computing Computing is any goal-oriented activity requiring, benefiting from, or creating computer, computing machinery. It includes the study and experimentation of algorithmic processes, and the development of both computer hardware, hardware and softw ...

, a directory service or name service maps the names of network resources to their respective

network address A network address is an identifier for a node or host on a telecommunications network. Network addresses are designed to be unique identifiers across the network, although some networks allow for local, private addresses, or locally administere ...

es. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a

network operating system A network operating system (NOS) is a specialized operating system for a network device such as a router, switch or firewall. Historically operating systems with networking capabilities were described as network operating systems, because they ...

. A directory server or

name server A name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identi ...

is a

server Server may refer to: Computing *Server (computing), a computer program or a device that provides requested information for other programs or devices, called clients. Role * Waiting staff, those who work at a restaurant or a bar attending custome ...

which provides such a service. Each resource on the network is considered an

object Object may refer to: General meanings * Object (philosophy), a thing, being, or concept ** Object (abstract), an object which does not exist at any particular time or place ** Physical object, an identifiable collection of matter * Goal, an a ...

by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object. A directory service defines a

namespace In computing, a namespace is a set of signs (''names'') that are used to identify and refer to objects of various kinds. A namespace ensures that all of a given set of objects have unique names so that they can be easily identified. Namespaces ...

for the network. The namespace is used to assign a ''name'' (unique identifier) to each of the objects. Directories typically have a set of rules determining how network resources are named and identified, which usually includes a requirement that the identifiers be unique and

unambiguous Ambiguity is the type of meaning in which a phrase, statement, or resolution is not explicitly defined, making for several interpretations; others describe it as a concept or statement that has no real reference. A common aspect of ambiguit ...

. When using a directory service, a user does not have to remember the physical address of a network resource; providing a name locates the resource. Some directory services include

access control In physical security and information security, access control (AC) is the action of deciding whether a subject should be granted or denied access to an object (for example, a place or a resource). The act of ''accessing'' may mean consuming ...

provisions, limiting the availability of directory information to authorized users.

Comparison with relational databases

Several things distinguish a directory service from a

relational database A relational database (RDB) is a database based on the relational model of data, as proposed by E. F. Codd in 1970. A Relational Database Management System (RDBMS) is a type of database management system that stores data in a structured for ...

. Data can be made redundant if it aids performance (e.g. by repeating values through rows in a table instead of relating them to the contents of a different table through a key, which technique is called

denormalization Denormalization is a strategy used on a previously- normalized database to increase performance. In computing, denormalization is the process of trying to improve the read performance of a database, at the expense of losing some write performance, ...

; another technique could be the utilization of

replicas A replica is an exact (usually 1:1 in scale) copy or remake of an object, made out of the same raw materials, whether a molecule, a work of art, or a commercial product. The term is also used for copies that closely resemble the original, without ...

for increasing actual throughput). Directory schemas are object classes, attributes, name bindings and knowledge (namespaces) where an object class has: * ''Must'' - attributes that each instances must have * ''May'' - attributes which can be defined for an instance but can be omitted, with the absence similar to NULL in a relational database Attributes are sometimes multi-valued, allowing multiple naming attributes at one level (such as machine type and serial number

concatenation In formal language theory and computer programming, string concatenation is the operation of joining character strings end-to-end. For example, the concatenation of "snow" and "ball" is "snowball". In certain formalizations of concatenati ...

, or multiple phone numbers for "work phone"). Attributes and object classes are usually standardized throughout the industry; for example, X.500 attributes and classes are often formally registered with the

IANA The Internet Assigned Numbers Authority (IANA) is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System (DNS), media types, and other Internet P ...

for their object ID. Therefore, directory applications try to reuse standard classes and attributes to maximize the benefit of existing directory-server software. Object instances are slotted into namespaces; each object class inherits from its parent object class (and ultimately from the root of the

hierarchy A hierarchy (from Ancient Greek, Greek: , from , 'president of sacred rites') is an arrangement of items (objects, names, values, categories, etc.) that are represented as being "above", "below", or "at the same level as" one another. Hierarchy ...

), adding attributes to the must-may list. Directory services are often central to the

security Security is protection from, or resilience against, potential harm (or other unwanted coercion). Beneficiaries (technically referents) of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or ...

design of an IT system and have a correspondingly-fine granularity of access control.

Replication and distribution

Replication and distribution have distinct meanings in the design and management of a directory service. Replication is used to indicate that the same directory namespace (the same objects) are copied to another directory server for redundancy and throughput reasons; the replicated namespace is governed by the same authority. Distribution is used to indicate that multiple directory servers in different namespaces are interconnected to form a distributed directory service; each namespace can be governed by a different authority.

Implementations

Directory services were part of an

Open Systems Interconnection The Open Systems Interconnection (OSI) model is a reference model developed by the International Organization for Standardization (ISO) that "provides a common basis for the coordination of standards development for the purpose of systems inter ...

(OSI) initiative for common network standards and multi-vendor interoperability. During the 1980s, the

ITU The International Telecommunication Union (ITU)In the other common languages of the ITU: * * is a specialized agency of the United Nations responsible for many matters related to information and communication technologies. It was established ...

and

ISO The International Organization for Standardization (ISO ; ; ) is an independent, non-governmental, international standard development organization composed of representatives from the national standards organizations of member countries. Me ...

created the X.500 set of standards for directory services, initially to support the requirements of inter-carrier electronic messaging and network-name lookup. The

Lightweight Directory Access Protocol The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory serv ...

(LDAP) is based on the X.500 directory-information services, using the TCP/IP stack and an X.500

Directory Access Protocol Directory Access Protocol (DAP) is a computer networking standard promulgated by ITU-T and ISO in 1988 for accessing an X.500 directory service. DAP was intended to be used by client computer systems, but was not popular as there were few implem ...

(DAP) string-encoding scheme on the

Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...

. Systems developed before the X.500 include: * ''

Domain Name System The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information ...

(DNS):'' The first directory service on the Internet, still in use * ''

Hesiod Hesiod ( or ; ''Hēsíodos''; ) was an ancient Greece, Greek poet generally thought to have been active between 750 and 650 BC, around the same time as Homer.M. L. West, ''Hesiod: Theogony'', Oxford University Press (1966), p. 40.Jasper Gr ...

:'' Based on DNS and used at MIT's

Project Athena Project Athena was a joint project of MIT, Digital Equipment Corporation, and IBM to produce a campus-wide distributed computing environment for educational use. It was launched in 1983, and research and development ran until June 30, 1991. , At ...

* ''

Network Information Service The Network Information Service, or NIS (originally called Yellow Pages or YP), is a client–server directory service protocol (computing), protocol for Distributed computing, distributing system configuration data such as User (computing), user ...

(NIS):'' Originally

Yellow Pages The yellow pages are Telephone directory, telephone directories of business, businesses, organized by category rather than alphabetically by business name, in which advertising is sold. The directories were originally printed on yellow paper, ...

(YP)

Sun Microsystems Sun Microsystems, Inc., often known as Sun for short, was an American technology company that existed from 1982 to 2010 which developed and sold computers, computer components, software, and information technology services. Sun contributed sig ...

' implementation of a directory service for

Unix Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...

network environments. It played a role similar to Hesiod. * '' NetInfo:'' Developed by NeXT during the late 1980s for

NEXTSTEP NeXTSTEP is a discontinued object-oriented, multitasking operating system based on the Mach kernel and the UNIX-derived BSD. It was developed by NeXT, founded by Steve Jobs, in the late 1980s and early 1990s and was initially used for its ...

. After its acquisition by Apple, it was released as open source and was the directory service for

Mac OS X macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...

before it was deprecated for the LDAP-based Open Directory. Support for NetInfo was removed with the release of 10.5 Leopard. * '' Banyan VINES:'' First

scalable Scalability is the property of a system to handle a growing amount of work. One definition for software systems specifies that this may be done by adding resources to the system. In an economic context, a scalable business model implies that ...

directory service * '' NT Domains:'' Developed by Microsoft to provide directory services for Windows machines before the release of the LDAP-based Active Directory in Windows 2000. Windows Vista continues to support NT Domains after relaxing its minimum authentication protocols.

LDAP implementations

LDAP/X.500-based implementations include: *

389 Directory Server The 389 Directory Server (previously Fedora Directory Server) is a Lightweight Directory Access Protocol (LDAP) server developed by Red Hat as part of the community-supported Fedora Project. The name "389" derives from the port number used by LD ...

: Free Open Source server implementation by

Red Hat Red Hat, Inc. (formerly Red Hat Software, Inc.) is an American software company that provides open source software products to enterprises and is a subsidiary of IBM. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North ...

, with commercial support by Red Hat and SUSE. *

Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Direct ...

Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...

's directory service for

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

, originating from the X.500 directory, created for use in Exchange Server, first shipped with

Windows 2000 Server Windows 2000 is a major release of the Windows NT operating system developed by Microsoft, targeting the server and business markets. It is the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RT ...

and supported by successive versions of Windows * Apache Directory Server: Directory service, written in Java, supporting LDAP, Kerberos 5 and the Change Password Protocol; LDAPv3 certified *

Apple Open Directory Apple Open Directory is the LDAP directory service model implementation from Apple Inc. A directory service is software which stores and organizes information about a computer network's users and network resources and which allows network administr ...

Apple An apple is a round, edible fruit produced by an apple tree (''Malus'' spp.). Fruit trees of the orchard or domestic apple (''Malus domestica''), the most widely grown in the genus, are agriculture, cultivated worldwide. The tree originated ...

's directory server for

, available through

Mac OS X Server Mac OS X Server is a series of Discontinued software, discontinued Unix-like server operating systems developed by Apple Inc., based on macOS. It provided server functionality and system administration tools, and tools to manage both macOS ...

* eDirectory: NetIQ's implementation of directory services supports multiple architectures, including

NetWare NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol. The final update release was ver ...

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

and several flavours of

and is used for user administration and configuration and software management; previously known as Novell Directory Services. * Red Hat Directory Server:

released Red Hat Directory Server, acquired from AOL's Netscape Security Solutions unit, as a commercial product running on top of

Red Hat Enterprise Linux Red Hat Enterprise Linux (RHEL) is a commercial Linux distribution developed by Red Hat. Red Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z and a desktop version for x86-64. Fedora Linux and ...

as the community-supported

project. Upstream open source project is called FreeIPA. * Oracle Internet Directory: (OID) is

Oracle Corporation Oracle Corporation is an American Multinational corporation, multinational computer technology company headquartered in Austin, Texas. Co-founded in 1977 in Santa Clara, California, by Larry Ellison, who remains executive chairman, Oracle was ...

's directory service, compatible with LDAP version 3. * Sun Java System Directory Server:

' directory service * OpenDS:

Open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...

directory service in Java, backed by

* Oracle Unified Directory: (OUD) is

's next-generation unified directory solution. It integrates storage, synchronization, and proxy functionalities. * Windows NT Directory Services (NTDS), later renamed

, replaced the former NT Domain system. * Critical Path Directory Server *

OpenLDAP OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project. It is released under its own BSD-style license called the OpenLDAP Public License. LDAP is a platform-independ ...

: Derived from the original University of Michigan LDAP implementation (like Netscape, Red Hat, Fedora and Sun JSDS implementations), it supports all computer architectures (including Unix and Unix derivatives, Linux, Windows, z/OS and a number of embedded-realtime systems). * Lotus Domino *

Nexor Nexor Limited is a privately held company based in Nottingham, providing products and services to safeguard government, defence and critical national infrastructure computer systems. It was originally known as X-Tel Services Limited. History N ...

Directory *

OpenDJ OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2). Written in Java, Ope ...

- a

Java Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...

-based LDAP server and directory client that runs in any operating environment, under license

CDDL The Common Development and Distribution License (CDDL) is a free and open-source software license, produced by Sun Microsystems, based on the Mozilla Public License (MPL). Files licensed under the CDDL can be combined with files licensed under o ...

. Developed by

ForgeRock ForgeRock, Inc. was an identity and access management software company headquartered in San Francisco. On August 23, 2023, Thoma Bravo announced that it had completed the acquisition of the company for approximately $2.3 billion. On acquisition ...

, until 2016, now maintained b
OpenDJ
Community Open-source tools to create directory services include OpenLDAP, the Kerberos protocol and

Samba software Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft ...

, which can function as a Windows

domain controller A domain controller (DC) is a Server (computing), server that responds to security authentication requests within a computer network domain. It is a Network (computing), network server that is responsible for allowing Host (network), host access to ...

with Kerberos and LDAP back ends. Administration is by GOsa or Samba SWAT.

Using name services

Unix systems

Name services on Unix systems are typically configured through nsswitch.conf. Information from name services can be retrieved with getent.

References

Citations

Sources

* {{Authority control Computer access control Computer access control protocols Domain Name System