DIRECTORY SERVICES

Directory Services

Directory Services

Implementations of Directory Services under Unix and Linux

A directory service is simply the software system that stores, organizes and provides access to information in a directory. In software engineering, a directory is a map of the differences between names and values. It allows the lookup of values given a name, similar to a dictionary. As a word in a dictionary may have multiple definitions, in a directory, a name may be associated with multiple, different pieces of information. Likewise, as a word may have different parts of speech and different definitions, a name in a directory may have many different types of data.

Directories may be very narrow in scope, supporting only a small set of node types and data types, or they may be very broad, supporting an arbitrary or extensible set of types. In a telephone directory, the nodes are names and the data items are telephone numbers. In the DNS the nodes are domain names and the data items are IP addresses (and alias, mail server names, etc.). In a directory used by a network operating system, the nodes represent resources that are managed by the OS, including users, computers, printers and other shared resources. Many different directory services have been used since the advent of the Internet but this article focuses mainly on those that have descended from the X.500 directory service.

Directory services were part of an Open Systems Interconnection (OSI) initiative to get everyone in the industry to agree to common network standards to provide multi-vendor interoperability. In the 1980s the ITU and ISO came up with a set of standards - X.500, for directory services, initially to support the requirements of inter-carrier electronic messaging and network name lookup. The Lightweight Directory Access Protocol, LDAP, is based on the directory information services of X.500, but uses the TCP/IP stack and a string encoding scheme of the X.500 protocol DAP, giving it more relevance on the Internet.

There have been numerous forms of directory service implementations from different vendors. Systems developed before the advent of X.500 include:

Domain Name System: (DNS), the first directory service on the Internet, which is still used everywhere today.

Hesiod: was based on DNS and used at MIT's Project Athena.

Network Information Service: (NIS), originally named Yellow Pages (YP), was Sun Microsystems' implementation of a directory service for Unix network environments. It served a similar role as Hesiod.

NetInfo: was developed by NeXT in the late 80s for NEXTSTEP. After being acquired by Apple, it was released as open source and used as the directory service for Mac OS X before being deprecated in favor of the LDAP-based Open Directory. Support for NetInfo was completely removed with the release of 10.5 Leopard.

Banyan VINES: was the first scalable directory services offering.

NT Domains: was developed by Microsoft to provide directory services for Windows machines prior to the release the LDAP-based Active Directory in Windows 2000. Windows Vista continues to support NT Domains, but only after relaxing the minimum authentication protocols it ...