Site home page
(news and notices)

Get alerts when Linktionary is updated

Book updates and addendums

Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)

Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!

Contribute to this site

Electronic licensing info

 

  

Directory Services

Related Entries    Web Links    New/Updated Information

  
Search Linktionary (powered by FreeFind)

Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Directory services are to a network what white pages are to the telephone system. They store information about things in the real world, such as people, computers, printers, and so on, as objects with descriptive attributes. People can use the service to look up objects by name; or, like the yellow pages, they can be used to look up services.

Network managers use directories to manage user accounts and network resources. From a manager's viewpoint, a directory service is like an inventory of all the devices on the network. Any device can be located by using a graphic interface or by searching for its name or some properties (e.g., "color printer"). Once located, a manager can control the device (e.g., disable it or block certain users from accessing it). The directory is a central database where all objects and users are managed.

DNS (Domain Name System) is a form of directory service for the Internet. It holds information about domain names.

A directory service consists of a data store similar to a database, but it differs from the traditional database in a number of ways. The organization of a directory is hierarchical, with classes of objects and subclasses of objects. A directory is primarily used for lookup operations, rather than continuous reads and writes. The information does not change as often as a transactional database. Therefore, frequent updates to distributed copies of the database are less of a concern.

An early directory services standard was X.500, which is discussed elsewhere. Today, Microsoft Windows 2000 Active Directory and Novell Directory Services (NDS) build on that model. An important directory services protocol is LDAP (Lightweight Directory Access Protocol), an IETF-defined client/server protocol for accessing a directory.

Directories are now used to manage a wide range of information, including QoS, bandwidth management policies, profiles, electronic commerce information, and more. They also play an important security role related to authentication of users, firewall filtering, and VPN access. Most directory products now map certificates to user accounts in the directory, and a directory can provide single sign-on for users. DEN (Directory Enabled Network) is a directory services initiative that addresses the issues of policy-based networking and interoperable networks.

This topic continues in "The Encyclopedia of Networking and Telecommunications" with a discussion of the following:

  • Role and use of directories
  • Directory structures and operations
  • LDAP directory access protocol
  • Directory schema
  • Meta-directoties
  • DSML (Directory Services Markup Language)
  • Directory Enabled Networks and Policy Management
  • Replication and partitioning

A number of directory services at this writing are listed below, with Microsoft Active Directory and Novell NDS being the most popular. Active Directory runs only with Windows 2000, while NDS has been ported to a variety of platforms. One notable difference between the two is that with NDS, all access controls are managed from the directory. With Windows 2000, some access controls are in Active Directory, while others are at servers. NDS follows the more traditional X.500 model, while Active Directory still has elements of Microsoft Domain Model, a proprietary scheme.

  • DCE Directory Services (http://www.opengroup.org/)    The Open Group's DCE (Distributed Computing Environment) includes its own directory services that are integrated with other DCE components, as described under "DCE (Distributed Computing Environment)."

  • IBM Network Directory (http://www-4.ibm.com/software/network/directory/)    IBM's entry into the directory services market is based on its DB2 database system. It is designed with e-commerce and business-to-business transactions in mind. IBM claims the service is more secure and scalable than Novell's NDS and Microsoft's Active Directory.

  • Netscape Directory Server (http://developer.netscape.com/tech/directory/)    Netscape's Directory Server is designed to be a central place for adding, modifying, and removing user information. It can organize and distribute the information throughout a series of servers on an organization's intranet. The services can be integrated with Netscape's SuiteSpot to provide structured information and group information for the entire suite of applications. Directory Server implements advanced LDAP support and tools for writing directory enabled apps. It also includes enhancements for continuous operation and heterogeneous replication between LDAP servers.

  • Novell Directory Services (http://www.novell.com/products/nds/)    NDS (Novell Directory Services) is a feature in NetWare 4.x that implements a distributed directory service similar to the X.500 specification. Novell has adapted NDS for use on Windows NT and UNIX platforms. A special e-commerce version of NDS is also available. See "NDS (Novell Directory Services)" for more information.

  • Microsoft Active Directory (http://www.microsoft.com/windows2000/)    Active Directory combines features of the Internet's DNS locator service and X.500 naming. LDAP is the core access protocol for the service. LDAP will allow Microsoft's Active Directory to work across operating system boundaries and integrate multiple name spaces, thus allowing administrators to manage other vendors' directory services. See "Microsoft Active Directory" for more information.

The Directory Interoperability Forum was formed to advance open directories based on LDAP standards. The forum is a group of open directory providers who plan to work through standards bodies to accelerate the evolution and adoption of directory-based applications. Refer to http://www.directoryforum.org/ for more information.

IETF Working Groups

A number of IETF working groups have worked on or are working on directory services standards. A list of working groups is provided here.

IETF Working Group, Directory Services, LDAP Extensions (ldapext)

http://www.ietf.org/html.charters/ldapext-charter.html

IETF Working Group, Directory Services: LDAP Duplication/Replication/Update Protocols (ldup)

http://www.ietf.org/html.charters/ldup-charter.html

IETF Working Group: Policy Frameworks including directory services

http://www.ietf.org/html.charters/policy-charter.html



Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.