Download - Directory services by SAJID
![Page 1: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/1.jpg)
Directory & Naming Services
CS-328
Dick Steflik
![Page 2: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/2.jpg)
A Directory
![Page 3: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/3.jpg)
Directory Services
• Services provided by special network databases that map names to addresses
• Same idea as a telephone directory– unique key (name)
– set of attributes (name value pairs)• address: 12 Beethoven Street• phone: 777-1234
![Page 4: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/4.jpg)
Example Directories
• Domain Naming System (DNS)– maps IP address to Host names
• ARP/RARP– map NIC addresses to IP addresses
• File System– maps file names to disk addresses
• RMI Registry– maps servers to IP addresses
![Page 5: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/5.jpg)
Example Directories
• CORBA Naming Service– maps CORBA servers to IP addresses
![Page 6: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/6.jpg)
Directory Uses
• Corporate Address Book for e-mail
• Corporate Phone Directories
• Web user authentication
• Corporate Asset Management System
• Persistent Object Storage for Java Objects
• Web Enabled Work Flow Management
![Page 7: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/7.jpg)
X.500
• ISO Specification for Directory Services
• Defined for the OSI Protocol Stack– very heavy weight Directory Access Protocol
• US implementation for TCP/IP stack kept same data model but defined Light-weight Directory Access Protocol (LDAP) for accessing data repository.
![Page 8: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/8.jpg)
Data Model
• Distributed Hierarchical Database
• Data Store– usually on proprietary file based database
• optimized for fast tree searches
– Oracle and IBM DB2 are both LDAP enabled (searchable using LDAP )
– Netscape currently has fastest Directory Server– OpenLDAP (Berkley Database)
![Page 9: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/9.jpg)
Schema
• Every node is keyed uniquely with a distinguished name
• the distinguished names is made up of name/value pairs that reflect the hierarchical relationship between the name/value pairs
• attribute names can be freely assigned but there are some standard ones that have been defined by common usage
![Page 10: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/10.jpg)
Common Attributes
• dn Distinguished name
• c Country
• o Organization
• ou Organizational Unit
• cn Common Name
• sn Surname
• givenname First name
• l Location
• mail e-mail address
• uid userid
• userpassword password to go along with uid
![Page 11: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/11.jpg)
Airius Corporation
![Page 12: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/12.jpg)
![Page 13: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/13.jpg)
LDAP URLS
• ldap://host:port/dn[?attributes[?scope[?filter]]]– host - the dns name of the server (or IP address)– port - 389 (well known port or whatever port that
LDAP is installed on)
– dn - distinguished name of of the entity of interest– attributes - comma separated list of ldap attributes
types to be returned– scope - base, one, sub– filter - search filter for entity selection
![Page 14: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/14.jpg)
Search Filter Examples
• RFC 1960
• (sn=Jensen) - Entries with a surname of Jensen
• (objectclass=*) - All entries
• (cn=*bert*) - All entries containing the string “bert” in the common name attribute
• (cn>=Fred) - all entries with a common name lexicographically greater than Fred
• (&(objectclass=person)(mail=*)) - all people with an email address
• (&(objectclass=person)( | (title=*director*)(title=*executive*))) - all people with the string director or executive in the title attribute
![Page 15: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/15.jpg)
Filters
• Six basic filters – Equality - (<attr> = <value>)
– Approximate - (<attr> -= <value>) – Substring - (<attr> = [<leading>* (sn=*Jensen*) [<any>*[<trailing>])– Greater than or equal - <attr> <= <value>– Less than or equal - <attr> <= <value>
– Presence - <attr> = *
• Booleans– AND - & - (&([<filter1>])(<filter2>))– OR - | - ( | (<filter1>)(<filter2>))– NOT ! - (! (<filter>))
![Page 16: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/16.jpg)
Popular APIs
• University of Michigan - C language for LDAP - free - de facto standard, solid and ubiquitous
• Netscape LDAP SDK - C, Java and Perl - included with Netscape Communicator, or a free download
• Java Naming and Directory Interface (JNDI) - Sun, part of J2EE, provides common interface to all Directory servers and Naming Services
• Active Directory Service Interface (ADSI) Microsoft, C++ and Microsoft Java versions
• ColdFusion - tags for LDAP Queries (comes with Cold Fusion)
• PHP - Libraries built in for doing LDAP queries
• Perl - Netscape PerLDAP SDK and Net::LDAP (free and open source)
![Page 17: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/17.jpg)
JNDI Architecture
![Page 18: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/18.jpg)
![Page 19: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/19.jpg)
The Naming package
• classes and interfaces for accessing naming services.
• Create a hash table for passing environment information
• Set up environment info
• Get a reference to the Directory Context
![Page 20: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/20.jpg)
The Naming package (more)
• Once you have the reference to the Directory context use the methods and classes in the Directory package to do things like searching and retrieve and/or modify entry attributes
![Page 21: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/21.jpg)
The Directory Package
• extends the naming package to provide functionality for accessing directory services in addition to naming services.
• This package allows applications to retrieve attributes associated with objects stored in the directory and to search for objects using specified attributes.
![Page 22: Directory services by SAJID](https://reader034.vdocuments.us/reader034/viewer/2022042817/55a7be431a28abfa3e8b471d/html5/thumbnails/22.jpg)
The Service Provider package
• Service providers are classes and services provided by OEMs that provide a consistent API for accessing their Naming/Directory product.
• These are like JDBCs database drivers; i.e. they abstract the interface to the product to a consistent API across all service providers