1

CEG 2400 Fall 2012 eDirectory – Directory Service

2

• eDirectory– Formerly called Novell Directory Services

(NDS)– Initially released in 1993– eDirectory is an LDAP-compatible directory

service and database that maintains information about all network resources

Novell eDirectory Services

3

4

• Benefits of eDirectory:1. Single log in2. A variety of administration tools3. A secure, encrypted single login using RSA

encryption 4. Because the directory database is distributed and

replicated, eDirectory provides fault tolerance5. eDirectory is scalable, it works well in small

networks or global networks6. eDirectory uses dynamic rights inheritance

Novell eDirectory Services

5

• The eDirectory tree– A hierarchical structure for organizing

information– The tree starts at a single point, called the

root, and branches out from there– The tree is usually drawn inverted with the

root at the top of the diagram

eDirectory Components

6

7

• An eDirectory object always represents some definable network element, either physical or logical, for which you can record data– The types of data collected in objects are

called properties and the data itself is the property value (similar to x.500)

eDirectory Components

8

There are two general categories of eDirectory objects: container objects and leaf objects– Container objects hold other objects, whereas

leaf objects are the ends of the tree branches– Container objects are used to organize

network resources (represented by leaf objects)

eDirectory Components

9

10

• Container objects:– The Tree or [Root] object is always the first

object in the directory tree, and there is only one and it has no properties and it cannot be modified or deleted

– The optional Country object organizes the tree for businesses operating in more than one country

– If the Country object is used, it must be used immediately after the Root object

eDirectory Components

11

• Container objects:– The Organization object provides the first

level of organizational structure for the directory tree

– eDirectory Trees must have at least one Organization object

– There is usually only one Organization object in the directory tree, representing the company

eDirectory Components

12

• Container objects:– The Organizational Unit (OU) object

subdivides the organizational structure of the directory tree

– There is no requirement that an OU object be used, however, the OU object is useful for creating an organizational structure in directory trees (usually a lot of these)

eDirectory Components

13

• Leaf objects used in directory trees:– User related such as user or group– Server related such as servers or volumes– Printer related– General purpose related such as computers

eDirectory Components

14

• Each eDirectory object has a name that uniquely identifies it within the tree along with it’s context– The position or location of an object in the

directory tree is called the object’s context– Context is specified as the path from the

[Root] to the object, the context reads from left to right starting at the lowest level of the tree and working upward to the [Root]

eDirectory Components

15

• eDirectory object names (cont.) – An object’s complete name (the distinguished

name) is the object name plus the object’s context (also there is a relative distinguished name)

– A name specification that includes the object abbreviations (two letters preceding its name identifying type) is referred to as a typeful name (.cn=jsmith.ou=users.o=mycompany), names without object abbreviations are typeless (.jsmith.users.mycompany)

eDirectory Components

16

17

• One of the main security concerns in the eDirectory environment is protecting theall-important directory database– Novell implements a distributed database, one

that is stored in sections (or partitions) on different servers

– Partitions start at an Organization or OU branch of the tree and include all leaf objects in that container plus any other elements in that branch

eDirectory - a Replicated, Distributed Database

18

• Distributed database (cont.)– A replica is a copy of a partition and is stored

on Novell servers to ensure fault tolerance and provide faster access on a WAN

– When an eDirectory object changes, a copy of the change is sent from the partition where the change was first recorded, to all other replicas of the partition - this is called replica synchronization

eDirectory as a Replicated, Distributed Database

19

• Distributed database (cont.)– The five types of replicas are: 1. Master2. Read/Write3. Read-Only4. Subordinate Reference5. Filtered

eDirectory as a Replicated, Distributed Database

eDirectory

• Advantages– Uses dynamic rights inheritance, which allows

both global and specific access controls– Access rights to objects in the tree are

determined at the time of the request and are determined by the rights assigned to the objects by virtue of their location in the tree, any security equivalences, and individual assignments

– Can log into any server in the tree

20

eDirectory

• Advantages– The software supports partitioning at any

point in the tree, as well as replication of any partition to any number of servers

– Replication between servers occurs periodically using deltas of the objects

– Runs on most NOS platforms• Windows• Some forms of Linux/Unix

21

eDirectory• Advantages

– Netware integrated all functions into eDirectory. Even file system information is stored in the directory as volume objects.

– Active Directory is fairly simple by comparison, typically storing only user and machine objects in their directory. Other Windows network configuration information is scattered across other databases such as the registry, the domain name server, and specialized services such as the global catalog.

22

23

Chapter Summary

• eDirectory is network-centric• The logical design of eDirectory is the

directory tree• The directory tree consists of eDirectory

objects. • Objects represent physical, logical, or

organizational entities• Objects have properties, which have data

24

Chapter Summary

• The directory tree consists of container objects and leaf objects.

• Container objects provide organizational structure for the directory tree. They can contain other container objects or leaf objects.

• Leaf object represent network resources, such as users and printers. They cannot contain other objects

25

Chapter Summary• The location of an object in the directory tree is the

object’s context.• The directory database can be divided into partitions. • The partitions can and should be copied to other

servers to ensure fault tolerance.• The copies are called replicas. There are five types

of replicas: Master, Read/Write, Read-Only, Subordinate Reference, and Filtered.

• Advantages

26

eDirectory – Directory Service

Questions