title: Zen and the Art of Directory Maintenance link: https://onemoretech.wordpress.com/2009/09/10/zen-and-the-art-of-directory-maintenance/ author: lembobro description: post_id: 251 created: 2009/09/10 20:13:56 created_gmt: 2009/09/10 20:13:56 comment_status: open post_name: zen-and-the-art-of-directory-maintenance status: publish post_type: post

Zen and the Art of Directory Maintenance

That would be my first choice for the title of my book on LDAP directory management. Of course the Zen part isn’t all that clear to me right now, but it just has this irresistible ring to it.

While there are a few books out there about how to choose, install and configure LDAP directory software as far as I know none deal with the day-to-day management of directory data and services.

Beginner books are fine, but what’s really needed is a “Day 2” manual on how to avoid dropping any of those many balls you need to have in the air all at once.

Of course some organizations split out responsibilities for what actually goes into the directory and its availability from the task of keeping it up and running. My impression is that most don’t, however, and even where they do it’s the directory system administrator who actually winds up doing the heavy lifting of managing all those constantly changing interrelationships between consumers, suppliers and the directory service at the center. Questions like:

“Is it better to aggregate data by geographic region and then have it fed to the directory, or at the national business unit level?”

“Do we take advantage of support for international characters, or make them live with straight ASCII?”

“Just how much sensitive employee data should you store in a white pages directory?”

“When there’s a dispute over use of a series of test accounts, who wins: development or HR?”

“Do I really have to use legitimate object identifier numbers (i.e., having an IANA assigned Enterprise Number prefix) in our custom schema?”

“Unique numeric IDs that have no intrinsic meaning, or first initial-last name with various qualifiers to avoid duplicates for relative distinguished names?”

“What do you do when your major supplier of user data says they’re ‘not ready yet’ to give you a feed for the users in that new acquisition?”

“At what point do you force a supplier/consumer group to start managing their own data through some automated process under their control, as opposed to continuing to hand hold by doing it for them with your own limited resources?”

“Single or 25 character surnames, can you handle it?”

“What kind of trouble can you get in by using standard attributes in nonstandard ways?”

“Are a completely flat or a insanely hierarchical directory information tree my only choices?”

“Which is better, sorting by dn or some other attribute?”

This is where over a decade of experience managing an modest-sized directory service that at one time was one of the few truly global systems at a particular company could be helpful to others (the examples above are intended to give a sense of the bizarre range of issues admins face every day, and is not exhaustive).

Now I just have to figure out which animal I want on the cover.

I’m thinking one of these kind, docile, creatures:

Copyright 2004-2019 Phil Lembo