IDT-DS425-A Architecting LDAP Identity Repositories

Directory Services serve as the identity repository for many vendor IAM solutions. As such, an understanding of LDAP Directory Services is necessary to allow you to extend the repository, build a highly available repository solution, and secure and optimize the Directory Services layer for performance. This class instructs students on the proper methodology for implementing LDAP Directory Services and offers hands on experience implementing the methodology in a real world environment.

Description

This course covers the following topics:

Directory Services Overview:

  • Describe the rationale behind corporate directories

  • Describe the components of a standard directory server 

  • Describe the differences between databases and directories

  • Describe the methodology behind architecting Directory Services deployments

Selecting Directory Server Data

  • Describe the Process of Planning Directory Data

  • Identify Applications and Data Store Data

  • Document Application and Data Store Attributes

Designing a Directory Services Data Model (Schema)

  • Describe the Process of planning the Directory Schema

  • Describe directory server schema concepts

  • Match directory application attributes to default schema

  • Match directory store attributes to default schema

  • Describe the best method of extending the schema 

  • Extend the schema for non-matching attributes

  • Identify Authoritative source for attributes

  • Identify processes and procedures that will require change

Designing a Directory Services Naming Model (Directory Information Tree)

  • Describe the process of Designing a Directory Information Tree (DIT)

  • Describe the Components of a Directory Information Tree (DIT) hierarchy

  • Understand the factors affecting DIT design

  • Understand the history and components of the root suffix

  • Describe branches and RDNs

  • Describe Groups and how they aid in administration of DS and Applications

Designing a Directory Topology and Distribution Strategy

  • Describe the process of creating a distributed data topology

  • Create a Directory data map

  • Partition the Directory Tree (DIT)

  • Describe the benefits of distributing directory data

  • Describe methods of database distribution

  • Describe the process of creating a database distribution strategy

  • Identify DB distribution options and replication paths

  • Describe the Process of creating a replication strategy

Designing an Effective Security Strategy

  • Describe the process of defining security policies

  • Understand access control processing for the directory server

  • Understand groups and roles and how they fit in the security strategy

  • Understand how to apply access control attributes to directory server entries

  • Understand password policies

  • Explain the reason for encrypting fields

  • Create Access Control Instructions (ACIs) to support desired security policies

  • Describe the components for creating Secure Communication

Optimizing Directory Server Performance

  • Describe the process of planning an indexing strategy

  • Describe the default Directory Server indexes

  • Identify index types 

  • Choose which attributes to index and which index types to use

  • Describe how to configure the directory server for best read performance

  • Describe how to configure the directory server for best write performance

  • Define an indexing strategy to achieve maximum performance

Testing Your Design

  • Implement the design in a test environment to verify the design.

  • Identify where there may be issues that require more planning and/or adjusting

 

Who Can Benefit

Students who can benefit from this course:

  • System Integrators

  • System Consultants

  • System Architects

  • System Developers

  • System Administrators

Prerequisites

Students should have the following prerequisite knowledge to be successful in this class:

  • General Linux Command Line Experience

    • Ability to navigate Linux directories

    • Ability to edit files using the 'vi' editor

    • Ability to install applications from the Linux command line

    • Ability to start, stop, and determine services status

  • General Google Documents Knowledge

    • Ability to update Google Sheets

    • Ability to update Google Docs