|
A directory service or name service, maps the names of network resources to their respective network addresses. With the name service type of directory, a user does not have to remember the physical address of a network resource; providing a name locates the resource. Each resource on the network is considered an object on the directory server. Information about a particular resource is stored as attributes of that object. Information within objects can be made secure so that only users with the available permissions are able to access it. More sophisticated directories are designed with namespaces as Subscribers, Services, Devices, Entitlements, Preferences, Content and so on. This design process is highly related to Identity management. A directory service defines the namespace for the network. A namespace in this context is the term that is used to hold one or more objects as named entries. The directory design process normally has a set of rules that determine how network resources are named and identified. The rules specify that the names be unique and unambiguous. In X.500 (the directory service standards) and LDAP the name is called the Distinguished name (DN) and refers to a collection of attributes (relative distinguished names) that make up the name of a directory entry. A directory service is a shared information infrastructure for locating, managing, administering, and organizing common items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is an important component of a NOS (Network Operating System). In the more complex cases a directory service is the central information repository for a Service Delivery Platform. For example, looking up "computers" using a directory service might yield a list of available computers and information for accessing them. Replication and Distribution have very distinct meanings in the design and management of a directory service. The term replication is used to indicate that the same directory namespace (the same objects) are copied to another directory server for redundancy and throughput reasons. The replicated namespace is governed by the same authority. The term distribution is used to indicate that multiple directory servers, that hold different namespaces, are interconnected to form a distributed directory service. Each distinct namespace can be governed by different authorities. == Comparison with relational databases == Several things distinguish a traditional directory service from a typical relational database. Of course there are exceptions, but in general: * * data can be redundant if it helps performance. Directory schemas are defined as object classes, attributes, name bindings and knowledge (namespaces), where an object class has: * Must - attributes that each of its instances must have * May - attributes that can be defined for an instance, but can be omitted with the absence treated somewhat like NULL in a relational database * Attributes are sometimes multi-valued allowing multiple naming attributes at one level such as machine type and serial number concatenated or multiple phone numbers for "work phone". * Attributes and object classes are standardized throughout the industry and formally registered with the IANA for their object ID. Therefore, directory applications seek to reuse much of the standard classes and attributes to maximize the benefit of existing directory server software. * Object instances are slotted into namespaces. That is, each object class inherits from its parent object class (and ultimately from the root of the hierarchy) adding attributes to the must/may list. * Directory services are often a central component in the security design of an IT system and have a correspondingly fine granularity regarding access control: who may operate in which manner on what information. Also see: ACLs 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Directory service」の詳細全文を読む スポンサード リンク
|