Naming Services: DNS, LDAP, JNDI (Tanenbaum Text)
Download
Report
Transcript Naming Services: DNS, LDAP, JNDI (Tanenbaum Text)
DISTRIBUTED SYSTEMS
Principles and Paradigms
Second Edition
ANDREW S. TANENBAUM
MAARTEN VAN STEEN
Chapter 5
Naming
(Revised for CS6580)
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
The Domain Name System (DNS)
DNS is primarily used for looking up IP address of
hosts and mail servers
DNS name space is rooted tree
Domain: A subtree of DNS name space
Domain Name: A path to its root node
cs.csueastbay.edu, csueastbay.edu
Zone: The name space is divided into non
overlapping parts. A zone is an “administrative
space” (delegated) and is implemented by a
separate (primary) name server
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
Name Servers
Answer “DNS” questions
Types of Name Servers
Authoritative Servers
Master (Primary)
Slave (Secondary)
Caching (Recursive) Servers
Zone Transfer – Primary to Secondary: Records Transfer
Implemented using TCP (While Query using UDP)
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
Name Space Distribution (1)
Figure 5-13. An example partitioning of the DNS name space,
including Internet-accessible files, into three layers.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
Implementation of Name Resolution (1)
Figure 5-15. The principle of iterative name resolution.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
Implementation of Name Resolution (2)
Figure 5-16. The principle of recursive name resolution.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
The DNS Name Space
Figure 5-19. The most important types of resource records
forming the contents of nodes in the DNS name space.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
DNS Implementation (1)
Figure 5-20. An excerpt from the DNS
database for the zone cs.vu.nl.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
DNS Implementation (2)
Figure 5-20. An excerpt from the DNS
database for the zone cs.vu.nl.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
Attribute-Based Naming (LDAP)
Describe an entity in terms of (attribute, value) pairs
called attributed-based naming
An entry has an associated collection of attributes (each says
something about the entity). By specifying a value of an attribute, naming
system will return one or more entities that meet the user’s description.
It is also known as a directory service
A common approach for distributed directory services is to
combine structured naming with attribute-based naming.
(Microsoft’s Active Directory). Light-weight directory access
protocol (LDAP) derived from OSI’s X500 directory service is
often used. It consists of a number of records (directory
entries). A record is a collection of (attribute, value) pairs.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
LDAP Protocol
The collection of all directory entries in LDAP is called a
directory information base (DIB). Each record is uniquely
named so that it can be looked up. Each naming attribute is
called a relative distinguished name (RDN). As shown in
Figure LDAP(1) :
/C=NL/O=Vrije Universiteit/OU=Comp. Sc.
can be a globally unique name like DNS name nl.vu.cs
As in DNS, the use of globally unique names by listing RDNs
in sequence leads to a hierarchy of the collection of directory
entries , which is referred to as a directory information tree
(DIT) (Figure LDAP(2)). A DIT forms the name graph of an
LDAP directory service in which each node represents a
directory entry.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
LDAP Protocol - Continued
In Figure LDAP(2), Node N corresponds to the directory entry
shown in Figure LDAP(1).
This node N acts also as a parent of other directory entries
that have additional naming attribute Host_Name that is used
as an RDN.
Such entries may be used to represent hosts as shown in
Figure LDAP(3)
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
LDAP – Lookup Examples
READ: read a single record given its path name in DIT
/C=NL/O=Vrije Universiteit/OU=Comp. Sc./CN=Main server
Returns the record (directory entry) as in Figure LDAP(1)
LIST: list the names of all outgoing edges of a giving node in
the DIT.
Each name corresponds to a child node of a given node.
Does not return any record;
Return names, i.e. star and zephy as in Figure LDAP(3)
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
LDAP – Lookup Examples – Cont.
Suppose we want a list of all main servers at the
Vrije Universiteit.
answer = search(“&(C=NL)(O=Vrjie Universiteit)(OU=“*)
(CN=Main server)”)
Here we specified that the place to look for main servers
(not interesting in particular organization unit).
Each returned result should have the CN attribute
equal to Main server.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
Figure LDAP (1)
A Directory Entry using LDAP naming
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
Figure LDAP (2)
Part of a directory Information Tree
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
Figure LDAP (3)
Two directory entries having Host_Name as RDN
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
JNDI Introduction
Java Name and Directory Interface (JNDI) provides name
and directory functionality to applications written using Java.
JNDI API
JNDI SPI (Service Provider Interface)
Java applications use the JNDI API to access a variety of
naming and directory services.
The SPI enables a variety of naming and directory services to
be plugged in transparently
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
JNDI
From: http://java.sun.com/products/jndi/tutorial/getStarted/overview/index.html
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
JNDI – Context Factory (SPI)
CORBA services (COS) naming service
com.sun.jndi.cosnaming.CNCtxFactory
Lightweight Directory Access Protocol (LDAP)
com.sun.jndi.ldap.LdapCtxFactory
Java Remote Method Invocation (RMI) Registry
com.sun.jndi.rmi.registry.RegistryContextFactory
More…..
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
JNDI – CORBA COS Naming Example
// Publish the reference in the Naming Service // using JNDI API Context
initialNamingContext = new InitialContext();
initialNamingContext.rebind("HelloService", helloRef );
ic = new InitialContext();
// Get the Object reference from the Name Service // using JNDI call.
objref = ic.lookup("HelloService");
java -classpath . -Djava.naming.factory.initial=com.sun.jndi.cosnaming.CNCtxFactory Djava.naming.provider.url=iiop://localhost:1050 HelloServer &
java -classpath . -Djava.naming.factory.initial=com.sun.jndi.cosnaming.CNCtxFactory Djava.naming.provider.url=iiop://localhost:1050 HelloClient
java.naming.factory.initial
This envronment property specify the initial context factory to use - the fully qualified class
name of the factory class that will create an initial context.
java.naming.provider.url
This environment property specify the location of the service provider the client will use - The
NamingContextFactory use this information to know which server to connect to.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
JNDI – DNS Naming Example
nslookup -type=srv _kerberos._tcp
String name = args[0];
String[] recordTypes = new String[args.length - 1];
System.arraycopy(args, 1, recordTypes, 0, args.length - 1);
Hashtable<String, String> env = new Hashtable<String,String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
try {
DirContext ctx = new InitialDirContext(env);
Attributes dnsQueryResult = ctx.getAttributes(name, recordTypes);
if (dnsQueryResult == null) {
System.out.println("Not found: '" + name + "'");
}
for (String rrType: recordTypes) {
Attribute rr = dnsQueryResult.get(rrType);
if (rr != null) {
for (NamingEnumeration<?> vals = rr.getAll(); vals.hasMoreElements();) {
System.out.print(rrType + "\t");
System.out.println(vals.nextElement());
}
}
}
} catch (NamingException e) {
e.printStackTrace(System.err);
}
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
JNDI – LDAP Example
import javax.naming.Context;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.DirContext;
import javax.naming.directory.Attributes;
import javax.naming.NamingException
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:389/o=JNDITutorial");
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5
JNDI – LDAP Example - Continued
try {
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of the object
Attributes attrs = ctx.getAttributes("cn=Ted Geisel, ou=People");
// Find the surname attribute ("sn") and print it
System.out.println("sn: " + attrs.get("sn").get());
} catch (NamingException e) {
System.err.println("Problem getting attribute:" + e);
}
# java Getattr
sn: Geisel
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5