LDAP Overview
The LDAP model is a standard that specifies directory access to servers that comply with the following RFCs:
- RFC 2255—The LDAP URL Format (December 1997)
- RFC 2254—The String Representation of LDAP Search Filters (December 1997)
- RFC 2253—Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names (December 1997)
- RFC 2252—Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions (December 1997)
- RFC 2251—Lightweight Directory Access Protocol (v3) (December 1997)
LDAP is optimized to support searching for information that meets specified criteria.
An LDAP directory is the central integration point for the systems that interact with the SRC software, such as network devices and RADIUS servers, and serves as a repository for customer information, service information, policies, and SRC configuration information, including licensing material. For information about how a directory can be deployed in an SRC configuration, see SRC-PE Getting Started Guide, Chapter 26, Planning an SRC Installation on a Solaris Platform.
Because a directory is a critical component in your SRC environment, you should have a good understanding of your directory server and of LDAP before using the SRC software. See the documentation for your directory server. This chapter provides information specific to directory configuration for the SRC software.
Directory Availability
Directory redundancy increases the level of availability and performance for an SRC deployment. A number of SRC components, such as the SAE, rely on access to the directory to obtain configuration and provisioning information. To maintain continuous access to the directory, an SDX directory client can be configured to use one directory server as the primary directory and to use any number of backup directories. The SRC software works with multiple servers in the following way:
- The first server specified is the primary or preferred directory server; any other servers comprise an ordered list of backup servers.
- If the primary directory server is not available or fails, the SRC software tries each of the backup servers in turn according to the ordered list. It switches directory connections to the first available backup directory.
- If a backup directory fails, the SRC software again tries each of the directory servers in turn, beginning with the primary server and proceeding through the ordered list. It switches directory connections to the first available backup directory.
- If the primary directory recovers or becomes available, the directory connection switches back to the primary directory server.
For sample deployments that use one or more backup directories, see SRC-PE Getting Started Guide, Chapter 26, Planning an SRC Installation on a Solaris Platform.
Directory Updates
When the SAE starts, objects such as policy and service definitions are loaded in to the directory. Directory data for some other objects, such as retailer and subscriber definitions, are loaded only when needed.
An SDX directory client runs in a number of components. Changes to data that is loaded by a directory client, but that is not loaded on an as-needed basis, can be updated for affected components. Therefore, you do not need to manually reload the data in the SDX directory client.
Depending on the configuration for an object, a client can detect data changes and make appropriate updates. In some cases, you can disable directory updates.
All SAEs in a configuration share the same data and receive the same updated directory information. As a result any SAE can manage a subscriber or a service. For example, when you create a new service, the service definition is stored in the directory, all SAEs are notified, and all active subscriptions to the service are adjusted to the new definition.