Directory & Naming Services

CS-328
Dick Steflik
A Directory
Directory Services

Services provided by special network

databases that map names to addresses

Same idea as a telephone directory

uniue key !name"

set of attributes !name value pairs"

address# $2 %eethoven Street

phone# &&&-$23'
Example Directories

Domain (amin) System !D(S"

maps *+ address to ,ost names

-.+/.-.+

map (*C addresses to *+ addresses

0ile System

maps file names to disk addresses

.1* .e)istry

maps servers to *+ addresses

Example Directories

C2.%- (amin) Service

maps C2.%- servers to *+ addresses

Directory Uses

Corporate -ddress %ook for e-mail

Corporate +hone Directories

3eb user authentication

Corporate -sset 1ana)ement System

+ersistent 2b4ect Stora)e for 5ava 2b4ects

3eb 6nabled 3ork 0low 1ana)ement

X.500

*S2 Specification for Directory Services

Defined for the 2S* +rotocol Stack

very heavy wei)ht Directory -ccess +rotocol

7S implementation for 8C+/*+ stack kept

same data model but defined 9i)ht-wei)ht
Directory -ccess +rotocol !9D-+" for
accessin) data repository:
Data Model

Distributed ,ierarchical Database

Data Store

usually on proprietary file based database

optimi;ed for fast tree searches

2racle and *%1 D%2 are both 9D-+ enabled

!searchable usin) 9D-+ "

(etscape currently has fastest Directory Server

2pen9D-+ !%erkley Database"

Schema

6very node is keyed uniuely with a

distin)uished name

the distin)uished names is made up of

name/value pairs that reflect the hierarchical
relationship between the name/value pairs

attribute names can be freely assi)ned but

there are some standard ones that have been
defined by common usa)e
ommon Attri!"tes

dn Distin)uished name

c Country

o 2r)ani;ation

ou 2r)ani;ational 7nit

cn Common (ame

sn Surname

)ivenname 0irst name

l 9ocation

mail e-mail address

uid userid

userpassword password to )o alon) with uid

Airi"s orporation
#DA$ U%#S

ldap#//host#port/dn<=attributes<=scope<=filter>>>

host - the dns name of the server !or *+ address"

port - 38? !well known port or whatever port that

9D-+ is installed on"

dn - distin)uished name of of the entity of interest

attributes - comma separated list of ldap attributes

types to be returned

scope - base@ one@ sub

filter - search filter for entity selection

Search &ilter Examples

.0C $?AB

!snC5ensen" - 6ntries with a surname of 5ensen

!ob4ectclassCD" - -ll entries

!cnCDbertD" - -ll entries containin) the strin) EbertF in the common

name attribute

!cnGC0red" - all entries with a common name leHico)raphically )reater

than 0red

!I!ob4ectclassCperson"!mailCD"" - all people with an email address

!I!ob4ectclassCperson"! J !titleCDdirectorD"!titleCDeHecutiveD""" - all

people with the strin) director or eHecutive in the title attribute
&ilters

SiH basic filters

6uality - !KattrG C KvalueG"

-pproHimate - !KattrG -C KvalueG"

Substrin) - !KattrG C <Kleadin)GD !snCD5ensenD" <KanyGD<Ktrailin)G>"

Lreater than or eual - KattrG KC KvalueG

9ess than or eual - KattrG KC KvalueG

+resence - KattrG C D

%ooleans
-(D - I - !I!<Kfilter$G>"!Kfilter2G""
2. - J - ! J !Kfilter$G"!Kfilter2G""

(28 M - !M !KfilterG""
$op"lar A$'s

7niversity of 1ichi)an - C lan)ua)e for 9D-+ - free - de facto

standard@ solid and ubiuitous

(etscape 9D-+ SDN - C@ 5ava and +erl - included with (etscape

Communicator@ or a free download

5ava (amin) and Directory *nterface !5(D*" - Sun@ part of 5266@

provides common interface to all Directory servers and (amin)
Services

-ctive Directory Service *nterface !-DS*" 1icrosoft@ COO and

1icrosoft 5ava versions

Cold0usion - ta)s for 9D-+ Pueries !comes with Cold 0usion"

+,+ - 9ibraries built in for doin) 9D-+ ueries

+erl - (etscape +er9D-+ SDN and (et##9D-+ !free and open source"
(ND' Architect"re
)he Naming pac*age

classes and interfaces for accessin) namin)

services:

Create a hash table for passin) environment

information

Set up environment info

Let a reference to the Directory ConteHt

)he Naming pac*age +more,

2nce you have the reference to the

Directory conteHt use the methods and
classes in the Directory packa)e to do
thin)s like searchin) and retrieve and/or
modify entry attributes
)he Directory $ac*age

eHtends the namin) packa)e to provide

functionality for accessin) directory
services in addition to namin) services:

8his packa)e allows applications to retrieve

attributes associated with ob4ects stored in
the directory and to search for ob4ects usin)
specified attributes:
)he Service $rovider pac*age

Service providers are classes and services

provided by 261s that provide a consistent
-+* for accessin) their (amin)/Directory
product:

8hese are like 5D%Cs database driversQ i:e:

they abstract the interface to the product to
a consistent -+* across all service providers