Download presentation
Presentation is loading. Please wait.
Published byColleen Barnett Modified over 9 years ago
1
Directory Services CS5493/7493
2
Directory Services Directory services represent a technological breakthrough by integrating into a single management tool: –Authentication –Access control –Accounting
3
Directory Services A directory service organizes data into objects. The directory holds the objects. The directory service provides the tools for accessing and modifying the objects.
4
Directory Service Objects These objects consist of a name and a group of attributes associated with the name. The object name is formally known as the object’s “Distinguished Name” An object can be a service, hardware, or user.
5
Directory Service Examples A phonebook – entries in the phonebook are indexed by name. The name has a phone number and address associated with the name. DNS – maps human readable names of network resources to their respective (binary) numeric network address.
6
Software Engineered D.S. A software engineered directory service stores, organizes, and provides access to electronic information in a directory. DNS was the first Internet directory service.
7
X.500 A standard model for general-purpose directory services was developed in the late 1980’s. The X.500 standard emerged from this effort in 1988. A series of supplementary editions and refinements to X.500 followed.
8
X.500 Refinements Shadowing (copying) directory information Access controls Additional administrative capabilities Contexts – define actions for an object according to the context of the objects use. Additional security features
9
X.500 Concept There is a single directory information tree (DIT) The DIT is a hierarchical organization of objects distributed across one or more servers. Provides the protocol for querying and updating objects in the DIT.
10
X.500 Legacy The general framework of X.500 has been adopted in more popular (widely adapted) directory services like: –LDAP, lightweight directory access protocol. OpenLDAP is available for Linux. –MicroSoft Active Directory
11
LDAP Defines a simple protocol that will manage directory objects: –Search and retrieve –Add –Modify –Delete –Rename LDAP uses a client-server model.
12
LDAP Model LDAP uses a client-server model. The LDAP protocol uses TCP/IP
13
LDAP Protocol The LDAP client establishes a connection to an LDAP server. The LDAP protocol usually uses port 389. The client must authenticate itself to the server by supplying a distinguished name and password. The LDAP server can restrict access to directory objects by managing permissions (access control)
14
MS Active Directory A collection of services for managing resources in a computer network (LAN, MAN, CAN, or WAN).
15
The AD Collection of Services AD Lightweight Directory Service AD Federation Service AD Certificate Service AD Rights Management Service AD Domain Service
16
AD Lightweight Directory Service A lightweight version of AD based on LDAP.
17
AD Federation Service A single sign-on service allowing a user to access services in different network environments using AD-FS. The different network environments can be different companies running AD-FS.
18
AD Certificate Service Issues public key certificates used for such things as authentication with smart cards; or encrypting data transmitted over a network. This service can renew or revoke certificates.
19
AD Rights Management Service Goes beyond access control. AD-RMS manages (controls) what users can do with data once they have accessed the data. –Can prevent files from being copied (this includes disabling cut and paste. –Prevent saving or forwarding e-mail messages.
20
AD Domain Services The traditional features of AD from previous versions.
21
Active Directory Summary A hierarchical framework of data objects. AD objects are categorized as –Resources: computers, printers, etc. –Services like e-mail –Users and groups of users –Any real component and its attributes
22
Active Directory Summary A logical structure = grouping objects together based on criteria other than physical location. A physical structure = grouping objects together based on a physical topology (all the users, equipment, and services located in a particular office building).
23
Active Directory Summary Acts as the central point for managing object security Individual user policies can be defined Group policies can be defined Auditing features: –Monitoring object usage –Create reports on object usage –Notify personnel of object usage
24
Active Directory Summary Objects are organized into containers called Organizational Units (OU). Organizational Units belong to a domain. A domain is an administrative boundary. All the objects in a domain operate with the same security policy.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.