Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

CIS 527

Lecture 14 - Directory Services Overview

Directory Services

Software system that stores and provides access to information

Stored objects can include information about users, groups, and resources on a computer system or network

Domain Name System

Image Source: Wikipedia

Timeline

  • 1988 - X.500 standard published
    • LDAP soon followed
  • 1993 - Samba
  • 1993 - Novell Directory Services
  • 1993 - Kerberos (RFC 1510)
  • 1999 - Microsoft Active Directory

X.500

  • First released in 1988
  • Name lookups for the X.400 email standard
  • Originally used OSI transport protocol
  • Several protocols:
    • DAP - Directory Access
    • DSP - Directory System
  • http://www.x500standard.com

Lightweight Directory Access Protocol

  • Implementation of X.500 DAP using TCP/IP
  • Used by many enterprise servers
    • Active Directory
    • Novell Directory Services
    • OpenLDAP

X.500 vs. LDAP

Image Source: x500standard.com

X.500 to LDAP

Image Source: Apache

LDAP Uses

Image Source: Apache

LDAP Entry

dn: cn=John Doe,dc=example,dc=com
cn: John Doe
givenName: John
sn: Doe
telephoneNumber: +1 888 555 6789
telephoneNumber: +1 888 555 1232
mail: john@example.com
manager: cn=Barbara Doe,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top

LDAP Entry Items

  • dn - Distinguished Name
  • cn - Common Name
  • sn - Surname
  • dc - Domain Component
  • ou - Organizational Unit

LDAP Tree Structure

Image Source: OpenLDAP

Novell Directory Services

  • Released in 1993 by Novell
  • Now called NetIQ eDirectory
  • Originally used IPX/SPX instead of TCP/IP
  • Most common directory service until the rise of Microsoft Active Directory

Novell NDS

Image Source: Novell

Windows Workgroup

  • Network sharing system present in Windows
  • Each computer has a local copy of the security information
  • Allows sharing of resources without a central server

Windows Homegroup

  • Introduced in Windows 7
  • Allows easy sharing of resources with a pre-shared password
  • Homegroup computers can also be in a Workgroup or Domain

Windows Workgroup

Image Source: eTutorials

Active Directory

  • Introduced in 1999 with Windows 2000
  • Implements a directory service along with protocols such as LDAP
  • Commonly used in Windows based networks

Windows Domain

Image Source: eTutorials

Active Directory

Image Source: Microsoft

Active Directory Forest

Image Source: Wikipedia

Kerberos

Image Source: Wikipedia

Kerberos

  • Developed by MIT in 1980s
  • Published in 1993 as RFC 1510
  • Allows authentication via a 3rd party server on an open network
  • Used by Active Directory & many other directory services

Kerberos

Image Source: Wikipedia

Assignments

  • Lab Help Session Fridays 9 - 10 AM!
  • Lab 4 - Directory Services - Due Monday, Mar 30th by 12:39 PM
  • Set up a Directory Service
  • Turn in:
    • CIS Transient Storage
    • via Storage Media in class