Data and Database Management Software

Software helps protect directory data.

IBM Oct 27, 2003

Press Release Summary:



Tivoli® Directory Server v5.2 offers standards-based identity data platform that interoperates with range of operating systems. It is compliant with Lightweight Directory Access Protocol v3. Software plays key role in building enterprise identity data infrastructure for applications such as identity management, portals, and Web services. It includes support that helps reduce vulnerability of server to malicious attacks, causing denial of service.


Original Press Release:



IBM Tivoli Directory Server V5.2 Increases Platform Support and Helps Protect Directory Data



At a glance
IBM Tivoli Directory Server is:

o A powerful and authoritative enterprise directory infrastructure that is a critical enabler for enterprise security.

o An important part of the IBM Tivoli Integrated Identity Management portfolio and plays a key role in building the enterprise identity data infrastructure for applications, like identity management, portals, and Web services.

o The default directory for WebSphere Application Server and Portal, Tivoli Identity Manager and Access Managers, as well as the AIX operating system.

New features offered by Directory Server V5.2 include:
Enhancements designed to protect the directory against denial of service attacks
o Usability enhancements, including user/group specific search limits and support for identity assertions
o Serviceability enhancements
o Enhanced platform support
o Support for new LDAP standards

For ordering, contact:
Your IBM representative, an IBM Business Partner, or the Americas Call Centers at 800-IBM-CALL (Reference: YE001).

Overview
A solid directory foundation provides a trusted identity data infrastructure that enables mission-critical security and authentication. IBM Tivoli® Directory Server offers a reliable, scalable, standards-based identity data platform that interoperates with a broad range of operating systems and applications. Directory Server is compliant with the industry-standard Lightweight Directory Access Protocol (LDAP) V3.

The strong scalability and flexibility offered by Directory Server can benefit third-party applications as well as IBM solutions for which Directory Server is the default directory infrastructure, such as WebSphere® Application Server and Portal, Tivoli Identity and Access Managers, as well as the AIX® operating system. Directory Server offers robust replication features, including the ability to configure multiple master copies, to provide highly-available implementations for global, 24 x 7 support from important business applications.

IBM DB2® Enterprise Server Edition V8.1 and the embedded version of IBM WebSphere Application Server - Express V5.02 are included in the electronic download for use restricted to IBM Tivoli Directory Server V5.2.

V5.2 of IBM Tivoli Directory Server enhances usability, serviceability, platform and corequisite support, as well as includes updated versions of corequisites products. Use IBM Tivoli Directory Server V5.2 in your identity data infrastructure to implement critical solutions such as security provisioning and Web Services.

Key prerequisites
AIX, Sun Solaris, HP-UX, Microsoft(TM) Windows(TM), or a Linux IBM zSeries®, iSeries(TM), pSeries®, xSeries® servers.

Planned availability date
October 24, 2003: Electronic software delivery

Description
IBM Tivoli Directory Server V5.2 includes the following new capabilities.

Denial of service prevention
Directory Server includes support that helps reduce the vulnerability of the server to malicious attacks, causing a denial of service. The server can be configured to reject non-responsive clients. You can now close connections issued by a specific IP address or DN. An emergency thread is available when some number of items, configurable on the server, are on the work queue. This provides a method for the administrator to access the server during a denial of service attack.

Usability enhancements

Subtree search on null base
A subtree search can now be performed from a null base. This provides a shorthand way to retrieve all entries in the directory. In earlier releases, multiple searches were required for each suffix to search the entire directory.

Unique attributes
Directory Server V5.2 allows the administrator to identify attributes that must have unique values. This can prevent multiple directory entries with the same attribute values. For example, no two users can have the same user ID or e-mail address if these attributes have been configured to enforce uniqueness.

Delegation of server administration to a group of administrative users
In previous releases, Directory Server required that the administrator user ID be used to perform server tasks such as replication configuration, and starting and stopping the server. For V5.2, there is an administration group that contains IDs of users with administrative rights and privileges. This avoids the use of a single administration ID shared by a number of administrators. The root administrator can add or remove members from the administration group.

Unbind of bound DN and IP
This security enhancement allows an administrator to force a specific bound DN or IP address to unbind. The emergency thread added in the denial of service prevention feature enhances this feature by helping ensure that an administrator always has access to unbind bound DNs and IP addresses.

Group specific search limits
You can now configure "extended" search limits for a defined group of people who are not the administrator or part of the administration group.

Attribute cache
The attribute cache helps improve search performance for certain search filters by allowing configured attributes and their values to be stored in memory. When a search is performed using a filter that contains all cached attributes and the filter is of a type supported by the attribute cache manager, the filter can be resolved in memory.

Support for identity assertions (proxied authentication)
Support has been added for identity assertions, also known as LDAP Proxied Authorization Control. The Proxied Authorization Control allows a client to request that an operation be processed under a provided authorization identity instead of as the current authorization identity associated with the connection.

Option that the server does not dereference aliases by default
The default for the Java(TM) Naming and Directory Interface (JNDI) is to dereference aliases. This sometimes causes performance degradation on the server even if no alias entries exist in the directory. A server configuration option has been added to override the dereference option specified in the client search request. Additionally, if no alias objects exist in the directory, the server always bypasses the dereference logic.

Gateway replication
Gateway replication uses Gateway servers to collect and distribute replication information effectively across a replicating network. The primary benefit of Gateway replication is it helps reduce network traffic.

Serviceability enhancements

Dynamic trace enablement
Trace information from the server can now be captured without stopping and restarting the server. The level of tracing and the size available for trace output can also be configured dynamically.

Monitor enhancements
More information has been added to the output of cn=monitor that can be used in analyzing server performance. These attributes are intended for directory administrators only. The new information includes counts of completed operations by type (for example, BIND, MODIFY, COMPARE, and SEARCH), depth of the work queue, number of available workers, counts of messages added to the server log, audit log, command-line interface errors, and counts of SSL connections. Information is also included about what worker threads are doing and when they are started.

Enhanced platform and corequisite support

64-bit server support on AIX
Directory Server has been ported to 64-bit architecture on AIX only. Solaris, HP-UX, Linux zSeries, Linux Intel(TM), Linux iSeries and pSeries, and Windows remain as 32-bit servers. The Web Administration Tool remains a 32-bit application. The 32-bit server will no longer be available on AIX; however, the client SDK will still be available as a 32-bit application. The 64-bit architecture increases the ability to cache a large number of directory entries.

Support for Windows Server 2003
Directory Server supports the Microsoft Windows Server 2003 operating system, Standard and Enterprise editions.

Additional support on iSeries and pSeries Linux
Support for the new iSeries and pSeries Linux platforms was added in Directory Server V5.1 Fixpak 1. Directory Server V5.2 adds more support for iSeries and pSeries. The Web Administration Tool can now be used on these platforms, and translated messages have been added.

White Papers & Case Studies

View All White Papers & Case Studies

View All Resources

All Topics

Manufacturing Innovation

Industry Trends

Engineering & Design

Sales & Marketing

Supply Chain

Career & Workforce

Company News

New Products

Thomas Index

Daily Bite

Find Suppliers, Insights, Tools and More...

Become part of North America's largest and most active network of B2B buyers and industrial/commercial suppliers.

Select From Over 500,000
Industrial Suppliers

Find and evaluate OEMs, Custom Manufacturers, Service Companies and Distributors.

Receive Daily
Industry Updates

Stay up to date on industry news and trends, product announcements and the latest innovations.

Search Over
6 Million Products

Find materials, components, equipment, MRO supplies and more.

Download 2D & 3D
CAD Models

10+ million models from leading OEMs, compatible with all major CAD software systems.
Start Sourcing Suppliers Claim Your Company Profile ico-arrow-default-right
Cookie Policy
Close
Thomas uses cookies to ensure that we give you the best experience on our website. By using this site, you agree to our Privacy Statement and our Terms of Use.
Accept