The Directory consists of open systems that cooperate to maintain a logical database of real-world objects’ information. Users, both people and computer programs, can read or modify the information, subject to permission. Each user accesses the Directory through a Directory User Agent (DUA) or an LDAP client, each considered an application process (ITU-T X.500 document).
history
Directory service was integrated into the Open Systems Interconnect (ISO) initiative to establish a common network standard and facilitate multi-vendor interoperability. In the 1980s, the ITU and ISO developed the X.500 standards for directory services, primarily to meet the needs of inter-carrier electronic messaging and network-name lookup. The Lightweight Directory Access Protocol (LDAP) is derived from the X.500 directory-information services.
Why we need Directory Services
The necessity for Directory Service arises from the dynamic nature of networks, where objects join or leave without warning, leading to constant changes in connectivity and characteristics like addresses and availability. Objects in current network services are typically identified by numbers or symbols chosen for allocation or processing ease, not human use. Directory services also stem from the need to shield network users from frequent changes, achieved by introducing a ‘level of indirection’ between users and objects. This allows users to refer to objects by name rather than by address, with the Directory providing the essential mapping service.
Access to directory Courtesy – ISO/IEC 9594-1:2020 (E)
The Directory Information Base (DIB)
The information within the Directory constitutes the Directory Information Base (DIB), comprising entries, each detailing information about a single object through attributes, categorized by the object’s class. Entries are organized in a tree structure known as the Directory Information Tree (DIT), with vertices representing entries; higher entries typically represent broader entities like countries or organizations, while lower entries denote individuals or application processes. Each entry possesses a distinguished name, derived from the tree structure, ensuring uniqueness. Some entries serve as aliases, redirecting to object entries and offering alternative object names, while others are compound entries, aggregating member entries to represent parts of an object’s information. The Directory maintains the integrity of the DIB through enforced rules, known as the Directory schema, ensuring consistency despite modifications.
Structure of DIT and its attributes – curtesy – ISO/IEC 9594-1:2020 (E)
Hypothetical DIT curtesy – ISO/IEC 9594-1:2020 (E)
{C=GB, L=Winslow, O=Graphic Services, CN=Laser Printer} identifies the application entity, “Laser Printer”, which has in its distinguished name the geographical attribute of Locality. The residential person, John Jones, whose name is {C=GB, L=Winslow, CN=John Jones}, has the same geographical attribute in his distinguished name.
Directory Service
All services are provided by the Directory in response to requests from DUAs and/or LDAP clients. Following are the services listed under Directory interrogation and Directory modifications.
Directory interrogation
- Read (LDAP client does not support Read operation)
- Compare (like password compare)
- List (LDAP client does not support List operation)
- Search
- Abandon
Directory Modification
- Add Entry
- Modify Entry
- Remove Entry
Distributed Directory
A Directory System Agent (DSA) is an application process which is part of the Directory and whose role is to provide access to the DIB to DUAs, LDAP clients and/or other DSAs.
An LDAP server is an application process which is part of the Directory, that responds to requests via the LDAP protocol, and whose role is to provide access to the DIB to LDAP clients and/or LDAP requesters.
curtesy – ISO/IEC 9594-1:2020 (E)
summary
X.500 directory services, standardized by the International Telecommunication Union (ITU), offer a hierarchical and distributed approach to managing directory information within computer networks. At its core is the Directory Information Tree (DIT), resembling a tree structure where each node represents an object like a user or organization. Directory System Agents (DSAs) serve as servers, storing and managing directory data, while Directory User Agents (DUAs) act as clients, facilitating queries and updates. Communication between DSAs and DUAs occurs through the Directory Access Protocol (DAP). Key features include searchability based on attributes, authentication, authorization, and data replication across multiple servers for scalability and fault tolerance. While X.500 provides a robust solution for directory services, its adoption has been somewhat overshadowed by the Lightweight Directory Access Protocol (LDAP), a simplified version more commonly used in internet-based directory services due to its lightweight nature and broader support. Nonetheless, X.500 remains an essential standard in the realm of directory services, offering a comprehensive framework for managing and accessing directory information within computer networks.