Understanding Directory Services

Understanding Directory Services

 Beth Sheresh - Doug Sheresh

 Contents

 1 Introduction to Directory Services 1

 What Is a Directory Service? 3

 What Benefits Does a Directory Service Provide? 8

 How Are Directory Services Used? 17

 How Are Directories Integrated? 24

 2 Evolution of Directory Structures 31

 Thinking about Directory Information 31

 Scope of the Directory Service 35

 Structural Characteristics of a Directory Service 42

 Organization: From Flat to Hierarchical 44

 Naming: From Physical to Logical 45

 Storage: From Centralized to Distributed 53

 3 Storing Directory Information 59

 The Directory Database 59

 Partitioning the Directory 61

 Directory Replication 75

 4 X.500: A Model for Directory Services 91

 Introduction to X.500 91

 X.500 Models 97

 X.500 Directory Objects 109

 Directory Information Tree 113

 X.500 Naming 115 X.500

 Directory Schema 117

 Directory Information Base 122

 X.500 Operations 125

 Security in X.500 131

 5 Lightweight Directory Access Protocol 139

 Introduction to LDAP 139

 LDAP Models 144

 LDAP Directory Objects and Schema 145

 The Directory Information Tree 150

 LDAP Naming 151

 The Directory Information Base 159

 LDAP Operations 159

 LDAP Security 164

 LDAP Programming 167

 Proposed LDAP Extensions 169

 6 Domain Name System 171

 Introduction to DNS 171

 Models/Views in DNS 177

 DNS Objects: Resource Records 177

 The DNS Tree 178

DNS Naming 184

 Defining the DNS Schema 185

 The Distributed DNS Database 190

 DNS Operations 199

 Proposed DNS Extensions 209

 7 Evaluating Directory Services 213

 How to Examine Directory Services 214

 Assess Your Network Environment 214

 Assess Your Directory Service Needs 218

 Key Factors in Directory Services 225

 8 Novell Directory Services 241

 Introduction to NDS 242

 NDS Objects and Schema 249

 The NDS Tree 255

 Naming in NDS 256

 NDS Directory Information Base 260

 NDS Operations Security in NDS 271

 NDS Administration 276

 The Future of NDS 280

 9 Active Directory 283

 Introduction to Active Directory 283

 Active Directory Models 289

 Active Directory Objects and Schema 290

 The Active Directory DIT 294

 Naming in Active Directory 300

 The Active Directory DIB 302

 Active Directory Operations 309

 Security in Active Directory 313

 Administration of Active Directory 322

 The Future of Active Directory 327

 A References 329

 X.500 329

 LDAP 331

 DNS 332

 Novell Directory Services 336

 Active Directory 337

 Other Resources 338

 Glossary 339

 Index

 Introduction

 Understanding Directory Services presents directory services from a networking perspective, starting with basic theory and archetypes, working its way up to the current Novell Directory Service and Active Directory implementations. In our discussion of directory services, we have focused on explaining the technologies and operations as objectively as possible. Although many books promote specific directory service products, this book provides something a little different: It aims to help you understand how directory services work.

 Who This Book is For Understanding Directory Services is designed for networking professionals and anyone studying network technologies. If you want to understand the subject of directory services, especially as it pertains to networking, this is the right book for you. Readers of this book will want to be familiar with the fundamentals of networking theory and operations, as an understanding of networking terminology and concepts is assumed.

 How This Book Is Organized The book starts with an overview of directory services and their core characteristics, highlighting the key information, distribu-tion, and storage factors.

 It next explores the X.500 standards to help you understand the foundations of directory services, then reviews LDAP, the emerging standard for directory access, and then examines DNS. The book next discusses how to evaluate a directory ser-vice for your network, and concludes by examining the design and operations of Novell Directory Services and Active Directory. Directory services are a dense topic, filled with as many acronyms and models as any other networking technology. By presenting informa-tion in small pieces, starting with the big picture and then focusing on details, we hope to make the topic easier to grasp. Accordingly, this book is designed to be read in a linear fashion, where material in later chapters builds on information presented in earlier chap-ters. The following list gives a brief overview of what you can expect to learn from each chapter.

 Chapter 1: Introduction to Directory Services (the big picture)—Explains directo-ry services in an overview.

 Chapter 2: Evolution of Directory Structures—Explores the evolving nature of the information the directory contains, and the factors involved in or-ganizing and managing it.

 Chapter 3: Storing Directory Information—Methods of information distribution and storage are discussed, focusing on distributed directory services.

 Chapter 4: X.500: A Model for Directory Services—Reviews the X.500 standards—the archetype for directory ser-vices.

 Chapter 5: Lightweight Directory Access Protocol—Describes the LDAP protocol, its emerging role in directory access and more.

 Chapter 6: Domain Name System—Examines DNS from a directory service perspective, noting parallels in structures and oper-ations.

 Chapter 7: Evaluating Directory Services—Discusses how to evaluate a directory service for use in your network environment, including business considerations.

 Chapter 8: Novell Directory Services—Explains Novell Directory Services based on the latest version (NDS 8), describing the underlying directory architecture and its foundations in X.500.

 Chapter 9: Active Directory—Explores how Microsoft has integrated the technologies of NT 4, LDAP, and DNS into an exciting new entry into the directory services arena.

Conventions Used In this book, certain typographical conventions have been applied.

 Commandline entries, directory names, do-main names, and directory objects are all highlighted in monospaced font.  Pay special attention to the terms that appear in italic.

 These terms are followed by their acronym or ab-breviation in parentheses—Active Directory (AD), for example.  Those acronyms and ab-breviations will subsequently be used throughout the book without spelling out the term again, both for the sake of brevity and also to get you used to thinking in directory services terminology.

 1 Introduction to Directory Services

 DIRECTORY SERVICES ARE A SIGNIFICANT EMERGING technology with a wide range of applications, from general information systems management to administra-tion of distributed networks.

 Directory services are employed to manage complex systems of interrelated information, and to support the distribution and retrieval of information contained within the directory.

 The explanations of directory services throughout this book revolve around networking-focused directory services from both a technological and administrative perspective. Cumulatively, throughout these chapters, we describe the current state of the integration of directory service technologies with leading networking envi-ronments.

 Although our focus is directory services from a networking perspective, clearly the scope of directory service technologies and implementations goes well beyond net-working. General-purpose directory services are being used to fill a wide range of business needs with implementations providing key informational support for security, messaging, and e-commerce aspects of the enterprise.

 When looking at the integration of directory services in networking, it is clearly a significant shift in network information management, and one of the most significant emerging network technologies today. Many networking vendors are releasing them, many corporations are deploying them, and increasing..

Download  Understanding Directory Services