Main Page | See live article | Alphabetical index

Directory service

A Directory service organizes content in a directory server into a logical and accessible structure. It provides a single, consistent database in which to store information about the network and all network-based resources - users, servers, files, printers, shares, etc. It acts as a central authority that can securely authenticate resources and manage identities and relationships between them.

Directory services were part of an Open Systems Interconnect (OSI) initiative to get everyone in the industry to agree to common network standards to provide multi-vendor interoperability. In the 1980s they came up with a set of standards - X.500, for directory services. The lightweight protocol access protocol, LDAP, is based on the services of X.500 is based on the TCP/IP stack and has therefore become more relevant.

What distinguishes a directory server from a relational database is that in a directory, the information is generally read more often than it is written. Hence the usual database features of transactions and rollback are not implemented in a directory. Data may be made redundant, but the objective is to get a faster response time during searches.

A directory service basically maps the names of network resources to their respective network addresses. Similar to a domain name service, the user doesn't have to remember the physical address of a network resource; providing a name helps locate the resource. Each resource on the network is considered as an object on the directory server. Information about a particular resource is stored as attributes of that object. Information within objects can be made secure so that only users with the available permissions are able to access it.

A directory service defines the namespace for the network. A namespace is a set of rules that determine how network resources are named and identified. The rules specify that the names be unique and unambiguous. In LDAP, such a name, called as distinguished name (DN) is used to refer to a collection of attributes which make up a directory entry.

Novell's implementation of directory services NDS is the best breed of this technology; it supports multiple architectures among them Windows, Netware, several flavours of Unix, AS/400 and Linux and has long been used for user administration, configuration management, software management. It has superior scalability.

Microsoft's version of its directory service is the Active Directory which is included in the Windows 2000 and Windows 2003 operating system versions.