IN THIS CHAPTER

Directory services play a central role in the current network operating systems' client-server architecture. They provide a name service, store information about objects on the network, and allow this information to be propagated to other servers and applications. There are many directory services in use today, and modern networks use them heavily.

The smallest fundamental unit in a directory service is the domain. A domain is a collection of systems that share the same security database. Domains can be of various types and contain elements such as organizational units, user and machine accounts, and other objects that can be addressed using a unique Distinguished Name.

Most modern directory services are based on the X.500 standard. The LDAP version of X.500 was created for TCP/IP networks and is used for most of the products that are available today. The different directory services and their characteristics will be described. Among the features presented are policy engines, replication and synchronization, single sign-on, namespaces, identity management, and role-based access control.

Microsoft Active Directory (AD) is the best known and most widely used directory service. AD was built to store objects of various kinds, and includes aspects of security properties. ...