Directory services provide a way to map names to addresses through specialized network databases. Some examples of directory services include DNS, ARP/RARP, file systems, and CORBA naming services. LDAP is a lightweight protocol for accessing X.500 directory services over TCP/IP. LDAP directories have a hierarchical data model and use distinguished names and attributes to uniquely identify entries. Popular APIs for accessing LDAP directories include the University of Michigan LDAP C API, Netscape LDAP SDK, Java JNDI, and Microsoft ADSI.

1. Directory & Naming Services
CS-328
Dick Steflik

2. A Directory

3. Directory Services
• Services provided by special network
databases that map names to addresses
• Same idea as a telephone directory
– unique key (name)
– set of attributes (name value pairs)
• address: 12 Beethoven Street
• phone: 777-1234

4. Example Directories
• Domain Naming System (DNS)
– maps IP address to Host names
• ARP/RARP
– map NIC addresses to IP addresses
• File System
– maps file names to disk addresses
• RMI Registry
– maps servers to IP addresses

5. Example Directories
• CORBA Naming Service
– maps CORBA servers to IP addresses

6. Directory Uses
• Corporate Address Book for e-mail
• Corporate Phone Directories
• Web user authentication
• Corporate Asset Management System
• Persistent Object Storage for Java Objects
• Web Enabled Work Flow Management

7. X.500
• ISO Specification for Directory Services
• Defined for the OSI Protocol Stack
– very heavy weight Directory Access Protocol
• US implementation for TCP/IP stack kept
same data model but defined Light-weight
Directory Access Protocol (LDAP) for
accessing data repository.

8. Data Model
• Distributed Hierarchical Database
• Data Store
– usually on proprietary file based database
• optimized for fast tree searches
– Oracle and IBM DB2 are both LDAP enabled
(searchable using LDAP )
– Netscape currently has fastest Directory Server
– OpenLDAP (Berkley Database)

9. Schema
• Every node is keyed uniquely with a
distinguished name
• the distinguished names is made up of
name/value pairs that reflect the
hierarchical relationship between the
name/value pairs
• attribute names can be freely assigned but
there are some standard ones that have been
defined by common usage

10. Common Attributes
• dn Distinguished name
• c Country
• o Organization
• ou Organizational Unit
• cn Common Name
• sn Surname
• givenname First name
• l Location
• mail e-mail address
• uid userid
• userpassword password to go along with uid

11. Airius Corporation

13. LDAP URLS
• ldap://host:port/dn[?attributes[?scope[?filter]]]
– host - the dns name of the server (or IP address)
– port - 389 (well known port or whatever port that
LDAP is installed on)
– dn - distinguished name of of the entity of interest
– attributes - comma separated list of ldap attributes
types to be returned
– scope - base, one, sub
– filter - search filter for entity selection

14. Search Filter Examples
• RFC 1960
• (sn=Jensen) - Entries with a surname of Jensen
• (objectclass=*) - All entries
• (cn=*bert*) - All entries containing the string “bert” in the common
name attribute
• (cn>=Fred) - all entries with a common name lexicographically greater
than Fred
• (&(objectclass=person)(mail=*)) - all people with an email address
• (&(objectclass=person)( | (title=*director*)(title=*executive*))) - all
people with the string director or executive in the title attribute

15. Filters
• Six basic filters
– Equality - (<attr> = <value>)
– Approximate - (<attr> -= <value>)
– Substring - (<attr> = [<leading>* (sn=*Jensen*) [<any>*[<trailing>])
– Greater than or equal - <attr> <= <value>
– Less than or equal - <attr> <= <value>
– Presence - <attr> = *
• Booleans
– AND - & - (&([<filter1>])(<filter2>))
– OR - | - ( | (<filter1>)(<filter2>))
– NOT ! - (! (<filter>))

16. Popular APIs
• University of Michigan - C language for LDAP - free - de facto
standard, solid and ubiquitous
• Netscape LDAP SDK - C, Java and Perl - included with Netscape
Communicator, or a free download
• Java Naming and Directory Interface (JNDI) - Sun, part of J2EE,
provides common interface to all Directory servers and Naming
Services
• Active Directory Service Interface (ADSI) Microsoft, C++ and
Microsoft Java versions
• ColdFusion - tags for LDAP Queries (comes with Cold Fusion)
• PHP - Libraries built in for doing LDAP queries
• Perl - Netscape PerLDAP SDK and Net::LDAP (free and open source)

17. JNDI Architecture

19. The Naming package
• classes and interfaces for accessing naming
services.
• Create a hash table for passing environment
information
• Set up environment info
• Get a reference to the Directory Context

20. The Naming package (more)
• Once you have the reference to the
Directory context use the methods and
classes in the Directory package to do
things like searching and retrieve and/or
modify entry attributes

21. The Directory Package
• extends the naming package to provide
functionality for accessing directory
services in addition to naming services.
• This package allows applications to retrieve
attributes associated with objects stored in
the directory and to search for objects using
specified attributes.

22. The Service Provider package
• Service providers are classes and services
provided by OEMs that provide a consistent
API for accessing their Naming/Directory
product.
• These are like JDBCs database drivers; i.e.
they abstract the interface to the product to
a consistent API across all service providers