SOLARIS™NAMING AND DIRECTORY SERVICE

THE SOLARIS™ OPERATING ENVIRONMENT LDAP AS A NAMING SERVICE The Solaris™ 8 Operating Environment is the established OS leader Solaris 8 introduces support for LDAP as the access protocol for for availability, scalability, and security in the age. In Solaris naming services. LDAP is a directory standard defined by the Internet 8 software, Sun delivers a trustworthy, universal platform to meet Engineering Task Force (IETF). The Solaris 8 Operating Environment the needs of .com businesses — from small startups to large lets you define information such as usernames, host names, Fortune 1000 enterprises. passwords, and other network resources on any directory (for example, the iPlanet™ Directory Server) supporting the LDAP v3 It’s no surprise that the Solaris Operating Environment is the leading protocol. The LDAP server stores this information in a hierarchical ® environment today. Solaris software was originally designed called a Directory Information Tree (DIT). The DIT with the Internet in mind. TCP/IP, the central Internet protocol, has consists of entries that are composed of attribute-value pairs. been at the core of Solaris networking for more than 15 years. Each attribute has a type and can have one or more values. Through its time-tested design — a small, stable kernel, modular Naming information, such as host names and passwords, and extensible components, and well-defined interfaces — Solaris will be stored in these entries as attribute values. software delivers rock-solid stability and predictability for business- critical applications. And the Solaris 8 Operating Environment In the Solaris 8 Operating Environment, LDAP clients can use the provides complete compatibility with prior versions, so you can LDAP v3 protocol to access naming information from LDAP servers. be confident that your current applications will continue to run. The LDAP server must support the object classes and attributes that map the Network Information Service model onto LDAP. Several SOLARIS NAMING AND DIRECTORY SERVICE schemas related to Solaris processes, extended accounting, and Solaris Naming and Directory Service combines standard naming more are also supported. and directory technology with enhanced security to provide a comprehensive and reliable naming service. Solaris 8 introduces the Solaris clients can currently authenticate to the LDAP server Lightweight Directory Access Protocol (LDAP) as an access protocol using anonymous and simple mechanism. LDAP can also support for naming services. LDAP is a simple protocol, but delivers a fairly authentication using CRAM-MD5 if the server supports it. Additional robust set of features capable of supporting a diverse set of protection is provided through access control, allowing the server to applications. Apart from update and access capabilities, LDAP grant access for certain containers and/or entries. Access control is also offers a rich set of features for searching. In addition to LDAP specified in the form of access control information (ACIs) on the support, Solaris software continues to support the Domain . Access rights for the directory objects can be specified as read System (DNS), Network Information Service (NIS), and NIS+ and write, with these rights determining what the clients can do to protocols. This provides businesses with a variety of choices in the or with the objects. Clients may be users or applications. area of naming and directory services when planning computer networks.

• Introduces LDAP as a naming service • NIS+ and LDAP support: • LDAP supports ACI for users or applications - Hierarchical for ease in manageability • Offers a choice of naming service protocols: LDAP,DNS, - Incremental updates to the namespace • Support for the DNS BIND 8.1.2 implementation NIS, and NIS+ - Multiple domains in a single namespace - Authentication • Provides support for NIS schemas in LDAP naming service SUPPORT FOR DNS BIND 8.1.2 NIS+ is a powerful network information By running NIS, system administrators can The Solaris 8 Operating Environment service that supports secure access to distribute administrative databases, called supports the BIND 8.1.2 implementation network information with support for maps, among a variety of servers and of DNS. DNS is the standard method for very large hierarchical namespaces update these databases from a centralized mapping Internet domain names to IP independent of the transport-protocol and location in an automatic and reliable addresses. BIND 8.1.2 supports improved media deployed. It extends and improves fashion. This ensures that all clients share performance over thousands of zones, the capabilities of NIS and DNS by the same name service information in a providing the ability to consolidate the implementing powerful authorization consistent manner throughout the number of DNS servers deployed across and authentication methods to increase network. the network. security over the use of network resources. Additionally, it allows for the creation of FUTURE DEVELOPMENTS IN NAMING BIND 8.1.2 SUPPORTS multiple domains in a single namespace. AND DIRECTORY SERVICES In keeping with Solaris software’s position • DNS Dynamic Updates (RFC 2136) The security system implemented in NIS+ as the market leader in Internet operating • DNS Change Notification (RFC 1996) allows control over a particular user’s environments, Sun is committed to access to individual entries in a specific enhancing Solaris Naming and Directory • Flexible categorized logging system table. This approach to security helps to Service functionality. Future plans will • IP address-based access control keep the system secure as well as enabling include: for queries and zone transfers administration tasks to be more broadly • Security: The Solaris Naming and distributed without risking damage to the Directory Service will incorporate ENHANCE SECURITY AND FLEXIBILITY entire NIS+ namespace or even to an entire security for authentication, data WITH NIS+ table. integrity, and confidentiality While DNS focuses on making communication simpler by using machine CONTINUED SUPPORT FOR NIS • Interoperability: Sun is committed to the names instead of numerical IP addresses, NIS is a widely deployed and reliable LDAP standard, and will provide Solaris NIS+ focuses on making network distributed naming service. It uses a software with the ability to enable administration more manageable by distributed database to identify and locate applications to use LDAP as a naming providing centralized control over a network objects and resources, and service variety of network resources. NIS+ stores provides a uniform storage and retrieval • Continued support for the BIND information not only about machine names method for network-wide information over implementation of DNS and addresses, but also about users, TCP/UDP protocols. network services, and the network itself. FOR MORE INFORMATION This collection of network information is To learn more about Solaris Naming and referred to as the NIS+ namespace. Directory Service and the Solaris Operating Environment, please visit our Web site at www.sun.com/solaris/.

© 2000 , Inc. All rights reserved. Sun, Sun Microsystems, the Sun logo, iPlanet, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. Information subject to change without notice. Printed in the U.S.A. 1/00