Directory Servers
- A database accessible via LDAP
- Primarily used for ...
- Quick lookup of contact information (White Pages)
- Mail routing
- Also houses a mix of other data
- Designed to handle a high volume of connections which read small amounts of data
- We are currently running Sun ONE Directory Server 5.2 patch level 6
- Can read public data without a password (anonmymous bind)
- Private data access requires AuthN
- AuthN methods are ...
- Bind ID and password
- Bind IDs are IDs (with associated passwords) that are stored in Directory Server
- Kerberos 5
- Uses SASL and GSSAPI behind the scenes
- Currently available on some dev and test instances. Will become available on prod instances.
- Clients can connect with or without SSL.
- Load balancing via DNS round robin between 2 prod machines
- Data is replicated to several Directory Servers
- No automatic fail over
- Sys admin must substitute another machine "by hand"
- Can change DNS entry or move a "Service IP"
- ACI (Access Control Information) controls internal AuthZ
- Controls what information can be read/modified by different Bind IDs
- ACI lives in Directory Server
- OS: Solaris 5.9
- Production: 5 machines
- 2 of which handle most of the traffic
- 1 of which is dedicated to just handling mail routing queries from CIT's mail servers
- Machines are in server farm (Sun Sparc)
- Two factor AuthN required for SSH login
- Machines are split between Rhodes and CCC
- Test: 2 machines
- Dev: 1 machine
{"serverDuration": 50, "requestCorrelationId": "9ee7cfcd0bd5ea11"}