Directory Services A service that stores collections of bindings - - PowerPoint PPT Presentation

directory services
SMART_READER_LITE
LIVE PREVIEW

Directory Services A service that stores collections of bindings - - PowerPoint PPT Presentation

Aug 30, 2023 376 likes •515 views

Directory Services A service that stores collections of bindings between names and attributes, and looks up entries that match attribute-based specifications (e.g., Microsoft's Active Directory Service, X.500 and LDAP) Case Study - X.500

slide-1
SLIDE 1

Directory Services

A service that stores collections of bindings between names and attributes, and looks up entries that match attribute-based specifications (e.g., Microsoft's Active Directory Service, X.500 and LDAP)

slide-2
SLIDE 2

Case Study - X.500

  • X.500 is a directory service primarily used to satisfy

descriptive queries, discovering names and attributes of

  • ther users or system resources
  • White Pages Service - obtaining a specific translation -

what is such-and-such a user's e-mail address?

  • Yellow Pages Service - obtaining grouped information - list

all garages that can repair my Ferrari

  • Such queries may originate from users or from processes
  • Users can search the directory for specific information with
  • nly partial knowledge of its name, structure or content
slide-3
SLIDE 3

X.500 Directory Service

  • The ITU and ISO defined the X.500 standard as part of

the ISO OSI seven-layer model

  • X.500 is designed to be a service for access to

information about “real-world entities"

  • It is specified as an application-level service within OSI,

and can be viewed as a design for a general-purpose directory service

  • It is the basis for LDAP and is used in the OSF's DCE

directory service technology

slide-4
SLIDE 4

X.500 Namespace

  • Organized as a tree structure
  • A wide range of attributes are stored at each node in the

tree

  • Access is not just by name but also by searching for

entities with any required combination of attributes

slide-5
SLIDE 5

DIT and DIB

  • The X.500 tree is called the Directory Information Tree

(DIT)

  • The tree and its associated data is called the Directory

Information Base (DIB)

  • There is intended to be a global DIB with portions of the

world-wide DIB managed by individual X.500 servers

  • Each entry in the DIB consists of a name and a set of

attributes

slide-6
SLIDE 6

Clients and X.500

  • Clients access the directory by establishing a connection

to a server

  • If the data required are not in the segment of the DIB

held by the contacted server, it will invoke other servers to resolve the query or redirect the client to another server

  • X.500 Servers - known as Directory Service Agents

(DSA)

  • X.500 Clients - known as Directory User Agents (DUA)
slide-7
SLIDE 7

X.500 Service Architecture

DSA DSA DSA DSA DSA DSA DUA DUA DUA

slide-8
SLIDE 8

Part of the X.500 DIT

... France (country) Great Britain (country) Greece (country) ... BT Plc (organization) University of Gormenghast (organization) ... ... Department of Computer Science (organizationalUnit) Computing Service (organizationalUnit) Engineering Department (organizationalUnit) ... ... X.500 Service (root) Departmental Staff (organizationalUnit) Research Students (organizationalUnit) ely (applicationProcess) ... ... Alice Flintstone (person) Pat King (person) James Healey (person) ... ... Janet Papworth (person) ...

slide-9
SLIDE 9

An example X.500 DIB Entry

info

Alice Flintstone, Departmental Staff, Department of Computer Science, University of Gormenghast, GB commonName Alice.L.Flintstone Alice.Flintstone Alice Flintstone

  • A. Flintstone

surname Flintstone telephoneNumber +44 986 33 4604 uid

alf mail

alf@dcs.gormenghast.ac.uk Alice.Flintstone@dcs.gormenghast.ac.uk roomNumber Z42 userClass Research Fellow

slide-10
SLIDE 10

Implementing X.500

  • As a standard (recommendation), X.500 does not address

implementation issues

  • It should be clear that any implementation must involve

multiple servers organized as a WAN, with extensive use made of replication and caching

slide-11
SLIDE 11

X.500 and LDAP

  • University of Michigan proposed the Lightweight Directory Access

Protocol (LDAP) in which DUAs access X.500 servers directory

  • ver TCP/IP (as opposed to an application-level OSI protocol)
  • LDAP is defined in RFC 2251, and provides a simple API for

directory access and does away with X.500's requirement to use ASN.1 as the default textual encoding

  • LDAP is based on X.500 but does NOT require it
  • LDAP is widely used, for example, Microsoft's ADS provides an

LDAP interface

  • LDAP is particularly used for organizational intranet directory

services

slide-12
SLIDE 12

Name Services Summary

Name services store the attributes of objects in a distributed system - in particular, their addresses - and return these attributes when a textual named is supplied to be looked up