Directory services

• Directory offline

– Elenchi telefonici

– Guide TV

– Cataloghi acquisti

• Directory online

– Application specific (lotus notes, MS Exchange 5.5, …)

– NOS based (Novell eDirectory, MS Active Directory, SUN nis, …)

– Purpose specific (DNS, …)

– General Purpose (Netscape Directory, OpenLDAP, …)

Caratteristiche directory online

• Dinamiche

• Flessibili

– Estensibili senza ripianificazione

– Flessibilità organizzativa (ricerche flessibili)

• Sicure (Access Control List, autenticazione)

• Personalizzabili (profilazione utente)

Directory vs Database

• Rapporto R/W

• Distribuzione/replicazione

• Performance

• Standard di interoperabilità (SQL/LDAP)

• Transazioni (rollback) e Join

Applicazioni delle directory

• Ricerca informazioni

• Gestione centralizzata oggetti e cfg

• sicurezza

LDAP

• X.500

• LDAP = semplificazione DAP

• LDAPv3– Internazionalizzazione UTF-8– Referrals– Security (SASL/TLS)– Estensibilità (controlli)

LDAP Client LDAP Server

1 – Search operation

2 – Returned entry

3 – Result code

LDAP Client LDAP Server

1 – Search operation, msgid=1

3 – Returned entry, msgid=1

5 – Result code, msgid=2

2 – Search operation, msgid=2

4 – Returned entry, msgid=2

6 – Result code, msgid=1

A client issues multiple LDAP Search request simultaneously

LDAP Client LDAP Server

1 – Open connection and bind

4 – First entry returned

6 – Result of search operation

3 – Search operation

5 – Second entry returned

8 – Close connection

Typical LDAP Exchange

2 – Result of bind operation

7 – Unbind operation

Directory enabled email application

LDAP Server

1 – Search for user Mario Rossi

2 – Entry for Mario Rossi returned

Messaging Server

3 – Client encryps outgoing message using certificate read from directory

4 – Client sends outgoing message to recipient

Modelli operativi di LDAP

• Information Model

• Naming Model

• Functional Model

• Security Model

LDAP Information Model

• Definizione dei tipi di dati

• Oggetti e attributi

• Schema

LDAP Naming Model

dc=example,dc=com

ou=people

cn=Mario Rossi

LDAP Functional Model

• Operazioni che possono essere effettuate– Interrogazione– Update– Autenticazione e controllo– Extended operations

LDAP Security Model

• Binding

• Anonymous o DN+pwd

• Meccanismi SASL (autenticazione)

• StartTLS (cifratura + autenticazione)

Ciclo di vita di un DS

• Design

• Deployment

• Maintenance

Design di un DS

• Directory needs

• Data

• Schema

• Namespace

• Topology

• Replication

• Security

Fase di Deployment di un DS

• Choose directory software

• Piloting

• Analyzing cost

• User feedback

• Moving to production

Fase di Maintenance di un DS

• Backup e Disaster recovery

• Data maintenance

• Monitoring

• Troubleshooting

• Change requirements

top

person

organizationalPerson

inetOrgPerson

Sup

erio

r cla

ssM

ore attributes

dc=example,dc=com

OU = People

Directory Distribuita

OU = AcctOU = HR

DC=example,DC=com

OU = People

Directory Distribuita

OU = AcctOU = HR

Knowledge Referencesdc=example,dc=com

Immediate superior knowledge reference

Subordinate references