1 / 26

CEG 2400 Fall 2012 eDirectory – Directory Service

Learn about Novell eDirectory's components, advantages, and distributed database system. Explore container and leaf objects, replication types, and dynamic rights inheritance.

dcueva
Download Presentation

CEG 2400 Fall 2012 eDirectory – Directory Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CEG 2400 Fall 2012 eDirectory – Directory Service

  2. Novell eDirectory Services • eDirectory • Formerly called Novell Directory Services (NDS) • Initially released in 1993 • eDirectory is an LDAP-compatible directory service and database that maintains information about all network resources

  3. Novell eDirectory Services • Benefits of eDirectory: • Single log in • A variety of administration tools • A secure, encrypted single login using RSA encryption • Because the directory database is distributed and replicated, eDirectory provides fault tolerance • eDirectory is scalable, it works well in small networks or global networks • eDirectory uses dynamic rights inheritance

  4. eDirectory Components • The eDirectory tree • A hierarchical structure for organizing information • The tree starts at a single point, called the root, and branches out from there • The tree is usually drawn inverted with the root at the top of the diagram

  5. eDirectory Components • An eDirectory object always represents some definable network element, either physical or logical, for which you can record data • The types of data collected in objects are called properties and the data itself is the property value (similar to x.500)

  6. eDirectory Components There are two general categories of eDirectory objects: container objects and leaf objects • Container objects hold other objects, whereas leaf objects are the ends of the tree branches • Container objects are used to organize network resources (represented by leaf objects)

  7. eDirectory Components • Container objects: • The Tree or [Root] object is always the first object in the directory tree, and there is only one and it has no properties and it cannot be modified or deleted • The optional Country object organizes the tree for businesses operating in more than one country • If the Country object is used, it must be used immediately after the Root object

  8. eDirectory Components • Container objects: • The Organization object provides the first level of organizational structure for the directory tree • eDirectory Trees must have at least one Organization object • There is usually only one Organization object in the directory tree, representing the company

  9. eDirectory Components • Container objects: • The Organizational Unit (OU) object subdivides the organizational structure of the directory tree • There is no requirement that an OU object be used, however, the OU object is useful for creating an organizational structure in directory trees (usually a lot of these)

  10. eDirectory Components • Leaf objects used in directory trees: • User related such as user or group • Server related such as servers or volumes • Printer related • General purpose related such as computers

  11. eDirectory Components • Each eDirectory object has a name that uniquely identifies it within the tree along with it’s context • The position or location of an object in the directory tree is called the object’s context • Context is specified as the path from the [Root] to the object, the context reads from left to right starting at the lowest level of the tree and working upward to the [Root]

  12. eDirectory Components • eDirectory object names (cont.) • An object’s complete name (the distinguished name) is the object name plus the object’s context (also there is a relative distinguished name) • A name specification that includes the object abbreviations (two letters preceding its name identifying type) is referred to as a typeful name (.cn=jsmith.ou=users.o=mycompany), names without object abbreviations are typeless (.jsmith.users.mycompany)

  13. eDirectory - a Replicated, Distributed Database • One of the main security concerns in the eDirectory environment is protecting theall-important directory database • Novell implements a distributed database, one that is stored in sections (or partitions) on different servers • Partitions start at an Organization or OU branch of the tree and include all leaf objects in that container plus any other elements in that branch

  14. eDirectory as a Replicated, Distributed Database • Distributed database (cont.) • A replica is a copy of a partition and is stored on Novell servers to ensure fault tolerance and provide faster access on a WAN • When an eDirectory object changes, a copy of the change is sent from the partition where the change was first recorded, to all other replicas of the partition - this is called replica synchronization

  15. eDirectory as a Replicated, Distributed Database • Distributed database (cont.) • The five types of replicas are: • Master • Read/Write • Read-Only • Subordinate Reference • Filtered

  16. eDirectory • Advantages • Uses dynamic rights inheritance, which allows both global and specific access controls • Access rights to objects in the tree are determined at the time of the request and are determined by the rights assigned to the objects by virtue of their location in the tree, any security equivalences, and individual assignments • Can log into any server in the tree

  17. eDirectory • Advantages • The software supports partitioning at any point in the tree, as well as replication of any partition to any number of servers • Replication between servers occurs periodically using deltas of the objects • Runs on most NOS platforms • Windows • Some forms of Linux/Unix

  18. eDirectory • Advantages • Netware integrated all functions into eDirectory. Even file system information is stored in the directory as volume objects. • Active Directory is fairly simple by comparison, typically storing only user and machine objects in their directory. Other Windows network configuration information is scattered across other databases such as the registry, the domain name server, and specialized services such as the globalcatalog.

  19. Chapter Summary • eDirectory is network-centric • The logical design of eDirectory is the directory tree • The directory tree consists of eDirectory objects. • Objects represent physical, logical, or organizational entities • Objects have properties, which have data

  20. Chapter Summary • The directory tree consists of container objects and leaf objects. • Container objects provide organizational structure for the directory tree. They can contain other container objects or leaf objects. • Leaf object represent network resources, such as users and printers. They cannot contain other objects

  21. Chapter Summary • The location of an object in the directory tree is the object’s context. • The directory database can be divided into partitions. • The partitions can and should be copied to other servers to ensure fault tolerance. • The copies are called replicas. There are five types of replicas: Master, Read/Write, Read-Only, Subordinate Reference, and Filtered. • Advantages

  22. eDirectory – Directory Service Questions

More Related