Understanding Directory Services
Beth Sheresh - Doug Sheresh
1 Introduction to Directory Services 1
What Is a Directory Service? 3
What Benefits Does a Directory Service Provide? 8
How Are Directory Services Used? 17
How Are Directories Integrated? 24
2 Evolution of Directory Structures 31
Thinking about Directory Information 31
Scope of the Directory Service 35
Structural Characteristics of a Directory Service 42
Organization: From Flat to Hierarchical 44
Naming: From Physical to Logical 45
Storage: From Centralized to Distributed 53
3 Storing Directory Information 59
The Directory Database 59
Partitioning the Directory 61
Directory Replication 75
4 X.500: A Model for Directory Services 91
Introduction to X.500 91
X.500 Models 97
X.500 Directory Objects 109
Directory Information Tree 113
X.500 Naming 115 X.500
Directory Schema 117
Directory Information Base 122
X.500 Operations 125
Security in X.500 131
5 Lightweight Directory Access Protocol 139
Introduction to LDAP 139
LDAP Models 144
LDAP Directory Objects and Schema 145
The Directory Information Tree 150
LDAP Naming 151
The Directory Information Base 159
LDAP Operations 159
LDAP Security 164
LDAP Programming 167
Proposed LDAP Extensions 169
6 Domain Name System 171
Introduction to DNS 171
Models/Views in DNS 177
DNS Objects: Resource Records 177
The DNS Tree 178
DNS Naming 184
Defining the DNS Schema 185
The Distributed DNS Database 190
DNS Operations 199
Proposed DNS Extensions 209
7 Evaluating Directory Services 213
How to Examine Directory Services 214
Assess Your Network Environment 214
Assess Your Directory Service Needs 218
Key Factors in Directory Services 225
8 Novell Directory Services 241
Introduction to NDS 242
NDS Objects and Schema 249
The NDS Tree 255
Naming in NDS 256
NDS Directory Information Base 260
NDS Operations Security in NDS 271
NDS Administration 276
The Future of NDS 280
9 Active Directory 283
Introduction to Active Directory 283
Active Directory Models 289
Active Directory Objects and Schema 290
The Active Directory DIT 294
Naming in Active Directory 300
The Active Directory DIB 302
Active Directory Operations 309
Security in Active Directory 313
Administration of Active Directory 322
The Future of Active Directory 327
A References 329
Novell Directory Services 336
Active Directory 337
Other Resources 338
Understanding Directory Services presents directory services from a networking perspective, starting with basic theory and archetypes, working its way up to the current Novell Directory Service and Active Directory implementations. In our discussion of directory services, we have focused on explaining the technologies and operations as objectively as possible. Although many books promote specific directory service products, this book provides something a little different: It aims to help you understand how directory services work.
Who This Book is For Understanding Directory Services is designed for networking professionals and anyone studying network technologies. If you want to understand the subject of directory services, especially as it pertains to networking, this is the right book for you. Readers of this book will want to be familiar with the fundamentals of networking theory and operations, as an understanding of networking terminology and concepts is assumed.
How This Book Is Organized The book starts with an overview of directory services and their core characteristics, highlighting the key information, distribu-tion, and storage factors.
It next explores the X.500 standards to help you understand the foundations of directory services, then reviews LDAP, the emerging standard for directory access, and then examines DNS. The book next discusses how to evaluate a directory ser-vice for your network, and concludes by examining the design and operations of Novell Directory Services and Active Directory. Directory services are a dense topic, filled with as many acronyms and models as any other networking technology. By presenting informa-tion in small pieces, starting with the big picture and then focusing on details, we hope to make the topic easier to grasp. Accordingly, this book is designed to be read in a linear fashion, where material in later chapters builds on information presented in earlier chap-ters. The following list gives a brief overview of what you can expect to learn from each chapter.
Chapter 1: Introduction to Directory Services (the big picture)—Explains directo-ry services in an overview.
Chapter 2: Evolution of Directory Structures—Explores the evolving nature of the information the directory contains, and the factors involved in or-ganizing and managing it.
Chapter 3: Storing Directory Information—Methods of information distribution and storage are discussed, focusing on distributed directory services.
Chapter 4: X.500: A Model for Directory Services—Reviews the X.500 standards—the archetype for directory ser-vices.
Chapter 5: Lightweight Directory Access Protocol—Describes the LDAP protocol, its emerging role in directory access and more.
Chapter 6: Domain Name System—Examines DNS from a directory service perspective, noting parallels in structures and oper-ations.
Chapter 7: Evaluating Directory Services—Discusses how to evaluate a directory service for use in your network environment, including business considerations.
Chapter 8: Novell Directory Services—Explains Novell Directory Services based on the latest version (NDS 8), describing the underlying directory architecture and its foundations in X.500.
Chapter 9: Active Directory—Explores how Microsoft has integrated the technologies of NT 4, LDAP, and DNS into an exciting new entry into the directory services arena.
Conventions Used In this book, certain typographical conventions have been applied.
Commandline entries, directory names, do-main names, and directory objects are all highlighted in monospaced font. Pay special attention to the terms that appear in italic.
These terms are followed by their acronym or ab-breviation in parentheses—Active Directory (AD), for example. Those acronyms and ab-breviations will subsequently be used throughout the book without spelling out the term again, both for the sake of brevity and also to get you used to thinking in directory services terminology.
1 Introduction to Directory Services
DIRECTORY SERVICES ARE A SIGNIFICANT EMERGING technology with a wide range of applications, from general information systems management to administra-tion of distributed networks.
Directory services are employed to manage complex systems of interrelated information, and to support the distribution and retrieval of information contained within the directory.
The explanations of directory services throughout this book revolve around networking-focused directory services from both a technological and administrative perspective. Cumulatively, throughout these chapters, we describe the cur-rent state of the integration of directory service technologies with leading networking envi-ronments.
Although our focus is directory services from a networking perspective, clearly the scope of directory service technologies and implementations goes well beyond net-working. General-purpose directory services are being used to fill a wide range of business needs with implementations providing key informational support for security, messaging, and e-commerce aspects of the enterprise.
When looking at the integration of directory services in networking, it is clearly a significant shift in network information management, and one of the most significant emerging network technologies today. Many networking vendors are releasing them, many corporations are deploying them, and increasing..