Embed Size (px)
Citation preview
Directory & Naming Services
CS-328
Dick Steflik
A Directory
Directory Services
• Services provided by special network databases that map names to addresses
• Same idea as a telephone directory– unique key (name)
– set of attributes (name value pairs)• address: 12 Beethoven Street• phone: 777-1234
Example Directories
• Domain Naming System (DNS)– maps IP address to Host names
• ARP/RARP– map NIC addresses to IP addresses
• File System– maps file names to disk addresses
• RMI Registry– maps servers to IP addresses
Example Directories
• CORBA Naming Service– maps CORBA servers to IP addresses
Directory Uses
• Corporate Address Book for e-mail
• Corporate Phone Directories
• Web user authentication
• Corporate Asset Management System
• Persistent Object Storage for Java Objects
• Web Enabled Work Flow Management
X.500
• ISO Specification for Directory Services
• Defined for the OSI Protocol Stack– very heavy weight Directory Access Protocol
• US implementation for TCP/IP stack kept same data model but defined Light-weight Directory Access Protocol (LDAP) for accessing data repository.
Data Model
• Distributed Hierarchical Database
• Data Store– usually on proprietary file based database
• optimized for fast tree searches
– Oracle and IBM DB2 are both LDAP enabled (searchable using LDAP )
– Netscape currently has fastest Directory Server– OpenLDAP (Berkley Database)
Schema
• Every node is keyed uniquely with a distinguished name
• the distinguished names is made up of name/value pairs that reflect the hierarchical relationship between the name/value pairs
• attribute names can be freely assigned but there are some standard ones that have been defined by common usage
Common Attributes
• dn Distinguished name
• c Country
• o Organization
• ou Organizational Unit
• cn Common Name
• sn Surname
• givenname First name
• l Location
• mail e-mail address
• uid userid
• userpassword password to go along with uid
Airius Corporation
LDAP URLS
• ldap://host:port/dn[?attributes[?scope[?filter]]]– host - the dns name of the server (or IP address)– port - 389 (well known port or whatever port that
LDAP is installed on)
– dn - distinguished name of of the entity of interest– attributes - comma separated list of ldap attributes
types to be returned– scope - base, one, sub– filter - search filter for entity selection
Search Filter Examples
• RFC 1960
• (sn=Jensen) - Entries with a surname of Jensen
• (objectclass=*) - All entries
• (cn=*bert*) - All entries containing the string “bert” in the common name attribute
• (cn>=Fred) - all entries with a common name lexicographically greater than Fred
• (&(objectclass=person)(mail=*)) - all people with an email address
• (&(objectclass=person)( | (title=*director*)(title=*executive*))) - all people with the string director or executive in the title attribute
Filters
• Six basic filters – Equality - (<attr> = <value>)
– Approximate - (<attr> -= <value>) – Substring - (<attr> = [<leading>* (sn=*Jensen*) [<any>*[<trailing>])– Greater than or equal - <attr> <= <value>– Less than or equal - <attr> <= <value>
– Presence - <attr> = *
• Booleans– AND - & - (&([<filter1>])(<filter2>))– OR - | - ( | (<filter1>)(<filter2>))– NOT ! - (! (<filter>))
Popular APIs
• University of Michigan - C language for LDAP - free - de facto standard, solid and ubiquitous
• Netscape LDAP SDK - C, Java and Perl - included with Netscape Communicator, or a free download
• Java Naming and Directory Interface (JNDI) - Sun, part of J2EE, provides common interface to all Directory servers and Naming Services
• Active Directory Service Interface (ADSI) Microsoft, C++ and Microsoft Java versions
• ColdFusion - tags for LDAP Queries (comes with Cold Fusion)
• PHP - Libraries built in for doing LDAP queries
• Perl - Netscape PerLDAP SDK and Net::LDAP (free and open source)
JNDI Architecture
The Naming package
• classes and interfaces for accessing naming services.
• Create a hash table for passing environment information
• Set up environment info
• Get a reference to the Directory Context
The Naming package (more)
• Once you have the reference to the Directory context use the methods and classes in the Directory package to do things like searching and retrieve and/or modify entry attributes
The Directory Package
• extends the naming package to provide functionality for accessing directory services in addition to naming services.
• This package allows applications to retrieve attributes associated with objects stored in the directory and to search for objects using specified attributes.
The Service Provider package
• Service providers are classes and services provided by OEMs that provide a consistent API for accessing their Naming/Directory product.
• These are like JDBCs database drivers; i.e. they abstract the interface to the product to a consistent API across all service providers
