In computing , a directory service or name service maps the names of network resources to their respective network addresses . It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system . A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.

A directory service defines a namespace for the network. The namespace is used to assign a name (unique identifier) to each of the objects. Directories typically have a set of rules determining how network resources are named and identified, which usually includes a requirement that the identifiers be unique and unambiguous . When using a directory service, a user does not have to remember the physical address of a network resource; providing a name locates the resource. Some directory services include access control provisions, limiting the availability of directory information to authorized users .

Comparison with relational databases [ edit ]

Several things distinguish a directory service from a relational database . Data can be made redundant if it aids performance (e.g. by repeating values through rows in a table instead of relating them to the contents of a different table through a key, which technique is called denormalization ; another technique could be the utilization of replicas for increasing actual throughput). ^[1]

Directory schemas are object classes, attributes, name bindings and knowledge (namespaces) where an object class has:

• Must - attributes that each instances must have
• May - attributes which can be defined for an instance but can be omitted, with the absence similar to NULL in a relational database

Attributes are sometimes multi-valued, allowing multiple naming attributes at one level (such as machine type and serial number concatenation , or multiple phone numbers for "work phone"). Attributes and object classes are usually standardized throughout the industry; for example, X.500 attributes and classes are often formally registered with the IANA for their object ID. ^{[ citation needed ]} Therefore, directory applications try to reuse standard classes and attributes to maximize the benefit of existing directory-server software.

Object instances are slotted into namespaces; each object class inherits from its parent object class (and ultimately from the root of the hierarchy ), adding attributes to the must-may list. Directory services are often central to the security design of an IT system and have a correspondingly-fine granularity of access control.

Replication and distribution [ edit ]

Replication and distribution have distinct meanings in the design and management of a directory service. Replication is used to indicate that the same directory namespace (the same objects) are copied to another directory server for redundancy and throughput reasons; the replicated namespace is governed by the same authority. Distribution is used to indicate that multiple directory servers in different namespaces are interconnected to form a distributed directory service; each namespace can be governed by a different authority.

Implementations [ edit ]

Directory services were part of an Open Systems Interconnection (OSI) initiative for common network standards and multi-vendor interoperability. During the 1980s, the ITU and ISO created the X.500 set of standards for directory services, initially to support the requirements of inter-carrier electronic messaging and network-name lookup. The Lightweight Directory Access Protocol (LDAP) is based on the X.500 directory-information services, using the TCP/IP stack and an X.500 Directory Access Protocol (DAP) string-encoding scheme on the Internet .

Systems developed before the X.500 include:

• Domain Name System (DNS): The first directory service on the Internet, ^[2] still in use
• Hesiod : Based on DNS and used at MIT's Project Athena
• Network Information Service (NIS): Originally Yellow Pages (YP) Sun Microsystems ' implementation of a directory service for Unix network environments. It played a role similar to Hesiod.
• NetInfo : Developed by NeXT during the late 1980s for NEXTSTEP . After its acquisition by Apple, it was released as open source and was the directory service for Mac OS X before it was deprecated for the LDAP-based Open Directory. Support for NetInfo was removed with the release of 10.5 Leopard.
• Banyan VINES : First scalable directory service
• NT Domains : Developed by Microsoft to provide directory services for Windows machines before the release of the LDAP-based Active Directory in Windows 2000. Windows Vista continues to support NT Domains after relaxing its minimum authentication protocols.

LDAP implementations [ edit ]

LDAP/X.500-based implementations include:

• 389 Directory Server : Free Open Source server implementation by Red Hat , with commercial support by Red Hat and SUSE .
• Active Directory : Microsoft 's directory service for Windows , originating from the X.500 directory, created for use in Exchange Server , first shipped with Windows 2000 Server and supported by successive versions of Windows
• Apache Directory Server : Directory service, written in Java, supporting LDAP, Kerberos 5 and the Change Password Protocol; LDAPv3 certified
• Apple Open Directory : Apple 's directory server for Mac OS X , available through Mac OS X Server
• eDirectory: NetIQ's implementation of directory services supports multiple architectures, including Windows , NetWare , Linux and several flavours of Unix and is used for user administration and configuration and software management; previously known as Novell Directory Services.
• Red Hat Directory Server : Red Hat released Red Hat Directory Server, acquired from AOL's Netscape Security Solutions unit, ^[3] as a commercial product running on top of Red Hat Enterprise Linux as the community-supported 389 Directory Server project. Upstream open source project is called FreeIPA .
• Oracle Internet Directory : (OID) is Oracle Corporation 's directory service, compatible with LDAP version 3.
• Sun Java System Directory Server : Sun Microsystems ' directory service ^[4]
• OpenDS : Open-source directory service in Java, backed by Sun Microsystems ^[5]
• Oracle Unified Directory : (OUD) is Oracle Corporation 's next-generation unified directory solution. It integrates storage, synchronization, and proxy functionalities.
• Windows NT Directory Services (NTDS), later renamed Active Directory , replaced the former NT Domain system.
• Critical Path Directory Server
• OpenLDAP : Derived from the original University of Michigan LDAP implementation (like Netscape, Red Hat, Fedora and Sun JSDS implementations), it supports all computer architectures (including Unix and Unix derivatives, Linux, Windows, z/OS and a number of embedded-realtime systems).
• Lotus Domino
• Nexor Directory
• OpenDJ - a Java -based LDAP server and directory client that runs in any operating environment, under license CDDL . Developed by ForgeRock , until 2016, ^[6] now maintained by OpenDJ Community

Open-source tools to create directory services include OpenLDAP, the Kerberos protocol and Samba software , which can function as a Windows domain controller with Kerberos and LDAP back ends . Administration is by GOsa or Samba SWAT.

Using name services [ edit ]

Unix systems [ edit ]

Name services on Unix systems are typically configured through nsswitch.conf . Information from name services can be retrieved with getent .

See also [ edit ]

• Access control list
• Directory Services Markup Language
• Hierarchical database model
• LDAP Data Interchange Format
• Metadirectory
• Service delivery platform
• Virtual directory

References [ edit ]

Citations [ edit ]

Sources [ edit ]