Directory Services

Download Report

Transcript Directory Services 

Directory Services
BICS 565
What is a Directory Service
(DS)?
• A service that allows users to lookup
information about entities in an organization
• Entities can be people, computers, a
collection of computers, peripherals, and
non-traditional computing devices
• Entities are generally termed as “objects”,
that exist in a hierarchy of the organization.
Why a DS?
• A directory allows fast “lookup” services
• A directory allows quick authentication of
basic information such as e-mail addresses,
passwords, URLs.
• Directory service “points” to other entities,
but does not necessarily store them.
– For example, a phone book has a phone number
of a person, but does not contain his or her
website.
Why not a DB?
• Why not use a database instead of a
directory service?
– Overkill
– DS is good for fast lookups: infrequent writes,
frequent reads.
Why not a DB?
• Databases can perform complex searches,
and generate reports
• However, a DS is well suited for the job of a
“pointer” service to other entities.
• A DB can work as a DS, but is not really
suited for the job.
DS + Network
• A DS is one of the most closely integrated
concepts to a network
• Host information on users, their groups,
their organizational units (for example,
accounting, marketing, etc.)
DS + Network
• Host information on computers in a
network, DHCP, DNS and other network
information.
• Physical and Data Link layer information
for all computers on a network
• Inventory of software, drivers and updates
along with user privileges for its use.
• A DS to store a DS.(???)
X.500
• An OSI standard.
• Directory Access Protocol to access
heavyweight directories
• Lightweight Directory Access Protocol
(LDAP) was created as a client to X.500
• LDAP can itself be a DS
LDAP
• Keywords “Lightweight” and “Directory”
• Lightweight is used to indicate the use of
TCP/IP for all access. No other suite is
supported.
• Originally designed as a directory “access”
protocol, it grew and became popular as a
directory service itself.
LDAP
• First developed at the Univ. of Michigan,
then adapted to several environments such
as Netscape Directory Service, and Active
Directory
–
–
–
–
Netscape DS
Solaris
Novell
Active Directory
Hierarchy
• All LDAP applications use a hierarchy
structure to address the relationship between
different objects in the DS.
• Tree structure embeds objects inside an
organizational unit (OU) that is part of an
organization (O).
LDAP as a base
• LDAP specifications as per the RFC 1777
and RFC 2251 is being developed further by
independent groups.
• OpenLDAP is an opensource effort to
accelerate LDAP as an open standard.
• Netscape has embedded the same LDAP in
its directory service.
Other Directory Projects
• Active Directory
• Netscape Directory
Directory Services
• Emphasis on “service”
• Distributed Approach
• Embedded Knowledge