Editing Directory service

{{Short description|Service that maps the names of network resources to their respective network addresses}}
In [[computing]], a '''directory service''' or '''name service''' maps the names of network resources to their respective [[network address]]es. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a [[network operating system]]. A '''directory server''' or [[name server]] is a [[Server (computing)|server]] which provides such a service. Each resource on the network is considered an [[Object (computer science)|object]] by the directory server. Information about a particular resource is stored as a collection of [[Attribute (computing)|attributes]] associated with that resource or object.

A directory service defines a [[namespace]] for the network. The namespace is used to assign a ''name'' (unique identifier) to each of the objects. Directories typically have a set of rules determining how network resources are named and identified, which usually includes a requirement that the identifiers be [[Unique identifier|unique]] and [[unambiguous]]. When using a directory service, a user does not have to remember the physical address of a network resource; providing a name locates the resource. Some directory services include [[access control]] provisions, limiting the availability of directory information to [[Authorization|authorized users]].

== Comparison with relational databases ==
Several things distinguish a directory service from a [[relational database]]. Data can be made redundant if it aids performance (e.g. by repeating values through rows in a table instead of relating them to the contents of a different table through a key, which technique is called [[denormalization]]; another technique could be the utilization of [[Database replication|replicas]] for increasing actual throughput).<ref>{{Cite web |title=When and How You Should Denormalize a Relational Database |url=https://rubygarage.org/blog/database-denormalization-with-examples |access-date=2023-04-30 |website=rubygarage.org |language=en-US}}</ref>

Directory schemas are object classes, attributes, name bindings and knowledge (namespaces) where an object class has:
* ''Must'' - attributes that each instances must have
* ''May'' - attributes which can be defined for an instance but can be omitted, with the absence similar to NULL in a relational database

Attributes are sometimes multi-valued, allowing multiple naming attributes at one level (such as machine type and serial number [[concatenation]], or multiple phone numbers for "work phone"). Attributes and object classes are usually standardized throughout the industry; for example, [[X.500]] attributes and classes are often formally registered with the [[Internet Assigned Numbers Authority|IANA]] for their object ID.{{citation needed|date=June 2019}} Therefore, directory applications try to reuse standard classes and attributes to maximize the benefit of existing directory-server software.

Object instances are slotted into namespaces; each object class [[Inheritance (object-oriented programming)|inherits]] from its parent object class (and ultimately from the root of the [[hierarchy]]), adding attributes to the must-may list. Directory services are often central to the [[Computer security|security]] design of an IT system and have a correspondingly-fine granularity of access control.

== Replication and distribution ==
[[Replication (computing)|Replication]] and distribution have distinct meanings in the design and management of a directory service. Replication is used to indicate that the same directory namespace (the same objects) are copied to another directory server for redundancy and throughput reasons; the replicated namespace is governed by the same authority. Distribution is used to indicate that multiple directory servers in different namespaces are interconnected to form a distributed directory service; each namespace can be governed by a different authority.

== {{anchor|Implementations of directory services}}Implementations ==
Directory services were part of an [[Open Systems Interconnection]] (OSI) initiative for common network standards and multi-vendor interoperability. During the 1980s, the [[International Telecommunication Union|ITU]] and [[International Organization for Standardization|ISO]] created the [[X.500|X.500 set of standards]] for directory services, initially to support the requirements of inter-carrier electronic messaging and network-name lookup. The [[Lightweight Directory Access Protocol]] (LDAP) is based on the X.500 directory-information services, using the [[Internet protocol suite|TCP/IP stack]] and an X.500 [[Directory Access Protocol]] (DAP) string-encoding scheme on the [[Internet]].

Systems developed before the X.500 include:
* ''[[Domain Name System]] (DNS):'' The first directory service on the Internet,<ref>{{cite web|url=https://www.ietf.org/rfc/rfc1034.txt |title=RFC1034 |publisher=IETF.org |date=1978-11-01 |access-date=2018-02-13}}</ref> still in use
* ''[[Hesiod (name service)|Hesiod]]:'' Based on DNS and used at MIT's [[Project Athena]]
* ''[[Network Information Service]] (NIS):'' Originally [[Yellow Pages (computing)|Yellow Pages]] (YP) [[Sun Microsystems]]' implementation of a directory service for [[Unix]] network environments. It played a role similar to Hesiod.
* ''[[NetInfo]]:'' Developed by NeXT during the late 1980s for [[NEXTSTEP]]. After its acquisition by Apple, it was released as open source and was the directory service for [[Mac OS X]] before it was deprecated for the LDAP-based Open Directory. Support for NetInfo was removed with the release of 10.5 Leopard.
* ''[[Banyan VINES]]:'' First [[Scalability|scalable]] directory service
* ''[[Windows domain|NT Domain]]s:'' Developed by Microsoft to provide directory services for Windows machines before the release of the LDAP-based Active Directory in Windows 2000. Windows Vista continues to support NT Domains after relaxing its minimum authentication protocols.

=== LDAP implementations ===
LDAP/X.500-based implementations include:
* [[389 Directory Server]]: Free Open Source server implementation by [[Red Hat]], with commercial support by Red Hat and [[SUSE S.A.|SUSE]].
* [[Active Directory]]: [[Microsoft]]'s directory service for [[Windows]], originating from the X.500 directory, created for use in [[Microsoft Exchange Server|Exchange Server]], first shipped with [[Windows 2000 Server]] and supported by successive versions of Windows
* [[Apache Directory Server]]: Directory service, written in Java, supporting LDAP, Kerberos 5 and the Change Password Protocol; LDAPv3 certified
* [[Apple Open Directory]]: [[Apple Inc.|Apple]]'s directory server for [[macOS|Mac OS X]], available through [[macOS Server|Mac OS X Server]]
* [[NetIQ eDirectory|eDirectory: NetIQ's]] implementation of directory services supports multiple architectures, including [[Microsoft Windows|Windows]], [[NetWare]], [[Linux]] and several flavours of [[Unix]] and is used for user administration and configuration and software management; previously known as Novell Directory Services.
* [[Red Hat Directory Server]]: [[Red Hat]] released Red Hat Directory Server, acquired from AOL's Netscape Security Solutions unit,<ref>{{cite web |url=http://www.informationweek.com/story/showArticle.jhtml?articleID=48800390 |title=Red Hat Spending $23 Million For Ex-Netscape Security Solutions Business |access-date=2018-04-22}}</ref> as a commercial product running on top of [[Red Hat Enterprise Linux]] as the community-supported [[389 Directory Server]] project. Upstream open source project is called [[FreeIPA]].
* [[Oracle Internet Directory]]: (OID) is [[Oracle Corporation]]'s directory service, compatible with LDAP version 3.
* [[Sun Java System Directory Server]]: [[Sun Microsystems]]' directory service<ref>{{cite web|url=http://www.sun.com/software/products/directory_srvr_ee/ |title=Oracle and Sun |publisher=Sun.com |date=2010-09-07 |access-date=2012-01-09}}</ref>
* [[OpenDS]]: [[Open-source model|Open-source]] directory service in Java, backed by [[Sun Microsystems]]<ref>{{cite web |url=http://opends.dev.java.net/ |title=Java.net |publisher=Opends.dev.java.net |access-date=2012-01-09 |url-status=dead |archive-url=https://web.archive.org/web/20070704054648/https://opends.dev.java.net/ |archive-date=2007-07-04 }}</ref>
* [[Oracle Unified Directory]]: (OUD) is [[Oracle Corporation]]'s next-generation unified directory solution. It integrates storage, synchronization, and proxy functionalities.
* Windows [[NT Directory Service]]s (NTDS), later renamed [[Active Directory]], replaced the former NT Domain system.
* [[Critical Path, Inc.|Critical Path Directory Server]]
* [[OpenLDAP]]: Derived from the original University of Michigan LDAP implementation (like Netscape, Red Hat, Fedora and Sun JSDS implementations), it supports all computer architectures (including Unix and Unix derivatives, Linux, Windows, z/OS and a number of embedded-realtime systems).
* [[Lotus Domino]]
* [[Nexor]] Directory
* [[OpenDJ]] - a [[Java (programming language)|Java]]-based LDAP server and directory client that runs in any operating environment, under license [[Common Development and Distribution License|CDDL]]. Developed by [[ForgeRock]], until 2016,<ref name=":1">{{cite web | title=ForgeRock has shuttered the open-source community, and no longer allows new development on their platform under a permissive license | website=timeforafork | date=June 1, 2017 | url=http://www.timeforafork.com/ | ref={{sfnref | ForgeRock | 2017}} | access-date=June 1, 2017 | archive-date=October 3, 2017 | archive-url=https://web.archive.org/web/20171003142102/http://www.timeforafork.com/ | url-status=dead }}</ref> now maintained by [https://github.com/OpenIdentityPlatform/OpenDJ OpenDJ] Community

Open-source tools to create directory services include OpenLDAP, the [[Kerberos (protocol)|Kerberos protocol]] and [[Samba software]], which can function as a Windows [[domain controller]] with Kerberos and LDAP [[Front and back ends|back ends]]. Administration is by GOsa or Samba SWAT.

== Using name services ==

=== Unix systems ===
Name services on Unix systems are typically configured through [[nsswitch.conf]]. Information from name services can be retrieved with [[getent]].

== See also ==
* [[Access control list]]
* [[Directory Services Markup Language]]
* [[Hierarchical database model]]
* [[LDAP Data Interchange Format]]
* [[Metadirectory]]
* [[Service delivery platform]]
* [[Virtual directory]]

== References ==
=== Citations ===
{{Reflist}}

=== Sources ===
{{Refbegin}}
* {{cite book |last = Carter |first = Gerald |title = LDAP System Administration |url = https://archive.org/details/ldapsystemadmini00cart |url-access = registration |year = 2003 |publisher = [[O'Reilly Media]] |ISBN = 978-1-56592-491-8 }}
{{Refend}}

{{Authority control}}

[[Category:Computer access control]]
[[Category:Computer access control protocols]]
[[Category:Directory services| ]]
[[Category:Domain Name System]]