1 CEG 2400 Fall 2012 eDirectory – Directory Service

2 eDirectory –Formerly called Novell Directory Services (NDS) –Initially released in 1993 –eDirectory is an LDAP-compatible directory service and database that maintains information about all network resources Novell eDirectory Services

3

4 Benefits of eDirectory: 1.Single log in 2.A variety of administration tools 3.A secure, encrypted single login using RSA encryption 4.Because the directory database is distributed and replicated, eDirectory provides fault tolerance 5.eDirectory is scalable, it works well in small networks or global networks 6.eDirectory uses dynamic rights inheritance Novell eDirectory Services

5 The eDirectory tree –A hierarchical structure for organizing information –The tree starts at a single point, called the root, and branches out from there –The tree is usually drawn inverted with the root at the top of the diagram eDirectory Components

6

7 An eDirectory object always represents some definable network element, either physical or logical, for which you can record data –The types of data collected in objects are called properties and the data itself is the property value (similar to x.500) eDirectory Components

8 There are two general categories of eDirectory objects: container objects and leaf objects –Container objects hold other objects, whereas leaf objects are the ends of the tree branches –Container objects are used to organize network resources (represented by leaf objects) eDirectory Components

9

10 Container objects: –The Tree or [Root] object is always the first object in the directory tree, and there is only one and it has no properties and it cannot be modified or deleted –The optional Country object organizes the tree for businesses operating in more than one country –If the Country object is used, it must be used immediately after the Root object eDirectory Components

11 Container objects: –The Organization object provides the first level of organizational structure for the directory tree – eDirectory Trees must have at least one Organization object –There is usually only one Organization object in the directory tree, representing the company eDirectory Components

12 Container objects: –The Organizational Unit (OU) object subdivides the organizational structure of the directory tree –There is no requirement that an OU object be used, however, the OU object is useful for creating an organizational structure in directory trees (usually a lot of these) eDirectory Components

13 Leaf objects used in directory trees: –User related such as user or group –Server related such as servers or volumes –Printer related –General purpose related such as computers eDirectory Components

14 Each eDirectory object has a name that uniquely identifies it within the tree along with it’s context –The position or location of an object in the directory tree is called the object’s context –Context is specified as the path from the [Root] to the object, the context reads from left to right starting at the lowest level of the tree and working upward to the [Root] eDirectory Components

15 eDirectory object names (cont.) –An object’s complete name (the distinguished name) is the object name plus the object’s context (also there is a relative distinguished name) –A name specification that includes the object abbreviations (two letters preceding its name identifying type) is referred to as a typeful name (.cn=jsmith.ou=users.o=mycompany), names without object abbreviations are typeless (.jsmith.users.mycompany) eDirectory Components

16

17 One of the main security concerns in the eDirectory environment is protecting the all-important directory database –Novell implements a distributed database, one that is stored in sections (or partitions) on different servers –Partitions start at an Organization or OU branch of the tree and include all leaf objects in that container plus any other elements in that branch eDirectory - a Replicated, Distributed Database

18 Distributed database (cont.) –A replica is a copy of a partition and is stored on Novell servers to ensure fault tolerance and provide faster access on a WAN –When an eDirectory object changes, a copy of the change is sent from the partition where the change was first recorded, to all other replicas of the partition - this is called replica synchronization eDirectory as a Replicated, Distributed Database

19 Distributed database (cont.) –The five types of replicas are: 1.Master 2.Read/Write 3.Read-Only 4.Subordinate Reference 5.Filtered eDirectory as a Replicated, Distributed Database

eDirectory Advantages –Uses dynamic rights inheritance, which allows both global and specific access controls –Access rights to objects in the tree are determined at the time of the request and are determined by the rights assigned to the objects by virtue of their location in the tree, any security equivalences, and individual assignments –Can log into any server in the tree 20

eDirectory Advantages –The software supports partitioning at any point in the tree, as well as replication of any partition to any number of servers –Replication between servers occurs periodically using deltas of the objects –Runs on most NOS platforms Windows Some forms of Linux/Unix 21

eDirectory Advantages –Netware integrated all functions into eDirectory. Even file system information is stored in the directory as volume objects. –Active Directory is fairly simple by comparison, typically storing only user and machine objects in their directory. Other Windows network configuration information is scattered across other databases such as the registry, the domain name server, and specialized services such as the global catalog. 22

23 Chapter Summary eDirectory is network-centric The logical design of eDirectory is the directory tree The directory tree consists of eDirectory objects. Objects represent physical, logical, or organizational entities Objects have properties, which have data

24 Chapter Summary The directory tree consists of container objects and leaf objects. Container objects provide organizational structure for the directory tree. They can contain other container objects or leaf objects. Leaf object represent network resources, such as users and printers. They cannot contain other objects

25 Chapter Summary The location of an object in the directory tree is the object’s context. The directory database can be divided into partitions. The partitions can and should be copied to other servers to ensure fault tolerance. The copies are called replicas. There are five types of replicas: Master, Read/Write, Read- Only, Subordinate Reference, and Filtered. Advantages

26 eDirectory – Directory Service Questions Directory Services eDirectoryLDAP Active Directory