Symantec Access Management

  • 1.  Different types of modes CA directory (CA LDAP) can operate in?

    Posted May 10, 2015 09:07 PM

    What are the modes in ca LDAP directory?



  • 2.  Re: Different types of modes CA directory (CA LDAP) can operate in?

    Posted May 12, 2015 09:42 AM

    I'm not sure what you mean; can you be more specific?  Are you talking about replication modes, or directory sizing modes, or something else?



  • 3.  Re: Different types of modes CA directory (CA LDAP) can operate in?

    Posted May 12, 2015 06:45 PM

    Hi Eric
    Am not sure, one of my friend asked this question. Can you explain both, and the difference between replication and directory sizing modes. if you have any reference to read about this please provide me.



  • 4.  Re: Different types of modes CA directory (CA LDAP) can operate in?

    Posted May 15, 2015 03:27 AM

    CA Directory and CA LDAP are different products:

    • CA Directory is a X.500-based server that runs on most Unix flavours and Windows.
    • CA LDAP is a LDAP datastore running on the z/OS platform typically used to underpin a number of security offerings on this platform

     

    X.500 describes a directory service that is made up of one or more DSAs that work together to handle requests received (e.g. LDAP request) and sends a response. A DSA is a directory system agent which is a single server instance making up a group of servers that work together to process requests.

     

    For CA Directory we offer a number of different modes:

    • relay/routing - A CA Directory router/relay can forward/load share/fail over/fail back requests received to a number of data DSAs using the DSP protocol (X.500 standard inter-DSA communication). These requests can also be converted LDAP to include non-CA Directory LDAP servers in the group providing a virtual directory capability.
    • data - The data DSA contains all the information in a single proprietary file that allows for high-speed data access and modification. The size of the file can be scaled depending on the number of entries, size of entries being stored and the amount of available memory on the machine. If data is too large for a single DSA instance then information can be partitioned or distributed into a number of separate data DSAs. This is hidden from the end application as all interaction is handled by the relay/router.
    • replication - CA Directory supports real-time multi-write replication and DISP shadowing replication. For multi-write over slow links we support a hub-and-spoke replication topology allowing local updates to occur in real-time and replication between hubs to occur asynchronously.
    • recovery - When replication fails (for example, DSA is offline) we support 2 methods of recovery. Multi-write queues are a replayed based recovery method. We recommend using multi-write with DISP based recovery (MW-DISP). This form of recovery is delta based and allows a master to be stopped even if it hasn't replicated updates to it's peer DSAs.

     

    They are the basic modes of operation. Please let me know if you have a specific question.

     

    I will need to leave CA LDAP to someone else as I have no expertise in that product.