Directory service
In computing, directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system. A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.
A directory service defines a namespace for the network. The namespace is used to assign a name to each of the objects. Directories typically have a set of rules determining how network resources are named and identified, which usually includes a requirement that the identifiers be unique and unambiguous. When using a directory service, a user does not have to remember the physical address of a network resource; providing a name locates the resource. Some directory services include access control provisions, limiting the availability of directory information to authorized users.
Comparison with relational databases
Several things distinguish a directory service from a relational database. Data can be redundant if it aids performance.Directory schemas are object classes, attributes, name bindings and knowledge where an object class has:
- Must - attributes that each instances must have
- May - attributes which can be defined for an instance but can be omitted, with the absence similar to NULL in a relational database
Object instances are slotted into namespaces; each object class inherits from its parent object class, adding attributes to the must-may list. Directory services are often central to the security design of an IT system and have a correspondingly-fine granularity of access control.
Replication and distribution
and distribution have distinct meanings in the design and management of a directory service. Replication is used to indicate that the same directory namespace are copied to another directory server for redundancy and throughput reasons; the replicated namespace is governed by the same authority. Distribution is used to indicate that multiple directory servers in different namespaces are interconnected to form a distributed directory service; each namespace can be governed by a different authority.Implementations
Directory services were part of an Open Systems Interconnection initiative for common network standards and multi-vendor interoperability. During the 1980s, the ITU and ISO created a set of standards for directory services, initially to support the requirements of inter-carrier electronic messaging and network-name lookup. The Lightweight Directory Access Protocol is based on the X.500 directory-information services, using the TCP/IP stack and an X.500 Directory Access Protocol string-encoding scheme on the Internet.Systems developed before the X.500 include:
- Domain Name System : The first directory service on the Internet, still in use
- Hesiod: Based on DNS and used at MIT's Project Athena
- Network Information Service : Originally Yellow Pages Sun Microsystems' implementation of a directory service for Unix network environments. It played a role similar to Hesiod.
- NetInfo: Developed by NeXT during the late 1980s for NEXTSTEP. After its acquisition by Apple, it was released as open source and was the directory service for Mac OS X before it was deprecated for the LDAP-based Open Directory. Support for NetInfo was removed with the release of 10.5 Leopard.
- Banyan VINES: First scalable directory service
- NT Domains: Developed by Microsoft to provide directory services for Windows machines before the release of the LDAP-based Active Directory in Windows 2000. Windows Vista continues to support NT Domains after relaxing its minimum authentication protocols.
LDAP implementations
- 389 Directory Server: Free Open Source server implementation by Red Hat, with commercial support by Red Hat and SUSE.
- Active Directory: Microsoft's directory service for Windows, originating from the X.500 directory, created for use in Exchange Server, first shipped with Windows 2000 Server and supported by successive versions of Windows
- Apache Directory Server: Directory service, written in Java, supporting LDAP, Kerberos 5 and the Change Password Protocol; LDAPv3 certified
- Apple Open Directory: Apple's directory server for Mac OS X, available through Mac OS X Server
- eDirectory: NetIQ's implementation of directory services supports multiple architectures, including Windows, NetWare, Linux and several flavours of Unix and is used for user administration and configuration and software management; previously known as Novell Directory Services.
- Red Hat Directory Server: Red Hat released Red Hat Directory Server, acquired from AOL's Netscape Security Solutions unit, as a commercial product running on top of Red Hat Enterprise Linux as the community-supported 389 Directory Server project. Upstream open source project is called FreeIPA.
- Oracle Internet Directory: is Oracle Corporation's directory service, compatible with LDAP version 3.
- Sun Java System Directory Server: Sun Microsystems' directory service
- OpenDS: Open-source directory service in Java, backed by Sun Microsystems
- Oracle Unified Directory: is Oracle Corporation's next-generation unified directory solution. It integrates storage, synchronization, and proxy functionalities.
- IBM Tivoli Directory Server: Custom build of an old OpenLDAP release
- Windows NT Directory Services, later renamed Active Directory, replaced the former NT Domain system.
- Critical Path Directory Server
- OpenLDAP: Derived from the original University of Michigan LDAP implementation, it supports all computer architectures.
- Lotus Domino
- Nexor Directory
- OpenDJ - a Java-based LDAP server and directory client that runs in any operating environment, under license CDDL. Developed by ForgeRock, until 2016, now maintained by Community