Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.

Published byRuth Neal Modified over 7 years ago

Similar presentations

Presentation on theme: "1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of."— Presentation transcript:

1 1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of Directory Services

2 2 What is a Directory Service? A directory service is the collection of software, hardware, processes, policies, and administrative procedures involved in making the information in your directory available to the users of your directory. Your directory service includes at least the following components:  Information contained in the directory  S/W servers holding this information  S/W clients acting on behalf of users or other entities accessing this information  H/W on which these clients and servers run  Policies governing access  S/W and procedures for maintainance and monitoring

3 3 Directory Service

4 4  Early directory services were designed for a specific application (e.g. X.400 email application)  Later, (1988) X.500 was introduced as a standard directory service to service different applications. It was revised several times, currently 5 th edition (2005).  Implemented as a distributed database  All network entities are implemented as objects with attributes  Schema defines the directory “blueprint”  X.509 subset of X.500 specification (public key certification) became a common stand-alone standard for authentication

5 5 Directory as a Database Directory is a specialized database  Directories typically have a higher read-to-write ratio than databases.  Directories are typically more easily extended  Directories are usually more widely distributed  Directories are often replicated on a higher scale  Directories usually have very different performance characteristics  Support for standards is important in directories, less so in databases.

6 6 Directory entry with attributes

7 7 Directory Naming Model  All objects are arranged into a hierarchical tree structure (DIT)

8 8 Directory Naming Model  All objects are arranged into a hierarchical tree structure (DIT)  Each object has RDN – simple object name that is unique within a tree level (e.g. Printer1, dglazer)  Each object is identified by it’s distinguished name (DN) that’s unique in the directory (e.g. cn=ChocCookie,ou=recipes,dc=foobar,dc=com; Printer1.is.umbc.edu; dglazer.umbc.edu)

9 9 Distributed DIT

10 10 Distributed DIT

11 11 Distributed DIT

12 12 Directory Management Domains

13 13 Client/Server architecture

14 14 X.500 components and protocols

15 15 LDAP vs X.500  LDAP was originally developed as an alternative to X.500 DAP protocol  It was designed to use TCP/IP instead of OSI protocol stack (“lighter protocol”).  LDAP evolved into a complete directory service  LDAP’s architecture and naming structure are based on X.500 standard  Although today’s version of DAP also runs over TCP/IP, LDAP remains the popular option for connection to a Directory.

16 16 LDAP functional model  LDAP operations are divided into 3 areas: Authentication, Interrogation, Update Some examples include:  Authentication: Open, bind and unbind  Interrogation: Search, compare  Update: Add, Modify, Delete

17 17 LDAP security model  Authentication Assurance that the opposite party (machine or person) really is who he/she/it claims to be.  Integrity Assurance that the information that arrives is really the same as what was sent.  Confidentiality Protection of information disclosure by means of data encryption to those who are not intended to receive it.  Authorization Assurance that a party is really allowed to do what he/she/it is requesting to do. This is usually checked after user authentication. In LDAP Version 3, this is currently not part of the protocol specification and is therefore implementation- (or vendor-) specific.

18 18 LDAP security model  No authentication  Basic authentication  Simple Authentication and Security Layer (SASL) SASL is a framework for adding additional authentication mechanisms to connection-oriented protocols. I SSL and its successor, TLS, are the mechanisms commonly used in SASL for LDAP

19 19 Directory Services Implementations  Microsoft Active Directory  NetIQ (Novell) eDirectory  Sun Microsystems OpenDS  OpenLDAP  Apple Open Directory  Oracle Internet Directory  Apache Directory Server

Download ppt "1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of."

Similar presentations

Lightweight Directory Access Protocol (LDAP) By Raghavendra Aekka Professor Dr. Ravi Mukkamala.

Lightweight Directory Access Protocol (LDAP) By Raghavendra Aekka Professor Dr. Ravi Mukkamala.
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.

Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.
Databases. Database Information is not useful if not organized In database, data are organized in a way that people find meaningful and useful. Database.

Databases. Database Information is not useful if not organized In database, data are organized in a way that people find meaningful and useful. Database.
Introduction to Network Administration. Objectives.

Introduction to Network Administration. Objectives.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.

LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.
Network+ Guide to Networks, Fourth Edition Chapter 8 Network Operating Systems and Windows Server 2003-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 8 Network Operating Systems and Windows Server 2003-Based Networking.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Similar presentations

Ads by Google