PingDirectory

Introduction to the PingDirectory server

The PingDirectory server is a high-performance, extensible Lightweight Directory Access Protocol (LDAP) directory that provides seamless data management over a distributed system while meeting the constant performance demands for today’s markets.

The PingDirectory server centralizes consumer and user identity management information, subscriber data management, application configurations, and user credentials into a network, enterprise, or virtualized database environment.

The PingDirectory server can:

  • Simplify administration

  • Reduce costs

  • Secure information in systems that scale for large numbers of users

For the latest information on PingDirectory server releases, see the Release Notes.

Server features

The PingDirectory server provides the following features and tools.

Full LDAP version 3 implementation

The PingDirectory server fully supports LDAP v3, which supports the Request For Comments (RFCs) specified in the protocol. It provides a feature-rich solution that supports the core LDAP v3 protocol in addition to server-specific controls and extended operations.

High availability

The PingDirectory server supports N-way multi-primary replication that eliminates single points of failure and ensures high availability for a networked topology. It allows you to store data across multiple machines and disk partitions for fast replication. It also supports replication in entry-balancing proxy server deployments.

Administration tools

The PingDirectory server provides a full set of command-line tools, an administrative console, and a Java-based setup tool to configure, monitor, and manage any part of the server.

The server has a task-based subsystem that provides automated scheduling of basic functions, such as:

  • Backups

  • Restores

  • Imports

  • Exports

  • Restarts

  • Shutdowns

The set of utilities includes a troubleshooting support tool that aggregates system metrics into a .zip file, which administrators can send to your authorized support provider for analysis.

Self-service account manager application

The Self Service Account Manager project, hosted at https://github.com/pingidentity/ssam, is a customizable web application allowing users to perform their own account registration, profile updates, and password changes. The project is for testing and development purposes only and is not a supported application.

Delegated admin application

A Javascript-based web application can be installed for business users to manage identities stored in the PingDirectory server. The application provides delegated administration of identities for:

  • Help desk or customer service representatives initiating a password reset and unlock

  • An employee in HR updating an address stored within another employee profile

  • An application administrator updating identity attributes or group membership to allow application single sign-on (SSO) access.

Security mechanisms

The PingDirectory server provides extensive security mechanisms to protect data and prevent unauthorized access. Access control list (ACL) instructions are available down to the attribute value level and can be stored within each entry.

The server allows connections over SSL through an encrypted communication tunnel. Clients can also use the StartTLS extended operation over standard, non-encrypted ports. Other security features include:

  • A privilege subsystem for fine-grained granting of rights

  • A password policy subsystem that allows configurable password validators and storage schemes

  • SASL authentication mechanisms to secure data integrity, such as:

    • PLAIN

    • ANONYMOUS

    • EXTERNAL

    • CRAM-MD5

    • Digest-MD

    • GSSAPI

The PingDirectory server supports various providers and mappers for certificate-based authentication in addition to the ability to encrypt specific entries or sensitive attributes. For more information, see the PingDirectory Security Guide.

Monitoring and notifications

The PingDirectory server supports monitoring entries using:

  • JConsole

  • SNMP

  • The administrative console

Administrators can track the response times for LDAP operations using a monitoring histogram as well as record performance statistics down to sub-second granularity. The PingDirectory server supports configurable notifications, auditing, and logging subsystems with filtered logging capabilities.

Powerful LDAP SDK

The PingDirectory server is based on a feature-rich LDAP SDK for Java. The LDAP SDK is a Java API standard that overcomes the limitations of the Java Naming and Directory Interface (JNDI) model. For example, JNDI does not address the use of LDAP controls and extended operations. The LDAP SDK for Java provides support for controls and extended operations to leverage Ping Identity’s extensible architecture for their applications.

For more information on the LDAP SDK for Java, see http://www.LDAP.com.
System for Cross-domain Identity Management (SCIM) extension

The PingDirectory server provides a SCIM servlet extension to facilitate moving users to, from, and between cloud-based software as a service (SaaS) applications in a secure and fast manner.

Directory REST API

The PingDirectory server provides a REST API as the native interface for client access. Instead of trying to manage directory hierarchy or requiring attribute mapping, the Directory REST API provides direct access to directory data in a way that is dynamic, discoverable, and efficient. For more information, see the Developer portal.

Server SDK

The Server SDK is a library of Java packages, classes, and build tools to help in-house or third-party developers create client extensions for:

  • PingDirectory server

  • PingDirectoryProxy server

  • PingDataSync server

The servers have a highly extensible and scalable architecture with multiple plugin points for your customization needs. The Server SDK provides APIs to alter the behavior of each server’s components without affecting its code base.

Administration framework

The PingDirectory server provides an administration and configuration framework capable of managing stand-alone servers, server groups, and highly available deployments that include multiple redundant server instances.

Administrators can configure changes locally or remotely:

  • On a single server

  • On all servers in a server group

Each server configuration is stored as a flat file (LDIF) that can be accessed under the cn=config branch of the directory information tree (DIT). Administrators can tune the configuration and perform maintenance functions over LDAP using a suite of command-line tools or an administrative console (for configuration and monitoring). The PingDirectory server provides plugins to extend the functionality of its components.

Server tools location

The PingDirectory server stores a full set of command-line tools for maintaining your system in the PingDirectory/bin directory for UNIX or Linux machines and the PingDirectory\bat directory for Microsoft Windows machines.

The PingDirectory server, administrative console, and LDAP SDK for Java are distributed in .zip format. After extracting the file, you can access the setup utility in the server root directory, located at PingDirectory.

Before installing the PingDirectory server, see Preparing the operating system (Linux) for important information on setting up your machines. See Installing the PingDirectory server for information on installing a server instance using the setup utility. You can run this utility in either interactive command-line or non-interactive command-line. For information on modifying the configuration of a server instance or a group of servers using the command-line tools and the administrative console, see Configuring the PingDirectory server.