot of the database to be taken online, without taking the LDAP server down. Backups should be available via a command-line interface so it can be automated. 
    • Transaction support. Catastrophic failures will not leave the database in a corrupt state. The server automatically detects database corruption and restores the database to a consistent state using journalled transactions.
    • Transactions span the main directory database, the replication (change log) database, and all the indices associated with a particular entry. 
    • SNMP. Implement the IETF-standard MADMAN MIB for integration with SNMP monitoring consoles. 
    • On-line server management. Administrators (and, where appropriate, LDAP clients) should be able to perform important directory operations important server configuration settings without restarting the server. 
      • Change database indices for a particular attribute 
      • Set cache sizes 
      • Modify the schema 
      • Set ACLs 
      • Turn SSL on/off 

    Sophisticated replication capabilities

    • Cascaded replication. This feature allows slaves to supply other slaves, creating a hierarchy of replicas. This will be important in large-scale environments running hundreds of directory server replicas, where the load on a single master supplier would be prohibitive. 
    • Consumer-initiated replication. This feature should compliment the existing supplier-initiated replication strategy, optionally putting more control in the replica's hands, allowing it to select what and when to replicate. This will be an important feature for off-line replicas that synchronize only occasionally, and under a user's control. 
    • Resilience. Replication gracefully handles master, slave, or network failures by picking up where it left off when the offending component returns to life. 
    • Replication status notification. Administrators should be able to tell whether replication has succeeded or failed; and if it has failed, where the failure has occurred. 
    • Schema distribution. Schema information should be able to be replicated along with other directory information to slave sites through the enterprise. If an administrator defines a new type of directory object, all servers throughout an enterprise should automatically be able to know about it in the time it takes to do a normal replication update. 
    • Selective attribute replication. An administrator should be able to specify that only certain attributes of the entries selected for replication should be replicated. For example, only the name and mail attributes could be replicated to an LDAP server outside the corporate firewall. 
    • Filtered replication. An administrator should be able to specify that only certain entries within a subtree should be selected for replication. For example, all the people entries, all the marketing people entries, or all entries containing a certain attribute value. 

    Internationalization

    • Multi-byte character support. Supports 8- and (UTF-8) 16-bit characters without corruption. 
    • Language tags.  Allows administrators applications to affix language tags to attributes. 
    • Extensible language sorting. Sorts 35 languages correctly. Offers plugin API to enable 3rd parties to define their own sorting algorithms. 
    • Performance. Internationalization does not degrade server performance more than 10%. 
    • Localizable architecture. Strings and other locale-dependent resources are externalized. 

    Coexistence with Windows NT

    • Real-time Windows NT directory synchronization tool
    • Synchronizes user, password, and group data
    • Gets enough information from NT to enable SuiteSpot servers (e.g., NT group = Messaging Server mailing list)
    • Allows administrators to configure which entries get synchronized (in each direction) 
    • Supports LDAP over SSL 
    • Perfmon and Eventmon integration for familiar administration 

    Open architecture with well-defined plugin architecture

    • Database backend plug-in. Allows customers to tightly integrate with existing data sources such as relational databases. 
    • Pre- and post-directory operation plug-ins. Allows customers to execute arbitrary code before or after any directory operation. 
    • Authentication plug-in. Enables plugin SASL components for e.g. Kerberos integration 
    • Data store location plugin. Allows developers to map to multiple physical data stores.
    • Matching rules. e.g., French phonetic 
    • LDAP v3 extended operations. e.g., virtual list box controls, paged results 

    Copyright © 2000
    Sun-Netscape Alliance