Planning your Directory Server

Before you begin to configure the Directory Server and create the structure of your LDAP directory, you should take a few minutes to create a plan.

Consider the following before you begin to configure the Directory Server and create the structure of your LDAP directory:

  • Organize the directory. Plan the structure of your directory and determine what suffixes and attributes your server will require. For more information, see the Recommended practices for directory structure, Directories, Suffix, and Attributes topics.
  • Decide how large your directory will be. You can then estimate how much storage you need. The size of the directory depends on the following:
    • The number of attributes in the servers schema.
    • The number of entries on the server.
    • The type of information that you store on the server.

    For example, an empty directory that uses the default Directory Server schema requires approximately 10 MB of storage space. A directory that uses the default schema and which contains 1000 entries of typical employee information requires about 30 MB of storage space. This number will vary depending on the exact attributes that you used. It will also increase greatly if you stored large objects, such as pictures, in the directory.

  • Decide what security measures you will take.

    Directory server allows you to apply a password policy to ensure that ensure that users change their passwords periodically, and that the passwords meet the organization's syntactic password requirements.

    Directory Server supports the use of Secure Sockets Layer (SSL) and Digital Certificates as well as Transport Layer Security (TLS) for communication security. Kerberos authentication is also supported.

    Directory Server allows you to control access to directory objects with access control lists (ACLs). You can also use the operating system's security auditing to protect the directory.

    Additionally decide what password policy to apply.

  • Choose an administrator DN and password. The default administrator DN is cn=administrator. This is the only identity that authority to create or change directory entries when the server is initially configured. You can use the default administrator DN or select a different DN. You also need to create a password for the administrator DN.
  • Install prerequisite software for the Directory Server Web administration tool. In order to use the Directory Server Web administration tool, the following prerequisite products must be installed.
    • Extended Base Directory Support (5770-SS1, option 3)
    • IBM® HTTP Server for i (5770-DG1)
  • Plan a backup and recovery strategy. Plan how you will save your data and configuration information.