The Sun Web site offers resources for the SunTM ONE Directory Server 5.1 (formerly iPlanetTM Directory Server), including frequently asked questions (FAQs). The following is a sampling of the topics and questions covered.

• Does Sun ONE Directory Server support the Secure Sockets Layer or the Transport Layer Security protocol?

Yes, Sun ONE Directory Server implements LDAP over Secure Sockets Layer (SSL) to support message encryption and integrity services. It also supports X.509 version 3 authentication of both servers and clients. Additionally Sun ONE Directory Server 5.x supports in the UNIXR systems builds the StartTLS extended operation which allows users to secure a regular LDAP connection.

• Does Sun ONE Directory Server support access controls?

Yes, Sun ONE Directory Server safeguards directory information with a flexible access control scheme. Administrators can restrict particular users from performing specific directory operations, including read, write, search and compare. These controls may apply to an entry directory tree, a particular entry or even individual attributes within an entry. For example, the Sun ONE Directory Server may be configured to permit anyone to see an email address but only people in the same group to view a pager number.

• How are users authenticated?

User authentication can be performed via user ID/password or X.509 version 3 certificate. Through configuration it is possible to add other authentication mechanisms, such as smart cards or SecureID. Sun ONE Directory Server can control access based on user identity (authenticated via the above mechanisms), domain name or IP address.

• How do the Sun ONE Directory Server and the SunTM ONE Certificate Server (formerly iPlanetTM Certificate Management System) work together?

When a certificate is created, Sun ONE Certificate Server automatically adds it to the user's entry in any LDAP-compliant directory. Specifically, user certificates are added as values of the attribute 'userCertificate;binary', defined in the LDAP version 3 attributes document.

When a certificate is revoked, Sun ONE Certificate Server automatically deletes it from that user's entry. Sun ONE Certificate Server also publishes certificate revocation lists (CRLs) to the directory (using the attribute 'certificateRevocationList;binary').

Applications that want to authenticate users using X.509 version 3 certificates may use the information in Sun ONE Directory Server to do so. It is also possible to authenticate an entity by verifying the validity period and digital signature carried in the certificate itself. No separate directory lookup is necessary. This enables a single user log on capability that scales to the Internet.

In addition, Sun ONE Certificate Server uses the directory as its internal database to store information related to the creation and management of certificates, CRLs and keys.

Additional topics covered in the FAQs include directories and LDAP, features and architecture, implementation, data replication and access, directory enabled applications and competitive advantages.

http://wwws.sun.com/software/products/directory_srvr/faqs_directory.html#5q0 [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter