- Forward


Naming and Directory Services
An Introduction


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu

Print

Naming Services
Back Forward
  • Identfier Services:
    • Map human-friendly names to the identifiers of entities used by a computing system
  • Entity Services:
    • Map human-friendly names to entities (e.g., objects) used by a computing system
Familiar Examples of Naming Services
Back Forward
  • Identifier Services:
    • The Domain Name System maps machine names to IP addresses
  • Entity Services:
    • File systems map file names to file handles/references
Toward a Formal Definition of Naming Services
Back Forward
  • Naming Convention:
    • The syntax that names must follow
  • Binding:
    • The association of a name with an entity, name of an entity, or reference to an entity
  • Context:
    • A set of bindings
Toward a Formal Definition of Naming Services (cont.)
Back Forward
  • Naming System:
    • A set of contexts (that have the same naming convention) along with a common set of operations
  • Naming Service:
    • The functionality provided by a naming system
  • Namespace:
    • The set of all possible names in a naming system
Directory Systems
Back Forward
  • Relationship to Naming Systems:
    • A directory system is an extension of a naming system
  • Additional Capabilities:
    • In addition to associating names with entities, they associate entities with attributes that describe the entity
Directory Systems (cont.)
Back Forward
  • An Example:
    • A service that maps a human-readable name to a printer and that contains attributes of the printer (like its speed, resolution, and number of colors)
  • Representing Attributes:
    • Attributes normally consist of an identifier and one or more values
Toward a Formal Definition of Directory Services
Back Forward
  • Directory:
    • A connected set of directory objects
  • Directory Service:
    • Provides operations for creating, adding, modifying, and removing objects (and their attributes) in a directory
Directory/Naming Services and Databases
Back Forward
  • Attributes of the Database:
    • Can be flat, relational or hierarchical
    • Can be distributed
    • Usually performs more reads than writes
  • Not Required of the Database:
    • Transaction rollback
    • Normalization
Domains
Back Forward
  • Defined:
    • A group of systems and resources that are organized by a directory/naming service (and share a common security model)
  • Conceptualized:
    • The basic unit in a directory/naming service
  • Common Structures:
    • Hierarchical
    • Multi-master
Metadata
Back Forward
  • Defined:
    • Data about data
  • Uses in Directory/Naming Services:
    • Determine how the data are organized
    • Determine what the data mean (i.e., semantics)
An Example: X.500
Back Forward
  • Participants:
    • Directory System Agent - the database
    • Directory User Agent (DUA) - (like WHOIS and FINGER)
  • Protocols:
    • Directory Access Protocol (DAP) - Add, Bind, Compare, Delete, List, Modify, ModifyRDN, Read, Search
    • Directory Information Shadowing Protocol (DISP) - used to exchange updates (for replication)
    • Directory Operational Bindings Management Protocol (DOP) - used to establish replication agreements
    • Directory System Protocol (DSP) - allows system agents to communicate with user agents
An Example: Lightweight Directory Access Protocol (LDAP)
Back Forward
  • Defined:
    • DAP for TCP/IP
  • Lightweight?
    • No, just narrower than DAP
  • Implementations:
    • ApacheDS
    • Apple Open Directory
    • Fedora DIrectory Server
    • IBM Tivoli Directory Server
    • Microsoft Active Directory
    • OpenDS
LDAP Data Interchange Format (LDIF)
Back Forward
  • Purpose:
    • Describe directory information and modifications to directory information (RFC 2849)
  • An Example with Two Entries: 
    • version: 1
dn: cn=Barbara Jensen, ou=Product Development, dc=airius, dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
cn: Barbara Jensen
cn: Barbara J Jensen
cn: Babs Jensen
sn: Jensen
uid: bjensen
telephonenumber: +1 408 555 1212
description: A big sailing fan.

dn: cn=Bjorn Jensen, ou=Accounting, dc=airius, dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
cn: Bjorn Jensen
sn: Jensen
telephonenumber: +1 408 555 1212
LDIF (cont.)
Back Forward
  • Important Elements:
    • DN - distinguished name
    • CN - canonical name
    • OU - organization unit
    • DC - domain component
    • changetype - indicates a change record
  • Example of Change Records: 
    • version: 1
# Add a new entry
dn: cn=Fiona Jensen, ou=Marketing, dc=airius, dc=com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
cn: Fiona Jensen
sn: Jensen
uid: fiona
telephonenumber: +1 408 555 1212

# Delete an existing entry
dn: cn=Robert Jensen, ou=Marketing, dc=airius, dc=com
changetype: delete

# Modify an entry's relative distinguished name
dn: cn=Paul Jensen, ou=Product Development, dc=airius, dc=com
changetype: modrdn
newrdn: cn=Paula Jensen
deleteoldrdn: 1

# Rename an entry and move all of its children to a new location in
# the directory tree (only implemented by LDAPv3 servers).
dn: ou=PD Accountants, ou=Product Development, dc=airius, dc=com
changetype: modrdn
newrdn: ou=Product Development Accountants
deleteoldrdn: 0
newsuperior: ou=Accounting, dc=airius, dc=com
There's Always More to Learn
Back -