CIS 527

Directory Services

Directory Services

Software system that stores and provides access to information

Stored objects can include information about users, groups, and resources on a computer system or network

Domain Name System

Image Source: Wikipedia

Timeline

• 1988 - X.500 standard published
  • LDAP soon followed
• 1993 - Samba
• 1993 - Novell Directory Services
• 1993 - Kerberos (RFC 1510)
• 1999 - Microsoft Active Directory

X.500

• First released in 1988
• Name lookups for the X.400 email standard
• Originally used OSI transport protocol
• Several protocols:
  • DAP - Directory Access
  • DSP - Directory System
• http://www.x500standard.com

Lightweight Directory Access Protocol

• Implementation of X.500 DAP using TCP/IP
• Used by many enterprise servers
  • Active Directory
  • Novell Directory Services
  • OpenLDAP

X.500 vs. LDAP

Image Source: x500standard.com

X.500 to LDAP

Image Source: Apache

LDAP Uses

Image Source: Apache

LDAP Entry

dn: cn=John Doe,dc=example,dc=com
cn: John Doe
givenName: John
sn: Doe
telephoneNumber: +1 888 555 6789
telephoneNumber: +1 888 555 1232
mail: john@example.com
manager: cn=Barbara Doe,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top

LDAP Entry Items

• dn - Distinguished Name
• cn - Common Name
• sn - Surname
• dc - Domain Component
• ou - Organizational Unit

LDAP Tree Structure

Image Source: OpenLDAP

Novell Directory Services

• Released in 1993 by Novell
• Now called NetIQ eDirectory
• Originally used IPX/SPX instead of TCP/IP
• Most common directory service until the rise of Microsoft Active Directory

Novell NDS

Image Source: Novell

Windows Workgroup

• Network sharing system present in Windows
• Each computer has a local copy of the security information
• Allows sharing of resources without a central server

Windows Homegroup

• Introduced in Windows 7
• Allows easy sharing of resources with a pre-shared password
• Homegroup computers can also be in a Workgroup or Domain

Windows Workgroup

Image Source: eTutorials

Active Directory

• Introduced in 1999 with Windows 2000
• Implements a directory service along with protocols such as LDAP
• Commonly used in Windows based networks

Windows Domain

Image Source: eTutorials

Active Directory

Image Source: Microsoft

Active Directory Forest

Image Source: Wikipedia

Kerberos

Image Source: Wikipedia

Kerberos

• Developed by MIT in 1980s
• Published in 1993 as RFC 1510
• Allows authentication via a 3rd party server on an open network
• Used by Active Directory & many other directory services

Kerberos

Image Source: Wikipedia

Assignments

• Lab 4 - Directory Services: Due Monday 3/21 11:30 AM