Directory Service
   HOME

TheInfoList



OR:

In
computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, e ...
, a directory service or name service maps the names of network resources to their respective
network address A network address is an identifier for a node or host on a telecommunications network. Network addresses are designed to be unique identifiers across the network, although some networks allow for local, private addresses, or locally administer ...
es. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a
network operating system A network operating system (NOS) is a specialized operating system for a network device such as a router, switch or firewall. Historically operating systems with networking capabilities were described as network operating systems, because they al ...
. A directory server or
name server A name server refers to the server component of the Domain Name System (DNS), one of the two principal namespaces of the Internet. The most important function of DNS servers is the translation (resolution) of human-memorable domain names (example ...
is a
server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...
which provides such a service. Each resource on the network is considered an
object Object may refer to: General meanings * Object (philosophy), a thing, being, or concept ** Object (abstract), an object which does not exist at any particular time or place ** Physical object, an identifiable collection of matter * Goal, an ...
by the directory server. Information about a particular resource is stored as a collection of
attributes Attribute may refer to: * Attribute (philosophy), an extrinsic property of an object * Attribute (research), a characteristic of an object * Grammatical modifier, in natural languages * Attribute (computing), a specification that defines a prope ...
associated with that resource or object. A directory service defines a
namespace In computing, a namespace is a set of signs (''names'') that are used to identify and refer to objects of various kinds. A namespace ensures that all of a given set of objects have unique names so that they can be easily identified. Namespaces ...
for the network. The namespace is used to assign a ''name'' (unique identifier) to each of the objects. Directories typically have a set of rules determining how network resources are named and identified, which usually includes a requirement that the identifiers be unique and unambiguous. When using a directory service, a user does not have to remember the physical address of a network resource; providing a name locates the resource. Some directory services include access control provisions, limiting the availability of directory information to authorized users.


Comparison with relational databases

Several things distinguish a directory service from a
relational database A relational database is a (most commonly digital) database based on the relational model of data, as proposed by E. F. Codd in 1970. A system used to maintain relational databases is a relational database management system (RDBMS). Many relatio ...
. Data can be redundant if it aids performance. Directory schemas are object classes, attributes, name bindings and knowledge (namespaces) where an object class has: * ''Must'' - attributes that each instances must have * ''May'' - attributes which can be defined for an instance but can be omitted, with the absence similar to NULL in a relational database Attributes are sometimes multi-valued, allowing multiple naming attributes at one level (such as machine type and serial number
concatenation In formal language theory and computer programming, string concatenation is the operation of joining character strings end-to-end. For example, the concatenation of "snow" and "ball" is "snowball". In certain formalisations of concatenat ...
, or multiple phone numbers for "work phone"). Attributes and object classes are usually standardized throughout the industry; for example, X.500 attributes and classes are often formally registered with the IANA for their object ID. Therefore, directory applications try to reuse standard classes and attributes to maximize the benefit of existing directory-server software. Object instances are slotted into namespaces; each object class inherits from its parent object class (and ultimately from the root of the hierarchy), adding attributes to the must-may list. Directory services are often central to the
security Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
design of an IT system and have a correspondingly-fine granularity of access control.


Replication and distribution

Replication and distribution have distinct meanings in the design and management of a directory service. Replication is used to indicate that the same directory namespace (the same objects) are copied to another directory server for redundancy and throughput reasons; the replicated namespace is governed by the same authority. Distribution is used to indicate that multiple directory servers in different namespaces are interconnected to form a distributed directory service; each namespace can be governed by a different authority.


Implementations

Directory services were part of an
Open Systems Interconnection The Open Systems Interconnection model (OSI model) is a conceptual model that 'provides a common basis for the coordination of SOstandards development for the purpose of systems interconnection'. In the OSI reference model, the communications ...
(OSI) initiative for common network standards and multi-vendor interoperability. During the 1980s, the
ITU The International Telecommunication Union is a specialized agency of the United Nations responsible for many matters related to information and communication technologies. It was established on 17 May 1865 as the International Telegraph Unio ...
and
ISO ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
created a set of standards for directory services, initially to support the requirements of inter-carrier electronic messaging and network-name lookup. The
Lightweight Directory Access Protocol The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory ser ...
(LDAP) is based on the X.500 directory-information services, using the
TCP/IP stack The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...
and an X.500 Directory Access Protocol (DAP) string-encoding scheme on the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
. Systems developed before the X.500 include: * ''
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...
(DNS):'' The first directory service on the Internet, still in use * ''
Hesiod Hesiod (; grc-gre, Ἡσίοδος ''Hēsíodos'') was an ancient Greek poet generally thought to have been active between 750 and 650 BC, around the same time as Homer. He is generally regarded by western authors as 'the first written poet i ...
:'' Based on DNS and used at MIT's
Project Athena Project Athena was a joint project of MIT, Digital Equipment Corporation, and IBM to produce a campus-wide distributed computing environment for educational use. It was launched in 1983, and research and development ran until June 30, 1991. , A ...
* ''
Network Information Service The Network Information Service, or NIS (originally called Yellow Pages or YP), is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network. Sun M ...
(NIS):'' Originally
Yellow Pages The yellow pages are telephone directories of businesses, organized by category rather than alphabetically by business name, in which advertising is sold. The directories were originally printed on yellow paper, as opposed to white pages for ...
(YP)
Sun Microsystems Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the ...
' implementation of a directory service for
Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...
network environments. It played a role similar to Hesiod. * ''
NetInfo NetInfo is the system configuration database in NeXTSTEP and Mac OS X versions up through Mac OS X v10.4 "Tiger". NetInfo replaces most of the Unix system configuration files, though they are still present for running the machine in single user ...
:'' Developed by NeXT during the late 1980s for
NEXTSTEP NeXTSTEP is a discontinued object-oriented, multitasking operating system based on the Mach kernel and the UNIX-derived BSD. It was developed by NeXT Computer in the late 1980s and early 1990s and was initially used for its range of proprieta ...
. After its acquisition by Apple, it was released as open source and was the directory service for
Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...
before it was deprecated for the LDAP-based Open Directory. Support for NetInfo was removed with the release of 10.5 Leopard. * '' Banyan VINES:'' First scalable directory service * '' NT Domains:'' Developed by Microsoft to provide directory services for Windows machines before the release of the LDAP-based Active Directory in Windows 2000. Windows Vista continues to support NT Domains after relaxing its minimum authentication protocols.


LDAP implementations

LDAP/X.500-based implementations include: * 389 Directory Server: Free Open Source server implementation by
Red Hat Red Hat, Inc. is an American software company that provides open source software products to enterprises. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina, with other offices worldwide. Red Hat has become ass ...
, with commercial support by Red Hat and SUSE. *
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of Process (computing), processes and Windows service, services. Initially, Active D ...
:
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
's directory service for
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
, originating from the X.500 directory, created for use in
Exchange Server Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems. The first version was called Exchange Server 4.0, to position it as the successor to the related ...
, first shipped with
Windows 2000 Server Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officiall ...
and supported by successive versions of Windows * Apache Directory Server: Directory service, written in Java, supporting LDAP, Kerberos 5 and the Change Password Protocol; LDAPv3 certified *
Apple Open Directory Apple Open Directory is the LDAP directory service model implementation from Apple Inc. A directory service is software which stores and organizes information about a computer network's users and network resources and which allows network administ ...
:
Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, wh ...
's directory server for
Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...
, available through
Mac OS X Server macOS Server, formerly Mac OS X Server and OS X Server, is a discontinued series of Unix-like server operating systems developed by Apple Inc., based on macOS and later add-on software packages for the latter. macOS Server added serve ...
* eDirectory:
NetIQ NetIQ is a product line within the CyberRes line of business at Micro Focus, which includes solutions focused on cybersecurity, including ArcSight, Fortify, Voltage, and NetIQ. NetIQ was previously based in Houston, Texas, with products that pr ...
's implementation of directory services supports multiple architectures, including
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
, NetWare,
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
and several flavours of
Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...
and is used for user administration and configuration and software management; previously known as Novell Directory Services. * Red Hat Directory Server:
Red Hat Red Hat, Inc. is an American software company that provides open source software products to enterprises. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina, with other offices worldwide. Red Hat has become ass ...
released Red Hat Directory Server, acquired from AOL's Netscape Security Solutions unit, as a commercial product running on top of
Red Hat Enterprise Linux Red Hat Enterprise Linux (RHEL) is a commercial open-source Linux distribution developed by Red Hat for the commercial market. Red Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z and a desktop ...
as the community-supported 389 Directory Server project. Upstream open source project is called
FreeIPA FreeIPA is a free and open source identity management system. FreeIPA is the upstream open-source project foRed Hat Identity Management Overview FreeIPA aims to provide a centrally managed Identity, Policy, and Audit (IPA) system. It uses ...
. *
Oracle Internet Directory Oracle Internet Directory (OID) is a directory service produced by Oracle Corporation, which functions compatible with LDAP version 3. Functionality OID makes the following features available from within an Oracle database environment: * int ...
: (OID) is
Oracle Corporation Oracle Corporation is an American multinational computer technology corporation headquartered in Austin, Texas. In 2020, Oracle was the third-largest software company in the world by revenue and market capitalization. The company sells da ...
's directory service, compatible with LDAP version 3. * Sun Java System Directory Server:
Sun Microsystems Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the ...
' directory service *
OpenDS OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2). Written in Java (prog ...
: Open-source directory service in Java, backed by
Sun Microsystems Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the ...
*
Oracle Unified Directory An oracle is a person or agency considered to provide wise and insightful counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. As such, it is a form of divination. Description The word ''or ...
: (OUD) is
Oracle Corporation Oracle Corporation is an American multinational computer technology corporation headquartered in Austin, Texas. In 2020, Oracle was the third-largest software company in the world by revenue and market capitalization. The company sells da ...
's next-generation unified directory solution. It integrates storage, synchronization, and proxy functionalities. *
IBM Tivoli Directory Server IBM Security Directory Server, formerly known as IBM Directory Server and IBM Tivoli Directory Server, is an IBM implementation of the Lightweight Directory Access Protocol IBM Security Directory Server is an enterprise directory for corporate i ...
: Custom build of an old OpenLDAP release * Windows NT Directory Services (NTDS), later renamed
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of Process (computing), processes and Windows service, services. Initially, Active D ...
, replaced the former NT Domain system. * Critical Path Directory Server *
OpenLDAP OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project. It is released under its own BSD-style license called the OpenLDAP Public License. LDAP is a platform-independ ...
: Derived from the original University of Michigan LDAP implementation (like Netscape, Red Hat, Fedora and Sun JSDS implementations), it supports all computer architectures (including Unix and Unix derivatives, Linux, Windows, z/OS and a number of embedded-realtime systems). *
Lotus Domino HCL Notes (formerly IBM Notes and Lotus Notes; see Branding below) and HCL Domino (formerly IBM Domino and Lotus Domino) are the client and server, respectively, of a collaborative client-server software platform formerly sold by IBM, now by ...
*
Nexor Nexor Limited is a privately held company based in Nottingham, providing product and services to safeguard government, defence and critical national infrastructure computer systems. It was originally known as X-Tel Services Limited. History Ne ...
Directory *
OpenDJ OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2). Written in Java, Open ...
- a
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...
-based LDAP server and directory client that runs in any operating environment, under license
CDDL The Common Development and Distribution License (CDDL) is a free and open-source software license, produced by Sun Microsystems, based on the Mozilla Public License (MPL). Files licensed under the CDDL can be combined with files licensed under o ...
. Developed by ForgeRock, until 2016, now maintained b
OpenDJ
Community Open-source tools to create directory services include OpenLDAP, the
Kerberos protocol Kerberos () is a computer-network authentication protocol that works on the basis of ''tickets'' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily ...
and
Samba software Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft W ...
, which can function as a Windows
domain controller A domain controller (DC) is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, sto ...
with Kerberos and LDAP back ends. Administration is by GOsa or Samba SWAT.


Using name services


Unix systems

Name services on Unix systems are typically configured through nsswitch.conf. Information from name services can be retrieved with
getent getent is a Unix command that helps a user get entries in a number of important text files called databases. This includes the passwd and group databases which store user information – hence is a common way to look up user details on Unix. Since ...
.


See also

*
Access control list In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on giv ...
*
Directory Services Markup Language Directory Services Markup Language (DSML) is a representation of directory service information in an XML syntax. The DSML version 1 effort was announced on July 12, 1999 by creator Bowstreet (subsequently acquired by IBM in 2005). Initiative supp ...
*
Hierarchical database model A hierarchical database model is a data model in which the data are organized into a tree-like structure. The data are stored as records which are connected to one another through links. A record is a collection of fields, with each field containin ...
*
LDAP Data Interchange Format The LDAP Data Interchange Format (LDIF) is a standard plain text data interchange format for representing Lightweight Directory Access Protocol (LDAP) directory content and update requests. LDIF conveys directory content as a set of records, on ...
*
Metadirectory {{Unreferenced, date=June 2019, bot=noref (GreenC bot) A metadirectory system provides for the flow of data between one or more directory services and databases, in order to maintain synchronization of that data, and is an important part of identit ...
*
Service delivery platform A service delivery platform (SDP) is a set of components that provides a delivery architecture (such as service creation, session control and protocols) for a type of service delivered to consumer, whether it be a customer or other system. Althoug ...
*
Virtual directory In computing, the term virtual directory has a couple of meanings. It may simply designate (for example in IIS) a folder which appears in a path but which is not actually a subfolder of the preceding folder in the path. However, this article will ...


References


Citations


Sources

* {{Authority control Computer access control Computer access control protocols