From the book lists at Adware Report:

All information current as of 19:09:22 Pacific Time, Monday, 21 February 2005.

Understanding and Deploying LDAP Directory Services (2nd Edition)

   by Timothy A. Howes / Mark C. Smith / Gordon S. Good / Tim Howes

    Addison-Wesley Professional
    02 May, 2003


   Usually ships in 24 hours

Click the button below to . . .

(which will add the book to your Amazon U.S.A. "Shopping Cart")

. . . or use your browser's Back button to return to the search-list page.

Editorial description(s):
While early directory standards (such as X.500) offer some cross-platform functionality, none has the flexibility and widespread appeal of Lightweight Directory Access Protocol (LDAP), which is fast becoming a standard part of networked computers. In Understanding and Deploying LDAP Directory Services, three experienced engineers share their knowledge of LDAP in theory and practice, effectively defining this fast-emerging technology. If you're planning to work with LDAP in any way--whether as a network manager, a software developer, or an information technology administrator--you need to read and pay attention to this book. It's the last word on LDAP as it stands today.

Since directory services aren't widely understood, this book begins by defining them and explaining what they can do for an organization. The guide then gets into the specifics of how LDAP organizes directories and handles queries. The authors go to great lengths to talk about what information to put in directories, how to validate and maintain it, and how to manage access to it. There's also lots of material on initiating LDAP services and on troubleshooting.

The aft part of this book holds special appeal for software developers, since it talks extensively about how to implement LDAP in both new and existing software. Throughout, the authors pay special attention to data redundancy, security, privacy, and the economic issues involved in an LDAP deployment. The book's real-world focus is cemented by case studies (both historical and semifictional). --David Wall
--This text refers to an out of print or unavailable edition of this title.

From Book News, Inc.
This extensive guide explains the Lightweight Directory Access Protocol (LDAP) and its use in numerous network environments. The book begins with an overview and history of directory services and LDAP, and ends with three case studies. In between it offers guidance on designing, deploying, maintaining, and leveraging a directory service. The authors are IT designers and executives in the industry.Copyright © 2004 Book News, Inc., Portland, OR

From the Back Cover

Increasingly, organizations are using Lightweight Directory Access Protocol (LDAP) directories as the nerve centers of their computing infrastructures. LDAP--the Internet standard for directory information access--now provides the naming, location, and security traditionally supplied by network operating systems.

In this expanded second edition of the seminal LDAP reference, Understanding and Deploying LDAP Directory Services, three LDAP experts explain the protocol and how to apply it effectively in numerous network environments. The book begins with an introduction to directory services and LDAP, including coverage of LDAPv3 extensions and the Netscape Directory Server. It then moves on to explore:

Full of practical implementation advice and real-world examples, Understanding and Deploying LDAP Directory Services, Second Edition, will give you the necessary footing to successfully implement LDAP directory-service projects.


About the Author

Timothy A. Howes, Ph.D., coinventor of the LDAP protocol, is the cofounder and chief technology officer of Opsware Inc., the leading provider of data center automation software. Previously, Dr. Howes served as vice president of technology for America Online, as chief technology officer of Netscape's Server Products division, and as chief architect of several Netscape server products.

Mark C. Smith is the chief architect for directory products at Netscape Communications Corporation, an AOL Time Warner company, where he is responsible for the technical evolution of Netscape Directory Server and several other products and services. Mr. Smith is coauthor of LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol (Macmillan, 1997) and has written many RFCs and Internet Drafts.

Gordon S. Good is a senior software engineer at Opsware, Inc. Before joining Opsware, he worked at Netscape Communications Corporation, where he led the directory-server-replication development team. Gordon has written several RFCs and Internet Drafts.


Excerpt. © Reprinted by permission. All rights reserved.

In the past decade, LDAP directories have risen from a relatively obscure offshoot of an equally obscure field to become one of the linchpins of modern computing. Increasingly, LDAP directories are becoming the nerve center of an organization's computing infrastructure, providing naming, location, management, security, and other services that have traditionally been provided by network operating systems. Design and deployment of a successful LDAP directory service can be complex and challenging, yet little information is available explaining the ins and outs of this important task.

When two of us (Mark and Tim) finished writing a previous book, LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol, in early 1997, we soon realized there was another, much bigger piece of the directory puzzle still to be addressed. The previous book was aimed at directory application programmers, but nothing similar was available to address the needs of directory decision makers, designers, and administrators. This book is aimed at that audience.

Recognizing the size of the task ahead of us and remembering the joys of giving up evenings and weekends for months at a time to meet deadlines for our first book, we quickly decided to expand our team. Just as quickly, we decided there was no one we'd rather share the fun with than our longtime friend and colleague, Gordon Good, at the time a senior directory developer at Netscape. Aside from being the third leg of the LDAP development team at the University of Michigan (U-M), Gordon brought a wealth of system administration experience from his past life as a directory and e-mail administrator and Web master for U-M. With Gordon on board, the three of us set about writing a book that we only half-jokingly referred to as the "LDAP Bible." The first edition of Understanding and Deploying LDAP Directory Services was published in 1999.

Two years later, we realized that it was time to update this book and publish a second edition. LDAPv3 work in the IETF was mostly complete. Numerous extensions to the basic LDAP protocol were being developed. LDAP support in commercial and open-source software was widespread. In this edition, we cover these recent directory services developments. In addition, in response to reader suggestions we have streamlined the text, added more hands-on examples, updated the examples to reflect currently available software versions, and updated the case studies to reflect current directory practice. We thank all the readers of the first edition who provided helpful suggestions, and we hope that you find this second edition even more valuable.

The Book's Organization

This book includes 26 chapters in 6 parts. Part I introduces directories and LDAP. Parts II through IV each address a different part of the directory life cycle. Part V discusses how to leverage your directory service after it's up and running. Finally, Part VI presents three directory services deployment case studies.

Part I, Introduction to Directory Services and LDAP, provides a comprehensive introduction to directories and LDAP. For readers unfamiliar with the topic, this section should bring them up to speed and provide the background necessary to understand the rest of the book. It also includes a section on the history of directories for readers interested in how all this technology came about.

Part II, Designing Your Directory Service, begins to delve into the directory life cycle by covering the first, and in many ways most important, phase: design. We cover all aspects of directory design, from determining your needs, to designing your data sources, schema, namespace, topology, replication, and finally privacy and security.

Part III, Deploying Your Directory Service, covers the next phase in the directory life cycle: deployment. We cover everything from c hoosing the right directory products to piloting your service to putting your service into production. We've also included a chapter about analyzing the cost of your service and how to help reduce those costs.

Part IV, Maintaining Your Directory Service, concludes our coverage of the directory life cycle with a look at the maintenance phase. We cover such topics as backups and disaster recovery, maintaining data, monitoring your directory system, and troubleshooting problems when they occur.

Part V, Leveraging Your Directory Service, talks about how to take advantage of the service you have designed and deployed. We discuss how to directory-enable existing applications, how to create new applications that use the directory, and how your directory can coexist with other data sources.

Part VI, Case Studies, closes the book by presenting several directory case studies. Some of the case studies presented are real, and some are fictitious, but all are designed to illustrate the concepts of directory design, deployment, and maintenance in action.

The Book's Audience

This book is intended for primarily three kinds of readers: decision makers, architects, and administrators. In addition, anyone who wants to know more about LDAP or directories in general will find the book useful, as will software engineers who develop directory applications.

Directory decision makers will find this book useful for aiding an understanding of directories and the kinds of business problems they help solve. Decision makers will find Part I useful for explaining the basics of directories. Part VI should also prove useful by providing some realistic examples of how directories are used and the benefits they can bring.

Directory architects will find this book useful in defining the design problem and providing a methodology for producing a comprehensive directory design. The design methodology is focused on a practical approach to design based on real-world requirements. We highly recommend that directory architects and designers read the whole book, paying special attention to Parts II, III, and IV. A good directory design results in large part from a clear understanding of the other aspects of the directory life cycle and how the directory will be used.

Directory administrators will find Part IV especially useful. It focuses on the maintenance phase of the directory life cycle, where administrators spend much of their lives. We also highly recommend that administrators read the rest of the book to get an idea of the directory big picture, as well as to understand some of the directory design decisions that are bound to make their lives either miserable or enjoyable.

Other interested readers can pick and choose from the sections of the book that interest them. We encourage all readers to at least skim Part I, to ensure that they have the background required to benefit from the rest of the book. We've tried to structure the book so that each chapter stands by itself as much as possible. Readers should be able to read the chapters covering topics that interest them, without wading through chapters of less interest.

Finally, we think all readers will find the case studies presented in Part VI interesting. They give different perspectives on directories designed to illustrate the trade-offs that different directory needs imply.

Contacting Us

If you have comments or suggestions about this book, or if you'd like to tell us about an interesting directory deployment or application you've developed, we'd like to hear from you. Feel free to drop us a line at the following addresses:

Tim Howes:

Mark Smith:
Gordon Good:

We'll try our best to get back to you, but keep in mind that we all have day jobs!

0672323168P041 42003

Book Description
This comprehensive tutorial provides the reader with a thorough treatment of LDAP directory services. Minimal knowledge of general networking and administration is assumed, making the material accessible to intermediate and advanced readers alike. Designed to meet multiple needs, the first part of the book presents a general overview of the subject matter, and the next three sections cover detailed instructions for design, deployment, and integration of directory services. The text is full of practical implementation advice and real-world deployment examples to help the reader choose the path that makes the most sense for the specific organization. --This text refers to an out of print or unavailable edition of this title.

Reader review(s):

Architects and Project Managers Take Note, February 16, 1999
This book gives a good architect's or project manager's understanding of LDAP and of the difficulties inherent in deploying any complex mission critical software system. The book covers schema and name space design, security considerations, legacy integration, capacity planning, systems management and procurement. All of these issues are discussed in a vendor neutral tone, though the references are a bit heavy on Netscape publications.

This is not a programming book and this is not a product manual. For architects, this is a concept book rather than a reference book: After reading this book you will still need to spend hours pouring over your vendor's manuals figuring out how to implement your design. For a project manager, this book may deserve the "bible" moniker, with the checklists something that can be used to guide the deployment of many new systems. While there is one, quite good, chapter on application design, application design is not the focus. Tim and Mark's earlier book covers that topic in much more detail.

The book, at 850 pages, is long, but it should be easy going for a database professional. The book itself looks like it was laid out with an HTML browser's "Print" command.

If you are considering an LDAP deployment, using any LDAP server, you will find this book invaluable during the evaluation, planning and deployment process.

This book is a mess., May 13, 2000
It is not suitable for either the beginner or the expert. It is disorganized. Specialized terms are used without being defined or before being defined. There are repeated digressions, for example a timeline that begins with the first TV Guide being published and ends with the number of internet hosts exceeding 36 million (pp 64). There is an enormous amount of superfluous material, bringing this book to 800+ pages for a "lightweight" protocol and requiring constant filtering on the part of the reader. The authors have a poor command of the English language, have little knowledge of organizational structure, and have difficulty following a single line of thought. The material is sometimes patronizingly simple ("A network is...") and other times it uses specialized directory terms that are never defined in the book. Overall, a disaster.

MASSIVE BOOK full of details - not for the novice, June 24, 1999
This book assumes that you have a good understanding of LDAP and Directory Services, The intro chapters do not cover many basic concepts, many terms are not explained until used several dozen times, and there is no glossary. If you don't know what 'dn: uid=joeb, ou=People,' means, you will get easily confused and frustrated by this book.

That said, this is an excellent reference book, contains many useful examples, and goes into great detail about LDAP and directory services.

40 percent technical, lots of noise, March 27, 2001
Overall it's a book for people who need to get familiar and to START designing/prototyping a LDAP system without any background on the LDAP technology itself. I have to skip lots of chapters (related to general business, project management, cost control,corporate politics..) in order to understand the essential LDAP schema/attributes and the overall LDAP design patterns. The authors does give some very good real life design examples at the end. I am looking for a 'LDAP Design Patterns', this book partly ( 30% ?) covers this topic.

Understanding is the focus of this book., February 13, 2001
And that is where it excells! I have actually read this book cover to cover once, and now I use it as a good reference on LDAP. It is not exactly geared to the implementor, but rather to both the Designer/Architect as well as those who have to "sell" LDAP to an organization. If you are new to LDAP, or are going to be doing any sort of design work, this is the first book you should read, its introduction to LDAP is the best I have seen, and although it is weighty (and not just the size of the book) it is quite comprehendable if read in order.

Non technical book, November 10, 2000
After reading this book, I still could not implement LDAP . Book is mainly concepts, and allot of garbage. It'll tell you corporate garbage - like Piloting costs, staff costs etc. This is of no use in an LDAP technical book. Don't buy it !

Don't buy this book, November 10, 2000
I read through the book and it's more concepts that pratical. You will find allot of managerial discussions, including talking to your users, piloting your directory and getting feedback .. etc.. - After reading the book I still have no clue how to implement LDAP "technically"

nice cover, September 18, 2000
This book is so typical of computer science books. There are some nice chapters (containing a lot of background information that you really don't need to know). Then, they break right into the meat of the topic (naming for example), overlooking the fact that they haven't even explained some of the most basic concepts (what is a "dn"). Or they might use terminology in chapter 3 and explain the terminology in chapter 8, leaving you to leaf through the book like an eager little beaver who believes that you have to suffer to learn something! I'm so sick of the shabbiness of these kinds of publications!

Not for programmers or existing ldap systems, no JNDI., February 3, 2000
I know it is focused on "understanding" and "deploying", and that there are other books specifically on programming it, but in 846 pages I would have liked to have more treatment of different use in real APIs. The explanations are too long winded for me, I usually got the point half way through and wished it would get on with it. All in all, I wanted a book that covered all of LDAP, I didn't want 3 different 800 page books. There is also basically zilch about JNDI.

A general overview of LDAP and deployment scenarios, March 10, 2004
LDAP (Lightweight Directory Access Protocol) is a software protocol that enables locating organizations, individuals, and other resources such as files and devices in a network, whether it is a public Internet or a corporate Intranet.

As LDAP adoption and deployment is increasing, the expanded second edition of "Understanding and Deploying LDAP Directory Services" is published with more materials from the authors on the protocol and how to apply it effectively in different network environments.

Book Organization:
The book consists of twenty-six chapters divided into six major parts:
- Directory services overview and history
- Designing your directory service
- Deploying your directory service
- Maintaining your directory service
- Leveraging your directory service
- Case studies
The book begins by defining directory services and what they can offer for an organization then gets into the specifics of how LDAP organizes directories and handles queries with coverage of LDAPv3 extensions and the Netscape Directory Server.

The books then moves on to explore a wide range of topics such as designing directory services, naming, topology, replication, privacy, security deploying, directory services, implementation pitfalls, cost analysis, maintaining directory services, troubleshooting, and creating and enabling directory-service

The book offers help and advice for comparing "LDAP-compliant" products on features, management tools, reliability, performance, scalability, security, standards conformance, interoperability, cost, and other criteria. Then, having chosen a vendor, you'll walk through piloting your application
and testing it for performance, scalability, and reliability. Finally, the authors show how to put the system into production, keep it running smoothly and securely, provide for backups and disaster recovery, and make improvements over time.

The final section of the book presents four thorough deployment case studies, showing how diverse organizations can use LDAP as a simple, versatile solution for a wide variety of problems.

Is the book for you?
The book gives a good architect's or project manager's understanding of LDAP and of the difficulties inherent in deploying any complex mission critical software system.

For architects, this is a concept book rather than a reference book: After reading this book you will still need to refer to product manuals or reference books to help you figure out how to implement your design.

For a project manager, this book is valuable especially with the checklists, something that can be used to guide the deployment of many new systems.

Software developers would read the book to understand more on issues such as redundancy, security and privacy.

For IT professionals who are relatively new to the area, it is the book to read on LDAP.

General Comments:

- There are many specialized terms that are used without being defined or before being defined.

- There is a lot of superfluous material bringing the book to over 900+ pages requiring constant filtering on the part of the reader.

- The book offer more concepts that practical help. You will find a lot of managerial discussions, including talking to your users, piloting your directory and getting feedback. If you are looking to learn how to technically implement LDAP, these discussions will not interest you much.

- The book assumes that you have a good understanding of LDAP and Directory Services. The introduction chapters do not cover many basic concepts, many terms are not explained until used several dozen times, and there is no glossary.

- Managers will appreciate the sections on product selection, piloting an LDAP service, costing, disaster recovery, long-term maintenance, monitoring, and application development in a directory-centric world complete the picture.

- Several case studies are presented, including useful sidebars entitled "20/20 Hindsight".

The Good Stuff:
- Provides a lot of theoretical concepts
- Covers all aspects of LDAP deployment
- Discusses the design aspects of LDAP
- Designed to meet multiple needs
- Minimal knowledge of networking is assumed

The Not So Good Stuff:
- Not much on practical implementations
- Sometimes the explanations are too long
- With over 900 pages, the book is too long
- Sometimes hard to follow the line of thought
- A glossary of technical terms is not provided


If you are planning to work with LDAP whether you are a network manager, a software developer, or an IT administrator, the book provides a lot of information which will help you define your directory requirements in detail and design a directory service that meets them. You will also ind the book valuable during the evaluation, planning and deployment process. However, if you are a programmer who is looking for a programming book or some kind of a product manual to help you setup LDAP services, this
is not the book for you. It is mostly targeted for architects as it is more of a concept book rather than a reference book.

In general, the text is full of advices and real-world deployment examples to help the readers choose the path that makes the most sense for their specific organization. I personally would recommend the book as a general
overview of LDAP and deployment scenarios.

{end of page}

(Page code from the SEO Tools, Toys, and Packages site)