Directory services • Directory offline – Elenchi telefonici – Guide TV – Cataloghi acquisti • Directory online – Application specific (lotus notes, MS Exchange 5.5, …) – NOS based (Novell eDirectory, MS Active Directory, SUN nis, …) – Purpose specific (DNS, …) – General Purpose (Netscape Directory, OpenLDAP, …) Caratteristiche directory online • Dinamiche • Flessibili – Estensibili senza ripianificazione – Flessibilità organizzativa (ricerche flessibili) • Sicure (Access Control List, autenticazione) • Personalizzabili (profilazione utente) Directory vs Database • • • • • Rapporto R/W Distribuzione/replicazione Performance Standard di interoperabilità (SQL/LDAP) Transazioni (rollback) e Join Applicazioni delle directory • Ricerca informazioni • Gestione centralizzata oggetti e cfg • sicurezza LDAP • X.500 • LDAP = semplificazione DAP • LDAPv3 – – – – Internazionalizzazione UTF-8 Referrals Security (SASL/TLS) Estensibilità (controlli) 1 – Search operation 2 – Returned entry 3 – Result code LDAP Client LDAP Server A client issues multiple LDAP Search request simultaneously 1 – Search operation, msgid=1 2 – Search operation, msgid=2 3 – Returned entry, msgid=1 4 – Returned entry, msgid=2 5 – Result code, msgid=2 6 – Result code, msgid=1 LDAP Client LDAP Server Typical LDAP Exchange 1 – Open connection and bind 2 – Result of bind operation 3 – Search operation 4 – First entry returned 5 – Second entry returned 6 – Result of search operation 7 – Unbind operation 8 – Close connection LDAP Client LDAP Server 1 – Search for user Mario Rossi 2 – Entry for Mario Rossi returned Directory enabled email application LDAP Server 4 – Client sends outgoing message to recipient 3 – Client encryps outgoing message using certificate read from directory Messaging Server Modelli operativi di LDAP • • • • Information Model Naming Model Functional Model Security Model LDAP Information Model • Definizione dei tipi di dati • Oggetti e attributi • Schema LDAP Naming Model dc=example,dc=com ou=people cn=Mario Rossi LDAP Functional Model • Operazioni che possono essere effettuate – – – – Interrogazione Update Autenticazione e controllo Extended operations LDAP Security Model • • • • Binding Anonymous o DN+pwd Meccanismi SASL (autenticazione) StartTLS (cifratura + autenticazione) Ciclo di vita di un DS • Design • Deployment • Maintenance Design di un DS • • • • • • • Directory needs Data Schema Namespace Topology Replication Security Fase di Deployment di un DS • • • • • Choose directory software Piloting Analyzing cost User feedback Moving to production Fase di Maintenance di un DS • • • • • Backup e Disaster recovery Data maintenance Monitoring Troubleshooting Change requirements top person organizationalPerson inetOrgPerson Directory Distribuita dc=example,dc=com OU = HR OU = Acct OU = People Directory Distribuita DC=example,DC=com OU = People OU = HR OU = Acct Knowledge References dc=example,dc=com Immediate superior knowledge reference Subordinate references