Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

CIS 527

Directory Services

Directory Services

Software system that stores and provides access to information

Stored objects can include information about users, groups, and resources on a computer system or network

Domain Name System

Image Source: Wikipedia

Timeline

  • 1988 - X.500 standard published
    • LDAP soon followed
  • 1993 - Samba
  • 1993 - Novell Directory Services
  • 1993 - Kerberos (RFC 1510)
  • 1999 - Microsoft Active Directory

X.500

  • First released in 1988
  • Name lookups for the X.400 email standard
  • Originally used OSI transport protocol
  • Several protocols:
    • DAP - Directory Access
    • DSP - Directory System
  • http://www.x500standard.com

Lightweight Directory Access Protocol

  • Implementation of X.500 DAP using TCP/IP
  • Used by many enterprise servers
    • Active Directory
    • Novell Directory Services
    • OpenLDAP

X.500 vs. LDAP

Image Source: x500standard.com

X.500 to LDAP

Image Source: Apache

LDAP Uses

Image Source: Apache

LDAP Entry

dn: cn=John Doe,dc=example,dc=com
cn: John Doe
givenName: John
sn: Doe
telephoneNumber: +1 888 555 6789
telephoneNumber: +1 888 555 1232
mail: john@example.com
manager: cn=Barbara Doe,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top

LDAP Entry Items

  • dn - Distinguished Name
  • cn - Common Name
  • sn - Surname
  • dc - Domain Component
  • ou - Organizational Unit

LDAP Tree Structure

Image Source: OpenLDAP

Novell Directory Services

  • Released in 1993 by Novell
  • Now called NetIQ eDirectory
  • Originally used IPX/SPX instead of TCP/IP
  • Most common directory service until the rise of Microsoft Active Directory

Novell NDS

Image Source: Novell

Windows Workgroup

  • Network sharing system present in Windows
  • Each computer has a local copy of the security information
  • Allows sharing of resources without a central server

Windows Homegroup

  • Introduced in Windows 7
  • Allows easy sharing of resources with a pre-shared password
  • Homegroup computers can also be in a Workgroup or Domain

Windows Workgroup

Image Source: eTutorials

Active Directory

  • Introduced in 1999 with Windows 2000
  • Implements a directory service along with protocols such as LDAP
  • Commonly used in Windows based networks

Windows Domain

Image Source: eTutorials

Active Directory

Image Source: Microsoft

Active Directory Forest

Image Source: Wikipedia

Kerberos

Image Source: Wikipedia

Kerberos

  • Developed by MIT in 1980s
  • Published in 1993 as RFC 1510
  • Allows authentication via a 3rd party server on an open network
  • Used by Active Directory & many other directory services

Kerberos

Image Source: Wikipedia

Assignments

  • Lab 4 - Directory Services: Due Monday 3/21 11:30 AM