EEC-681/781 Distributed Computing Systems Lecture 9 Wenbing Zhao Cleveland State University
2 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Outline Naming and naming resolution X.500 and LDAP Final due date for project proposal –This Wendesday 11/8 mid-night –You will lose all the credit for the project if you miss this deadline Modified due date for project progress report –11/20 Monday mid-night –No extension!
3 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Naming Names play a very important role in distributed systems. They are used –To share resources –To uniquely identify entities –To refer to locations Identifier: A name having the following properties: –P1 Each identifier refers to at most one entity –P2 Each entity is referred to by at most one identifier –P3 An identifier always refers to the same entity (prohibits reusing an identifier)
4 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Naming Name resolution: allow a process to access the named entity –To operate on an entity, we need to access it at an access point –Access points are entities that are named by means of an address –A location-independent name for an entity E, is independent from the addresses of the access points offered by E In a distributed system, the implementation of a naming system is itself distributed across multiple machines
5 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Name Spaces Names in a distributed system are organized into a name space Name spaces offer a convenient mechanism for storing and retrieving information about entities by means of names
6 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Name Spaces A name space can be represented as a labeled, directed graph with two types of nodes. Each node is considered an entity and associated with an identifier –A leaf node represents a (named) entity –A directory node is an entity that refers to other nodes. A directory node contains a (directory) table of (edge label, node identifier) pairs
7 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Name Spaces Root node: node has only outgoing and no incoming edges Path name: a path in a naming graph N: –N: first node in the path –Absolute path name: if N is root, e.g., n0: –Relative path name: if N is not root
8 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Name Spaces Attributes in a node describe aspects of the entity the node represents: – Type of the entity – An identifier for that entity – Address of the entity’s location – Nicknames –... Directory nodes can also have attributes, besides just storing a directory table with (edge label, node identifier) pairs
9 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Name Resolution Name resolution: the process of looking up a name –A name lookup returns the identifier of a node from where the name resolution process continues Example: Resolve the path name N: –Resolution starts at node N, looks up label-1 in directory table, returns the identifier node to which label-1 refers –Resolution continues at the identified node by looking up the name label-2 in its directory table, and so on –Resolution stops when the node referred to by label-n is found, and the content of that node is returned
10 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Merging Name Spaces Method 1: Pathnames of different name spaces are concatenated (URLs) ftpName of protocol used to talk with server ://Name space delimiter of a node representing an FTP server /Name space delimiter pub/steen/Name of a node in the name space rooted at the context node mapped to the FTP server
11 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Merging Name Spaces Method 2: Introduce nodes that contain the name of a node in a “foreign” name space, along with the information how to select the initial context in that foreign name space Mount point: (Directory) node in naming graph that refers to other naming graph Mounting point: (Directory) node in other naming graph that is referred to.
12 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Merging Name Spaces Method 3: Use only full pathnames, in which the starting context is explicitly identified, and merge by adding a new root node
13 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Implementation of Name Space Name space distribution Implementation of name resolution –Iterative resolution –Recursive resolution
14 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Name Space Distribution Distributing nodes of the naming graph across multiple machines –Distribute the name resolution process, and –Distribute name space management A hierarchical naming graph: –Global level: high-level directory nodes. These directory nodes have to be jointly managed by different administrations –Administrational level: Mid-level directory nodes. Each group can be assigned to a separate admin. –Managerial level: Low-level directory nodes within a single administration
15 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Name Space Distribution An example partitioning of the DNS name space, including Internet-accessible files, into three layers
16 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Implementation of Name Resolution Each client has access to a local name resolver, which is responsible for ensuring that the name resolution process is carried out Two types of name resolution –Iterative name resolution –Recursive name resolution
17 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Iterative Name Resolution
18 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Recursive Name Resolution
19 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Recursive Name Resolution Recursive name resolution of. Name servers cache intermediate results for subsequent lookups Server for node Should resolve Looks up Passes to child Receives and caches Returns to requester cs # -- # vu # # # # nl # # # # # # root # # # # # # # #
20 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Iterative vs. Recursive Name Resolution
21 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Directory Service Directory service: a special kind of naming service in which a client can look for an entity based on a description of properties instead of a full name –Similar to yellow pages –X.500: OSI directory service
22 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao The X.500 Name Space AttributeAbbr.Value CountryCNL LocalityLAmsterdam OrganizationOVrije Universiteit OrganizationalUnitOUMath. & Comp. Sc. CommonNameCNMain server Mail_Servers , , FTP_Server WWW_Server
23 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao X.500 Terminologies Distinguished name (DN): the name that (globally) uniquely identifies an entry in the directory A DN is made up of attribute=value pairs, separated by commas, for example: –cn=Ben Gray,ou=editing,o=New York Times,c=US –cn=Lucille White,ou=editing,o=New York Times,c=US –cn=Tom Brown,ou=reporting,o=New York Times,c=US
24 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao X.500 Terminologies Relative Distinguished Name (RDN): uniquely identifies the object within its parent container –For example, the RDN of a computer named my computer is CN=mycomputer –For example, users cannot have the same name within an organizational unit Directory Information Base (DIB): collection of all directory entries
25 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Directory Information Tree Part of the directory information tree –Listing RDNs in sequence –Support two lookup operations Read List DN for host star: C=NL/O=VU/OU=MCS/CN=MS/Host_Name=star (Microsoft Active Directory style) Host_Name=start, CN=MS, OU=MCS, O=VU, C=NL (LDAP style)
26 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao X.500 Implementation Directory Service Agents (DSAs) Directory User Agents (DUAs) Searching in a directory service is in general an expensive operation Lightweight Directory Access Protocol (LDAP) –Easier to use than OSI X.500 –An application-level protocol implemented on top of TCP => LDAP is a connection-oriented protocol
27 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao LDAP Understanding and Deploying LDAP Directory Services, Second Edition By Timothy A. Howes - Ph.D., Mark C. Smith, Gordon S. GoodTimothy A. Howes - Ph.D.Mark C. Smith Gordon S. Good Publisher: Addison Wesley Professional Pub Date: April 28,
28 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao LDAP Operations Bind: to start a connection with the LDAP server –The client specifies the protocol version and the client authentication information Unbind: to terminate the connection with the LDAP server Search: Used to search the directory –The client specifies the starting point (base object) of the search, the search scope (either the object only, its children, or the subtree rooted at the object), and a search filter –The search results consist of LDAP entries (and the attributes requested) that satisfy the filter
29 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao LDAP Operations Modify: to modify an existing entry –The client specifies the name of the entry to be modified and a list of modifications –Each modification consists of an attribute and information regarding whether its values are to be added, deleted, or replaced Add: to add a new entry –The client specifies the name of the new entry and a set of attributes for the new entry Delete: to remove an existing entry –The client specifies the name of the entry to remove
30 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao LDAP Operations Modify RDN: to change the RDN of the last component of an existing entry (that is, to assign the entry a new name in the same context) –The client specifies the DN for the entry and the new RDN Compare: to test whether an entry has an attribute/value pair –The client specifies the name of the entry and the name and value to check Abandon: to terminate an outstanding request
31 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao LDAP Schema The LDAP v3 defines a schema (RFC 2252 and RFC 2256) based on the X.500 standard for common objects found in a network, such as countries, localities, organizations, users/persons, groups, and devicesRFC 2252RFC 2256 A directory schema specifies the types of objects that a directory may have and the mandatory and optional attributes of each object type Before a directory server stores a new or modified entry, it checks the entry's contents against the schema rules Whenever directory clients or servers compare two attribute values, they consult the schema to determine what comparison algorithm to use
32 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao LDAP Schema A LDAP schema consists of attribute types, attribute syntaxes, matching rules, and object classes Attribute types (or simply attributes) hold specific data elements such as a name, business phone number Attribute syntaxes specify exactly how data values are represented –Binary, DN, PrintableString, etc. Matching rules specify the rules to compare the values of different attribute types –CaseExactMatch, caseIgnoreMatch, booleanMatch, etc. Object classes are used to group related information –An object class models a real-world object such as a person, printer –Each directory entry belongs to one or more object classes Attribute types, attribute syntaxes and object classes all require unique object identifiers (OID)
33 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao LDAP Schema
34 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao LDAP Schema Example LDAPv3 Object Class Schema format –( OCOID NAME OCNAME [ DESC OCDESC ] [ OBSOLETE ] [ SUP SUPOID ] [ OCKIND ] [ MUST REQATSET ] [ MAY ALLOWATSET ] ) The Standard person Object Class in LDAPv3 Format –( NAME 'person' DESC 'Standard Person Object Class' SUP 'top' STRUCTURAL MUST ( objectclass $ sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) )
35 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Java Naming and Directory Interface (JNDI) JNDI is an application programming interface (API) that provides naming and directory functionality to applications written using the Java programming language It is defined to be independent of any specific directory service implementation
36 Fall Semester 2006EEC-681: Distributed Computing SystemsWenbing Zhao Java Naming and Directory Interface