Directory service

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In computing, directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system. A directory server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.

A directory service defines a namespace for the network. The namespace is used to assign a "name" (unique identifier) to each of the objects. Directories typically have a set of rules determining how network resources are named and identified, which usually includes a requirement that the identifiers be unique and unambiguous. When using a directory service, a user does not have to remember the physical address of a network resource; providing a name locates the resource. Some directory services include access control provisions, limiting the availability of directory information to authorized users.

Comparison with relational databases[edit]

Several things distinguish a directory service from a relational database. Data can be redundant if it aids performance.[citation needed]

Directory schemas are object classes, attributes, name bindings and knowledge (namespaces) where an object class has:

  • Must - attributes that each instances must have
  • May - attributes which can be defined for an instance but can be omitted, with the absence similar to NULL in a relational database

Attributes are sometimes multi-valued, allowing multiple naming attributes at one level (such as machine type and serial number concatenation, or multiple phone numbers for "work phone"). Attributes and object classes are standardized throughout the industry, and formally registered with the IANA for their object ID. Therefore, directory applications try to reuse standard classes and attributes to maximize the benefit of existing directory-server software.

Object instances are slotted into namespaces; each object class inherits from its parent object class (and ultimately from the root of the hierarchy), adding attributes to the must-may list. Directory services are often central to the security design of an IT system and have a correspondingly-fine granularity of access control.

Replication and distribution[edit]

Replication and distribution have distinct meanings in the design and management of a directory service. Replication is used to indicate that the same directory namespace (the same objects) are copied to another directory server for redundancy and throughput reasons; the replicated namespace is governed by the same authority. Distribution is used to indicate that multiple directory servers in different namespaces are interconnected to form a distributed directory service; each namespace can be governed by a different authority.

Implementations[edit]

Directory services were part of an Open Systems Interconnection (OSI) initiative for common network standards and multi-vendor interoperability. During the 1980s, the ITU and ISO created a set of standards for directory services, initially to support the requirements of inter-carrier electronic messaging and network-name lookup. The Lightweight Directory Access Protocol (LDAP) is based on the X.500 directory-information services, using the TCP/IP stack and an X.500 Directory Access Protocol (DAP) string-encoding scheme on the Internet.

Systems developed before the X.500 include:

  • Domain Name System (DNS): The first directory service on the Internet, still in use
  • Hesiod: Based on DNS and used at MIT's Project Athena
  • Network Information Service (NIS): Originally Yellow Pages (YP) Sun Microsystems' implementation of a directory service for Unix network environments. It played a role similar to Hesiod.
  • NetInfo: Developed by NeXT during the late 1980s for NEXTSTEP. After its acquisition by Apple, it was released as open source and was the directory service for Mac OS X before it wasdeprecated for the LDAP-based Open Directory. Support for NetInfo was removed with the release of 10.5 Leopard.
  • Banyan VINES: First scalable directory service
  • NT Domains: Developed by Microsoft to provide directory services for Windows machines before the release of the LDAP-based Active Directory in Windows 2000. Windows Vista continues to support NT Domains after relaxing its minimum authentication protocols.

LDAP implementations[edit]

LDAP/X.500-based implementations include:

Open-source tools to create directory services include OpenLDAP, the Kerberos protocol and Samba software, which can function as a Windows domain controller with Kerberos and LDAP back ends. Administration is by GOsa or Samba SWAT.

Using name services[edit]

Unix OSs[edit]

Name services on Unix systems are typically configured through nsswitch.conf. Information from name services can be retrieved with getent.

See also[edit]

Notes[edit]

  1. ^ [1] Archived October 15, 2007, at the Wayback Machine.
  2. ^ "Oracle and Sun". Sun.com. 2010-09-07. Retrieved 2012-01-09. 
  3. ^ "Java.net". Opends.dev.java.net. Retrieved 2012-01-09. 

References[edit]