In
computing
Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, ...
, a directory service or name service maps the names of network resources to their respective
network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a
network operating system. A directory server or
name server is a
server which provides such a service. Each resource on the network is considered an
object by the directory server. Information about a particular resource is stored as a collection of
attributes associated with that resource or object.
A directory service defines a
namespace for the network. The namespace is used to assign a ''name'' (unique identifier) to each of the objects. Directories typically have a set of rules determining how network resources are named and identified, which usually includes a requirement that the identifiers be unique and unambiguous. When using a directory service, a user does not have to remember the physical address of a network resource; providing a name locates the resource. Some directory services include
access control provisions, limiting the availability of directory information to authorized users.
Comparison with relational databases
Several things distinguish a directory service from a
relational database. Data can be redundant if it aids performance.
Directory schemas are object classes, attributes, name bindings and knowledge (namespaces) where an object class has:
* ''Must'' - attributes that each instances must have
* ''May'' - attributes which can be defined for an instance but can be omitted, with the absence similar to NULL in a relational database
Attributes are sometimes multi-valued, allowing multiple naming attributes at one level (such as machine type and serial number
concatenation
In formal language theory and computer programming, string concatenation is the operation of joining character strings end-to-end. For example, the concatenation of "snow" and "ball" is "snowball". In certain formalisations of concatenat ...
, or multiple phone numbers for "work phone"). Attributes and object classes are usually standardized throughout the industry; for example,
X.500
X.500 is a series of computer networking standards covering electronic directory services. The X.500 series was developed by the ITU-T, Telecommunication Standardization Sector of the International Telecommunication Union (ITU-T). ITU-T was former ...
attributes and classes are often formally registered with the
IANA
The Internet Assigned Numbers Authority (IANA) is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System (DNS), media types, and other Interne ...
for their object ID. Therefore, directory applications try to reuse standard classes and attributes to maximize the benefit of existing directory-server software.
Object instances are slotted into namespaces; each object class
inherits from its parent object class (and ultimately from the root of the hierarchy), adding attributes to the must-may list. Directory services are often central to the
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
design of an IT system and have a correspondingly-fine granularity of access control.
Replication and distribution
Replication
Replication may refer to:
Science
* Replication (scientific method), one of the main principles of the scientific method, a.k.a. reproducibility
** Replication (statistics), the repetition of a test or complete experiment
** Replication crisi ...
and distribution have distinct meanings in the design and management of a directory service. Replication is used to indicate that the same directory namespace (the same objects) are copied to another directory server for redundancy and throughput reasons; the replicated namespace is governed by the same authority. Distribution is used to indicate that multiple directory servers in different namespaces are interconnected to form a distributed directory service; each namespace can be governed by a different authority.
Implementations
Directory services were part of an
Open Systems Interconnection (OSI) initiative for common network standards and multi-vendor interoperability. During the 1980s, the
ITU and
ISO created a
set of standards for directory services, initially to support the requirements of inter-carrier electronic messaging and network-name lookup. The
Lightweight Directory Access Protocol (LDAP) is based on the X.500 directory-information services, using the
TCP/IP stack and an X.500
Directory Access Protocol Directory Access Protocol (DAP) is a computer networking standard promulgated by ITU-T and ISO in 1988 for accessing an X.500 directory service. DAP was intended to be used by client computer systems, but was not popular as there were few implemen ...
(DAP) string-encoding scheme on the
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consists ...
.
Systems developed before the X.500 include:
* ''
Domain Name System
The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned ...
(DNS):'' The first directory service on the Internet, still in use
* ''
Hesiod
Hesiod (; grc-gre, Ἡσίοδος ''Hēsíodos'') was an ancient Greek poet generally thought to have been active between 750 and 650 BC, around the same time as Homer. He is generally regarded by western authors as 'the first written poet i ...
:'' Based on DNS and used at MIT's
Project Athena
* ''
Network Information Service (NIS):'' Originally
Yellow Pages (YP)
Sun Microsystems' implementation of a directory service for
Unix
Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...
network environments. It played a role similar to Hesiod.
* ''
NetInfo:'' Developed by NeXT during the late 1980s for
NEXTSTEP. After its acquisition by Apple, it was released as open source and was the directory service for
Mac OS X before it was deprecated for the LDAP-based Open Directory. Support for NetInfo was removed with the release of 10.5 Leopard.
* ''
Banyan VINES:'' First
scalable directory service
* ''
NT Domain
A Windows domain is a form of a computer network in which all user accounts, computers, printers and other security principals, are registered with a central database located on one or more clusters of central computers known as domain controlle ...
s:'' Developed by Microsoft to provide directory services for Windows machines before the release of the LDAP-based Active Directory in Windows 2000. Windows Vista continues to support NT Domains after relaxing its minimum authentication protocols.
LDAP implementations
LDAP/X.500-based implementations include:
*
389 Directory Server: Free Open Source server implementation by
Red Hat, with commercial support by Red Hat and
SUSE
SUSE ( , ) is a German-based multinational open-source software company that develops and sells Linux products to business customers. Founded in 1992, it was the first company to market Linux for enterprise. It is the developer of SUSE Linux En ...
.
*
Active Directory:
Microsoft
Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
's directory service for
Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...
, originating from the X.500 directory, created for use in
Exchange Server, first shipped with
Windows 2000 Server and supported by successive versions of Windows
*
Apache Directory Server
Apache Directory is an Open-source software, open source project of the Apache Software Foundation. The Apache Directory Server, originally written by Alex Karasulu, is an embeddable directory server entirely written in Java (programming language) ...
: Directory service, written in Java, supporting LDAP, Kerberos 5 and the Change Password Protocol; LDAPv3 certified
*
Apple Open Directory:
Apple
An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple trees are cultivated worldwide and are the most widely grown species in the genus '' Malus''. The tree originated in Central Asia, where its wild ances ...
's directory server for
Mac OS X, available through
Mac OS X Server
*
eDirectory: NetIQ's implementation of directory services supports multiple architectures, including
Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...
,
NetWare,
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
and several flavours of
Unix
Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...
and is used for user administration and configuration and software management; previously known as Novell Directory Services.
*
Red Hat Directory Server
The 389 Directory Server (previously Fedora Directory Server) is a Lightweight Directory Access Protocol (LDAP) server developed by Red Hat as part of the community-supported Fedora Project. The name "389" derives from the port number used by LD ...
:
Red Hat released Red Hat Directory Server, acquired from AOL's Netscape Security Solutions unit, as a commercial product running on top of
Red Hat Enterprise Linux
Red Hat Enterprise Linux (RHEL) is a Commercial software, commercial Open-source software, open-source Linux distribution developed by Red Hat for the commerce, commercial market. Red Hat Enterprise Linux is released in server versions for x86-6 ...
as the community-supported
389 Directory Server project. Upstream open source project is called
FreeIPA
FreeIPA is a free and open source identity management system. FreeIPA is the upstream open-source project foRed Hat Identity Management
Overview
FreeIPA aims to provide a centrally managed Identity, Policy, and Audit (IPA) system. It uses ...
.
*
Oracle Internet Directory: (OID) is
Oracle Corporation
Oracle Corporation is an American multinational computer technology corporation headquartered in Austin, Texas. In 2020, Oracle was the third-largest software company in the world by revenue and market capitalization. The company sells da ...
's directory service, compatible with LDAP version 3.
*
Sun Java System Directory Server The Sun Java System Directory Server is a discontinued LDAP directory server and DSML server written in C and originally developed by Sun Microsystems. The Java System Directory Server is a component of the Java Enterprise System. Earlier iteratio ...
:
Sun Microsystems' directory service
*
OpenDS:
Open-source directory service in Java, backed by
Sun Microsystems
*
Oracle Unified Directory: (OUD) is
Oracle Corporation
Oracle Corporation is an American multinational computer technology corporation headquartered in Austin, Texas. In 2020, Oracle was the third-largest software company in the world by revenue and market capitalization. The company sells da ...
's next-generation unified directory solution. It integrates storage, synchronization, and proxy functionalities.
*
IBM Tivoli Directory Server: Custom build of an old OpenLDAP release
* Windows
NT Directory Service
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centraliz ...
s (NTDS), later renamed
Active Directory, replaced the former NT Domain system.
*
Critical Path Directory Server
*
OpenLDAP: Derived from the original University of Michigan LDAP implementation (like Netscape, Red Hat, Fedora and Sun JSDS implementations), it supports all computer architectures (including Unix and Unix derivatives, Linux, Windows, z/OS and a number of embedded-realtime systems).
*
Lotus Domino
*
Nexor Directory
*
OpenDJ - a
Java
Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mo ...
-based LDAP server and directory client that runs in any operating environment, under license
CDDL. Developed by
ForgeRock
ForgeRock, Inc. is a multinational identity and access management software company headquartered in San Francisco, U.S.A. with offices in Bristol, London, Grenoble, Vancouver (USA), Oslo, Munich, Paris, Sydney, and Singapore. The ForgeRock Ident ...
, until 2016,
now maintained b
OpenDJCommunity
Open-source tools to create directory services include OpenLDAP, the
Kerberos protocol and
Samba software, which can function as a Windows
domain controller with Kerberos and LDAP
back ends. Administration is by GOsa or Samba SWAT.
Using name services
Unix systems
Name services on Unix systems are typically configured through
nsswitch.conf
The Name Service Switch (NSS) connects the computer with a variety of sources of common configuration databases and name resolution mechanisms. These sources include local operating system files (such as , , and ), the Domain Name System (DNS), th ...
. Information from name services can be retrieved with
getent
getent is a Unix command that helps a user get entries in a number of important text files called databases. This includes the passwd and group databases which store user information – hence is a common way to look up user details on Unix. Sin ...
.
See also
*
Access control list
*
Directory Services Markup Language
*
Hierarchical database model
*
LDAP Data Interchange Format
*
Metadirectory
*
Service delivery platform
*
Virtual directory
References
Citations
Sources
*
{{Authority control
Computer access control
Computer access control protocols