What Is a Directory Service?
Articles and Tips: article
12 May 2000
So far in this article series, I've explained why you would want a directory service and what we mean when we refer to an X.500 directory service. Starting with this article, I will explain directory service concepts for those of you who want to understand exactly what a directory service is and how it works.
Sara Radicati, founder of the Radicati Group and an editor of the X.500 standard, states in her book X.500 Directory Services Technology and Deployment, that Novell Directory Services (NDS) "uses the exact X.500 design specification for the naming model, directory database and the server to server operations. Yes, all of the features and functions described in the X.500 standard are implemented in NDS. NDS, however, provides significant functionality beyond the X.500 specification, providing a complete networking infrastructure that links users to network services, applications and data." So, the basic directory concepts I explain in this series usually apply both to NDS and to the 1993 edition of the X.500 specification.
Inside the Name Space
Directory services have been around for several years, mainly in the enterprise environment. A directory service allows you to more easily manage your network resources. (As a directory service, NDS is a globally accessible, distributed database of objects that represent network resources, such as network users, servers, printers, print queues, and applications.)
Basically, a directory service maps the names of network resources to their respective network addresses. This enables a user to find a network resource by simply knowing its name. The user doesn't have to know the resource's address or its physical location on the network. Applications can also use a directory service's database. For example, an email application can use a directory service database for names and addresses.
A directory service also defines the naming structure, or name space, for the network. A naming structure is a set of rules that specifies how all network resources are named and identified. The rules ensure that each entity has a unique name and that no names are identical. The directory service maintains a correspondence between each network name and address. If a resource's address changes, its name can remain the same. The network administrator simply changes the resource's address on its object in the directory service's database. And, because each network resource only has one object, the network administrator only has to make this change once in order for any server or user to locate it.
This means that applications and network users only have to know the name of any resource they need in order to locate it. Without a directory service, network administrators have to change the resource's address in the database of every server that must use it. Users and applications would have to know which servers have the information in order to locate the resource.
More Than Just Names
Even though the naming and locating of network resources is a directory service's primary function, the database can store other information about the network configuration and resources. Because each resource has an object, and each object has attributes, the directory service can store any information about the resource that the network applications or the network users would find useful.
For example, User objects can store cell phone numbers, photographs, salary information, employee ID, and home addresses. Information held by an object's attribute can also be made secure so that restricted information can only be viewed by objects and users that have the correct security. You can modify the schema (set of rules that govern objects and attributes) to reflect the specific needs of your network and applications. Applications can also modify the schema for their specific needs.
In short, a directory service unifies all the network resources. A directory service enables users, administrators, and applications to think in terms of the entire network instead of the individual servers. In other words, instead of having to log in to several different servers and having to know which servers hold the printers, or which servers contain your authentication information, you simply log in to the network and use the printers on the network. The servers that are servicing the printers or holding your authentication information are transparent to you. In fact, because a directory service can be implemented as a distributed database, multiple servers could have the network information, providing fault tolerance, redundancy, and reducing network traffic. It no longer matters to you which server is logging you in.
In the next article in this series, I'll describe NDS's distributed database and how it can be implemented as a replicated and partitioned directory.
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.