Site home page
Get alerts when Linktionary is updated
Book updates and addendums
Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)
Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!
Contribute to this site
Electronic licensing info
Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.
Directory services are to a network what white pages are to the telephone system. They store information about things in the real world, such as people, computers, printers, and so on, as objects with descriptive attributes. People can use the service to look up objects by name; or, like the yellow pages, they can be used to look up services.
Network managers use directories to manage user accounts and network resources. From a manager's viewpoint, a directory service is like an inventory of all the devices on the network. Any device can be located by using a graphic interface or by searching for its name or some properties (e.g., "color printer"). Once located, a manager can control the device (e.g., disable it or block certain users from accessing it). The directory is a central database where all objects and users are managed.
DNS (Domain Name System) is a form of directory service for the Internet. It holds information about domain names.
A directory service consists of a data store similar to a database, but it differs from the traditional database in a number of ways. The organization of a directory is hierarchical, with classes of objects and subclasses of objects. A directory is primarily used for lookup operations, rather than continuous reads and writes. The information does not change as often as a transactional database. Therefore, frequent updates to distributed copies of the database are less of a concern.
An early directory services standard was X.500, which is discussed elsewhere. Today, Microsoft Windows 2000 Active Directory and Novell Directory Services (NDS) build on that model. An important directory services protocol is LDAP (Lightweight Directory Access Protocol), an IETF-defined client/server protocol for accessing a directory.
Directories are now used to manage a wide range of information, including QoS, bandwidth management policies, profiles, electronic commerce information, and more. They also play an important security role related to authentication of users, firewall filtering, and VPN access. Most directory products now map certificates to user accounts in the directory, and a directory can provide single sign-on for users. DEN (Directory Enabled Network) is a directory services initiative that addresses the issues of policy-based networking and interoperable networks.
This topic continues in "The Encyclopedia of Networking and Telecommunications" with a discussion of the following:
A number of directory services at this writing are listed below, with Microsoft Active Directory and Novell NDS being the most popular. Active Directory runs only with Windows 2000, while NDS has been ported to a variety of platforms. One notable difference between the two is that with NDS, all access controls are managed from the directory. With Windows 2000, some access controls are in Active Directory, while others are at servers. NDS follows the more traditional X.500 model, while Active Directory still has elements of Microsoft Domain Model, a proprietary scheme.
The Directory Interoperability Forum was formed to advance open directories based on LDAP standards. The forum is a group of open directory providers who plan to work through standards bodies to accelerate the evolution and adoption of directory-based applications. Refer to http://www.directoryforum.org/ for more information.
IETF Working Groups
A number of IETF working groups have worked on or are working on directory services standards. A list of working groups is provided here.
Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.